- New York State Releases Final BitLicense Regulation
- June 15, 2015 | Authors: Michael A. Berlin; Steven M. Felsenstein; Carl A. Fornaris; William B. Mack; Niall E. O'Hegarty
- Law Firms: Greenberg Traurig, LLP - New York Office ; Greenberg Traurig, LLP - Philadelphia Office ; Greenberg Traurig, LLP - Miami Office ; Greenberg Traurig, LLP - New York Office
- On June 3, 2015, the New York State Department of Financial Services (DFS) published its final BitLicense regulation. The regulation requires that firms engaged in “Virtual Currency Business Activity” that involves New York State or a New York resident apply to DFS for a BitLicense within 45 days of its effective date. The comprehensive licensing scheme detailed in the regulation will for the first time subject businesses engaged in a wide range of virtual currency transactions - including transmitting, issuing, and buying and selling virtual currency - to broad state oversight. Such businesses will effectively be overseen in a manner comparable to banks, or securities broker-dealers, and will be subject to a similar array of reporting and other obligations. In light of New York’s new regulatory regime for virtual currency businesses, it remains to be seen whether other states such as California will follow New York’s lead.
Key provisions in the new regulation include:
Capital Requirements. Licensees are required to maintain at all times capital in an amount and form that DFS determines sufficient to ensure “the financial integrity of the Licensee” based on “the specific risks applicable to each Licensee.”
Books and Records. Licensees are required to preserve their books and records in their original or native format for a period of seven years, including those reflecting the details of the Licensee’s transactions and its compliance with applicable state and federal anti-money laundering laws, rules and regulations. Licensees are also required to provide DFS, upon request, with immediate access to their books and records, wherever they are located. They must also submit to examination by DFS at least every two years, or whenever DFS deems it necessary, and examinations may address virtually any aspect of the Licensee’s business, including its financial condition, the policies of its management, and any other matter deemed necessary by DFS to determine the Licensee’s compliance with applicable laws, rules and regulations.
Reports and Financial Disclosures. Licensees must submit to DFS quarterly financial statements and audited annual financial statements, and must immediately report any known violation of law, rule or regulation related to its business activity.
Anti-Money Laundering Programs and Suspicious Activity Reports. Each Licensee must adopt a system of internal controls, policies and procedures designed to ensure compliance with applicable anti-money laundering laws. Each must also submit Suspicious Activity Reports (SARs) in accordance with federal law or, for Licensees not subject to federal SAR requirements, to DFS in such form as it prescribes.
Cyber-Security Program. Each Licensee must establish and maintain a cybersecurity program and designate a qualified employee to serve as its chief information security officer.
Consumer Disclosures. Prior to entering into any transaction with or on behalf of a customer, Licensees must disclose in writing all material risks associated not just with the particular transaction or service, but also with virtual currencies generally.
Prior Approval for Material Changes. Recipients of a BitLicense must obtain prior approval from DFS before introducing or offering any “materially new” product, service or activity, or to make a material change to an existing product, service or activity. Licensees must also obtain prior written approval for any action, including a merger or acquisition, which would result in a change of control of a Licensee. Licensees unsure of what constitutes a “material change” may seek clarification from DFS prior to initiating the change.
This is the third and final iteration of the framework first proposed by DFS in July 2014, and subsequently re-proposed in February 2015, and it preserves many of the core oversight and compliance provisions reflected in the earlier proposals. As we noted in connection with earlier proposed versions, perhaps the most ground-breaking aspect of the new regulation is its requirement that Licensees document the details of virtual currency transactions, including identifying information for all involved parties. This measure will be transformative in a marketplace that has, until now, been characterized by the relative anonymity of its participants. The regulation also requires that every BitLicense applicant provide DFS with extensive financial, operational and other information including, for example, background reports and fingerprints for each of its directors, executive officers, and major stockholders. The sheer volume of required disclosures will impose significant costs on applicants and may inhibit smaller businesses from seeking to become licensed. It will also impose substantial burdens on DFS which, under the regulation, is generally required to approve or deny each application within 90 days of its filing.
Indeed DFS received over 4,000 public comments on its proposed BitLicense framework over the course of its development, many expressing concern that regulation would stifle the range of nascent and promising new business models made possible by virtual currencies. The final regulation does make some attempt to restrict the application of provisions that were widely perceived as onerous. For example, the development and dissemination of software used in virtual currency transactions by those not otherwise subject to licensure will not, by itself, be considered “Virtual Currency Business Activity” requiring a BitLicense. DFS has also made clear that it does not wish to restrict the flow of venture capital into virtual currency businesses and that truly passive investments will not generally trigger the regulation’s change of control provisions. Although the regulation does not define what constitutes a “passive investment,” businesses and investors may apply to DFS for a determination that any investment, including the acquisition of 10 percent or more of a Licensee’s voting stock that might otherwise be construed as a change of control, was in fact made solely for investment purposes. DFS is entitled to examine any relevant factor in making its determination, including whether the investor would be able to direct the management or policies of the Licensee or seek representation on its board of directors. To avoid unnecessary duplication, DFS will generally not require separate applications from those seeking both a BitLicense and a money transmitter license but will instead permit applicants to cross-satisfy many of the requirements under each license. Similarly, Licensees that are already required to file a SAR under federal law will not be required to file a duplicate with DFS.
Ultimately, however, these modest concessions only serve to highlight the expansive scope of the new regulation and the substantial impact it will have on the future development and uses of virtual currencies. That impact will likely extend across national borders as well; on its face the regulation gives DFS authority over virtual business activity that merely “involves New York or a New York resident.” And even if DFS declines to exercise its jurisdictional reach, the regulation will certainly provide a model to regulators in other states and countries seeking to grapple with the rise of virtual currencies.