Coinbase, a crypto exchange that recently revealed it had received a Wells notice from the SEC, was not the only major crypto company facing regulatory issues. BitPay, a payments provider, was also dealing with its own troubles with regulators.
On March 16, BitPay reached an underreported settlement with the New York State Department of Financial Services (NYSDFS) after the regulator accused the company of failing to comply with anti-money laundering laws and cybersecurity regulations.
BitPay CEO Stephen Pair stated that the company fully cooperated with the NYSDFS and was pleased to have resolved the matter. The settlement was related to shortcomings in BitPay’s regulatory programs that were identified in examinations conducted by the NYSDFS in 2018 and 2021.
During its examination of BitPay from July to December 2018, the NYSDFS found deficiencies in the company’s cybersecurity regulations and AML compliance programs. The Virtual Currency Regulation requires licensees to establish an effective AML program that provides a system of internal controls, policies, and procedures designed to ensure ongoing compliance with applicable AML laws, rules, and regulations.
In addition, New York’s cybersecurity regulation requires companies to conduct periodic risk assessments to inform the design of their cybersecurity program and update those assessments as necessary. A second investigation in 2019 found that BitPay’s cybersecurity and AML programs needed further improvement.
Pair noted that BitPay had continuously enhanced its compliance and cybersecurity programs to fulfill its regulatory obligations and set an example for conducting business the right way in the evolving blockchain payments space.
As part of the settlement, BitPay agreed to pay a $1 million penalty and submit an action plan to the NYSDFS by September 16 this year. The NYSDFS acknowledged BitPay’s commitment to remediation and stated that the company had devoted significant financial and other resources to enhancing its cybersecurity and AML programs.