In a bid to improve India’s cybersecurity and cryptography infrastructure, the Computer Emergency Response Team India (CERT-In) has mandated all virtual private network (VPN) providers and exchanges cryptographic to retain customer data records for up to five years. The rules will come into force in June 2022.
According to CERT-In, which falls under the Ministry of Electronics and Information Technology, it requires these details to “ensure the cybersecurity of citizens’ payments and financial markets”. The intent here is to balance customer data protection and economic freedom in the wake of virtual assets like cryptos gaining traction.
Rise of Crypto Scams in India
A report by Chainalysis suggests that Indian users have visited crypto scam websites like coinpayu.com, coingain.app and over 9.6 million times. Even on a global scale, these scams have taken the lion’s share of all cryptocurrency crime, as they have seen investors around the world lose an estimated $7.7 billion worth of crypto. And that was only in 2021.
To put the skyrocketing number of these scams into perspective, there were approximately 3,300 active and operational frauds lurking around the world at any one time in 2021. In 2020, that number was 2,052.
In fact, the Law Enforcement Directorate (ED) of India is currently investigating seven cases, where crypto has been deployed for money laundering purposes. The cumulative proceeds of these crimes amount to approximately Rs 135 crore, according to a response to Lok Sabha by MoS Finance Pankaj Chaudhary.
And ED isn’t the only government organization fighting this. Recently, the Narcotics Control Bureau (NCB) and the Central Excise and Customs Board also uncovered illicit crypto payments worth Rs 2.2 crore in about 11 cases associated with drug trafficking.
CERT-In, in its detailed data collection terms of reference, requested a full set of information for customer verification and identification. This includes the nature of the IP addresses, the identifier and the amount of the transaction, the public keys or addresses concerned and the contact details of the persons subject to the transaction.
Failure to follow these instructions may result in imprisonment for up to one year, a fine of up to approximately Rs 1,00,000 or both under Section 70B of the Computers Act 2000 .
From June 2022, crypto service providers will also be required to report any cybersecurity incident to CERT-In within six hours of its occurrence. Current laws do not stipulate a time limit for this reporting.
Many industry experts consider this stage of CERT-In to be positive and progressive. Vikram Subburaj, CEO of Giottos Crypto Exchange, says, “We welcome all such mandates which will keep our ecosystem healthy. It is encouraging to see the government gradually bringing clarity to the crypto world.
“With the ASCI guidelines for crypto advertisements, the finance minister announcing a new tax regime and now the KYC mandate, steps are being taken to treat crypto assets on regulatory par with the country’s stocks” , he adds.
It should be noted that these guidelines only apply to exchanges that hold custody of crypto wallets on behalf of their users. In such cases, a third party is in charge of managing your private keys and funds.
Vijay Pravin, CEO and Founder of BitsCrunch, also calls it a welcome move. “The new measure will ensure that all crypto exchanges follow a uniform KYC process. A mandate to share details with government agencies and regulators for verification purposes can establish a reliable global platform. »
“Real-time, all decentralized crypto exchanges are designed to allow users to remain anonymous and keep information private from any sort of regulatory authority, including the crypto exchanges themselves. Therefore, this mandate ensures compliance, user security, and a more authentic way to onboard potential crypto enthusiasts,” he concluded.
Storage costs are a concern
However, the resulting high storage costs for building a secure infrastructure to hold all this data remains a major concern.
“The mandate to store user KYC and transaction data in crypto space is to protect customers, identify and prevent money laundering/illicit transactions. This translates into a significant compliance burden for crypto wallets, exchanges and other intermediaries who would now have to store vast amounts of data for a period of five years in a highly secure and compliant infrastructure,” says Megha Nambiar, Senior Legal Counsel , HyperVerge,
But some organizations like GuardianLink are already ahead of the data collection and compliance curve. These guidelines only complement their existing commitment to building trust between customers and cryptocurrency.
“Even though the government did not ask us, we have already started this process. We have already undertaken to achieve this objective, anticipating the government’s decision. We now plan to work with the government as best we can to bring acceptability and legality for our community,” said Kameshwaran Elangovan, co-founder and CEO of GuardianLink.
Read all the latest IPL 2022 news, breaking news and live updates here.
We would like to thank the author of this article for this amazing material
Crypto Exchanges Are Now Required To Store KYC Data For 5 Years. Is It A Yes Or A No From The Industry? – Tech Tribune France
Our social media pages here and other related pages herehttps://metfabtech.com/related-pages/