On March 11, 2014, the New York Department of Financial Services (“NYDFS”) issued a public order announcing that the NYDFS will consider formal proposals and applications for the establishment of regulated virtual currency exchanges operating in New York. It is expected that the NYDFS will expand its oversight to include those virtual currency exchanges doing business with New York residents. The NYDFS stated that formal proposals and applications may be submitted immediately and may be modified by the applicant through discussions with the NYDFS during the application process to ensure strong legal and operational controls, including anti-money laundering (“AML”), cyber security and consumer protections.
The Order is the NYDFS’ latest step toward regulation following its January 2014 public hearing, which explored potential regulatory frameworks for virtual currency-related transactions. This move by the NYDFS is also a result of recent events, including the collapse of Mt. Gox, the vulnerabilities in the virtual currency markets and the need for stronger oversight through regulation. The NYDFS also stated that it continues to work on regulations, including a “BitLicense” specific to virtual currency transactions and activities, and intends to propose a regulatory framework no later than the end of the second quarter of 2014.
Although the Order does not provide specific guidelines for virtual currency exchange applications and proposals, we expect that the requirements will be similar to money services business, potentially including bond and net worth requirements. Firms should also ensure their proposals include robust internal control systems covering AML, cyber security and consumer protections. Specifically, and similar to other financial institutions covered under the Bank Secrecy Act and its implementing regulations, applicants should establish AML programs tailored to virtual currency transactions that include (i) the development of internal policies, procedures, and controls to combat money laundering; (ii) the designation of a compliance officer; (iii) an ongoing training program; and (iv) an independent audit function to test the program.