http://www.dfs.ny.gov/legal/regulations/revised_vc_regulation.pdf:
Section 200.15 Anti-money laundering program
(a) All values in United States dollars referenced in this Section must be calculated using the methodology
to determine the value of Virtual Currency in Fiat Currency that was provided to the Department under this
Part.
(b) Each Licensee shall conduct an initial risk assessment that will consider legal, compliance, financial,
and reputational risks associated with the Licensee’s activities, services, customers, counterparties, and
geographic location and shall establish, maintain, and enforce an anti-money laundering program based thereon.
The Licensee shall conduct additional assessments on an annual basis, or more frequently as risks change, and
shall modify its anti-money laundering program as appropriate to reflect any such changes.
(c) The anti-money laundering program shall, at a minimum:
(1) provide for a system of internal controls, policies, and procedures designed to ensure ongoing
compliance with all applicable anti-money laundering laws, rules, and regulations;
(2) provide for independent testing for compliance with, and the effectiveness of, the anti-money
laundering program to be conducted by qualified internal personnel of the Licensee, who are not responsible for
the design, installation, maintenance, or operation of the anti-money laundering program, or the policies and
procedures that guide its operation, or a qualified external party, at least annually, the findings of which shall be
summarized in a written report submitted to the superintendent;
(3) designate a qualified individual or individuals in compliance responsible for coordinating and
monitoring day-to-day compliance with the anti-money laundering program; and
(4) provide ongoing training for appropriate personnel to ensure they have a fulsome understanding of
anti-money laundering requirements and to enable them to identify transactions required to be reported and
maintain records required to be kept in accordance with this Part.
(d) The anti-money laundering program shall include a written anti-money laundering policy reviewed and
approved by the Licensee's board of directors or equivalent governing body.
(e) Each Licensee, as part of its anti-money laundering program, shall maintain records and make reports in
the manner set forth below.
(1) Records of Virtual Currency transactions. Each Licensee shall maintain the following information
for all Virtual Currency transactions including involving the payment, receipt, exchange or conversion,
purchase, sale, transfer, or transmission of Virtual Currency:
i) the identity and physical addresses of the party or parties to the transaction that are customers or
accountholders of the Licensee and, to the extent practicable, any other parties to the transaction;
ii) the amount or value of the transaction, including in what denomination purchased, sold, or
transferred;
iii) the method of payment;
iv) the date or dates on which the transaction was initiated and completed; and
v) a description of the transaction.
(2) Reports on transactions. When a Licensee is involved in a Virtual Currency transaction or series of
Virtual Currency transactions, including transactions for the receipt, exchange, conversion, purchase, sale,
transfer, or transmission of Virtual Currency, in an aggregate amount exceeding the United States dollar value
of $10,000 in one day, by one Person, the Licensee shall notify the Department, in a manner prescribed by the
superintendent, within 24 hours.
(3) Reporting of Suspicious Activity. Each Licensee shall monitor for transactions that might signify
money laundering, tax evasion, or other illegal or criminal activity and notify the Department, in a manner
prescribed by the superintendent, immediately upon detection of any such transaction.
(i) Each Licensee shall file Suspicious Activity Reports (“SARs”) in accordance with applicable
federal laws, rules, and regulations.
(ii) Each Licensee that is not required to file SARs under federal law shall file with the
superintendent, in a form prescribed by the superintendent, reports of transactions that indicate a possible
violation of law or regulation within 30 days from the detection of the facts that constitute a need for filing.
Continuing suspicious activity shall be reviewed on an ongoing basis and a suspicious activity report shall be
filed within 120 days of the last filing describing continuing activity.
(f) No Licensee shall structure transactions, or assist in the structuring of transactions, to evade reporting
requirements under this Part.
(g) No Licensee shall engage in, facilitate, or knowingly allow the transfer or transmission of Virtual
Currency when such action will obfuscate or conceal the identity of an individual customer or counterparty.
Nothing in this Section, however, shall be construed to require a Licensee to make available to the general
public the fact or nature of the movement of Virtual Currency by individual customers or counterparties.
(h) Each Licensee shall also maintain, as part of its anti-money laundering program, a customer
identification program.
(1) Identification and verification of account holders. When opening an account for, or establishing a
service relationship with, a customer, each Licensee must, at a minimum, verify the customer’s identity, to the
extent reasonable and practicable, maintain records of the information used to verify such identity, including
name, physical address, and other identifying information, and check customers against the Specially
Designated Nationals (“SDNs”) list maintained by the Office of Foreign Asset Control (“OFAC”), a part of the
U.S. Treasury Department. Enhanced due diligence may be required based on additional factors, such as for
high risk customers, high-volume accounts, or accounts on which a suspicious activity report has been filed.
(2) Enhanced due diligence for accounts involving foreign entities. Licensees that maintain accounts for
non-U.S. Persons and non-U.S. Licensees must establish enhanced due diligence policies, procedures, and
controls to detect money laundering, including assessing the risk presented by such accounts based on the
nature of the foreign business, the type and purpose of the activity, and the anti-money laundering and
supervisory regime of the foreign jurisdiction.
(3) Prohibition on accounts with foreign shell entities. Licensees are prohibited from maintaining
relationships of any type in connection with their Virtual Currency Business Activity with entities that do not
have a physical presence in any country.
(4) Identification required for large transactions. Each Licensee must require verification of the identity
of any accountholder initiating a transaction with a value greater than $3,000.
(i) Each Licensee shall demonstrate that it has risk-based policies, procedures, and practices to ensure, to
the maximum extent practicable, compliance with applicable regulations issued by OFAC.
(j) Each Licensee shall have in place appropriate policies and procedures to block or reject specific or
impermissible transactions that violate federal or state laws, rules, or regulations.
(k) The individual or individuals designated by the Licensee, pursuant to Paragraph 200.15(c)(3), shall be
responsible for day-to-day operations of the anti-money laundering program and shall, at a minimum:
(1) Monitor changes in anti-money laundering laws, including updated OFAC and SDN lists, and update
the program accordingly;
(2) Maintain all records required to be maintained under this Section;
(3) Review all filings required under this Section before submission;
(4) Escalate matters to the board of directors, senior management, or appropriate governing body and
seek outside counsel, as appropriate;
(5) Provide periodic reporting, at least annually, to the board of directors, senior management, or
appropriate governing body; and
(6) Ensure compliance with relevant training requirements.
Congrats, Bitcoin is almost assimilated by the state.