Bittrex Bitlicense failure raises questions around NYDFS procedures

Bittrex was supposedly offered a Bitlicense deal back in January, with some unusual strings attached.

• The NYDFS has declined Bittrex's Bitlicense application in a scathing public letter, accusing it of lax and non-existent compliance procedures.
• Bittrex has rebutted the contents of the report, alleging factual inaccuracy and some unreasonable conclusions.
• The NYDFS reportedly offered Bittrex a deal which would have let it get a Bitlicense anyway, which raises some curious questions.

The Bitlicense application process, required for any cryptocurrency exchange which wants to serve users in New York state, has often been decried as an overbearing, excessively brutal and unnecessarily rigorous procedure that prices smaller players out of New York entirely.

Knowing what lies before them, most exchanges make sure they're well prepared before diving into the process.

But according to the New York Department of Financial Service's (NYDFS) scathing letter, Bittrex isn't most exchanges.

In response, Bittrex says it "fully disputes the findings of the NYDFS in today's decision".

The upshot is that Bittrex will no longer be able to serve customers in New York, as it was previously doing so under a "safe harbour" provision which lets exchanges operate in the state while the Bitlicense is pending. Now that Bittrex has failed the test – hard – the safe harbour provision will be withdrawn.

Although the NYDFS letter seemingly describes a very hard fail, Bittrex raises some interesting points in its rebuttal, and alleges that some of the NYDFS claims are flat out factually inaccurate.

The whole series of events raises some interesting questions about how all this works.

Also watch

Where to begin

The Department of Financial Services (DFS) identified several areas where things could be improved.

AML/KYC compliance procedures

"Bittrex's current policies and procedures are either non-existent or inadequate," it observed. These inadequacies and non-existencies reportedly include:

• A lack of a strong framework for identifying and interdicting suspicious activities in a timely manner.
• No clear guidance on which transactions should be picked up for review.
• No clear steps to be taken in the event of a suspicious activity report.
• No explanation of Bittrex's risk analysis methodology.
• No process for remaining up to date with current US sanctions.
• No real use of newer and more effective automated transaction monitoring systems.
• No compliance training for the staff handling suspicious activity reports.

"During the February review of Bittrex's operations, the Department's examiners found that due to such inadequacies, a large number of transactions for customers domiciled in sanctioned countries (including Iran and North Korea) had passed through screening and were processed," the NYDFS said. "Additionally, Bittrex has developed certain practices that are inconsistent with its existing policies and procedures, such as excluding corporate and cash customers from its transaction monitoring."

The report also notes that Bittrex commissioned an independent compliance audit, but that the report was missing several key details, such as the timeframe of the audit. The NYDFS also raised its eyebrows at Bittrex's apparent refusal to disclose the terms of the audit.

"Additionally, Bittrex refused to comply with the request of the Department's examiners to share with them the engagement letter between the external audit firm and Bittrex. A review of the engagement letter would likely have shed additional light on such independent testing," the NYDFS said.

Customer due diligence

The NYDFS found that a substantial number of people were trading on Bittrex under aliases, some of which were apparently quite profane. The department also gave some more PG-rated examples of obvious aliases including "Give me my money", "Donald Duck", and "Elvis Presley".

That said, Whitepages shows that there are at least 60 people in the USA named Elvis Presley, some of whom are in New York. It's showing even more results (631) for people named Donald Duck or variations thereof. In light of the NYDFS' findings of "obscene terms and phrases" used in place of names on Bittrex, it may also be worth noting that some of those variations could be construed as profane.

Coin listing processes

Bittrex has a token listing policy, but an examination of 15 tokens left the reviewers "unable to assess compliance with this policy".

In one case, an applicant refused to complete the application, and in another there was no application at all, but both tokens were still accepted for trading and allowed on the exchange.

Bittrex's response

Bittrex has some bones to pick with the letter.

Factual inaccuracies

"First, and foremost, we adamantly disagree with NYDFS’ claims and allegations in regard to our anti-money laundering (AML) and compliance practices," it said. Bittrex also says there are a number of clear factual inaccuracies in the NYDFS claims, including:

• "The Iranian customers referenced in the letter were reported to OFAC in January 2018; we do not have and have never had any North Korean customers."
• "Bittrex implemented transaction monitoring, and is in the process of fully automating that process."
• "Bittrex maintains a risk assessment framework, approved by outside counsel, and fully trains all company employees in its AML policies and procedures."

You also have to wonder how exactly the NYDFS is meant to have concluded that North Koreans were using Bittrex. That someone in North Korea is hitting up Bittrex without hiding their location really stretches the bounds of credulity.

Incorrect conclusions

Bittrex is also bristling at some of the conclusions the NYDFS drew from its report.

"The letter mentions accounts with names that did not match. There were less than a dozen of these names in total and none of these accounts were ever active and none of these accounts ever made a trade," it says. "The fact that these accounts were unable to trade demonstrates the effectiveness of our diligence process, rather than a deficiency as NYDFS alleges."

It also points out that some of the sampling done by the NYDFS was done in 2017, and that Bittrex has improved its customer verification process since then, disabling the accounts which have not been appropriately verified. The examiners say they looked at transactions from the time period of 1 January 2017 to 31 December 2018.

An important point

Bittrex also says – emphasis added in various places for emphasis – that:

"In January of this year, NYDFS presented to Bittrex a supervisory agreement that, if agreed to, would have resulted in the issuance of a BitLicense and a Money Transmission License."

But Bittrex turned the agreement down on the grounds that:

1. It would have restricted Bittrex to listing just 10 coins, and prevented Bittrex from listing coins that are offered to New York residents by other Bitlicenses. It would also have let the NYDFS dictate what coins Bittrex could offer in future, by allowing it to demand that Bittrex de-list certain assets even if other exchanges in New York are still offering it.
2. It called for unrealistic capitalisation requirements that disregarded the range of Bittrex listings. Bittrex offered a bond to cover the capitalisation of all New York customers, in addition to the $1 million bond required for all Bitlicensees, but the NYDFS rejected the proposal.
3. It would have required Bittrex to get NYDFS approval to form or acquire any other entity, which would have strangled Bittrex's ability to expand into other jurisdictions.

"We attempted to negotiate the terms of the supervisory agreement, but were told that these terms were non-negotiable," Bittrex says.

Opinion: Well, well, well

If all this is to believed, it looks like the NYDFS was willing to give a Bitlicense to Bittrex anyway, despite the exchange supposedly being riddled with compliance issues. Based on its own findings this sounds like something of a lapse in judgement on the part of the NYDFS.

At the very least it suggests that all those supposed compliance issues discovered by the NYDFS were not a deal breaker, but a refusal to accept the terms of the supervisory agreement was.

Meanwhile, the terms under which Bittrex would have got that supervisory agreement look like they would have let the department jerk it around like a puppet on a string, with some special attention given to controlling Bittrex's ability to offer certain assets. It's difficult to immediately conceive any good reason why one exchange should be allowed to list an asset while another equivalent exchange shouldn't.

But how valuable would it be to give certain exchanges the ability to monopolise the entire New York market for certain digital assets? Pretty darn valuable by the sounds of it.

And who knows, maybe there's some kind of benefit to ensuring that an exchange like Bittrex would have to go through the NYDFS every time it wants to list a new asset or create a new corporate vehicle? One can't help but wonder whether, if Bittrex accepted the deal, there would have been certain expenses associated with receiving NYDFS approval for these things.

And how about the timing of all this? Bittrex went for the application in 2015, and then in January 2019 the NYDFS came back with this non-negotiable proposal, which would have allowed Bittrex to achieve that licence. Then, as soon as Bittrex declines that proposal, the NYDFS announces – with some apparent factual errors – that Bittrex has retroactively been declared a hotbed of compliance problems. It sure makes you think.

This isn't the first time a NYDFS initiatives has raised questions.

Disclosure: The author does not hold any cryptocurrencies at the time of writing.