Several months after the New York Department of Financial Services (NYDFS) announced that it would re-examine its controversial BitLicensing requirements, NYDFS posted its “Proposed Guidance Regarding Adoption or Listing of Virtual Currencies” to address the total lack of regulation in this area. The proposed guidance, dated December 11, 2019, requested public comments through January 27, 2020.

As virtual currencies become increasingly regulated, the proposed guidance is troubling for so-called “privacy” coins, such as Monero, ZCash and Dash, which can anonymize transactions by either shielding them or mixing transaction details.

The proposed guidance gives virtual currency companies two options for listing virtual currencies in New York. They can forgo creating a listing policy for virtual currencies if they rely on an NYDFS webpage that lists pre-approved coins. None of the coins NYDFS is currently contemplating for preapproval (bitcoin, Bitcoin Cash, Ether, Ether Classic, Litecoin, Ripple, Paxos Standard and Gemini Dollar) are privacy coins. Alternatively, NYDFS has provided a framework for coin-listing policies that asks a BitLicensee to conduct a full risk assessment to include the following:

• “Risks associated with the creation or issuance, governance, usage or design of any new coin through due diligence to ensure that any new coin is created or issued by a legitimate and reputable entity or entities for lawful and legitimate purposes and not for evading compliance with applicable laws and regulations, such as money laundering or other illegal activities, and that the process is subject to a strong governance and control framework;
• Legal risks associated with any new coin, including any pending or potential regulatory, criminal, or enforcement action relating to the issuance, distribution, or use of the new coin, such as actions relating to coins that may facilitate the obfuscation or concealment of the identity of a customer or counterparty, or coins used to circumvent laws and regulations; and
• Regulatory risks, including risks related to compliance with all applicable laws, rules and regulatory guidances, such as guidances issued by the U.S. Securities and Exchange Commission, the U.S. Commodity Futures Trading Commission and the U.S. Department of the Treasury’s Financial Crimes Enforcement Network”¹

This would make it exceedingly difficult for exchanges to justify listing privacy coins because of their outsized risks, whether real or imagined. For example, the technology behind Monero—the most well-known and popular privacy coin on the market—obfuscates transaction sources and destinations, making them untraceable. Compliance becomes more difficult for exchanges and creates serious obstacles for law enforcement.

Critics have long argued that privacy coins like Monero mainly exist to facilitate illegal activity. The concern is real. In the 2017 WannaCry cyberattack, to name one example, hackers extorted bitcoins from victims and then converted their ransomware to Monero as a way of eluding authorities. Monero was the most popular virtual currency on the darknet marketplace AlphaBay. And according to press reports, the wife of one of Norway’s richest men was held by kidnappers who demanded payment in Monero.

In response to an increasing outcry, Japan—which was ground zero for the infamous Mt. Gox meltdown and the $530 million heist of funds from the virtual currency exchange Coincheck—has taken a tough stance on privacy coins. Japan’s Financial Services Agency banned privacy coins in 2018, and both the leading industrial nations and the Financial Action Task Force (FATF) have pressured the industry to end trading of privacy coins.

This dim view of privacy coins is not entirely fair. Like offshore bank accounts, privacy coins do have legal uses. For example, a straying spouse could use privacy coins as an extra measure to ensure that his or her activities are not discovered. Although unsavory, such use is not illegal. More simply, privacy coins may be just that—a refuge for law-abiding individuals who deeply value privacy in an age where just about everything is public. Privacy coins are also comparable to cash, which affords virtually complete anonymity for many kinds of transactions and substantially eclipses the trading volume of virtual currency. Therefore, it is questionable why privacy coins should be held to a higher standard than cash transactions.

In the short history of the BitLicense, NYDFS initially appeared receptive to at least some types of privacy coins. As recently as May 2018, NYDFS issued a press release to announce that it authorized the exchange Gemini to trade Zcash, explaining that:

“The Zcash network supports two kinds of transactions, transparent and shielded. Transparent transactions operate similarly to Bitcoin in that the balance and the amounts of the transaction are publicly visible on the blockchain. Shielded transactions utilize z-addresses and are entirely private. Transactions associated with z-addresses do not appear on the public blockchain. Zcash is the digital cryptography-based asset of the Zcash network, similar to how bitcoin is the digital cryptography-based asset of the Bitcoin network.”²

Upon approving Zcash, NYDFS emphasized “New York’s longstanding commitment to innovation and leadership in the global marketplace.”³

The team behind Zcash has gone out of its way to stress that the coin does not clash with regulatory requirements. Zcash’s compliance webpage declares it “to be fully compatible with global AML/CTF standards, including the FATF Recommendations, the European Union’s Fifth Money-Laundering Directive and the United States’ anti-money laundering regulations.”⁴ The website seeks to further assuage regulators:

“Importantly, the privacy provided by Zcash does not prevent regulated entities from fulfilling their regulatory obligations, including customer due diligence, transaction monitoring, record-keeping, and reporting suspicious transactions. Zcash was designed to facilitate compliance with the FATF ‘Travel Rule,’ with an encrypted memo field that allows required originator and beneficiary information to be attached to virtual asset transfers between VASPs.”⁵

Despite the fanfare over NYDFS’ approval of Zcash, Gemini only supports Zcash withdrawals to unshielded addresses, meaning that such transactions are not anonymized, and NYDFS has not approved the use of any other privacy coins in New York. Moreover, NYDFS may have soured even on Zcash. It is telling that Zcash is absent from the pre-approved coin list in the proposed guidance, considering that NYDFS already has familiarity with this coin and has explicitly approved its use in the past.

NYDFS’ proposed guidance, while not an outright ban on privacy coins, is a strong signal to virtual currency businesses that listing such coins would be more of a hassle than it is worth. And if privacy coins cannot make it in New York, they might not be able to make it anywhere.

Flora Tartakovsky, director, Exiger

1. “Proposed Guidance Regarding Adoption or Listing of Virtual Currencies,” New York State Department of Financial Services, December 11, 2019, https://www.dfs.ny.gov/apps_and_licensing/virtual_currency_businesses/pr_guidance_regarding_listing_of_vc
2. “DFS Authorizes Gemini Trust Company to Provide Additional Virtual Currency Products and Services,” New York State Department of Financial Services, May 14, 2018, https://www.dfs.ny.gov/reports_and_publications/press_releases/pr1805141
3. Ibid.
4. “Compliance,” Zcash, https://z.cash/compliance/
5. Ibid.