USA – NEW YORK Trends and Developments Contributed by: Sam Davidson, Davidson Firm PLLC
fication Review Committee as meeting or exceeding federal standards. This dual-track structure reflects a federal philoso - phy favouring state dynamism and regulatory experi - mentation rather than federal pre-emption. Yet this approach stands in tension with the administration’s posture on AI regulation. While the GENIUS Act encourages states to serve as laboratories for digi - tal asset innovation, the December 2025 AI Execu - tive Order directs federal agencies to prepare legisla - tive recommendations for pre-empting state AI laws deemed inconsistent with national innovation policy. The result is regulatory uncertainty: in stablecoin regu - lation, states are invited to participate; in AI regulation, state requirements that exceed or diverge from federal priorities may be overridden. Notwithstanding, New York’s regulatory ecosystem, including trust company charters under Banking Law Article III, money transmitter licensing under Article XIII-B, and digital asset supervision under the BitLi - cense framework, positions New York as a candidate for GENIUS Act certification. The NYDFS has estab - lished precedent for state-level oversight of digital asset custody and payment systems through trust company charters, creating institutional pathways through which entities may seek qualification as state payment stablecoin issuers. Tying this back to the NY Disclosure Act – chartered stablecoin issuers under New York trust company frameworks would, in most instances, qualify as GLBA financial institutions and therefore fall within the NY Disclosure Act’s exemption. Yet where these char - tered entities engage in consumer-facing activities beyond core payment stablecoin functions, or where they partner with non-exempt companies in embed - ded finance arrangements, the NY Disclosure Act may become relevant if embedded finance models distrib - ute pricing authority beyond the chartered entity. NYDFS supervisory signals The NY Disclosure Act is part of a broader regulatory pattern in New York. In October 2025, NYDFS issued an industry letter clarifying that under 23 NYCRR Part 500, Covered
Entities must maintain risk-based cybersecurity pro - grammes and are prohibited from delegating compli - ance responsibility to third parties. Part 500 applies broadly to entities operating under or required to operate under any licence, registration, charter, cer - tificate, permit, accreditation or similar authorisation under New York’s Banking Law, Insurance Law or Financial Services Law. This includes chartered trust companies, money transmitters, and BitLicense hold - ers – categories central to fintech operations in and through New York. Entities engaged in embedded finance partnerships with such regulated entities may also face indirect scrutiny through vendor manage - ment and third-party oversight obligations imposed on the Covered Entity itself. In Insurance Circular No 7, NYDFS issued guidance concerning the use of AI and predictive models in insurance underwriting. Although sector-specific, the guidance emphasises the importance of governance, testing and board oversight. The regulatory message is consistent: technological innovation does not reduce institutional responsibil - ity. The use of complex algorithmic systems increases governance expectations. Boards and senior manage - ment cannot delegate accountability to data scientists or technology vendors. Effective governance requires decision-makers to understand how systems operate, what data they use, how outputs are validated, and what risks they present – regardless of whether the technology is developed in-house or procured from third parties. Conclusion: governance for 2026 Fintech companies operating in New York face varying but often overlapping compliance obligations depend - ing on their business models, charter structures, and operational arrangements. Those deploying AI models using consumer personal data, pursuing or operating under state or federal charters or licences, or operating within embedded finance or partnership architectures, should consider structured internal reviews address - ing the specific regulatory intersections relevant to their activities. Not all companies will confront each dimension discussed in this chapter: a non-exempt fin - tech using personalised algorithmic pricing may face transparency obligations under the NY Disclosure Act
1002 CHAMBERS.COM
Powered by FlippingBook