Lawsky to Banks: Speed Up Payments Innovation — Or Else
One big question in the debate over regulating cryptocurrencies is whether to apply existing rules to these new technologies or craft new ones. A state regulators' trade group recognizes that there may be no one right answer.
New York banks will be subject to extra scrutiny of their chief information security officers, multi-factor authentication practices and many other aspects of data security under the exam process laid out by regulator Benjamin Lawsky.
The payment system is unexpectedly the center of attention in the financial services policy world after spending years being overshadowed by the financial crisis and other pressing issues.
WASHINGTON Benjamin Lawsky, New York's top financial regulator, sharply criticized banks for their failure to speed up the payment system, warning that the government may step in if they continue to lag behind.
"If banks do not make significant progress soon, regulators should consider actively pushing for, or even perhaps mandating, improvements," Lawsky, the superintendent of the New York Department of Financial Services, said Thursday at a Bipartisan Policy Center event in Washington.
Lawsky also used his speech to outline changes to his state's proposed regulation of digital currencies like bitcoin, highlighting ways to ease several requirements.
But his most strident remarks concerned banks' lack of innovation in the payments system, arguing that financial institutions have let it atrophy.
"At a certain point, enough is enough," Lawsky said. "Four decades of slow-to-non-existent progress in the bank payments system seem like fair warning."
He compared banks' approach to former movie rental giant Blockbuster, which went bankrupt after it failed to innovate and was disintermediated by companies like Netflix.
"The current market failure in the payments system is, in part, why there has been so much excitement about virtual currency technology," Lawsky said. "Virtual currency could have the potential to force the existing, legacy payments system to up its game in a significant way."
Virtual currencies have long been touted for their promise as a near frictionless payments system. But Lawsky warned that "virtual currencies such as bitcoin are a very, very long way from being a credible challenger to banks or the existing payment system."
The most recent came last week, when Nacha, the bank industry organization that sets rules for the automated clearing house network, provided more details on its plan for same-day payments. That plan took more than nine months to develop and followed a plan killed by the banking industry two years earlier.
Importantly, however, the Nacha plan is targeted at same-day settlement, as opposed to digital currencies, which boast effectively real-time payments.
New York is on the forefront of attempting to regulate digital currency firms, with plans to become the first state to issue licenses for such businesses.
After receiving more than 3,700 comments on its original plan released over the summer, Lawsky said he planned to issue a revised proposal in the "coming days," which will be open for comment for another month.
"We hope to then issue a final regulatory framework by early 2015 and have several licensed virtual currency firms and exchanges up and running in New York shortly thereafter," Lawsky said.
Lawsky previewed several changes. Among them, New York will remove a provision that could have required virtual currency operations to know the identities of both sides of every transaction they touch, no matter how small.
"We have also eliminated a requirement that licensees are required to obtain the addresses and transaction data for all parties to a transaction, and must now only obtain that information for their own customers or account holders and, to the extent possible, for counterparties to the transaction," Lawsky said. "We determined that the original requirement simply would not be workable in the virtual currency context."
The revised proposal will also include a transitional, "on-ramp" BitLicense for small start-ups as they get up and running and a reduction in the time that businesses will have to keep records, from ten to seven years.
Lawsky also said that a number of the commenters misinterpreted the intent of the initial proposal and he is moving to forward to make "crystal-clear" the "breadth and extent of our regulatory framework."
Software developers who provide virtual wallets for personal use, virtual currency miners and consumers wishing to invest in such currency by buying and holding it will not need to apply for licenses, he said. Additionally, merchants that accept virtual currencies as payment for goods and services will not need licenses as long as they are not engaging in other virtual currency activity, Lawsky said.
Additionally, to encourage investment in the budding technology, Lawsky said that people who do not participate in day-to-day or major management decisions may be exempt from certain "fulsome" requirements for controlling parties.
The updated proposal allows a broader range of assets - including virtual currency to be counted toward a business's capital requirements, Lawsky added.
"We believe that these proposed changes are sensible and help us strike an appropriate balance between permitting innovation to proceed, while at the same time strongly protecting consumers and helping root out illicit activity," Lawsky said.
Answering a question, Lawsky said that the consumer protections in the revised regulation are "very similar" to the original proposal.
Lawsky also tacitly endorsed a Conference of State Bank Supervisors proposal to regulate virtual currency, which was released Tuesday, noting that it was similar to New York's plan.
"It is not all that dissimilar from what we are doing. It is somewhat broader, because with CSBS you are dealing with 50 different states," Lawsky said.
Separately, Lawsky discussed efforts to focus more attention on banks' cybersecurity requirements, saying his staff is training examiners on that issue and bringing in more people with IT expertise.
"There are two sets of people, the everyday examiners who are only going to have a certain level of knowledge, but we also have an IT group that does IT exams and those IT exams are separate exams that are going to be much, more in-depth when it comes to cybersecurity," Lawsky said.
Lawsky would not say whether his state's cybersecurity bank exams would be more stringent than those imposed by federal regulators, but said "I think you are going to see a whole shaking out in this area, what we do need to do is make sure we stay coordinated."