On April 28, 2022, the New York State Department of Financial Services (“NYDFS”) issued its Guidance on Use of Blockchain Analytics (the “Blockchain Guidance”) to virtual currency business entities licensed or chartered in New York (“VC Entities”). The guidance largely focuses on compliance with state and federal anti-money laundering (“AML”) requirements and with sanctions imposed by the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”). While past issuances of NYDFS and other regulator guidance have dealt with these matters, this guidance focuses on compliance tools specific to virtual currencies and will be important to consider in designing AML and OFAC compliance measures.
In the Blockchain Guidance, the NYDFS highlights the importance of blockchain analytics given the unique characteristics of virtual currency. The guidance mentions specifically risks presented by the ability to transfer some virtual currency peer to peer directly from one person to another pseudonymously, absent the use of a regulated third party but also mentions the benefits of the blockchain ledger’s immutability, which enables provenance tracing and provides the opportunity for greater visibility into transaction lineage than is typically found with traditional, fiat funds transfers.
The NYDFS focuses on the use of analytics in three spaces:
- Augmenting know your customer (“KYC”)-related controls;
- Conducting transaction monitoring of on-chain activity; and
- Conducting sanctions screening of on-chain activity.
While VC Entities can use internal or external sources for blockchain analytics, if VC Entities outsource these analytics, they must have clearly documented policies and procedures with regard to how the blockchain analytics activity integrates into the VC Entity’s overall control framework consistent with the VC Entity’s risk profile.
As part of their AML compliance obligations, VC Entities are required to gather information about their customers and to understand and manage the risks presented by such customers. In the absence of direct identification, the NYDFS recommends blockchain analytic services that permit users to obtain identifying information (e.g., the location of a wallet address on a specific exchange) that can tie to pseudoanonymous on-chain data.
Absent “off-chain” verification, such information will be limited in use, but blockchain analytics can typically identify wallet addresses associated with an institution, indicating safety, or known high-risk wallet addresses, indicating risk. The NYDFS gives the example of funds transfers to counterparties. In that context, the NYDFS notes that vendor products or internal tools can provide numerical scores or tiered rankings to represent the risk of a counterparty institution, which can aid in complying with VC Entities’ obligations to assess counterparty exposure in such transfers.
Each VC Entity must have appropriate control measures in place to monitor and identify unusual activity tailored to its risk profile. As such, the NYDFS emphasizes that a VC Entity must have provenance or transaction tracing built into its policies and procedures to trace each type of virtual currency it supports and the flow of funds through the blockchain. VC Entities should tailor transaction monitoring coverage against red flags, identify deviations from what would be expected from a customer, and address other risk considerations as applicable. Specifically, the NYDFS mentions that there are red flags when a virtual currency:
- has substantial exposure to a high-risk or sanctioned jurisdiction;
- is processed through a mixer or tumbler;
- is sent to or from darknet markets;
- is associated with scams/ransomware; or
- is associated with other illicit activity relevant to the VC Entity’s business model.
Transaction monitoring must be documented, including descriptions of case management and escalation processes, with clearly delineated roles and responsibilities across the business and compliance functions.
Finally, the Blockchain Guidance discusses VC Entities’ obligations to identify transactions involving sanctioned persons listed on OFAC’s Specially Designated Nationals and Blocked Persons List or located in sanctioned jurisdictions. The NYDFS points to OFAC’s sanctions compliance guidance for the virtual currency industry, which encourages the use of transaction monitoring and investigation software to identify transactions with sanctioned persons or in sanctioned jurisdictions.
While the Blockchain Guidance is high level and largely summarizes existing requirements, it underscores the expectation that virtual currency businesses comply with AML and sanctions requirements based on their specific risk profiles and using the tools available and specific to the space.
- State of Play: Russia, Sanctions and Digital Assets
- Congressional Roundup: Digital Asset Sanctions Compliance Enhancement Act and Senate Hearing on the Role of Digital Assets in Illicit Finance
- The State of Money Transmission Regulation and Digital Assets in 2022
To subscribe to the Debevoise Fintech Blog, click here.