The document accused the agency – still the only U.S. regulator with a comprehensive set of rules for doing crypto business – of falling short in several areas, including missing fingerprint information, unavailable background on applicants’ tax obligations, long lags between risk assessments on applicants and their eventual approvals, missing financial information and insufficient cybersecurity compliance from BitLicensees.