The New York State Department of Financial Services has issued a proposed comprehensive regulatory framework for virtual currencies.
The report covers licensing, application and fees, compliance, capital requirements, custodial issues, record keeping and examinations, disclosures, AML/KYC, cyber security, disaster recovery, advertising, consumer protection, complaints and more.
The proposed rules include a 45 day period from the effective date of the guidance to submit an application for licensing, after which any operations will be deemed unlicensed. It also requires companies to appoint a Chief Compliance Officer and Chief Information Security Officer, and to create a Business Continuity and Disaster Recovery (BCDR) plan, along with detailed record keeping of accounts, transactions and other data for up to 10 years.
OFAC, AML/KYC and record keeping are a central theme, and could require extensive record keeping and frequent reporting by virtual currency companies, beginning with the following:
(1) Records of Virtual Currency transactions. Each Licensee shall maintain the following information for all transactions involving the payment, receipt, exchange or conversion, purchase, sale, transfer, or transmission of Virtual Currency: the identity and physical addresses of the parties involved, the amount or value of the transaction, including in what denomination purchased, sold, or transferred, the method of payment, the date(s) on which the transaction was initiated and completed, and a description of the transaction.
(2) Reports on transactions. When a Licensee is involved in a transaction or series of transactions for the receipt, exchange, conversion, purchase, sale, transfer, or transmission of Virtual Currency, in an aggregate amount exceeding the United States dollar value of $10,000 in one day, by one Person, the Licensee shall notify the Department, in a manner prescribed by the superintendent, within 24 hours.
(3) Reporting of Suspicious Activity. Each Licensee shall monitor for transactions that might signify money laundering, tax evasion, or other illegal or criminal activity and notify the Department, in a manner prescribed by the superintendent, immediately upon detection of such a transaction(s). (i) Each Licensee shall file Suspicious Activity Reports (“SARs”) in accordance with applicable federal laws, rules, and regulations. (ii) Each Licensee that is not required to file SARs under federal law shall file with the superintendent, in a form prescribed by the superintendent, reports of transactions that indicate a possible violation of law or regulation within 30 days from the detection of the facts that constitute a need for filing. Continuing suspicious activity shall be reviewed on an ongoing basis and a suspicious activity report shall be filed within 120 days of the last filing describing continuing activity.
The proposed rules cover extensive documentation regarding company structures, business plans, domicile, directors and capital requirements with extensive reporting on a quarterly basis. Standards concerning consumer protection, advertising and marketing records, forward looking and disclaimer statements, as well as other general policies are also detailed in the proposed guidelines.