Though the NYSSCPA supports a proposal from the New York State Department of Financial Services (NYSDFS) that would govern the transfer and use of virtual currencies among financial intermediaries, it called on the agency to address ambiguities in the language that the Society said would cause confusion, and work to better align the plan with existing processes. The Society weighed in on the matter in October with a comment letter written by members of its Virtual Currency Task Force.
New York state is the first in the country to attempt to create a regulatory framework for online virtual currencies such as Bitcoin, which have become increasingly popular in the past few years. Unlike the dollar, pound, yen and other traditional mediums of exchange, virtual currencies are linked to no one nation and are not regulated by a central bank. Transactions that use them are not processed by an intermediary financial institution.
The state isn’t completely alone in its efforts to make sense of the phenomenon, with the NYSSCPA becoming one of just a few state societies to formally study the topic. In the spring, the Society’s Board of Directors voted to establish the Virtual Currency Task Force to identify for the public and other relevant stakeholders the associated risks and benefits of electronic currencies.
At the heart of the state’s proposal, which was released on July 17, is a license that it refers to as “BitLicense.” Entities would be required to obtain one from the NYSDFS if they store, secure, maintain, receive or transmit virtual currency on behalf of consumers; perform retail conversion services with virtual currency; buy or sell virtual currency as a customer business (as opposed to personal use); or control, administer or issue a virtual currency.
In addition, entities would have to follow a number of rules generally intended for consumer protection and anti–money laundering purposes. For example, entities would be required to hold virtual currency of the same type and amount as any virtual currency owed or obligated to a third party, as well as maintain a stringent cybersecurity program. They would also be required to capture certain information, including the identity and physical address of all parties involved in virtual currency transactions, the amount or value of each transaction, when the transaction occurred, and a description of it.
Some Bitcoin companies have panned the proposal, accusing the NYSDFS of being too heavy handed. Overall, however, the Society supported the regulations, writing that it believes “they are a significant first step in providing guidance and clarity to the new and emerging world of virtual currency.” Moreover, Edward J. Torres, chair of the Virtual Currency Task Force, said that with no existing rules for the accounting, auditing or valuation of digital currencies, it was vital that the CPA community weigh in on early attempts at broad regulations.
“It’s important that we get out in front of the issue before the rules are implemented without any input from us,” he said. “We want to make sure that we’re part of the process and that there are proper controls in place so that there is transparency and consistency and fairness in this.”
The task force did have several suggestions, including one aimed at the application process itself. Under the proposal, in order for entities to obtain a BitLicense, they would need to provide a wealth of detailed information, both personal and financial. This includes a current financial statement for the applicant and its principal officer, principal stockholder and principal beneficiary, as applicable, as well as a projected pro forma balance sheet and income and expense statement for the next year of the applicant’s operation.
While the task force said that demanding such information is sound, it recommended that, instead of creating an entirely new set of requirements, the state have BitLicense applicants provide the same information currently required of those applying for a money transmission license, noting that the two efforts share similarities.
“There’s no need to reinvent the wheel, especially when there are established protocols that have been refined to represent the needs of the public and businesses,” Torres said.
Requirements for the money transmission license include audited financial statements for the applicant for the two fiscal years of operation preceding the application; personal financial statements for each director, principal officer or 10 percent equity owner of the application; audited financial statements for the most recent two fiscal years of any company that directly or indirectly owns 10 percent or more of the equity securities of the applicant; an affidavit stating that the applicant maintains permissible investments; financial projections for two years of operations; and pro forma balance sheets and profit and loss statements, the Society said.
Seeking clarification
In addition to its suggestion about utilizing existing processes, the Society also asked for clarification in several areas. For example, while it agreed with the proposal’s push to require licensees to maintain a bond or trust in U.S. dollars for the benefit of their customers, it said that the NYSDFS needed to clarify the surety bond and trust requirements, such as where the trust should be held, or how much the bond or trust would hold.
It also found ambiguity within the proposed requirement that licensees record, for each transaction, the amount, date and “precise time” of the transaction. By precise time, the Society asked, does the proposal mean the time that the specific transaction is made or the time when it is recognized by the system?
Some virtual currencies, the Society noted in its comment letter, operate in a decentralized manner and utilize a public ledger system in which transactions are not recognized to have occurred until they have been recorded in the ledger.
“Updates to the public ledger occur in batches and, as such, a difference will often exist between the time that a transaction has been executed between parties and the time in which the transaction is considered irreversible through being recorded in the public ledger,” the Society wrote.
The Society also felt there was a need for additional clarity on what the NYDFS meant when it said that proposed licensees must have a cybersecurity program. Leaving this ambiguous, the Society said, allows for “wide latitude in interpretation and implementation.” It recommended, instead, that the NYSDFS reference a specific security standard accepted in the financial services industry, such as those articulated by the country’s National Institute of Standards and Technology, a nonregulatory agency that advances measurement science, standards and technology.
It added that entities should also be required to test this program at least semiannually; the testing should be perimeterwide, with respect to the entity, regardless of physical location; the results of that testing should be made available to the public; and the timing of the test should be planned, but have an element of unpredictability.
The Society also asked the NYSDFS to consider the unique fraud risk of “double-counting” in virtual currency, where people could take advantage of the transaction timing to effectively clone value in the space between when a transaction is made and when it is recognized.
“Once a transaction is initiated by a customer, a second transaction should not be allowed from the same account until the ledger for the first transaction has been settled,” the Society said.
Beyond responses to specific parts of the proposal, the Society recommended that a licensee’s audit committee be responsible for such elements as the integrity of the financial statements, as they relate to virtual currency; updates to the entity’s risk assessment and risk management guidelines, as they relate to virtual currency transactions; confirmation of the scope of the internal audit function to include the design and operating effectiveness of internal controls over virtual currency transactions; and compliance with legal and regulatory requirements.
The comment period for the proposal ended on Oct. 21. In November, Benjamin M. Lawsky, the NYSDFS’s first superintendent of financial services, said that the department would respond to feedback it received with a revised proposal that would soon be made available for public comment. He also left open the possibility that the next iteration of the proposal may include a transitional license for start-ups, with slightly relaxed requirements.
cgaetano@nysscpa.org