As regulators and legislators dash to keep up with developments in financial services technology and markets, cryptocurrency remains a central focus. At a recent fintech forum held at Georgetown University, Superintendent Linda Lacewell indicated that the New York State Department of Financial Services (DFS) would be reviewing its existing licensing scheme for cryptocurrency businesses operating in New York. It was
reported that Superintendent Lacewell said, “This is a good time to take a look . . . and see how our regime is fitting the current market and . . . what if any adjustments should we think about making to continue to adapt to sort of a changing industry[.]”
Regulation of Cryptocurrency
After blockchain emerged as an effective mechanism for the exchange of value, Bitcoin (introduced in 2009) became the dominant cryptocurrency. In response to the expanding use of Bitcoin and other cryptocurrencies, as well as misconduct like the collapse of Mt. Gox, state and federal regulators sought to adapt existing regulatory schemes to these developments. In 2013, for example, FINCEN issued
regulations that extended registration and compliance requirements of the federal Bank Secrecy Act (BSA) to cryptocurrency firms. And in 2015, following several public hearings and reports, DFS enacted a comprehensive regulatory scheme to allow for the issuance of a license to operate a cryptocurrency business in New York, known as a “
BitLicense.”
BSA/AML/OFAC Compliance
Central to both the FINCEN and DFS regulations are requirements for compliance with well-established rules to combat money laundering and illicit financial transactions. Both sets of rules require cryptocurrency firms to implement the key pillars of BSA/AML compliance, including “know your customer” rules, transaction monitoring and the filing of suspicious activity reports, where applicable. The DFS Bitlicense goes further to protect markets and consumers — for example, requiring compliance functionality that screens out transactions that violate federal sanctions (OFAC) laws, prevents market manipulation, has mandatory cybersecurity obligations, and imposes requirements for capital reserves and enhanced reporting.
The Regulations Are Working
There is substantial evidence that the federal and state regulations are working. One recent example involves an international criminal enforcement sweep against a child pornography video distributor and its customers. After the distributor was arrested in South Korea in 2018, law enforcement authorities used the proprietary Chainalysis software to analyze blockchain transactions and map out both the contributors and users of the child pornography website. This information allowed
criminal investigators to contact cryptocurrency exchanges for more information on the wallet addresses sending a crypto payment to the video site. Because compliant cryptoexchanges will have performed competent Know Your Customer processes, some were able to provide copies of identification, addresses, and other relevant transactions associated with those accounts to law enforcement. As a result, the U.S. Justice Department
charged more than 35 individuals who either contributed or purchased child pornography from the video site.
In New York, DFS has now granted licenses to operate a cryptocurrency business to 22 different firms. Experience to date suggests these entities are growing and maturing in this regulated environment. (
See, e.g., “Gemini Launches Custody Product With 18 Cryptos Including Ethereum Tokens.) Apparently, though, not every firm deserves a license — as DFS strongly stated in its rejection this year of the BitLicense application submitted by Bittrex. After a lengthy review, DFS determined that Bittrex’s compliance program failed to meet the necessary KYC, transaction monitoring, and sanctions filtering requirements, among other apparent deficiencies. (
See “DFS Denies the Application of Bittrex, Inc. for New York Virtual Currency and Money Transmitter Licenses.) Keeping out non-compliant businesses is both good for protecting consumers and markets, and for preserving a level playing field for entities able to achieve mandated compliance.
Criticism of Federal and State Regulations
Unsurprisingly, there has been criticism leveled against the FINCEN regulations and DFS Bitlicense. Some have taken issue with the broad applicability of both sets of regulations. Others find fault with the $5,000 application fee for the New York Bitlicense or argue that other requirements of the license are too onerous. Despite criticism, the regulators are not going away. At the same Georgetown University conference, the head of FINCEN, Kenneth Blanco,
reportedly told the audience that “[t]he expectation is that you will comply with existing regulation… Whether you’re stablecoin, centralized, decentralized – [it] doesn’t matter. You’ll still have to be able to comply.” That being the case, regulators should still make good faith efforts to be forward-looking.
Next Steps for Regulators
Most would agree that no regulatory scheme is perfect; many would also agree that no regulator requires perfection from the entities it supervises. Accordingly, efforts by regulators to synthesize regulations and set out the ground rules in a clear fashion remain necessary for fintech businesses to thrive. Recent efforts by FINCEN to provide more systematic
guidance to crypto businesses and the suggestion by DFS that it will take another look at its Bitlicense, are thus welcome. So is the effort by the Conference on State Banking Supervisors to devise a model payments law that may encompass cryptocurrency transactions.
Expecting dramatic change is unrealistic. As noted above, FINCEN intends to remain focused on BSA/AML compliance by fintechs and crypto businesses. DFS Superintendent Lacewell reportedly indicated that the current Bitlicense regime is “working well” and that the audience should not “get too excited” about major alterations to the licensing regulation. That said, Superintendent Lacewell said that DFS “wants to hear from industry participants to see what improvements, if any, the agency could implement. This is a good time for existing cryptocurrency businesses, or start ups, to jump right in.