The New York State Department of Financial Services (NYDFS) recently issued guidance on the use of blockchain analytics for all virtual currency businesses that either have a BitLicense or are chartered as limited purpose trust companies under the New York Banking Law (VC Entities), emphasizing “the importance of blockchain analytics to effective policies, processes, and procedures, including, for example, those relating to customer due diligence, transaction monitoring, and sanctions screening.” The NYDFS continues to be concerned with the unique compliance challenges virtual currencies pose, while understanding they present new possibilities, including offering greater visibility into transaction lineage.

The NYDFS highlighted three areas of particular concern:

  • Augmenting Know-Your-Customer-Related Controls. The guidance reiterates the importance of VC Entities obtaining and maintaining information regarding current and potential customers, so VC Entities may address the risks such customers present. In particular, NYDFS underscores that blockchain analytics allows entities to obtain identifying wallet addresses even though it may not identify underlying owners. NYDFS is instructing VC Entities that they must have policies, processes, and procedures in place to assess counterparty exposure in virtual currency funds transfers.
  • Conducting Transaction Monitoring On-Chain Activity. NYDFS emphasizes that VC Entities should have policies, processes, and procedures in place for the tracing of transaction activity that includes “appropriately tailored transaction monitoring coverage against applicable typologies and red flags, identify[ing] deviations from a customer’s expected activity, and address[ing] other risk considerations as applicable.” For example, FinCEN has highlighted dark web marketplaces, peer-to-peer exchanges, foreign-located money services businesses, and convertible virtual currency kiosks as raising particular risks.
  • Conducting Sanctions Screening of On-Chain Activity. NYDFS also highlights the importance of implementing risk-based policies, processes, and procedures for identifying transactions associated with persons subject to sanctions or transactions originating from sanctioned jurisdictions. This is consistent with the position in guidance from OFAC that companies in the virtual currency space are strongly encouraged to develop, implement, and routinely update a tailored, risk-based sanctions compliance program.

NYDFS explained that VC Entities may use third-party service providers or internally developed blockchain analytics products for implementing these control measures. Nevertheless, if the control measures are outsourced, NYDFS expects documented policies and procedures to be in place. In all cases, the policies and procedures must describe case management and escalation processes, while delineating roles and responsibilities across the business and compliance function.

Although the NYDFS guidance is aimed at New York-regulated entities, these compliance programs may signal a shift in regulatory compliance beyond New York state and may serve as useful guidance for the industry as a whole moving forward. It further signals regulators are now more focused on the supervision of virtual currency instead of debating the legal permissibility of digital assets.