Genesis Global Trading: an expensive lesson in cybersecurity compliance with an $8 million agreement



Genesis Global Trading, a subsidiary of Digital Currency Group, has agreed to pay a significant $8 million transaction to the New York State Department of Financial Services (NYDFS) following the findings of cybersecurity inadequacy. 

This resolution, together with the renunciation of the BitLicense license and the cessation of operations in the State, highlights the consequences of non-compliance with regulations and emphasizes the imperative of strong cybersecurity measures in the cryptocurrency sector.

Genesis Global Trading settles for $8 million following NYDFS’s findings on cybersecurity deficiencies

Genesis Global Trading, a subsidiary of Digital Currency Group, has reached an agreement with the New York State Department of Financial Services (NYDFS) after the regulatory body identified critical deficiencies in cybersecurity. 

The agreement, finalized on Friday, provides that Genesis Global Trading ceases operations in the State and renounces its BitLicense, the essential license for virtual currency activities in New York. As part of the agreement, the company will pay a substantial amount of 8 million dollars to the State of New York.

The superintendent of NYDFS, Adrienne A. Harris, emphasized the seriousness of Genesis Global Trading’s non-compliance, stating:

“Genesis Global Trading’s inability to maintain a functional compliance program has demonstrated a failure to comply with the regulatory requirements of the Department and has exposed the company and its clients to potential threats.”

The regulatory action was initiated following routine examinations and an executive investigation, which revealed a series of violations related to anti-money laundering compliance, filing reports on suspicious activities, and, above all, deficiencies in cybersecurity. 

The cybersecurity risk assessment undertaken by Genesis Global Trading in December 2022 was deficient and delayed. It failed to comprehensively identify the areas, systems, or processes that require improvements, updates, or redesigns to meet the stringent requirements of the cybersecurity regulation.

Risk assessment

The NYDFS, in its consent order, emphasized that Genesis Global Trading’s cybersecurity risk assessment, completed years late, lacked the necessary depth and did not include plans to improve the overall cybersecurity program for full compliance with regulatory standards.

This agreement emphasizes the growing importance of strong cybersecurity measures in the cryptocurrency and blockchain sector. 

The consequences of omitting these critical aspects not only result in financial penalties, but also pose a significant threat to the company and its customers.

In light of this development, sources familiar with the process reveal that Digital Currency Group (DCG), the parent company of Genesis Global Trading, is planning to file a motion to dismiss a lawsuit initiated by the New York Attorney General’s office. 

The lawsuit, filed in October against Gemini Trust Company, Genesis 

Global Capital, LLC and its affiliates Genesis and Digital Currency Group, are accused of defrauding New York investors of over 1 billion dollars.

With the continuous evolution of the industry, regulatory bodies are demonstrating an increased commitment to the implementation of rigorous cybersecurity standards. 

Companies operating in the cryptocurrency space must prioritize and continuously improve their cybersecurity programs to ensure compliance, safeguard their operations, and protect the interests of their stakeholders. The settlement of Genesis Global Trading serves as a reminder of the consequences that entities can face when neglecting these critical aspects in an era where cybersecurity is paramount.