.png){kind=small}
The New York Department of Financial Services (NYDFS) recently published updated guidance establishing heightened standards for virtual currency businesses licensed in New York when listing or delisting cryptocurrencies.
As the first state to introduce tailored licensing for virtual currency activities in 2015, NYDFS continues leading the way on prudent crypto oversight. This guidance underscores NYDFS’ expectations around rigorous evaluation and ongoing monitoring of asset risks.
For blockchain intelligence companies serving the public sector, these developments out of New York provide valuable insights into the regulator’s priorities. As cryptocurrency permeates mainstream finance, expectations around blockchain forensics, risk management, governance and transparency will only grow.
In this post, we’ll break down key aspects of the updated NYDFS guidance so stakeholders across the ecosystem can apply learnings to their compliance strategies.
The latest guidance entirely supersedes NYDFS’ previous framework issued in 2020. It establishes stringent new requirements in two core areas:
Policies for listing new cryptocurrency assets
Policies for delisting assets and discontinuing availability
The updated guidance institutes an approval process for asset listing policies tailored to each company's business model. Firms must submit their policies for NYDFS validation before self-certifying listings.
These policies should cover:
Certain higher-risk assets are prohibited from self-certification without separate NYDFS approval on a case-by-case basis.
The new guidance also focuses on orderly processes for removing or delisting cryptocurrency assets. Firms need tailored policies for delisting assets when risks emerge.
Delisting policies should establish:
All NY-licensed virtual currency entities must now submit updated listing and delisting policies aligned with the enhanced guidance for NYDFS approval.
This formal submission process enables tailored scrutiny from regulators based on an entity's business model and risk profile. Entities can only self-certify new asset listings after receiving NYDFS approval of listing policies.
For delistings, NYDFS wants advance notice before assets are removed to ensure orderly wind-downs protecting consumers. This guidance provides useful guardrails for gracefully exiting asset availability.
NYDFS’ guidance sets clear expectations around rigorous listing evaluations, covering:
Governance: Board oversight, independence, conflict disclosures, change controls
Risk assessments: Technical, market, cyber, legal, regulatory factors
Ongoing monitoring: Re-evaluations, control enhancements
NYDFS emphasizes robust governance around listing decisions. A virtual currency company's board or governing body must approve listing policies. They should review policies annually and decide on listing each new asset.
The guidance stresses independence from those making recommendations, fully disclosing any conflicts of interest. Ongoing recordkeeping and change controls are also critical governance principles.
Entities must perform comprehensive risk assessments on each digital asset before listing it. These evaluations should analyze factors like:
Assessments must be tailored to the company's business model and clients. NYDFS wants extensive due diligence validating assets that are created for legitimate purposes.
After listing assets, entities need ongoing monitoring to ensure risks don't escalate. This includes periodic re-evaluations and enhancing controls around cybersecurity or illicit finance.
Delisting policies must be in place in case emerging risks necessitate removing an asset. Continual reviews enable prudent oversight.
Some higher-risk asset types cannot be self-certified and require NYDFS approval. These include:
The guidance also incorporates anti-manipulation requirements and consumer protection considerations.
NYDFS also outlines principles for delisting digital assets in an orderly manner, including:
By proactively planning delisting procedures, entities can execute phase-outs smoothly while avoiding surprises. Especially for assets with heightened risks, it's critical to have responsible off-ramps.
Look for regulators like NYDFS to expect more transparent decommissioning processes across cryptocurrency providers.
This updated guidance from NYDFS provides valuable insights into the ongoing maturation of crypto regulatory expectations. As cryptocurrency permeates mainstream finance, regulators are appropriately keeping pace by increasing diligence requirements.
Prudent blockchain companies will use frameworks like this one to inform their own governance, risk management and compliance strategies. Proactive evaluation and monitoring of asset risks can prevent reactive interventions by regulators.
As regulators increase oversight and enforce registration requirements in the crypto market, trading platforms should get ahead of the curve by proactively putting robust compliance frameworks in place. Acting as if already registered can give firms a competitive edge in navigating evolving regulations.
Direct engagement with regulators can smooth the registration process. But most importantly, crypto platforms should deploy solutions enabling adherence to anti-money laundering standards and mitigating risks.
With U.S. regulators and law enforcement agencies strengthening their cybersecurity regime and ensuring strict implementation of their guidelines through enforcement actions, blockchain and crypto should proactively put robust compliance and security frameworks in place. Merkle Science’s highly customizable and easy-to-use platform provides near real-time detection of blockchain transactional risks. Merkle Science’s advance continuous monitoring eliminates unnecessary redundancies and will accelerate and improve the efficacy of our transaction monitoring and re-screening process
Merkle Science’s proprietary Behavioral Rule Engine allows crypto businesses to tailor the tool according to their risk policies based on the recent changes so that businesses may stay ahead of emerging illicit activities and fulfill their local compliance obligations.
