On February 7, 2018, the New York State Department of Financial Services (NY DFS) issued guidance to all virtual currency businesses that maintain a “BitLicense” or that are chartered as a limited purpose trust company under New York Banking Law (collectively, VC Entities), including those that maintain a money transmitter license in New York. The guidance emphasizes several requirements for these businesses, including measures to detect, prevent and respond to fraudulent activity.
Applicable rules already require a BitLicensee to submit a report to NY DFS immediately upon the discovery of any violation. The guidance notes that all VC Entities must immediately submit such a report, which must state all pertinent details known at that time. The VC Entity must also submit prompt, supplemental reports to NY DFS detailing any material developments relating to the originally reported events, along with a statement of (1) the actions taken (or proposed) with respect to such developments, and (2) changes, if any, in the VC Entity’s operations that have been put in place (or that are planned) in order to avoid repetition of similar events. NY DFS generally expects a VC Entity to submit these supplemental reports within 48 hours after submission of the original report of wrongdoing.
VC Entities should evaluate their internal controls, processes and procedures and make necessary updates to comply with the protocol outlined by NY DFS, including by addressing the following:
- Swift detection of, and response to, wrongdoing.
- Immediate evaluation of pertinent details and reporting to NY DFS.
- Ongoing analysis of circumstances/facts.
- Rapid changes to operations (as needed) to avoid repeat wrongdoing.
- Prompt (within 48 hours) follow-up reporting to NY DFS of actions taken and any operational changes implemented.
The NY DFS guidance echoes sentiments from the SEC and CFTC and is the latest example of a regulator sternly “reminding” the virtual currency industry of its focus on preventing fraud and manipulation. This is consistent with each BitLicensee’s existing obligation to maintain and enforce written anti-fraud compliance policies. The regulators expect a high level of vigilance in monitoring for and preventing fraud and manipulation in the virtual currency markets.