Overview

The proposed BitLicense regulation will cripple small business growth in New York while having broad negative effects on individuals and technology firms throughout the country. With prejudicial precedence it will attempt to regulate open source software and have far reaching implications beyond financial service firms, negatively affecting the NY technology and commerce sectors and diminishing their innovation. The Open Source Financial Developers Association is petitioning the governor and legislature to preempt the Superintendent of the Department of Financial Services from releasing this onerous regulation that will clearly set in motion long-term detrimental consequences for the voters of New York State.

Why is this important?

New York State wishes to become a leader in technology and innovation. To date, this effort has been driven primarily by grass roots entrepreneurial and community initiatives There can be little doubt that many of these innovations will be stifled by the proposed regulation in a nascent area that has not been given adequate time to prove itself. Virtual currencies (as defined by BitLicense) such as bitcoin and it's derivatives are actually a technology protocol similar the ones presently used to browse the web and send email. The first application of this protocol has been the capability to store value. While very useful, this only touches on a small aspect of the protocol’s versatility.

Regulating this accessible and transparent protocol will cripple open source technology innovation, thus handicapping for years to come New York State’s efforts to be a technology leader, and undermine the State's ability to both attract and retain businesses wishing to settle here and contribute to the growth of the State.

The imposition of a parallel track of alternate regulations for virtual currencies implies that present regulations for existing fiat currencies and other electronically transmitted payments are inadequate. A number of requirements proposed by the BitLicense regulations shall clearly create a prejudicial regulatory framework around what is effectively no more than a means of value transmission and will stifle innovation that utilizes the protocol. There is already precedent in the United States where the Internal Revenue Service deemed bitcoin as property. For that matter, the IRS has already stated that all existing laws and regulations that apply to property shall also apply to virtual currency. This well-established regulatory approach, as it pertains to traditional currency, is a more than adequate tool for law enforcement to use in curbing fraud and bad actors. Adding a superfluous layer to existing regulation calls into question the intentions and agenda of such regulation and will only sabotage a protocol that can help spur innovation and can make New York a leader in both technology and commerce.

1. “Virtual Currency” is defined to include bitcoin and other convertible currencies, but specifically exclude customer affinity points and in-game currencies. It does not consider coins used to track digital assets, incentive programs, or coins innately created or transmitted for digital functionality without ever becoming a store of value. Additionally, there is no specific treatment of branded coins that are quasi-convertible. Such broad oversight incapacitates the ability for open source initiatives.

2. BitLicense creates yet another anti-money laundering program. FinCEN – the federal regulator - already requires reporting cash transactions over $10,000. New York is requiring duplicate reporting for virtual currency specific transactions over $10,000. BitLicense holders must also file *state* Suspicious Activity Reports with NY, not just the ones required to file with FinCEN.

3. BitLicense registration as proposed will add excessive and burdensome costs that will not allow small businesses to compete in a space that they helped create. New products, services, and even activities must be reported to the superintendent. The process of submitting written approval essentially turns a quick thinking and nimble business into an organization that will have to spend much of its time coping with a newly created bureaucracy. This will not allow a business to survive in the fast-paced and ever-changing market conditions of the technology sector.

4. BitLicense imposes restrictions specifically on New York residents and businesses where other states and countries have no such restrictions. This gives other jurisdictions a competitive advantage and drives start-ups and innovators out of New York State.

5. BitLicense does not allow profits to be held in virtual currency and requires users to hold U.S. dollars, U.S. bonds, or U.S. treasuries. This is an overreaching precedent dictating how corporations must store and use their capital assets.

6. BitLicense effectively attempts to regulate open source software. Attempts to rejigger the virtual currency protocol through regulation would have implications on individual freedom and further technological progress.

7. BitLicense not only imposes the current restrictions that are already placed on traditional currency but adds many new restrictions and requirements which can pose a danger to a users personal financial privacy. No minimums are defined so every transaction down to the penny will require a user to divulge personally identifiable information. This deviates from acceptable norms when dealing with fiat currencies. This grants the state the ability to track the activities of citizens down to the penny.

8. (Section 200.1 n4) lumps exchanges as “those who turn virtual currency into fiat currency and vice versa” in with commercial sites, who only convert one way (virtual currency into goods and services). These two services are separate and should be considered as such. It appears that Section 200.3 c2 attempts to provide said separation, but I believe it would be made more clear to refer to 200.3 c2 within 200.1 n4 to make clear that conversion of virtual currency to "other value" is explicitly referring to an exchange process of some sort, and not simple commercial sales.

9. (Section 200.1 n5) states that anyone "issuing" a virtual currency must have a license. A virtual currency as defined in 200.1 m as basically a piece of software that people choose to run. This implies that should the legislation go into effect, the creator of Bitcoin would have to apply for a BitLicense. The creation of software should not fall under the regulation of a financial authority. How this software is used with regards to monetary exchanges may fall under such authority, but simply writing the code that creates the network should not require that a developer obtain a license.

10. (Section 200.8 b) seems to say that bitcoin related companies cannot maintain any investments in bitcoin denominated assets. This seems to be an attempt to prevent front running, but should only apply to exchanges, and not all bitcoin related companies, since many bitcoin related companies are operating strictly within the bitcoin economy and therefore may have a difficult time trading into USD. A BitLicense holder can only invest its earnings in: government securities, money market funds, insured CDs, but not bitcoin. But, what if a company wishes to invest it’s virtual currency profit in the company itself?

11. (Section 200.9 b) requires clarification. Mining pools hold mining revenue for participants. Does this section imply that these mining pools must maintain a separate balance that equals the balance they are holding for their participants? This creates undue burden on these companies.

12. (Section 200.9 c) may have unintended consequences. All full nodes "technically" assist in the transfer of bitcoins from one individual to another, since they can and do forward the transfer transaction throughout the network. This propagation is the primary means of alerting others to the transfer, and thus could be seen as a part of the transfer process.

13. Virtual currency users in jurisdictions not covered by the BitLicense will simply refuse this overreaching attempt to gather their private info for such corporate and governmental bodies. The language requiring all licensees to have, "all other records as the superintendent may require" (Section 200.12, a9) as it stands is far too broad.

14. Defining an inactive virtual currency account as abandoned property potentially violates the right of individuals in their ability to hold assets for the long term and to use them as they see fit (Section 200.12, c). The BitLicense proposal is also ambiguous because virtual currency funds reside on the open blockchain ledger; for security reasons companies might only hold a customer’s private key, and thus, by security design, will not be able to satisfy such an extraordinary requirement.

15. Audits of every two years (Section 200.14, b) will create expenses that are a barrier to entry for most small businesses and individuals. The blockchain is a public ledger, open to audited by all, as opposed to other traditional financial instruments that usually provide no such public ledger. In addition, the quarterly audits (Section 200.14, a) add even more burden and expense to a small business trying to compete (contrast this, for example, to the State's existing flexible policy of permitting businesses to report sales tax on either a quarterly or annual basis). Reporting "more frequently as risks change" (Section 200.15, a) is quite ambiguous, placing yet another burden on businesses.

16. (Section 200.15 d1) fails to realize it is impossible to prevent a transaction from sending an address bitcoin. As such, requiring companies to collect information about receiving payments gives high potential for abuse, since there is literally no way to accurately ascertain where an anonymous payment has come from. This prevents companies who accept payments on behalf of their customers (such as payment processors) from being able to collect bitcoin at all. Additionally, anonymous payments can be sent to businesses without their permission. How should a business handle reception of a transaction from an unknown identity? How do not for profit organizations accept bitcoin donations of small amounts? Are they required to collect data for every donor?

17. (Section 200.15 g1) “opening an account” should be more appropriately defined. Since all virtual currency already exists on the open ledger, instances such as simply holding an individual’s private key becomes ambiguous under current definition. This is more than even traditional money transmitters are required to do.

18. (Section 200.15 i) leaves companies open to abuse. By sending lots of small transactions that regulation specifies to be illegal, an attacker could force a company to pay large amounts of money in miner fees to return the illegal money. Otherwise, how are "illegal" transactions to be handled?

19. (Section 200.16) adds additional burdens of detailed reporting of the licensee's cyber security program, as opposed to reasonable summary reporting of security measures at the time of registration. Reporting requirements go as far as reporting on "potential" cyber risks and how they would be dealt with.

20. Source code reviews of internal proprietary software are required by an independent, qualified third party on an annual basis (Section 200.16, e3). A business who’s main asset is their propriety software must sacrifice the security of the most integral part of their existence.

21. What “cyber security update and training sessions” (Section 200.16, f2) are required for the cyber security personal? Is this language not too broad and why is this required in a business where most providers and users are already technically proficient in comparison to institutions relying on stagnant, old technology.

22. Licensees will surely face scrutiny based on their reporting of "third parties that are necessary to the continued operations of the Licensee’s business.” (Section 200.17, a6) Virtual currency businesses are international and in all likelihood will often not fall under New York State jurisdiction.

23. Virtual currency is a global phenomena and any third party business which does not voluntarily agree to New York State’s regulations will be unsuitable for business within the state of New York (200.17, a). BCDR plan must be tested at least annually, which adds additional costs and burdens to small businesses. Reporting on all advertising and marketing is both unreasonable and materially irrelevant, especially for small businesses who would lack formidable resources. Additionally, suggesting that a business must share its private strategic business plans and financial projections is anti-competitive and would establish a dangerous precedent for business law in the State (Section 200.14, a3).

24. Requiring Licensees to field all phone calls is both unrealistic and burdensome. Communication via Email is a much more practical approach to handling user support for many reasons, including the dictation of long strings of numbers and letters for a users account that would inevitably be required (Section 200.19, e1). Email support could easily be answered in a minimum time frame set by the company, allowing for effective and smooth customer support. The reporting of fraud is not well-defined by the proposed regulations. Often customers are quick to call a transaction fraudulent when in fact the customer has simply not educated themselves as to how these financial instruments work before they execute a transaction.

25. Section 200.20 will have the department (defined in BitLicense as the NYSDFS) overwhelmed with communications from end-users that have often never even bothered to review the readily accessible literature about virtual currency that is on the Internet. The New York State Department of Financial Services essentially needs to hire technical support people to educate customers who are either unable or unwilling to educate themselves.