The NY Attorney General is seeking legislation that would significantly expand the state’s reach over digital assets and require wholesale changes to the operation of digital asset businesses that choose to remain in New York.

Letitia James, the Attorney General of the State of New York (NYAG), released a proposed bill that—if taken up by the state legislature and enacted—would create the most comprehensive and restrictive digital asset regulatory regime in the United States.

New York was an early and active regulator in the digital asset space. In 2015, the NY Department of Financial Services (NYDFS) issued its BitLicense rules, which became the first comprehensive digital asset regulatory framework in the nation. Ms. James stated that her new proposal is intended to address “[r]ampant fraud and dysfunction” in the digital asset industry, and follows her office’s actions alleging misconduct by a variety of market participants.

The proposed legislation, called the Crypto Regulation, Protection, Transparency, and Oversight (CRPTO) Act, would add a new layer of regulation on top of the BitLicense regime and significantly change the way digital asset businesses can conduct activities from or within New York—perhaps driving major market participants out of the state entirely.

The proposal is expected to be submitted to the New York Senate and Assembly for consideration during the 2023 legislative session, which is scheduled to end in early June.

Our takeaways

Likelihood of near-term enactment

Because the NYAG’s proposal is so far-reaching (as we discuss in more detail below), we think it is unlikely—though certainly not impossible—to be taken up, debated and enacted as proposed in the remaining weeks of the 2023 legislative calendar. On the other hand, it may spur efforts already underway in the U.S. Congress to clarify the scope of federal regulatory authority over digital asset activities, and the proposal will undoubtedly stoke arguments that a comprehensive federal approach to industry oversight is needed to prevent a patchwork of overlapping state regulatory regimes.

Market structure

A key consequence of the CRPTO Act would be the required segregation of activities by digital asset market participants doing business in New York, restricting the combination of functions in a manner more stringent than required in the securities markets.

The proposal would make it illegal for any person, directly or through one or more affiliates, to act as more than one of: (1) a digital asset issuer; (2) a digital asset broker; (3) a digital asset marketplace; or (4) a digital asset investment adviser. The proposal appears to echo concerns raised by the chair of the SEC regarding conflicts of interest arising from intermediaries providing an “amalgam of services that typically are separated from each other” in the securities markets. However, unlike in the proposal, there is no blanket federal securities law prohibition on these activities being undertaken within a single firm.

Implementation of the proposal’s restrictions would disrupt current market practices. In particular, segregating the activities performed by digital asset brokers from those of marketplaces would require a significant restructuring of the activities and corporate organization of many incumbent firms, including many entities currently operating under BitLicenses issued by NYDFS.

Banks and trust companies would benefit from a limited exemption from these restrictions, if the entity is not “engaged primarily” as a digital asset broker, issuer or investment adviser. However, a bank or trust company that operates a digital asset marketplace would still be prohibited from engaging in digital asset broker, issuer or investment adviser activities.

A bank or trust company engaged in digital asset broker activities would also not be permitted to effect transactions in any digital asset it issued. Of course, the authority of any bank or trust company to engage in any of these activities would remain subject to applicable banking laws.

The proposal would give explicit authority to NYDFS to regulate and supervise each regulated entity. Each regulated entity would be required to file a registration statement with the NY Department of Law prior to engaging in business within or from New York.

Listing standards and disclosure

Similar to the requirements for national securities exchanges in the securities markets, the proposal would require each marketplace to adopt and publish listing standards for digital assets. Yet even here the proposal goes further than federal securities law because the listing standards would have to include, at a minimum, capital requirements for issuers and public disclosure of the digital asset’s source code, which would need to be vetted by the marketplace to ensure that it is consistent with the issuer’s disclosure required under the proposed legislation, neither of which is required to be part of a national securities exchange’s listing standards.

Prior to issuance, a digital asset issuer would be required to publish a prospectus that includes “all related material information about the issuer and the digital asset.” Required information would include, at a minimum, a description of the issuer’s business, financial condition, results of operations, and conflicts of interest; the identities of all directors, officers and key employees; as well as risk factors and financial statements. Issuers would also be required to submit information about recent sales of digital assets to the NY Department of Law. For digital assets already issued at the effective date of the CRPTO Act, issuers would have 90 days to publish a prospectus.

Regulated entities (other than issuers) would be prohibited from supporting a digital asset unless they provide customers with the information required in the prospectus and links to the issuer’s most recent financial statements.

These prospectus and listing requirements could pose a significant obstacle for many digital assets and, by extension, marketplaces that wish to list them. Digital assets typically do not represent a claim on a legal entity’s assets or revenues, and their issuers have traditionally not published information on their financial condition—which is often not highly relevant to purchasers. It is also unclear who would satisfy issuer obligations where a digital asset, like bitcoin, is not issued or maintained by an identifiable controlling party.

The proposal includes a grandfathering provision intended to provide a path for regulated entities to support existing digital assets. A regulated entity would be permitted to continue listing, offering and selling, or advising on an existing digital asset if the regulated entity conducts a “diligent search” for the information required to be in the prospectus and discloses the details and results of its search and any related material information obtained.

But whether gleaned from the issuer’s prospectus or from the regulated entity’s own “diligent search,” it is not clear what liability a digital asset marketplace, broker or investment adviser would incur if the information it provides about the digital asset is ultimately not accurate or complete.


Mirroring SEC regulation of broker-dealers, the proposal would require digital asset brokers to “promptly obtain and … thereafter maintain the physical possession or control of all fully paid digital assets carried by the digital asset broker for the accounts of customers.” Indeed, “possession or control” is defined in the proposal by reference to the SEC’s Customer Protection Rule (Rule 15c3-3). While the proposal would provide that possession includes “holding private keys necessary to transfer a customer’s digital assets,” it is not clear how this would be consistent with the cross reference to Rule 15c3-3, which the SEC staff has generally interpreted as not being satisfied by a broker-dealer holding private keys, in light of the challenges in proving that no one other than the broker-dealer also has a copy of the keys.

Similarly, the proposal would view control satisfied if the digital asset broker maintained “custody with a third-party custodian in accordance with [Rule] 15c3-3(c),” which allows securities to be held by a third party for a broker-dealer if the securities are in a “good control location,” such as in the possession or control of a clearing agency, bank, or another broker-dealer that holds them for the broker-dealer’s customers.

As clearing agencies do not custody digital assets, and broker-dealers generally cannot, this would appear to leave only banks—which also face capital challenges in offering digital asset custody in light of bank regulatory concerns and SEC staff accounting guidance.

Inspired by recent high-profile bankruptcies of digital asset trading platforms, the proposal would prohibit digital asset marketplaces from maintaining physical possession or control of a customer’s digital assets except for the purpose of effecting a specific transaction. Rather, unlike existing market practices, digital assets would have to be custodied by a digital asset broker, or self-custodied by the customer through an unhosted wallet. A prohibition on marketplaces from providing custody could challenge their ability to provide real-time settlement of customer transactions through off-chain ledger updates on their own books.


Regulated entities would be prohibited from referring to any digital asset as a stablecoin, or from suggesting that any digital asset is similar to a stablecoin, unless a “stablecoin ratio of 1.0” or greater in dollars or other permitted high-quality liquid assets is maintained.

Although it may not be the intent, the text of the proposal would appear to place the burden on digital asset brokers, marketplaces, and investment advisers supporting a stablecoin to ensure that the stablecoin ratio is maintained, even though these registered entities could not also be the stablecoin issuer.


The proposal would introduce a number of requirements to bring additional transparency to registered entities’ business practices. For example, all digital asset brokers would be required to disclose to customers any fees to be received “from any source whatsoever,” including any commission, immediately prior to effecting a transaction in a digital asset on behalf of the customer. And digital asset marketplaces would be required to publicly disclose in an easily accessible manner any fees to be received from any source whatsoever, including any listing fees or commissions.

Similar to trade reporting obligations applicable in the securities markets, digital asset brokers and marketplaces that effect off-chain transactions (i.e., those that are not automatically publicly viewable on blockchain networks) would be required to publish the price and volume of each executed transaction within ten seconds of the transaction.

Conflicts of interest and other participant conduct provisions

In addition to the restrictions on combining functions, the proposal includes several provisions specifically aimed at reducing conflicts of interest. For example, the proposal would prohibit any digital asset broker from recommending or referring any person to an investment adviser or issuer where the broker would receive any potential or actual economic benefit, directly or indirectly.

Because the potential for indirect economic benefit could be interpreted extremely broadly (e.g., from generating goodwill), this could essentially prohibit all recommendations. Investment advisers would owe a fiduciary duty to any customer, and all digital asset issuers, brokers, marketplaces, and investment advisers would be required to observe “high standards of commercial honor and just and equitable principles of trade.”

Promoters of digital assets (referred to as influencers) would be required to disclose their ownership interests and any compensation they receive, as well as register with the NY Department of Law before promoting any digital asset. These requirements mirror concerns raised by the SEC in several high-profile cases filed against celebrity and social-media promoters of digital assets who the SEC alleged failed to disclose their receipt of compensation in violation of the anti-touting rules.

Unauthorized transfers

The proposal contains provisions modeled on the federal Electronic Fund Transfer Act that would require digital asset brokers and investment advisers to reimburse customers for self-reported unauthorized transfers. The proposal would place the burden of proof for demonstrating that a transfer was indeed authorized on the brokers or investment advisers.

Unauthorized transactions are defined to include both transactions effected without the customer’s actual authorization and transactions effected “with the customer’s authorization due to fraudulent inducement by a third party.” A customer’s liability for unauthorized transfers is limited depending on whether and when the customer provides notice to the broker or investment adviser of the unauthorized transfer.

This communication, which we believe may be of interest to our clients and friends of the firm, is for general information only. It is not a full analysis of the matters presented and should not be relied upon as legal advice. This may be considered attorney advertising in some jurisdictions. Please refer to the firm's privacy notice for further details.