Contortions for Compliance: Life Under New York's BitLicense

New York passed the BitLicense in a vacuum. Now state and federal laws are catching up, often with poor coordination, causing a compliance nightmare.

AccessTimeIconJan 21, 2018 at 12:40 p.m. UTC
Updated Dec 11, 2022 at 7:48 p.m. UTC

Sarah H. Brennan, a corporate and securities attorney, leads the blockchain technology, cryptocurrency and digital assets practice team at Lippes Mathias Wexler Friedman LLP.

In June 2015, in a race to be a first mover in the space, the New York Department of Financial Services (DFS) enacted the BitLicense regulatory framework, a licensing regime that covers substantially all "virtual currency business activity" to the extent it touches New York or its residents.

Namely, any business engaging in virtual currency business activity involving New York State or persons that reside, are located, have a place of business, or are conducting business in New York must apply for the BitLicense, with no grace periods or de minimis exceptions.

To the extent a business makes it through the licensing process and receives a BitLicense, as a whopping four businesses have to date (in addition to two companies who undertook the application process and received trust charters), the BitLicense imposes significant operational burdens, requiring robust compliance policies and processes with respect to anti-fraud, anti-money-laundering, cybersecurity, privacy and information security, among other requirements.

As such, the BitLicense has prompted flight from New York by larger players such as Bitfinex and Shapeshift and has had a chilling effect on others acting in an abundance of caution.

For those of us who remain in New York because we happen to live here, there is a widespread sense of confusion as to the scope of activities which fall under the purview of the regulations given: their vague wording, requirements that seem positioned toward financial institutions and the lack of formal guidance in the wake of the enactment of the regulations.

In all, uncertainty as to the reach of the licensing requirement has left many companies with three options: avoid doing business in New York entirely, attempt to structure a business around the law, or engage in potential or outright non-compliance with the law.

Based on the fact that DFS has received so few applicants to date, and has only five rejected applications on file, one could infer that many are electing non-compliance.

Case studies

Drone Energy and Travel by Token are two Empire State-based clients of mine running very different businesses, but with the common concern of operating in line with best practices.

These businesses, in addition to complying with applicable foreign, federal and state regulatory regimes (existing and as they develop), are expending a significant amount of time and energy to structure around the BitLicense.

For example, Drone Energy has a patented solution and an innovative business model designed around mining cryptocurrency. While it would be helpful for this exemption to have been explicit in the text of the BitLicense regulations, DFS has indicated in public comments that mining activities are categorically outside the scope of the law.

However, the business will at some point look to exit to U.S. dollars without tripping into the definition of "virtual currency business activities." This has been limiting as we have discussed various potential business models but something our client is able and willing to work around.

The other client, Travel by Token (TBT), is an early-stage start-up that uses an AirBnB/timeshare hybrid model for vacation stays, providing token holders access to vacation properties purchased and held by the company for the exclusive use of token holders at below-market prices.

As the token is in the development stage, we are in the clear to develop the underlying software in New York State under the BitLicense regulations. But the company will need to leave the state before commencing a token offering and hazarding being deemed to be "controlling, administering, [and/]or issuing a Virtual Currency" under Section 200.2(q)(5) of the BitLicense regulations.

While providing a viable path forward, structuring business plans and transactions to avoid the BitLicense is not a small or inexpensive undertaking.

For an example of how regulations interact, given the developments in securities laws over the course of December alone, in order to conduct a utility token offering (whether for Travel by Token or for another New York State-based client) we are considering the following as a potential workaround to the BitLicense as it interacts with applicable securities laws:

  • Structuring an initial offering as a 506(c)-compliant Simple Agreement for Future Tokens (SAFT) offering, using a third-party service provider to verify accredited investors and for AML/KYC compliance, to the extent we do initial raises in New York because the SAFT, while squarely an investment contract subject to securities laws, should not trip the BitLicense as no tokens are issued;
  • Use funds raised in SAFT offering to continue to develop the token and move the business out-of-state and/or build out the organizational structure and form an affiliate to conduct the offering in a friendlier jurisdiction;
  • Subsequent to reorganizing the business, in the next iteration of funding, through a token offering:
    • At the time of the token offering, we would evaluate the state of securities laws with respect to whether utility tokens that are immediately usable in exchange for a service or product constitute securities in the eyes of the Securities and Exchange Commission and/or state regulators. This would inform us as to whether there is a need to comply with securities laws in the larger offering. However, even if we take the position that a token is not a security based on the Howey test, we would likely expend the effort to produce offering materials with robust securities law type disclosures;
  • We would, absent DFS guidance, plan to block New York State residents (and any others in jurisdictions that give rise to compliance concerns) from participating because, taking a conservative approach, all issuers will likely need a BitLicense to conduct any sort of token offering if based in the state or offering to state residents.

The above process only relates to fundraising and is based on the current state of the law as we understand it (literally) today.

New York passed the BitLicense regulations in a regulatory vacuum and now state and federal laws are catching up to it, oftentimes with less-than-stellar coordination between regulators, causing a compliance nightmare.

Next steps

Absent a successful challenge to the BitLicense regulations in court, and short of the DFS (or the state legislature) reworking the rules in line with the Uniform Law Commission framework, it would be helpful for the DFS to issue more expansive guidance than the bare-bones FAQs posted on its website.

We will also learn the limits of the law the hard way – through enforcement actions, though there have been none to date.

However, further clarification (in whatever form it takes) should provide comfort in the space and limit further exits as well as complex structuring exercises.

Contortion image via Shutterstock


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.