On January 23, the New York Department of Financial Services (NYDFS) issued guidance on standards for maintaining custody of client funds.
Since 2015, the NYDFS has administered the BitLicense regulatory framework, which requires crypto exchanges, custodians and other relevant firms to obtain approval from the agency before undertaking activities in New York or involving New York residents. A BitLicense is notoriously difficult to obtain – to date only 31 companies have been approved for one.
However, the Bitlicense is considered one of the most desirable regulatory seals of approval a crypto business can receive, and the latest NYDFS guidelines on custody of cryptocurrencies further embed gold-plated standards for regulatory compliance.
In this article, we explain the latest NYDFS guidelines. We’ll also explore how this relates to other cryptocurrency-related guidance the agency recently issued and how New York crypto companies can ensure compliance with NYDFS regulatory standards more broadly.
Customer safety is paramount
In its Jan. 23 memo, the NYDFS doesn’t mention the turmoil in crypto markets or refer to recent cases where bankruptcies among crypto firms have harmed consumers — but it’s not hard to imagine what prompted the guidance. Whether it’s FTX, Celsius, Voyager, or other crypto firms that have recently faced insolvency, a total of billions of dollars in client funds have been lost to crypto firms that have failed in the past year.
The NYDFS guidelines are designed to ensure that cryptocurrency consumers are protected from losses if the exchange or other platform they use becomes insolvent and defines the custodial standards that Bitlicense-licensed firms must apply. Finally, NYDFS has established four key pillars for customer protection:
1. Separation and separate accounting for the client’s virtual currency
Crypto firms must not mix corporate assets with client funds – an issue that arose in the FTX case and put its users at risk. Client funds must be maintained either in separate, dedicated wallets or accounts under their specific names, or in separate omnibus accounts containing only client funds.
Custodians must be able to demonstrate that they have documented policies and procedures to ensure these standards are followed at all times, and must be able to reconcile this account information with on-chain data upon request by NYDFS.
2. Custodian’s limited interest in and use of client’s virtual currency
The custodian must hold client deposits for safekeeping purposes and must not lend client funds – again, a key source of pain investors faced during the FTX collapse. User funds must be treated as the property of the user and should not be accessed without their consent in ways inconsistent with the user agreements.
3. Sub-custodial arrangements
Firms with a Bitlicense can provide their clients with custody through third parties. However, they need NYDFS approval before using third-party foster care arrangements, which must comply with other principles in the guidelines. A firm that has direct client relationships must perform a risk assessment of subcustodial and related arrangements and must have clear policies and procedures that reflect the controls around the arrangements.
4. Disclosure of customers
Custodians must provide clients with clear disclosure statements outlining the terms of their relationship with the client, which must include a clarification that the purpose of the service is custodial and that they will not otherwise use client funds. They must also notify the customer if they are using a sub-custodial relationship to protect the customer’s funds.
These standards will require crypto firms in New York to have robust compliance policies and procedures to ensure compliance. The standards adopted by New York mirror new standards in other parts of the world, such as Thailand, which recently adopted standards for custody of cryptocurrencies, and in the EU’s Markets in Crypto Assets (MiCA) regulation. Given the important role NYDFS plays in setting standards that other regulators often adopt, it is likely that others will follow suit, and that these standards will become more widespread.
This latest guidance is part of a series of crypto-specific guidance issued by the NYDFS over the past ten months that indicate a focus on raising the standards of regulatory compliance and risk management for the sector. These other notes are:
- Blockchain Analytics Usage Guidelines (April 2022): in this guidance NYDFS described the importance of companies using blockchain analytics, such as Elliptic’s A holistic overview of wallets and transaction tracking solutionsto ensure compliance with anti-money laundering (AML), sanctions and related requirements. This includes requests to use blockchain analytics to continuously monitor transactions to identify exposure to high-risk parties or the use of services such as mixers. You can see our full analysis of those guidelines here.
- Guidelines for issuing USD-backed stablecoins (June 2022): in this guidance note, the NYDFS outlined its expectations for Bitlicensed Firms regarding redemption and reserve for the stablecoins they issue. You can read our full analysis here.
- Prior approval for covered institutions’ virtual currency activities (December 2022): In a letter to New York State banks, the NYDFS reminded New York state banks that, while they do not need a specific BitLicense, they must obtain NYDFS approval before engaging in cryptocurrency-related activities, such as custody or exchange. In addition, they must be able to demonstrate to the NYDFS that they have appropriate risk management and governance arrangements in place, including AML and sanctions related systems and controls. You can read our related analysis on regulators’ oversight of banks’ exposure to cryptocurrencies here.
This flurry of crypto-specific guidance from the NYDFS shows that the regulator is serious about ensuring robust compliance standards in this space – a fact also underscored by its latest cryptocurrency-related enforcement action.
How we can help
At Elliptic, we work with crypto exchanges and financial institutions in New York to help them meet NYDFS requirements by providing blockchain analytics solutions that enable detection and mitigation of AML and sanctions risks.
To learn more about how we can help you achieve successful NYDFS compliance, contact us today.
Crypto Regulation America Crypto Businesses