NYDFS PENALIZES BITPAY $1 MILLION FOR BSA/AML/CYBERSECURITY VIOLATIONS

NYDFS penalized payment platform Bitpay for alleged violations of its regulations governing BSA/AML requirements and cybersecurity obligations.  Here are some hot takes from DFS’ allegations set forth in its Consent Order:
•    Bitpay provides a payment platform for merchants wanting to receive Bitcoin payments;
•    Bitpay conducted only one cybersecurity risk assessment over a 4-year period;
•    Bitpay failed to designate a CISO for 4 years and made no Board presentations on cyber;
•    Bitpay’s OFAC screening missed individuals explicitly listed on OFAC sanctions lists;
•    Bitpay’s customer risk ratings and, and overall risk assessment, was inadequate.
•    No monitor imposed. And no press release or Tweet announcement.