10 Questions About BitLicense From a Crypto Lawyer

You can also download this article in PDF format here.

The reluctance of New York State regulators to provide clarity or enforce their own policies begs the question: Why should exchanges spend the time and money to obtain a BitLicense in the first place?

At first, there was the exodus of exchanges that saw the writing on the wall. Kraken, ShapeShift, Bitfinex, and other exchanges that had operated in New York State prior to 2015 decided to suspend their operations in the financial capital of the world.[1] The reason? The New York State Department of Financial Services (DFS) officially adopted the controversial BitLicense framework.

Codified in 23 NYCRR Part 200, the Bitlicense was supposed to be a method of consumer protection for investors in the burgeoning cryptocurrency space. However, the high costs and “Orwellian” customer data requirements have caused crypto exchanges to halt operations in New York rather than attempt to receive a BitLicense.[2] In the end, the exchanges that left New York, rather than navigate these uncertain yet overscrupulous waters, may have made the right decision.

Although the application fee is only $5,000, licensee Bitstamp spent roughly $100,000 on time allocation, legal fees, and compliance fees to obtain its BitLicense.[3] MonetaGo, a smaller startup, spent about $50,000 and 1200 hours on its application, which became useless when the company scrapped its exchange to focus on blockchain technology[4].

The bulk of application time is spent creating and detailing a compliance program with appropriate anti-money laundering (AML) controls, hiring a competent compliance officer (which creates long-term costs associated with hiring an officer with a minimum of 15 years of experience), and making a dizzying amount of disclosures on corporate practice and customer information.[5]

On average, this process takes between two and three years. There are also minimum capital requirements, including cash reserves, that are determined by the DFS Superintendent to obtain a Bitlicense.[6]

The process for obtaining a BitLicense could be justified if DFS were effective in achieving (or even attempting to achieve) its purpose of protecting New York investors. In practice, however, DFS is inadequate in its responses to nefarious activities by crypto exchanges (if it responds at all). Such activities include phishing or sim swap attacks that occur when exchanges do not have basic security measures required by the Bank Secrecy Act and New York State regulations.

My firm regularly represents victims whose funds were stolen from cryptocurrency exchanges through phishing and sim swap attacks, and even though inside jobs executed by exchange employees.[7] Before initiating recent action against a BitLicensee, my client attempted to file a complaint against the exchange through DFS. DFS failed to return any of my client’s calls.

In fact, I have tried to call DFS myself and have been forced to jump through bureaucratic hoops, ultimately receiving no response. It cannot be just me: there could be hundreds, if not thousands, of retail victims whose funds were stolen from a cryptocurrency exchange. DFS has been proven useless in helping to return those funds to New York investors.

This calls the entire BitLicense operation into question. Why should a startup, with limited time and funding to expend, apply for a BitLicense if DFS has been found to not hold up its end of the bargain and protect New York investors? Would they be better off risking enforcement measures from a regulator that has demonstrated its reluctance to follow up on violations of its own policies?

The answer to that question must be answered by a cost-benefit analysis by each exchange, but the underlying premise is disturbing. If DFS does not have the resources to protect New York investors, then who is looking out for them? And if exchanges decide not to obtain a BitLicense, choosing instead to force DFS’s hand in enforcement, what will become of the BitLicense and entities who already have one?

Even more worrisome is the current self-certification process that DFS allows for BitLicensees. Through self-certification, licensed exchanges may add tokens to their platform without explicit DFS approval, so long as the process by which exchanges approve tokens is deemed adequate by the regulator.

These tokens may be incredibly speculative, and dangerous in terms of their potential for money laundering and terrorist financing. Further, each of these tokens may, under the plain language of the statute, require a BitLicense themselves. Without oversight of the products offered on each exchange, how can DFS be sure that it is actually protecting consumers from volatile and potentially nefarious investments?

The amount of questions raised by current BitLicense guidance makes it difficult for lawyers to advise their clients through the application process, including the question of whether it is beneficial for potential applicants to obtain a BitLicense at all. The types of conduct that require BitLicenses and the penalties for non-compliance are not made clear, creating confusion for both applicants and those counseling them.

Are there criminal penalties attached to conducting an exchange in New York without a BitLicense? How will lawyers advise their clients on navigating application decisions if this is unknown? Do peer-to-peer transactions require a BitLicense? New York statutory law leaves ambiguities as to what constitutes a peer-to-peer transaction. Are cryptocurrency transmissions between the private wallets of two friends included? Will they need a BitLicense to make such transactions? These are pertinent questions that must be answered to provide clarity to potential applicants.

Other major states have fared much better in their crypto exchange licensing regimes. Texas, for example, does not include cryptocurrencies in its statutory definition of currency (aside from potentially some stablecoins).[8] Texas still requires exchanges to receive a money transmitter license, but it is a much less stringent application process for virtual currency exchanges that wish to operate in the state.[9] The fees, as well as capital and customer disclosure requirements are much lower, and the process takes less time than in New York.

To ensure customer protection, Texas requires a technical audit of exchanges to check the security of their platform. Additionally, receiving a money transmitter license in Texas will allow the exchange to join the Multistate Money Services Businesses Licensing Agreement Program (MMLA). This allows for streamlined application processes in the seven states that are part of the program.[10]

The biggest difference, however, is seen in the actual interactions with Texas’s Department of Banking. Unlike DFS, the Department of Banking is a pleasure to work with. They are professional, actually, return constituent phone calls, and are usually helpful. In this respect, DFS could take a lesson from Texas.

With the recent election of Eric Adams as Mayor of New York City, hopefully, more pressure will be put on DFS to resolve these issues and reform the BitLicense system.  Mayor Adams will need to work with Gov. Hochul and state legislators in Albany, but hopefully, his crypto-friendly attitude will influence the discussion.

If Mayor Adams and those in Albany can make improvements by decreasing the time and costs associated with obtaining a BitLicense, as well as order DFS to respond to inquiries (both regarding the application and enforcement against licensees), both DFS and the New York investment community will benefit.

DFS will be less bogged down in the stringent application review process, and exchanges will have a better understanding of what is required of them. Investors will understand how they are protected, and have increased confidence that DFS is actually operating to protect them.

Former DFS Superintendent Benjamin Lawsky argued that any stifling of innovation as a result of BitLicense requirements would be necessary to protect consumers and combat illicit cryptocurrency activity. Due to current DFS failures in enforcement, the BitLicense system is imbalanced.

Its disadvantages are outweighing its benefits, and the application process has become prohibitively costly and time-consuming. The new mayoral administration must work with state officials in Albany to take a close look and determine how the BitLicense can once again, if at all, reach equilibrium.

[1] https://www.coindesk.com/markets/2018/05/16/bitlicense-refugees-shapeshift-kraken-talk-escape-from-new-york/

[2] https://nypost.com/2015/06/11/lawksys-new-bitcoin-rules-akin-to-spying-on-users-critic/; https://www.coindesk.com/markets/2015/08/13/the-real-cost-of-applying-for-a-new-york-bitlicense/

[3] https://www.coindesk.com/markets/2015/08/13/the-real-cost-of-applying-for-a-new-york-bitlicense/

[4] https://www.coindesk.com/policy/2020/06/24/bitlicense-at-5-for-startups-regulated-overseas-new-york-isnt-so-tough/

[5] https://nypost.com/2015/06/11/lawksys-new-bitcoin-rules-akin-to-spying-on-users-critic/; https://www.coindesk.com/markets/2015/08/13/the-real-cost-of-applying-for-a-new-york-bitlicense/

[6] https://govt.westlaw.com/nycrr/Document/I85908c7a253711e598dbff5462aa3db3?viewType=FullText&originationContext=documenttoc&transitionType=CategoryPageItem&contextData=(sc.Default)

[7] https://www.coindesk.com/markets/2021/07/05/ex-cryptopia-employee-pleads-guilty-to-stealing-170k-in-crypto/

[8] https://statutes.capitol.texas.gov/Docs/FI/htm/FI.151.htm

[9] https://nationwidelicensingsystem.org/slr/PublishedStateDocuments/TX-DOB-Money_Transmission-Company-New-App-Checklist.pdf

[10] Id.