On April 28, 2022, the New York State Department of Financial Services (NYDFS) issued guidance to all virtual currency entities that are licensed under 23 NYCRR Part 200 or chartered as a limited purpose trust company under the New York Banking Law (VC Entities). This guidance emphasized the importance of employing blockchain analytics related to customer due diligence, transaction monitoring, and sanctions screening.
Transactions in virtual currencies involve sources, destinations, and types of fund flows that may be different from traditional, fiat-currencies. VC Entities must ensure that their compliance programs consider these unique characteristics to comply with the New York Banking Law, the New York Financial Services Law, federal Bank Secrecy Act/anti-money laundering regulations (BSA/AML), and Office of Foreign Assets Control (OFAC) requirements.
Although the unique characteristics of virtual currency transactions may present compliance challenges, they also lend themselves to control measures that leverage new technologies. For example, since virtual currencies enable provenance tracing, a blockchain ledger’s immutability offers a historical view of a virtual currency transmission between wallet addresses. This allows for greater insight into transaction lineage, as most virtual currencies store information on-chain, including sending and receiving wallet addresses, time and date, and the value of the transaction. However, as wallet addresses are typically pseudonymous, they do not provide information about the originator, beneficiary, or underlying beneficial owners. A VC Entity’s risk mitigation strategy must address its business profile to properly assess risk, considering which type of virtual currency is being used, as well as the volume of transactions.
The NYDFS guidance emphasized the importance of blockchain analytics to address anti-money laundering requirements and compliance with BSA/AML and OFAC-related rules focusing on:
A VC Entity’s documentation must describe case management and escalation processes, with clearly delineated roles and responsibilities across the business and compliance functions, including the VC Entity’s approach where there are any doubts.
VC Entities may use third-party service providers or develop blockchain analytics products and services internally. However, to the degree VC Entities choose to outsource, they must have in place clearly documented policies, processes, and procedures.
VC Entities should assess their risk as it relates to virtual currency transactions, including adopting more encompassing “off-chain” verification methods and implementing or updating robust BSA/AML programs.
Furthermore, given the increased emphasis on international sanctions, VC Entities must be aware of individual entities listed on the SDN List. Additionally, VC Entities must be knowledgeable about their customers and the types of risks they entail.
Guidehouse can help VC Entities assess their current blockchain analytics tools to address anti-money laundering requirements, BSA/AML, and OFAC-related controls as described in the Department of Financial Service’s April 28 guidance. Guidehouse can identify gaps or weaknesses with a VC Entity’s current model, conduct training on AML and sanctions compliance, and provide blockchain tracing and analytics.
In so far as the NYDFS guidance allows VC Entities to use third-party service providers, Guidehouse can assist in creating clearly defined and documented policies, processes, and procedures related to blockchain analytics tools.