Contact Us






* Required Fields. Please note that by submitting your contact information, you are choosing to receive future promotional material from Guidepost Solutions.

Contact Us

Guidepost Solutions Insights

Five Years Later: Evolution of the
NYDFS Virtual Currency Licensing Regime

In the Summer of 2015, the New York State Department of Financial Services (“DFS”) became the first state banking regulator to issue a stand-alone virtual currency regulatory framework (23 NYCRR Part 200).  Prior to the creation of this virtual currency license, also known as the “Bitlicense,” institutions followed different paths to seek approval from the DFS for their crypto-related activities involving New York or New York residents.  Some institutions, like Paxos Trust Company, LLC (f/k/a itBit Trust Company, LLC) and Gemini Trust Company, LLC, sought and received limited purpose trust charters. Others submitted virtual currency applications for money transmitter licenses from the DFS.  Today, 25 institutions have either a virtual currency license, a limited purpose trust charter, or a combination of a virtual currency license and a money transmitter license.

 

Over time, the DFS regulatory framework Bitlicense received certain criticism from the virtual currency industry.  At the same time, under current Superintendent, Linda A. Lacewell, DFS has maintained its focus on financial innovation – in this instance by creating a new section called the “Research and Innovation Division.”  Part of this division’s mission is to “encourage innovations in the financial services marketplace to preserve New York’s competitiveness as a financial innovation hub.”

 

Consistent with this mission, DFS is now implementing key changes to the cryptocurrency licensing regime following its review of the program.  First up is a proposal for a conditional Bitlicense which is designed to encourage early stage crypto businesses to move towards licensing.  Under this program, “new entrants” may collaborate with a financial institution that already has either a Bitlicense or a limited purpose charter from DFS and is thus subject to its regulatory requirements.  The existing licensee would provide the conditional licensee with the operational, staffing, and other support the conditional licensee may need until it can obtain a full DFS virtual currency license or limited purpose trust charter on its own.  The conditional Bitlicense will especially help new entrants who may not meet the DFS’ capital requirements on their own, while ensuring the regulatory guardrails set by the Bitlicense or trust charter are in place.

 

Another interesting update to the DFS virtual currency licensing regime is the proposed  “Greenlist.”  The Greenlist is a proposed DFS webpage, to be updated from time to time, that would contain a list of all coins permitted for entities that have a Bitlicense or trust charter for virtual currency, without DFS’s prior approval, as long as such listed coins had not been subject to any material modification, division, or change after their listing on the DFS webpage.  Additionally, DFS proposed a model framework for the creation by a virtual currency entity of a coin-listing or adoption policy tailored to that entity’s specific business model and risk profile (a “coin-listing policy”) that, if approved by DFS, would enable the entity to “self-certify” the listing or adoption of new coins in addition to those on the Greenlist, without any further approval from DFS.

 

Thus, rather than go through a lengthy DFS review process each time an exchange wants to list a new coin, exchanges can list coins from the Greenlist.  Additionally, where an entity has an approved plan, it can self-certify coins that are not included on the Greenlist.    In order to self-certify though, the institution must first have (and receive approval by DFS of) a coin-listing policy that meets certain stated requirements, such as creating a framework for monitoring the coin.   Moreover, DFS specifically exempts self-certification for privacy coins or any coins that are “designed or substantially used to circumvent laws and regulations.”

 

There are questions about both new initiatives that will likely be answered as DFS receives comments and works to implement these changes.  For example, although DFS has outlined the general parameters for the “conditional licensing” program, some detail remains to be fleshed out. For instance, how will sufficient and/or appropriate collaboration be determined in terms of the service level agreement that will be required between the existing DFS licensee and the conditional applicant?  If the intent is for the applicant to ultimately apply for a Bitlicense, what will be the term lengths for conditional licenses?

 

Similarly, with respect to the “Greenlist,” today, only nine coins are approved for custody and seven coins are approved for listing.  As some coins such as the Paxos Standard and Bitcoin are approved for both uses, that means only nine unique coins are presently listed on the Greenlist.  This number is relatively small when viewed in the context of the more than 5,000 cryptocurrencies available in the open market today.

 

Four Key Takeaways

Debates may arise when it comes to barring all privacy coins from the DFS Greenlist, as well as determining and then barring coins that are circumventing laws and regulations.  What criteria will DFS use to decide which coins fall into the latter category?  In the case of Zcash, which is a privacy coin listed on mainstream exchanges like Gemini, the creators of Zcash recently hired RAND Europe[1] to look at whether Zcash is used for illicit or criminal purposes.  The resulting report found, among other things, that Zcash has a minor presence on the dark web and that “Bitcoin is still perceived to be the dominant cryptocurrency for illicit or criminal activities on the dark web.”

  1. DFS has made clear that it seeks input from virtual currency businesses that are considering expanding into New York before these proposals become a final regulation. Providing feedback around the relationships between the already regulated cryptocurrency business and the applicant could help ensure topics like compliance are taken into consideration.  The DFS is seeking comments through August 10, including but not limited to the topic of “what limits should be placed on the types and levels of services and support a VC entity may provide to a Conditional Licensee.”
  2. Start-ups and other emerging companies should take advantage of a new virtual currency incubator that DFS is setting up in partnership with the State University of New York (“SUNY”). The incubator, also known as “SUNY BLOCK,” is expected to set up a licensed entity that will facilitate the collaboration required for applying for a conditional license.
  3. While existing DFS licensees in the crypto business will have to think carefully about the type of affiliations they undertake with persons or companies seeking to enter the New York market via the conditional Bitlicense, the opportunities may be significant. One example is the partnering of Paxos and Binance to launch Binance USD. There, Paxos created a suite of application programming interfaces (“APIs”) that allow Binance to access customer information from Paxos.
  4. Much like the Know Your Customer (“KYC”) data already gathered and maintained about customers, regulated institutions will also have to perform the appropriate risk-based due diligence on these potential counterparts for the conditional licensees. And the question appears to be open – what if the conditional licensee screws up?   Who will bear the consequences – the conditional licensee?  The partner with the DFS license?  Both?

In sum, DFS reforms to the Bitlicense are welcome, but much remains to be seen as to how they will play out.  Depending on the final state of the conditional license program, existing licensees may wish to consider an independent assessment of potential partners in the conditional license program, in addition to reviewing any new policies created to take advantage of the Greenlist program.  Guidepost will continue to track developments in this important fintech space.

[1] RAND Corporation is a nonprofit public policy research institution.

 


ABOUT THE AUTHORS:

 

Matthew Levine
President, Financial & Regulatory Compliance Services

 

Matt Levine served as Executive Deputy Superintendent for Enforcement for the New York State Department of Financial Services. In this role, he supervised investigations and enforcement actions, including matters involving money laundering, terrorist financing, cybercrime and cybersecurity, virtual currency fraud, market manipulation, and consumer fraud, as well as monitorships implemented by DFS. Matt is a former federal prosecutor and trial lawyer with significant experience involving financial markets and regulatory matters. For nearly a decade, he served as an Assistant U.S. Attorney, first in the District of Columbia and later in the Eastern District of New York. There, he served as Acting Chief of the Business & Securities Fraud Section, supervising federal prosecutors conducting securities fraud, money laundering, cybercrime and other white-collar prosecutions. Matt can be reached at mlevine@guidepostsolutions.com.

 

Paige Mason

Managing Director, Guidepost Solutions

Paige Mason  is a managing director in the Washington, D.C. office at Guidepost Solutions. She works on multiple financial institution matters involving anti-money laundering, Know-Your-Customer regimes, sanctions/embargoes, correspondent banking, and regulatory requirements for fintech companies.

Ms. Mason has extensive experience advising cryptocurrency exchanges on U.S. regulatory regimes. Paige’s work for cryptocurrency exchanges has included drafting policies and procedures around topics such as customer risk rating methodology, transaction monitoring, and compliance governance; working with external counsel on assessing triggers around state licensing and federal registration requirements; creating controls with respect to employee trading on exchanges; performing pre and post operational compliance-related risk assessments; and leading regulatory requirements mapping exercises designed to identify potential gaps in compliance. Paige can be reached at pmason@guidepostsolutions.com.