The New York State Department of Financial Services (NYDFS) ordered the cryptocurrency exchange BitFlyer USA to pay a $1.2 million fine for not abiding by the state’s cybersecurity regulations.
However, the watchdog endorsed the company’s efforts to upgrade itself in that field by the end of 2023.
New York’s regulator enforced the penalty after discovering “multiple deficiencies” in the cybersecurity program of BitFlyer USA. It reminded that the NYDFS is the main watchdog in the state, and as such, its Superintendent has the authority to conduct investigations and impose fines if necessary.
According to the local requirements, BitFlyer and all other crypto exchanges licensed by the regulator should set up an appropriate cybersecurity program “to ensure the availability and functionality of the licensee’s electronic systems and to protect those systems.” That scheme should notify about potential internal and external cyber risks, granting maximum protection to clients.
“Through its examinations and investigation, the Department found that BitFlyer USA failed to meet its regulatory obligations both by failing to fully comply with the Department’s Cybersecurity Regulation and by failing to establish and maintain an effective cybersecurity program via the implementation of written policies, as required by the Virtual Currency Regulation,” the NYDFS stated.
BitFlyer must pay the fine within ten days after the effective date of the consent order. It should not “claim, assert, or apply for a tax deduction or tax credit with regard to any US federal, state, or local tax, directly or indirectly, for any portion of the civil monetary penalty,” the regulator outlined.
Despite the penalty, the NYDFS highlighted BitFlyer’s ambition to cope with the regulatory issues. The platform displayed a remediation plan, which could make it compliant with the necessary rules by the end of the year.
Another crypto exchange that had problems with the regulator this year is Gemini. The NYDFS launched an investigation against the Winklevoss-led firm in January, alleging that the latter misled its 340,000 Earn users they were FDIC-protected.
The agency recently said it will start billing crypto entities registered in the region in exchange for annual supervision and examination. The new rule will apply to those companies that have secured the so-called Bitlicense.
Payments will be taken five times per year (four estimated quarterly settlements and one based on the actual expenses).
The legislation aims to align cryptocurrency organizations more closely with banks and insurance firms since they are also subjects of such billing. Superintendent Adrienne Harris believes crypto businesses could benefit from the collaboration with the regulator:
“When you can work hand-in-hand with your regulator and your examiners, we can help identify issues early before they metastasize, and it really is a service that we can provide to the industry, and it helps us as regulators better oversee the markets and protect consumers.”