As more states explore regulatory frameworks for cryptocurrency business, here are the key areas BitAML has advised policymakers on.
While we at BitAML primarily work with cryptocurrency business owners to help them meet their AML compliance obligations, we are occasionally asked for input from policymakers doing research to inform potential frameworks for cryptocurrency regulation.
In that role, we have a unique vantage point. We both understand traditional financial regulations and the necessary nuances under which cryptos can comply with them. We also understand business owners, the compliance challenges they face, and what implications that has for smart cryptocurrency regulatory policy.
If you’ve been following this blog, you’re probably familiar with one of our recurring themes around “no action/no opinion” states. We’ve written several posts on the topic, but our position on “no action” compliance is straightforward: “no action” will not last, and cryptos that neglect to keep tabs on their state regulatory status are potentially setting themselves up for disaster.
As we see more states exploring or implementing cryptocurrency regulatory frameworks, we think it would be worthwhile to weigh in on state-level policymaking for states inching out of “no action” standing.
This can be a touchy subject area. That’s why we are not offering forceful prescriptions.
Rather, we want to use our unique vantage point to offer a look at the “square pegs” that exist between cryptos and regulators.
These are insights from our experience working with businesses and as policy advisors. This post is a hopeful attempt to start a discussion and encourage positive dialogues that result in effective regulations and compliant businesses.
With that in mind, here are the points of focus we raise when called upon in an advisory capacity to policymakers. When we’re asked by various state regulators what are the important things to keep in mind when it comes to crypto, we focus on the following three.
Clear consumer protection guidelines
Historically, federal AML compliance is concerned with the integrity of the financial system, and is designed to thwart major financial crimes at scale (like money laundering, hence, anti-money laundering or “AML”).
State regulators focus more on consumer protection.
While there is some crossover, this is more or less the divide, generally speaking.
We have written extensively about consumer protection in the context of cryptocurrency. It has long been a prediction of ours that the next stage in compliance for the cryptocurrency space will largely focus on this topic, and recent, individual regulatory actions seem to indicate that this is a growing concern at the state-level.
As such, we’ve begun advising our clients on the policies and procedures they need to have in place in order to put a good faith effort into consumer protection and to prepare for the inevitability of regulations that will focus on this area.
When it comes to advising policymakers, clear expectations for consumer protection mandates are among the top items we prescribe.
What’s certain is that every state is fielding complaints from consumers related to cryptocurrency, whether they’re falling victim to romance scams or other kinds of criminal activity.
Regulators in each state will have their own expectations and priorities for cryptocurrency businesses from the input they have received from consumers. Whether regulators ask for detailed consumer disclosures, or more advanced compliance measures or reporting, we advise regulations should be clear, detailed, and reasonable.
Understanding of cybersecurity
Understanding the cybersecurity profile of cryptocurrency is essential for a couple of reasons.
Cryptocurrency is relatively new, and financial criminals benefit from the unfamiliarity consumers and law enforcement have with the technology (as well as its myriad other benefits).
Hence, the ecosystem is still vulnerable to hackers and other cybercriminals, as it has been since the early days of crypto.
Consumers need to understand the risks associated with purchasing cryptocurrency, and the lack of protection or insurance they have come to expect in traditional finance.
When it comes to applications for money transmitter licensure (MTL), it’s not uncommon to see language applicable to traditional finance, but less so (if at all) to cryptocurrency. The issue of cybersecurity is one such area, since cybersecurity in crypto does not, and could not, work the same way as it does for a bank.
Understanding the technology and the risks therein is therefore foundational to robust regulatory measures.
The right resources
We always advise state-level regulators to make the MTL process manageable according to the level of resources they are putting behind it.
With the New York BitLicense, one of the key oversights that hampered the earliest efforts to regulating cryptos in the state was the simple fact that the agencies didn’t have the bandwidth or manpower to process the 42-page list of requirements the state put in place.
This dropped the number of applications processed to a crawl each year, and cryptocurrency businesses relocated elsewhere.
New York’s system has since improved, but the early errors there are instructive to state regulators exploring cryptocurrency frameworks now.
It is important to understand the resources required and allocate them to the initiative.
California may end up setting a good example for other states to follow. As we’ve noted before, the rebranding and expansion of the state’s Department of Business Oversight into the Department of Financial Protection and Innovation (DFPI) comes with millions more in funding.
Additionally, the new department has a clear mandate to research and implement rules for innovative financial products, which naturally includes cryptocurrency.
We have yet to see how the DFPI works in practice, but we know that it’s a priority for California. Despite stalling earlier in 2020 due to the Covid-19 pandemic, the plan was revisited in a rider bill and passed by the governor later that year. The DBO is currently in the process of hiring new staff and transitioning its branding to the new DFPI model ahead of the January 1 implementation date.
It’s safe to say that while New York got off to a slow start, California has been more proactive, and state regulators are in a position to learn from both cases.
Above all, state regulators will always be concerned with consumer protection, which is why BitAML has already begun including policies, protocols, and consulting for such in our services.
Whether you are a policymaker doing research into cryptocurrency frameworks, or a cryptocurrency business owner seeking to get ahead of forthcoming state-level compliance changes, you can contact us anytime.