The top Wall Street watchdog revealed an updated set of proposed rules on Thursday that would put stricter cybersecurity requirements on banks wishing to use virtual currencies such as bitcoin.
“We have to do our best to stay ahead of the curve to protect consumers and the financial markets from the types of devastating disruptions that could occur as a result of a debilitating cyberattack,” said Benjamin Lawsky, head of the New York Department of Financial Services (NYDFS), during a Bipartisan Policy Center event.
Bitcoins only exist virtually, but are increasingly accepted at major online retailers. The currency's relative anonymity has made it a favorite for cyber criminals.
The bitcoin rule's initial draft received pushback from tech companies and digital advocacy groups, arguing they would dampen innovation and damage privacy.
“Our initial proposal was meant as a beginning — not an end — to a healthy, vigorous public discussion about what the final regulation should look like,” Lawsky said.
For round two of the proposed rules, Lawsky wanted to clarify a few things.
Software developers and individuals using bitcoins will not be required to get a license, Lawsky said. Nor will companies managing customer rewards programs or gift cards, he added.
“Additionally, we are making clear that merchants who accept virtual currencies as payment for goods and services — and their customers — will not be required to obtain a BitLicense, if that is the only virtual currency activity in which they engage,” Lawsky explained.
NYDFS also rolled back some of the reporting requirements. Companies must maintain records for seven years instead of 10.
Lawsky said the department should have the final rules by early next year.
“Cybersecurity is one of the most important issues NYDFS will face as a regulator in the months and years ahead across the entire financial system,” he said.