What are the key takeaways from the NYDFS’s recent “virtual entity” guidance letter?
The New York State Department of Financial Services (NYDFS) recently published guidance on using blockchain analytics for all VASPs (Virtual Asset Service Providers) licensed under 23 NYCRR Part 200 or chartered as a limited purpose trust company under the New York State Banking Law.
In this letter, VASPs are referred to by the NYDFS as Virtual Currency Business Entities, or VC Entities, as they are collectively known under New York Banking Law.
“Blockchain analytics tools provide companies with an efficient, data-driven way to conduct customer due diligence, transaction monitoring, and sanctions screening, among other things, which are all critical elements of our virtual currency regulation,” said Superintendent Adrienne A. Harris. “We expect regulated entities to utilize best practices to uphold the safety and soundness of the virtual currency market and to protect consumers.”
Compliance in a Virtual Currency Context
Virtual currencies can be used with different sources, destinations, and fund flows involving fiat currency. Bitcoin and Ether can be transferred peer-to-peer straight from one source or entity to another anonymously, without a regulated third party (e.g., between unhosted wallets or self-hosted wallets that allow users to retain control of their keys).
Therefore, to effectively address compliance conditions under the New York Banking Law and the New York Financial Services Law, as well as the U.S. Federal Act for Bank Secrecy (BSA/AML) and Office of Foreign Assets Control (“OFAC”) requirements, VC Entities must be sure that their compliance programs thoroughly take into consideration the unique features of virtual currencies at hand. Cryptocurrencies’ unique characteristics can pose compliance challenges, but they also usher in new possibilities for control measures that leverage new technology.
For example, virtual currencies typically allow origin tracing (i.e., an inspection of previous transfers or “hops” along with the public blockchain ledger, or “on-chain”). The blockchain ledger’s immutability generally permits a chronological view of virtual currency (VCs) transfers between wallets, providing the opportunity for more prominent visibility into transaction lines, unlike the traditional fiat currencies.
A VC risk mitigation procedure must consider the VC business profile to evaluate the risk across different virtual currencies and address their unique characteristics.
Blockchain Analytics May Usher in New Control Measures
With the aforementioned unique characteristics relating to specific virtual currencies, the NYDFS stresses the important role of using blockchain analytics tools to mitigate compliance risks. The VC Entities would enhance their KYC-related controls, conduct transaction monitoring of on-chain activities, and conduct sanctions screening when addressing anti-money laundering requirements under New York state law.
VC Entities can use third-party blockchain services or analytics products to achieve additional control measures. Outsourcing such control functions imply that the VC Entity must have well-documented policies, processes, and procedures concerning how the blockchain analytics activities merge into the overall control framework consistent with the VC Entity’s risk profile.
Increasing KYC controls
KYC responsibilities imply obtaining and keeping information to address the risks associated with the transactions effectively. Helpful information regarding this are products and/or services that allow their customers to identify the location of a wallet for custodial transactions.
Transaction monitoring
VC Entities must also have appropriate control measures to monitor and identify unusual activity tailored to the VC Entity’s risk profile. Documentation of such unusual activities should introduce relevant escalation processes, with clearly outlined roles and responsibilities across the business and compliance functions.
Sanctions screenings
The NYDFS emphasizes the significance of risk-based policies and procedures that determine transactions involving virtual currency addresses or other identifying information associated with “sanctioned legal entities or individuals.”
The OFAC notes: “Transaction monitoring and investigation software can be used to identify transactions involving virtual currency addresses or other identifying information (e.g., originator, beneficiary, originating and beneficiary exchanges, and underlying transactional data) associated with sanctioned individuals and entities listed on the SDN List or other sanctions lists or located in sanctioned jurisdictions.”
Getting your crypto AML compliance program in place
In the next phase of the decentralized economy, having a crypto compliance program in place to meet global and regional regulatory requirements is key. Innovation is boundless, but new blockchains and coins coming into the sector will need to be compliant. Are you ready to employ a risk mitigation solution with automated 24/7 monitoring to keep your business and customers safe?
Crystal offers a comprehensive monitoring solution with easy-to-use case management and reporting options, a user-friendly tracking and investigations tool, should you need to follow fund flows or entities, and an expert tech and customer support team ready to show you how to get the best from the platform. Furthermore, Crystal supports drafting a risk-based approach to compliance programs for virtual asset service providers and crypto businesses.