On January 23, the New York State Department of Financial Services (DFS or the Department) issued guidance clarifying its expectations for New York-based virtual currency businesses regarding the custody of customer assets (Guidance). The stated purpose of the Guidance is to “emphasize sound custody and disclosure practices to better protect customers in the event of an insolvency or similar proceeding.” The Guidance applies to both New York BitLicensees and limited purpose trust companies and is effective immediately.
The Guidance is not surprising given prior statements and actions by DFS Superintendent Adrienne Harris, who has focused on consumer protection in the wake of the FTX bankruptcy. Since FTX filed for bankruptcy on November 11, 2022, the DFS has released guidance regarding banking organizations that seek to become involved in virtual currency-related activities and has proposed new regulations intended to allow the DFS to collect supervisory costs from licensed virtual currency businesses.
As discussed in our prior client alerts, while the full impact of the FTX bankruptcy and other virtual currency insolvency proceedings is not yet clear, especially with respect to the treatment of customer assets in the event a crypto custodian enters insolvency proceedings, regulators including the DFS will continue to use their existing authorities to enforce rules to protect customers and avoid further market contagion. Still, it is uncertain whether and how those rules will translate to recoveries for customers in the insolvency sphere.
BitLicensees and New York State limited purpose trust companies to whom this Guidance applies should review it, and their existing custody and disclosure practices, to ensure compliance. Other entities providing custody for virtual currency should also review this Guidance and consider whether enhancements to their processes and disclosures are necessary to enhance customer protection.
Key Points
The Guidance clarifies the Department’s expectation for virtual currency entities (VCEs) that act as custodians (VCE Custodians) to hold virtual currency in a manner that protects customers’ virtual currency. Specifically, the Guidance focuses on customer protection relating to four areas: (i) segregation of and separate accounting for customer virtual currency, (ii) limited interest in and use of customer virtual currency, (iii) sub-custody arrangements, and (iv) customer disclosure.
- Segregation of and Separate Accounting for Customer Virtual Currency. VCE Custodians are expected to separately account for and segregate customer virtual currency from their corporate assets and those assets of their affiliated entities. VCE Custodians should clearly and prominently disclose the manner in which they segregate customer virtual currency and should maintain customer virtual currency either (1) in separate on-chain wallets and internal ledger accounts for each customer under that customer’s name or (2) in omnibus on-chain wallets and internal ledger accounts that contain only the virtual currency of customers held for the benefit of those customers. Taken together VCE Custodians have flexibility to maintain customer assets in separate or omnibus accounts, as long as customer assets are segregated from assets of the firm and titled accordingly. VCE Custodians should be prepared to demonstrate reconciliation between the VCE’s books and on-chain activity as part of ongoing monitoring, routine on-site examination, ad hoc visitation or otherwise.
- Limited Interest in and Use of Customer Virtual Currency. The DFS expects VCE Custodians to take possession of customers’ virtual currency that is transferred for safekeeping for only that limited purpose. VCE Custodians should not establish a debtor-creditor relationship with such customers or employ such customer virtual currency for their own use, including as security for an obligation of the custodian. The custodial relationships should preserve the customer’s equitable and beneficial interest in the virtual currency.
- Sub-custody Arrangements. The Guidance notes that after appropriate due diligence, a VCE Custodian may enter into a sub-custody arrangement with a third party as long as the arrangement is consistent with the Guidance. Any such arrangement, however, would constitute a material change to a VCE’s business and would require Department approval. In support of a request for approval, the Department will require, at a minimum, (i) the applicable risk assessment performed by the VCE Custodian, (ii) the proposed service agreement(s) between the parties, and (iii) the VCE Custodian’s updated policies and procedures reflecting the processes and controls to be implemented around the proposed arrangement.
- Customer Disclosure. The Guidance clarifies that VCE Custodians are expected to clearly disclose in writing the general terms and conditions associated with its products, services and activities, and obtain customer acknowledgement that such disclosure was received prior to entering into an initial transaction with the customer. The customer agreement also should clarify that the parties intend to enter into a custodial relationship, rather than a debtor-creditor relationship, and should disclose any use of a sub-custodian and material terms and risks of such arrangement and such disclosures. The customer agreement must be readily accessible to customers on the VCE Custodian’s website.
Looking Forward
New York BitLicensees and limited purpose trust companies should immediately review their custodial arrangements to ensure compliance with this Guidance. More broadly, given the continued focus on the protection of customer assets maintained at virtual currency companies by both customers and regulators alike in the wake of recent bankruptcies in the crypto industry, other market participants should consider whether to incorporate the Guidance.