NYSDFS - BitLicense 101

New York State Department of Financial Services was founded on 2015 and since then there are many debates about them and their purpose.

  • There are positive signs that new AML laws are having a positive impact
    Their most recewnt move was to introduce BitLicense.
  • In general regulators think of the BitLicense and a way to introduce reasonable measures to control and reduce the risks that are related to transmitting and owning cryptocurrency. Opponents see it as intrusive, made to targeting crypto start-ups and that it is violating user privacy.

    Dominant factors like cost and privacy are NYDFS BitLicense reasons why may are reluctant to acquire it. It’s thirty pages log application [linkmissing]and application fee is around US$ 5000 this sound reasonable but the main problem is that gathering and organising all the informations with lawyer services make costs stack so it can cost up to US$ 100,000, it’s also kive personal information about business history and about the history of owners operators and so far compliance with Anti-Money Laundering (AML) and Know Your Customer (KYC) & Enterprise Fraud Prevention (EFP) regulations.

    One problem that applicant also encounter that raises cost is that virtual asset business must also have and qualified Chief Information Security Officer, written compliance and anti-fraud policies and disaster recovery procedure (so business customers would lose their money) which many of business in crypto world don’t have.

    These laws are made in the same way as in classical (non-crypto) businesses need to follow applied by the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN), and should generally apply to any virtual asset service provider in the U.S.A. this is a possible way to prevent new QuadrigaCX exchange fiascos.

  • BitLicense As a Way to Prevent Fiascos
    When we look at wide picture of BitLicence requirements as they are quite rigorous we can feel that any entity which has a BitLicense is reliable and here to stay.

    This will be in future a factor that will give problems to exchanges that they can not become big unless they pass gate of BitLicense. In turn Owners will be much safer and will be protected from losing money.

  • Mean to Fight AML, CFT & EFP
    Regulations are set in place to protect and to give institutions a framework i.e. without regulation and following compliance, cryptocurrencies are getting used a way of easy money laundering, financing of terrorisam, tax evasion, and other criminal activities...

    Anonymous nature of cryptocurrencies with easy international transfers and a lack of law enforcement to follow and catch illegal activities in numerous cases results that countries with lax or non-existent AML and KYC crypto-regulation have a significantly higher occurrence of financial crime and money laundering activity. There is a problem with BitLicense as it’s not created for small companies and it’s very hard for them to be part of it. In essence this means that small companies with weak security and no contingency plans be permitted to control consumer financial assets.

    This in term means that there is a need for a regulation that will cover part of small companies, and give them a milestone at which stage they need to be compliant with which laws. The license application, needs to reflect the asset size of the crypto-entity applying.

    This might allow for the smaller businesses and start-ups to break into the regulatory framework, without overtaxing the respective entities available resources.

  • Summary of BitLicense Framework


  • Compliance
    Compliance in cryptocurrencies a very complex and that is the reason why Welles Partners made software to make it easy as it can differ between countries and if you are compliant with the laws of one country that doesn’t mean that you are compliant with in other countries.

    For a BitLicense is in essence good way for USA and is a long, demanding, expensive process, and for these reasons can be accomplished only by larger, well-funded companies.

    Also, any future “material change” to the approved entity must have a consent from NYSDFS, to include Mergers and Acquisitions deals. This requirement is different from from any requirement for businesses doing in FIAT currencies.

    Company must be compliant with all applicable federal and state laws, rules, and regulations and have written compliance policies in order to receive a BitLicense the Licensee. Company also need to keep cryptocurrency transaction ledger for up to seven years, and customers’ sensitive information such as physical addresses, bank statements, and names of parties to the transactions must also be recorded and made available to the NYSDFS upon request.

  • Capital Requirements
    Company that want to get the license must maintain a certain amount of assets and a guarantee for their “financial integrity and ongoing operation” the amount is based on a number of factors and its determined my NYSDFS department executives These factors include the composition of the Licensee’s total assets and liabilities, the actual and expected volume of the Licensee’s “Virtual Currency Business Activity,” and the types of products or services to be offered.

  • Custody and Protection of Customer Assets
    To protect customers assets the company must maintain a surety bond or trust account in USD, in an amount determined by the NYSDFS and if the company holds, stores or maintains custody of a clients’ Virtual Currency (VC), the Licensee must be able to match the type and amount they are holding, and cannot sell or transfer the clients’ VC without direct permission.

  • Material changes to business
    Without NYSDFS approval The Company doesn’t have rights to introduce new products, services, or activities, or make material changes to existing products, services.

  • Change of control; mergers and acquisitions
    Need NYSDFS explicit approval.

  • Books and records
    The Company must make, keep, and preserve (in their original format) all of its’ ledgers and records for a minimum of seven years. The Department of Financial Services must be allowed immediate access to “all facilities, books, records, documents, or other information maintained by the Licensee or its’ Affiliates.” Complete list of requirements for record keeping look at Article 200.12 f the BitLicence regulation.

  • Examinations
    The Company will be checked by the NYSDFS on period no bigger than two years so they can ensure the company is in a healthy financial condition, strong safety and soundness practices, and its complete compliance with these regulations.

  • Reports and financial disclosures
    Pey year 4 time i.e. quarterly financial statements and audited annual financial statements must be submitted to the NYSDFS. Details look at Article 200.14.

  • Anti-Money Laundering program
    The Company must have a written anti-money laundering policy and must have procedures to monitor for suspicious activity that might signify money laundering, tax evasion, or other illegal or criminal activity, filing SARs when appropriate.

    The company must notify NYSDFS of any transactions that exceed US$10,000 in one day by one person, even if the transactions are crypto-to-crypto and must have a KYC program for the identification and verification of account holders.

    Customer Due Diligence (CDD) must be performed to verify a customer’s identity before on-boarding and Enhanced Due Diligence (EDD) is required for high-risk customers, high-volume accounts, accounts on which a SAR has previously been filed, or accounts involving foreign entities. The Companymust also check customers against the OFAC SDN list.

  • Cybersecurity program
    The Company must establish and maintain an effective cybersecurity program to protect the confidentiality, integrity, and accessibility of its’ data. The Company must appoint a Chief Information Security Officer (CISO) to oversee, implement and enforce the policy. The CISO will prepare a report for the Department every year, assessing the program and proposing how it will address any liabilities.

  • Business continuity and disaster recovery
    The Licensee must have a written Business Continuity Plan (BCP) and Disaster Recovery (DR) plan to ensure their availability and functionality if there is ever an emergency situation that would otherwise disrupt their normal business activities. This plan should be tested annually at the minimum.

  • Advertising and marketing
    The phrase “Licensed to engage in Virtual Currency Business Activity by the New York State

    Department of Financial Services” must be included in all advertisements. The Licensee must keep all advertising and marketing materials for a minimum of seven years.
    • + “Virtual Currency is not legal tender; is not backed by the government…”
    • + “The volatility and unpredictability of the price of Virtual Currency relative to Fiat Currency may result in significant loss over a short period of time…”
    • + “The nature of Virtual Currency may lead to an increased risk of fraud or cyber attack…”
    • + The company must disclose:
      • - general terms and conditions,
      • - terms of transactions,
      • - provide receipts upon completion of any transaction,
      • - establish a written anti-fraud policy
    For more look at Article 200.19 of the BitLicense regulation text.

  • Consumer protection
    The Licensee must disclose all material risks associated with its’ products, services, and activities, as well as the risks associated with virtual currency in general, prior to any type of transaction with a customer. This includes, but is not limited to, disclosure statements such as:

  • Advertising and marketing
    The phrase “Licensed to engage in Virtual Currency Business Activity by the New York State Department of Financial Services” must be included in all advertisements. The Licensee must keep all advertising and marketing materials for a minimum of seven years.

  • Complaints
    The Company must have written policies and procedures to resolve complaints in a fair and timely manner. Part of this policy includes adding the Company, as well as the Departments’, mailing address, email address, and telephone number online for the receipt of complaints.

  • Severability
    If a court deems any portion of the BitLicense regulatory text or the way it has been applied to specific Companies invalid, that does not invalidate the entire document.

  • Inspections
    The License requires financial report four times per year, annual audits and inspections.

Prev Next