As bitcoins and other virtual currencies continue to gain more attention, AFP will provide updates on the latest news surrounding these new forms of payment.
The New York Department of Financial Services (DFS) has released the details of its proposed BitLicense regulatory framework. If passed, New York would become the first state in the U.S. to directly regulate virtual currencies.
The proposal includes consumer protection, anti-money laundering and cybersecurity rules for virtual currency businesses. It is the result of an almost yearlong DFS inquiry, which included a number of public hearings held in January 2014.
Benjamin M. Lawsky, Superintendent of Financial Services, said that the goal of the framework is to protect consumers and root out illicit activity, without stifling the innovation of virtual currencies. “Setting up common sense rules of the road is vital to the long-term future of the virtual currency industry, as well as the safety and soundness of customer assets,” he said.
Under the new framework, “BitLicenses” will be required for firms engaged in the following virtual currency activities:
- Receiving or transmitting virtual currencies on behalf of consumers
- Securing, storing, or maintaining custody or control of virtual currencies on the behalf of customers
- Performing retail conversion services, including the conversion or exchange of fiat currencies or other value into virtual currencies, the conversion or exchange of virtual currencies into fiat currencies or other value, or the conversion or exchange of one form of virtual currency into another
- Buying and selling virtual currencies as a customer business
- Controlling, administering, or issuing a virtual currency. (Note: This does not refer to virtual currency miners.)
DFS noted that the licenses are not required for merchants or consumers that utilize virtual currencies solely for the purchase or sale of goods or services, or for firms chartered under the New York Banking Law to conduct exchange services and are approved by DFS to engage in virtual currency business activity.
Key requirements for firms holding Bitlicenses:
- Firms must hold virtual currency of the same type and amount as any virtual currency owed or obligated to a third party. Companies are also prohibited from selling, transferring, assigning, lending, pledging, or otherwise encumbering assets, including virtual currency, it stores on behalf of another person. Each licensee must also maintain a bond or trust account in United States dollars for the benefit of its customers in such form and amount as is acceptable to DFS for the protection of the licensee’s customers.
- Upon completion of a transaction, customers must be provided receipts with specific transaction information.
- Firms must establish and maintain written policies and procedures to resolve consumer complaints.
- Consumers must be notified about potential risks associated with virtual currencies.
- In order to combat money-laundering, firms will maintain information for all virtual currency transactions, including the identity and physical addresses of the parties involved, the amount or value of the transaction, the date the transaction occurred, and a description of the transaction.
- When opening accounts for customers, firms verify their identity, maintain records of the information used to verify such identity, and check customers against the Specially Designated Nationals (“SDNs”) list maintained by the U.S. Treasury Department’s Office of Foreign Asset Control (“OFAC”).
- Firms must monitor for transactions that might signify money laundering, tax evasion, or other illegal or criminal activity and notify DFS of any suspicious transactions. Licensees must also notify DFS of any transactions or any series of transactions in excess of $10,000 in one day.
- Firms must maintain a cybersecurity program designed with the ability to identify internal and external cyber risks, protect systems from unauthorized access or malicious acts, detect systems intrusions and data breaches, and respond and recover from breaches, disruptions, etc.
- Each Licensee must designate a qualified employee to serve as its Chief Information Security Officer (“CISO”) responsible for overseeing its cybersecurity policy.
- Examinations of licensees will be conducted whenever necessary, but no less than once every two calendar years.
- Firms are required to keep certain books and records, including transaction information, bank statements, etc.
- Each firm must submit quarterly financial statements to DFS within 45 days of the close of its fiscal quarter. Each firm must also submit audited annual financial statements.
- Necessary capital requirements will be determined by DFS based on a variety of factors, including the composition of the firm’s total assets and liabilities, whether the licensee is already licensed or regulated by DFS, the amount of leverage used by the firm, the liquidity position of the firm, and the extent to which additional financial protection is provided for customers.
- Each Licensee must designate a qualified individual or individuals responsible for coordinating and monitoring compliance with NYDFS’ BitLicense regulatory framework and other applicable laws.
- Firms shall establish and maintain a written business continuity and disaster recovery plan.
- Firms must promptly notify DFS of any emergency or other disruption to its operations that may affect its ability to fulfill regulatory obligations.
- Applications for the license will be accepted beginning on the date the proposed regulations become effective. Businesses already engaged in virtual currency activity will have a 45-day transitional period to apply for a license from that date.
The proposed DFS rules will be published in the New York State Register’s July 23, 2014 edition, which begins a 45-day comment period. Following the comment period, the rules are subject to additional review and revision based on feedback.
“We recognize that—as the first state to put forward specially tailored rules for virtual currency firms—continued public feedback will be an important part of finalizing this regulatory framework. We look forward to carefully and thoughtfully reviewing public comments on our proposal,” Lawsky said.