The Blockchain, the BitLicense, and the High Costs of Compliance

Published on August 22nd, 2014 by wildjo

Since the release of the proposed New York Department of Financial Services' (DFS) BitLicense regulations on July 23, 2014, the crypto community has been concerned, but there has not been enough discussion of the specific implications such regulation would have. It is about time we put some flesh on those bones. Specifically, what would compliance with the regulations as written actually cost?

The goal of this post is to provide some answers, but first let me tell you a quick story about how I started thinking about it.

The other night found me alone, sitting in my favorite chair, watching transactions in the bitcoin blockchain. It was a slow night, but my expectations were low.

I pulled up the block explorer and focused my screen on the flow of current transactions. I have to admit, it was somewhat enchanting to watch the constant stream of bitcoin commerce. Satoshi really gave us something to marvel at here.

It was not long before the first large transaction rolled through. And they kept coming, and they kept getting bigger. After about an hour, I had seen everything from a $0.00 transaction with a $0.10 transaction fee, to a $775,000.00 transaction with a $0.05 transaction fee.

The blockchain statistics indicate that $800.00 was the average transaction amount during the twenty-four hour period in which I was watching. This was far higher than I had previously assumed. Clearly, a lot of value is moving effortlessly (i.e., cheaply) through the blockchain, which is precisely why the DFS wants to get involved.

And this brings us to one of the meatiest and costliest parts of the proposed regulations.

Section 200.15 requires all regulated entities to implement a full anti-money laundering (AML) and US Treasury Office of Foreign Asset Control (OFAC) compliance program. In subsection (d)(2), the regulations require a licensed entity to report within twenty-four hours all transactions (whether individual or cumulative) that exceed $10,000.00 in a single day. Subsection (g)(4) goes further and requires that a licensed entity track single transactions that exceed $3,000.00, with the implication that such transactions are suspicious. Subsection (d)(3) requires the immediate reporting of any "suspicious activity," regardless of dollar amount. This may not seem that bad or that costly, but I assure you it is.

During my night in the blockchain, I conducted a very informal and unscientific test. I set my timer for three minutes and counted all the transactions greater than $3,000.00 during that time. After multiple rounds, the average was fifteen, with half of those being greater than $10,000.00. This would theoretically translate into a total of 7,200 transactions per day that could be the subject of either a currency transaction report (CTR) or a suspicious activity report (SAR). That is well over two and a half million reports per year, and Bitcoin is just in beta! It is a staggering amount of paperwork for bitcoin businesses to produce and for the regulator to actually make use of. But what would it cost?

There is very little detailed information in the literature regarding AML compliance costs. One 2005 study estimated that regulated entities in the United States spent $1.8 billion (yes, that is a "b") in annual AML compliance costs.[1] The Financial Crimes Enforcement Network (FinCEN), reports that there were 15.8 million AML compliance reports filed in 2005.[2] Doing some simple math for a down and dirty estimate suggests that each report filed in 2005 cost regulated industry $114.00. That kind of makes you feel bad for the banks until you realize that they simply pass those costs down to us, which is exactly what the bitcoin community would have to do with this potential $820,000 daily bill.

While possibly generating the greatest financial burden on the bitcoin space due to day-in and day-out application, Section 200.15 is not the only section to impose significant costs on BitLicensees.

Section 200.5 requires that each BitLicense applicant submit a nonrefundable application fee. The proposed regulations do not state any amount, leaving it up to the discretion of the DFS, but we can make an educated guess. Every other market-entry license issued by the DFS requires a $12,500.00 application fee. It is no stretch to assume that the BitLicense will cost an equal amount.

Section 200.4(a)(4) requires background checks for each "Principal Officer" and "Principal Stockholder." In the New York market, these background checks run $650.00 a pop.

Sections 200.14(a) and (b) require the submission to the DFS of quarterly financial statements and audited annual financial statements. It is the latter one that is the most costly. I recently had a moderately sized corporate client contract for their first audited financial statement, and the final bill was around $35,000.00. Recall that this would be an annual expense under the proposed regulations.

From here on out, estimating costs get a bit more speculative.

Section 200.8(a) requires that each BitLicensee be sufficiently capitalized to ensure financial integrity. The "sufficient" amount of capital is solely determined by DFS. It could be a little number. It could be a big number. Your guess is as good as mine, but only the DFS's guess counts.

Section 200.9(a) requires that each BitLicensee maintain a bond or trust account in an amount acceptable to DFS. Again, it could be a little number. It could be a big number. Your guess is as good as mine, but only the DFS's guess counts.

Section 200.13(a) requires that each BitLicensee submit to biannual "examinations." It is not quite clear exactly what this would entail, but it is a safe bet that each BitLicensee will want to prepare, which means accounting and legal costs, as well as lost-opportunity costs associated with paying staff devoted to compliance rather than engaged in direct market making activity.

Last, but not least, Sections 200.16(c) and (f) require each BitLicensee to employ sufficient cyber security personnel, including a chief information security officer. Sections 200.16(d) and (e) require an annual cyber security audit by a qualified and independent third party. The way these regulations read, one person is not going to be able to be a "jack of all trades" and wear multiple regulatory hats. These regs require dedicated cyber security staff and third-party consultants, and both are expensive.

We have now covered all of the vaguely enumerated costs of compliance contained in the proposed regulations. These are big, daunting numbers: $12,500 just to apply; $35,000 annually for an outside audit; $114 for each AML report (and you better be liberal in your reporting so as not to miss something and risk being assessed a penalty); $650 for each background check of each executive staff or investor; obtaining "sufficient" capital; posting "sufficient" bond; and on and on. But, there is more to it.

Each applicant will necessarily incur the general consulting costs of developing all of the policies and procedures required under the proposed regulations, as well as preparing all of the disclosures, background information, business practices and strategy descriptions, marketing plans, advertising samples, etc., etc., that are also required to be disclosed with the application. In other words, there will be significant costs for simply putting the multi-layered application together. Lawyers and accountants will charge a lot of money for their guidance. Industry data shows that the average associate attorney in the New York market charges $400.00 per hour (with partners pulling in $1,000.00 or more). In a specialized field such as bitcoin licensing, you can assume that the fees are going to be above average. Even the smallest of the potential BitLicensees should plan on thousands of dollars to simply put the application together, with larger ventures approaching six figures. These will be sunk costs with no guarantee that the application will ever be approved.

It should be clear at this point that the proposed DFS regulations would not simply make business in the bitcoin space do a lot of unpleasant stuff; they are going to make businesses in the bitcoin space pay a whole lot of money to do it. This will have two consequences: it will set up obstacles to entering the space that only the most resource-rich players can afford; and, it will introduce financial friction into the system and increase transactions costs. There is a strong argument that these consequences are antithetical to the fundamental principles underlying the bitcoin protocol. The crypto community has cause for concern.


[1]. Yeandle, Mark, et al., Anti-Money Laundering Requirements: Costs, Benefits and Perceptions, June 2005

[2]. FinCEN Annual Report Fiscal Year 2005

Cover image courtesy of LittleShibe.

Post on Reddit Share this Post Tweet this Post +1 this Post
Tip This Post: 1FowKaGCKyEayH36MqrnVCLkmdo4nkScLA
Views: 2165
Categories: General, Legal Activity


Make sure to make use of the "downvote" button for any spammy posts, and the "upvote" feature for interesting conversation. Be excellent.

comments powered by Disqus