New York State Department of Financial Services

Overview

The New York State Department of Financial Services (NYDFS) is the premier state-level financial regulator in the United States, serving as the unified supervisor of banking, insurance, and financial services activities across New York State. Established in 2011 through a consolidation of the New York State Banking Department (1851) and the New York State Insurance Department (1859), NYDFS has evolved into a global leader in financial regulation, particularly in digital assets and cybersecurity oversight. With jurisdiction over approximately 4,400 financial institutions managing $6.2+ trillion in banking assets and $4.7+ trillion in insurance assets, NYDFS exercises binding regulatory authority over state-chartered banks, money transmitters, cryptocurrency businesses, insurance companies, and other financial service providers operating within New York State.

As the regulator of the world's leading financial capital and the architect of the pioneering BitLicense framework for cryptocurrency regulation, NYDFS wields outsized influence on national and global financial services regulation. For payment system participants, money transmitters, and virtual currency businesses, NYDFS licensing and compliance is mandatory for New York operations and often viewed as the gold standard for regulatory rigor and consumer protection.

Basic Identity

Document Type: Regulatory Entity Profile

Target Audience:

Payment systems professionals
Compliance and regulatory intelligence specialists
Money transmitter and fintech licensing advisors
Virtual currency business operators
Corporate legal and compliance teams

Document Version: 1.0

Creation Date: 2026-04-05

Last Updated: 2026-04-05

Reporting Currency: USD

Reporting Jurisdiction: New York State, United States of America

Language: English

Classification

Field	Value
Entity Type	Official Regulator
Control Layer	Layer 1 — Sovereign/Government Regulator
Legal Authority Level	Binding
Jurisdiction Level	State
Scope of Power	Licensing, Supervision, Enforcement, Rulemaking

Inclusion Justification

Field	Value
Why This Entity Is Included	Government-backed financial regulatory authority with statutory licensing, supervisory, and enforcement powers
Type of Influence	Direct
Exclusion Risk	Removes a key financial regulatory authority from the jurisdiction's control map

What This Entity Oversees

4. History & Establishment

4.1 Founding & Merger (2011)

Effective Date: October 3, 2011

NYDFS was established through a consolidation of two predecessor agencies under New York State's 2011 Budget:

New York State Banking Department (established April 15, 1851)

Regulated state-chartered banks, credit unions, trust companies, money services
Oldest continuous banking regulator in the United States

New York State Insurance Department (established 1859)

Regulated insurance companies, agents, brokers, and related professionals

Motivation for Merger: Following the 2008 financial crisis, New York Governor Andrew M. Cuomo and the State Legislature concluded that a consolidated agency could more effectively regulate complex financial institutions engaging in multiple financial services, reduce regulatory fragmentation, and modernize oversight by examining institutions holistically rather than by function.

Statutory Basis: New York Financial Services Law (enacted as part of 2011 State Budget)

4.2 Predecessor Entity History

Banking Department (1851–2011):

Created by New York State Legislature on April 15, 1851
Became the oldest continuous state banking regulator in the United States
Pioneered state-level bank supervision in the 19th century
Expanded mandate to include credit unions, trust companies, and money transmitter oversight

Insurance Department (1859–2011):

Created by New York State Legislature in 1859
Assumed functions of the Comptroller and Secretary of State relating to insurance regulation
Grew to supervise approximately 1,400 insurance companies

Reference: NYDFS Our History; NYDFS Wikipedia

5. Regulated Entity Categories & Scope

5.1 Banking Sector Entities

NYDFS supervises the following banking-related entities:

State-Chartered Banks — NY-chartered commercial and savings banks licensed under Article III of Banking Law
Trust Companies — NY-chartered trust companies exercising fiduciary powers
Limited Purpose Trust Companies — NY-chartered trust companies without general deposit-taking or lending authority, focused on custody and fiduciary services
Credit Unions — State-chartered credit unions (federally chartered credit unions are supervised by NCUA)
Mortgage Brokers & Loan Servicers — Licensed mortgage bankers and servicers
Check Cashers — Licensed entities engaging in check cashing (Article IX-A, Section 367)

Total Banking Entities: ~1,500 institutions with ~$2.6+ trillion in assets

5.2 Insurance Sector Entities

Insurance Companies — Licensed insurers (property, casualty, life, health, etc.)
Insurance Producers — Licensed agents, brokers, adjusters, and related professionals
Life Settlement Providers — Licensed entities trading or investing in life insurance policies

Total Insurance Entities: ~1,400 companies with ~$4.7+ trillion in assets

5.3 Money Services Entities

Money Transmitters — Licensed under Banking Law Article XIII-B; issue/sell traveler's checks, money orders; transmit money domestically and internationally
Registered Agents — Entities designated to receive legal process on behalf of money transmitters
Money Transmitter Networks — Multi-state transmitter operations

Licensing System: Nationwide Multistate Licensing System and Registry (NMLS)

5.4 Virtual Currency & Digital Asset Entities

BitLicense Holders — Virtual currency businesses licensed under 23 NYCRR Part 200
Limited Purpose Trust Companies (Virtual Currency Charter) — Trust companies chartered with explicit authority to conduct virtual currency business activities
Unregistered Virtual Currency Exchanges — Subject to enforcement action if operating without proper license

5.5 Affiliated Service Providers

NYDFS also supervises:

Premium financing companies
Budget planners and financial advisory services
Investment companies and registered representatives
Service contract providers
Charitable foundation managers (limited scope)

Scope: Entities must be NY-chartered or licensed. Federally chartered institutions (e.g., national banks under OCC, federally chartered credit unions under NCUA) are excluded from NYDFS jurisdiction.

Reference: Who We Supervise; Institution Definitions

9. Trust Company Chartering & Fiduciary Powers

9.1 Overview

NYDFS charters and regulates Trust Companies — institutions authorized to exercise fiduciary (trust) powers under Article III of the New York Banking Law.

9.2 Types of Trust Companies

Full-Service Trust Companies — General authority to take deposits, make loans, and exercise fiduciary powers
Limited Purpose Trust Companies — Restricted to exercising fiduciary powers without general deposit-taking or lending authority
Virtual Currency Trust Companies — Limited purpose trust companies with explicit authority to conduct virtual currency business

9.3 Fiduciary Powers Defined

Under Section 100 of the New York Banking Law, fiduciaries may:

> "Receive, take, manage, hold and dispose of according to the terms of such trust, duty or power, any property or estate, real or personal which may be the subject of any such trust, duty or power."

This includes:

Acting as trustee, executor, administrator, guardian
Holding securities in custody
Managing investment accounts
Administering trusts and estates
Holding virtual currency in custody (for VC-authorized trusts)

9.4 Supervisory Process

Trust company applicants must:

Apply to DFS — Submit charter application with business plan, organizational documents, and financial projections
Undergo Examination — DFS reviews applicant credentials, capital plans, and operational readiness
Enter Supervisory Agreement — Execute a detailed supervisory agreement addressing:

Safety and soundness standards
Customer protection requirements
Operational procedures (custody, settlement, reporting)
AML/BSA compliance
Cybersecurity standards (especially for VC trust companies)
Examination and reporting obligations

Receive Charter — Superintendent issues charter upon approval

9.5 Virtual Currency Trust Company Charters

For entities seeking to hold virtual currency in a fiduciary capacity, NYDFS issues Limited Purpose Trust Company Charters with VC Authority (also called "Qualified Custody Trust Company Charters" in some contexts).

Notable Recipients: WisdomTree (Bitcoin/Ethereum custody trust company, 2024)

Reference: NYDFS Trust Company Information; WisdomTree Trust Company Charter Announcement

10. Cybersecurity Regulation (23 NYCRR Part 500)

10.1 Scope & Applicability

Regulation: 23 NYCRR Part 500 ("Cybersecurity Requirements for Financial Services Companies")

Effective Date: March 1, 2017

Compliance Certificate Requirement: Annual certified compliance statement from Chief Information Security Officer or equivalent (effective February 15, 2018)

Covered Entities: All persons operating under or required to operate under:

License, registration, charter, certificate, permit, or accreditation under NY Banking Law
License, registration, or authorization under NY Insurance Law
License, registration, or authorization under NY Financial Services Law

10.2 Key Requirements (Original & Amended)

Original Requirements (2017):

Cybersecurity risk assessments and annual testing
Password and access controls
Employee cybersecurity awareness training
Incident response planning
Third-party service provider oversight
Encrypted data transmission
Multi-factor authentication (for privileged/administrative access)

Amended Requirements (Effective May 2025 and November 1, 2025):

Multi-Factor Authentication (MFA) — Effective November 1, 2025

Mandatory MFA for all remote access to information systems from which data is accessed or to which data is provided
Scope: Nearly all covered entities and nearly all remote access scenarios
Recommended Methods: Token-based MFA (hardware/software tokens) rather than push-based, text-based, or single-factor methods
Biometric Cautions: NYDFS advised against traditional fingerprint, voice, or video biometrics due to AI deepfake risks

Asset Inventory Program — Effective November 1, 2025

Maintain complete, current inventory of all hardware, software, and data assets
Minimum Data Capture: Owner, location, classification/sensitivity, support/decommission dates, recovery time objectives (RTO)
Quarterly Updates: Assets must be updated at least quarterly

Vulnerability Scanning & Remediation (Effective May 2025)

Regular scanning of external-facing systems for vulnerabilities
Defined remediation timelines (critical vulnerabilities: 30 days; high: 90 days)

Access Control Enhancements (Effective May 2025)

Principle of least privilege for all user access
Regular access reviews and revocation of unnecessary permissions
Segregation of duties for critical functions

Monitoring & Logging (Effective May 2025)

Enhanced logging of access to sensitive data
Real-time alert systems for suspicious activities
Log retention (minimum 3 years)

10.3 Third-Party Service Provider (TPSP) Guidance

Released: October 21, 2025

NYDFS issued comprehensive guidance for covered entities managing cybersecurity risks from third-party service providers (cloud providers, fintech vendors, AI/ML providers, etc.).

Guidance Framework:

Due Diligence Phase

Assess vendor's cybersecurity controls and history
Review certifications (SOC 2, ISO 27001, etc.)
Evaluate financial stability and contractual resilience

Contracting Phase

Define cybersecurity obligations and SLAs
Require incident notification (within 72 hours)
Include audit and inspection rights
Establish data protection and encryption standards
Define termination and data exit procedures

Ongoing Monitoring

Regular security assessments and testing
Incident monitoring and reporting
Compliance with regulatory updates
Periodic vendor reviews and attestations

Termination & Transition

Secure data deletion and transfer procedures
Backup vendor arrangements for critical services

Reference: NYDFS Third-Party Service Provider Guidance (October 21, 2025); NYDFS Cybersecurity Resource Center

10.4 Enforcement & Penalties

NYDFS has become increasingly active in cybersecurity enforcement:

Penalty Framework (23 NYCRR 500.17):

Fraud (intentional misrepresentation): Up to $5,000 per offense
Other violations: Up to $1,000 per violation or (whichever is greater):
$5,000 per offense
Twice the damages attributable to the offense
Twice the economic gain from the offense
Daily non-compliance penalty: Up to $250,000 per day (accruing during ongoing violations)

Notable Recent Enforcement Actions:

Entity	Year	Violation	Penalty
PayPal	2025	Failure to timely report cybersecurity breach; control gaps	$2 million
Robinhood Crypto, LLC	2024	Cybersecurity violations; regulatory non-compliance	$4.5–5 million
EyeMed	2024	Cybersecurity control failures	$4.5–5 million
Carnival Corporation	2024	Cybersecurity violations	$4.5–5 million

Reference: NYDFS Enforcement Actions; PayPal Enforcement Action (2025)

12. Examination & Supervision Authority

12.1 Examination Scope

NYDFS exercises full-scope prudential examination authority over regulated entities, including:

Safety & Soundness Examinations

Capital adequacy and financial condition
Liquidity and asset quality
Management and governance
Operational resilience and business continuity

Compliance Examinations

Anti-money laundering (AML) and Bank Secrecy Act (BSA) compliance
Cybersecurity and data protection controls
Consumer protection law compliance
Regulatory reporting accuracy

Specialty Examinations

Cybersecurity assessments (Part 500)
Virtual currency business controls (Part 200)
Climate risk and ESG governance
Third-party service provider oversight
Information security penetration testing

12.2 Examination Frequency

General Banking Entities: Periodic examinations (frequency determined by risk profile, typically 1–3 years)
Virtual Currency Businesses (BitLicensees): At least once every 2 calendar years
Money Transmitters: Regular examinations based on business size and complexity
High-Risk Entities: More frequent examinations or continuous monitoring

12.3 Examination Process

Notification: DFS notifies the entity of exam scope and timeline
Document Preparation: Entity produces books, records, policies, and compliance documentation
On-Site Examination: DFS examiners conduct review of systems, controls, and compliance
Sampling & Testing: Examiners sample transactions, account records, and test control effectiveness
Exit Conference: Preliminary findings discussed with management
Examination Report: Written report issued detailing findings, deficiencies, and recommendations
Response & Follow-Up: Entity submits response and remediation plan; DFS conducts follow-up examinations to verify corrective actions

12.4 Supervisory Agreements

Many regulated entities operate under Supervisory Agreements with NYDFS, which specify:

Minimum capital and liquidity requirements
Operational procedures and restrictions
Compliance program standards
Reporting and examination schedules
Grounds for suspension or revocation

13. Banking Law & Insurance Law Provisions

13.1 New York Banking Law

Primary Articles Administered by NYDFS:

Article I: General Provisions (Superintendent powers, regulatory authority)
Article II: Incorporation and Chartering of Banks
Article III: Banks and Trust Companies (chartering, regulation, mergers)
Article IV–VII: Specific bank types (savings banks, credit unions, etc.)
Article VIII: Mortgage brokers and lenders
Article IX-A: Check cashers (Section 367)
Article XIII-B: Money transmitters (Sections 640–652-B)

13.2 New York Insurance Law

Primary Functions:

Licensing of insurance companies
Rate and form approval
Producer licensing (agents, brokers, adjusters)
Market conduct examinations
Solvency monitoring
Consumer complaint handling

13.3 New York Financial Services Law

Article 1 — Establishes NYDFS and defines:

Superintendent's authority to promulgate regulations
Investigation and enforcement powers
Penalty authority
Rulemaking procedures
Annual reporting requirements

Reference: New York Banking Law; New York Insurance Law; New York Financial Services Law § 102

14.1 Consumer Protection Mission

A primary mandate of NYDFS is protecting consumers from fraud, unfair practices, and abuse in financial services. The Consumer Protection and Financial Enforcement Division (established 2019) investigates and prosecutes violations of consumer protection law.

14.2 Key Consumer Protection Areas

Fraud Prevention — Enforcement against deceptive or fraudulent practices
Disclosure Compliance — Ensuring clear, accurate disclosure of terms, fees, and risks
Fair Lending — Enforcement of fair lending practices and discrimination prohibitions
Complaint Investigation — Responsive investigation of consumer complaints
Restitution — Recovery of consumer losses from violating entities
License Revocation — Removal of licenses for entities engaging in systematic abuse

14.3 Complaint Channel

Email: [email protected]

Types of Complaints: Banking, insurance, money transmitter, virtual currency, mortgage lending, and other financial services complaints

Response: DFS investigates complaints and may open formal enforcement proceedings if violations are identified

Reference: NYDFS Contact Us

15. Recent Regulatory Developments & Guidance (2023–2025)

15.1 Virtual Currency Guidance (November 2023)

Guidance Title: "Guidance Regarding Listing of Virtual Currencies" (November 15, 2023)

Scope: Directed to BitLicensees and limited purpose trust companies holding or trading virtual currencies

Key Elements:

Governance framework for currency listing decisions
Risk assessment procedures (fraud risk, regulatory risk, technical risk)
Customer communication and transparency
Monitoring and de-listing protocols
Recordkeeping standards

Impact: Clarified NYDFS expectations for responsible virtual currency listing practices

Reference: NYDFS Virtual Currency Listing Guidance (November 15, 2023)

15.2 Cybersecurity Regulation Amendments (2025)

Amendment Timeline:

May 2025: Vulnerability scanning, access control, and monitoring requirements effective
November 1, 2025: MFA and asset inventory requirements effective

Significance: Represents most substantial update to Part 500 since its 2017 adoption; raises compliance bar significantly for all covered entities

Reference: NYDFS Cybersecurity Updates

15.3 Conditional BitLicense Proposal (2024)

Status: Proposal released June 2024; under public comment and legislative review

Objective: Modernize BitLicense framework to:

Reduce barriers to entry for responsible innovation
Phase compliance requirements appropriately
Maintain core consumer protections
Address feedback from five-year regulatory review (2020)

Potential Impact: If adopted, could accelerate cryptocurrency business formation in New York while maintaining regulatory oversight

15.4 AI Cybersecurity Guidance (2025)

NYDFS released guidance on managing cybersecurity risks related to artificial intelligence and machine learning use in financial services, including:

Bias and fairness testing
Adversarial attack resilience
Model transparency and explainability
Third-party AI vendor risk management

15.5 Third-Party Service Provider Risk Management (October 2025)

Guidance Released: October 21, 2025

Addressees: Chief Information Security Officers and executives of covered entities

Scope: Management of cybersecurity risks from cloud providers, fintech vendors, AI/ML providers, and other third-party service providers

Key Guidance: Structured approach covering due diligence, contracting, ongoing monitoring, and termination/transition planning

18. Payments & Transfer System Relevance

18.1 Money Transmission Oversight

NYDFS is the primary state-level regulator of money transmission in New York State. Any entity transmitting money within NY (or on behalf of NY residents) must be licensed, making NYDFS a critical gatekeeper for:

Domestic Wire Transfers — Transmitted via banks, fintech providers, money transmitters
International Remittances — Cross-border money transmission for individuals and businesses
Cryptocurrency Remittances — Transmission of virtual currency on behalf of customers
Payment Service Providers — PayPal, Square, Stripe, and other fintech providers operating in NY
Money Order & Traveler's Check Issuers — Licensed money transmitters

18.2 Digital Currency & Payments Innovation

NYDFS oversees the entire spectrum of digital payment innovations:

Stablecoins — Regulated as virtual currencies under BitLicense regime
Central Bank Digital Currencies (CBDCs) — Likely to fall within NYDFS jurisdiction if NY-issued
Decentralized Finance (DeFi) — NYDFS has indicated that DeFi smart contract issuers may require licensing if engaging in virtual currency business activities
Cryptocurrency Payment Processors — Subject to money transmitter licensing if transmitting on behalf of customers

18.3 Financial Inclusion & Access

NYDFS's Banking Development Districts initiative aims to expand financial access and payment system participation in underserved communities across New York, fostering development of alternative payment infrastructure.

Appendix A: Key Regulatory Citations

Statutes

Statute	Full Title	Relevance
Banking Law § 640–652-B	Transmitters of Money	Money transmitter licensing
Banking Law § 367	Check Cashers	Check casher licensing
Banking Law Article III	Banks and Trusts	Trust company chartering
Financial Services Law § 102	Department of Financial Services Establishment	NYDFS authority and mandate

Regulations

Regulation	Title	Effective
23 NYCRR Part 200	Virtual Currencies	August 8, 2015
23 NYCRR Part 500	Cybersecurity Requirements	March 1, 2017 (Amended May 2025, November 2025)
23 NYCRR Part 406	Money Transmitter General Regulations	Ongoing
23 NYCRR Part 300–417	Banking Regulations	Ongoing

Appendix B: Glossary

BitLicense — A virtual currency business license issued by NYDFS under 23 NYCRR Part 200 for entities engaging in virtual currency business activities.

Covered Entity — Any person operating under or required to operate under a license, registration, charter, certificate, permit, or authorization under NY Banking Law, Insurance Law, or Financial Services Law.

Limited Purpose Trust Company — A trust company chartered under NY Banking Law Article III without authority to take deposits or make loans, except incidental to fiduciary services.

Money Transmitter — A business that issues and sells traveler's checks and money orders, and transmits money on behalf of the public by wire, check, draft, facsimile, or courier.

Superintendent — The chief executive officer of NYDFS, appointed by the Governor and confirmed by the NY State Legislature.

Virtual Currency — Any type of digital unit used as a medium of exchange or form of digitally stored value, including cryptocurrencies and stablecoins.

End of Document

Regulatory Powers

11.1 Enforcement Mechanisms

NYDFS possesses comprehensive enforcement authority under the Banking Law, Insurance Law, and Financial Services Law:

Investigation Authority

Power to examine books, records, and accounts
Authority to issue subpoenas for documents and testimony
Jurisdiction to investigate consumer complaints
Statutory authority to examine third-party service providers

Administrative Proceedings

Formal hearings before administrative law judges
Opportunity for respondent to present evidence and cross-examine witnesses
Appeal to Superintendent for final determination

Enforcement Actions

Cease and desist orders
Consent orders and settlement agreements
License suspension or revocation
Civil monetary penalties and fines
Restitution to affected consumers
Corrective action orders

Criminal Referral

Power to refer violations to District Attorney or Attorney General for criminal prosecution
Coordination with federal law enforcement (FBI, Secret Service, IRS)

Reference: NYDFS Enforcement Actions; Insurance Disciplinary Actions

11.2 Penalty Authority & Amounts

General Civil Penalties (Per Banking Law, Insurance Law, Financial Services Law):

Violation Type	Maximum Penalty
Fraud / Intentional Material Misrepresentation	Up to $5,000 per offense
General Regulatory Violation	Up to $1,000 per violation (or greater of: $5,000/offense, 2x damages, 2x gain)
Cybersecurity Violation (Part 500)	Up to $5,000 per offense or per day (daily accrual up to $250,000/day for ongoing violations)
Money Transmitter Violation	Up to $1,000 per violation (or greater of $5,000/offense, 2x damages, 2x gain)

Additional Sanctions:

License revocation or suspension
Operating restrictions or conditions
Restitution and disgorgement of ill-gotten gains
Mandatory compliance monitoring
Mandatory consumer disclosures
Capital or reserve requirements

11.3 Recent Enforcement Trends

Cybersecurity Focus (2023–2025): NYDFS has dramatically increased enforcement activity around cybersecurity violations, with particular focus on:

Failure to implement MFA
Inadequate incident response and notification procedures
Insufficient third-party service provider oversight
Gaps in data encryption and access controls

Cryptocurrency Enforcement (2023–2025): NYDFS has continued to take enforcement actions against unlicensed virtual currency businesses and BitLicensees failing to meet compliance obligations.

Dollar Amounts: Recent enforcement actions have resulted in penalties ranging from $1.5 million to $5 million+, with a notable trend toward escalating penalties for repeat or egregious violations.

Reference: NYDFS Enforcement Actions Overview

Regulatory Role and Function

2.1 Current Leadership

Acting Superintendent: Kaitlin Asrow (appointed October 18, 2025)

Asrow, who has served at NYDFS since 2021, previously held the position of Executive Deputy Superintendent of Research and Innovation. In her prior role, she oversaw regulation of virtual currency companies and led the department's policy initiatives on innovation and financial inclusion. Her appointment came following the departure of Superintendent Adrienne A. Harris after four years of service.

Previous Superintendent: Adrienne A. Harris (2022–2025)

Harris was nominated by Governor Kathy Hochul in 2021 and confirmed by the New York State Legislature in January 2022. During her tenure, she transformed the Virtual Currency Unit into a global leader in cryptocurrency regulation, hired over 60 subject matter experts, brought the first enforcement actions against cryptocurrency companies, created seven Banking Development Districts, and established guardrails around AI use in insurance underwriting and pricing.

Reference: NYDFS Leadership Announcement; Adrienne Harris Confirmation

2.2 Divisional Structure

NYDFS operates six primary divisions:

Banking Division

Jurisdiction: State-chartered banks, trust companies, credit unions, mortgage brokers, money transmitters
Authority: Chartering, licensing, examination, enforcement

Insurance Division

Jurisdiction: Insurance companies, producers (agents, brokers, adjusters), life settlements
Authority: Rate and form approval, licensing, solvency monitoring

Consumer Protection and Financial Enforcement Division (CPFED)

Established: April 2019 (merger of Enforcement and Financial Frauds units)
Authority: Consumer complaints investigation, enforcement actions, disciplinary proceedings
Sub-units: Enforcement, Investigations & Intelligence, Civil Investigations, Producers, Consumer Examinations, Student Protection

Research & Innovation Division

Focus: Financial technology, emerging business models, innovation policy
Authority: Policy development, regulatory guidance

Cybersecurity Division

Focus: Implementation and enforcement of 23 NYCRR Part 500 (Cybersecurity Regulation)
Authority: Cybersecurity examinations, breach notifications, enforcement

Climate Division

Focus: Integration of climate risk management into financial institution governance
Authority: Guidance and examination authority for climate risk oversight

Reference: NYDFS About Us

2.3 Scale of Operations

Total Regulated Entities: ~4,400 (banking, insurance, money services, cryptocurrency)
Banking Sector Assets: $6.2+ trillion
Insurance Sector Assets: $4.7+ trillion
Staff: Significant compliance and examination personnel, including 60+ virtual currency specialists

16.1 BitLicense: First Virtual Currency Regulatory Regime

NYDFS pioneered the BitLicense, adopted in 2015, which:

First-Mover: First U.S. state (and among first globally) to adopt a dedicated virtual currency licensing regime
Comprehensive: Addresses capital, cybersecurity, AML, consumer protection, and operational resilience
Influential: Spawned similar frameworks in other jurisdictions and internationally
Enforcement: NYDFS brought first enforcement actions against unlicensed cryptocurrency businesses (2015–present)

16.2 Cybersecurity Regulation Leadership

23 NYCRR Part 500 has become:

Industry Standard: Adopted as reference model in other states
Global Influence: Inspired similar regulations in other countries
Enforcement Leader: Most aggressive cybersecurity enforcement of any state regulator

16.3 Virtual Currency Custody & Trust Companies

NYDFS pioneered the use of Limited Purpose Trust Company Charters for cryptocurrency custody, allowing entities like WisdomTree to offer institutional-grade virtual currency custody services.

16.4 Climate Risk & ESG Governance

NYDFS created a Climate Division and issued guidance on integration of climate risk management into financial institution governance — a leading approach among state regulators.

Legal Foundation

1.1 Statutory Foundation

NYDFS derives its authority from three primary statutes:

New York Banking Law — Grants authority to charter, license, supervise, and examine state-chartered banks, trust companies, money transmitters, and other financial institutions. Key articles include:

Article III (Banks and Trusts)
Article XIII-B (Money Transmitters, Sections 640–652-B)
Article IX-A (Check Cashers, Section 367)

New York Insurance Law — Grants authority to supervise and regulate insurance companies, agents, brokers, adjusters, and other insurance-related professionals.
New York Financial Services Law — Officially established NYDFS in 2011 and defines its comprehensive mandate to regulate financial services, issue regulations, conduct investigations, hold administrative hearings, and levy penalties. The law declares the purpose of consolidation as creating "a modern system of regulation" to enforce banking and insurance laws efficiently.

Reference: New York State Department of Financial Services - About Us; New York State Department of Financial Services History; New York Financial Services Law § 102

1.2 Regulatory Authority & Scope

The Superintendent of Financial Services (equivalent to the department's chief executive) possesses broad authority to:

Charter and License: Grant, renew, and revoke charters and licenses for regulated entities
Examine and Supervise: Conduct prudential examinations and ongoing supervision of approximately 4,400 financial institutions
Enforce: Investigate violations, issue enforcement orders, impose penalties, and revoke licenses
Rulemaking: Promulgate regulations and guidance under delegated statutory authority
Intervene: Exercise emergency powers in cases of mismanagement, fraud, or insolvency

Control Layer: Layer 1 — Sovereign / Government Regulator (binding, non-negotiable authority)

Legal Authority Level: Binding (regulatory decisions are enforceable by law)

Licensing and Authorization Relevance

6.1 Regulatory Framework

Statutory Authority: New York Banking Law Article XIII-B (Sections 640–652-B: "Transmitters of Money")

Regulatory Guidance:

23 NYCRR Part 406 (Money Transmitter General Regulations)
23 NYCRR Part 416, 417, and 300 (Supplementary Rules)

6.2 License Requirement

Any person or entity that engages in money transmission in New York State (or on behalf of NY residents) must obtain a Money Transmitter License from the Superintendent. Prohibited activities without a license: issuing/selling traveler's checks or money orders, or transmitting money on behalf of the public by wire, check, draft, facsimile, or courier.

Reference: Banking Law § 640; NYDFS Money Transmitter Licensing

6.3 Key Financial Requirements

Requirement	Amount	Notes
Surety Bond	Minimum $500,000	Issued by authorized surety company; amount may vary by business model
Net Worth	Minimum $500,000	May be adjusted based on business volume and risk profile
Liquid Assets	100% of transmission liabilities	Banking Law § 651 mandates full liquidity coverage
Capital	Determined by business model	Tiered based on transmission volume, business risk, and customer base

6.4 Application Requirements

Applicants must submit:

Financial Statements — Two most recent audited statements prepared by CPA (within 90 days of fiscal year end)
Business Plan — Target markets, products, marketing strategies, operating structure, fee schedules
Organizational Documents — Articles of incorporation, bylaws, organizational charts
Background Checks — Financial and criminal background checks for all key personnel, executives, directors, and owners with 20%+ ownership
AML/BSA Policy — Comprehensive Anti-Money Laundering and Bank Secrecy Act compliance program
Compliance Documentation — Policies addressing sanctions screening, KYC, customer due diligence
Technology Documentation — Description of systems, security protocols, data handling procedures

6.5 Licensing Management

System: Nationwide Multistate Licensing System and Registry (NMLS)

Benefits for Applicants:

Single consolidated application for multi-state money transmitter licensing
Unified record maintenance across states
Online amendment and reporting portal
Streamlined regulatory coordination

Reference: NMLS Money Transmitter Licensing; New York Money Transmitter License Requirements

6.6 Ongoing Compliance Obligations

Financial Reporting — Quarterly financial statements and annual audited statements submitted to NYDFS
Annual Examinations — NYDFS conducts regular on-site examinations
Regulatory Notifications — Changes in key personnel, ownership, business operations must be reported per Banking Law § 641–642 and § 652-a
Solvency Maintenance — Continuous maintenance of required capital, net worth, and liquidity ratios
AML Program Updates — Annual AML/BSA program reviews and updates based on risk assessments

7.1 Overview

The BitLicense is a groundbreaking regulatory framework that establishes New York as the first U.S. jurisdiction to create a dedicated licensing regime for virtual currency business activities. Adopted in 2015, the BitLicense framework has become the gold standard for cryptocurrency regulation globally and has spawned similar regimes in other jurisdictions.

7.2 Regulatory Framework

Regulation: 23 NYCRR Part 200 ("Virtual Currencies")

Adoption & Effective Dates:

Proposed: July 17, 2014
Finalized: June 2015
Effective: August 8, 2015

Statutory Reference: New York Financial Services Law, which authorizes the Superintendent to issue regulations governing virtual currency businesses

7.3 Definition of Virtual Currency & Business Activities

Virtual Currency Definition: "Any type of digital unit that is used as a medium of exchange or a form of digitally stored value." This includes cryptocurrencies, stablecoins, tokenized assets, and similar digital representations of value.

Virtual Currency Business Activity (23 NYCRR 200.2(q)) — Five Categories Requiring License:

Transmission/Money Transmission — Receiving virtual currency for transmission or transmitting VC on behalf of customers
Custody/Holding — Storing, holding, or maintaining custody/control of virtual currency on behalf of others
Buying/Selling (Customer Facing) — Buying and selling virtual currency as a customer business
Exchange Services — Performing exchange services (VC-to-fiat, VC-to-VC, etc.) as a customer business
Issuing/Controlling — Controlling, administering, or issuing a virtual currency

Exemptions (23 NYCRR 200.2(p)):

Consumers using VC solely for personal investment purposes (no license required)
Merchants and consumers using VC solely for purchase/sale of goods and services (no license required)
Software developers creating wallet/exchange technology but not operating the service (no license required)

Reference: 23 NYCRR Part 200 Virtual Currencies; NYDFS Virtual Currency Business Licensing

7.4 BitLicense Application & Approval Process

Filing: Applications submitted via NYDFS portal or by mail to the Department

Standard Approval Timeline: 6–12 months (subject to completeness and complexity)

Application Fees: Annual assessment charges based on business model and asset size (published in fee schedule)

Key Decision Factors:

Applicant's financial condition and capital sufficiency
Anti-money laundering and sanctions compliance programs
Cybersecurity and data protection measures
Operational and business continuity resilience
Consumer protection safeguards
Applicant background and compliance history

7.5 Capital & Financial Requirements

Requirement	Amount	Notes
Operating Capital	Variable	23 NYCRR 200.8(b) sets tiered requirements based on business model (e.g., 2% of VC holdings, 50% of monthly transaction volume, etc.)
Surety Bond or Customer Fund	Minimum $500,000	23 NYCRR 200.9(a); may increase based on customer assets under management
Capital Buffers	Business-dependent	Additional capital for custody, lending, or high-risk business lines

7.6 Key Operational Requirements

Anti-Money Laundering Program (23 NYCRR 200.12–200.14)

Annual AML risk assessment based on services, products, customers, counterparties, and geographic footprint
Customer due diligence (CDD) and enhanced due diligence (EDD) procedures
Sanctions screening and watch-list monitoring
Suspicious activity reporting (SAR) to FinCEN
Compliance officer designation

Cybersecurity & Data Protection (23 NYCRR 200.16)

Encrypted storage of customer virtual currency
Multi-signature controls on private keys
Offline/cold storage for customer assets
Access controls and audit logging
Incident response and breach notification procedures
Third-party security assessments

Consumer Protection (23 NYCRR 200.17–200.20)

Segregation of customer assets
Clear disclosure of fees, risks, and operational procedures
Dispute resolution procedures
Cybersecurity incident notification to customers within 72 hours
Annual financial statements available to customers

Governance & Risk Management (23 NYCRR 200.5–200.11)

Board of directors oversight (or equivalent)
Written policies for operational risk, cybersecurity, AML, customer complaints
Chief compliance officer with independent reporting authority
Information security officer or equivalent
Third-party service provider management and oversight

Record Keeping & Reporting (23 NYCRR 200.21–200.25)

Books and records of all transactions for minimum 5 years
Customer records (identity, account activity, beneficial owners)
Annual financial statements filed with DFS
Custody and reserve account statements
Transaction records and settlement data

7.7 Examination & Compliance

Examination Schedule: BitLicensees are examined at least once every 2 calendar years

Examination Scope:

Financial condition and capital adequacy
Cybersecurity and data protection controls
AML/sanctions compliance
Consumer complaint investigation
Third-party service provider oversight
Record-keeping adequacy

7.8 Virtual Currency Listing Guidance

NYDFS Guidance (November 2023 & September 2023): NYDFS issued industry guidance for BitLicensees and limited purpose trust companies regarding the listing and de-listing of virtual currencies.

Key Elements:

Governance framework for currency listing decisions
Risk assessment procedures (including fraud, regulatory, and technical risk)
Monitoring and de-listing protocols
Disclosure requirements to customers
Recordkeeping for listing decisions

Reference: NYDFS Industry Letter - November 15, 2023 (Listing Guidance)

7.9 Recent Regulatory Developments: Conditional BitLicense (2024)

In June 2024, NYDFS published a "Conditional BitLicense" proposal as part of a comprehensive review of its cryptocurrency licensing framework. The proposed conditional license would:

Streamline Entry: Reduce barriers to entry for emerging virtual currency businesses
Phased Compliance: Allow entities to comply with certain requirements over time
Innovation Focus: Facilitate responsible innovation in cryptocurrency and blockchain technology
Consumer Safeguards: Maintain core consumer protection requirements

Status: Proposal under public comment and legislative review as of 2026.

Reference: NYDFS Conditional BitLicense Proposal; News Coverage

7.10 Alternative Licensing: Limited Purpose Trust Company

Entities may alternatively pursue a Limited Purpose Trust Company Charter under New York Banking Law Article III (with explicit authority to conduct virtual currency business) rather than a BitLicense.

Differences from BitLicense:

Fiduciary Powers: Limited purpose trust companies have fiduciary powers; BitLicensees do not
Scope: Limited purpose trusts cannot take deposits or make loans except incidental to fiduciary services; BitLicensees have broader service flexibility
Supervision: Same NYDFS supervision but under different statutory framework
Capital: Higher capital requirements for trust company charters
Restrictions: Limited purpose trusts are geographically restricted (primarily NY-based operations)

Reference: NYDFS Virtual Currency Business Licensing; Limited Purpose Trust Company Information

8.1 Regulatory Framework

Statutory Authority: New York Banking Law Article IX-A, Section 367

Definition: A person or entity that engages in the business of cashing checks, drafts, or money orders for consideration

License Requirement: Mandatory license from the Superintendent of Financial Services for any entity engaging in check cashing in New York

Prohibition: Section 367 of Banking Law prohibits check cashing without a license; violations constitute a violation of banking law

8.2 Licensing System

System: Nationwide Multistate Licensing System and Registry (NMLS)

Unified Application: One NMLS record permits multi-state check casher licensing

Online Management: Amendments, renewals, surrenders, and reports via NMLS portal

Reference: NYDFS Check Casher Licensing

8.3 Regulatory Scope

Check cashers are also subject to NYDFS consumer protection standards, including:

Disclosure of fees and charges
Complaint handling procedures
Record-keeping requirements
Financial reporting obligations
Anti-money laundering and sanctions compliance

Payments and Money Movement Relevance

The YAML Frontmatter - Regulator Entity Profile has the following relevance to payments and money movement in United States:

Function	Relevance
Payment System Oversight	Oversees payment systems and payment service providers within mandate
Licensing	Licenses entities involved in payment services where applicable
Consumer Protection	Enforces consumer protection rules for payment services
AML/CFT	Ensures payment service providers comply with AML/CFT requirements

Payment Systems Governed or Overseen

The YAML Frontmatter - Regulator Entity Profile does not directly operate payment systems. Its payment-related role includes:

Function	Relationship to Payments
Money Transmitter Licensing	Issues and supervises state money transmitter licenses
Consumer Lending Oversight	Regulates consumer lending and credit products with payment components
Bank Supervision	Supervises state-chartered banks that participate in payment systems
Consumer Protection	Enforces state consumer financial protection laws
Fintech Regulation	Oversees fintech companies and payment innovators operating in the state

Money transmitters, payment processors, and fintech companies operating in this jurisdiction require licensing or registration with this entity.

Relationship to Other Regulators

17.1 NYDFS Authority Limits

NYDFS supervises New York State-chartered entities only. The following are NOT under NYDFS jurisdiction:

National Banks — Chartered and regulated by the Office of the Comptroller of the Currency (OCC); typically have "National" or "N.A." in their names
Federal Credit Unions — Regulated by the National Credit Union Administration (NCUA)
Bank Holding Companies — Regulated by the Federal Reserve
Out-of-State Banks — Banks chartered in other states (supervised by their home state regulator)
Federal Thrift Institutions — Regulated by the Federal Reserve or OCC

17.2 Federal Coordination

NYDFS coordinates with federal regulators on matters affecting NY institutions:

FinCEN — Money transmission, AML/BSA compliance, suspicious activity reporting
Federal Reserve — Bank holding companies, payments systems, interest rate policy
OCC — National banks, cyber risk management
FDIC — Bank solvency and deposit insurance
FBI / Secret Service — Financial crime and cybersecurity threats
NY Attorney General — Consumer protection, antitrust, consumer fraud

Geography and Jurisdiction Notes

Field	Value
Applies Nationwide	No
Applies at State or Sub-National Level Only	Yes
Cross-Border or Regional Reach	No
Special Territorial Notes	State jurisdiction within United States

Important Departments and Divisions

Division / Department	Primary Function
Supervision Division	Oversight of regulated entities
Licensing Division	Processing of applications and authorizations
Enforcement Division	Investigation and prosecution of violations
Policy and Research Division	Regulatory policy development
Compliance Division	AML/CFT and regulatory compliance monitoring

Key Public Resources

3.1 Headquarters

1 State Street, New York, NY 10004, USA

Phone: +1 (212) 709-3500
Email (Consumer Inquiries): [email protected]
Email (Legal Process): [email protected]
Office Hours: Monday–Friday, 8:30 AM–4:30 PM EST (excluding state holidays)

Reference: NYDFS Contact Information

3.2 Regional Offices

NYDFS maintains field offices throughout New York State:

Location	Address	Type
New York City	1 State Street, New York, NY 10004	Headquarters
Albany	One Commerce Plaza, Albany, NY	Field Office
Syracuse	333 East Washington Street, Syracuse, NY	Field Office
Buffalo	65 Court Street, Buffalo, NY	Field Office
Mineola	163B Mineola Boulevard, Mineola, NY	Field Office

3.3 Digital Presence

Official Website: https://www.dfs.ny.gov
Licensed Entity Directory: Institution Directory
Application Portal: https://myportal.dfs.ny.gov (NMLS licensing)
Social Media: @NYDFS on X/Twitter; LinkedIn

20.1 NYDFS Contact Directory

Function	Email	Phone
Consumer Inquiries	[email protected]	(212) 709-3500
Legal Process	[email protected]	(212) 709-3500
Money Transmitter Licensing	NMLS Portal	(212) 709-3500
BitLicense Applications	Virtual Currency Portal	(212) 709-3500
Check Casher Licensing	NMLS Portal	(212) 709-3500

20.2 Key Online Resources

NYDFS Main Website: https://www.dfs.ny.gov
Institution Definition & Directory: https://www.dfs.ny.gov/institution_definition
Enforcement Actions: https://www.dfs.ny.gov/industry_guidance/enforcement_actions
Money Transmitter Licensing: https://www.dfs.ny.gov/apps_and_licensing/money_transmitters
Virtual Currency Business Licensing: https://www.dfs.ny.gov/virtual_currency_businesses
Cybersecurity Resource Center: https://www.dfs.ny.gov/industry_guidance/cybersecurity
Industry Guidance & Letters: https://www.dfs.ny.gov/industry_guidance

20.3 Regulatory Materials & Templates

Money Transmitter Application Checklist: Available on NMLS or NYDFS portal
BitLicense Application Guide: Published on NYDFS website with requirements and forms
Cybersecurity Compliance Checklist: Available in NYDFS Cybersecurity Resource Center
AML/BSA Program Template: Provided as guidance reference

Notes on Naming and Language

Field	Value
Preferred English Rendering	YAML Frontmatter - Regulator Entity Profile
Official Local-Language Rendering	YAML Frontmatter - Regulator Entity Profile
Official Website Language(s)	English