NYDFS Announces Final Bitlicense Framework for Regulating Digital Currency Firms 

Benjamin M. Lawsky, Superintendent of Financial Services, today announced the release of the New York State Department of Financial Services’ (NYDFS) final BitLicense – the first comprehensive framework for regulating digital currency firms.

The BitLicense – which is the product of a nearly two-year-long NYDFS inquiry – contains key consumer protection, anti-money laundering compliance, and cyber security rules tailored for digital currency companies.

Superintendent Lawsky also delivered remarks today at the BITS Emerging Payments Forum in Washington, DC regarding the final BitLicense and payments regulation – the text of which can be found below.

---

 

Superintendent Lawsky ’s Remarks at the BITS Emerging Payments Forum
Washington, DC
June 3, 2015

As Prepared for Delivery

Thank you for inviting me to speak with you here today.

I’d like to start these remarks with some broader thoughts on digital currencies, the payments system, and regulation.

Then I’d like to conclude with an update on the New York State Department of Financial Services’ BitLicense framework for regulating virtual currency firms.

***

As some of you may know, I will be departing the New York State Department of Financial Services (DFS) later this month – after four years serving as the agency’s first superintendent.

It has been a pretty eventful four years.

Now, if you asked me back when I took this job in 2011 what I thought we would be working on during my tenure – digital currency would not exactly have been at the top of the list.

Anti-money laundering enforcement? Yes

Electronic trading issues? Absolutely.

Mortgage servicing? For sure.

But crytocurrency?

Looking back, that was a bit of a surprise.

However, on the plus side, now I know what a Dogecoin is – not that it comes up much at dinner parties.

***

In many ways, the fact that we found ourselves working on an issue as unexpected as digital currency speaks to the extraordinarily dynamic nature of the financial markets and financial technology right now.

The pace of change is only going to accelerate in the years to come. And regulators need to be ready to meet that challenge.

The emergence of digital currency and other new forms of payments technology represent an important test for financial regulators such as NYDFS.

We have a responsibility to regulate new financial products in order to help protect consumers and root out illicit activity. That is the bread and butter job of a financial regulator.

However, by the same token, we should not react so harshly that we doom promising new technologies before they get out of the cradle.

Getting that balance right is hard, but it is key. At NYDFS, we’ve faced similar issues in the past as we’ve licensed new payment firms like Square or new insurers like Oscar. We want to promote and support companies that use new, emerging technologies to build better financial companies. We just need to make sure that we put appropriate regulatory guardrails in place.

Indeed, it was interesting to see that some responded to the emergence of digital currencies with calls to “ban Bitcoin.”

That is a curious concept – banning Bitcoin.

How exactly does someone go about banning computer code?

The answer, of course, is that you cannot

Financial regulators and policymakers need to recognize that when it comes to digital currencies and other new payments technology – the genie is already out of the bottle.

And those that try to turn back the clock risk facing the same fate as the Luddites.

The question, then, is how exactly, in practice, regulators should balance their responsibility to protect consumers and root out fraud – while still permitting beneficial innovation to proceed.

We can tell you, from experience, setting the exact contours of the new rules of the road in these areas is extraordinarily difficult.

Regulators are not always going to get the balance precisely right.

Much like some startups – there are going to be some false starts.

Over the next 5, 10, 15 years, and beyond – you are going to see, I think, a fine-tuning and shaking out of digital currency regulation across the country and across the globe.

But we need to begin somewhere.

And we need to approach these exceedingly complex questions with an appropriate sense of humility as regulators.

The jury is still out on how we have met our regulatory test. And I don’t think we will know how we did for some time.

But, we hope, the work NYDFS and other regulators have done will be a good start.

***

With that in mind, I’d like to share (with the benefit of hindsight) a few, brief lessons we have learned at NYDFS from our experience working on digital currency regulation.

I hope that these lessons will be helpful and informative to future policymakers. Not only in the area of digital currency – but also for a broad range of new financial technologies.

To start, as I previously noted, we had no inkling whatsoever back when we formed DFS that digital currency regulation would become a major issue facing our Department.

Frankly, we also had little to no expertise among our examiners in this area.

But we did have a specific legal responsibility to act because we believed that several firms could be engaging in money transmission – which is an activity that is regulated by our Department, as well as other states.

The first instinct among some at NYDFS was to shoehorn these new digital currency firms into our old money transmission rules.

However, state money transmission rules date back to the civil war – when there was barely mass communication, let alone an Internet.

And it became increasingly clear to us that such an approach simply would not work.

Digital currency was unlike anything we had ever seen before. It wasn’t exactly Western Union.

Indeed, we began to ask ourselves questions like: How exactly do you set capital requirements for a “money transmitter” that holds digital currency, which many do not even consider “money?”

After a lot of discussion, we decided that we would instead launch a broad-based fact-finding inquiry into digital currency before making any final decisions.

To that point, when facing new financial technologies, it is very important for regulators to look before they leap.

Attempting to force novel technologies and business models into existing regulatory boxes – simply because “that is the way it has always been done” – may not be a sensible approach. We need, at times, to be more creative than that as regulators – even if it takes us outside our comfort zone.

***

Similarly, regulators also need to realize their own limitations; recognize what they do not know; and keep an open mind when approaching new technologies.

As you can probably imagine, people do not generally go into a career in financial regulation because they want to work on the cutting edge of technology.

So, it is important for regulators to work quickly, but carefully, to learn everything they can about these new technologies as they emerge.

I had a similar experience personally.

I’ll be honest; I hadn’t even heard the word Bitcoin until early 2013 in the context of the banking crisis that occurred in Cyprus.

And, at first, the whole concept struck me as a little bizarre.

However, the more we dug into it, the more interesting and promising it seemed.

We hadn’t originally appreciated how the Bitcoin blockchain represented a major advance in cryptography, which could have significant applications in a multitude of areas.

That the technology underlying Bitcoin could be used not just as a currency, but potentially as a means to transfer all manner of personal property (such as deeds) securely over the Internet.

That – when it comes to Bitcoin – platforms could be built upon platforms could be built upon platforms by future innovators.

Frankly, we do not know what digital currency is going to look like in five or ten years – and there are a lot of interesting possibilities.

There might be – at the very least – a kernel of something here that has a profound impact on the future of payments technology and the financial system. Regulators are not always the experts on such matters, but my gut now is that it’s likely.

So, as a regulator, even if a concept strikes us as a bit bizarre based on our past experience or work, it is important that we keep an open mind.

***

I’d like to next turn to the question of the relationship between regulators and technologists – and the need for greater dialogue and understanding between the two.

In many ways – I think it is fair to say – right now it often feels like regulators are from Mars and technologists are from Venus.

What we are currently seeing is the collision of a very tightly regulated financial sector and a much more lightly regulated technology sector.

That is manifesting itself in the financial technology business, as well as a range of other areas, such as ride and home sharing companies.

That collision isn’t always going to be pretty at first.

But we – both regulators and technologists – have a responsibility to find common ground and work together in good faith.

There are two sides to that coin, of course.

Regulators should not simply ban or dismiss technology that they find unfamiliar. Or work to protect entrenched incumbent companies – which is the very definition of regulatory capture.

That said, technologists also have a responsibility of their own to meet. They cannot simply ignore the rules they do not like and try to create “facts on the ground.”

Generally speaking, consumer protection rules exist for good reason.

And to the extent that they need to be updated, regulators should move quickly, but carefully, to do so.

Regulators can certainly be slow in responding to new technologies – no doubt. And technologists are right to call them out on it and put public pressure on them when they are dragging their feet. In particular, if those delays are intended to help protect entrenched incumbents.

But that is not an excuse for ignoring or violating the law.

We are still in the early innings of this collision of regulation and financial technology.

And I think things will improve with time as we foster greater dialogue and understanding.

But I think both sides – regulators and technologists – could benefit from taking a moment and trying to put themselves in the shoes of their counterpart across the table.

And then work together, in good faith to better serve consumers.

***

I’d like to turn now to the BitLicense.

Today, we are issuing the final BitLicense framework for regulating virtual currency firms.

This framework is the product of a nearly two-year-long regulatory inquiry that the New York State Department of Financial Services (NYDFS) began in 2013. In fact, this is the third and final version of the regulation we have put forward.

Over the course of our inquiry, we have received an immense amount of public feedback, which we believe significantly improved the final product.

Indeed, the second version of the regulation we put forward incorporated a number of substantial changes from our initial draft in response to those comments. In particular, we sought to help provide an on-ramp for start-ups – while still ensuring robust standards for consumer protection, cyber security, and anti-money-laundering compliance.

The third and final version does not include the type of major changes we saw in the last round. However, we did want to make several points clear today in order to allay various concerns we have heard during the public comment period.

To that end, we wanted to make crystal clear that:

• First, companies will not need prior approval for standard software or app updates – only for material changes to their products or business models. (A good example of a material change would be if a firm that was licensed as a wallet service decided to begin offering exchange services. We have no interest in micro-managing minor app updates. We’re not Apple.)
• Second, we have no intention of being a regulator of software developers – only financial intermediaries. For example, students or other innovators who are simply developing software and are not holding onto customer funds are not required to apply for a BitLicense. There is an important reason for making this distinction when a company becomes a financial intermediary: There is a basic bargain that when a financial company is entrusted with safeguarding customer funds and receives a license from the state to do so – it accepts the need for heightened regulatory scrutiny to help ensure that a consumer’s money does not just disappear into a black hole.
• Third, we are not going to require a duplicative set of application submissions for firms that want both a BitLicense and a money transmitter license. Firms will be able to cross-satisfy many of those license requirements. Companies will be able to work with us to have a “one-stop” application submission that covers all the bases they need.
• Fourth, companies that already file suspicious activity reports (also called “SARs”) with federal regulators such as FinCEN do not have to file a duplicate set of those same SARs with our agency. Our goal is to avoid duplication where possible. And we generally already have access to that information when we need it through information sharing arrangements with federal regulators.
• Fifth, companies also would not need prior approval from NYDFS for every new round of venture capital funding. Generally, a company would only need prior approval if the investor wants to direct the management and policies of the firm (which is known as a “control person” in regulatory jargon). In other words, that provision is not targeted at truly “passive investors.”  The notion of approving a “control person” is pretty standard in the regulation of financial companies and is generally intended to help stop known fraudsters from having direct access to customer funds. Large new investors (i.e. those with a 10 percent or more stake) would simply need to document and demonstrate that they are not going to have such a role. Additionally, under the regulation, simply because someone sits on a company’s board does not necessarily mean they are considered a control person.

We understand, of course, that we are not going to satisfy everyone with these new regulations.

Some have even suggested removing all anti-money laundering requirements for certain financial companies involved in digital currency, which we do not believe is warranted.

Again, we recognize that we are not going to please everyone. That is the nature of regulatory oversight.

For example, when we write new regulations for Wall Street, if the banks are completely happy with something we’ve drafted, it probably means we haven’t done our jobs right.

Our goal, as always, is to be sensible and fair.

We are excited about the potential digital currency holds for helping drive long-overdue changes in our ossified payments system. We simply want to make sure that we put in place guardrails that protect consumers and root out illicit activity – without stifling beneficial innovation.

Ultimately, we think regulation is important to the long-term health of the virtual currency industry.  Building trust and confidence among consumers is crucial for wider adoption. It also helps attract additional investment.

Digital currency companies have already sought to work with us to put in place consumer and anti-money laundering protections. In fact, one firm recently received a New York State charter to operate under the banking law. And we expect additional companies will follow in the weeks and months to come – whether under the banking law or through the BitLicense.

This is a critical and exciting time in the broader evolution of the payments system. Virtual currency is a novel field for regulators and everyone – including our office – must be willing to take a hard look at how these new rules are working when they are put into practice.

We have never claimed to have a monopoly on the truth. And regulators must always be willing to course correct when necessary.

However, it is our hope that digital currency and other innovations in payments technology – together with prudent regulation – will help deliver better service and lower costs to customers over the long term.

As we have noted in previous contexts, I think it would shock most consumers to learn that – at its core, despite modest improvements – our bank payments has changed little since it was created four decades ago in the 1970s.

And it generally takes you longer to transfer money electronically than it would to physically transport that cash to another state or country.

In a world where information travels around the globe in a matter of milliseconds, it can often take several days to transfer money to a friend’s bank account.

In an age of smart phones and on-demand technology, we still have a disco-era payments system.

That needs to change and we are starting to see real efforts at improvements.

We need to recognize that our children and their children will not hesitate to bank and live their entire financial lives online.

And in the online world, people expect near-instantaneous execution.

Just think about how mad we all get when our Netflix connection buffers even for a few minutes.

The same standard will apply to how we make our car payments or send money to a friend. Of course, we still need to ensure that those transactions are safe and properly filtered from a compliance perspective.

While it is by no means assured, perhaps the emerging financial technologies we are seeing today will help drive innovation and bring our country’s payments system into a bright new era.

That is certainly our hope at DFS.

Thank you again for inviting me to speak with you today – and I look forward to answering your questions.

 

Source: DFS – NYDFS Announces Final Bitlicense Framework for Regulating Digital Currency Firms

---