New York Financial Services Agency: Why do we refuse to issue BitLicense to Bittrex

Translator's Note: The author of this article, Shirin Emami, is the Executive Deputy Director of Banking at the New York Financial Services Agency (NYDFS). In the article, it pointed out that the US exchange Bittrex had problems with transaction monitoring, customer identity and currency, so the regulator refused to issue BitLicense to the exchange. After seeing this article, Bittrex also responded for the first time, arguing that NYDFS arbitrarily changed the regulatory conditions and scope, and refused to plead guilty to its application.


Bittrex reportedly stated in its recent announcement to the media (including CoinDesk) that the real reason for its license application being rejected by NYDFS. However, the cryptocurrency exchange ignores the fact that it failed to comply with the NYDFS licensing requirements, which is always distorting the facts and trying to mislead the results of this rejection.

First, Bittrex claims that NYDFS did not provide guidance for the company and that its application has been submitted for many years is not true.

Bittrex either misunderstands the guidance given by the regulator during the license application process or misinterprets the meaning of the guidance. The NYDFS guidance includes notifying the applicant of the regulatory requirements for the license and identifying issues that need to be resolved before the license is issued. The corrective work for the deficiencies is the responsibility of the applicant.

Throughout the application process, Bittrex was constantly informed about the regulatory requirements for the license and received a letter stating its issue so that the company could resolve it in a timely manner. The company has had multiple rounds of communication with NYDFS, either to commit to compliance but failed to deliver, or to try to convince NYDFS that they are different from other regulated companies and do not need compliance.

Bittrex's initial application has many shortcomings, including weak customer due diligence, lack of transaction monitoring, and experienced compliance staff. NYDFS employees have repeatedly conveyed to Bittrex our concerns about these deficiencies. Bittrex has repeatedly promised to make improvements and solutions, but ultimately failed to meet the requirements.

Insufficient transaction monitoring

Due to long-term irregularities in transaction monitoring, Bittrex is unable to meet its promised compliance. According to an article in The American Banker, "(The company's chief compliance and ethics officer) Ross said that the company has a suspicious transaction monitoring process, some of which are automated and partly manual, which has been taking The measures are fully automated."

In fact, NYDFS has repeatedly notified Bittrex that it needs a robust transaction monitoring system. Bittrex promised to deploy the system by 2018 and eventually hired compliance staff in early 2018 to complete the work. After nearly a year of hard work, Bittrex launched a manual transaction monitoring system in December 2018 that can handle only a small number of transactions and lacks a comprehensive and accurate risk assessment process for compliance projects.

A transaction monitoring system that is not based on a comprehensive risk assessment and selects a review target based solely on the size of the transaction cannot be called a risk control system. Dealing with millions of transactions with a completely unqualified and limited capacity manual system is a dishonest and extremely bad decision.

If Bittrex continues to tout the system launched in December 2018 as a qualified system after being clearly informed of its problems, it is either intentionally misleading the regulator and the market, or it is really ignorant.

Account full adjustment problem

In addition, Bittrex's transaction monitoring system has another problem: incomplete or missing customer identity data.

Without an accurate customer name, it would be useless to even tout yourself for due diligence on customers or to comply with other regulations, including compliance with the Office of Foreign Assets Control (OFAC) sanctions.

Regarding customer deficiencies in the due diligence, Bittrex told the media that “the false accounts pointed out by the regulators are not active”. In fact, more than 70% of the non-real-name accounts sampled by NYDFS were active accounts at some point, some of which were still funded when NYDFS conducted an on-site review of the Bittrex business in 2019.

Even more troublesome is that during another test of customer due diligence, 39% of sample account holders did not provide real names and never checked their identity, so it is not possible to check OFAC or other compliance. When Bittrex launched its new transaction monitoring system in December 2018, it did not address the problems of due diligence and did not address the scale of transaction monitoring required.

Bittrex's serious lack of compliance has had a certain impact. When NYDFS inspectors sampled their accounts in 2019, they found two North Korean accounts and did not rule out the existence of more similar accounts. As of 2017, at least one North Korean account has been active. When NYDFS inspectors visited Bittrex in 2019, at least two Iranian accounts were still active in the Bittrex system and may be operational.

Standard on the currency

Regarding the assets of Bittrex on the line, the company is also trying to shirk its responsibility, saying that some currencies are decentralized. This is not important, it ignores the fact that the decision on the currency is made by Bittrex. Bittrex is obligated to conduct appropriate due diligence on all types of assets and then follow NYDFS's regulatory requirements for virtual currency to obtain NYDFS approval.

More importantly, Bittrex acknowledges the use of informal processes for making currency decisions without systematic documentation. This is just another proof of the company’s lazy attitude in all aspects of compliance.

Bittrex also opposes the NYDFS Standard Regulatory Agreement, which contains provisions applicable to all previous applicants that are required by the Virtual Money Regulatory Regulations. These regulatory requirements require pre-review of new products and M&A transactions and provide a capitalization formula for achieving regulatory capitalization requirements.

The main purpose of NYDFS's visit to Bittrex in 2019 was to review the Exchange's Bank Secrecy Act (BSA), Anti-Money Laundering Act (AML) and OFAC Compliance Program. This is the final proof that the company is unable to meet its license application requirements.

Bittrex is committed to obtaining virtual currency and currency transfer licenses in New York. NYDFS gave Bittrex all reasonable opportunities to meet the necessary regulatory requirements, but rejected the application due to its failure to honor its commitments.

Bittrex's response: NYDFS is fighting retaliation

After seeing this article, Bittrex also responded.

The point is that NYDFS has passed its regulatory authority and is free to change rules and guidelines. The truth of the matter is that although NYDFS claims to have all these so-called concerns, it is willing to enter into a regulatory agreement with Bittrex and to issue BitLicense in January 2019. Until Bittrex attempted to negotiate on the terms of the agreement and its scope of supervision, NYDFS had such a drastic response, as evidenced by the following behavior:

– Some of the things that NYDFS requires in the regulatory agreement are unreasonable in existing bitcoin and currency transfer licensing regulations. No state like New York wants to impose restrictions on its business. Bittrex has successfully partnered with many regulators to obtain licenses in dozens of states.

– NYDFS chose to ignore its own rules, allowing for "manual or automatic" transaction monitoring – and ignoring the fact that Bittrex will implement fully automated transaction monitoring this month.

– NYDFS chose to let Bittrex comply with standards that did not exist before. No company has listed the currency standard, Bittrex tried to get NYDFS to provide a standard, but they can't.

– NYDFS's behavior suggests that it wants revenge, not consumer protection. Bittrex denied that the platform was used by any North Korean or Iranian citizen in 2019. However, if NYDFS really finds evidence, why not update the information with Bittrex to correct or understand the situation?

By attacking a small company that sincerely applied for a license to NYDFS, it has shown us that it should be prudent to share information with them.

In addition, NYDFS's behavior has a distinct personal and revengeful nature, which unfortunately only undermines the rights of New York consumers to enjoy the technological advantages of blockchain. Bittrex looks forward to working with customers and regulators in the US and around the world, and we are currently providing a secure and innovative digital trading platform.