NY Proposes Bitcoin Regulations

Framework Includes Anti-Money-Laundering Provisions
NY Proposes Bitcoin Regulations

The banking industry is watching closely as the New York State Department of Financial Services proposes a groundbreaking "BitLicense" regulatory framework for virtual currency businesses that's designed to help fight fraud.

See Also: Insider Insights for the PCI DSS 4.0 Transition

The framework, which has been in development for almost a year, contains consumer protection, anti-money laundering and cybersecurity rules tailored for virtual currency, such as Bitcoin, state officials say.

"We have sought to strike an appropriate balance that helps protect consumers and root out illegal activity - without stifling beneficial innovation," says Benjamin Lawsky, superintendent of financial services. "Setting up common sense rules of the road is vital to the long-term future of the virtual currency industry, as well as the safety and soundness of customer assets."

One key provision, designed to crack down on money-laundering risks by ending the anonymous use of the online currency, would require virtual currency firms to track the identity and physical addresses of the parties involved in a transaction; the amount or value of the transaction; the date the transaction was initiated and completed; and a description of the transaction.

The proposed virtual currency rules for businesses were published in the New York State Register on July 23. After a 45-day public comment period, the rules will be subject to additional review and revision before they're finalized.

The Move to Regulate Bitcoin

New York is one of the first states to start looking into how to regulate virtual currencies, says Nathalie Reinelt, an analyst at consultancy Aite Group. Two other states have already taken action.

Texas has issued a memorandum stating that the Department of Banking views virtual currencies as existing outside established financial institution systems. "Exchanging virtual currency for sovereign currency is not currency exchange under the Texas Finance Code," says Charles Cooper, the state's banking commissioner. "Because neither centralized virtual currencies nor cryptocurrencies are coin and paper money issued by the government of a country, they cannot be considered currencies under the statute."

On June 28, California Governor Edmund Brown signed into law AB 129, which makes "clarifying changes to current law to ensure that various forms of alternative currency such as digital currency, points, coupons, or other objects of monetary value do not violate the law when those methods are used for the purchase of goods and services or the transmission of payments," according to an analysis of the bill.

Analyzing NY's Framework

New York's move to regulate virtual currency businesses is a positive sign to consumers, Reinelt says. "Those who want Bitcoin to go mainstream see this move as a positive one, because consumers will remain reluctant to try Bitcoin unless there are some consumer protection policies in place, shielding them from [breaches]," she says (see: Bitcoin: Mitigating the Risks).

"From the consumer protection standpoint, these regulations are a good step in the right direction," Reinelt says. "Bitcoin purists, however, feel that these regulations undermine the entire premise of Bitcoin's genesis and do not see these moves as favorable."

Financial institutions are closely watching the proposed New York regulations, says Doug Johnson, vice president and senior advisor for risk management policy at the American Bankers Association. "[Banks] have customers coming in and asking about Bitcoin, and it's hard to address some of their questions," he says.

New York's regulations are a welcome start in attempting to understand the technical and other issues involved, Johnson says. "The technical aspects do create some concerns," he says. "Folks have lost money because of the fact that somehow Bitcoins themselves were either lost or stolen."

Institutions are also realizing that, over time, a larger number of retailers are going to be accepting Bitcoin and other virtual currencies. "What are the implications of that? What do banks need to do to respond to that? I don't have the answers to those questions. It's still very early."

The proposed New York regulations would hold virtual currency firms to many of the same standards as banks, Reinelt says. "If virtual currency firms are held to the same standards as traditional banks, they can no longer provide a differential value proposition, e.g. anonymity. What would be the incentive for consumers to abandon their banking relationships for a virtual currency platform?"

New York, if it adopts the regulations, will set the trend for governments to bring Bitcoin into the mainstream, says Al Pascual, a security and fraud analyst at Javelin Strategy and Research. "The only way to achieve that was to eliminate any vestige of anonymity that lent itself to criminal money laundering and terrorist financing - which is what we see from this framework," he says.

"While the actual level of anonymity of Bitcoin is debatable, New York is [considering] effectively transforming a libertarian experiment into a legitimate payment mechanism that represents significantly less risk to the heavily-regulated financial services industry," Pascual says.

Jim Harper, global privacy counsel at the Bitcoin Foundation, a not-for-profit organization that promotes the currency, said in a recent interview that the proposed New York regulations would be burdensome on Bitcoin businesses. One requirement, which deals with collecting physical addresses of the parties in all transactions, "is generally inconsistent with the way Bitcoin works today," Harper said.

In a blog posted to the Bitcoin Foundation website, Harper also expressed concern about the brief comment period of 45 days. "The DFS ... took more than six months to put together its 'BitLicense' proposal, and these are New York's financial regulation experts," he wrote. "It seems like the public - non-experts, including startups and small businesses around the nation and world who might want to serve New York customers - should have at least that long to digest the proposal and comment."

BitLicense Details

Organizations impacted by the proposed new BitLicenses in New York would include those firms engaged in the following virtual currency businesses:

  • Receiving or transmitting virtual currency on behalf of consumers;
  • Securing, storing or maintaining custody or control of such virtual currency on the behalf of customers;
  • Performing retail conversion services or the conversion or exchange of one form of virtual currency into another form of virtual currency;
  • Buying and selling virtual currency as a customer business; or
  • Controlling, administering or issuing a virtual currency.

Under the proposed regulations, all virtual currency businesses operating in New York state would need to have a cybersecurity program. The proposed regulatory language notes: "Each licensee must maintain a program designed to perform a set of core functions," which include identifying internal and external cyber risks, protecting systems from unauthorized access or malicious acts and detecting system intrusions and data breaches.

In addition, applicable businesses would have to "designate a qualified employee to serve as the licensee's chief information security officer," who is responsible for overseeing and implementing the cybersecurity program.

The regulations also would require that virtual currency firms collect and maintain key transaction information for anti-money laundering compliance purposes. This includes knowing the identity and physical addresses of the parties involved in the transaction; the amount or value of the transaction; the date the transaction was initiated and completed; and a description of the transaction.

Virtual currency firms subject to the proposed guidelines would be examined by the Department of Financial Services no less than once every two calendar years, state officials say.


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.