TO: All Virtual Currency Business Entities Licensed under 23 NYCRR Part 200 or Chartered as Limited Purpose Trust Companies under the New York Banking Law

FROM: Maria T. Vullo, Superintendent of Financial Services

RE: Guidance on Prevention of Market Manipulation and Other Wrongful Activity

DATE: February 7, 2018

The New York State Department of Financial Services (the “Department”) is issuing this guidance to all virtual currency business entities that are either licensed under 23 NYCRR Part 200 or chartered as a limited purpose trust company under the New York Banking Law (the “VC Entities”). This guidance applies to all VC Entities, including those that also hold a New York money transmitter license.

Particularly in light of the ongoing development of virtual currency-related markets, the Department emphasizes that:

  1. VC Entities are required to implement measures designed to effectively detect, prevent, and respond to fraud, attempted fraud, and similar wrongdoing; and
  2. market manipulation is a form of wrongdoing about which VC Entities must be especially vigilant, given that such manipulation presents serious risks both to consumers and to the safety and soundness of financial services institutions.

Fraudulent, fraud-related or similar market manipulation may take many forms, may or may not involve criminal activity, and may come from a variety of sources, including the personnel and the customers of a VC Entity. For example, a customer or coordinated group of customers might misuse a VC Entity’s exchange service in an attempt to wrongfully manipulate the price of a virtual currency. Or, an employee of a VC Entity might wrongfully act on insider information regarding that VC Entity’s plans to expand (or curtail) its services with respect to a particular virtual currency.1

Because fraud and similar wrongdoing can take many forms, effective measures to detect, prevent and respond to such activity will also vary. The range of measures implemented by a particular VC Entity to combat fraud and similar wrongdoing must be determined through diligent evaluation of the particular risks faced by that VC Entity. In all events, such measures must include, at a minimum, effective implementation of a written policy that:

  1. identifies and assesses the full range of fraud-related and similar risk areas, including, as applicable, market manipulation;
  2. provides effective procedures and controls to protect against identified risks;
  3. allocates responsibility for monitoring risks; and
  4. provides for periodic evaluation and revision of the procedures, controls and monitoring mechanisms in order to ensure continuing effectiveness, including continuing compliance with all applicable laws and regulations.

Further, as part of its procedures and controls to protect against identified risks, a VC Entity must provide for the effective investigation of fraud and other wrongdoing, whether suspected or actual, including, as applicable, market manipulation.

In addition, immediately upon the discovery of any wrongdoing, a VC Entity must submit to the Department a report stating all pertinent details known at the time of the report. The VC Entity must also submit to the Department, as soon as practicable, a further report or reports of any material developments relating to the originally reported events, along with: i) a statement of the actions taken or proposed to be taken with respect to such developments, and ii) a statement of changes, if any, in the VC Entity’s operations that have been put in place or are planned in order to avoid repetition of similar events. The Department expects that, in most cases, it will be practicable for a VC Entity to submit the first such further report of material developments, along with the above-noted statements (i) and (ii), within 48 hours after submission of the original report of wrongdoing. Also, a VC Entity must maintain, for examination by the Department, records of each incident of wrongdoing.

When submitting required reports to the Department, VC Entities should use the following address: [email protected]

This guidance is intended to emphasize certain requirements related to protection against fraud and other wrongdoing, including market manipulation. This guidance is not intended to limit the scope or applicability of any law or regulation. For further information, please contact your relationship manager or point of contact with the Department.2


Maria T. Vullo

1 These are just two examples of the many, varied types of wrongful activity that a VC Entity must guard against.

2 Under the New York Financial Services Law (“FSL”), the Department’s mandate includes ensuring the continued solvency, safety, soundness and prudent conduct of the providers of financial products and services; encouraging high standards of honesty, transparency, fair business practices and public responsibility; and promoting the reduction and elimination of fraud, criminal abuse and unethical conduct by, and with respect to, financial services institutions and their customers. See FSL §§ 102 and 201. See also, e.g., the declaration of policy (New York Banking Law (“BL”) § 10); character, fitness and responsibility requirements for limited purpose trust companies (BL § 24) and virtual currency licensees (23 NYCRR 200.6); chartering policy for limited purpose trust companies (Supervisory Policy CB 1.3); compliance requirements (23 NYCRR 200.7); prevention of fraud (23 NYCRR 200.19(g)); record-keeping requirements (23 NYCRR 200.12; 3 NYCRR 300.6); and reporting requirements, including reports regarding crimes and other misconduct (BL § 37; 23 NYCRR 200.14; 3 NYCRR Part 300).