We now live in a world where a US jurisdiction has finalised specific virtual currency licensing laws – as provided by the New York State Department of Financial Service’s “Bitlicence Regulations”.
These regulations have been the result of much debate and lobbying. Many in the Bitcoin community are keen for a category of financial services licence to apply – to provide a form of legitimacy to those that take it up. However, the industry has also been concerned that any such laws should not be ‘heavy handed’ as to stifle innovation in this exciting, but relatively nascent space.
Why should an EU virtual currency business care about US laws?
There are a couple of important reasons as to why NY and other regional Bitcoin style regulations should be closely monitored by persons operating in the EU:
- Many virtual currency payment services are naturally cross border, such that even if a business is not based in the US, it may fall within the territorial scope of such rules.
- As EU and Member State regulators look to implement their own digital currency regulations (see for example, the UK Treasury’s latest response to its Call for Information on Digital Currencies), it is very likely that the NY Bitlicence regulations will be considered and their requirements possibly matched.
What do the NY regulations cover?
In summary, the regulations require that a person carrying on a ‘Virtual Currency Business Activity’ involving the State of New York or a ‘NY Resident’ (as such terms are defined) needs a licence from the NY State Superintendent of Financial Services to carry out such activities.
Subject to certain carve outs and qualifications, these activities typically include:
- receiving virtual currency for transmission;
- acting as a virtual currency custodian for others; and/or
- buying and selling virtual currency / performing ‘exchange services’ as a ‘customer business’.
During the drafting period, there was some limited rollback of the scope of the initially proposed activities, but the final licensable matters still appear very broad.
Once licensed, there are a series of obligations that such a person must comply. The topics of these requirements will be familiar to those who have experience with the authorisation and conduct of business requirements of EU regulated payment service providers. More specifically, many are similar to the requirements commonly associated with the EU PSD and AML rules. In certain areas, however, there are some key points of difference.
What are the main pain points?
Some would say that any regulatory oversight (in any form) is a pain point for a business, but when this phrase is used here, it relates to those compliance requirements which may be different to traditional payment services licensing requirements in the EU.
Here are 5 key areas to bear in mind
1. Unclear Capital Requirements
The NY Bitlicensing regime includes capital requirements – not in itself unusual and to be expected.
What is interesting, however, are the factors by which the capital requirements are based to hold a NY virtual currency licence. In the EU, capital requirements are typically determined by prescriptive amounts and/or relatively certain formulas. Rather, under the NY regulations they focus on many ‘qualitative factors’. In particular, Section 200.8(a) provides (emphasis added):
Each Licensee shall maintain at all times such capital in an amount and form as the superintendent determines is sufficient to ensure the financial integrity of the Licensee and its on-going operations based on an assessment of the specific risks applicable to each Licensee …
There is a list of factors that will be taken into account when determining these requirements, but they do not appear to provide the level of comfort of knowing with certainty (and in advance) what levels of resources are required. Depending on the approach taken by the NY Superintendent’s office when reviewing applications, it may even result in an uneven playing field for operators providing the same service.
2. Regulator approval required for business operations
Again, it is not uncommon for regulators to require transparency into the products and services offered by an authorised entity – but the following strict requirements have the potential to substantially impact a licence holder’s operations:
Each Licensee must obtain the superintendent’s prior written approval for any plan or proposal to introduce or offer a materially new product, service, or activity, or to make a material change to an existing product, service, or activity, involving New York or New York Residents. (Section 200.10(a))
Even though there is a concept of ‘materiality’ built into the above (and it is understood that this should not capture every minor ‘app’ update etc), the test outlined in the regulations for what constitutes ‘materiality’ / ‘material change’ is somewhat unclear and would appear to be a low threshold to meet in an evolving market.
3. No Unlicensed Agents
Section 200.3(b) of the NY regulations prohibits a licence holder from carrying out any licensable virtual currency business activities through an agent or an agency structure – unless that agent is a licencee themselves.
The use of agents is, however, permitted in the EU for certain authorised payment institutions. This is provided that those agents are registered with the supervising regulator. This structure is well established and used commonly by regulated PI money transmitters.
Consequently, the application of this type of prohibition will likely have a substantial impact, particularly if a virtual currency payments business depends on its growth and customer reach to be achieved via an agency network.
4. Overlap of topics found in existing laws
This may be unique to the NY regulatory matrix for financial services, but the regulations set out an extensive range of compliance requirements which cover matters such as: record retention, AML and security programmes.
In the EU, these laws are well established and it is hoped that an EU legislator would be careful to ensure that the laws that apply to virtual currency operators (while tailored to the industry) do not require unnecessary ‘double’ and/or ‘inconsistent’ compliance with existing laws.
5. Overly prescriptive consumer protection measures
The NY Bitlicence regulations also include a section on consumer protection (Section 200.19) which include customer disclosure and terms of business requirements.
Regulated payment service providers in the EU will be familiar with these types of requirements, notably those set out in the PSD. In the NY regulations, however, they are in certain respects very prescriptive.
For example, the requirements for disclosing the risks of using virtual currency are set out in extensive precise detail in the sub-sections of Section 200.19(a). While this kind of approach can be useful for compliance and legal departments to ‘checkbox’ their inclusion, they do run the risk of causing confusion to customers – particularly if the service offered may not carry all of those risks. A principle based approach would more likely be welcomed in the EU with any prescriptive examples of compliance to be included in guidance.
The above highlights why EU operators should be prudent to closely monitor the development of digital currency laws both within and outside their regions – making sure that any lessons learned are factored into their local lobbying efforts.
AJO – EmoneyAdvice Limited
Except where quoted or the context requires otherwise, the above uses the UK English spellings / meanings of ‘licence’ and ‘license’.