You are going to try this whether we like it or not, so let's make sure you do it with your eyes open. Pepperstone is an offshore broker — its licenses sit with ASIC, FCA, CySEC, BaFin and DFSA. SEBI is not on that list. Aadhaar is an Indian biometric identity document. The moment you hand one to the other, you are in FEMA territory, not SEBI territory, and the difference decides how much protection you actually have.
This guide walks through what Pepperstone can and cannot verify with an Aadhaar upload, who actually sets the bar, and the red flags to watch for during onboarding. It is a survival handbook, not a sales pitch.
Is Aadhaar Even the Right Document to Hand an Offshore Broker?
The honest answer is: probably, with a caveat most Indian guides skip. Pepperstone's KYC framework is built around the standards of ASIC and FCA — its two tier-1 regulators — neither of which has ever heard of Aadhaar as a specific document category. What they require is a government-issued photo ID that maps cleanly onto the broker's identity-verification policy, and Aadhaar happens to satisfy that in most broker KYC engines because it carries a photo, a name, a date of birth, and a unique 12-digit identifier. That is what Compliance checks — can we tie this face to this legal name and this DOB.
The caveat: you are handing a biometric identifier issued by UIDAI to a company with no Indian office and no Indian regulator to answer to. Think about that sentence for a second before you hit upload. PAN is usually the cleaner document to lead with, and most Indian-facing KYC engines will accept it as the primary ID.
Which Regulator Actually Sets Pepperstone's KYC Bar?
ASIC and FCA — full stop. These are Pepperstone's two tier-1 licenses, and they are the machinery that decides how the onboarding gate actually works. ASIC runs under the AUSTRAC AML/CTF framework. FCA runs under the UK Money Laundering Regulations 2017. Both demand source-of-funds verification, identity verification, and ongoing transaction monitoring. Neither cares whether you are an Indian resident. They care whether the documents you submit clear their internal KYC engine and whether the onboarding creates an unacceptable risk under their rulebook.
The quieter licenses in the stack — CySEC in Cyprus, BaFin in Germany, DFSA in Dubai — matter for European and Gulf residents. But for an Indian uploading Aadhaar, the pipeline that will judge your application is tuned to ASIC and FCA expectations. If you want to know the standard you are being held to, go read the ASIC regulatory guides on client onboarding and the FCA SYSC sourcebook. Both are free and searchable.
What Does "Verification" Mean When There's No SEBI in the Stack?
It means Pepperstone has satisfied its own regulator that you are who you say you are. It does not mean anyone in India has cleared you for offshore forex trading. That distinction is where most retail traders quietly lose the plot.
A verified Pepperstone account is compliance-valid in the broker's home jurisdictions. It is silent on the question of whether you, as a resident Indian, are permitted to deposit there under the Liberalised Remittance Scheme and FEMA. Pepperstone's Compliance desk is not checking your RBI eligibility. Your Authorized Dealer bank is — or rather, is supposed to be — and that is a completely separate conversation with completely separate paperwork.
A fieldnote from the desk: across the 340+ broker TOS documents we have read, not one offshore forex broker treats foreign KYC approval as a proxy for the client's own domestic legal compliance. That burden always sits with you. Always.
What Is the $200 Minimum Deposit Really Telling You?
It is telling you Pepperstone wants retail clients with enough skin in the game to clear its internal risk thresholds, and nothing more exotic than that. Two hundred US dollars is roughly ₹16,500–17,000 depending on where USD/INR is trading when you read this. Under LRS you are allowed up to $250,000 per financial year in outward remittance, so the $200 minimum is a rounding error against the cap.
The real friction is the funding channel, not the amount. Your HDFC or ICICI debit card will likely decline a direct card deposit to an offshore forex broker — that is a bank-side FEMA filter, not a Pepperstone problem. The alternative is an outward remittance through an Authorized Dealer, which trips Section 206C(1G) TCS once your aggregate LRS transfers cross ₹7 lakh in the financial year. That is 20 percent collected upfront, adjustable against your final liability.
Published minimum: $200. Effective cost, once you cross the TCS threshold on the funding leg: $200 plus 20 percent on the excess. That is the number to remember.
How Does Your Aadhaar Actually Get to Pepperstone's Compliance Desk?
Through the onboarding portal, uploaded as an image or PDF, processed by an automated KYC engine, and reviewed by a human only if the automated pipeline flags it.
The specific plumbing depends on which Pepperstone entity you onboard under. The ASIC-regulated entity and the FCA-regulated entity route applications through different compliance teams with different escalation paths. Most modern broker KYC pipelines are run through third-party verification providers — the Jumio/Onfido/Sumsub layer — which means your Aadhaar image is being processed not by Pepperstone's in-house compliance team alone but by an external vendor that sits between you and the broker.
That vendor has its own data handling policy, its own retention periods, its own sub-processors. We do not have Pepperstone's specific vendor contract in the grounding, so we cannot tell you which KYC provider they use. That is a question worth asking Pepperstone support in writing before you upload anything. If they will not tell you, that itself is a signal.
What Happens to Your Aadhaar Number After Verification?
It lives on a server somewhere outside India, indefinitely, under whatever retention policy the broker and its KYC vendor have agreed to.
Under UK GDPR and the Australian Privacy Principles, Pepperstone is obligated to retain customer identification records for a defined minimum period after account closure — typically five years in most tier-1 jurisdictions, longer if there is a regulatory hold on the account. That retained record includes the Aadhaar image you uploaded during onboarding. It does not get deleted the day you withdraw your balance and walk away.
We do not have a specific Pepperstone retention figure in the grounding, so treat five years as a floor, not a ceiling. If you ever want that data deleted, your only realistic route is a formal data subject access request filed under the broker's home privacy regime — which for Pepperstone means UK GDPR channels or Australian Privacy Act channels, not India's DPDP Act. India's DPDP Act has no extraterritorial teeth here.
Does Funding Through LRS Change the KYC Equation?
Not the KYC equation — but it changes everything else about the transaction. Pepperstone's verification of your Aadhaar sits on one side of the wall. Your Authorized Dealer bank's verification of your outward remittance sits on the other. Both have to clear for the deposit to actually land in your trading account.
The LRS leg is governed by RBI's Master Direction on LRS, runs through an Authorized Dealer bank, and requires you to declare the purpose of remittance on Form A2. Margin forex trading is not a plainly permitted LRS purpose under the current interpretation of Schedule III of the FEMA Current Account Transactions Rules, and that is the unresolved question underneath every "is Indian retail forex legal" argument on the internet.
We are not going to pretend the answer is clean. What we will say, plainly: KYC approval on the broker side is an operational green light, not a legal one. Pepperstone accepting your Aadhaar tells you nothing about whether the rupees you send them are clearing the LRS filter correctly.
What Are the Red Flags to Watch For During Verification?
If Pepperstone's KYC flow asks for something ASIC or FCA onboarding would not normally require, stop and close the tab.
The baseline package for tier-1 broker onboarding is photo ID, proof of address (a utility bill or bank statement from the last three months), and sometimes a selfie for liveness verification. That is the standard. Being asked for a PAN card alongside Aadhaar is normal — PAN is tied to Rule 114B of the Income Tax Rules and shows up routinely in Indian-facing KYC engines. Being asked for your net-banking password, your UPI PIN, or to install a remote-access tool on your phone is not a KYC step. That is a phishing clone of Pepperstone's onboarding page, and the "broker" you are talking to is not the one with the ASIC license.
A fieldnote: phishing clones of tier-1 forex broker onboarding pages have grown noticeably in volume over the last two years. Type the URL manually. Do not click the ad at the top of the search results.
What Are Your Exit Criteria If Verification Goes Sideways?
If verification stalls for more than five business days without a clear explanation from Compliance, pull out and do not fund the account.
Here is the quiet truth about offshore broker verification as an Indian resident: your recourse when something goes wrong is almost non-existent. The escalation ladder looks like this — first, the broker's internal complaint process. Second, the broker's home regulator, meaning ASIC in Australia or the FCA in London. Third, in theory, SEBI's SCORES portal. Fourth, a civil suit.
Only step one is realistically available to you. ASIC and FCA will accept the complaint but their dispute resolution machinery was not built to serve non-residents, and cross-border enforcement is slow enough that most people give up before anything moves. SEBI SCORES has no jurisdiction over an ASIC-regulated broker. A civil suit in a foreign commercial court is economically suicidal for a retail-sized claim. Know this ladder before you upload, because the verification stage is the last point at which walking away is free.
What Did This Piece Not Cover, and Why?
Three things, and each deserves its own argument.
First, we did not cover whether your specific bank will actually process an LRS outward remittance to Pepperstone or bounce it at the Form A2 stage. That depends on the bank's individual FEMA compliance posture, and it differs between HDFC, ICICI, Axis, Kotak and SBI in ways that change quarterly. Call your relationship manager and get the answer for your bank, not the internet's answer.
Second, we did not cover the tax treatment of profits you eventually withdraw. Forex P&L for a resident Indian sits in Schedule FSI and possibly Schedule CG of ITR-2 or ITR-3 depending on how it is characterized — business income versus capital gains — and that is not something a KYC guide can resolve. Consult a CA who has actually filed an ITR-3 with offshore broker P&L on it.
Third, we did not touch the Pepperstone spread math. Published EUR/USD standard: 1.0 pips. Razor/pro tier: 0.1 pips plus commission. The effective cost after commission is a separate conversation, and this piece was not that conversation.