The State of New York is weighing a raft of new rules to regulate bitcoin and other virtual currencies, the state’s financial regulators announced on Thursday, proposing to issue a “BitLicense” that would protect consumers, prevent money laundering and enforce cyber security.
All firms who transact in crypto-currencies will be required to hold BitLicenses, New York State’s Department of Financial Services said. The requirements include ensuring that all firms hold the entire amount of whatever virtual coin owed to a third party, and keep receipts of all transactions. The new rules also impose strict demands on license holders to report any instances of fraud or “illicit activity” within 24 hours.
Although wildly popular among alternative currency enthusiasts, bitcoin has endured several high profile setbacks, including the implosion of Mt.Gox. Additionally, critics have argued that virtual coin is susceptible to fraud and illegal transactions, while others doubt it can serve as a long-term store of value.
With those issues in mind, state regulators are imposing a thicket of new requirements on virtual coin operators —likely to stir consternation among a group of users who fiercely oppose government oversight.
One provision states that licensees will be subject to examinations “whenever the superintendent deems necessary, but no less than once every two calendar years, to determine the licensee’s financial condition, safety and soundness,” among other things.
“We have sought to strike an appropriate balance that helps protect consumers and root out illegal activity—without stifling beneficial innovation,” said Benjamin Lawsky, NY’s Superintendent of Financial Services.
“Setting up common sense rules of the road is vital to the long-term future of the virtual currency industry, as well as the safety and soundness of customer assets.”
In an era of relentless hacking attempts and technological breaches, NY State is also pushing for licencees to toughen cyber-security standards. Recipients of a BitLicense “must…perform a set of core functions” that include risk assessment, firewall systems, and data recovery.
Read More How I’m dodging bitcoin’s flaw
“Among other safeguards, each firm shall also conduct penetration testing of its electronic systems, at least annually, and vulnerability assessment of those systems, at least quarterly,” the draft reads. The proposal also requires each virtual currency dealer to appoint a “Chief Information Security Officer,” that will handle all cyber-related policies.
There will be a 45-day public comment period, after which the rules will be revised before they become final.