Quarterly Fintech Regulatory Update
First published in the second edition of the Appleby Asia Alert
Since the inaugural issue of Appleby Asia Alert in June 2018 which briefly introduced the regulatory landscapes of fintech-related areas in Bermuda, Cayman Islands and BVI, there have already been some important changes to such legal and regulatory frameworks in these jurisdictions.
Initial Coin Offerings
The Companies and Limited Liability Company (Initial Coin Offering) Amendment Act 2018 (ICO Act) became operative on 9 July 2018 and the related Companies and Limited Liability Company (Initial Coin Offering) Regulations 2018 (ICO Regulations, together with the ICO Act, ICO Legislation) came into force on 10 July 2018.
The ICO Legislation regulates all aspects of offering digital assets to the public in or from Bermuda. A digital asset covers anything that exists in binary format, including all forms of cryptocurrencies, digital coins and tokens issued in connection with initial coin offerings (ICOs). We have published a separate article with guidance for issuers seeking to undertake an ICO. Please get in touch with your usual Appleby contact should you wish to receive the ICO framework guide.
Digital Asset Businesses
The Digital Asset Business Act 2018 (DABA) came into force on 10 September 2018.
DABA provides that an applicant may apply for a class F licence (a full asset digital licence) or a class M licence (a sandbox licence for a predefined period). The Bermuda Monetary Authority (BMA) Assessment and Licensing Committee has produced an Information Bulletin outlining the requirements for Digital Asset Business (DAB) applications. In addition, DAB sector specific AML/ATF guidance notes have been published.
On 11 September 2018, the following rules in relation to DABA:
- Digital Asset Business (Client Disclosure) Rules 2018 (Client Disclosure Rules)
- Digital Asset Business (Cybersecurity) Rules 2018 (Cybersecurity Rules)
- Digital Asset Business (Prudential Standards) (Annual Return) Rules 2018 (Prudential Standards Rules)
Client Disclosure Rules
The Client Disclosure Rules provide that every licensed undertaking shall disclose to the client, prior to entering into an initial transaction, all material risks associated with its products, services and activities and any additional disclosure that the BMA determines is necessary for the protection of clients.
The Cybersecurity Rules provide that every licensed undertaking should file annually a written report assessing certain functions of its electronic systems and identifying cybersecurity risk to the digital asset business. The Cybersecurity Rules also set out requirements as to what audit functions should be considered in the licensed undertaking’s cybersecurity program.
Prudential Standards Rules
The Prudential Standards Rules provide that a licensed undertaking should file an annual return with the BMA and outline what information should accompany the annual return (e.g. financial statements, business plan for the next financial year, certificate of compliance, a declaration signed by two directors or a director and an officer).
The Cayman Islands has passed its new Data Protection Law (expected to come into force in January 2019), much like the European Union’s General Data Protection Regulation. Once the Law is in force, any direct marketing sent to individual data subjects in the Cayman Islands will need to include an unsubscribe mechanism. Data subjects will also have the right, at any time, to request that any direct marketing activity cease.
British Virgin Islands
The BVI Financial Services Commission (FSC) has amended its Anti-Money Laundering and Terrorist Financing Code of Practice 2008 (AML Code), effectively the financial services industry’s rulebook for customer verification and know your customer (KYC), so that credit and financial institutions based in the BVI may now use electronic innovations to expedite customer verification. The amendments came into force on 1 August 2018 and should prove efficient in streamlining KYC procedures for ICOs or token launches where companies need to undertake bulk KYC checks on large volumes of purchasers.
General global developments
The review by the Financial Action Task Force (FATF) of the application of its recommendations to crypto-assets and virtual currencies is due to clarify its recommendations with detailed proposals to be released in October 2018. Although the FATF’s recommendations are non-binding, they are being implemented by countries around the world including the Cayman Islands, BVI and Bermuda.
With technological innovation transforming offshore businesses and markets, Appleby has led the way amongst the offshore firms by launching a dedicated Global Technology and Innovation Group. With experts across its network of offices around the world, the group supports clients across a broad range of emerging technologies.
Upon engagement, we would be pleased to review your business proposal and advise on whether your ICO or token launch would fall within the remit of a security in the Cayman Islands or BVI or whether the ICO Legislation in Bermuda would apply to you. We can advise on any licensing requirements and assist with any application to be made where consent is required to be sought. We can also assist with additional support services relating to requirements surrounding the compliance regime of any of these jurisdictions.
As the regulatory environment surrounding cryptocurrencies and ICOs is constantly evolving, we encourage you to contact any member of Appleby’s Global Technology & Innovation Team on the current regulatory position.