BitPay To Pay $1M to New York’s Financial Services Department
An investigation found that BitPay’s cybersecurity and anti-money laundering programs were not in compliance with New York State’s Department of Financial Services regulations
Gorodenkoff/Shutterstock modified by Blockworks
Crypto exchange Coinbase, which disclosed receipt of an SEC Wells notice last month, was not the only major crypto company in the regulatory crosshairs. Payments provider BitPay was dealing with its own regulatory troubles.
In an underreported settlement, BitPay and the New York State Department of Financial Services (NYSDFS) came to terms on March 16, after the regulator said the company failed to ensure compliance with anti-money laundering laws and cybersecurity regulations.
“BitPay has fully cooperated with the NYSDFS and is pleased to have resolved this matter. The settlement concerned historical shortcomings in BitPay’s regulatory programs identified in a 2018 and 2021 examination conducted by NYDFS,” BitPay CEO Stephen Pair told Blockworks.
NYSDFS said that it first examined BitPay from July 2018 to December 2018, and “found deficiencies” in regard to its cybersecurity regulations and anti-money laundering (AML) compliance programs.
“The Virtual Currency Regulation requires that Licensees establish an effective AML program, that, at a minimum, shall provide a system of internal controls, policies, and procedures designed to ensure ongoing compliance with all applicable AML laws, rules and regulations,” the settlement said. The program requires an independent test from personnel at a “regulated entity.”
Similarly, New York’s cybersecurity regulation requires companies to “conduct a periodic risk assessment…to inform the design of the cybersecurity program and update such risk assessment(s) as necessary.”
A second investigation starting in 2019 found that the crypto payments provider’s cybersecurity and AML programs needed “additional improvement.”
“Throughout the exam period and since, BitPay has steadily enhanced its already rigorous compliance and cybersecurity programs to both fulfill its regulatory obligations and continue to be an example of doing business the right way in the evolving blockchain payments space,” Pair said.
BitPay agreed to a penalty of $1 million.
As part of the settlement, BitPay is required to submit an action plan to the NYSDFS before Sept. 16 this year.
“BitPay has demonstrated its commitment to remediation by devoting significant financial and other resources to enhance its cybersecurity and AML programs,” the NYSDFS said.
Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.
