Skip to Content
Legal Alerts Print PDF

New York Department of Financial Services Releases Virtual Currency Guidance for Banking Organizations

December 19, 2022

On December 15th, the New York Department of Financial Services (“DFS”) released guidance (“Guidance”) to banking organizations that wish to engage in virtual currency-related activities.

A “virtual currency-related activity” includes all “virtual currency business activity,” as that term is defined in 23 NYCRR § 200.2(q), as well as the direct or indirect offering or performance of any other product, service, or activity involving virtual currency[1] that may raise safety and soundness concerns for the covered institution[2] or that may expose New York customers of the covered institution or other users of the product or service to risk of harm.

The Guidance explains what information covered institutions must submit before getting approval to engage in virtual currency-related activities. More specifically, it outlines the information that DFS will consider in assessing a proposal and includes a detailed checklist of documents and information that covered institutions should provide. If approved, the covered institution would be exempt from the virtual currency business activity licensing requirements under 23 NYCRR Part 200.

Prior Approval

A covered institution should obtain prior approval of the Superintendent before commencing any new or significantly different virtual currency-related activity.[3] Please note, however, that prior approval does not constitute general consent for that institution to engage in other types of virtual currency-related activity. DFS also advises that virtual currency-related activity performed through a third-party may still require approval.

In addition, any covered institution already engaging in such activity must immediately notify its point of contact at DFS, if they have not already done so. DFS will then review the relevant activity and seek additional information or clarification, and determine if any supervisory requirements should be imposed.

Initiation of Approval Process

To obtain prior approval, a covered institution should inform DFS of its intention to engage in any new or significantly different activity at least 90 days before it plans on commencing such activity. DFS will then work with the institution to confirm whether approval of the activity is required under Part 200, identify the materials required for review by the agency, and establish a timeline.

Information Requirements

The information to be considered falls into six broad categories, including the business plan, risk management, corporate governance and oversight, consumer protection, financials, and legal and regulatory analysis.

Business Plan

The business plan should provide a description of the covered institution’s proposed activity, including any contemplated phases, the business rationale, the activity’s relationship with the covered institution’s strategic initiatives and risk management framework, and its relation to the covered institution’s legal and compliance framework. The Guidance also includes a bulleted list of further information the covered institution should provide in their business plan, such as the legal entity or entities that the institution will use to engage in or otherwise support the activity; and a detailed description of the planned operating model and key technology architecture, including applicable processes and flows of funds, as may be updated or revised from time to time.

Risk Management

The risk management framework provided to DFS should account for identifying, measuring, monitoring, and controlling all risks arising from, or related to, the proposed activity, in line with the covered institution’s board-approved risk appetite. The Guidance also includes a bulleted list of further information the covered institution should provide regarding their risk management framework.

Corporate Governance and Oversight

The covered institution should provide DFS with the institution’s corporate governance framework, including information regarding the internal product development and approval by the board and/or senior management, an explanation of the board and senior management’s understanding of the activity’s risks, who the designated board members or committees responsible for the activity’s oversight are, an explanation of the covered institution’s risk appetite, and an explanation of the board and senior managements oversight relating to policies and procedures, as well as other items.

Consumer Protection

The covered institution should provide an analysis of whether and to what extent the proposed activity will have any impact on customers and other users, including where they interact with a third-party service provider engaged by the covered institution. The institution should also submit to DFS any customer-facing agreements, disclosures, and/or acknowledgments and a representative sample of marketing materials.


The covered institution should provide DFS with an explanation of the expected impact of the proposed activity on the institution’s capital and liquidity.

Legal and Regulatory Analysis

The Guidance advises that covered institutions are expected to consider the application of all relevant laws and regulations to the proposed activity.

To obtain superintendent approval to engage in virtual currency-related activity, a covered institution should prepare a written submission addressing the information requirements described in the Guidance and send it to the Banking Division via, along with a copy to be provided to the institution’s point of contact at the DFS.


This Guidance provides a detailed path forward for DFS-regulated financial institutions to offer cryptocurrency services. In a statement in connection with the issuance, DFS Superintendent Adrienne Harris emphasized that it is “…critical to ensuring that consumers’ hard-earned money is protected, that New York regulated banking organizations remain resilient and competitive, and that the expectations are clear for those that wish to submit proposals for virtual currency-related activity.” Although the Guidance is final as published, DFS invited stakeholders to email any comments to, and will undertake to consider them as it refines the supervisory framework.

This advisory is a general overview of DFS’s Guidance and is not intended as legal advice. The submission requirements under the Guidance are very detailed and must be reviewed in their totality.

If you have any questions about the Guidance or Part 200, please feel free to contact Joseph D. Simon at (516) 357-3710 or via email at, Kevin Patterson at (516) 296-9196 or via email at, Elizabeth A. Murphy at (516) 296-9154, or via email at, or Gabriela Morales at (516) 357-3850 or via email at


[1] The term “virtual currency” means any type of digital unit that is used as a medium of exchange or a form of digitally stored value. Virtual currency shall be broadly construed to include digital units of exchange that: have a centralized repository or administrator; are decentralized and have no centralized repository or administrator; or may be created or obtained by computing or manufacturing effort. Virtual currency shall not be construed to include any of the following: (1) digital units that: (i) are used solely within online gaming platforms; (ii) have no market or application outside of those gaming platforms; (iii) cannot be converted into, or redeemed for, fiat currency or virtual currency; and (iv) may or may not be redeemable for real-world goods, services, discounts, or purchases; (2) digital units that can be redeemed for goods, services, discounts, or purchases as part of a customer affinity or rewards program with the issuer and/or other designated merchants or can be redeemed for digital units in another customer affinity or rewards program, but cannot be converted into, or redeemed for, fiat currency or virtual currency; or (3) digital units used as part of prepaid cards. 23 NYCRR § 200.2(p).

[2] “Covered institution” means all New York banking organizations, as well as all branches and agencies of foreign banking organizations licensed by the New York Department of Financial Services.

[3] A “new or significantly different virtual currency-related activity” includes a new virtual currency-related product or service or a proposed change to an existing virtual currency-related product or service that: (1) may raise a legal or regulatory issue about the permissibility of the product, service, or change; (2) may raise safety and soundness, including operational, concerns; or (3) may cause the product or service to be significantly different from that previously approved. See, e.g., 23 NYCRR § 200.10(b).

Share on Social Media

Related Attorneys

Related Practice Areas