• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2022
  • May
  • 5
  • NYDFS Issues Blockchain Analytics Guidance for Companies

NYDFS Issues Blockchain Analytics Guidance for Companies

May 5, 2022 Comments Off on NYDFS Issues Blockchain Analytics Guidance for Companies
NYDFS Issues Blockchain Analytics Guidance for Companies

New guidance from the New York State Department of Financial Services mandates the use of blockchain analytics services for cryptocurrency businesses licensed in New York.

The New York State Department of Financial Services (NYDFS), which is the government body responsible for regulating the banking and finance sector of entities subject to New York’s laws, recently issued the “Guidance on Use of Blockchain Analytics,” clarifying some of the requirements for “all virtual currency business entities” licensed under the state’s “BitLicense” or chartered under New York Banking Law.

As the first guidance from a state regulatory body covering blockchain analytics, some legal commentators believe it will be the model for future regulations in different states. “Other regulators and law enforcement will likely start looking to this guidance to inform their own best practices for crypto monitoring going forward, and those in the industry would be well served by internalizing and implementing these guidelines, regardless of their jurisdiction,” an author at the National Law Review wrote.

The purpose of this guidance from the New York State Department of Financial Services (“Department”) is to emphasize to all virtual currency business entities that are either licensed under 23 NYCRR Part 200 or chartered as a limited purpose trust company under the New York Banking Law (collectively, “VC Entities”) the importance of blockchain analytics to effective policies, processes, and procedures, including, for example, those relating to customer due diligence, transaction monitoring, and sanctions screening.

Compliance in a Virtual Currency Context

Financial activity involving virtual currency can involve, among other things, different sources, destinations, and types of funds flows than are found in more traditional, fiat-currency contexts. For example, virtual currencies such as Bitcoin and Ether can be transferred peer-to-peer directly from one individual or entity to another pseudonymously, absent the use of a regulated third party (e.g., between non-custodial wallets, or self-hosted wallets that allow users to maintain control of their private keys). Thus, to effectively address compliance requirements under the New York Banking Law and the New York Financial Services Law, as well as federal Bank Secrecy Act/anti-money laundering (“BSA/AML”) and Office of Foreign Assets Control (“OFAC”) requirements, VC Entities must be sure that their compliance programs fully take into account the unique characteristics of virtual currencies.

While such characteristics present compliance challenges, they also present new possibilities for control measures that leverage these new technologies. For example, virtual currencies, by their nature, typically enable provenance tracing (i.e., review of previous transfers or “hops” along the public blockchain ledger, or “on-chain”). Put differently, the blockchain ledger’s immutability typically allows a historical view of a virtual currency transmission between wallet addresses, providing the opportunity for greater visibility into transaction lineage than is typically found with traditional, fiat funds transfers.

A VC Entity’s risk mitigation strategies must take account of the VC Entity’s business profile to assess risk across types of virtual currencies and effectively address the specific characteristics of any particular virtual currency involved. For most virtual currencies, information stored on-chain includes certain identifying information, such as sending and receiving wallet addresses, time and date, and value of the transaction. However, as suggested above, these wallet addresses are typically pseudonymous, with nothing on the face of the transfer tying back to the originator, beneficiary, or underlying beneficial owners. In addition, the effectiveness of existing blockchain analytics tools can vary depending on the particular virtual currency in question.

Control Measures that May Leverage Blockchain Analytics

Given the above-noted characteristics of virtual currencies, the Department emphasizes the importance of blockchain analytics to VC Entities in addressing, for example, anti-money laundering requirements under 23 NYCRR § 200.15, and across a range of BSA/AML and OFAC-related compliance controls,1 including but not limited to:

  • Augmenting Know Your Customer (or “KYC”)-related controls
  • Conducting transaction monitoring of on-chain activity; and
  • Conducting sanctions screening of on-chain activity.

VC Entities can use third-party service providers or internally developed blockchain analytics products and services for additional control measures, whether separately or in combination. To the degree that VC Entities outsource such control functions, the VC Entities must have clearly documented policies, processes, and procedures with regard to how the blockchain analytics activity integrates into the VC Entity’s overall control framework consistent with the VC Entity’s risk profile.

Augmenting Know Your Customer-related controls

As part of their KYC responsibilities, VC Entities must obtain and maintain information regarding, and understand and effectively address the risks presented by, their customers and potential customers.

Potentially useful in this regard are products and services that allow their users to obtain identifying information (e.g., location of a wallet address on a specific exchange for custodial transactions) that ties directly to the pseudonymous on-chain data, particularly in combination with customer-provided information. These products and services typically can identify wallet addresses associated with an institution (e.g., a VC Entity) as well as known high-risk wallet addresses such as darknet marketplaces, but such tools may not be able to identify underlying owners, including ultimate beneficial owners, and may have limited attribution capability, absent further “off-chain” verification methods integrating customer-provided data.

For example, VC Entities must have policies, processes, and procedures to assess counterparty exposure for virtual currency funds transfers (e.g., beneficiary institutions for outbound transfers). For example, certain vendor products or internally developed tools provide numerical scores or tiered rankings to represent the risk of the counterparty institution, typically based on on-chain transaction data supplemented with other factors such as strength of the institution’s BSA/AML Program.

Conducting transaction monitoring of on-chain activity

VC Entities must also have in place appropriate control measures to monitor and identify unusual activity tailored to the VC Entity’s risk profile. Accordingly, it is important for VC Entities to have policies, processes, and procedures for the tracing of transaction activity for each type of virtual currency the entity supports and the flow of funds through the blockchain for any inbound or outgoing activity (often described as “provenance tracing” or “transaction tracing”). For example, FinCEN recently noted: “It is critical that all financial institutions, including those with visibility into CVC [convertible virtual currency] flows, … identify and quickly report suspicious activity associated with potential sanctions evasion, and conduct appropriate risk-based customer due diligence or, where required, enhanced due diligence.” For instance, it is important that VC Entities evidence appropriately tailored transaction monitoring coverage against applicable typologies and red flags, identify deviations from the profile of a customer’s intended purposes, and address other risk considerations as applicable. Relevant typologies related to virtual currency business activity include but are not limited to: assessing whether a virtual currency (1) has substantial exposure to a high-risk or sanctioned jurisdiction; (2) is processed through a mixer or tumbler; (3) is sent to or from darknet markets; (4) is associated with scams/ransomware; and (5) is associated with other illicit activity relevant to the VC Entity’s business model.

Documentation must describe case management and escalation processes, with clearly delineated roles and responsibilities across the business and compliance functions, including the VC entity’s approach where there are any doubts (e.g., related to source of funds).

Conducting sanctions screening of on-chain activity

The Department also emphasizes the importance of risk-based policies, processes, and procedures to identify transaction activity involving virtual currency addresses or other identifying information associated with sanctioned individuals and entities listed on the SDN List, or located in sanctioned jurisdictions; and, OFAC notes: “Transaction monitoring and investigation software can be used to identify transactions involving virtual currency addresses or other identifying information (e.g., originator, beneficiary, originating and beneficiary exchanges, and underlying transactional data) associated with sanctioned individuals and entities listed on the SDN List or other sanctions lists, or located in sanctioned jurisdictions.”


CipherTrace and Chainalysis must be making a killing.

The New York State Department of Financial Services alleges that the state’s regulations for cryptocurrency businesses “ensure that New Yorkers have a well-regulated way to access the virtual currency marketplace and that New York remains at the center of technological innovation and forward-looking regulation.” Of course, after the introduction of New York’s “BitLicense” in 2015, Kraken, BitFinex, ShapeShift, Paxful, and many others left the state.

Very well regulated

The New York State Assembly just passed bill that places a two-year ban on PoW mining operations that rely on “a carbon-based fuel” (Assembly Bill A7389C) as part of an “Earth Day” package (supporters allege that people are getting too sweaty in New York). The State Senate has not yet voted on the bill, though.

A picture of Assemblywoman Anna Kelles sponsored the bill banning PoW mining operations | @annakelles

Assemblywoman Anna Kelles sponsored the bill banning PoW mining operations | @annakelles

In March, the European Parliament – Committee on Economic and Monetary Affairs voted against a draft of the Markets in Crypto Assets regulatory framework that would have banned PoW mining.


Guidance on Use of Blockchain Analytics – archive.is, archive.org, dfs.ny.gov

FinCEN Advises Increased Vigilance for Potential Russian Sanctions Evasion Attempts pdf

Advisory on Illicit Activity Involving Convertible Virtual Currency pdf

(via darknetlive.com at https://darknetlive.com/post/nydfs-published-blockchain-analytics-guidance-for-crypto-companies/)

Post navigation

Cliam – Multi Cloud IAM Permissions Enumeration Tool
afrog: A tool for finding vulnerabilities

Related Articles

Drug Traffickers Are Increasingly Using Crypto in China

Drug Traffickers Are Increasingly Using Crypto in China

- Dark Web News
June 28, 2022
VPN Providers in India Required to Keep Logs Under New Law

VPN Providers in India Required to Keep Logs Under New Law

- Dark Web News
June 27, 2022
Dealer Who Identified Himself on EncroChat Sentenced to Prison

Dealer Who Identified Himself on EncroChat Sentenced to Prison

- Dark Web News
June 26, 2022
hacker gadgets
hacker phone covers

Recent Posts

Jwtear - Modular Command-Line Tool To Parse, Create And Manipulate JWT Tokens For Hackers

Jwtear – Modular Command-Line Tool To Parse, Create And Manipulate JWT Tokens For Hackers

June 29, 2022
Nimc2 - A C2 Fully Written In Nim

Nimc2 – A C2 Fully Written In Nim

June 29, 2022
CURL 7.84 released: tool to transfer data from or to a server

CURL 7.84 released: tool to transfer data from or to a server

June 29, 2022
HintInject: embedding shellcode to Hint/Name Table

HintInject: embedding shellcode to Hint/Name Table

June 28, 2022
secureCodeBox (SCB) - Continuous Secure Delivery Out Of The Box

secureCodeBox (SCB) – Continuous Secure Delivery Out Of The Box

June 28, 2022
Nali: offline tool for querying IP geographic information and CDN provider

Nali: offline tool for querying IP geographic information and CDN provider

June 28, 2022

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs
ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW