DFS Crypto “Coin Listing” Proposal Represents A Dramatic Expansion of the NY BitLicense

The comments below are in response to the New York DFS’s new proposed Coin Listing Policy Framework (the “Proposal” or the “Framework”) extension to the DFS Part 200 (the “BitLicense”) regulation, released on 12/11/2019 (available here. The DFS has provided only until January 27, 2020 to get comments in to innovation@dfs.ny.gov, so please read the Proposal and this post, and send them your thoughts ASAP).  The proposal consists, in main, of two prongs:

  1. A provision for DFS “listed” coins which will automatically be permitted to be used by BitLicense grantees (“Licensees”).
  2. A provision for self-certification of coins by Licensees which aren’t permitted under prong 1.

Little detail has been provided at this point, so the below comments reflect on the apparent main concepts of the Proposal, as well as interpret its general contextual and explanatory language.

As a reminder, the scope of the BitLicense is coverage only of those engaged in a “virtual currency customer business,” and so, the Proposal would apparently not effect either (a) non-business or (b) non-customer uses of cryptocurrencies (however, it’s worth noting that both limiting concepts could use more clarity in the context of the BitLicense).

  1. Issues with The First Prong.

The first (and main) prong of the Proposal uses the foundational language “list of all coins that are permitted for the Virtual Currency Business Activities of the VC licensees, without the prior approval of DFS.”

However, neither the BitLicense regulation itself nor the language of the Proposal makes it clear whether it will be permitted to utilize coins which aren’t expressly approved by the DFS (or aren’t approved under Prong 2: self-certification).  The alternative interpretation would be that of a “safe habor”: i.e., under which a Licensee could make use of non-approved coins in business, but would potentially receive less regulatory deference for them (or face some statutory limits under the safe harbor; e.g., limits in manner of use, type of customer, or scale).

My belief is that, on the wording of the Proposal, the DFS does intend to entirely prohibit dealings by Licensees in coins not approved under Prong 1 or Prong 2, rather than to create a new safe harbor.

If true, this would be striking, because it would represent a whole new dimension of the BitLicense: a ban on individual (non-approved) coins.  This requirement (which seems material to the BitLicense as a whole) is not spelled out in Part 200, nor, even, in the language of the BitLicense application materials (i.e., the language of the forms – which may typically go beyond the letter of the law, albeit, in a less-binding and more guidance-like capacity).

It appears, then, that ad hoc interactions between Licensees and the DFS regarding permissiveness of activities with respect to specific coins (by understandably-cautious regulated crypto financial companies) has been taken “to the next level” in a regulatory sense with this proposal.

The confusion is compounded by the use of the term “listing” in almost every place in the Proposal –except the one sentence quoted above, which seems to contemplate any type of virtual currency business activity.  The BitLicense itself does not define “listing”.  Thus, it is not clear if the Proposal is intended to encompass public listing activities of Licensees (i.e., by exchanges, such as Coinbase), or any dealings in coins (e.g., private custodial holdings,  private trading, payment processing, participating in a “utility token” ecosystem, etc.).

I believe this apparent quantum leap in the scope of the BitLicense deserves more public attention and scrutiny than it has thus far received.

To illustrate the impact of the regulatory shift, imagine you are a well-meaning crypto project starting up outside the U.S. — let’s say, Estonia.  You “do everything right” in terms of your project team, governance, and financing — and may explicitly follow applicable cryptocurrency or other regulations in your home country of Estonia, as well as potentially on cryptocurrency exchanges in other countries (which may themselves be licensed and have an explicit regulatory status — e.g., as Gibraltar provides).  You may even have what is on it’s face a “security token” – or choose to treat your coin as such, for regulatory certainty.

However, none of that “good citizenship” will result in your coin being listable – or perhaps even commercially-usable (i.e., in a custodial arrangement) by New York BitLicense holders.  This will simply not be possible unless your coin or token is explicitly permitted under the Proposal – either under Prong 1 (DFS listing), or more likely, Prong 2: Licensee self-certification of the coin.

And despite  the availability of Prong 2,   getting certified under it is one-off process, company by company (discussed further in the next section).  There are not a lot of parallels to this situation.  It would be as if every non-public stock had to be re-certified by every broker-dealer or exchange that wished to deal in it – and mind you, many of these crypto tokens will be regulatory securities, just like stocks.  This new Proposal, then, would represent a redundant layer of regulation for such instruments.

As for mainly “unit of exchange” crypto coins, these are more like currencies in view of the forex sector (which counts as its participants banks, speculative trading houses, and forex brokers).  Yet, none of the regulated players in the forex space are required to get approval for every single currency they deal in.

Note that, in both the cases of stocks and foreign currencies, the traded instruments may very well “implode”, despite all assurances, and best hopes. They also might suffer from varying levels of money laundering risk (something explicitly cited as a review factor in the Proposal with respect to crypto coins). But one of the core functions of the market is to “price risk” with respect to all manner of bad outcomes, including that fraud, insolvency, or some other form of risk (i.e., cybersecurity) might lurk within an instrument.

Thus, it is far from clear that a more restrictive, crypto coin-specific regime is appropriate – and such might even hinder the market in its risk-pricing function (which is also a risk-surfacing and mitigating function).


  • Clarify the permissiveness of non-approved coins under the BitLicense (under either prong of the Proposal)
  • Create (or clarify) a safe harbor for one or both prongs (preferably covering both).
  • Clarify whether the coin use restriction is with respective to public trading listings, or any “virtual currency business” use of a coin.
  • Limit the coin use restriction to public trading listings, or at least, tailor the safe harbor in a manner respecting “public vs. private” use (one might follow securities exemptions/safe harbors in this respect – and for similar reasons).
  • Clarify which factors would trigger the DFS to even review a coin for the general list in the first place, and if under consideration, what the criteria would be (presumably, all the company self-certification criteria, plus some additional ones).
  • Exempt coins which are securities in entirety (with a foreign reciprocation regime).
  • Exempt coins which have any regulated status under any qualifying foreign recognized regulatory regime.
  • Require the DFS to consider coins for listing by any paying applicant, fully subject to administrative and judicial review (just as with the BitLicense itself).
  1. Second Prong Issues

The second set of issues I see is with Prong 2 in specific.  This is the self-certification provision.  The DFS has suggested numerous factors to be examined in a self-certification framework.  Though the factors mentioned are not definitive, at least the DFS plans to release a “model” framework, and certainly, having this means of  coin  approval at all somewhat counterbalances the “bottleneck” that would exist if requiring DFS approval for every single coin.  We can naturally expect that this will be the go-to provision for newer coins that haven’t yet garnered universal attention or acceptance, and therefore would not be under consideration for general listing under Prong 1.

However, the effectiveness of this prong seems limited by its “one-off” status.  I.e., a Licensee that self-certifies a coin hasn’t done anything to make that coin usable by any other Licensee.  So, each Licensee will have to “reinvent the wheel” in onboarding a new coin.

Or, alternatively, the onus will be on the progenitor of the coin to advocate for its self-certification by individual New York Licensees.  It’s not clear why our Estonian (or any other foreign token-issuing) venture should have to be this concerned with individual companies in New York — particularly if they have followed all local  regulations and those of major crypto-coin trading venues.  In a sense, it’s a sort of “non-fungibility” rule for crypto assets that (almost by definition) doesn’t really exist in the broader financial sector — or in a free market property system, for that matter (imagine, e.g., pawn brokers not only having to themselves be licensed, but being required to “certify” every single type of asset they took in).

From the perspective of our Estonian applicant, it’s probably not worth the effort to shepherd their coin through possibly dozens of prospective Licensees.  This will provide a competitive disadvantage to smaller or upstart projects, which will inevitably make New York less competitive.


  • Make the Prong 2 prohibition a safe harbor (again).
  • Allow self-regulatory organizations to approve coins (this will presumably require some approval process in turn for the SRO – however, crypto SROs are indeed now in existence, such as the Association for Digital Asset Markets,  or ADAM).

III.  General Issues and Comments

  • Non-licensees who can still deal in crypto without a BitLicense under the DFS regulation; e.g., banks.  Apparently, these entities will have a unique advantage under this regime, as it appears they will not have to get coin-specific certifications.

    RECOMMENDATION: Clarify this (and preferably, do not establish this kind of differential treatment).

  • Regulatory Phase-ins. The BitLicense generally has no initial coverage threshold or “phase-in,” i.e., for small businesses or startups.  I view this as one of the most damaging shortcomings of the BitLicense broadly (and know of numerous clients and prospects who have avoided or pulled out of New York entirely because of it).  This has clearly created a preference for larger companies to deal in crypto in New York, and dramatically limited the choices of New York consumers and business.  Now, with coin-specific qualification, the lack of BitLicense phase-ins will be even more damaging.

    RECOMMENDATION: Allow businesses – subject to reasonable phase-in parameters (i.e., such as number of customers or revenue) – to be excluded from the BitLicense entirely, or subject to a general safe harbor.  Coincidentally, one doesn’t need to look far to find reasonably-tailored regulation in this sense effectively covering crypto companies in New York: the New York SHIELD privacy and data security law, which goes into effect in 2020 (indeed, most privacy and data security laws in the U.S. and worldwide phase-in thusly, so they don’t apply from dollar (or customer) number 1, and which would badly squelch commerce and innovation.  And arguably, crypto should have even more generous phase-ins, as most crypto clients make an affirmative choice and “know what they are getting themselves into” — unlike consumers generally using digital services).


I am a big fan of the increased securing and professionalization of the crypto sector, of which government regulation is a major (though not the only) part. However, the Proposal, and the BitLicense generally, could use significant fine-tuning to make it more friendly to innovation, including small businesses and startups.  Until this is done, I believe New York is missing out on playing a larger and more constructive role in this important new sector, and this new coin-permitting Proposal (as initially-posed) will make the situation worse rather than better.