Lawsky lays down the law; how practical are New York's proposed Bitcoin regulations?

Last week Ben Lawsky, New York State's Superintendent of Financial Services issued the first version of what has become known as “Bitlicense” regulations. As usual with new rules proposals they are broad and overreaching. Ben Lawsky, in an innovative turn of events, engaged the Bitcoin community on reddit and will certainly be receptive to issues and remarks coming from the industry. The Bitcoin community reacted as expected. The more anarchistic side was immediately up in arms on reddit and other social media. “Any form of regulation or licensing will cause the death of Bitcoin companies and kill innovation, even if Bitcoin itself will live on in the underground”, the message seems to be. The corporate side, including itBit, stated that they will comply with the final rules. The current proposal needs to be discussed thoroughly and probably altered substantially though.

Bitcoin regulation is here to stay and, as I have posted before, it’s a good thing. Without legal means to control the misuse of virtual currency by criminals, terrorists and other bad guys the regular financial industry like banks and investment companies will never touch Bitcoin. They have experienced the hammer of regulatory justice many times now and have absolutely no incentive to add to the risk of yet another multibillion dollar fine. Without banks the chance of merchants adopting Bitcoin is small and without the merchants the general public will stay away. Companies like PayPal, Visa and MasterCard have shown how important merchants and the general public are if you want to be gain critical mass.

Should we just accept that we now have a Bitcoin Overlord and comply with the rules as-is? Most of the fifteen paragraphs contain rules that any financial institution is already complying with. It should come as no surprise that a Bitcoin company will be expected to abide by the same standards as a bank or other financial institution.

Broad coverage

Basically any company and individual active in New York issuing virtual forms of exchangeable value is now under the supervision of Ben Lawsky and (I hope for him) his very large team.
The proposal also states that wallet-providers, payment processors and basically anyone who does anything with virtual currencies will be covered by the new rules. That seems odd, as companies that have no access to client funds and merely provide a service like secure storage should not be put under the same regime as companies that have full access. A bullion vault operator is not the same as a private bank. 
Companies like Amazon and Activision would also be covered, as they issue virtual currency. What about airlines? Oil companies? Sure, there is an exemption for merchants and consumers that “utilize virtual currency solely for the purchase or sale of goods and services” but what if an airline allows you to exchange air miles for other forms of digital currency? Forget about using your Linden dollars to buy that virtual gold in World of Warcraft.

Expensive

The capital requirements and license fees will most probably cause a departure or consolidation of most of the smaller start-ups as they would be hard pressed to raise enough capital. This will indeed be problematic if New York wants to be a Bitcoin start-up incubator. 

However, this is not Lawsky’s problem as he is not incubating tech start-ups but regulating the financial industry. If it were that easy to start there would be many more micro-banks in New York State.

Reporting

The reporting requirements are onerous and lack a risk based approach but shouldn’t be a huge issue for professional players in the Bitcoin space.

A chance for compliance professionals

Compliance and anti-money laundering have never been an area with many adventurers and out-of-the box thinkers. There simply has been no real incentive for compliance specialists to change the highly lucrative and safe financial world for the seemingly insecure and unknown waters of Bitcoin. Regulating the Bitcoin industry will hopefully attract anti-money laundering specialists and compliance professionals. There certainly is enough work to do. 

Beyond practicality

Unfortunately when it comes to due diligence, the new proposal goes out into unknown territory...

Section 200.12 (1) states that a Licensee shall hold records for “…the amount, date and precise time of the transaction, any payment instructions, the total amount of fees and charges received and paid to, by, or on behalf of the Licensee, and the names, account numbers, and physical addresses of the parties to the transaction”. 

That goes beyond the due diligence even the most secure banks perform and would be virtually impossible for Bitcoin transactions. The rule doesn’t add anything to make Bitcoin transactions more secure and will definitely add to the risk of regulatory fines.

Bank wire transactions contain mandatory information but the physical addresses of the sender and the receiver aren’t mandatory information for most transactions. That doesn’t mean that the bank shouldn’t have that information but in a lot of jurisdiction, privacy laws dictate that certain information should be kept within the financial institution and cannot be shared without a proper mandate. 

• For Bitcoin it is virtually impossible to obtain and verify the address of the sender. The receiver should be a customer and should be fully documented but the sender could be anybody. Even if the sender and receiver is one and the same person, you cannot verify that fact.
• Banks can reverse a payment if it contains insufficient information, a Bitcoin transaction is irreversible.
• A physical address can be very easily faked by providing false documents.
• People move often and don’t always update their addresses. Why would a customer bother when transactions are all online anyway and there is no reason for physical mail?

Change of approach

A risk based approach that requires Bitcoin Licensees to do due diligence on high risk and high value transactions and focus on client behaviour, instead of point-of-entry know your client documentation would not only help to create a safer and more viable system but could be used by the traditional banking industry as well. Real money-launderers will not go by the placement-layering-integration textbook laundering methods anymore. They use mules, false addresses, straw-men, whatever it takes to point law enforcement in the wrong direction.

There are numerous ways that financial technology like Bitcoin can improve on the traditional AML and CTF methods. Logging of user IP addresses, reconciliation of high risk transactions on the blockchain, automatic profiling and flagging of Bitcoin users and secure, shared document repositories are just a few. 

Conclusion (for now...)

Lawky’s regulations are a good start, but if New York truly wants to be a Bitcoin leader, they need to be practical, pragmatic and written in a way that stimulates innovation in keeping the bad guys out and the good guys in. Other jurisdictions will undoubtedly come out with their own versions which may or may not be good news. Keep in mind though that these rules are made for a reason; to keep the industry and the public safe from crooks and criminals.

Time for the internet of transportation

Terrorist acts are horrible and senseless. It gets even worse if the terrorists get the opportunity to obfuscate information and even deny others to come in and collect evidence to bring those responsible to justice. As it looks now, flight MH17 was shot down by Russian led “rebels” who received a shiny new toy from their masters in Moscow. Proudly they tweeted about their capability to shoot any plane out of the sky, falling just short of taking selfies with their deadly new gadget. Even Putin should have realised that you can’t give goons high tech equipment and not expect them to use it. When they did, 298 innocent people were brutally murdered.

To add insult to injury, instead of admitting their mistake and turning themselves in, the goons are denying aid- and recovery organisations access to the site. In a clear attempt to sweep evidence under the rug they have removed at least a few of the black boxes from what is basically a large crime scene. It is as if Al Qaeda would have had the opportunity to loot the bodies of victims and remove evidence at will after 9/11. The world is looking on and has done nothing but shake their collective fists.

Apart from the emotional and moral questions that this case inevitably creates, there is also a technical one. Why do airplanes still rely on “black boxes” to record critical information? In today’s world, where we are now talking about the “internet of things” it should be not too difficult to create a network of satellites, to provide a seamless information highway for airplanes. Flight MH370 disappeared without a trace. Collecting information on flightMH17 will be more difficult now the crime scene has been compromised.  

If there’s one thing to be learned from these two disasters it is that any form of mass transportation is vulnerable to criminals and terrorists. No amount of x-ray portals, invasive body searches and confiscation of water bottles will help you if anyone can just shoot you down from the ground.

Google is building driver-less cars. SpaceX wants to fly people to the moon for vacation. People like Elon Musk are hailed as “visionaries” when they come with highly impractical but media-sexy plans for future transportation. So why not put a fraction of that innovative thinking to good use and devise an unhackable way of sending out information? Why aren’t airplanes sending out streams and streams of data about their location, condition, flight path and anything else that may help in case of an emergency? Why do airplanes need to carry their own evidence box? Why do we need radar to find out where a plane or boat is?

It probably wouldn’t make the existing modes of transportation safer. However, it would deter terrorists like Putin’s goons to shoot down a civilian airplane if they have half a collective brain cell. They would know they wouldn’t be able to hide the  evidence.  I’m not talking about a shady government organisation owning the intel and changing whatever they see as unfit for public knowledge. Make this information instant, public and verifiable and let anyone have access.  With real time flight information gathered in a transparent way, it should be easier to find the people responsible for these acts.

itBit will be on the forefront of regulation

NEW YORK -- July 17, 2014 -- itBit today reaffirms its intention to meet full regulatory compliance with the New York Department of Financial Services BitLicense.

"We applaud the thoughtful and transparent approach that Benjamin Lawsky and the NY DFS have taken in examining consumer protection issues surrounding virtual currency and related businesses. We believe this framework is important for the ecosystem to operate in a compliant and trustworthy way, and shows the DFS’ ongoing dedication to improving the stability of the industry," said itBit CEO Charles Cascarilla. "We take every possible measure to ensure that itBit protects consumers, prevents abuse and provides security. The proposed BitLicense aligns with our current standards and practices, and we have every intention to be in compliance with the final guidelines.”

Read the full NY DFS press release here.

Inside the Bitcoin manipulation business

Since the Bitcoin rise and fall late last year, the media have been all over the virtual currency and its cryptographic brethren. Most of the news has been negative as the industry struggled with criminal users, hack and theft attempts and even the bankruptcy of the world’s largest Bitcoin exchange, Mt Gox. The fact that media love a bad story hasn’t helped either. 

The recent Bitcoin auction by the US Marshalls Office should be seen as a positive development. For the first time a government institution is selling something that can be considered controversial but could also be seen as a revolutionary new way to safely transact in a globalised and increasingly virtualised economy.

The internet has changed the news industry the same way as it is now changing the financial industry. The difference is that some news agencies don’t feel that they are bound by the same ethical standards that they continue to point out, the financial industry and especially the Bitcoin industry is lacking. Take for instance businessinsider.com, a website headed by convicted fraudster and banned-for-life banker Henry Blodget. It has become a very popular site because of the sensational style even though the articles can’t be accused of being unbiased journalistic masterpieces. 

The US centric .com site now has local variations that include more than the latest US army successes or which football player scored what in the last Super Bowl. However, it seems that businessinsider doesn’t say no to a bit of manipulation to attract the clicks though. A blatant example is the latest news about Bitcoin. Have a look at the Singapore site on the left versus the same article on the US site on the right. Keep in mind that Bitcoin prices have risen substantially since yesterday and that market manipulation is not a crime in the Bitcoin world yet, just highly unethical.