cyberattack

The Growing Calls for Bit Licensing in the Wake of Global Cyberattacks

In recent months, hackers executed a global cyberattack, reportedly attacking over 150 countries, including public and health care systems and individual computers. The attackers demanded payment in bitcoin to unlock computers and return the data.

Bitcoin is a non-conventional, decentralized cryptocurrency, based on open-source software invented by Satoshi Nakamoto in 2009. All bitcoin transactions are stored in the blockchain, a distributed ledger and record-keeping system. Mid-May 2017, the market capitalization for bitcoin was around $28 billion.

Payment with bitcoin is assumed to be a transparent and neutral payment method, with lower transaction fees. Bitcoin is available everywhere the internet is available, and can be used without requiring the need to disclose a party’s identity.

On the other hand, some of blockchain’s advantages can also be considered challenges—particularly issues relating to digital identity, privacy, and cyber-security. Additionally, bitcoin’s market value is very unstable, which can result in substantial financial risks. This raises the question of whether the use of bitcoin should be regulated and, if so, to what extent?

Some governments require a license for digital currency activities, and others are contemplating it, in order to manage the cryptocurrency-related concerns stated above. In New York, for example, where virtual currencies are considered a commodity, individuals can open an online bitcoin account. New York State, however, requires businesses engaged in virtual currency activities that have a place of business or provide services to persons located in New York to obtain a license for digital currency activities (bitlicense).

The bitlicense was introduced in 2015 by the New York State Department of Financial Services (NYDFS), which is regarded as controversial by some. Applying for a bitlicense is reported to be expensive (including a $5,000 non-refundable application fee), and compiling the application includes extensive paperwork, which may require legal and other outside services, as well as many hours of work. In turn, this makes it challenging for smaller companies and startups to apply for the license. The bitlicense includes several obligations, including hiring a compliance officer, consumer protection, anti-money laundering (AML), cyber security, business continuity, disaster recovery, and capital requirements.

Following the introduction of the bitlicense requirements, certain virtual currency businesses such as Genesis-Mining, Kraken, ShapeShift, and Bitfinex did not apply for the bitlicense, but rather left New York and took their business elsewhere in order to avoid the obligation to apply for the bitlicense.

The NYDFS reported to have received 22 bitlicense applications following the filing deadline (August 2015). Shortly following the first applications, Circle Internet Financial Limited (Circle), a mobile payment app using bitcoin, was granted the first bitlicense in New York, followed by Ripple and Coinbase in 2016 and early 2017, respectively.

In 2016, Circle received an electronic money license from the Financial Conduct Authority (FCA) in the UK, a license for e-money providers (not digital currency specific). Circle’s partnership with Barclay’s enabled Circle to provide cross-currency transactions between GBP and USD.

The FCA is considering if the current regulation can be applied to blockchain or if blockchain-specific regulation is required. Other states are expected to follow and issue similar requirements.

In 2016, the Bank of England published a working paper revising the consequences of the issuance of a central bank digital currency, implemented via distributed ledgers (such as blockchain), that competes with bank deposits as medium of exchange. The paper concluded that under certain circumstances such digital currency could improve the central bank’s ability to stabilize the business cycle and raise the GDP.

In the EU, virtual currencies do not yet require a license, however, they will be subject to the EU Anti-Money Laundering Directive. This all following its recent revision resulting in customer due diligence which will need to be applied to virtual currency exchange platform.

A new regulatory framework proposed in Singapore may require digital currency exchanges to obtain a license from the Monetary Authority of Singapore (MAS) in the future.

On the other hand, the MAS recently announced that it has completed a proof-of-concept (POC) in partnership with R3. R3 is a distributed ledger technology company, similar to blockchain, in collaboration with various banks, intended to establish a digital representation of the Singapore dollar for various purposes, including cross-border payments.

As per a recent revision to Israeli legislation, virtual currencies will be included in the definition “financial asset,” and provision of service relating to a financial asset will require a license in the near future.

Therefore, it appears that regulators will need to find the balance between facilitating development of innovation and alternative payment methods while ensuring the economy’s and consumers’ protection. This could possibly be done by way of issuing licenses to companies providing or facilitating financial services using bitcoin.

Assuming the POC conducted in Singapore will indeed prove to be successful, and considering the working paper published by the Bank of England, the Israeli regulator may consider implementing new technologies. Some of these new technologies include distributor ledger technology. This would facilitate transactions with digital currencies in order to assist in lowering transaction fees, and expedite international transactions, while ensuring the consumer’s cybersecurity and privacy by implementing sufficient Know Your Customer and AML regulation, tailored to manage distributor ledger related concerns.

About Netanella Treistman

Netanella Treistman
Netanella Treistman's practice focuses on matters relating to technology companies (including start-ups, fintech and adtech companies) with an emphasis on technology and licensing agreements and other general commercial matters. Netanella has experience working with fintech companies offering various solutions, such as mobile and other payment solutions, financial information systems, crowdfunding and other financial technology companies. Prior to joining Yigal Arnon & Co., Netanella was a legal counsel at a high tech company for eight years.

Check Also

ransomware

Anatomy of a Law Firm Ransomware Attack, Part II

After solving the immediate problem of ransomware, you now will need to recover your data and put some long-term solutions in place.