On June 3, 2015, the New York State Department of Financial Services (“NYSDFS”) issued its final version of “BitLicense,” a comprehensive regulatory framework for digital currency firms and the first of its kind in terms of state regulation. BitLicense requires financial intermediaries that hold customers’ funds to obtain a special license in order to transact business using digital currency in New York. Recognizing that digital currency is a unique financial technology, NYSDFS noted that BitLicense is an attempt to “put in place guardrails that protect consumers and root out illicit activity – without stifling beneficial innovation.”
Scope of the BitLicense Framework
BitLicense regulates the conduct of businesses transacting with virtual currency. It does not apply to customers, software developers or businesses that merely accept or use digital currency as payment. The regulatory framework applies to activities involving New York or a New York resident, which includes any individual, corporation or entity that resides or is conducting business in New York.
Licensing Requirements and Consumer Protection Regulations
The centerpiece of the BitLicense framework is the BitLicense itself. Under the new regulations, no person or business may engage in any virtual currency business activity in New York state without a license issued from the superintendent of the NYSDFS. To be approved for a license, a potential licensee must pay the $5,000 application fee, and pass a general background investigation into their financial condition, responsibility and experience. The license will issue if the superintendent finds that the licensee will conduct its business “in a manner commanding the confidence and trust of the community.”
Each licensee that is approved by the superintendent is subject to a comprehensive regulatory framework that includes a number of provisions intended to protect consumers using digital currencies. Some of the key requirements include the following:
- capital in “an amount and form as the superintendent determines is sufficient”;
- a surety bond or trust account in United States dollars;
- a cybersecurity program and written policies to protect systems and sensitive customer data; and
- an obligation to disclose “all materials risks” associated with the business to customers.
Anti-Fraud and Anti-Money Laundering Regulations
BitLicense also imposes numerous anti-fraud and anti-money laundering (AML) requirements on licensees. Each licensee must comply with all applicable federal and state laws and regulations, and licensees are required to take a number of affirmative steps to detect and prevent illegal and criminal activity, including appointing a compliance officer to be responsible for the licensee’s compliance with BitLicense and all other applicable laws and regulations. In addition, a licensee must have written compliance policies relating to fraud, AML, cybersecurity, privacy and information security.
In addition to these internal controls, licensees are required to obtain the superintendent’s written approval before making material changes to their businesses, such as offering a materially new product, service or activity or making changes to management. Actions requiring approval of the superintendent also include any action that would result in a merger or acquisition of “all or a substantial part” of the licensee’s assets. Companies do not need the superintendent’s approval to make minor changes, however, such as “standard software or app updates.”
As evidenced by the consistent involvement of NYDFS in recent enforcement actions, implementation of the BitLicense regime will cement the agency’s role in this area and its continued broad interpretation of activity that involves the state of New York under the statute.
BitLicense places a great deal of responsibility on the licensees. The regulations include a number of provisions requiring licensees to actively detect and prevent fraud, money laundering and other illegal and criminal activity. Licensees also have a number of disclosure requirements, to both consumers and regulators. This may have a positive effect on the industry and provide incentive to financial institutions considering whether to develop banking relationships with businesses transacting in digital currency.
NYSDFS also clarified the relationship between BitLicense and federal AML regulations. As noted, BitLicense requires licensees to comply with all applicable federal and state laws and regulations. In order to avoid duplicative efforts, businesses that file suspicious activity reports with federal regulators will not need to file separate reports with the NYSDFS, and firms that want a BitLicense and a money transmitter license will not be required to file two sets of applications.
Although New York is the first state to enact a regulatory framework for digital currency firms, it is unlikely to be the last. In California, the State Assembly recently approved a bill that would regulate digital currency firms like banks, and North Carolina’s House of Representatives and Banking Commissioner have sought to enact similar regulations for digital currency firms. New York’s BitLicense framework will likely serve as a basis for future regulatory action in other states as digital currency becomes more accepted in the marketplace.