How to Register with FIU-IND: Documents, Principal Officer, and the 2-6 Week Timeline

The FIU-IND registration process is a document-heavy, compliance-audited pathway that rewards preparation and punishes short-cuts. Once an entity has identified that its activities fall within the five categories designated under the Ministry of Finance notification of 7 March 2023 — as the first article in this series explained — the practical question becomes how to actually secure reporting-entity status. The process has been refined over three successive circulars since October 2023, and the current procedural framework rests on the second revised circular notified on 20 January 2025 and the AML/CFT Guidelines dated 8 January 2026. This article walks through the documentation, the Principal Officer and Designated Director roles, the FINgate portal submission, the mandatory in-person meeting, and the most common reasons applications are sent back for revision.

Key Takeaways

• The FIU-IND registration process is not a form-filling exercise — the entity must already be PMLA-compliant, with a Principal Officer appointed, AML policies documented, and technology systems operational, before applying.
• The documentation package spans incorporation records, three years of MCA filings, GST and income tax returns, beneficial-ownership disclosures, TDS returns on VDA transactions, and self-declarations regarding pending proceedings.
• A Designated Director (under PMLA) and a Principal Officer (for AML reporting) are mandatory appointments — both carry personal compliance liability and both must be notified to FIU-IND through the FINgate portal.
• An in-person meeting with FIU-IND officials is mandatory; it increasingly requires live demonstration of KYC, sanctions screening, transaction monitoring, blockchain analytics, and FATF Travel Rule systems.
• Typical approval timelines range from two to six weeks, but only where the application is complete on first submission; document deficiencies and policy gaps extend the timeline materially.
• Registration after a period of non-compliance does not extinguish liability for the earlier period — enforcement and registration proceed on parallel tracks.

Pre-Registration Compliance: What Must Be in Place Before You Apply

A critical feature of the FIU-IND registration process is that the entity must already be compliant with the PMLA, the Prevention of Money-laundering (Maintenance of Records) Rules, 2005, and the FIU-IND AML/CFT Guidelines before it submits the application. The agency treats registration as recognition of an already-functioning compliance system, not as the trigger for building one. Rule 7(3) of the PMLR empowers FIU-IND to issue guidelines for reporting entities and to scrutinise their transactions — and the registration review is when that scrutiny begins.

In practice this means that before the application is filed, the entity should have: an AML/CFT policy document adopted by the board; a risk-based customer due diligence framework; a transaction monitoring system capable of identifying suspicious patterns; a sanctions screening mechanism against Indian and international lists; record-keeping systems with a five-year retention period per Section 12 of the PMLA; a training programme for employees; and a designated internal audit function. The 8 January 2026 Guidelines have also added live-selfie KYC with liveness detection, geo-tagging of onboarding sessions, penny-drop bank account verification, and the delisting of privacy coins and mixer-related tokens. A platform that is still building any of these components should not submit the application — the review will expose the gap, and the resubmission cycle consumes more time than completing the work first.

The Documentation Package: What FIU-IND Asks For

The registration application requires a specific set of documents organised into corporate, financial, compliance, and operational categories. On the corporate side, the entity must provide a brief description of its services with a clear explanation of how its activities fall within the Department of Revenue notification dated 7 March 2023, a note on corporate structure and beneficial owners (including ownership above the 10 per cent threshold under PMLR Rule 9), copies of incorporation documents, and MCA filings for the last three financial years including annual returns, audited financial statements, and balance sheets.

On the financial side, the entity must submit GST returns for the last three years, income tax returns, and TDS returns specifically for VDA transactions under Section 194S of the Income Tax Act where applicable. On the compliance side, the AML/CFT policy must be filed along with the Designated Director and Principal Officer appointment letters, the board resolution appointing them, and a self-declaration stating that no pending proceedings or criminal cases are pending against the entity or its principal officers. On the operational side, the entity must disclose agreements with any Indian or foreign entity engaged in designated VDA activity — including custodians, liquidity providers, market makers, payment partners, and technology vendors — because these relationships may themselves attract review. Offshore applicants additionally supply jurisdiction-of-incorporation documents, local regulatory approvals, and a written explanation of their nexus to Indian users.

Designated Director and Principal Officer: Two Distinct Roles

The PMLA framework requires two distinct appointments, and understanding the difference matters for compliance-risk allocation. The Designated Director is a senior managerial person — typically a board director or a C-suite executive — responsible for ensuring overall compliance with the Act and the PMLR. The Principal Officer is the operational compliance head, responsible for day-to-day AML reporting, including filing of Suspicious Transaction Reports, Cash Transaction Reports, and NPO Transaction Reports where applicable, and for acting as the point of contact with FIU-IND.

Both appointments must be formally notified to FIU-IND and maintained current through the FINgate portal whenever details change. Both carry personal liability. Under Section 13 of the PMLA, the FIU-IND Director may issue directions and penalties to the reporting entity and also to the persons responsible for its compliance — which in practice means the Designated Director and the Principal Officer. Conflicts of interest between these roles are explicitly prohibited under the 8 January 2026 Guidelines. The Principal Officer should not simultaneously be the business head or sales head; the role requires operational independence. Mis-designation of these roles, or appointing a nominee without real authority, is a pattern that FIU-IND has flagged in its review process and can be a rejection trigger.

The FINgate Portal and the January 2025 Revised Circular

Registration applications are filed electronically through the FINgate portal. The current procedural framework rests on the second revision of the VDASP registration circular, notified on 20 January 2025 (Notification 9-8/2023/COMPL/FIU-IND-Pt-III), which reorganised the documentation requirements and standardised the submission format. The circular consolidates the earlier 17 October 2023 guidance and aligns the process with the FATF recommendations that India committed to implement as part of its 2023-24 FATF Mutual Evaluation cycle.

The FINgate portal supports document upload, application tracking, and ongoing reporting obligations post-registration, making it the single digital interface for reporting entities. Ongoing updates — changes in Principal Officer, ownership changes, corporate restructuring, material changes in business model — must be notified through the same portal. The 8 January 2026 Guidelines have also introduced a requirement that a public summary of the AML/CFT programme be displayed on the reporting entity’s website or app — an unusual transparency obligation that exchanges have navigated by publishing a compliance policy page rather than the full internal framework.

The In-Person Meeting and Live System Demonstration

Unlike many regulatory registrations in India, the FIU-IND process does not end with a documentary review. An in-person meeting with FIU-IND officials is mandatory before final approval, and the meeting is substantive rather than ceremonial. The Designated Director and the Principal Officer, or their authorised senior representatives, appear in person. FIU-IND typically asks detailed questions about the business model, the corporate structure, the jurisdictional nexus to Indian users, and specific compliance controls.

Since the FY 2024-25 period, the scope of the in-person meeting has expanded to include live demonstrations of compliance systems. Applicants are expected to show, not merely describe, their KYC onboarding flow, sanctions screening queries against OFAC, EU, UN, and Indian lists, transaction monitoring alerts for typologies such as layering or structuring, blockchain analytics tools for tracing VDA flows, and FATF Travel Rule compliance for transfers above the originator-beneficiary information threshold (which in India operates with no de minimis cutoff). The FIU-IND Annual Report for FY 2024-25 describes this as moving beyond “paper policies” to “practical evidencing of infrastructure and controls”. The implication for new applicants is clear: presentations built for investor decks are not the language of the FIU-IND review.

Timeline and Common Rejection Triggers

Where the application is complete on first submission, approval timelines fall in the two-to-six-week range. This assumes the documentation is complete, the policies are already adopted, the Principal Officer has been appointed with a proper mandate, the technology systems work as described, and the in-person meeting clears without major concerns. Applications that arrive with gaps — typical gaps being an AML policy adapted from a generic template, a Principal Officer with dual roles, inadequate blockchain analytics, or unclear beneficial ownership structures — are sent back for remediation and the clock resets.

The most common rejection triggers seen in the FIU-IND’s review pattern include the following: misalignment between the stated business activities and the five designated activities under the March 2023 notification, which can signal either incorrect scoping or an attempt to define the business narrowly to avoid registration; conflicts of interest in Principal Officer designation; weak beneficial-ownership disclosure where offshore holding structures obscure ultimate ownership; insufficient evidence of an operational transaction monitoring system; absence of a clear segregation between customer funds and operational funds; inadequate record-keeping for the five-year retention period required under Section 12 of the PMLA; and missing agreements with counterparties, particularly offshore liquidity providers or custodians. Offshore applicants face additional scrutiny on the adequacy of their domestic-nexus documentation — the FIU-IND asks applicants to articulate exactly why they are registering in India, and a general “serving global users including Indian users” framing rarely suffices.

Looking Ahead

The registration process is maturing from a procedural onboarding exercise into a substantive supervisory review. The 8 January 2026 Guidelines have raised the operational bar for applicants by embedding specific technology requirements — live-selfie verification, geo-tagging, penny-drop verification — that were previously industry best practice but are now baseline compliance. The FIU-IND Annual Report for FY 2024-25 indicates that the agency is actively analysing patterns from registered VDASPs to identify criminal typologies, which means post-registration scrutiny is as intensive as pre-registration review.

For founders planning new VDA businesses in India, the lesson from the registered cohort is consistent: allocate three to six months of preparation before filing, not three to six weeks. Treat the Designated Director and Principal Officer appointments as strategic hires with compliance expertise rather than as filings. Build the technology stack with regulatory demonstration in mind. For offshore entities, appoint Indian counsel early and document the domestic nexus carefully. Part Three in this series addresses what happens after registration — the ongoing AML compliance regime, the FATF Travel Rule implementation, the STR and CTR filing cadence, and the enforcement lessons from the Binance, Bybit, and offshore-exchange actions.

Frequently Asked Questions

How long does FIU-IND registration take?
Where the application is complete on first submission and the entity is already PMLA-compliant with an operational AML framework, approval typically takes two to six weeks. Applications with documentation gaps, policy deficiencies, or inadequate system demonstrations are sent back for remediation and the timeline resets. Offshore applicants and entities with complex corporate structures generally take longer than domestic startup exchanges.

What documents are required for FIU-IND registration?
The documentation package includes a description of services and how they fall under the March 2023 notification, corporate structure and beneficial ownership disclosures, incorporation documents, MCA filings for three years, GST returns for three years, income tax and Section 194S TDS returns, the AML/CFT policy document, Designated Director and Principal Officer appointment letters and board resolutions, self-declaration regarding pending proceedings, and copies of agreements with domestic or foreign counterparties in VDA activity.

Who can be a Principal Officer for a VDASP?
The Principal Officer must be a senior management executive responsible for AML compliance and reporting, with operational authority to act on the entity’s behalf before FIU-IND. The 8 January 2026 Guidelines prohibit conflicts of interest — the Principal Officer cannot simultaneously hold business-line responsibility such as sales or customer acquisition. The appointment must be formally notified through the FINgate portal, and any change must be updated there promptly.

Is an in-person meeting with FIU-IND required?
Yes. The registration process requires a mandatory in-person meeting with FIU-IND officials, attended by the Designated Director and the Principal Officer or their authorised senior representatives. Since FY 2024-25, the meeting has included live demonstrations of the KYC system, sanctions screening, transaction monitoring, blockchain analytics, and FATF Travel Rule compliance. The FIU-IND Annual Report describes this as a shift from paper policies to practical evidencing of infrastructure.

Can a foreign crypto company register as a VDASP without an Indian subsidiary?
Yes. The FIU-IND framework operates on an activity basis, and foreign entities servicing the Indian market can register without mandatorily incorporating an Indian subsidiary. However, offshore applicants must clearly document their domestic nexus, appoint Indian counsel and local representatives where required, and satisfy the FIU-IND that compliance with Indian KYC, record-keeping, and reporting obligations can be operationally enforced from the offshore jurisdiction. Registration carries the same ongoing obligations as domestic VDASPs.

---

This analysis was prepared by the Candour Legal Team. Candour Legal is a full-service Indian law firm with offices in Ahmedabad, Delhi, and Mumbai, publishing commentary on digital assets, financial regulation, and cross-border compliance at candourlegal.com.

Further reading in this series

• Part 1 — FIU-IND Registration for Crypto Businesses: Who Needs It and What It Actually Is
• Part 3 — After FIU-IND Registration: Ongoing AML Compliance and Enforcement Lessons from Binance and Bybit
• RBI’s Regulatory Overhaul: New Era in Banking Compliance — on the parallel consolidation of financial-sector compliance obligations.