As the final version of the New York Bitlicense will roll out within the next 2 weeks, bitcoin startups are gearing up to enter the U.S. market. The Bitlicense will provide some much-needed legal certainty and will address heads-on the specific (1) consumer protection, (2) money-laundering and (3) cyber-security issues posed by digital currencies, the three pillars the Bitlicense regulation is built on.
1. Consumer Protection
As always, consumer protection begins with telling customers about the potential risks associated with your activities. Among the potential risks to disclose are the irreversibility of bitcoin transactions, price volatility and whether losses due to fraudulent or accidental transactions will be reimbursed. Another important restriction, for the purpose of consumer protection, is the prohibition for bitcoin startups to act as banks by lending bitcoins of one customer to another.
2. Money-Laundering
Money-laundering compliance will require (1) keeping track of all transaction information (identity and physical address of the parties; amount, value, denomination involved; method of payment; description; date initiated and completed); (2) verify customer identity and; (3) monitor and report illegal activities to the New York State Department of Financial Services (NY DFS). Unsurprisingly, transactions of $10,000 in value must be reported within 24 hours.
3.Cyber-security
A bitcoin licensee will also need to maintain a sophisticated cyber-security program. Penetration testing will be required at least annually and vulnerability assessments, at least quarterly.
Security & Compliance Officers
Specific employees will need to be designated for these tasks. A Chief Information Security Officer (CISO) will be needed to oversee, implement and enforce the cyber-security program while a Compliance Officer, will have the broader responsibility of monitoring compliance with the Bitlicense framework.
Beyond the New York Bitlicense
Importantly, the Bitlicense will not preempt the field. Bitcoin startups will still need to comply with existing laws. Virtual currency exchange would likely require meeting the requirements of qualified custodians. Some like Itbit might choose the path of obtaining a trust charter. This approach holds the promise of operating legally in all 50 states by obtaining a trust charter in any one state – New York in the case of Itbit. Itbit relies on how the trust charter regulations were applied to traditional exchanges to infer that the exact same application is warranted in the case of digital currencies. This is sound reasoning. But, nothing will stops states outside of New York from requiring additional licensing from Itbit, especially if customers complaints flood their respective financial services departments. If so, this would substantially diminish the benefit of going the trust charter route.
Another approach would require obtaining money transmitter licenses from every state in which your company desires to do business. This approach has the merit of establishing a clear roadmap to a legally sound U.S. entrance. However, the license requirements vary significantly from state-to-state. Although operating in a few states will be an options for many, a full scale US operation would likely price out a great number of startups because the cost of compliance with 50 different rules, some applying to all customers, others to be applied only to the customers of a given state, would require a highly sophisticated and cumbersome compliance and monitoring program.
A notable exemption to money transmitter regulation exists for those acting solely as payment processors. Structured the right way, this exemption may lead to tremendous innovation in this market in view of the lower legal barrier to entry. Regardless, even those whose activities are circumscribed to payment processors may well be regulated by the Bitlicense scheme.
We’ll cover the final Bitlicense regulation once it is released, which should occur within the next two weeks.
