The New York Department of Financial Services will likely institute an on-ramp for new Bitcoin businesses and possibly any other kind of money transmitting startups as a way for them to launch without being burdened by costly licensing requirements.
Nearly a year ago, Benjamin Lawsky, superintendent of the New York Department of Financial Services, introduced the concept of a "BitLicense" as a way to properly regulate Bitcoin businesses without shoehorning them into existing money transmitter rules. Since then, his view has evolved to treat the BitLicense process as a way to modernize regulation for all payment startups.
"My gut feeling is to treat them the same," he said in an interview after a Nov. 2 keynote speech at the Money2020 conference in Las Vegas. Lawsky emphasized that the department plans to be fair when it comes to allowing non-cryptocurrency payment startups to have the same on-ramp being developed for digital currency companies.
The proposed Transitional BitLicense would allow some startups to work within a more flexible framework for a period of time, based on a number of factors such as the nature and scope of the business, its transaction volume and whether it is registered with the Financial Crimes Enforcement Network.
"There's a fascinating collision between two very different things... the very tightly regulated world of banking is colliding with the largely unregulated world of innovation," Lawsky said during the keynote.
The idea of an on-ramp for startups was initiated by the Bitcoin community late last year as Fincen's regulatory guidance and Lawsky's probes rocked the fledgling industry. Over the course of the year, most banks determined Bitcoin businesses to be too risky to keep as clients, and dropped their accounts. Many digital currency companies were also rejected for state money transmitter licenses.
Many in the industry called for an on-ramp, although some thought legacy players like PayPal would fight back against it they didn't have that luxury when they started.
"That was before my time," said Lawsky. The department has changed a lot of the processes in Licensed Financial Services, the entity responsible for reviewing money transmitter (MT) applications. The department was getting a lot of complaints that application review was taking too long, Lawsky said.
The technology used by startups applying for a money transmitter license would change before the nine-month review process was over, he said, and when the company updated its application six months in, it would get sent to the back of the line to begin another nine-month review. The NYDFS cleaned up the process and the system works much more efficiently today, with amended applications keeping their spot in line.
When a startup gets a Transitional BitLicense, it will have to go through tailored examinations. The NYDFS is also considering appointing a small group of specialized expert examiners to deal with startups, including Bitcoin-related companies.
While these companies might not need all 48 state money transmitter licenses to operate in New York right away, they will still be required to meet standards for consumer protection, anti-money laundering and capital. These companies might be able to use outside vendors for compliance instead of having internal compliance officers, said Lawsky during the keynote.
During the question and answer session, the superintendent also acknowledged that asking Bitcoin businesses "to verify a recipient may be a fool's errand." This seems to be in sharp contrast with some of Lawsky's past statements that exchanges or wallet services should know both the sender and the recipient no matter how small the transaction may be.
The newly proposed concepts are far different then the attitude of the first BitLicense proposal, which was seen as strict. Many Bitcoin companies "mistakenly assumed [the proposal] was a 'take it or leave it' kind of thing," Lawsky said. But developing fair regulation is an iterative process, and even after the BitLicense becomes law, "we don't mind correcting where appropriate" if the new requirements have unintended consequences, he said.
The NYDFS will publish another draft of the BitLicense around the beginning of December, which will spark another 30-day comment period. Lawsky hopes to have the final framework in place by January next year.
It's clear that Lawsky wants to help the fledging Bitcoin industry succeed in some ways. While illegal activity within the cryptocurrency space has grown since the Liberty Reserve and Silk Road cases, he said, Bitcoin could benefit "the huge community of people that every week go to Western Union or MoneyGram and send money home to their family...and pay eight to nine percent on that."
Bitcoin could lower these transaction fees, creating a rail for frictionless transactions all over the world, even in areas that don't have robust infrastructure, and cut the potential for identity fraud, he said.
Bitcoin businesses will not need to get both a money transmitter license and a BitLicense, Lawsky said. The NYDFS will not regulate mining and software development, the processes that maintain the Bitcoin ecosystem.
Because the license is technology-specific, Lawsky said it should be as narrowly tailored as possible, and will mirror the regulations for banks and other money transmitting businesses.
The enhanced cybersecurity guidelines will likely be added to banks' requirements as well, Lawsky said. Most banks focus on perimeter security, which might not be the wisest course today, he said in the interview. Banks need to focus on more internal security to deter hackers that get past their outer defenses. Banks should focus on securing their information inside, for example with encryption, so fraudsters can't exit with information that can be used, he said.
Lawsky also bashed the password system that's been used for security for decades, saying financial companies should at least use multi-factor authentication. Currently the NYDFS is pushing its firms to use multi-factor, but Lawsky said enforcement might be added, where banks get a sufficient rating only if they use multi-factor authentication internally and with their customers.