Client Alert: NYSDFS Virtual Currency Guidance for Banking Organizations

Client Alert | Article

Recent New York State Department of Financial Services (“NYSDFS”) guidance explains that DFS-regulated financial institutions (“Covered Institutions”) currently offering, or considering offering, virtual currency-related products and services must meet a highly prescriptive list of requirements before offering new or amended virtual currency products.  These requirements, explicitly delineated for the first time, will serve as a high barrier to entry for new and existing players in the virtual currency marketplace and will require a significant investment of time and effort for each new or modified product brought to market.

The guidance re-emphasizes the requirement that Covered Institutions must obtain DFS approval prior to commencing virtual currency-related activity, via a written submission. The guidance then adds explicit requirements for that written submission and affirms that the written submission is necessary even if virtual currency-related activity is conducted by a third party partner of the Covered Institution. 

The written submission must provide an enterprise-wide risk-management and control framework to identify, measure, monitor, and control all risks associated with the proposed virtual currency-related activity, in line with the Covered Institution’s board-approved risk appetite.  The written submission should also cover additional risk management considerations specific to the proposed new or modified product, including operational risk, market risk, cyber security risk, and legal/compliance risk, amongst others.

From a Financial Crime Compliance (“FCC”) standpoint, the DFS will evaluate new or modified products against core elements of the Covered Institution’s risk management framework, including:

  • BSA/AML Policy and Procedures;
  • BSA/AML and OFAC risk assessment(s);
  • Risk assessment methodology relevant to the proposed virtual asset activity, including for transaction monitoring, sanctions filtering, and KYC controls;
  • Most recent independent assessment of the BSA/AML and OFAC Compliance programs;
  • Third party oversight materials, including a description of all due diligence performed on third parties prior to engagement of services; and
  • Anti-Fraud program materials.

How Exiger Can Help

Before Covered Institutions innovate with virtual currency products, they must successfully demonstrate the alignment of their current or proposed future-state AML and Sanctions controls with both regulatory obligations and sound risk management principles and practices.

Exiger provides FCC services to a diverse range of financial institutions, including banks, broker-dealers, fintechs and crypto-native financial services companies. Our experienced team has developed written materials to obtain DFS virtual currency-related product approvals, deployed new product approval processes and risk assessment methodologies, conducted comprehensive evaluations of BSA/AML and Sanctions programs, and evaluated the suitability of partnerships with third parties for a wide range of customers. We routinely provide our clients with written FCC materials, including BSA/AML and Sanctions policies & procedures, risk assessments, business processes, model validations and audit reports.

The virtual currency space is evolving rapidly, and in the spirit of caution, the DFS aims to slow it down.

Contact us today to discuss how Exiger can help you fulfill and document your BSA/AML and Sanctions risk management requirements, so you can focus on innovating.

This client alert was produced by Chris Andre (Managing Director) and Dave Soiles (Associate Managing Director) in Exiger’s New York FCC Advisory Practice.

Demo The
Exiger Platform