At a time when states are jockeying for position to become digital asset and cryptocurrency hubs and we’ve witnessed turmoil and regulatory uncertainty within the cryptoasset industry, the New York Department of Financial Services (“NYDFS”) on December 15, 2022 released its final Guidance (the “Guidance”) to banking organizations seeking to engage in “new or significantly different” virtual currency-related activities. As stated in the Guidance, “virtual currency-related activity” includes all “virtual currency business activity,” as defined under the BitLicense regulation (23 NYCRR § 200.2(q)), as well as “the direct or indirect offering or performance of any other product, service, or activity involving virtual currency that may raise safety and soundness concerns for the Covered Institution or that may expose New York customers of the Covered Institution or other users of the product or service to risk of harm.” At a high level, the Guidance reminds state-regulated banks (“Covered Institutions”) that, as a “matter of safety and soundness,” they must apply for approval before engaging in digital asset-related activities and outlines the types of information the NYDFS deems most relevant in assessing a proposal and the potential risks that such virtual currency-related activities may pose for the institution, consumers and the market in general (note: The Guidance expressly states that it does not interpret existing laws nor take a position on the sorts of activities that may be permissible for Covered Institutions to take).

Notably, the Guidance further increases the scope of NYDFS oversight by expanding the types of virtual currency activity requiring approval: “virtual currency-related activities” must receive approval, whereas previously only “virtual currency business activity” required prior approval from the NYDFS.  In a footnote, the Guidance explains the difference – virtual currency-related activity” essentially means any “virtual currency business activity” as defined under the BitLicense rules, plus certain additional activities that the NYDFS believes might raise “safe and soundness concerns.”

It should be noted that when the NYDFS released its BitLicense regulation (23 NYCRR Part 200) in 2015, certain persons were exempt from its requirements, including entities that are “chartered under the New York Banking Law and are approved by the superintendent to engage in virtual currency business activity” (23 NYCRR § 200.3(c)(1)).  Thus, while exempt from the rigors of applying for and receiving a BitLicense, “Covered Institutions” regulated by the NYDFS that wanted to engage in virtual currency-related activities still needed agency approval. As such, the publishing of the Guidance seeks to inform Covered Institutions of the process for seeking prior approval before engaging in a specific virtual currency-related activity (the Guidance states that prior approval to engage in a particular virtual currency-related activities “does not constitute general consent for that institution to engage in other types of virtual currency-related activity, nor does it authorize other Covered Institutions to undertake that same activity”).

To comply with the newly issued Guidance, Covered Institutions, defined as New York “banking organizations” and NYDFS-licensed branches and agencies of non-US Banks, should inform the NYDFS of its intention to engage in any “new or significantly different virtual currency-related activity” a minimum of 90 days before the Covered Institution intends to offer such services or engage in such activity.  The Guidance also suggests that a Covered Institution consult with NYDFS if it intends to engage a third party “to assist in performing a new or significantly different virtual currency-related activity.”

So what is “virtual currency-related activity”?  Put simply, it includes “virtual currency business activity” (as previously defined under the BitLicense rules, 23 NYCRR § 200.2(q)), plus additional types of activities as briefly explained in the Guidance. As defined under the BitLicense rules, a “virtual currency business activity” means any of the following activities which involve New York or a New York resident:

  1. receiving virtual currency for transmission or transmitting virtual currency, except where the transaction is undertaken for non-financial purposes and does not involve the transfer of more than a nominal amount of virtual currency;
  2. storing, holding, or maintaining custody or control of virtual currency on behalf of others;
  3. buying and selling virtual currency as a customer business;
  4. performing exchange services as a customer business; or
  5. controlling, administering, or issuing a virtual currency.

Under the rules, the “development and dissemination of software does not by itself constitute virtual currency business activity.”

As previously explained, while the BitLicense regulations permit Covered Institutions to avoid obtaining a BitLicense from NYDFS so long as they receive approval for their virtual currency business activity, the new Guidance requires a Covered Institution to obtain approval for “virtual currency-related activity.” The Guidance highlights a number of activities that the NYDFS would consider to fall under the expanded definition, such as:

  1. offering digital wallet services to customers either directly or through a third party,
  2. engaging in lending activities collateralized by virtual currency assets,
  3. facilitating its own customers’ participation in virtual currency exchange or trading,
  4. providing stablecoin services such as stablecoin issuer reserve services, or
  5. traditional banking activities involving virtual currency through the use of new technology that exposes the covered institution to different types of risk (e.g., underwriting a loan, debt product, or equity offering effected partially or entirely on a public blockchain).

To receive approval, NYDFS stated that it must receive “sufficient information” to assess the virtual currency-related activity and the potential impact on safety and soundness, including implications for New York customers and other users of the product or service. Covered Institutions are advised to tailor their application to their specific proposal, but in general, the Guidance states that an application to the NYDFS should contain the following information:

  1. Business Plan: a comprehensive description of the proposed virtual currency-related activity, the business and strategic rationale, and the relationship to and alignment with the enterprise’s risk-management and legal and compliance framework. NYDFS also seeks expected cost and revenue targets for the activity, an operating model, and target customer information, among other details.
  2. Risk Management: a thorough explanation of the Covered Institution’s enterprise-wide risk management framework. Such a framework should identify, measure, monitor, and control all risks from the virtual currency-related activity.
  3. Corporate Governance and Oversight: a description of the corporate governance framework applicable to the proposed activity. For example, the Guidance notes that an explanation of the board and senior management’s adequate understanding and knowledge of the risks associated with the proposed activity or the internal requests and approvals related to the product’s development would give NYDFS an understanding of the corporate governance framework.
  4. Consumer Protection: an analysis of how the virtual currency-related activity will impact customers and other users, including policies and procedures relating to consumer protection and sample agreements application to customers and other users (e.g., terms and conditions, disclosures).
  5. Financials: an explanation of the expected impacts of the proposed activity on the Covered Institution’s capital and liquidity.
  6. Legal and Regulatory Analysis: an analysis of the permissibility of the proposed activity, legal risks, and mitigants.

The Guidance also includes an appendix containing a checklist of documents that should be included as part of any virtual currency-related activity review. In addition, this Guidance tracks the Financial Stability Oversight Council’s (“FSOC”) Report on Digital Asset Financial Stability Risks and Regulation (the “Report”), which we’ve previously written about (note that NYDFS Superintendent Adrienne A. Harris also serves as the state banking representative on the FSOC).

NYDFS had a busy 2022 – in April, the regulator issued guidance related to the use of blockchain intelligence, and in June, the regulator issued guidance for stablecoin issuers. As economic centers continue to jockey for position, New York’s guidance provides additional clarity and investor protections at a time when the regulatory spotlight is shining on digital assets.