NYDFS penalized payment platform Bitpay for alleged violations of its regulations governing BSA/AML requirements and cybersecurity obligations. Here are some hot takes from DFS’ allegations set forth in its Consent Order:
• Bitpay provides a payment platform for merchants wanting to receive Bitcoin payments;
• Bitpay conducted only one cybersecurity risk assessment over a 4-year period;
• Bitpay failed to designate a CISO for 4 years and made no Board presentations on cyber;
• Bitpay’s OFAC screening missed individuals explicitly listed on OFAC sanctions lists;
• Bitpay’s customer risk ratings and, and overall risk assessment, was inadequate.
• No monitor imposed. And no press release or Tweet announcement.