New York (More) Open for (Crypto) Business: NYDFS Proposes Important Changes to the BitLicense
Since finalizing the “BitLicense” regulatory regime in June 2015, the New York Department of Financial Services (NYDFS) has granted only 25 licenses. This underscores how the BitLicense regulatory framework has been a barrier to entry for a vast majority of the cryptocurrency industry. As highlighted in our June 27 blog post, NYDFS has implemented and proposed several reforms hoping to remedy this. These reforms include a streamlined application process, 21 new publicly available FAQs for “virtual currency businesses,” a proposed rule to offer a conditional BitLicense, and a final rule implementing a new approved coin listing policy framework.
Expedited Application Review, FAQs, and the Conditional BitLicense
NYDFS has proposed procedural changes to the application process to make the process more transparent and efficient. Under the proposal, NYDFS would review only applications that (1) contain all required documents, and (2) those documents are “adequate on [their] face.” If, upon further review, the application is incomplete or inadequate, NYDFS would cease its review until the errors are corrected. For incomplete applications, NYDFS would continue to issue deficiency letters but will limit the number of letters for any given set of requirements in order to minimize an applicant’s administrative burden.
NYDFS has also published a set of FAQs that answer important table-setting questions for applicants. Among other topics, the FAQs discuss which entities are subject to licensure, which are not, capital and bond requirements, and the regulation of stablecoins.
NYDFS is also proposing a new rule—and seeking comments on it—that would allow virtual currency companies to offer their services in New York more easily. According to the “Proposed Framework for a Conditional BitLicense” (Conditional BitLicense), an entity seeking a BitLicense would be authorized to collaborate with a current licensee (or holder of a New York limited purpose trust charter) for various services and support so that the applicant can begin offering its services in New York before obtaining its own BitLicense. Such services and support to be offered by the existing licensee include capital, personnel, and IT infrastructure. Applicants would be expected to share their service level agreements and business plan with their licensed partner and to enter into a supervisory agreement with NYDFS, among other requirements. The public comment period is open until August 10. Comments should be sent to email@example.com.
Overview of the Coin Listing Guidance
The streamlined application review procedures and clear FAQs are welcome developments, but the “Guidance Regarding Adoption or Listing of Virtual Currencies” (Guidance) may have the greatest effect on the New York market. As a result of the Guidance, regulated virtual currency businesses will be allowed to offer coins that are: (i) self-certified pursuant to a compliant coin listing policy discussed below; (ii) approved by NYDFS specifically; or (iii) otherwise included on NYDFS’s “Greenlist” based on criteria discussed below.
Self-Certification: To self-certify that a specific coin is eligible for use in New York, a licensed virtual currency business must implement a coin listing policy that establishes certain governance, risk assessment, and monitoring procedures. With respect to governance, the licensee’s board of directors must approve the coin listing policy, review and approve or reject the listing of every new coin, review the policy annually, and report noncompliance to NYDFS, among other things. To meet the risk assessment requirements, the virtual currency business must “perform a comprehensive risk assessment” that includes due diligence on the coin’s issuer, the coin’s purpose and governance, regulatory risks, and risks resulting from defective coding or technical upgrades, among others. Effective monitoring requires periodic re-evaluation of specific coins when material changes to their code or ecosystem have occurred, among others.
Greenlisted Coins: In addition to a framework for private companies to self-certify compliant coins, NYDFS is implementing its own framework to “greenlist coins for wider use.” To that end, NYDFS will maintain a list of all coins it has approved or that have been self-certified. Any coin approved by NYDFS or by three different and unrelated private entities for a specific use will be included on the Greenlist and thus may be adopted by other virtual currency businesses for that specific use six months after the coin is added to the Greenlist. For all of its coins, a virtual currency business “must provide their customers appropriate written disclosures regarding the coins they offer for use and must indicate to their customers whether a coin is drawn from the Greenlist, added through self-certification, or added through specific DFS approval.”
NYDFS will evaluate the Greenlist periodically and remove certain coins if material changes have occurred that necessitate removal. The frequency and level of scrutiny NYDFS will apply to a specific coin will be “tailored to the risk level of the particular coin,” but all coins will be reviewed at least annually.
Potential Compliance Challenges Posed by the Coin Listing Guidance
The coin listing requirements may seem fairly general and, in some cases, typical of financial institutions, but some may pose material compliance challenges. For instance, the Guidance precludes the listing of any coin that “may facilitate the obfuscation or concealment of the identity of a customer.” Therefore, “no privacy coin can be self-certified.” Neither the Guidance, the FAQs, nor NYDFS’s existing regulations defines the term “privacy coin,” however, no examples are given. Given the lack of clarity and the broad guidance, coins that use or have the ability to use zero-knowledge proofs (among other privacy features) may be considered privacy coins; such coins could not be self-certified. This restriction could also create confusion over specific coins that apply zero-knowledge proofs to certain transactions but not to others.
Another compliance challenge is the prohibition on coins “used to circumvent laws and regulations.” The Guidance provides “gambling coins” as an example, but does not clarify whether coins used in commercial activities that comply with state law but not federal law are precluded. For instance, various digital assets are designed to facilitate payments for state-lawful cannabis products. Such coins may be barred by the Guidance.
Critically, the Guidance provides little detail on one of the most challenging requirements: reviewing whether a coin is in compliance with federal securities laws. Many articles, briefs and legal assessments have been written about the morass created by trying to apply the “Howey” Test to digital assets. Despite general SEC guidance, this is an uncertain area, which creates substantial risk for coin issuers and exchanges because selling a coin that is considered to be a “security” can trigger criminal penalties. The Guidance’s reference to compliance with SEC regulations and concerns with “price manipulation” appears to touch on these concerns, but without shedding any light on this critical issue. Having a Greenlist of approved coins could provide some comfort for many coin issuers who have issued and managed their coins in good faith yet still operate under a cloud. However, it is doubtful that merely being greenlisted by the NYDFS would constitute a true “safe harbor” from SEC enforcement actions.
Among other notable potential challenges are the requirements that the listing company consider:
- a coin’s mitigation process that enables the reporting of defects to the coin’s senior management. Such a requirement may be difficult for coins created by and operating on public blockchains, particularly highly decentralized ecosystems;
- a coin’s compliance with federal, state and local laws and regulations, including regulations imposed by FinCEN and CFTC, among other agencies. The application of these various federal laws are not always clear, especially with respect to the emerging area of digital assets. Moreover, compliance monitoring challenges would be influenced by the type of network on which a coin operates. Monitoring actors participating in decentralized public blockchain would be much more difficult than monitoring compliance of entities operating on a permissioned blockchain; and
- the market risks, including concentration of coin holdings or control by a small number of individuals or entities, price manipulation, and fraud, and the impact of the coin’s wider or narrower adoption on market risks. Absent further guidance, it is unclear how much concentration or control is too high, or how to evaluate the risk of wider adoption on market risks.
New York may be more open for virtual currency business than it has been over the last five years, but compliance challenges still remain. Industry participants thinking of entering the New York market should consider carefully the new opportunities created by the coin listing policy and the potential proposed Conditional BitLicense. For additional insights into these developments, please contact any of the authors.
 A long line of judicial decisions and agency rulings since the enactment of the Securities Act of 1933 discuss what is meant by the term “investment contract.” The Supreme Court in its seminal case SEC v. Howey held that an investment contract was a “contract, transaction or scheme whereby a person invests his money in a common enterprise and is led to expect profits solely from the efforts of the promoter or a third party.” SEC v. Howey, 328 U.S. 293, 299 (1946).
 Framework for Investment Contract Analysis of Digital Assets, Securities and Exchange Commission (April 3, 2019).