Blockchain 2023 Comparisons

The Bahamas was an early mover in implementing a legislative framework for the regulation of businesses (the Digital Assets and Registered Exchanges Act, 2020 (the “DARE Act”)) which facilitates payments, transfer, exchange and custody of blockchain-based digital assets. This framework attracted many centralised digital asset exchanges to the jurisdiction, although the largest at the time was FTX. The provisional liquidation of FTX Trading Ltd and the seizure of digital assets pursuant to the order of the Supreme Court of The Bahamas was the first major enforcement action of the Securities Commission of The Bahamas (the “Commission”) against a digital asset exchange. 

Amendments to the regulatory regime were slated prior to the upheaval created by the failure of many centralised businesses in mid-to-late 2022, but such events undoubtedly sped up the issuance of the Digital Assets and Registered Exchanges Bill, 2023 (the “Bill”) in April 2023. The Bill will repeal and replace the DARE Act and bring reforms that seek to strengthen provisions surrounding the operation of digital asset businesses in The Bahamas. The consultation period for the Bill ended in May 2023. Although many provisions of the DARE Act will remain unchanged by the Bill, the Bill provides additional rules addressing custody, internal controls, staking, stable coins and expanding the types of activities under the Commission’s prudential supervision.

Other significant regulatory challenges face centralised businesses, including the lack of regulatory clarity in jurisdictions like the US. Until regulatory clarity is achieved, it is expected that regulatory enforcement actions will continue to threaten development in the financial applications of blockchain wherever they are primarily regulated.

Blockchain technology has not been broadly adopted by businesses in the jurisdiction apart from those businesses that are registered as digital asset businesses under the DARE Act. The most significant blockchain-based project was the introduction by the Central Bank of The Bahamas of the Sand Dollar, a Central Bank Digital Currency, built using blockchain technology but it is private and controlled by the Central Bank. The Sand Dollar was the first CBDC in the world, launched in 2021. While adoption has been slow, the Central Bank’s efforts continue to facilitate and promote broader adoption by merchants.

Decentralised finance protocols may be used by residents of the Bahamas. However, The Bahamas maintains a system of exchange controls designed to protect to Bahamian dollar 1:1 peg with United States dollars. Exchange controls restrict persons resident from exchange control purposes from investing in “foreign assets” without prior exchange control approval.

The Central Bank has noted that it considers virtually all digital assets to constitute “foreign assets” because of the ability to convert these assets into non-Bahamian dollar fiat currency through various off-ramps. Note that exchange controls do not affect most international transactions because many corporate entities, although formed in The Bahamas, are designated or otherwise deemed non-resident for exchange control purposes.

The Commission has advised in guidance that it will review DeFi for additional regulatory focus with a view to curtailing the risks associated with Defi activities. The Commission has also noted that DeFi protocols are popular channels for financial crime in the absence of gatekeepers that perform essential market, AML and investor protection functions. Although custodial platforms are subjected to additional requirements, non-custodial DeFi platforms may also apply for registration. Under the DARE Act, any person who offers such services to a person in The Bahamas may be subject to mandatory registration. The Bill, if passed in present form, would revise this position, allowing such services to be provided to accredited investors in The Bahamas without mandatory registration.

The most use cases for NFTs in gaming environments and this is expected to continue to be an area of growth. Exempt from the application of the DARE Act are the vast majority of tokens used within closed-loop gaming environments and NFTs, which meet the applicable definition. Non-fungible tokens are defined under the DARE Act as a “unique digital token created for use in specific applications which cannot be divided and is not interchangeable with any other type of digital token and cannot be sold in a secondary market.” As the condition that an NFT not be saleable on a secondary market is unlikely to be applicable to most NFTs in the manner in which the space has developed, many NFTs will not meet the DARE Act statutory definition and may require registration under the token issuance provisions if the token is issued in or from within The Bahamas. Under the Bill, the definition of an NFT has been updated to remove this condition, but some NFT issuances are expected to be in-scope for registration.

As noted above, the Bahamas adopted a specific regulatory regime in 2020 that regulates what is termed as “digital asset business” (DAB) and initial token offerings. The DARE Act applies to any person (including an entity) which carries on digital asset business in or from within The Bahamas. A DAB includes the following:

• persons who, as a business, undertake digital asset transactions on behalf of another person;
• digital asset market makers;
• operating as a digital asset service provider, which includes providing DLT platforms facilitating the exchange between digital assets and fiat currencies, digital assets and digital assets, and the transfer of digital assets;
• digital token exchanges;
• digital asset payment providers;
• wallet providers and custody service providers;
• providing services in relation to a digital token exchange; and
• participating in the provision of financial services related to an issuer’s offer or sale of a digital asset.

A person carries on digital asset business if:

• in the Bahamas, irrespective of physical location, the person offers digital asset business services to Bahamian residents from anywhere in the world; or
• from within The Bahamas, the person being a legal entity registered or incorporated under the laws of The Bahamas offers digital asset business services to person outside or within The Bahamas.

Some digital asset business activities (“custody and wallet services”) also require registration as a Financial Corporate Services Provider under the Financial Corporate Services Providers Act, 2020.

The Bill is likely to expand the categories of registration to also include provisions providing advice on digital assets, managing digital assets, providing staking services and digital asset derivative services.

Tax Reporting

The Bahamas is a party to the OECD’s multilateral agreement on mutual administrative assistance in tax matters and the automatic exchange of information thereunder, also known as the Common Reporting Standard (CRS).

Broadly speaking, under CRS, reporting financial institutions are obliged to collect financial account information on reportable accounts of reportable persons and report that information to the Ministry of Finance; the Competent Authority under the CRS law. The Bahamas will exchange that information with countries that have activated a competent authority agreement with The Bahamas concerning their tax residents.

In early 2022, the OECD issued for discussion its proposed approach to an expansion of CRS which would be applicable to virtual asset service providers (VASPs). A final version of the same was published in October 2022, which amends the CRS to include a regime for reporting digital assets for tax purposes. Given this development, it is likely that The Bahamas, which has fully implemented CRS, will ensure that any regime applying to VASPs is implemented into its domestic law. The government has also fully implemented FATCA-enabling legislation, although FATCA’s application to digital asset intermediaries may still need to be clarified. A full assessment of CRS and FATCA reporting applicability should be engaged in to ensure that the digital asset business is in compliance with The Bahamas’ domestic laws implementing CRS and FATCA.

It should also be noted that, in compliance with the Financial Action Task Force (FATF) Recommendation 15 with respect to VASP AML/CFT regulation, the Digital Assets and Registered Exchanges (Anti-Money Laundering, Countering Financing of Terrorism and Countering Financing of Proliferation) Rules, 2022 came into force which imposes, inter alia, risk-rating duties upon registrants to implement a risk-rating framework, duties upon registrants concerning internal controls and suspicious transaction reporting, record-keeping requirements and increased due diligence measures as it relates to the verification of customer identity.

The regulatory bodies most relevant to businesses or individuals using blockchain in The Bahamas in the context of digital assets are The Securities Commission of The Bahamas (the “Commission”) and the Central Bank of The Bahamas (CBOB). The Commission is the agency responsible for regulating the issuance of digital assets, digital asset businesses and their activities in or from within The Bahamas. Failure to register a digital asset business will be considered an offence and violation of DARE which can carry a penalty.

In accordance with Section 5 of the DARE, the Commission is responsible for regulating, monitoring and supervising the issuance of digital assets and those persons conducting digital asset businesses in or from within The Bahamas; the development of rules, issuing guidance and codes of practice with regard to the conduct of digital asset businesses and ITOs; granting approval and implementing regulation of digital asset businesses; the regulation of initial and subsequent token offers; and enforcing the provisions and any violations of DARE.

The Commission has indicated that one of their its priorities given the events in the blockchain sector in 2022 is to increase and enhance capacity for market surveillance of all its licensees while implementing new technologies to facilitate the same.

With regard to the role of CBOB in the blockchain and digital assets sector, DABs must make an application to, and seek approval from, the CBOB for the designation of the business as non-resident for exchange control purposes if they do not conduct business with Bahamian residents and generate non-Bahamian dollar revenue. Exchange control restrictions currently apply to Bahamians purchasing crypto and digital assets as per the Central Bank’s policy.

There are no self-regulatory organisations or trade groups that perform regulatory or quasi-regulatory roles with respect to businesses or individuals using blockchain in The Bahamas.

As at the time of writing, there have not been any important judicial decisions that have played a role in interpreting or establishing the legal regime applicable to the use of blockchain in The Bahamas. Given the collapse of FTX in 2022 and the evolving nature of its ongoing investigation, it remains to be seen the extent to which litigation in the jurisdiction will impact the blockchain sector.

There have been no enforcement actions in The Bahamas in connection with the utilisation of blockchain in the jurisdiction.

The jurisdiction has a robust and comprehensive digital asset regulatory framework and does not take a regulatory sandbox approach to blockchain-based projects.

With respect to business taxation, DABs pay a flat business license tax or fee of BSD2,500 plus an additional tax of 2.5% of turnover from their operations in the domestic market. Turnover is gross turnover (all revenues without deductions) with only very limited exclusions.

Business licence tax in relation DABs was implemented in July 2022, and there was some uncertainty as to how the term “domestic market” ought to be interpreted. At the time of writing, a Business License Bill is pending passage, which proposes to clarify the term “turnover in the domestic market” to apply only to Bahamian dollar-generated turnover, rather than turnover generated outside of The Bahamas from foreign clients.

In addition to business licence tax, businesses making taxable supplies (which include both zero rate and standard rate supplies) for VAT purposes of above a threshold amount are required to become a VAT registrant. The VAT position of DAB service fees is unclear, but they are likely to be considered financial services subject to a zero rate if the benefit or advantage of the service is obtained outside of The Bahamas.

VAT registrants are required to issue VAT invoices/receipts clearly indicating that VAT is assessable on their service fees at either the standard rate of 10% or at the rate of 0%, or such services may be classified as exempt. VAT returns and any VAT collected (referred to as output tax) with respect thereto must be submitted within 21 days of the end of each monthly tax period. If annual turnover from a taxable activity is less than BSD5 million, a VAT registrant can opt to file quarterly.

The foregoing is a summary of a DAB’s potential VAT and Business License tax obligations and specific advice should be sought on the application of Bahamas taxation to the DAB. As tax interpretations may change with additional guidance and dialogue, prospective businesses are encouraged to confirm the tax position of the same prior to any applications to the relevant regulators and again prior to final approval.

The Bahamas Financial Services Board (a public-private partnership between the government and the financial services industry in The Bahamas) established a fintech working group which was responsible for advocating for development of the fintech industry. In 2019, the group focused on the opportunities in blockchain and digital asset regulation and noted the novel legal issues associated with classifying cryptocurrencies and the risks to the jurisdiction associated with money laundering if such activity were left out of scope of regulation. Although initial industry recommendations of a sandbox approach were not accepted, the DARE Act was passed in 2020, after the Commission had retained consultants to provide benchmarking and other industry and market intelligence.

The government established the Digital Advisory Panel in May 2022. The mandate of the Panel is to make recommendations to the government and to regulators on policy initiatives and to provide the government and regulators with insight on developments within the industry. In addition, the regulators and government operate a cross-regulatory group with a focus on digital assets.

No Bahamas jurisprudence exists on the matter of transfer of ownership of digital assets. It is expected that, given that a digital asset may only be controlled through the use of a private key, the person in control of the private key would be treated as the owner of the asset in the absence of factors which might be inconsistent with that presumption. This position is supported by legal statements made on the issue by the UK Lawtech Delivery Panel. Similar to the statement above, no Bahamas jurisprudence exists on when an asset is deemed to be transferred. As a common law jurisdiction, the court may consider the views expressed in UK case law as highly persuasive and the decisions of the UK Privy Council are binding. The UK Lawtech Delivery Panel has speculated in its statement that a transfer is completed when the transferor authenticates and broadcasts the transfer even though the blockhain may not be updated in real time. This would be similar to the way in which The Bahamas treats the transfer of registered shares, as effective on the execution of the instrument of transfer even without recording in the register of members, which is only evidence of a transfer.

The Securities Industry Act 2011 (SIA) sets out the framework for registration of public offerings and registration of firms engaged in securities business. Generally speaking, the public issuance of securities in The Bahamas is subject to prospectus registration. However, an offering of securities outside of The Bahamas by an entity incorporated in The Bahamas, is not subject to prospectus registration requirements. 

The DARE Act mandates registration for initial token offers that occur in or from within The Bahamas. Pursuant to Section 27 of the DARE Act, no issuer shall offer a digital token in or from within The Bahamas except in compliance with the DARE Act. 

The term “security” is defined in the SIA by reference to a list set forth in the First Schedule to the SIA. In The Bahamas, there is no express or formulated broad catch-all “financial instrument” test for what constitutes a security, though the Commission has the ability to designate an instrument as a security by rules or regulations. The list of securities in the SIA is a definitive one in the absence of an order. That said, DARE, in as much as it is intended only to capture or regulate non-securities issuances, specifically notes that it does not apply to security tokens. A “security token” is defined as a token which possess characteristics similar to securities listed in the SIA.

As to how one might classify a token, if the tokens share common characteristics of a security, those tokens may constitute “securities tokens”:

• shares including stock of any kind in the share capital of a company; interests in a limited partnership or exempted limited partnership and equity interests in regulated or unregulated investment funds;
• debentures, debenture stock, loan stock, bonds, certificates of deposit and any other instruments creating or acknowledging indebtedness. Excluded are promissory notes, letters of credits, contracts of insurance and non-transferable or non-negotiable debentures;
• warrants and other instruments entitling the holder to subscribe for securities falling within the first two bullet points above;
• certificates or other instruments that confer contractual or proprietary rights in respect of a security falling within the first three bullet points, being a security held by a person other than the person on whom the rights are conferred by the certificate or instrument; and the transfer of which may be effected without the consent of that person;
• options to acquire or dispose of securities within the meaning of the SIA, currencies, and precious metals;
• futures;
• rights under contract for differences or any other purpose or pretended purpose of which is to secure a profit, avoid a loss by reference to fluctuations in the value or price of property of any description; or an index or other factor designated for that purpose in that contract;
• rights and interests in securities falling within the SIA;
• foreign exchange contracts carried out in connection with a transaction where the foreign exchange contract does not include a currency option otherwise covered or an immediately settled currency swap; and
• anything declared by the regulations or rules to be a security for the purposes of the SIA.

Utility tokens, on the other hand, are defined as a right of access or a discount represented in binary format to an application, utility or service but which does not directly or indirectly provide the holders thereof with any of the following contractual or legal rights:

• ownership or equity interest in the issuer or in any person or pool of assets;
• entitlement to a share of profits, losses, assets or liabilities of the issuer or any other person or pool of assets, except in the event of the liquidation of the issuer, to receive a portion of the original subscription price paid at the time of the initial token offering;
• legal status as a creditor; or
• entitlement to receive distribution of profits, revenues, assets or other distributions from the issuer or any other person or pool of assets.

Stablecoins are not specifically defined in the DARE Act but they likely fall within the definition of “asset tokens” for the purposes of the DARE Act. An asset token includes a token backed by assets held as collateral for the primary purpose of encouraging price stability. “Asset” is given a broad definitio, but algorithmic stablecoins are not contemplated by the definition. Therefore, they are currently outside of scope of the DARE Act. Stablecoins are defined more specifically as “an asset token designed to or that purports to have its value fixed or pegged relative to one or more reference assets, including but not limited to fiat currency, legal tender, commodities or digital assets, for the primary purpose of encouraging price stability”. In addition, issuers of stablecoins are required to back stablecoins by reserve assets equal to the nominal value of all outstanding units of the stablecoin. Under the Bill, algorithmic stablecoins are proposed to be prohibited.

Businesses may accept cryptocurrencies as payment for their services. The only material limitation would be that a business seeking to accept cryptocurrency would be subject to the exchange control approvals and limitations referenced above if it is designated “resident” for exchange control purposes.

While VAT is chargeable on real property transactions, non-real property transactions are subject to stamp duty. Stamp duty is considered a documentary tax although a document can be created for the purpose of stamping a transaction which would otherwise be stampable. The tax position on the sale of NFTs depends on whether the NFT constitutes “property” or a “good” in The Bahamas, and what kind of property or good it represents. Neither of these questions have been opined upon by the tax authorities in The Bahamas or by any court.

The largest custodial exchange now registered in The Bahamas is OKX.

Fiat to crypto exchanges and vice versa are not treated as money transmission businesses but instead are subject to regulation and registration as digital asset businesses. Money transmission businesses in The Bahamas are regulated by the Central Bank of The Bahamas, rather than the Securities Commission and they are only permitted to facilitate transfers and exchanges of fiat currency, accepting Bahamian dollars for onward transmission.

The Bahamas has KYC/AML rules that are applicable to transactions in digital assets. A digital asset business is considered a “financial institution” under the Financial Transactions Reporting Act 2018 (the “FTRA”) and must comply with regulations issued thereunder and the Commission’s rules interpreting the same, including the Digital Assets and Registered Exchanges (Anti-Money Laundering, Countering Financing of Terrorism and Countering Financing of Proliferation) Rules, 2022 (the “DARE AML Rules”).

In summary, the FTRA and the DARE AML Rules require that digital asset businesses:

• conduct a risk assessment of their business and each customer relationship;
• undertake customer due diligence before opening an account or establishing a business relationship with a customer or conducting an occasional transaction;
• identify and verify the identity of each customer using independent reliable source documents (which may be electronically sourced);
• conduct enhanced due diligence on high-risk rated customers and PEPs;
• before conducting a wire transfer, identify the payer and collect and transmit information on the receiving financial institution and the payee;
• undertake ongoing monitoring of transactions in a manner that aligns with the risk rating of customer relationships; and
• comply with the Bahamas’ rules regarding sanctioned persons under the International Obligations (Economic and Ancillary Measures) Act.

Also note that the so-called “travel rule”, as applied by the FATF to virtual asset service providers and summarised above, applies to DABs in The Bahamas. Further guidance on the issues surrounding the mismatch of global implementation of the travel rule – “the sunrise issue” – is expected to be issued by the government/the Commission.

The Bahamas has a well-developed sanctions regime that is addressed in the Anti-Terrorism Act, International Obligations (Economic and Ancillary Measures) Act, and the Anti-Terrorism Regulations. Sanctions are provided for and addressed in legislation and regulatory policy, giving the following regulatory agencies the authority to report, prevent and investigate potential offences and/or work collaboratively to enforce sanctions: Office of the Attorney General, Registrar General, Central Bank of The Bahamas, Securities Commission of The Bahamas, Insurance Commission of The Bahamas, Compliance Commission of The Bahamas, Gaming Board for The Bahamas, Financial Intelligence Unit and Inter-Agency Co-operation.

The FIU is the main supervisory authority as it relates reporting of designated/sanctioned individuals or entities. Generally speaking, the Bahamian sanctions regime is aimed at identifying, investigating and enforcing laws to prevent terrorism and terrorist financing, weapons proliferation and violation of international treaties. Targeted financial sanctions aimed at identified individuals and entities are a key component of the sanctions regime in an effort to comply with the United Nations Security Council Resolutions (UNSCRs) relating to the prevention and suppression of terrorism and terrorist financing and proliferation of weapons of mass destruction (and its financing).

Generally, sanctions in The Bahamas are imposed by way of government-issued publications of sanctions lists, orders and/or new or amended laws and regulations. These notices, key industry guidelines and regulations are usually published and/or circulated via the government agency (or agencies) with authority over the affected industries, institutions, registrants, licensees, entities and/or individuals (as applicable). Pursuant to Section 3A of the International Obligations (Economic and Ancillary Measures) (Amendment) Act, whenever the United Nations Security Council (UNSC) adopts a resolution to impose a sanction in relation to a person or foreign state, the resolution will have full effect and force of law in The Bahamas from the date of adoption by the UNSC. Automatic domestic implementation of UNSC resolutions is also provided for under Part IV of the Anti-Terrorism Act 2018 and Regulation 8 of the Anti-Terrorism Regulations 2019. Note that where an entity such as a DAB satisfies the relevant physical or corporate nexus requirements, it is subject to an IOEAMA Order and is statutorily obligated to comply with the terms of each respective Order.

A single regulator, the Securities Commission of The Bahamas, regulates digital asset marketplaces. The DARE Act generally places a duty on DABs to act honestly and fairly and to observe and maintain high standards of professional conduct. DARE registrants are expected to submit policies establishing a code of conduct which dissuades and punishes manipulative and fraudulent practices. In addition, the Commission has to be satisfied that the applicant has sufficient systems and controls to manage risk, including fraud and market abuse. In addition to the foregoing, those offering or issuing digital assets are mandated to disclose accurately material particulars in their offering document and must advertise offerings in a manner that is (i) accurate and not misleading; (ii) clearly identifiable as an advertisement; and (iii) consistent with the information contained in the offering document. Other than the enforcement action taken with respect to FTX, at time of writing, there are no other notable enforcement actions in relation to these rules.

The DARE Act does not prescribe regulatory limits on the ability of a digital asset exchange to on-transfer to third parties the digital assets they hold for customers, but does provide that DABs have an obligation to ensure the protection of client assets and money. This obligation would be inconsistent with re-hypothecation to third parties without proper and adequate disclosure and consent and rigorous controls. In addition, Section 17 of the DARE Act requires that token exchanges ensure that the systems and controls used in its activities are adequate and appropriate to address the safeguarding and administration of assets belonging to investors/clients.

The Bill addresses re-hypothecation and expressly prohibits DABs authorised to provide custody from re-using client assets that have been entrusted to their safekeeping without client consent. In addition, the client agreements are required to address the rights of clients and the duties of the DAB including the terms and conditions regarding custody and how the digital asset business may use custodied digital assets and the limitation on the use of custodied digital assets.

Presently, DABs that provide wallet services are required to register under the FCSP Act and the DARE Act to provide such services. The Bill contemplates that such services will fall solely under the DARE Act.

There are presently two pieces of legislation that may be applicable to fundraising activities. The first is the DARE Act which is intended to apply to “initial token offerings” (ITOs) defined as “an offer by an issuer to the public for the sale of a digital token in exchange for fiat currency or another digital asset. The Commission has not expressed any view that fundraising for projects is invariably a securities offering. If the digital token is classified as a utility token and provides access to an application utility or service, even if the platform is not “live” at the time of issuance, there is no formal position that this necessarily makes the token a security. Indeed, the Commission’s approach has been to treat digital assets as unique, although issuances are nevertheless subject to similar disclosure requirements as a securities offering under the SIA. An offering document is required to be registered containing such matters as:

• the amount and purpose of the issue;
• a detailed description of the sustainability and scalability of the proposed project;
• a detailed description of the past and future milestones and project financing;
• a disclosure procedure when a team member sells 5% or more of originally issued tokens;
• detailed description of the characteristics and functionality of the digital assets;
• detailed description of all intended efforts to create liquidity;
• a description of any rights associated with members of the project;
• detailed description of the risks associated with the digital assets;
• the issuer’s whitelisting and AML procedures; and
• any set soft-cap or hard-cap for the offering.

Initial exchange offerings are not addressed by the ITO provisions of the DARE Act. The term issuer is the entity responsible for issuance. The use of an intermediary to distribute should not impact the mandatory registration of the token if the token is issued in or from within The Bahamas. The exchange which facilitates the issuance may be subject to registration of this activity as “the participation in and provision of financial services related to an issuer’s offer or sale of a digital asset” is a registrable digital asset business. The Bill contemplates more comprehensively the various modes through which a token may be issued, including airdrops and through an exchange or smart contract.

Airdrop mechanisms are not specifically contemplated by the DARE Act but are contemplated in the Bill as discussed above.

Investment funds are subject to licensing in The Bahamas under the Investment Funds Act, 2019 and the Investment Funds Regulations, 2020. A person or entity which manages an investment fund licensed in The Bahamas or which manages investment funds from The Bahamas, where those funds are organised in other countries, are required to be registered as an investment fund manager under the IFA and IFR. The funds regime in The Bahamas is not prescriptive on investment strategy and investment funds have been formed and licensed, which have crypto strategies either as a main or ancillary strategy. The DARE Act does not mandate investment manager registration for managing investment funds with digital asset strategies. 

A challenge often faced by investment managers is the requirement that investment funds licensed in The Bahamas have a qualified custodian unless specifically exempted by the Commission or unless the strategy is not one in which a custodian is required.

The Bill contemplates that a person advising on digital assets or managing digital assets (of a fund or any other person) will be subject to registration as a DAB if it provides those services in or from within The Bahamas. As an investment fund manager that is organised in The Bahamas is subject to economic substance requirements in The Bahamas, they will likely be deemed to be conducting such business from within The Bahamas.

Under the DARE Act, a DAB includes a digital asset service provider that can undertake a digital asset transaction on behalf of another person or has a power of attorney with respect to another person’s digital assets; or operates as a market maker for digital assets. This definition may cover dealing as agent or as principal.

The DARE Act defines smart contract as “a form of technology arrangement consisting of a computer protocol or an agreement concluded wholly or partly in an electronic form, which is automatable and enforceable by computer code, though some parts may require human input and control and which may be enforceable by ordinary legal methods or both”. Complementing this statutory acknowledgment is the Electronic Communications and Transactions Act 2003 (ECTA) which explicitly recognises that contracts may be concluded by electronic communications. There has been no judicial acknowledgment that the ECTA also confirms the binding nature of a smart contract but there appears to be no reason why ordinary common law principles would not apply if the necessary elements of offer and acceptance indicating an intention to be bound are met. 

The list of categories of fiduciaries is not a closed one and therefore a court could find in certain, although perhaps exceptional circumstances, that a relationship exists such that they have placed themselves in a position of trust vis-à-vis platform participants. There is no Bahamian jurisprudence on this particular issue. English case law would be persuasive on the matter to a Bahamian court to the extent a precedent has been set. There is recent case law in England which is still making its way through the courts (Tulip Trading Limited & Others v Bitcoin Association for BSV and Others [2023] EWCA Civ 83) which will likely be precedent setting on this issue and therefore highly persuasive. 

A DeFi platform that matches borrowers and lenders may be subject to registration under the Financial and Corporate Services Providers Act, 2020. Lending activity is not specifically contemplated under the DARE Act. 

That said, the Bill does purport to capture “providing staking services” including staking assets belonging to third parties or operating and managing a staking pool through which a third party may participate in staking by depositing digital assets into a pool of digital assets belonging to other third parties.

The ability of a lender to take an effective pledge of a digital asset has not been subject to any Bahamian jurisprudence. An asset can only be pledged where it is capable of possession and the ability for a digital asset to be possessed has not been determined as a matter of Bahamian law. Bahamas law, like English law, recognises legal and equitable mortgages and therefore, if as a matter of Bahamian law, such an asset is a form of property, then a legal mortgage or equitable charge could be taken in respect of that asset. 

An investment fund is required to designate a qualified custodian unless it is specifically exempted, or the strategy does not justify the appointment of one. In order to act as a custodian of digital assets in The Bahamas, a custodian would have to be registered to provide custody under the DARE Act and the FCSP Act. 

If the Bill is passed as proposed, a custodian would also be subject to the following additional requirements.

• Digital assets must be segregated from own holdings and any other non-client digital assets.
• Client’s assets must be held on separate addresses from those on which their own digital assets or other non-client digital assets are held.
• On internal ledgers, separate accounts shall be maintained for client digital assets and their own assets or any other non-client digital assets.
• Explicit consent must be procured from clients before holding any client assets in one or more omnibus accounts, or under any other arrangement where client assets are not held in separate accounts for each individual client.
• When omnibus accounts are used, appropriate procedures must enable the DAB to always identify the digital assets belonging to each individual client.
• The DAB must ensure that appropriate procedures are in place to separate the DAB estate, such that creditors of the DAB have no recourse to the digital assets held in custody in an insolvency.

Per Section 23, the DARE requires that every registrant must implement and maintain data protection measures consistent with the Data Protection (Privacy of Personal Information) Act (DPA). The DPA is applicable to the use of any blockchain-based products or services and contains both data privacy and protection rights and obligations for data subjects, data controllers and data processors.

DPA Overview

The DPA’s preamble provides that the Act serves to protect the privacy of individuals in relation to personal data and to regulate the collection, processing, keeping, use and disclosure of certain information relating to individuals and to provide for matters incidental to or in connection with the same.

Data Controller v Data Processor

Depending on the nature of the business model and level of determination as to how personal data should be used, digital asset businesses or blockchain-based products/services will fall into the category of either a data controller or data processor. A data controller is defined in the DPA as a person who, either alone or with others, determines the purposes for which and the manner in which any personal data is, or is to be, processed, while a data processor is defined as a person who processes personal data on behalf of a data controller.

Applicability of DPA

It is important to note that the DPA only applies to individuals/entities once the prescribed threshold has been met, where either:

• the data controller is established in The Bahamas and the data is processed in the context of that establishment; or
• the data controller is not established in The Bahamas but uses equipment in The Bahamas for processing the data (otherwise than for the purpose of transit through The Bahamas). Note that if a data controller falls in this particular category they are obligated to nominate a representative established in The Bahamas. 

Further, under Section 4(3) of the DPA, inter alia, bodies incorporated under the laws of The Bahamas (ie, digital asset businesses) are deemed data controllers “established in The Bahamas” and thus shall be subject to the provisions of the same.

Core Data Protection Obligations on Behalf of Data Controllers

With regard to the general collection of personal data, data controllers are statutorily obligated via Section 6 DPA to ensure fair and lawful collection of data, data accuracy, purpose limitation, data adequacy, lawful data retention and data security. More specifically, data controllers must ensure:

• data has been collected by means which are both lawful and fair in the circumstances of the case;
• data is kept accurate and, where necessary, kept up to date (except in the case of back-up data);
• data is only kept for one or more specified and lawful purposes;
• data is not used/disclosed in any manner incompatible with that purpose/those purposes;
• data collected is adequate, relevant and not excessive in relation to that purpose or those purposes;
• data is not kept for longer than is necessary for that purpose/those purposes; and
• appropriate security measures are taken against unauthorised access to, or alteration, disclosure or destruction of data and against their accidental loss or destruction (this particular provision also applies to data processors).

Duty of Care

If the DAB, in its capacity as data controller, intends to share/disclose any user data with third parties (including affiliates), a data controller must pay particular attention to Section 12 of the DPA, which states that a data controller, in the collection of personal data, owes a duty of care to the data subject(s) concerned and must use contractual or other legal means to provide a comparable level of protection from any third party to whom it discloses information for the purpose of data processing.

Data Subject Rights

Sections 8, 9 and 10 provide data subjects with, subject to certain exceptions, a right of access to one’s personal data and a right of rectification/erasure of data by way of a written request to the relevant data controller (ie, a digital asset business). Note that data controllers have the option to make further inquiries based upon the request, or refuse it altogether, if the request has no legal basis. Data subjects also have the right to request opt-out of direct marketing.

International Data Transfers

Data transfers are permitted under the DPA where such transfer of data is required or authorised by or under any enactment; is required by any convention or other instrument imposing an international obligation on The Bahamas; or otherwise is made pursuant to the express or implied consent of data subjects. Careful attention must be paid to Section 12 of the DPA, however, which allows for the Data Protection Commissioner (DPC), in their discretion, to prohibit the transfer of personal data from The Bahamas to a place outside The Bahamas in cases where there is a failure to provide protection either by contract or otherwise equivalent to that provided under the DPA. Also factoring into that decision will be whether the data transfer is likely to cause damage or distress to any person and subsequent desirability of facilitating such an international data transfer. If the DPC determines such data should not be transferred outside the jurisdiction, they may issue a prohibition notice which must be complied with as it is an offence not to do so.

DARE Applications

It should further be noted that as part of an application to the Commission for registration as a digital asset business, the Commission requires a detailed description of the DAB’s proposed cybersecurity protocols, data management systems, data protection systems and risk management systems for their review. Further, prospective ITO registrants must state in their Offering Memorandum, inter alia, a detailed description of the security safeguards against cyber threats to the underlying protocol, to any off-chain activities and to any wallets used by the issuer.

Please see response in 8.1 Data Privacy.

Proof of Work mining is presently allowed in the jurisdiction but out of scope of registration under the DARE Act. The Bill proposes to ban proof of work mining operations, which is consistent with the government’s proposed approach to focusing on technologies and businesses that are environment conscious. 

Staking as a service is not contemplated under the DARE Act but is a key area of focus in the Bill. The provision of staking services is subject to registration and digital asset businesses that provide such services will be subject to additional disclosure requirements to customers. The Bill’s proposals are that clients should be provided with disclosures, including:

• details of the staking protocol including, where applicable, an explanation of the consensus mechanism of the relevant DLT network;
• details of how the assets are staked, including but not limited to the how, and the period of time for which digital assets are “locked up”;
• details of the reward or interest to be earned by staking participants, including but not limited to the form of the rewards and how the rewards may be redeemed by the client;
• details of how staked assets may be redeemed;
• details of any penalties which may be imposed on staking participants; and
• where applicable, details of how staking participants are chosen for the purposes of validating a transaction on a DLT network.

In addition to the above, a warning must be given to clients or potential clients that staked assets may be lost or stolen from hacking, that earnings may give rise to tax liabilities, that staked assets may lose value and where applicable, that the staked assets are not subject to insurance protection.

There is some DAO activity in the jurisdiction. DAOs may create sub-DAOs and incorporate legal wrappers for investment and other activities. At present, the DARE Act does not adequately address DAOs. Some aspects of the Bill, particularly in relation to the operation and management of staking pools, may lead to questions as to whether the activity performed by a DAO is registrable. There remains the practical challenge of identifying who is registrable in that context. In the future, it is possible that the Bahamas will provide a registration pathway for DAOs who have wrapped investment functions in a legal wrapper and identified DAO participants to fulfil certain roles.

DAOs are employing on-chain and off-chain processes. Voting thresholds vary but thresholds of 20% of the governance tokens have been seen to make a proposal with a majority required to pass or carry a proposal. Governance tokens may be airdropped or be distributed as a bonus issue and attached to their purchase of another token.

DAOs are choosing to incorporate legal entity structures to facilitate interaction with non-blockchain counterparties. Having a formal legal personality facilitates counterparty arrangements and due diligence in addition to the natural advantages conferred by separate corporate personality, like limiting liability. The cons of forming a legal entity are that the entity, and its governance mechanisms are necessarily off-chain. In addition, actually incorporating an entity may be difficult in jurisdictions like The Bahamas, where the concept of beneficial ownership includes the identification of those owning and/or controlling the legal entity.