Indian crypto exchanges are required to maintain KYC records for 5 years

May 3, 2022

By Sharan Kaur Phillora

CERT-In has caused quite a stir with the announcement of its new cyber security guidelines on 28 April 2022. The release calls for reporting of any cyber security incident, including data breaches, within 6 hours of noticing the incident to the Indian Computer Emergency Response Team (CERT-In). 

Here’s what we know:

The virtual asset service providers, virtual asset exchange providers and custodian wallet providers are required to maintain all information obtained as Know Your Customer (KYC), and records of financial transactions for a period of 5 years.

CERT-In has been allowing industries to report the incidents within a reasonable time so timely actions could be taken, but in the light of identifying some gaps which cause hindrance during the analysis of a security incident, a new set of guidelines have been issued. 

In order to attend to these unidentified gaps, it has decided to issue directions related to information security practices, procedures, prevention, response, and reporting of cyber security incidents under sub-section (6) of section 70B of the Information Technology Act, 2000.

All service providers, intermediaries, data centers, body corporates and Government organizations are mandated to enable the logs of their ICT systems and maintain them for a period of 180 days. Indian jurisdiction will maintain the same. 

  • Data Centers, Virtual Private Server (VPS) providers, Cloud Service providers and Virtual Private Network (VPN) service providers are required to register information like, validated names of subscribers, validated address and contact numbers, etc., for a period of 5 years or longer. 
  • The virtual asset service providers, virtual asset exchange providers and custodian wallet providers are required to maintain all information obtained as Know Your Customer (KYC), and records of financial transactions for a period of 5 years.

These rules will be in effect after 60 days from the issue of the release.  

CERT-In serves as the national agency for performing multiple cyber security functions in the country under the Ministry of Electronics and Information Technology. Like any other country’s Computer Emergency Response Team (CERT), CERT-In analyzes cyber threats and handles the cyber incidents which are reported to it.

 


About the author

Sharan Kaur Phillora’s thirst for knowledge has led her to study many different subjects, including NFTs and Blockchain technology – two emerging technologies that will change how we interact with each other in the future. When she isn’t exploring a new idea or concept, she enjoys reading literary masterpieces.

Share
Leave a Reply