BitFlyer Slapped With a $1.2M Fine for Violating Cybersecurity Rules

BitFlyer USA, a cryptocurrency exchange, was recently fined $1.2 million by the New York State Department of Financial Services (NYDFS) for violating cybersecurity regulations. This penalty is a stark reminder that the NYDFS is the primary watchdog in the state and has the power to conduct investigations and impose fines if necessary.

Multiple Cybersecurity Deficiencies Found

The NYDFS discovered “multiple deficiencies” in BitFlyer USA’s cybersecurity program, prompting the penalty. The regulator requires all crypto exchanges licensed by them to establish an appropriate cybersecurity program to ensure their electronic systems’ availability and functionality and protect them from potential internal and external cyber risks. This program should also provide maximum protection to clients.

According to the NYDFS, BitFlyer USA failed to fully comply with the regulator’s cybersecurity regulations. Additionally, the crypto exchange did not maintain an effective cybersecurity program through the implementation of written policies, as required by the Virtual Currency Regulation.

Penalty and Compliance Plan

BitFlyer USA has to pay the fine within ten days after the consent order’s effective date. The company cannot claim any tax deductions or credits for any part of the civil monetary penalty. However, the NYDFS acknowledged BitFlyer USA’s efforts to upgrade its cybersecurity program by the end of 2023. The platform has developed a remediation plan to ensure compliance with regulatory requirements.

BitFlyer USA is not the only crypto exchange that has had issues with the NYDFS this year. The regulator launched an investigation against Gemini in January. The Winklevoss-led firm allegedly misled its 340,000 Earn users by claiming they were FDIC-protected.

NYDFS’ Latest Requirements

The NYDFS recently announced that it would start billing crypto entities registered in the region for annual supervision and examination. This new rule will apply to companies that have secured Bitlicense. Payments will be taken five times per year, with four estimated quarterly settlements and one based on actual expenses.

The legislation aims to align cryptocurrency organizations more closely with banks and insurance firms since they are also subject to such billing. Superintendent Adrienne Harris believes that crypto businesses could benefit from collaborating with the regulator to identify issues early and protect consumers.