Executive Briefing
New York’s BitLicense, enacted in June 2015 under Superintendent Benjamin Lawsky, remains the most consequential state-level cryptocurrency regulatory framework in the United States. In the decade since its enactment, fewer than 50 companies have obtained the license — while dozens of major crypto businesses have explicitly chosen to exclude New York’s 20 million residents rather than navigate the application process. The BitLicense’s legacy is twofold: it established a serious compliance standard that has arguably protected New York consumers better than lighter-touch state frameworks, and it has imposed costs and complexity that critics argue have pushed crypto innovation away from one of the world’s most important financial markets. Understanding the BitLicense is essential for any business operating in or seeking to operate in the digital asset space.
History: Benjamin Lawsky and the 2015 Framework
The BitLicense originated with Benjamin Lawsky, New York’s first Superintendent of Financial Services, who established the Department of Financial Services (NYDFS) as a combined banking and insurance regulator in 2011. Lawsky was an aggressive regulator — he pursued major banks for sanctions violations and money laundering failures before turning his attention to the emerging cryptocurrency industry.
Lawsky’s concern, which proved prescient, was that virtual currency businesses operating money-like services without the compliance infrastructure of licensed money transmitters created consumer protection and money laundering risks that existing regulations did not adequately address. After extensive public comment (which generated more than 4,000 submissions — at the time the most public comment ever received for a New York regulatory proceeding), NYDFS published the final BitLicense regulations in June 2015.
The BitLicense framework requires anyone engaged in “Virtual Currency Business Activity” involving New York or a New York resident to obtain a license from NYDFS. Virtual Currency Business Activity is defined broadly to include:
- Receiving virtual currency for transmission or transmitting virtual currency
- Storing, holding, or maintaining custody of virtual currency on behalf of others
- Buying and selling virtual currency as a customer business
- Performing exchange services as a customer business
- Controlling, administering, or issuing a virtual currency
The breadth of the definition — particularly “controlling or issuing a virtual currency” — has created uncertainty about whether token issuers, DeFi protocols, and other businesses that do not fit the mold of traditional money transmitters require BitLicenses.
BitLicense Requirements: The Compliance Infrastructure Demanded
The BitLicense application and ongoing compliance requirements are among the most demanding of any state financial license. The key requirements:
Application and Background Investigation. NYDFS conducts comprehensive background investigations of the applicant company, its principals, key employees, and substantial shareholders. This includes criminal background checks, financial history reviews, litigation history, and regulatory history in other jurisdictions. For startups with global founding teams, the multi-jurisdiction background investigation process can take months and requires extensive documentation.
Capital Requirements. Licensees must maintain capital sufficient to “ensure the financial integrity of the licensee and its ongoing operations.” NYDFS evaluates capital adequacy on a case-by-case basis — there is no fixed minimum capital requirement published in the regulations, which creates uncertainty. In practice, NYDFS has required startup applicants to demonstrate capital in the range of $5-50 million depending on the scale and risk profile of the business.
Cybersecurity Requirements. The NYDFS Cybersecurity Regulation (23 NYCRR 500) applies to BitLicense holders. This requires a written cybersecurity policy, a Chief Information Security Officer (CISO), penetration testing and vulnerability assessments, encryption of nonpublic information in transit and at rest, multi-factor authentication for internal systems, and annual cybersecurity certifications to NYDFS. These requirements predate similar federal standards and remain among the most rigorous cybersecurity requirements for any regulated business.
AML/BSA Compliance Program. BitLicense holders must implement comprehensive Anti-Money Laundering programs consistent with the Bank Secrecy Act: a designated AML compliance officer, written policies and procedures, employee training programs, independent audit functions, and suspicious activity reporting. NYDFS examines AML programs regularly and has brought enforcement actions for AML deficiencies.
Customer Disclosures. Licensees must provide customers with specified disclosures about the risks of virtual currency, the terms of the customer relationship, fee schedules, and complaint procedures. Disclosure templates must be approved by NYDFS.
Books and Records. Licensees must maintain comprehensive transaction records — including counterparty identification for all transactions above certain thresholds — for a minimum of seven years. Records must be maintained in formats accessible to NYDFS examiners.
Periodic Reporting. Annual audited financial statements, quarterly financial reports, and immediate notification of material events (security breaches, significant operational changes, regulatory actions in other jurisdictions) are required.
Notable BitLicense Holders
The BitLicense’s rarity makes the list of holders informative — each represents a company that has successfully navigated the full compliance gauntlet:
Coinbase was among the first major crypto exchanges to obtain a BitLicense, in 2017. Coinbase’s early BitLicense strategy was competitive differentiation — demonstrating regulatory compliance to institutional clients and financial partners. Coinbase also holds a New York Limited Purpose Trust Company charter for custody operations.
Circle Internet Financial (issuer of USDC stablecoin) holds a BitLicense and is registered as a money transmitter in New York. Circle’s New York compliance was essential for USDC’s acceptance by major US financial institutions.
Paxos Trust Company chose the Limited Purpose Trust Company charter rather than the BitLicense — a different pathway that provides banking-level regulatory standing for its stablecoin (USDP) and gold token (PAXG) activities. Paxos’s LPTC charter makes it a qualified custodian under Rule 206(4)-2, a significant institutional advantage.
Gemini Trust Company operates under an LPTC charter rather than the BitLicense, giving founder Tyler and Cameron Winklevoss’s exchange banking-level regulatory status and qualified custodian standing.
Cash App (Block/Square) obtained a BitLicense for its Bitcoin buying and selling operations. Block’s New York compliance was necessary to offer Bitcoin services to New York users of its widely distributed Cash App platform.
PayPal obtained a BitLicense for its virtual currency features across its PayPal and Venmo platforms, enabling crypto buying, selling, and checkout features for New York residents.
The Conditional BitLicense Pathway
In 2020, NYDFS introduced the Conditional BitLicense — a new pathway designed to allow innovative startups to operate in New York under the supervision of a licensed “sponsor” entity while their full BitLicense application is under review.
Under the Conditional BitLicense program, an applicant that does not yet have the compliance infrastructure, capital, or track record for full BitLicense approval can partner with an existing BitLicense holder or LPTC holder (the “sponsor”). The sponsor assumes responsibility for supervising the applicant’s New York operations, conducting due diligence, and ensuring compliance with applicable regulations. The applicant can operate under this arrangement while its full application is processed.
The Conditional BitLicense significantly reduces the time to market for New York operations — from 18-24 months to 6-12 months in many cases. However, the sponsor arrangement imposes costs: sponsors charge fees for their oversight function and may impose operational restrictions on the applicant. The conditional nature also means the arrangement can be terminated if the sponsor withdraws, creating business continuity risk.
Several crypto companies have used the Conditional BitLicense to begin New York operations before obtaining their full license, including certain DeFi-adjacent platforms and fintech companies entering the crypto market.
BitLicense vs Limited Purpose Trust Company Charter
For larger crypto businesses with the capital and compliance infrastructure to support a banking-level regulatory relationship, the New York Limited Purpose Trust Company charter is often superior to the BitLicense for several reasons:
Qualified custodian status. An LPTC holder is a trust company regulated by NYDFS — a “bank regulatory authority” — providing clearer qualified custodian status under SEC Rule 206(4)-2. BitLicense holders without separate trust charters face more ambiguity about qualified custodian status.
Broader product capabilities. An LPTC can conduct trust business, including fiduciary services, custody, and estate administration — activities not available under a BitLicense. For crypto businesses that want to offer custody and trust services to institutional clients, the LPTC provides broader authority.
Regulatory recognition. The LPTC’s banking charter provides recognition in the institutional market that a BitLicense — a state license for a novel business type — does not always convey. Banks, broker-dealers, and regulated institutions that need to do business with a crypto company typically prefer doing business with a banking-chartered entity.
Capital requirements. LPTC capital requirements are generally higher than BitLicense capital requirements (LPTCs must meet bank-level capital standards), meaning the LPTC pathway requires greater upfront capital commitment.
2024-2025 NYDFS Enforcement Actions
NYDFS enforcement of BitLicense requirements and its virtual currency regulations has been active through 2024-2025, demonstrating that compliance obligations are actively monitored and enforced:
Robinhood Crypto (2024). NYDFS imposed a $30 million penalty on Robinhood’s crypto subsidiary for failures in its BSA/AML program and consumer protection compliance. The action highlighted that even well-funded, publicly traded companies face significant enforcement risk for BSA/AML deficiencies in New York operations.
Coinbase (ongoing). NYDFS ongoing examination of Coinbase’s AML program following a 2023 consent order has resulted in continued compliance monitoring. Coinbase was required to hire an independent monitor to assess its AML compliance and provide remediation recommendations.
Genesis Global Capital (2024). Following Genesis’s bankruptcy filing, NYDFS revoked Genesis’s BitLicense, demonstrating that the license is contingent on ongoing financial soundness and regulatory compliance — not just initial approval.
Binance (2023-2024). Binance’s withdrawal from New York operations (it had operated under a partnership arrangement) and its global regulatory settlements highlighted the consequences of inadequate AML compliance. While Binance’s primary issues were federal (DOJ, FinCEN), NYDFS’s vigilance in its jurisdictional territory was a contributing factor.
The enforcement record demonstrates that the BitLicense is not merely a gateway — it is an ongoing regulatory relationship with examination, reporting, and enforcement consequences for deficiencies.
Exhibit: BitLicense vs Limited Purpose Trust Company Charter Comparison
| Feature | BitLicense | Limited Purpose Trust Co. |
|---|---|---|
| Issuing Authority | NYDFS | NYDFS |
| Application Timeline | 18-24 months | 18-30 months |
| Capital Requirement | Case-by-case (typically $5-50M) | Bank-level (typically $10M+) |
| Permitted Activities | Virtual currency business activity | Trust, custody, + virtual currency |
| Qualified Custodian Status | Ambiguous | Clear (bank regulatory authority) |
| FDIC Insurance | No | No (trust companies, not deposit banks) |
| Cybersecurity (23 NYCRR 500) | Required | Required |
| AML/BSA Program | Required | Required |
| NYDFS Examination | Regular | Regular (bank-equivalent) |
| Annual Audit | Required | Required |
| Notable Holders | Coinbase (exchange), Block | Paxos, Gemini, Coinbase Custody |
Why Companies Exclude New York: The Compliance Math
The decision by dozens of crypto companies to exclude New York residents rather than obtain a BitLicense reflects a rational cost-benefit analysis that critics of the BitLicense often understate.
For a startup digital asset company with 50-100 employees and $10-30 million in funding:
- BitLicense legal preparation costs: $300,000-$800,000
- Ongoing compliance infrastructure (CISO, AML officer, audit, cybersecurity): $1-3 million per year
- NYDFS application fees: $5,000 initial fee (nominal)
- Management time during 18-24 month application process: significant
Against this cost, New York represents approximately 6% of the US population. If the company’s product is not specifically designed for New York’s financial industry — if it serves a general consumer or national institutional market — excluding the 6% market to save $1-3M annually in compliance costs is financially rational.
For large, well-funded companies (Coinbase, PayPal, Circle), the BitLicense costs are small relative to the revenue opportunity in New York’s financial capital. For startups and mid-size crypto companies, the math often tilts toward exclusion.
This is the BitLicense’s principal market structure effect: it creates a two-tier crypto market in New York — large, well-capitalized companies with full regulatory compliance, and everything else operating outside New York’s reach. Whether this is consumer protection (only vetted, compliant companies serve New York residents) or regulatory capture (entrenched large players insulated from startup competition) depends on one’s regulatory philosophy. NYDFS views it as the former; many in the crypto industry view it as the latter.
The Conditional BitLicense pathway, introduced in 2020, partially addresses this concern by giving startups a faster path to New York operations — but the pathway’s cost and sponsor dependency limitations mean it is not a complete solution to the size bias in the full BitLicense process.