Introduction

On February 4 2015 the New York State Department of Financial Services (DFS) issued a revised version of its proposed 'BitLicence' regulatory framework for public comment.(1) The DFS issued its original version of the proposed BitLicence rules on July 17 2014.(2) According to DFS Superintendent Benjamin Lawsky, the revised regulations address public comments to the original regulations and clarify certain provisions.

Under the original regulations, the proposed BitLicence rules would require a new licence for any entity engaged in a "virtual currency business activity" (a licensee) and would impose new requirements in connection with consumer protection, anti-money laundering and cybersecurity, as well as certain other obligations (for further details please see "Licensing requirements for businesses engaged in virtual currency activities proposed"). While some applauded the effort of the DFS to bring virtual currency, particularly bitcoin, activities into the mainstream of financial regulation, the breadth and detail of the proposed regulatory framework go well beyond traditional money transmitter licensing and will pose substantial challenges for companies attempting to offer new virtual currency-related businesses in New York. Lawsky acknowledged in a speech to the Bipartisan Policy Centre that "there are some specific areas of the regulation that are somewhat stronger or more robust for virtual currency firms than those for other financial institutions", but also indicated that DFS is considering using these more stringent provisions as "models for our regulated banks and insurance companies".(3) Thus, while the DFS has responded to comments on a number of key elements of the original regulations and has taken steps to make the revised regulations more workable for the industry, other issues remain, such as a broad definition of 'material changes' to a licensed business that require prior agency approval.

The update examines some of the revised regulations' more salient changes to the original regulations.

Applicability

Under the original regulations, any entity engaged in a "virtual currency business activity" would be required to register as a licensee. The revised regulations modify the definitions of 'virtual currency business activity' and 'virtual currency' to clarify – and narrow – the scope of activities that are subject to the licensing requirement.

Definition of 'virtual currency'

The revised regulations specifically exclude gift cards from the definition of 'virtual currency'. The term 'gift card' is defined broadly for this purpose and covers both open-loop and closed-loop "electronic payment devices".

Under the original regulations, digital units that are used solely within online games and have no market or application outside the games were not deemed to be virtual currency. The revised regulations expand this exclusion to cover gaming units that may be redeemed for real-world purchases, provided that the gaming units themselves cannot be converted into legal tender or virtual currency.

Under the original regulations, digital units that are used exclusively as part of a customer affinity or reward programme were not deemed to be virtual currency, provided that the units could not be converted into legal tender. The revised regulations narrow this exclusion by providing that these digital units also must not be convertible into virtual currency, although they do permit the rewards units to be redeemed for units of another affinity or rewards programme.

Definition of 'virtual currency business activity'

The DFS responded favourably to comments that the regulations should not apply to businesses that utilise the 'public ledger' functionality of protocols such as bitcoin for purposes other than moving money. Therefore, the revised regulations exclude entities that receive or transmit virtual currency for "non-financial purposes" in a "nominal amount" of virtual currency.

The revised regulations now provide that the "development and dissemination of software" is not a virtual currency business activity.(4)

Additional exemption

The revised regulations also specifically exempt entities that hold virtual currency for "investment purposes" from the licensing requirement.(5)

Application processing

Conditional licences

The revised regulations give the DFS the flexibility to issue a new conditional licence, which would generally be valid for up to two years, for applicants which do not satisfy all of the BitLicence requirements. The conditional licence could be made subject to a variety of limitations at the discretion of the DFS and would be subject to extension or cancellation. Lawsky explained in his Bipartisan Policy Centre speech that the purpose of the conditional licence is to provide start-ups with flexibility "as they build up their operations".

Background checks

The revised regulations limit the application of employee background checks, which had been broadly proposed to apply to all employees, to apply only to those with access to customer funds.

Change of control

The revised regulations add a specific process to request a determination by the DFS that a proposed transaction does not constitute a change of control (eg, the DFS determines that the person is purchasing the licensee's stock solely for passive investment purposes).

Tax verification

An applicant must now provide verification to the DFS that it is compliant with all New York state tax obligations.

Application fees

The revised regulations specify that an application will cost $5,000, instead of an amount set at the discretion of the DFS, as originally proposed.

Capital requirements

The revised regulations have relaxed certain capital requirements. Under the original regulations, a licensee could invest its retained earnings and profits only in certain enumerated investment types, such as government bonds or securities, with maturities no greater than one year. In contrast, the revised regulations permit licensees to invest in any "high-quality, highly liquid, investment-grade assets" in proportions acceptable to the DFS. However, it is unclear how the deletion of bank deposits, which were enumerated in the original regulations, will be treated under this rubric, since they generally do not receive investment ratings; but presumably bank deposits should be eligible for this purpose. In addition, virtual currency holdings may now count towards a licensee's capital requirements.

Consumer protection

The revised regulations continue to require licensees to maintain US dollar bonding or trust funds and capital for the benefit of customers, but further provide that trust funds may be maintained only with 'qualified custodians'. This term is limited to certain regulated financial institutions, such as trust companies and banks, located in New York and approved by the DFS.

The revised regulations no longer provide a blanket right for consumers to claim compensation from the licensee's bonding or trust funds for all "fraud".

Books and records

The revised regulations reduce the applicable recordkeeping requirements from 10 years to seven years.

Anti-money laundering compliance

Records of virtual currency transactions

While the original regulations required licensees to provide the identity of and physical addresses for all parties – including non-customer counterparties – to a transaction, the revised regulations require licensees to obtain the information only for their own customers, although licensees must provide information on non-customer counterparties "to the extent practicable".

Customer identification programme

The revised regulations require licensees to verify the identity of a customer when either opening an account or establishing a service relationship (the latter being a new requirement). The revised regulations do not specify what would constitute a 'service relationship' for this purpose.

Compliance testing

The revised regulations clarify that internal anti-money laundering compliance reviews must be independent of line operations to qualify as an alternative to an external review.

Cybersecurity

The revised regulations require a licensee's chief information security office to review and update the licensee's cybersecurity programme annually. However, licensees are no longer required to engage a third party to conduct a review of the source code of the licensee's proprietary software, one of the most controversial aspects of the original regulations.

Next steps

The public may submit comments for 30 days after publication of the revised regulations in the New York State Register, which occurred on February 25 2015.

For further information on this topic please contact David E Teitelbaum or Joel D Feinberg at Sidley Austin LLP by telephone (+1 202 736 8000) or email (dteitelbaum@sidley.com or jfeinberg@sidley.com). The Sidley Austin website can be accessed at www.sidley.com.

Endnotes

(1) The revised regulations are available here. A comparison of the revised regulations to the original regulations can be viewed here.

(2) The original regulations are available here.

(3) Lawsky made these remarks during a speech to the Bipartisan Policy Centre in Washington DC in December 2014. A transcript of the speech is available here.

(4) In his Bipartisan Policy Centre speech Lawsky stated that the DFS intended to regulate only "financial intermediaries" rather than software developers, and acknowledged that some were concerned that the original regulations would apply to software developers such as mobile wallet developers.

(5) In his Bipartisan Policy Centre speech Lawsky stated that virtual currency miners would not be required to obtain a BitLicence, but the revised regulations do not explicitly exclude virtual currency miners.

This article was first published by the International Law Office, a premium online legal update service for major companies and law firms worldwide. Register for a free subscription.