Partner Steven Rees Davies, counsel Charissa Ball and associate Alexandra Fox have authored the Bermuda chapter of Global Legal Insight's sixth edition guide to blockchain and cryptocurrency regulation. The chapter covers the Bermuda legal requirements relating to cryptocurrency and blockchain, including the Digital Asset Business Act and the Digital Asset Issuance Act.
GOVERNMENT ATTITUDE AND DEFINITION
Bermuda has been recognised as a global leader in the regulation of blockchain and cryptocurrency-based services and related activities. The Bermuda government has pioneered one of the world's first comprehensive regulatory frameworks specifically designed to provide legal and regulatory certainty to industry participants whilst ensuring that business in the sector is conducted in accordance with the highest international standards.
The framework comprises two legislative arms that treat all cryptocurrencies, digital coins and tokens as the same for regulatory purposes and use the term "digital assets" to identify them all. The Digital Asset Business Act ("DABA") introduced a licensing regime for businesses seeking to conduct "digital asset business" (defined below) whilst the Digital Asset Issuance Act ("DAIA") introduced a regime to regulate persons seeking to carry on a "digital asset issuance" (defined below).
The Bermuda government also introduced an Insurtech Sandbox as an additional licensing regime designed to promote innovation in the use of technology in the insurance and reinsurance sectors. Effective 2023, the government has widened the scope of the Sandbox regime to encompass investment business to promote the offering of innovative products and testing of new technologies and delivery methods. Bermuda undertakings can now apply for the "test" licence under the Investment Business Act 2003 pursuant to which a person may carry on one or more investment activities within the controlled environment of the Bermuda Monetary Authority's ("BMA") general regulatory sandbox, and may offer innovative products and test new technologies and delivery methods in such a manner as agreed with the BMA. Bermuda also introduced one of the world's first digital asset business bank licensing regimes that provides for a banking licence to be issued to persons seeking to provide traditional banking services to the digital asset sector. Jewel Bank is the first bank to be issued a DABA and banking licence under the regime.
The Bermuda government has announced that it will be launching a blockchain-based stimulus token for use in Bermuda's retail market and which will be a Bermuda dollar- backed stablecoin using technology developed by one of the first companies to be regulated under the DABA in Bermuda. The government has also been working on numerous other technology projects to further enhance the island's digital infrastructure, including the development of a digital ID system that meets internationally recognised standards of both privacy and anti-money laundering and anti-terrorist financing ("AML/ATF") regulation and the introduction of submarine cabling legislation to protect both the environment surrounding the island and the submarine cables themselves that are the core infrastructure supporting the digital asset sector.
Bermuda has developed a collaborative business culture that involves government and industry working together to create opportunity and commercial success with a truly independent, actively engaged and globally recognised regulator maintaining the balance between the promotion of innovation and adherence to worldwide standards of regulation, compliance and transparency.
The BMA, as Bermuda's financial sector regulator, is a member of the Global Financial Innovation Network ("GFIN") and also a member of the GFIN Coordination Group. GFIN was created to provide an efficient mechanism for innovators to interact with regulators and assist in navigating between jurisdictions as they look to scale and test new products and services. GFIN also provides a means for regulators to cooperate and share knowledge and experience in working with new and innovative product and service lines.
Digital Asset Business Act
Since the DABA became law in 2018, the BMA has continued to promulgate and update rules, regulations, codes of practice, statements of principles and guidance in order to supplement the DABA, with the result that the DABA operates in a similar manner to the regulatory frameworks in place for other financial services regulated by the BMA. In summary, the DABA specifies the digital asset-related activities to which it applies, imposes a licensing requirement on any person carrying on any of those activities, lays out the criteria a person must meet before it can obtain a licence, imposes (and permits the BMA to impose) certain continuing obligations on any holder of a licence, and grants to the BMA supervisory and enforcement powers over regulated digital asset businesses. The BMA and other industry stakeholders are constantly reviewing and monitoring the framework to ensure that it remains fit for purpose and meets with all international standards of regulation, compliance and transparency. Through consultation with industry, the BMA, together with the Bermuda government, has already updated and improved the provisions of the DABA to give greater clarity and to facilitate more effective administration of its provisions, evidencing an actively engaged and responsive regulator.
Scope of the DABA
The DABA applies to any entity incorporated or formed in Bermuda and carrying on digital asset business (irrespective of the location from which the activity is carried out) and to any entity incorporated or formed outside of Bermuda and carrying on digital asset business in or from within Bermuda.
A "digital asset" is defined as anything that exists in binary format and comes with the right to use it, and includes a digital representation of value that is (a) used as a medium of exchange, unit of account, or store of value and is not legal tender, whether or not denominated in legal tender, (b) intended to represent assets such as debt or equity in the promoter, (c) otherwise intended to represent any assets or rights associated with such assets, or (d) intended to provide access to an application of service or product by means of distributed ledger technology.
"Digital asset business" is defined as the provision of the following activities to the general public as a business:
- Issuing, selling or redeeming virtual coins, tokens or any other form of digital asset: this is intended to regulate any person providing these services to other persons, whether such other person is situated in or outside Bermuda. It does not include a digital asset issuance to fund an issuer's or promoter's own business or project, which is regulated under the DAIA (see below).
- Operating as a payment service provider business utilising digital assets, which includes the provision of services for the transfer of funds: the term "payment service provider" is used globally in AML/ATF laws, regulations and guidance, and is defined in Bermuda's Proceeds of Crime (Anti-Money Laundering and Anti-Terrorist Financing) Amendment Regulations 2010 as "a person whose business includes the provision of services for the transfer of funds".
- Operating as a digital asset exchange: this means the operation of a centralised or decentralised electronic marketplace used for digital asset issuances, distributions, conversions and trades, including primary and secondary distributions, with or without payment.
- Carrying on digital asset trust services: this means the carrying on of the business of acting as a fiduciary, agent, or trustee on behalf of another person for the purpose of administration and management of a digital asset.
- Providing custodial wallet services: this means the provision of services of storing or maintaining digital assets or a virtual wallet on behalf of a client.
- Operating as a digital asset derivative exchange provider: this means the operation of a centralised or decentralised marketplace used for digital asset derivative issuances, distributions and trades with or without payment and that provides the services of creating, selling or otherwise entering into digital asset derivatives contracts or clearing and settlement of the same.
- Operating as a digital asset services vendor: this includes a person that, under an agreement as part of its business, can undertake a digital asset transaction on behalf of another person or has power of attorney over another person's digital asset, or a person who operates as a market maker for digital assets, or a person who operates as a digital asset benchmark administrator. The definition is intended to be widely interpreted to include any other business providing specific digital asset-related services to the public, which at this time includes the borrowing and lending of digital assets as a business.
- Operating as a digital asset lending or digital asset repurchase transaction service provider: this includes (a) a person facilitating, either as principal or agent, digital asset lending transactions by which a counterparty transfers or lends digital assets to a borrower subject to commitment that the borrower will return equivalent digital assets with or without interest or premium on a future date or when requested to do so by the lender, and (b) a person facilitating, either as principal or agent, digital asset repurchase transactions by which a person transfers digital assets to a counterparty subject to a commitment to repurchase such digital assets or substituted digital assets of the same description from that counterparty at a specified price with or without premium on a future date specified or to be specified.
In addition to the above categories, the DABA includes an option for the Minister of Finance, after consultation with the BMA, to be able to add new categories or to amend, suspend or delete any of the categories listed above by order.
The DABA requires persons carrying on digital asset business to obtain a licence before doing so, unless that person is subject to an exemption order issued by the Minister of Finance. At the time of writing, the Minister has issued only one exemption order (BR/2023), which exempts: (i) the BMA; (ii) the Bermuda government and any entity owned by it; and (iii) any public authority, from requiring a licence to carry on digital asset business under section 10 of the DABA, and stipulates that the following non-specified persons shall notify the BMA of their intention to be exempt from the requirement to obtain a licence under section 10 of the DABA:
- a person providing an affinity or rewards programme, where value is granted as part of such programme, which value cannot be taken from or exchanged with the person for legal tender, bank credit or any digital asset;
- a publisher issuing, either himself or via another person on his behalf, a digital representation of value, which is used exclusively within an online game, game platform, or family of games sold by the same publisher or offered on the same game platform;
- a person providing data storage or security services for a digital asset business, but is not otherwise engaged in digital asset business activity on behalf of other persons;
- an undertaking providing digital asset business activity solely for the purpose of its business operations or the business operations of any group undertaking; and
- an investment fund that has appointed an investment manager that is licensed under the Investment Business Act 2003, or authorised by a recognised regulator, as such term is defined under section 2 of the Investment Business Act 2003.
The foregoing non-specified persons will be required to file an annual declaration to the BMA stating that they continue to qualify for the exemption.
Three classes of licence are available for applicants:
- a Class F licence is a full licence to conduct any or all digital asset business activities and is not subject to a specified period, although the BMA has discretion to make any licence subject to restrictions where it deems it appropriate in the circumstances;
- a Class M licence is the same as a Class F licence except with modified requirements and restrictions and will only be valid for a specified period of time determined by the BMA on a case-by-case basis; and
- a Class T licence is for the sole purpose of carrying out pilot or beta testing in relation to the applicable digital asset business activities.
The intention behind this tiered licensing regime is to allow start-ups engaging in digital asset business to do so in a properly supervised regulatory environment, and to engage in proof of concept and develop a track record before obtaining a modified or full licence. The modified licence allows for persons who have developed proof of concept and are seeking to launch their products and services into the market but might not yet be able to meet all the requirements of a full licence. The restrictions to which a licensee will be subject will depend on the business model of the prospective licensee and the risks associated with it, but include an obligation to disclose to prospective customers the fact that the licensee holds either a Class T or Class M licence and certain limitations on the volume of business the licensee is permitted to conduct, along with other restrictions as the BMA may deem necessary or appropriate on a case-by-case basis.
A licence will further specify one or more of the eight categories of digital asset business activities that the licensee is permitted to conduct. Carrying on digital asset business without a licence is a criminal offence punishable by a fine of up to US$250,000, imprisonment for a term of up to five years, or both.
An application for a digital asset business licence is made to the BMA and must specify the class of licence being sought and be accompanied by (a) a business plan setting out the nature and scale of the digital asset activities to be conducted, (b) particulars of the applicant's arrangements for the management of the business, (c) policies and procedures to be adopted by the applicant to meet the obligations under the DABA and the Proceeds of Crime (Anti-Money Laundering and Anti-Terrorist Financing) Regulations 2008, (d) such other information and documents as the BMA may reasonably require for the purpose of determining the application, and (e) the applicable application fee.
Criteria to be met by licensees
The DABA provides that the BMA may not issue any licence unless it is satisfied that the applicant fulfils certain minimum criteria addressing the fitness and propriety of directors and officers, ensuring business is conducted in a prudent manner, the integrity and skill of the business's management, and standards of corporate governance observed by the (prospective) licensee. This is consistent with the position under other regulatory laws applicable to other sectors and is intended to ensure that the BMA maintains high standards for the conduct of regulated business. The BMA has also published a code of practice detailing requirements as to, inter alia, governance, risk management and internal controls applicable to licensees. The BMA recognises, however, that licensees have varying risk profiles arising from the nature, scale and complexity of the business, so assesses a licensee's compliance with this code in a proportionate manner relative to the business's nature, scale and complexity.
The DABA requires licensees to notify the BMA upon changes in directors or officers, and the BMA has powers to, inter alia, object to and prevent new or increased ownership of shareholder controllers and the power to remove controllers, directors and officers who are no longer fit and proper to carry on their role.
Continuing obligations of licence holders
Persons holding a licence issued under the DABA are subject to several ongoing obligations.
Client disclosure rules: the BMA has used powers conferred to it under the DABA to promulgate the Digital Asset Business (Client Disclosure) Rules 2018 in order to mitigate the high degree of risk for consumers owing to the highly speculative and volatile nature of digital assets. These rules require licensees, before entering any business relationship with a customer, to disclose to that customer: all material risks associated with its products, services and activities; and any additional disclosure the BMA may determine is reasonably necessary for the protection of clients. At the time of entering into an agreement with a client, a licensee must disclose: the class of licence it holds; a schedule of its fees and the manner in which fees will be calculated if not set in advance; whether it has insurance against loss of customer assets arising from being hacked or otherwise stolen; the extent to which a transfer or exchange of digital assets is irrevocable and any exceptions; governance or voting rights regarding client assets if the licensee is to hold client assets; the extent to which it will be liable for an unauthorised, mistaken or accidental transfer or exchange; and sundry other matters. The rules also oblige licensees to confirm certain information regarding transactions with clients at the conclusion of each such transaction.
Cybersecurity rules: alongside the client disclosure rules described above, the BMA has promulgated the Digital Asset Business (Cybersecurity) Rules 2018, which require licensees to file an annual cybersecurity report prepared by its chief information security officer assessing the availability, functionality and integrity of its electronic systems, any identified cyber risk arising from any digital asset business activity carried on or to be carried on by the licensee, and the cybersecurity program implemented and proposals for steps to remediate any inadequacies identified.
The cybersecurity program itself must include (but is not limited to) the following audit functions:
- penetration testing of its electronic systems and vulnerability assessment of those systems conducted at least on a quarterly basis; and
- audit trail systems that:
- track and maintain data that allows for the complete and accurate reconstruction of all financial transactions and accounting;
- protect the integrity of data stored and maintained as part of the audit trail from alteration or tampering;
- protect the integrity of hardware from alteration or tampering, including by limiting electronic and physical access permissions to hardware and maintaining logs of physical access to hardware that allows for event reconstruction;
- log system events including, but not limited to, access and alterations made to the audit trail systems, and cybersecurity events; and
- maintain records produced as part of the audit trail.
In 2023, the BMA issued the Digital Asset Business (Cyber Risk) Rules 2023, which, effective on 1 January 2024, will supplant the Digital Asset Business (Cybersecurity) Rules 2018, and require Class F licence holders to file cyber risk returns with the BMA on an annual basis. Class M and Class T licence holders will be required to make such filing as often as prescribed by the BMA.
Custody and protection of consumer assets: licensees holding client assets are required to have in place and maintain a surety bond, trust account or indemnity insurance for the benefit of their customers, in such form and amount as the BMA deems acceptable or such other arrangements as the BMA may approve. Any such trust account must be maintained with a qualified custodian appropriate for the type of asset held. A licensee is, in addition, required to maintain books of account and other records sufficient to ensure that customer assets are kept segregated from those of the licensee and can be identified at any time. All customer funds must be held in a dedicated separate account and clearly identified as such.
Senior representative: the DABA imposes an obligation on licensees to appoint a senior representative, to be approved by the BMA, who must maintain an office in Bermuda (except where such representative is approved by the BMA for purposes of a Class T licence) and who is sufficiently knowledgeable about both the licensee itself and the industry in general. This senior representative will himself be under a duty to report to the BMA certain significant matters, including:
- failure of the licensee to comply with conditions, provisions or directions imposed by the BMA;
- involvement of the licensee in any criminal proceedings, whether in Bermuda or abroad;
- the licensee ceasing to carry on digital asset business in or from within Bermuda;
- a material change to the business of the licensee;
- a cyber reporting event; or
- the licensee ceasing to be eligible for an exemption from licensing under the Investment Business Act 2003, due to its investment business no longer qualifying as ancillary to the digital asset business for which it is licensed under the DABA.
Head office: the DABA also requires licensees, other than those issued a Class T licence, to maintain a head office in Bermuda and to direct and manage their digital asset business from Bermuda. The relevant section goes on to list several factors the BMA shall consider in determining whether a licensee satisfies this requirement, together with a number of additional factors to which the BMA may (but need not) have regard.
Annual prudential return: a licensee is obliged to file with the BMA an annual prudential return, with the BMA being granted the power to require more frequent filings or additions to a filing if required in the interest of consumer protection. The annual prudential return should be accompanied by a copy of the licensee's audited financial statements and business plan for the following year, and include information relating to, inter alia, business strategy and risk appetite, products and services, the number, risk rating and geographical profile of customer accounts, information on risk and cybersecurity (including a risk self-assessment and policies in these areas), AML/ATF controls, corporate governance, audited financial statements and details on any outsourcing to third parties.
BMA's supervision and enforcement powers
The DABA grants the BMA wide-ranging powers of supervision and enforcement. It will have the power to compel production of information and documents (with criminal sanctions for non-production or for making false or misleading statements), the power to issue such directions as appear to be desirable to it for safeguarding the interests of a licensee's clients where a licensee is in breach of the DABA or regulations or rules applicable to it, and the power to impose conditions and restrictions on licences. For example, the BMA may:
- require a licensee to take certain steps or to refrain from adopting or pursuing a particular course of action, or to restrict the scope of its business activities in a particular way;
- impose limitations on the acceptance of business;
- prohibit a licensee from soliciting business, either generally or from prospective clients;
- prohibit a licensee from entering into any other transactions or class of transactions;
- require the removal of any officer or controller; and/or
- specify requirements to be fulfilled otherwise than by action taken by the licensee.
In more extreme cases, the BMA may revoke a licence altogether and, if it so elects, subsequently petition the court for the entity whose licence it has revoked to be wound up. In the event a licensee fails to comply with a condition, restriction or direction imposed by the BMA or with certain requirements of the DABA, the BMA has the power to impose fines of up to US$10,000,000. Alternatively, it may issue a public censure ("naming and shaming"), issue a prohibition order banning a person from performing certain functions for a Bermuda regulated entity, or obtain an injunction from the court. The BMA will use these enforcement powers in a manner consistent with the Statement of Principles and Guidance on the Exercise of Enforcement Powers it published in September 2018, which contains general guidance applicable to all regulated sectors on the BMA's approach to the use of its enforcement powers and the factors it will consider in assessing whether to exercise those powers.
Digital Asset Issuance Act
The DAIA came into force in May 2020, superseding legislation that had been introduced in 2018 to initially regulate persons carrying on an offering of digital assets via a digital asset issuance in or from within Bermuda and to protect the interests of persons acquiring digital assets through such issuances. Since the DAIA's enactment, the BMA has continued to promulgate rules and a statement of principles in order to supplement the DAIA. In summary, the DAIA specifies what activities amount to a digital asset issuance, prohibits such activities other than by authorised undertakings, lays out the criteria a person must meet before it can become an authorised undertaking, imposes (and permits the BMA to impose) certain continuing obligations on any authorised undertaking, and grants to the BMA supervisory and enforcement powers over the issuers and/or promoters of digital asset issuances. The BMA and other industry stakeholders are constantly reviewing and monitoring the framework to ensure that it remains fit for purpose and meets with all international standards of regulation, compliance and transparency. Through consultation with industry, the BMA, together with the Bermuda government, has already updated and improved the provisions of the DAIA to give greater clarity and to facilitate more effective administration of its provisions, evidencing an actively engaged and responsive regulator.
Scope of the DAIA
The DAIA applies to any undertaking incorporated or formed in or outside Bermuda and that conducts any digital asset issuance in or from within Bermuda. A "digital asset issuance" is defined as an offer to the public, or any section of the public, to acquire digital assets or to enter into an agreement to acquire digital assets at a future date. The DAIA requires any undertaking seeking to conduct a digital asset issuance to obtain prior authorisation from the BMA.
If the digital asset issuance would not result in the digital assets becoming available to more than 150 persons or was to persons whose ordinary business involves the acquisition, disposal or holding of digital assets or was an offer to qualified acquirers, then the undertaking conducting such digital asset issuance would not be treated as an offer to the public. In such instances, the issuer and/or promoter would be required to file a digital asset placement declaration form with the BMA prior to entering any transaction rather than having to seek prior authorisation. "Qualified acquirers" include high-income (US$200,000 per annum for two years) and high-net-worth (greater than US$1,000,000 excluding residence value) private acquirers, corporate and unincorporated bodies with not less than US$5,000,000 in assets and other similar persons and arrangements.
Conducting a digital asset issuance in or from within Bermuda without authorisation is a criminal offence punishable by a fine of up to US$100,000, imprisonment for a term of up to five years, or both.
An application for authorisation to conduct a digital asset issuance shall be made to the BMA and be accompanied by (a) a business plan setting out the nature and scale of the digital asset issuance to be conducted, (b) a copy of the issuance document to be made available to digital asset acquirers, (c) particulars of the applicant's arrangements for the management of the offering via the issuance, (d) policies and procedures to be adopted by the applicant to meet the obligations under the DAIA and the Proceeds of Crime (Anti-Money Laundering and Anti-Terrorist Financing) Regulations 2008, (e) such other information and documents as the BMA may reasonably require for the purpose of determining the application, and (f) the applicable application fee.
The DAIA provides that the BMA may not authorise an undertaking to conduct a digital asset issuance unless it is satisfied that the applicant fulfils certain minimum criteria addressing the fitness and propriety of directors and officers, ensuring business is conducted in a prudent manner, the integrity and skill of the business's management, and standards of corporate governance observed by the undertaking. This is consistent with the position under other regulatory laws applicable to other sectors and is intended to ensure the BMA maintains high standards for the conduct of regulated business. The BMA has also published the Digital Asset Issuance Rules 2020 (Rules), detailing requirements as to, inter alia, minimum required information for a digital asset issuance document, ongoing disclosures and information technology and cybersecurity, custody of acquirer assets and compliance measures.
The DABA requires licensees to notify the BMA upon changes in directors or officers, and the BMA has powers to, inter alia, object to and prevent new or increased ownership of shareholder controllers and the power to remove controllers, directors and officers who are no longer fit and proper to carry on their role.
Authorised undertakings are subject to several ongoing obligations.
Communications facility: the promoter shall provide during the period of an offer, or suspension, an electronic facility for persons to access the issuance document, post and read messages relating to the offer and ask questions relating to the offer.
Cooling-off rights: provide a mechanism through which any applicant that has agreed to acquire digital assets under the offering to withdraw the application within three business days after the application is made.
Information technology and cybersecurity rules: an authorised undertaking is under an obligation to establish and maintain, for the duration of its authorisation and five years beyond, a data audit node in Bermuda where all information about the digital asset issuance will be stored real-time in an accurate and tamper-proof manner as well as deliver a cybersecurity report and program similar to those required under the DABA (see above).
Custody and separate accounts: an authorised undertaking holding the assets of digital asset acquirers shall keep its accounts in respect of such assets separate from any accounts kept in respect of any other business for a period of time as specified in the legislation and Rules.
Local representative: authorised undertakings must appoint a local representative, to be approved by the BMA, who must maintain an office in Bermuda and who is sufficiently knowledgeable about both the authorised undertaking itself and the industry in general. This local representative will be under a duty to report to the BMA certain significant matters, including: a likelihood of the licensee becoming insolvent; breaches by the authorised undertaking of any conditions imposed by the BMA; involvement of the licensee in criminal proceedings, whether in Bermuda or elsewhere; a material misstatement being found in the issuance document; and other material developments.
Compliance measures: an issuer shall ensure that it applies "appropriate measures" with regard to customer due diligence in relation to a digital asset issuance as set out in the Rules as well as appoint a Reporting Officer and Compliance Officer.
BMA's supervision and enforcement powers
The DAIA grants the BMA wide-ranging powers of supervision and enforcement similar to those granted under the DABA (see above).
Other than the digital asset business activity of issuing, selling or redeeming of digital assets under the DABA and the offering of digital assets by way of an issuance under the DAIA, there are no Bermudian laws, regulations or other restrictions governing the participation of persons resident or situated in Bermuda in the purchase, holding or sale of digital assets, unless such digital assets represent an interest in a security in a Bermuda company to which the Exchange Control Act and related regulations may apply. Further, digital assets that purport to represent an interest in real property, vessels, aircraft or engines situated or registered in Bermuda may also be subject to legislation and regulation applicable to such underlying assets.
There are no income, capital gains, withholding or other taxes imposed in Bermuda on digital assets or on any transactions involving them (the potential application of Bermuda's foreign currency purchase tax is discussed below, under "Border restrictions and declaration").
Moreover, exempted companies or limited liability companies carrying on digital asset business, including digital asset issuers, may apply for an undertaking from the Minister of Finance to the effect that, in the event of there being enacted in Bermuda any legislation imposing tax computed on profits or income or computed on any capital asset, gain or appreciation, then the imposition of any such tax shall not be applicable to such company or to any of its operations.
MONEY TRANSMISSION LAWS AND ANTI-MONEY LAUNDERING REQUIREMENTS
Operating a payment service business utilising digital assets (including the provision of services for the transfer of funds) or operating a digital asset exchange constitutes a regulated activity for the purposes of the DABA (on which see above).
Bermuda has a long-established and well-earned reputation as an international financial centre, and a crucial aspect of this is its robust AML/ATF regime. The jurisdiction made further enhancements to this regime ahead of its fourth-round mutual evaluation by the Financial Action Task Force in 2018.
The DABA amended certain provisions of Bermuda's existing AML/ATF laws and regulations to ensure that the AML/ATF regime applies expressly to the carrying on of digital asset business. The BMA has since published its "Sector-Specific Guidance Notes on Anti-Money Laundering and Anti-Terrorist Financing for Digital Asset Business", which enhance the main guidance notes for AML/ATF regulated financial institutions. The BMA has also recently updated the main guidance notes for AML/ATF following a consultation with industry stakeholders.
A detailed discussion of the requirements imposed by Bermuda's AML/ATF regime is beyond the scope of this chapter, but in short, digital asset businesses are required to establish policies and procedures to prevent money laundering and terrorist financing. These policies and procedures must cover customer due diligence, ongoing monitoring, reporting of suspicious transactions, record-keeping, internal controls, risk assessment and management, and the monitoring and management of compliance with, and internal communication of, these policies and procedures.
PROMOTION AND TESTING
The Bermuda government has launched and continues to develop a number of initiatives aimed at promoting research and investment in technology, including blockchain, in Bermuda. The Class T licence under the DABA, the Insurtech Sandbox regime and the "test" licence available under the Investment Business Act 2003, which allow for the testing and development of technology or technologically driven products and services in a safe and cooperative regulatory environment, are just two examples.
The Bermuda government has also appointed a specialist technology team with a remit to promote the sector in Bermuda and attract more business to the island. The team also provides a specialist concierge service aimed at making the transition to Bermuda as easy as possible for new entrants.
The Bermuda government has also introduced a tailored immigration policy for technology businesses that provides technology-focused companies that are new to Bermuda to seek immediate approval of work permits for non-Bermudian staff. To benefit from this, a business must present a plan for the hiring, training and development of Bermudians in entry-level or trainee positions. A business may not, however, apply for a work permit under this policy in respect of any job categories that are closed (i.e. reserved exclusively for Bermudians, their spouses and permanent resident certificate holders only) or restricted (in respect of which a permit may only be obtained for one year) under Bermuda's employment legislation, or which are entry-level, graduate or trainee positions.
OWNERSHIP AND LICENSING REQUIREMENTS
Under current Bermuda law, and under the DABA and DAIA, no licensing requirements are imposed on any person merely by virtue of that person holding any form of digital asset, unless that person does so in the course of its business and on behalf of another, in which case that person will likely be regarded as either a digital asset trust services provider or a digital asset services vendor and thus subject to regulation under the DABA.
An investment fund incorporated or formed in Bermuda that proposes to deal in digital assets as part of its investment strategy may fall within the ambit of the Investment Funds Act 2006. Depending on the type of fund, an investment fund that has appointed an investment manager that is licensed under the Investment Business Act 2003 or authorised by a recognised regulator (as such term is defined under section 2 of the Investment Business Act 2003) will be exempt from licensing under the DABA under the Digital Asset Business Exemption Order 2023, provided an annual notice is filed with the BMA.
Digital asset mining is not within scope of the DABA and therefore remains an unregulated activity from a Bermuda perspective, whether conducted in Bermuda or by a Bermuda company outside of Bermuda. Notwithstanding this, the BMA is aware of other jurisdictions where such activity is prohibited or restricted in some way and will expect any Bermuda company conducting mining activity outside of Bermuda to be wholly compliant with any laws or regulations applied by the governing authorities of the jurisdictions where such activities are being conducted.
BORDER RESTRICTIONS AND DECLARATION
Bermuda imposes a foreign currency purchase tax of 1% whenever a Bermuda resident purchases a foreign currency from a Bermuda-based bank. This tax will not apply to most (if not all) purchases of cryptocurrency or other digital assets, on the grounds that these are purchased almost exclusively from digital asset exchanges, whereas the foreign currency purchase tax applies only to purchases from banks in Bermuda. This renders immaterial the question of whether "foreign currency" in this context would include cryptocurrency (the BMA has not, to date, expressed a view).
There are no other border restrictions on cryptocurrencies or other digital assets; the only obligation to make a customs declaration in respect of any form of money arises in respect of cash or negotiable instruments in excess of US$10,000.
Digital asset businesses and their senior representatives are subject to certain reporting obligations under the DABA, as described in more detail above. The DABA does not impose any reporting requirements in respect of individual digital asset payments, irrespective of their value, although licensees are required to include anonymised details on transaction volume, value and geographical spread in their annual returns.
ESTATE PLANNING AND TESTAMENTARY SUCCESSION
There are no Bermuda laws that deal specifically with the treatment of cryptocurrencies or other digital assets upon the death of an individual holding them. This means that, in principle, digital assets will be treated in the same way as any other asset and may be bequeathed to beneficiaries in a will, or, if a person dies intestate, will fall to be dealt with under the Succession Act 1974.
The main potential difficulty that may arise is practical and is by no means unique to Bermuda; namely that anyone inheriting any kind of digital asset will, on the face of it, only be able to receive the rights to and value of the digital asset if the beneficiary has the private key relevant to the digital asset wallet through which the digital asset is held. Most exchanges have policies in place to transfer digital assets to next of kin but these policies, and the transfer requirements, will vary between the exchanges.
Originally published in conjunction with Global Legal Insights.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.