The Development of FinTech Products and Services
The Isle of Man has been very welcoming to the FinTech sector and has shown enthusiasm for the development of FinTech products. The established finance and e-gaming sectors, along with the technical infrastructure, have made the FinTech market a natural fit in the island. The Isle of Man Government has quickly established regulatory and fiscal control, processes and procedures to allow FinTech businesses to establish themselves in the Island while providing necessary protection for businesses and customers. Alongside this, the continuous investment in the Island’s infrastructure has contributed to the thriving e-business sector already developed in the Isle of Man. Together, the regulation and infrastructure have encouraged the inflow of specialised companies to the Island; both industry participants and their supporting technical ecosystem.
The Isle of Man Government established a regulatory framework for digital currencies by introducing anti-money laundering and know your customer requirements in 2015 to this sector, one of the first jurisdictions to do so. Having embraced digital currencies, distributed ledger technology, or blockchain, companies working in this area have since begun to arrive in the Island.
In May 2016, a new legislative regime to allow crowdfunding platforms to establish their businesses in the Isle of Man came into force. These activities are contained in a new, standalone classification of regulated activity.
The Key Market Participants in the Specified Activities
Local success stories in the FinTech sector include the following:
- ChainPay: payments processor
- CoinCorner: Bitcoin exchange and web wallet provider.
- Credits: blockchain platform provider.
- Global Processing Services: transaction processing and programme management environments for payment card programmes.
- Paysafe: online payment processing.
- Riva Financial Systems: administrative solutions to the asset management industry.
Whilst FinTech companies have not displaced traditional financial service providers, the FinTech market is continuously developing in the Isle of Man. As FinTech is such a new and evolving sector, it is difficult to measure its influence accurately. However, e-business as a whole is the Isle of Man’s fastest-growing sector and now contributes to approximately 28% of GDP, according to the Island’s Department of Economic Development (DED)
Regulatory Regimes for Specified Activities or FinTech Companies
In the Isle of Man, financial services are governed principally under the Financial Services Act 2008 (FSA08), which sets out a general prohibition against a person carrying on, or holding themselves out as carrying on, by way of business, in or from the Isle of Man, a financial services activity without a licence or in breach of licence conditions unless an exclusion (as set out in the Regulated Activities Order 2011 (as amended) (RAO2011)) or an exemption (as set out in the Financial Services (Exemptions) Regulations 2011 (as amended)) applies.
Regulatory or Governmental Agencies for Specified Activities or FinTech Companies
The Isle of Man Financial Services Authority (IOMFSA) is the regulator responsible for enforcing compliance with the FSA08. The IOMFSA’s regulatory objectives are to secure an appropriate degree of protection for customers of persons carrying on a regulated activity, to reduce financial crime and support the Island’s economy. A licence to carry out a regulated activity is granted by the IOMFSA. To grant a licence, the IOMFSA must be satisfied that the applicant, any controller, director or other key persons are fit and proper to carry on the regulated activity, having regard to their integrity, competence, financial standing, structure and organisation. The IOMFSA must also be satisfied that the activity will be managed and controlled in the Isle of Man and there will be a real presence in the Island.
The RAO2011 sets out those activities that will constitute regulated activities, which consist of:
- Class 1 – deposit taking;
- Class 2 – investment business;
- Class 3 – services to collective investment schemes;
- Class 4 – corporate services (ie, services with respect to the formation of companies);
- Class 5 – trust services;
- Class 6 – crowdfunding platforms;
- Class 7 – management and administration services; and
- Class 8 – money transmission services.
Note that there is a distinction in the Isle of Man between deposit taking and lending, and a person conducting a business of lending money in the Isle of Man is required to register with the Office of Fair Trading (OFT) under the Moneylenders Act 1991, unless an exemption applies.
The types of crowdfunding available to businesses in the Isle of Man include loan (or debt) crowdfunding and investment (or equity) crowdfunding. Loan-based crowdfunding offers financial returns to the lender through interest on the amount lent. Investment-based crowdfunding involves the lender receiving investment in the borrower’s business. Operating loan-based crowdfunding platforms is licensable as a Class 6 activity under the RAO2011, in particular: (i) the operation of an electronic platform in relation to lending in which the operator of the electronic platform facilitates persons to become lenders or borrowers and (ii) the administration of crowdfunded lending, including the transfer of repayment funds from borrower to lender and debt collection in relation thereto. Class 6 of the RAO2011 also covers the operation of investment-based crowdfunding services, which means the operation of an electronic platform in relation to arranging deals in investments in which the operator of the electronic platform facilitates persons to become issuers of investments or direct investors. Regulated crowdfunding in the Isle of Man is limited to online crowdfunding portals and the arranging of crowdfunded investments and/ or loans. A Class 6 licence does not permit the provision of advice in relation to these matters. In order to advise on crowdfunding opportunities, a business would also need a Class 2 (investment business) licence.
Crowdfunding became a standalone regulated activity in 2016 (under the Regulated Activities (Amendment) Order 2016) and is an example of how the Isle of Man regulatory regime has adapted to accommodate new technologies and forms of financial services business. Operating investmentbased crowdfunding platforms was previously captured as a Class 2 (investment business) activity by virtue of “dealing in investments” (which includes shares) and “arranging deals in investments” (also including shares). However, Class 6 of the RAO2011 (as amended) now makes specific provision for operating investment-based crowdfunding platforms. A person will now not need to be licensed to carry out investmentbased crowdfunding under Class 2 where a licence is held to carry out investment crowdfunding activities under Class 6.
Money transmission services are regulated under Class 8 and include the provision and execution of payment services directly or as agent and the issuing of electronic money. The definitions of payment services largely mirror the EU’s Payment Services Directive of 13 November 2007 (2007/64/EC). Operating an automated or robo investment platform in or from the Isle of Man is likely to fall under Class 2 (investment services).
When granting a financial services licence under the FSA08, the IOMFSA, as well as looking at the competency of officers, will consider the ability of the entity to comply with the FSA08, the Financial Services Rule Book 2016 (Rulebook) and any anti-money laundering and countering the financing of terrorism legislation, including the Proceeds of Crime Act 2008 (POCA), the Anti-Money Laundering and Countering the Financing of Terrorism Code 2015 (AML/ CFT Code) and the Anti–Money Laundering and Countering the Financing of Terrorism Handbook 2017 (AML/CFT Handbook).
The Isle of Man’s AML/CFT legislation largely conforms to international standards. Although the Isle of Man is not a member of the Financial Action Task Force, the Isle of Man Government has recognised the Financial Action Task Force recommendations. In January 2017 MONEYVAL (the Council of Europe’s Committee of Experts on the Evaluation of Anti-Money Laundering Measures and the Financing of Terrorism) released its Fifth Round Mutual Evaluation Report following a visit to the Isle of Man in April-May 2016 to analyse the level of compliance with the Financial Action Task Force 40 Recommendations and the level of effectiveness of the Island’s AML/CFT system. The report is largely positive, although to monitor progress in making improvements the Isle of Man is now in ‘enhanced follow-up’. This is not unusual after a Fifth Round Evaluation and 86% of countries assessed so far have been placed in this category.
The Island has had a framework in place to try to combat money-laundering since 1985, when it began to apply the “know your customer” or “customer due diligence” (CDD) principle, which is the term to describe the process of obtaining, retaining and using information about a customer to verify their identity, personal details and their source of wealth, and to understand their business or transactional activities. Every business regulated by the IOMFSA must conduct CDD checks under the AML/CFT legislation.
In addition to the IOMFSA, the DED assists in the incorporation of companies through the Isle of Man Companies Registry. The DED promotes and encourages the development of business in the Isle of Man and works together with local business to meet their needs and help to develop and diversify industries in the Island.
Capital and Liquidity Requirements
The Rulebook sets out a number of financial requirements that licence-holders must comply with that regulates, among other things, the issued share capital, net tangible assets and liquid capital of licence-holders. The specific financial requirements for each class of regulated activity depend on the type of regulated activity being carried out. For example, to be licensed under Class 6, a share capital of GBP25,000 (which must not be subject to being crowdfunded) is required and there is a minimum net tangible asset requirement of GBP50,000. For Class 8 licence-holders, where funds held as client money exceed GBP50 and (i) are held in exchange for electronic money that has been issued, or (ii) are a sum of money from a payment service provider used for the execution of a payment transaction on behalf of the payment service provider or payment service user, the licence-holder must ensure that they safeguard the funds. Safeguarding funds, under the Rulebook, can be achieved by holding the funds in a segregated account with a recognised bank that is used to hold segregated funds only and is named in such a way to show that the account is used to safeguard the segregated funds. A Class 8 licence-holder must also ensure that it segregates customers’ money from the licence-holder’s funds and that customer’s money and the licence-holder’s funds do not become intermingled. The licence-holder must at all times show how much money stands to the credit of each person making use of the payment service in the capacity of the payer or payee, a “payment service user,” and electronic money-holder, and that money belonging to one payment service user or electronic money-holder is not used for another.
There are also a number of reporting requirements in the Rulebook that licence-holders must comply with, including the requirement to keep adequate accounting records and provide annual financial returns to the IOMFSA within four months of the licence-holder’s annual reporting date. The annual financial returns should include the latest audited annual financial statements of any subsidiary or associated company of the licence-holder.
Change of control approval requirements
Any change of control of a licence-holder must have had the prior consent of the IOMFSA. If a person obtains a controlling interest in a licence-holder; if any change takes place to an existing controlling interest in a licence-holder that would take that controlling interest from 50% or less to over 50% or from 75% or less to over 75%; or if there is any change in the ownership structure between the licence-holder and its ultimate parent company then consent will need to be obtained
Recent Developments or Notable Proposed/ Forthcoming Regulatory Changes
The Isle of Man has taken steps to regulate virtual currency businesses, hoping to attract industry by offering the credibility of operating under regulatory oversight. In 2015, Schedule 4 of POCA was amended to bring virtual currency within the definition of undertaking business in the “regulated sector” and therefore subject to AML/CFT legislation. Business in the regulated sector now includes “the business of issuing, transmitting, transferring, providing safe custody or storage of, administering, managing, lending, buying, selling, exchanging or otherwise trading or intermediating convertible virtual currencies, including crypto-currencies or similar concepts where the concept is accepted by persons as a means of payment for goods or services, a unit of account, a store of value or a commodity.” The Isle of Man Government decided to treat digital currencies as property rather than currency. Digital currencies do not have legal tender but are representations of value that can be traded, functioning as a medium of exchange.
The Designated Businesses (Registration and Oversight) Act 2015 (DBROA) tasks the IOMFSA with monitoring the compliance of designated businesses (such as virtual currency businesses) with the Island’s AML/CFT legislation. The IOMFSA’s role in granting licences for those carrying out regulated activities is separate to its role under the DBROA. Those persons affected by the provisions of the DBROA (such as the virtual currency sector) are not automatically made licence-holders of the IOMFSA, but the IOMFSA oversees the adherence of these businesses to the AML/ CFT legislation. The IOMFSA may carry out inspections and investigations at the premises of a designated business to assess the extent to which they meet the requirements of the DBROA, AML/CFT legislation and its own procedures for compliance with them. The IOMFSA can report on its findings following an on-site visit and can issue written directions or public statements.
Burden of Regulatory Framework and Protection of Customers
There are no specific statutory consumer protection provisions in the event of failure of a company carrying out regulated activities, such as crowdfunding and the provision of virtual currency services, as the Isle of Man’s depositor compensation scheme applies to deposit taking only.
However, the Isle of Man Financial Services Ombudsman Scheme, which operates within the OFT, hears complaints relating to financial services regulated under the FSA08. The powers of the Ombudsman are set out in the FSA08 and include the power to refer a complaint to an adjudicator who can award compensation.
Foreign fintech companies
Foreign companies must register as a foreign company under the Foreign Companies Act 2014 if that company carries on, or is held out as carrying on, business from an “established place of business” in the Isle of Man.
Where a business is operating in or from the Isle of Man, it is likely that there will also be data protection implications. The Isle of Man’s Data Protection Act 2002 (DPA2002) will apply to those data controllers who process “personal data,” who must make and maintain a notification with the Isle of Man Information Commissioner and comply with the eight data protection principles described in 5 Data Privacy and Cyber Security.
Form of Legal entity
Potential Forms of Charter
In the Isle of Man, companies are administered by the DED through the Isle of Man Companies Registry. There are two principal co-existing company regimes: companies incorporated under the Company Act 1931 (CA 1931) and companies incorporated under the Company Act 2006 (CA 2006). There are a number of types of company available under the CA 1931 and CA 2006; however, the most suitable type of company for FinTech businesses will be a company limited by shares.
Key Differences in Form
A company limited by shares incorporated under CA 1931 must have a minimum of two individual directors and a company secretary. There is no residency requirement (other than entities regulated by the IOMFSA) and companies may have a single member. There is no requirement under the CA 1931 to engage the services of a local corporate services provider; however, any company that has not engaged such services and is not otherwise exempt is required to appoint a nominated officer as described further below in 3.3 Recent Legal Changes. There are a number of corporate documents that are available for public inspection for CA 1931 companies, which include the current directors of the company and the members at the date of the company’s annual return and details of share capital. A company under the CA 1931 can be a public or private company, whereas there is no distinction between public and private companies under the CA 2006.
Under the CA 2006, there is no concept of authorised share capital. Therefore, subject to a company’s articles of association, the directors may increase the share capital in any way and reduce the share capital by resolution of the directors. This differs from the requirements under the CA 1931 where a reduction of share capital requires a special resolution of the members and the sanction of the court. Companies incorporated under the CA 2006 can have a sole director, who can be a corporate director if the corporate director holds a Class 4 licence from the IOMFSA (which does not exclude them acting as a director), and a sole member. There is no requirement under the CA 2006 regime to have a company secretary; instead, companies must have a registered agent, licensed by the IOMFSA. The role of the registered agent is to ensure that the company is properly administered and that the statutory registers and documents are kept up to date and maintained at the office of the registered agent. Unlike companies incorporated under the CA 1931, under the CA 2006 only a limited amount of information is available to the public and details of the company’s members and current directors are only publicly available if the company has elected to file these registers with the Isle of Man Companies Registry. A company incorporated under the CA 2006 will need to make such election if it is to be licensed under the FSA08 and will be subject to additional requirements with regard to the number and residency of directors.
Companies incorporated under the CA 1931 or the CA 2006 would be suitable for FinTech businesses (although discretion lies with the IOMFSA), with the CA 2006 having the benefit of greater flexibility, although additional costs in the requirement for a licensed registered agent and some of the benefits of increased privacy will be reduced through licensing conditions imposed by the IOMFSA.
recent legal changes
The Beneficial Ownership Act 2017 (BOA 2017) has recently come into force and requires the DED to maintain a database of beneficial ownership. The BOA 2017 applies to all legal entities incorporated, registered or established in the Isle of Man (and not excluded under the BOA 2017) and requires those legal entities to appoint a nominated officer who is either a natural person resident in the Isle of Man or a local and licensed corporate service provider who must maintain the beneficial ownership information for any entity to which the BOA 2017 applies. The nominated officer must submit details of registerable beneficial owners to the DED to be stored on a central database, which is not publicly available but may be accessed by certain law enforcement agencies within defined parameters.
Beneficial ownership is defined in the BOA 2017 as “a natural person who ultimately owns or controls a legal entity to which the BOA 2017 applies, in whole or in part, through direct or indirect ownership or control of shares or voting rights or other ownership interest in that entity, or who exercises control via other means.” A registerable beneficial owner is defined in the BOA 2017 as being “a beneficial owner who owns or controls more than 25% of the beneficial ownership of a legal entity to which the BOA 2017 applies.” Those companies incorporated under the CA 1931 which already had a nominated officer will not have to appoint an additional nominated officer as long as the current nominated officer continues to act.
Legal Infrastructure (Non-regulatory)
Desirable Changes to Facilitate Specified Activities
As discussed above, there have been recent changes to the regulatory framework in the Isle of Man. These changes have seen crowdfunding brought within the regulatory framework and classified as a regulated activity within the RAO2011 under Class 6. This has provided a further opportunity to the FinTech market in the Island, allowing development of the Island’s economy while enabling risks to lenders and consumers undertaking crowdfunding to be mitigated.
There have also been amendments to the Isle of Man’s online gambling regulations that allow accounts to be opened with an Isle of Man gambling operator using Bitcoin. The Online Gambling (Amendment) Regulations 2016 provide that an account can be opened with an Isle of Man gambling operator using “a deposit of something which has value in money’s worth.” This includes the deposit of a value in virtual currency or a virtual good.
POCA has been amended to take in the changes to the regulatory framework for virtual currency. The amendment to POCA means that the money laundering offences of concealing, arranging and acquiring criminal property under Part 3 of POCA as well as the offences of failing to disclose and tipping off will apply to virtual currency and other money transmission services as well as other regulated activities under the FSA2008. This means that those digital currency businesses will need to comply with the AML Handbook and the AML Code in the same way as with other businesses that are regulated under the FSA2008 by the IOMFSA.
The foregoing has contributed to the continued development of e-business in the Isle of Man, which includes, among others, digital currency, blockchain and crowdfunding. The Isle of Man already has a legislative framework that accommodates e-business, which includes the Electronic Transactions Act 2000 (ETA2000) which is described below in 4.3 Electronic Signatures.
Special Insolvency Regimes
The Isle of Man’s corporate insolvency procedure is governed by the CA 1931 (which applies to CA 2006 companies by virtue of Section 182 CA 2006) and the Companies (Windingup) Rules 1934. Companies may be wound up voluntarily, by order of the Isle of Man courts or subject to the supervision of the courts. The insolvency regime is similar to that in the United Kingdom under the Insolvency Act 1986; however, concepts of administration, examination or company voluntary arrangements do not exist in Isle of Man law. When determining whether to wind up a company because the company is unable to pay its debts, its contingent and prospective liabilities will be taken into account.
There are a number of provisions of the CA 1931 that protect the interests of creditors by maintaining the assets of the company pending and during the insolvency procedure. These include, amongst others, that an action may not be brought against the company without leave of the court; in a winding-up by the court, any disposition of the property of the company (including things in action) and any transfer of shares, or alteration in the status of the members of the company, made after the commencement of the windingup is void; and any transfer of shares made after the commencement of a voluntary winding-up or any alteration in the status of members without sanction of the liquidator is void. There are also provisions that govern fraudulent trading, fraudulent assignments and fraudulent preferences.
There is no requirement for insolvency office holders to be formally regulated. Any individual may act as a liquidator in a voluntary liquidation; however, where the court is appointing a liquidator, it is generally reluctant to appoint persons who are not known to it and will usually only appoint a liquidator that (i) is resident within the jurisdiction, (ii) has the necessary experience and (iii) holds the necessary levels of insurance. It is possible to have an overseas insolvency practitioner appointed, but the court will usually insist on a joint appointment with a local experienced liquidator. Only individuals can be appointed to wind up Isle of Man companies; however, this does not prevent an officer or employee of a body corporate from being appointed.
The ETA2000 provides for the use of electronic signatures. When creating a contract under Isle of Man law, the normal rules of contract law would apply, ie, evidence of intent, sight of relevant terms and conditions prior to contract formation and the need for consideration. Section 1 ETA2000 provides that a transaction will not be invalid merely because it takes place wholly or partly by means of one or more electronic communications. The requirement for a written signature of a person is taken to have been met under the ETA2000 in relation to an electronic communication if(i)a method is used to identify him and indicate his approval of that which is communicated, (ii)having regard to all the relevant circumstances at the time, the method is as reliable as is appropriate for the purpose of the information communicated and (iii) the receiver consents to that method.
The AML Handbook also allows CDD documentation to be obtained electronically. The AML Handbook provides that where CDD is obtained electronically, the authenticity of the electronic document must be verified by appropriate measures. For an identity document, a photograph should be provided that clearly shows the person’s face and the image on the identity document being held in the same picture to demonstrate that it belongs to the customer. A clear scanned copy of the document itself should also be provided and the documents should be in an image file or tamper-resistant format. The IOMFSA appears to accept the use of electronic documents so long as the guidance is followed. The usual CDD, identity and verification checks as set out in the AML Handbook should be adhered to.
Data Privacy and Cybersecurity
Data Privacy and Cybersecurity Regulatory Regimes
The main data protection legislation in the Isle of Man, the DPA 2002, is based upon the United Kingdom’s Data Protection Act 1998 and therefore gives effect to Data Protection Directive 95/46/EC. Although the Isle of Man is not part of the EU, it can choose to implement EU legislation when such is deemed in the Island’s best interests. The DPA2002 encapsulates the eight data protection principles that “data controllers” are obliged to comply with. A data controller under the DPA2002 is a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data is, or is to be, processed.
The eight data protection principles under the DPA2002 are:
- personal data must be processed fairly and lawfully, and must not be processed unless at least one of the conditions in schedule 2 to the DPA2002 is met and in the case of sensitive personal data, at least one of the conditions in schedule 3 to the DPA2002 is also met;
- personal data must be obtained only for one or more specified and lawful purposes, and must not be further processed in any matter incompatible with that purpose or those purposes;
- personal data must be adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed;
- personal data must be accurate and, where necessary, kept up to date;
- personal data processed for any purpose or purposes must not be kept for longer than is necessary for the purpose or those purposes;
- personal data must be processed in accordance with the rights of individuals who are the subject of personal data under the DPA2002;
- appropriate technical and organisational measures must be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data; and
- personal data must not be transferred to a country or territory outside the Isle of Man unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. The EU is automatically assumed to have adequate protection.
Data is personal data under the DPA2002 if it is “data which relate[s] to a living individual who can be identified from [that] data, or from [that] data and other information which is in possession of, or is likely to come into the possession of, the data controller and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.”
The Isle of Man Information Commissioner is an independent supervisory body that promotes and enforces compliance with the DPA2002 and deals with complaints made under the DPA2002. The duties of the Information Commissioner are set out in the DPA2002 and include the duty to “promote the following of good practice by data controllers and, in particular, so to perform his functions under this Act as to promote the observance of the requirements of this Act by data controllers.” The Information Commissioner can also take regulatory action where there has been a breach of the DPA2002.
All data controllers in the Island will need to comply with the DPA2002 and the data protection principles. It is likely that those entities carrying out activities regulated by the IOMFSA will interact with companies and customers on a day-to-day basis and therefore will be using and processing personal data on a daily basis, and so must ensure this is held in compliance with the DPA2002.
The European Commission (EC) determined on 28 April 2004 that the Island’s law ensured an adequate level of protection for personal data that aids with the transfer of personal data in and out of the Island to the European Economic Area (a so-called adequacy finding). The EC further resolved that the legal standards applicable in the Isle of Man covered all the basic principles necessary for an adequate level of protection and the application of these legal standards was guaranteed by judicial remedy and by independent supervision carried out by authorities such as the Information Commissioner.
The General Data Protection Regulation (GDPR) is set to come into force in May 2018 and will, amongst other things, impose requirements on certain organisations – including businesses that offer goods and services to individuals resident in the EU or businesses that will receive data from EU controllers – to appoint a data protection officer, attach stricter requirements regarding the giving of “consent” for processing of personal data and will provide easier access to information for individuals to show how their data is processed. The Isle of Man is expected to implement new data protection legislation in line with the GDPR for May 2018.
Whilst complying with the data protection legislation, the holder of a financial services licence, under the Rulebook, must also comply with certain requirements that include keeping and maintaining records of client money received and records to show and explain transactions effected by the licence holder on behalf of its client for six years. In addition, the AML Code requires those who carry out regulated activities to keep customer due diligence for five years from the date of completion of the transaction.
With the expanding e-business economy, the cybercrime threat to businesses is high. The UK’s National Crime Agency has released a Cyber Crime Assessment 2016 and although primarily related to the UK, much of the risks faced and guidance will be the same and will apply in the Isle of Man. The UK Government in light of this has also released guidance on cybersecurity that includes educating and raising awareness to staff and customer, monitoring the risks and having protection and network security in place as well as disaster recovery policies. The Rulebook already imposes requirements on financial services licence holders to have in place effective corporate governance arrangements that will assist in managing all risks, including cybersecurity, and that contains provisions regarding safeguarding data and assets, and ensuring staff are well trained in areas including data protection and cybersecurity. Under the Rulebook, certain matters should be reported to the IOMFSA, including incidents involving data or financial loss or any prevented attacks of this nature that could help to prevent other attacks. The IOMFSA issued cybersecurity guidance in December 2016 and has reported attacks that have occurred locally, although these are anonymised and it is unclear how frequent these attacks are.
FinTech businesses should ensure that they have adequate data protection and cybersecurity controls in place to prevent breaches occurring and ensure that they provide adequate training to staff.
Intellectual Property Protection Regime
The Isle of Man’s legislation regarding registered intellectual property derives mainly from the intellectual property laws in the United Kingdom. The principal terms of the UK Patents Act 1977 and the UK Trade Marks Act 1994 extend to the Isle of Man under the Patents (Isle of Man) Order 2013 and the Trade Marks (Isle of Man) Order 2013 respectively. The Island has its own copyright legislation, the Copyright Act 1991 and Copyright etc (Amendment) Act 2014 (although this is broadly based on the UK’s Copyright, Designs and Patents Act 1988), and its own legislation governing database rights, which were introduced by the Copyright (Amendment) Act 1999 and updated by the Database (Amendment) Regulations 2013. Database rights are separate to any copyright and exist where there has been substantial investment in obtaining, verifying or presenting the contents of a database. The Isle of Man does not have its own intellectual property registers for patents, trade marks or designs. Any trade mark registered in the UK and European Union trade marks will automatically receive protection in the Isle of Man. UK patents and patent applications extend automatically to the Isle of Man and no further formalities or costs are required. It is not clear as yet how (or indeed if) the EU Unitary Patent will be implemented into Isle of Man law.
The Isle of Man’s decision to follow UK and EU law in relation to intellectual property demonstrates adherence to international standards and shows that the Island has legislation in place that recognises the importance of intellectual property in the FinTech sector.
The Isle of Man is a member of the Berne Convention for the protection of literary and artistic works and the World Trade Organization’s Agreement on Trade Related Aspects of International Property. The Berne Convention imposes minimum standards of protection that the Isle of Man (and each other contracting state) must apply to nationals of all other contracting states.
Copyrights, Patents, Trade Marks
The Patent Cooperation Treaty (PCT) and the European Patent Register of the European Patent Office (EPO) are applicable to the Isle of Man. The PCT is administered by the World Property Organization and allows the filing of international patent applications that seek patent protection for an invention simultaneously in a large number of countries. The EPO provides a uniform application procedure for those seeking patent protection in up to 40 member countries (note that the EPO is not part of the EU).
The Isle of Man also has the benefit of a number of international treaties, including the Madrid Protocol, which gives trade mark owners the possibility to protect a trade mark in 88 countries by a single application through registration with the World Intellectual Property Organization.
Equitable remedies for infringement include injunctions, Anton Piller orders and damages.
Protection of Intellectual Property or Trade Secrets
The European Union (Customs Enforcement of Intellectual Property Rights) Order 2015 applies EU Regulation 608/2013 to the Island, which sets out the powers of customs authorities where goods suspected of infringing intellectual property rights are subject to customs control. The Order makes amendments to the Copyright Act 1991 and the Trade Marks Act 1994 (as it applies to the Island).
Special Tax Issues, Benefits or Detriments
The Isle of Man has a separate taxation regime to the United Kingdom, which has contributed to the diverse and developing economy in the Isle of Man and the attraction of FinTech companies to the Island.
Companies that are resident in the Isle of Man are taxed on their worldwide income at 0%, 10% or 20%. Those companies undertaking banking business under a Class 1 licence issued by the IOMFSA or that carry on retail business in the Isle of Man and have taxable profits that exceed £500,000 in one year will attract a corporate income tax rate of 10%. Those companies that derive income from real estate situated in the Isle of Man will be taxed on their income at 20%. All other income that does not fall into the 10% or 20% band will be taxed at 0%.
An Isle of Man resident company must file an annual income tax return and report worldwide taxable profits. Companies that are incorporated outside the Isle of Man but that have a place of business or permanent establishment in the Island will be taxed on their Isle of Man income only.
Individuals resident in the Island for tax purposes also enjoy income tax rates of 10% base rate with a 20% higher rate and a generous personal allowance for 2017-18 of GBP12,500. An individual who is resident in the Isle of Man for tax purposes can also elect to apply a tax cap, which will apply for five years once the election is made. The tax cap imposes an upper limit on the income tax liability of an individual in a tax year, which is GBP125,000 for 2017-18. The election to apply the tax cap should be made to the Assessor of Income Tax.
There is no capital gains, inheritance tax or stamp duty taxes in the Isle of Man.
The Isle of Man co-operates with other jurisdictions in regard to tax matters and has in place a number of international agreements that help to provide tax transparency. The island has double taxation agreements with a number of countries, including the UK, Ireland, Guernsey and Jersey. The Isle of Man Government has also implemented policies in the Mutual Administrative Assistance in Tax Matters Convention that has been in force since 1 March 2014, part of the Organisation for Economic Co-operation and Development Convention that the Isle of Man is a party to, and the Common Reporting Standard for Automatic Exchange of Financial Account Information. The Isle of Man has also signed up to inter-governmental agreements in 2013 to improve tax compliance with the UK and USA.
The Isle of Man’s VAT register is administered by the Isle of Man Government’s Customs and Excise Division. The Isle of Man, however, largely follows the UK in relation to VAT and has an agreement in place with the UK to share VAT receipts. It is likely that the Isle of Man will follow the UK’s position on VAT in relation to digital currency.