<h1>Stricter AML/KYC onboarding for virtual digital asset platforms-live selfie, geolocation, IP logs, penny-drop checks; privacy-risk tools barred.</h1> FIU has tightened PMLA-aligned AML/KYC obligations for virtual digital asset service providers by mandating technology-based onboarding controls, including liveness detection through a live selfie and capture of geolocation coordinates, date/time and IP address at account initiation, to verify the applicant's physical presence and origin of access. It has prescribed stronger identity and bank-account verification, including a nominal-value 'penny-drop' transaction and multi-factor verification of email and mobile, to reduce impersonation and use of inauthentic accounts. It has required enhanced due diligence for high-risk clients (including certain foreign-jurisdiction links and politically exposed persons) and periodic KYC refresh (six-monthly for high-risk; annual for others), to escalate monitoring. It has directed that anonymity-enhancing tokens, tumblers/mixers and similar obfuscation tools, and risk-prone token offerings, must not be facilitated, and has mandated client/transaction record retention for at least five years and until investigations close, to strengthen traceability and reporting.