Innovation Files has moved! For ITIF's quick takes, quips, and commentary on the latest in tech policy, go to

New York should ensure “BitLicenses” are a Step Forward for Innovation

On July 17, the New York State Department of Financial Services (NYSDFS) released a proposed regulatory framework for virtual currencies, such as Bitcoin, that would require businesses that hold, transmit, or convert virtual currencies to everyday currencies to apply for “BitLicenses.” (For background on the BitLicensing framework, read this previous post.)

The following is a truncated version of the comments we filed with NYSDFS today:

It is important to note that while ITIF applauds the desire to bring regulatory certainty, transparency, and clarity to virtual currency businesses, the State of New York is likely the wrong entity to address these important policy issues. One of the challenges of global systems, such as virtual currencies or the Internet, is that they are subject to multiple jurisdictions by sovereign countries. Subnational governments, like states, should not compound the problem of multiple and varied laws between countries by creating their own additional rules and regulations. A better approach would be for states to either defer to the federal government or work in partnership with all states to create a single, national approach to policy.

However, if NYSDFS continues to pursue these regulations, there are a number of factors it should consider. Ideally, any proposed regulations should encourage innovation, competition, and investment, while monitoring intermediaries for misconduct. NYSDFS’s proposal addresses many of these important factors, but it has room for improvement. Specifically, ITIF recommends:

  1. NYSDFS should exempt virtual currency mining operations, virtual currency businesses that do not have full control of the virtual currency on behalf of their users, and businesses without a meaningful connection to New York from these proposed regulations.
  2. NYSDFS should exempt virtual currencies used as a platform for non-financial services and nascent virtual currencies from these proposed regulations.
  3. NYSDFS should relax disclosure requirements for material changes to business, user identities, and the affiliates of companies with a BitLicense.
  4. NYSDFS should create a grace period for new virtual currencies with minimal adoption during which businesses would be exempt from these proposed regulations.
  5. NYSDFS should build off of existing state and federal regulatory frameworks for virtual currencies when creating this regulatory framework.

Each of these recommendations is explained in more detail below.

Background on Virtual Currencies

A virtual currency is a digital unit of exchange. Sometimes it is issued entirely inside a closed virtual economy—similar to digital currencies used in video games—and it is not backed by government issued legal tender. Other times it is used in lieu of a government-issued fiat currency to purchase goods or services in the real economy.

Virtual currencies are either issued by a central authority or generated in a decentralized network. In the former example, much like an airline issuing airline miles, a central entity creates and distributes the currency.One example is the upcoming Ecuadorian virtual currency, coined the “cryptocentavo,” which will be created, distributed and controlled by Ecuador’s Financial and Monetary Regulatory Committee.

An example of the latter type of virtual currency is Bitcoin, which is created on a decentralized network with no single entity issuing the virtual currency. To trade or buy something using a decentralized network like Bitcoin, each user submits his or her Bitcoin’s account number (“public key”) and password (“private key”) for verification on the public transaction ledger (”block chain”). Each unit of Bitcoin is created and circulated through a process called “mining,” in which users download computer software that they use to solve complex computational equations generated by the decentralized network. These equations (known as the hashing function) verify the validity of all virtual currency transactions over the network and group them into a block, mathematically verifying the transactions took place at a specific moment in time. The Bitcoin network is just one of the many evolving virtual currency protocols that are constantly growing and changing.

Using a Layered Model to Regulate Virtual Currencies

Regulators can make sense of networks by considering the various functions of the different horizontal layers and creating regulations unique to each layer. Virtual currencies exist in at least three layers: the Architecture layer, the Application layer, and the Content layer. The Architecture layer represents the lowest technical level and is comprised of the virtual currency protocols and the software that run them. On top of the Architecture layer is the Application layer, which provides more advanced interfaces for connecting the real world to the virtual currency system. It is comprised of most virtual currency businesses, such as virtual currency exchanges where virtual currency can be traded for fiat currency (e.g., itbit), virtual wallet services which store and transmit virtual currency on behalf of customers (e.g., Circle), and payment processors that offer merchants the ability to accept virtual currency for goods (e.g., Bitpay). While the current primary use of the Application layer is for financial transactions, the Architecture layer also serves as a platform for other innovative applications (discussed below). The final layer is the Content layer, which represents the transactions and balances of the virtual currency held by end users. In this layer, consumers and merchants use the intermediaries in the application layer to trade virtual currency for cash or goods. For example, if a user wants to buy a watch from using Bitcoin, he or she uses a wallet to send payment to the retailor that then accepts it using a payment processor.

Layer Summary Entities
Architecture The bottom layer representing the technical infrastructure of the virtual currency system. Software designers, Coders, Mining Operations.
Application The middle layer is an abstraction layer that consists of interfaces for using the virtual currency system. Exchanges, Payment Processors, Wallets, Trusts, Vaults, etc.
Content The top layer is the data representing transactions and balances of virtual currency. Customers, Merchants, Retailers, and businesses that accept virtual currencies.

Figure 1: Virtual Currency Layers

These layers provide a convenient framework by which to identify and form regulations for virtual currencies. Regulators should focus on the layer they are attempting to regulate and minimize those regulation’s effects on other layers. NYSDFS has already exempted the Content layer from its regulations by adding an exception for “merchants and consumers that utilize Virtual Currency solely for the purchase or sale of goods or services.” NYSDFS should also not impose regulations on the Architecture layer because global technical standards should not be set by a single state. Instead, NYSDFS should restrict its BitLicense framework to just the Application layer, where the majority of virtual currency gatekeepers exist and where it has jurisdiction.

Since many problems can be prevented with government oversight, regulators should focus their efforts on intermediaries in the Application layer to leverage these gatekeepers’ access to individuals using the virtual currency network without limiting the potential of the system itself. Additionally, NYSDFS should not allow the provisions of its BitLicensing framework to have cross-layer effects, where regulations on the Application layer could affect innovation in the Architecture layer.

This layered model will inform several of the following recommendations.

1.       NYSDFS should exempt virtual currency mining operations, virtual currency businesses that do not have full control of the virtual currency on behalf of their users, and businesses without a meaningful connection to New York from these proposed regulations.

Virtual currency mining operations should be exempt from regulations

Mining operations are a vital function of the decentralized virtual currency system in the Architecture layer. Businesses or individuals who act as a mining operation protect against double spending, promote security, and verify transactions in these networks. These miners operate for profit by earning Bitcoins and trading them to users. Under the proposed regulations, this could be interpreted as a virtual currency business activity. As Superintendent Lawsky has indicated, this definition should explicitly exclude mining and other processes, such as software development, that operate the Architecture layer from obtaining BitLicenses.

To be clear, ITIF does not advocate for not regulating mining operations in all instances, simply not with the BitLicenses framework which is better applied to virtual currency businesses in the Application layer. Applying it to other layers could act like a blunt instrument, hurting innovation throughout the system.

BitLicenses should only apply to virtual currency businesses with full custody of each cryptocurrency

In virtual currency systems like Bitcoin, each bitcoin has two distinct keys, a private key and a public key. BitLicenses should only apply to businesses that control both the private and public keys. If a company, like Mycelium, takes control of both public and private keys on behalf of their customer, then it effectively controls that piece of virtual currency and can act on it without the permission of its owner. On the other hand, there are software-based wallets, like, which issues software that allows users to keep the private keys on their home computers, while the company stores their public keys. In this circumstance, the virtual currency is never fully controlled by the service, and should be exempt from the same regulatory scrutiny. As an analogy, this is like the difference between regulating banks and regulating wallet-makers.

Exempt businesses that do not have a meaningful connection to the State of New York

In its current form, these regulations apply to any virtual currency business that is either physically located in New York or does online business with a New York resident—someone who lives, is located, has a business, or is conducting business in New York. In those terms, an online exchange in China where a New Yorker converts less than $100 in bitcoin to RMB would need to get licensed in New York. NYSDFS could not possibly hope to meaningfully enforce these regulations on businesses in other countries, and it should not pursue policies that affect those outside of its borders unless they align with existing international agreements or there is informal international consensus on the policy goal. To address these concerns for out-of-state and international businesses, the “virtual currency business activity” definition should be revised to exempt businesses that only do a trivial amount of business in the state.

2.       NYSDFS should exempt virtual currencies used as a platform for non-financial services and nascent virtual currencies from these proposed regulations.

Exclude virtual currencies that primarily function or are being used in a non-financial manner

While the definition of “virtual currency” already has certain exemptions, such as those for consumer affinity programs, it does not extend these exemptions to virtual currencies that are being used primarily in a non-financial manner. The Architecture layer for the Bitcoin “blockchain” protocol is not limited to financial transactions, but instead can provide a platform for many other innovations. This system, as previously discussed, is a building block for creative uses and third party applications. Storj, a cloud storage company, uses the blockchain and peer-to-peer protocols to provide secure, private, and efficient cloud storage. Other systems like Codius use the decentralized blockchain system to create “smart contracts,” which are programs that formally encode certain conditions and outcomes. These business practices, while non-incidental to financial transactions, may qualify as virtual currency business activities under the proposed BitLicensing framework, and should be excluded.

Exempt nascent virtual currencies

Under the proposed rules, new virtual currencies are subject to the same regulations as established ones. This creates a barrier to entry for programmers that develop and issue new currencies because in order to use them, virtual currency businesses will have to acquire BitLicenses. In this circumstance, less established virtual currencies with little economic value may not be attractive to businesses with tight margins and large operating costs associated with BitLicenses. There are over a hundred varieties of virtual currencies traded in the market today, and at the time of this writing, only 11 exceeded $5 million in total market capitalization. Most of these currencies do not even exceed $1 million in market value and have low adoption rates. Treating all virtual currencies equally would severely limit the adoption rates for alternative virtual currencies in New York and entrench the established currencies like Bitcoin at the expense of the next (better and more secure) Bitcoin. We do not want virtual currency regulations to become barriers to entry.

Therefore, decentralized currencies with a low market capitalization and adoption rates should be exempt from this definition until they reach a certain gross financial and/or adoption threshold. NYSDFS could set the specific market capitalization threshold, and closely monitor new virtual currencies on the exchanges, adding them if they reach the specified economic threshold. By adding this exemption, businesses would be free to experiment with new virtual currencies or those with low capital and adoption rates.

3.       NYSDFS should relax disclosure requirements for material changes to business, user identities, and the affiliates of companies with a BitLicense.

The “material change to business” clause is too arduous and risks hurting innovation

The current proposed rules would force each licensee to obtain the superintendent’s prior written approval for any plan or proposal to introduce or offer a new product, service, or activity, or to make a material change to an existing activity involving New York or a New York resident. This must be a written plan describing the change, including a detailed description of the business operations, compliance policies, and the overall impact on the business of the licensee. By enforcing this rule, NYSDFS would take a fluid system and stuff it into a rigid box, where a business proposing changes to its business model must seek permission from the state before those changes can occur.

NYSDFS should explicitly exempt minor software updates that do not substantially affect consumer welfare from this clause. Timely software updates may enhance security and the consumer experience and should not be subject to a permission-based system. NYSDFS should also institute a time limit of 30 days for these claims to be processed so that virtual currency businesses are not stuck in regulatory limbo while waiting for approval.

Certain BitLicense disclosure requirements could lead to a closed virtual currency system

The decentralized virtual currency system functions similarly to open-protocol systems like email. With open-protocol email systems, a customer with a Gmail account can easily send an email anywhere in the world to a customer with an account on another email service, and visa-versa. Similarly, users in the content layer of the virtual currency system can make transactions with anyone, anywhere in the world. However, the proposed NYSDFS BitLicenses would require licensees to keep detailed records for all parties involved with transactions, including the “physical addresses of the parties to the transaction.”

This would be like requiring that all email service providers know the identity of every recipient. This type of requirement makes sense for proprietary, closed systems like credit cards, which can easily retain identifying information for each transaction because all of its users are also members. However, virtual currency businesses do not necessarily have a direct relationship to all transacting parties. The requirement that they identify everyone associated with a transaction is in effect prohibiting the use of the open network, which is a fundamental advantage to a virtual currency, which operates with a decentralized architecture system.

Instead, as one commenter argues, NYSDFS should require virtual currency businesses to only identify this information for their own customers. NYSDFS will still have partial visibility in the event that a licensee conducts a transaction with a party that is not associated with a licensee. Additionally, based on the transparency of the system as a whole, NYSDFS can use this data to inform its law enforcement, as two researchers did to trace how the operators of Silk Road—an online marketplace where unlawful goods and services were traded—hid their virtual currency holdings from law enforcement.

Forcing access to licensee’s affiliates could hurt investment in virtual currency businesses

The current rules provide NYSDFS with immediate access—upon request—to all facilities, books, documents, records, and other information maintained by the licensee or its affiliates, wherever located. Under this proposed language, NYSDFS can ask to see the business records of any business that owns or invests in a licensee. This could make investment companies weary of investing in virtual currency subsidiaries that operate in New York if it opens them up to government search. This requirement is excessive, and the NYSDFS should not need to see the business records of an affiliate whose business practices are wholly unrelated to virtual currency business activities.

4.       NYSDFS should create a probationary period for new virtual currency businesses during which they would be exempt from these regulations while applying for BitLicenses.

Under the current proposed rules, there are no exemptions for newly-created businesses. Because there are costs associated with BitLicensing requirements, this has the potential to cement established players at the expense of market entrants and create a barrier to entry. Without a means to protect new businesses, virtual currency markets in New York may see a dearth of creativity in virtual currency activities that the rest of the world would enjoy, or even prevent that creativity from taking root in the first place.

NYSDFS should institute a mandatory probationary period for start-ups before they get their BitLicense. During this period, NYSDFS could monitor these companies that operate under a specific threshold for their gross financial transactions to make sure they abide by certain transparency and antifraud requirements. By offering this type of “on-ramp” for virtual currency businesses, NYSDFS will facilitate experimentation with virtual currency.

5.       NYSDFS should build off of existing New York and federal regulatory frameworks for virtual currencies when creating this regulatory framework.

When assessing its BitLicense framework, NYSDFS should look to and mirror existing or soon to be adopted federal regimes. There are many current agencies working to approve and regulate virtual currencies. In March 2013, the U.S. Financial Crimes Enforcement Network (FinCEN) released guidance for administering, exchanging and using virtual currencies. The Consumer Financial Protection Bureau (CFPB) is also stepping into the forefront to possibly release rules governing virtual currencies. Notably, these regulatory agencies have not passed any regulations or offered any guidance on the Architecture layer, instead focusing primarily on the Application layer.

Currently, the BitLicensing framework requirements go much further than transmitter licensing and federal anti-money laundering requirements. For example, licensees must report transactions that exceed $10,000 in one day by one person to NYSDFS in 24 hours. This requirement is more burdensome than FinCEN, which does not require this, and transmitter licensees, which only have to demonstrate they comply with federal anti-money laundering laws. Furthermore, if each state were to create its own reporting requirements this would create unnecessary and potentially burdensome compliance costs on virtual currency businesses. NYSDFS should look to forthcoming and past guidance from federal regulatory frameworks such as CFPB or FinCEN and adapt its rules and definitions accordingly to make it easier for businesses to comply with these rules.


Efforts are needed to further legitimatize virtual currencies, providing consumer protections and guarding against fraud. To strike the right balance that helps protect customers and root out illegal activity without stifling innovation, NYSDFS should foster new entrants in all three virtual currency layers without burdening their adoption with heavy handed requirements.

See our full filing here.

Photo Credit: BTC Keychain

Print Friendly, PDF & Email