New York regulator further refine BitLicense rules

Source: New York State Department of Financial Services

Benjamin M. Lawsky, Superintendent of Financial Services, is today delivering remarks on the new, revised, proposed New York State Department of Financial Services (DFS) BitLicense framework for regulating virtual currencies, as well as broader trends and issues in payments technology, at the Bipartisan Policy Center in Washington, DC.

The following are Superintendent Lawsky’s remarks as prepared for delivery.


Superintendent Lawsky’s Remarks at the Bipartisan Policy Center on
Regulating Virtual Currencies and Payments Technology
Washington, DC
December 18, 2014
As Prepared for Delivery

Thank you for inviting me to speak with you here today.

I would like to cover two separate but interrelated topics in these remarks.

First, today we are announcing and outlining the new, revised, proposed BitLicense framework for regulating virtual currencies, which includes several updates from our original draft.

We will post the full, updated text of the regulation on our website and in the New York State Register for a new round of public comments in the coming days.

But, today, I wanted to take this opportunity to outline some of the more important changes we are making and the reasoning behind them.

Those changes are primarily focused on providing additional flexibility for virtual currency startups to innovate - while at the same time maintaining our commitment to protecting consumers and rooting out illicit activity.

Second, I would like to take a step back and look at some of the broader issues, trends, and challenges in the areas of payments technology and regulation.

This is truly an exciting time in the evolution of the payments system. Not only as it relates to virtual currencies, but also across the broader banking industry and in other parts of the financial sector.

However, there are significant, well-founded concerns that financial institutions - and regulators, for that matter - are not keeping up with the expectations of consumers for fast, reliable, digital transactions.

That is a serious problem that we need to address with heightened urgency and focus.


Let me start with the BitLicense and virtual currencies.

Virtual currencies came on our radar screen at DFS last year because we - like other states - regulate money transmitters, such as Western Union and Moneygram.

And we were concerned that certain virtual currency firms were engaged in money transmission.

As you may imagine, however, our statutory and regulatory schemes for money transmitters were written long before there was an Internet - let alone virtual currencies - and were in need of updating.

Accordingly, in August 2013, our Department launched an extensive inquiry into the appropriate regulatory guardrails to put in place for virtual currency firms.

As part of that inquiry, in January 2014, we held first-in-the-nation, regulatory hearings on virtual currencies, with the goal of getting a 360-degree view of this new and constantly evolving industry - both its promise and its potential pitfalls.

The challenge we faced was to come up with appropriate guardrails that help protect consumers and root out money laundering (as evidenced by the Silk Road, Mt. Gox, and Liberty Reserve cases), while at the same time not stifling beneficial innovation in a fledgling industry.

Indeed, the more we learned during the course of our inquiry, the more we saw that virtual currencies - and the very powerful technologies behind them - could hold a number of very interesting potential benefits.

Those include providing the capacity to send money all over the world to people in countries without a modern banking system.

Similarly, virtual currencies could help bring down the cost of international remittances significantly.

Virtual currency transactions also do not require people to provide their credit card information in financial transactions, and that could potentially help reduce the chances of identity theft and related frauds.

There is also the fascinating idea of creating so-called “programmable currencies,” which could allow consumers and businesses to securely transfer something of value besides money to another party (say the deed to a piece of property) over the Internet.

Additionally, it is worth noting that virtual currencies could, as a broader matter, push banks and other financial institutions to up their game when it comes to considering and implementing new payment technologies.


With all that in mind, earlier this summer, NYDFS put forward our BitLicense regulatory framework for public comment.

The regulatory framework included a number of key provisions to safeguard customer assets; protect consumers from fraud and abuse; root out money laundering and other illicit activity; and put up strong defenses against would-be hackers by emphasizing the need for robust cyber security.
Our initial proposal was meant as a beginning - not an end - to a healthy, vigorous public discussion about what the final regulation should look like.

Indeed, I think there may have been some who mistakenly assumed our initial regulation was a take-it-or-leave-it, all-or-nothing proposal that would take effect in a matter of days or weeks.

Truth be told, public comment periods generally take a good deal of time in government. Suffice it to say, there has been and will be a significant amount of time for stakeholders to provide input on the Department’s regulatory framework.


Now, while we are making substantive changes to the regulation, and we very much appreciate the time so many people took to formulate and submit comments - I’ve read many of them myself - we do think that many of the original proposals make sense, are good for consumers, and are good for the long-term health of the virtual currency industry.

The rules also generally mirror the types of requirements that banks; financial institutions, and money transmitters have to live by - with some alterations owing to the unique nature of virtual currencies.

This is a point that is not well understood. In part, perhaps, because virtual currency sits at the crossroads of a more lightly regulated technology sector and more heavily regulated financial sector.

There is a basic bargain that when a financial company is entrusted with safeguarding customer funds and receives a license from the state to do so - it accepts the need for heightened regulatory scrutiny to help ensure that a consumer’s money does not just disappear into a black hole.

And most of what virtual currency firms are being asked to do - whether it is examinations, anti-money laundering compliance, accounting, or recordkeeping - is similar to what other financial firms must do.
Moreover, to the extent that there are some specific areas of the regulation that are somewhat stronger or more robust for virtual currency firms than those for other financial institutions - such as our cyber security rules - that is primarily because we are actually considering using them as models for our regulated banks and insurance companies.

As evidenced by the JPMorgan hack and other recent hacks, cyber security is one of the most important issues NYDFS will face as a regulator in the months and years ahead across the entire financial system.
We have to do our best to stay ahead of the curve to protect consumers and the financial markets from the types of devastating disruptions that could occur as a result of a debilitating cyber attack.

And every new payments technology could potentially create new cyber vulnerabilities that we have not yet considered. So we need to stay vigilant.
Now, as I noted, there are some important changes we are making to our initial BitLicense proposal.

Many of those changes reflect input we received over the course of our public comment period - during which we received more than 3,700 public comments.

As we hope you will see, we took the comments very seriously and incorporated many of them into the revised BitLicense framework.

To start, we are moving forward with some important clarifications in the revised regulation to make - crystal clear - the breadth and extent of our regulatory framework.

Indeed, there was some initial confusion about who will be required to obtain a BitLicense.

For example, some believed that our proposed regulation requires all software developers and individual users of virtual currencies to obtain licenses.

First, the revised regulation will clarify that we do not intend to regulate software development.

For example, a software developer who creates and provides wallet software to customers for personal use will not need a license. We are regulating financial intermediaries. We are not regulating software development.

Additionally, customer loyalty programs, rewards, and gift cards denominated in fiat currency will not fall under the BitLicense. (Some commenters believed that the regulation could be read to encompass those activities, but it does not.)

Virtual currency miners will also not be required to obtain a BitLicense.

Individuals who are solely purchasing and holding onto virtual currency as a personal investment will also not be required to obtain a BitLicense.

Additionally, we are making clear that merchants who accept virtual currencies as payment for goods and services - and their customers - will not be required to obtain a BitLicense, if that is the only virtual currency activity in which they engage.


Let me turn now, to the issue of virtual currency start-ups, which is the area that has received perhaps the most attention throughout the public comment process.

Indeed, one of the most consistent concerns we heard in the comments was about the impact of the compliance costs on new or fledgling virtual currency enterprises.

We have faced somewhat similar issues in the community banking context as a regulator, and we wanted to work in good faith to try and identify a solution.

As such, the revised regulation will offer a two-year transitional BitLicense, which may be issued to those firms who are unable to satisfy all of the requirements of a full license, and will be tailored to startups and small businesses.

That transitional BitLicense will help provide start-ups an on-ramp as they build up their operations.

Of course, those firms will still be required to meet robust standards for consumer protection and anti-money laundering requirements, but we wanted to provide some flexibility as the firms work to get off the ground.

Additionally, licensees may apply to the Department for a determination that certain specific parties should not be deemed to be control parties by the Department - if they are truly not involved in the day-to-day or major management decisions of the company.

That provision is important for helping encouraging angel investment in virtual currencies - since when an individual is deemed a control person; it triggers a whole host of, often very fulsome, requirements that may not be necessary if they are not managing the company.

We have also made a number of changes in response to thoughtful public comments that we expect will help us better operationalize the regulations.

We have shortened the proposed record-keeping requirement for licensees from ten to seven years.

We have also eliminated a requirement that licensees are required to obtain the addresses and transaction data for all parties to a transaction, and must now only obtain that information for their own customers or account holders and, to the extent possible, for counterparties to the transaction.

Ultimately, in response to public comments, we determined that the original requirement simply would not be workable in the virtual currency context.

Finally, a broader range of financial assets, including virtual currency, may now count toward licensees’ capital requirements. (This is another area on which we received a number of comments.)

We believe that these proposed changes are sensible and help us strike an appropriate balance between permitting innovation to proceed, while at the same time strongly protecting consumers and helping root out illicit activity.

The full revised regulation should be posted in the coming days, which kicks off an additional 30-day comment period.

We hope to then issue a final regulatory framework by early 2015 and have several licensed virtual currency firms and exchanges up and running in New York shortly thereafter.


So that is our updated BitLicense regulatory framework.

Of course, virtual currency is only one part of a much broader evolution occurring before our eyes in payments technology.

One way that I know that you like to think about that evolution here at BPC - and I think it is a useful metaphor - is to compare it to train tracks.

(Trains are a 19th century technology, of course, but they are very much still with us today. In fact, I took one to get down to today’s event this morning.)

To that point, when considering the evolution of the payments system, it may be useful to think of it in the following way:

One: You can build entirely new tracks to connect different stations to one another.
Or two: You can update the existing tracks in order to make travel faster and more reliable.

Virtual currencies would fall into the former category of new tracks connecting consumers and businesses.

But there is also an existing sets of tracks in the payment world in desperate need of repair and improvement.

And one example is the Automated Clearing House (ACH) system that banks often use to transfer customer money to one another.

I think it would shock most consumers to learn that - at its core, despite modest improvements - the ACH system has changed little since it was created four decades ago in the 1970s.

And that is why - as recent press reports have noted - it generally takes you longer to transfer money electronically than it would to physically transport that cash to another state or country.

Indeed, many consumers are perplexed that, in a world where information travels around the globe in a matter of milliseconds, it can often take several days to transfer money to a friend’s bank account.

So, in other words, in an age of smart phones and on-demand technology, we have a disco-era payments system. And that is a problem (as much as we all love disco).

Even many new entrants into the mobile and app-based payments world - who are doing some truly interesting work - largely have to build their technology on top of that ossified, existing system.

So, what is the cause of that startling market failure to innovate within the legacy bank payments system?

Some people blame regulators' focus on rooting out money laundering. They say that faster payments technology will make it impossible or extremely difficult to spot fraud and illegal activity.

However, I think that explanation is largely a red herring.

Preventing money laundering at banks is, of course, critical. Indeed, it has been one of the top priorities of our Department.

But I do not believe that finding a solution to that issue represents an insurmountable problem.

That is particularly true in an age where we are able to shoot a robot spacecraft into the atmosphere and land it safely on a comet several worlds away.

It is also belied by the experience of other countries, where payments between banks can settle within a matter of hours or even minutes.

I think a more likely explanation is that what we are seeing in the payments world is the classic type of market failure that exists in a monopoly-like system - where existing entrants have little incentive to innovate and are instead content to continue extracting unjustified rents from consumers.
The technology exists to change the system for the better, just not the will.

That is not to say that regulators are blameless. When you have a monopoly-like system - with very high barriers to entry - it is the regulator’s job to prod their institutions to overcome that collective action problem.

In other words, it is sometimes the regulator’s job to serve the public interest by pushing market actors to do what those market actors are unwilling to do themselves.


Indeed, I think that the current market failure in the payments system is, in part, why there has been so much excitement about virtual currency technology.

Virtual currency could have the potential to force the existing, legacy payments system to up its game in a significant way.

It is, of course, important not to be Pollyannaish about these types of things - as is sometimes the tendency among tech evangelists.

Virtual currencies such as Bitcoin are a very, very long way from being a credible challenger to banks or the existing payments system. (Though the imprimatur of financial regulation will probably help.)

But I think virtual currency could eventually cause some amount of self-reflection in the legacy financial system.

And it may even cause some banks to confront the Blockbuster Video problem.

The problem that in an age of heightened consumer expectations for real-time, digital payments, if banks fail to innovate, they could eventually face a real challenge.

Blockbuster Video stores used to be on virtually every corner in of our country. But with the emergence of Netflix, they practically disappeared overnight.

Money is, of course, a different animal from something like video or music technology.

The financial crisis notwithstanding, I think most people still feel more comfortable entrusting an old, well-established, FDIC-insured bank with their money, rather than a tech start up.

That said, if banks continue to torpedo even modest updates to the payment system, they ultimately do run at least some risk of facing the Blockbuster Video problem.

Our children, and our children’s children, will not hesitate to bank digitally. They will demand speed and efficiency in the payments world.

My guess is that banks will eventually adjust. It is in those institutions' long-term interest to do so - both from a financial and an existential perspective.

And they will probably co-opt or acquire some of the most promising technology after a period of trial and error.
Regulators, for their part, will have to keep up and find ways to permit innovation and improvements, while protecting against money laundering.

But if banks do not make significant progress soon, regulators should consider actively pushing for, or even perhaps mandating, improvements.

That is not typically the way regulators like to operate.

It is generally better to let the market make these types of determinations.

But at a certain point, enough is enough. And four decades of slow-to-non-existent progress in the bank payments system seems like fair warning.


To conclude, again, we at NYDFS are truly very excited about what we are seeing right now in payments technology.

However, it presents a serious challenge not only for banks, but also for regulators.

We are not - suffice it to say - experts in all forms of new technology.

Financial regulators also typically tend to be slow moving and plodding.

And by the time they get around to approving a new technology for use, it could already be out of date.

Some of that caution is good and necessary given the serious consequences associated with money laundering and other associated frauds.

But to return to our earlier metaphor: If we cannot adapt and adjust in a timely fashion - that is simply no way to run a rail road.

Instead, we should be humble about what we do not know and open to feedback. But at the same time, we must move quickly to provide regulatory clarity and guidance on important issues such as consumer protection and anti-money laundering requirements.

Our BitLicense experience at DFS has, in some ways, been an interesting first attempt at regulating in this fashion. I can tell you it is difficult, but it can, we think, be done successfully.

That is our goal. And we will continue to proceed in that spirit - to try and get the balance right.

Thank you. I look forward to taking your questions.

Comments: (0)