RIP BitLicenses? New York Legislator Proposes Potential BitLicense Alternative for Cryptocurrency Users
The bill, A9899, would bring all cryptocurrency businesses that engage in activity involving New York or a New York resident under the auspices of New York Banking Law Section 9, and potentially replace New York’s “BitLicense” system.
New York currently regulates cryptocurrency businesses under 27 NYCRR 200 (promulgated by the New York Department of Financial Services), which provides a framework for licensing any such virtual currency business and includes frameworks for compliance, capital requirements, protection of customer assets, and changes to the business. The regulations require any person or entity engaging in virtual currency business activity involving New York or a New York resident to obtain a "BitLicense". The regulations define "virtual currency business activity" as any of the following: (1) receiving virtual currency for transmission or transmitting virtual currency other the transmission of a nominal amount of virtual currency for non-financial purposes; (2) storing, holding, or maintaining custody or control of virtual currency on behalf of others; (3) buying and selling virtual currency as a customer business; (4) controlling, administering, or issuing a virtual currency; or (5) performing exchange services (the conversion of traditional currency into virtual currency, vice versa, or the conversion of form of virtual currency to another) as a customer business. To obtain a “BitLicense,” businesses must pay a fee and have a compliance officer responsible for making sure the firm is in compliance with its BitLicense rules, and all other applicable federal and state laws that apply to bitcoin. The DFS BitLicense regulations went into effect in June 2015 and fewer than 10 BitLicense have been issued under that regulatory scheme.
The new bill will instead create an audit regime, requiring a cryptocurrency business that engages in cryptocurrency business activity involving New York or a New York resident be audited regularly by public or third party depository services. The bill defines "cryptocurrency business activity" in largely the same manner as the term "virtual currency business activity" is defined in 27 NYCRR 200. The audit required under the bill will: (1) ensure that the cryptocurrency business has established security protocols to safeguard it from theft; (2) ensure that the business has established and maintained a fund insuring a portion of their account holder's assets by the Securities Investor Protection Corporation or by an insurance carrier approved by DFS; and (3) regularly examine the business's holdings to ensure proper ownership of assets. Successfully passing such an audit will result in the business receiving digital New York Seal of Approval as a means of assuring to customers that the business has passed its audit and is trustworthy and securely holds customer assets. Finally, the new bill provides that any cryptocurrency business that is required to be audited shall not be required to pay a licensing fee in order to conduct business.
At present, cryptocurrency businesses and investors are regulated by a patchwork of laws and regulations issued by various state and federal entities. DFS, for example issued, on February 7, 2018, guidance to all “virtual currency business entities” which emphasized that those entities are required to implement fraud prevention and response measures (including a written policy) as well as remain vigilant against market manipulations and immediately report any such wrongdoing to DFS.
Arent Fox’s Privacy, Cybersecurity & Data Protection group will continue to monitor developments in this area. If you have any questions, please contact Eric Biderman, Jake Gilbert, or the Arent Fox professional who usually handles your matters.
- Related Practices