Contributed By Carey Olsen
Since the introduction of the Digital Asset Business Act 2018 (DABA) and ancillary regulations related thereto (the “DAB Regime”), Bermuda has become a recognised global leader in the regulation of the fintech sector. The Bermuda government forged one of the world’s first comprehensive regulatory frameworks specifically designed to provide legal and regulatory certainty to industry participants while ensuring that business in the fintech sector is conducted in accordance with recognised international standards and best practice.
Bermuda’s legal and regulatory fintech framework is founded on two key statutes. The DABA introduced the DAB Regime for businesses conducting “digital asset business” and the Digital Asset Issuance Act 2020 (DAIA) established a regime (the “DAI Regime”) to regulate initial coin or token offerings (“digital asset issuances”) (collectively, the “Digital Asset Regimes”) .
The DABA introduced the world’s first statutory definition of “digital assets” (see below), which encompassed all types of digital coins, tokens and assets, without differentiation. This provided a consistent and reliable interpretation of what amounted to conducting digital asset business as a regulated activity in and from Bermuda.
Bermuda also established one of the world’s first digital asset business bank licensing regimes that provides for a banking licence to be issued to persons seeking to provide traditional banking services to the digital asset sector and, when conjoined with a licence issued under the DABA, the legal and regulatory ability to on- and off-ramp between fiat and digital assets.
Since the Digital Asset Regimes were introduced, the Bermuda Monetary Authority (BMA) ‒ Bermuda’s sole financial services regulator ‒ has continued to enhance and update applicable rules, regulations, codes of practice, statements of principles, and guidance to extend the scope of both Digital Asset Regimes.
To promote innovation in the insurance sector, the Bermuda government introduced an insurance regulatory sandbox, which allows start-up innovators to experiment in a regulated but smaller-scale environment. In 2023, the concept and scope of a regulatory sandbox was broadened to encompass investment business, thereby promoting the offering of innovative products and testing of new technologies and delivery methods in the traditional financial sectors.
The Bermuda government has also announced its intention to launch a blockchain-based stimulus token for use in Bermuda’s retail market, which will be a Bermuda dollar-backed stablecoin using technology developed by a Bermuda business regulated under the DABA. The government has also been working on numerous other technology projects to further enhance the island’s digital infrastructure, including:
Bermuda has strived to grow a collaborative business and regulatory culture that involves industry and government working together to create opportunities and commercial success, with a truly independent, actively engaged and globally recognised regulator maintaining the balance between the promotion of innovation and adherence to worldwide standards of regulation, compliance and good corporate governance.
The extensive scope and flexibility of the Bermuda licensing regime supports a wide range of business models. This creates diversity and choice for industry across a range of industry sectors, including:
DABA
Regulated activity
The DABA imposes a licensing requirement on any person carrying on a digital asset business. It sets out the criteria a person must meet to obtain a licence, as well as applicable continuing obligations and the supervisory and enforcement powers of the BMA.
The DABA applies to any entity incorporated or formed in Bermuda that carries on a digital asset business. It also applies to any entity incorporated or formed outside Bermuda that carries on a digital asset business in or from within Bermuda.
The term “digital asset” is defined in the DABA (and has the same meaning for the purpose of the DAIA) as “anything that exists in binary form and comes with the right to use it, and includes a digital representation of value that is:
The “digital asset business” activities regulated by the DABA are:
Exemptions
The Minister of Finance, acting on the advice of the BMA, can issue an exemption order under the DABA that grants a specified person (or a person that falls within a specified class) exemption from having to obtain a licence under the DABA.
In 2023, the Bermuda government issued an exemption order excluding the following persons from registration under the DABA:
Similarly, the BMA can grant an exemption or modification exempting a person conducting a digital asset business from the requirement to comply with any standard applicable to it or modify the same, which may be subject to specified conditions.
Licensing requirements
There are three classes of licence available to persons conducting digital asset business activities in or from Bermuda.
Class F licence
A Class F licence is a licence to conduct specified digital asset business activities and is not subject to a specified period. However, the BMA has the discretion to place restrictions or conditions on a licence where they deem it appropriate in the circumstances.
Class M licence
A Class M licence is a licence to conduct specified digital asset business activities with modified restrictions. Conditions will only be valid for a specified period of time determined by the BMA.
Class T licence
A Class T licence is designed to operate as a test licence for pilot or beta testing in relation to specified digital asset business activities. Once the BMA considers that the business has successfully achieved its testing objectives, it will accept an application to upgrade the licence to a Class M or potentially Class F licence. Class T licences are more appropriate for start-ups, owing to the relaxed approach to the minimum licensing criteria.
Minimum licensing criteria
Schedule 1 of the DABA sets out the minimum criteria for licensing, which includes:
Holders of a Class M or Class F licence must maintain a head office in Bermuda from which the business is managed and directed. Licensed persons must also demonstrate a cybersecurity programme commensurate with the nature, size and complexity of the digital asset business activities. Licensed persons must also file an annual comprehensive cybersecurity report prepared by their Chief Information Security Officer that assesses the availability, functionality, and integrity of their electronic systems in each case. This must be reviewed and subject to an external audit.
In 2023, the BMA issued the Digital Asset Business (Cyber Risk) Rules 2023, which replaced the Digital Asset Business (Cybersecurity) Rules 2018 (the “Cybersecurity Rules”). The new rules require Class F licence holders to file cyber-risk returns with the BMA on an annual basis. Class M and Class T licence holders will be required to make such filing as often as prescribed by the BMA.
DAIA Regime
Regulated activity
The DAIA applies to any undertaking incorporated or formed in or outside Bermuda that conducts any digital asset issuance in or from within Bermuda. The BMA has issued the Digital Asset Issuance Rules 2020, which expand upon the requirements under the DAIA.
A “digital asset issuance” is an offer to the public, or any section of the public, to acquire digital assets or to enter into an agreement to acquire digital assets at a future date. Any undertaking seeking to conduct a digital asset issuance must obtain prior authorisation from the BMA.
Although issuers of digital assets may be regulated under the DABA (which regulates the business of issuing, selling or redeeming digital assets), in general, those intending to issue digital assets as a means to raise capital would fall under the DAIA. Those intending to issue, sell or redeem digital assets as a business (eg, continuously with the intention to capture a profit) would fall under the DABA. The DAIA grants the BMA wide-ranging powers of supervision and enforcement similar to those granted under the DABA.
Exemptions
Prior authorisation under the DAIA is not required if:
Although prior authorisation is not required, an issuer or promoter must file a digital asset placement declaration form with the BMA before any such transaction.
Minimum authorisation requirements
The BMA may not authorise an undertaking to conduct a digital asset issuance unless it is satisfied the undertaking fulfils certain minimum criteria set out in the DAIA. These authorisation criteria are substantially the same as the above-mentioned minimum licensing criteria under the DABA.
Issuance document
The DAIA requires that any person conducting a digital asset issuance must publish and file an issuance document with the BMA, unless it falls within an exemption. The following are examples of information that must be included in the issuance document:
Digital asset businesses do not have any restrictions regarding the way in which they charge customers, if the charges are applicable to their business models and are adequately disclosed.
According to the Digital Asset Business (Client Disclosure) Rules 2018 (“DAB Client Disclosure Rules”), at the time of entering a contract for the provision of products or services, a DABA licencee must provide the client with information including (but not limited to):
The fintech regulatory regime in Bermuda – namely, the DABA, the DAIA, and the relevant regulations promulgated thereunder – apply to all persons who are conducting a digital asset issuance or a digital asset business in or from within Bermuda, regardless whether or not such persons were conducting such activities prior to the inception of each statute.
Bermuda’s “regulatory sandbox” concept encompasses regulated activities across all sectors following its successful implementation under the DABA. The sandbox regime permits businesses that are seeking to be innovative or have innovative products or services to apply for a conditional sandbox licence, which under the DABA originally comprised the Class M licence. This was later expanded to also include a Class T licence, which was introduced specifically for persons seeking to test or run a prototype with reduced regulatory obligations commensurate with their reduced risk status.
Another example is under the Insurance Act 1978 (the “Insurance Act”), whereby an insurance regulatory sandbox allows for companies to test new technologies and offer innovative products, services and delivery mechanisms to a specified number of policyholders for a specific period.
The BMA has the power to review applications for the applicable sandbox and determine the appropriate legislative and regulatory requirements that should be modified during the period within the sandbox.
The BMA is the sole financial services regulator and controller for foreign exchange control purposes in Bermuda.
The DABA and the Digital Asset Business ‒ Code of Practice (the “DAB Code of Practice”) provides that certain regulated functions, such as asset management, custodial services, cybersecurity, compliance and internal audit, can be outsourced to third parties. The BMA requires the disclosure of any material outsourcing arrangements and it has, through its general guidance on outsourcing as well as through the DAB Code of Practice, reiterated that the responsibility remains with the digital asset business to ensure that all legal and regulatory obligations (under the DABA and any other relevant rules and regulations) are met to the same degree as if the outsourced function was being performed internally.
Where roles have been outsourced to either external third parties or to affiliated entities of the digital asset business licensee, it is the directors of the licensee who are responsible for ensuring that there is oversight and clear accountability for each role. Any service agreement for an outsourced function must include terms on compliance with jurisdictional laws and regulations and should not prohibit co-operation with the BMA or its access to data and records in a timely manner. The directors of the licensee must assess the impact of outsourcing a role.
Where outsourcing a particular function is reasonably expected to adversely affect governance and risk management structures, excessively increase operational risk, affect the BMA’s ability to effectively supervise and regulate the entity, and adversely affect client protection, that function should not be outsourced.
For the purposes of cross-border outsourcing arrangements, there is no list of approved or equivalent jurisdictions; however, it would be preferable to outsource to an entity that is regulated either by the BMA or by a regulator in another jurisdiction that applies standards that are at least equivalent to those applied in Bermuda. Any foreign entity providing outsourced functions to Bermuda regulated entities must comply with the requirements under Bermuda’s AML/CTF laws and regulations.
A person licensed under the DABA as an electronic exchange can apply to become an “accredited digital asset exchange” under the DAIA. This accreditation effectively turns the exchange into a “gatekeeper” for digital asset issuances. This means that it can authorise digital asset issuances without the issuer being required to file an issuance document with the BMA.
The BMA has wide powers under the DABA and the DAIA in relation to enforcement, including the power to:
In the event that a licensee fails to comply with a condition, restriction or direction imposed by the BMA or with certain requirements of the DABA, the BMA has the power to:
In the more extreme cases, the BMA may revoke a licence and subsequently petition the court for the winding-up of the entity whose licence it has revoked.
Personal Information and Protection Act
Bermuda’s Personal Information and Protection Act 2016 (PIPA) is the main piece of legislation in Bermuda that regulates the use of personal information. It has been implemented in phases and the Bermuda government has recently announced that all remaining provisions will come into effect on 1 January 2025.
PIPA applies to every organisation in Bermuda that uses personal information either wholly or partly by automated means and to the use other than by automated means of personal information that form, or are intended to form, part of a structured filing system.
Under PIPA, an organisation can only use personal information where there is a lawful basis for that use. Such lawful bases include:
In order to comply with the provisions of PIPA, those organisations that are caught under it (including those in the fintech sector) will need to:
Where the organisation transfers personal information to a third party (overseas or otherwise), it will remain responsible for PIPA compliance in relation to that personal information.
If an organisation does not believe that the protection provided by an overseas third party will be comparable to the level required under PIPA, that organisation may choose to employ contractual mechanisms, corporate codes of conduct, or other means to ensure that the overseas third party provides a comparable level of protection.
The privacy laws of other jurisdictions may have extraterritorial effect (eg, the EU General Data Protection Regulation (GDPR)) and organisations in Bermuda may also be subject to these.
Cybersecurity
The Cybersecurity Rules and the DAB Operational Cyber Risk Management Code of Practice (the “Cybersecurity Code”) apply specific cybersecurity rules to persons licensed to conduct a digital asset business. The BMA has a team dedicated to the supervision of persons conducting digital asset business in relation to their cybersecurity programmes. Every entity licensed under the DABA must appoint a senior executive whose responsibility it is to:
An application for a licence under the DABA must include information in relation to:
AML/CTF
Persons licensed under the DABA are “regulated financial institutions” under the Proceeds of Crime Act 1997 (POCA). This means that they will be required to comply with all Bermuda legislation applicable to “regulated financial institutions” (ie, banks, long-term life insurance companies, investment funds and fund administrators), including Bermuda՚s AML/CTF legislation and regulations (collectively, the “AML/CTF Rules”). The BMA has also published sector-specific guidance notes for DABA licensees (Annex VIII – Sector-Specific Guidance Notes (SSGN) for Digital Asset Business) to assist with compliance with applicable AML/CTF obligations.
Under the AML/CTF Rules, DABA licensees must:
There are also specific rules applicable to companies that are conducting public offerings of digital assets – specifically, these companies:
In contrast, a company that is offering shares to the public is only subject to these requirements if it is a “regulated financial institution”, as prescribed under the AML/CTF Rules.
Sanctions
The UK extends sanctions measures to Bermuda by way of Overseas Territories Orders in Council (“OT Orders”). However, not all OT Orders extend to Bermuda (owing to policy reasons) and are therefore brought into force under the International Sanctions Act 2003 (the “ISA Act”). The Bermuda sanctions regulatory regime applies to all individuals and legal entities that are within or that undertake activities within Bermuda.
OT Orders have a broad reach and apply to persons in Bermuda, any person not in Bermuda but who is a British citizen, a citizen of a British overseas territory, a British subject, an overseas British national or a British protected person ordinarily resident in Bermuda. Any person on board a ship or aircraft that is registered in Bermuda is also caught by financial sanctions.
As regulated financial institutions, DABA licensees have an obligation to report to Bermuda’s Financial Sanctions Implementation Unit as soon as practicable if they know, or have reasonable cause to suspect, that a person:
DABA licensees are also required to:
If a DABA licensee has outsourced this function to a service provider, steps should be taken to verify that the service provider is also fully compliant with the Bermuda sanctions regime, as ultimate responsibility for compliance remains with the DABA licensee.
Anti-bribery
Under Bermuda’s Bribery Act 2016, the following offences are applicable to both individuals and corporations:
In addition, there is also a corporate offence of failing to prevent bribery, which is applicable to corporate bodies and partnerships incorporated and formed in Bermuda. This is a strict liability offence, with only one possible defence ‒ the organisation will have to prove that it had “adequate procedures” in place designed to prevent persons who are associated with it from bribing. The Bermuda government has published the Bribery Act 2016 Guidance, in which the principles around what amounts to “adequate procedures” are set out.
Electronic Transactions Act 1999
The Electronic Transactions Act 1999 introduced – among other benefits – a statutory recognition of the validity of digital/electronic records and, subject to certain criteria being met, signatures applied to such records.
Traditional financial service industry sectors in Bermuda have all been actively involved in the development and implementation of complimentary financial and non-financial services to this growing fintech sector.
Banking
Bermuda’s banking laws were amended in 2018 with the introduction of the Banks and Deposit Companies Amendment Act 2018 (the “Banks Amendment Act”), which sought to open up the banking market by providing relief from certain local banking requirements (eg, retail banking services) in return for restricting services to the fintech sector. This provided a balance between positive new competition and the protection of existing traditional retail banking services.
Financial Auditing
DABA licensees must have their financial statements audited annually. The BMA is cognisant of the influence of global events on the appetite of the established audit firms to audit this sector and, as such, financial audits may be conducted by regulated audit firms registered in Bermuda or other jurisdictions that are recognised as following the same or similar accounting standards.
Other Service Providers
Bermuda has seen an increased interest in persons seeking to provide all manner of financial and non-financial services to the fintech sector, including AML/CTF compliance, accounting, custodial, fund management and administration, and legal and corporate services.
DABA licensees or issuers authorised under the DAIA are not expressly prohibited from conducting unregulated business. However, in each case, the licensed/authorised entity must ensure that its regulated business is conducted in a prudent manner. Accordingly, any unregulated activities will need to be assessed from the perspective of how they affect the regulated activities of DABA licencee or issuer.
Refer to 2.10 Implications of Additional, Non-financial Services Regulations.
While “robo-advice” or other types of automated advice are not specifically regulated by the BMA, DABA licensees and digital asset issuers that adopt robo-advice will need to consider regulation of providing “advice” more broadly.
Under the IBA, the giving or offering of investment advice to clients or potential clients in respect of “investments” constitutes investment business, which may not be conducted in or from Bermuda without being licensed or registered under the IBA (subject to any applicable designation by the Bermuda Minister of Finance as a non-registrable person). What constitutes an “investment” under the IBA is wide and includes assets ranging from shares and debentures to options and futures, so can therefore capture digital asset derivatives.
The use of robo-advice as a low-cost alternative advice model has been considered by legacy players in the Bermuda market to give locals access to more affordable advice, particularly by the banking and government sectors. However, the use of robo-advisers in respect of digital assets has not yet been widely adopted by such legacy players.
Licensed investment managers need to comply (and ensure that any robo-adviser or other technology it adopts complies) with the Code of General Business Conduct and Practice. This code recommends that an investment provider does not transact business for a client on worse terms than it would expect to obtain for itself, making allowances for the size of the transaction (and other allowances).
The BMA has not published any specific guidance on best execution for digital asset business regulated entities. However, the BMA will consider the method(s) for execution and settlement as part of the licensing application process.
The BMA regulates the business of lending fiat under the Banks and Deposit Companies Act 1999 and relevant regulations (collectively, the “Banks Act”). Under the Banks Act Code of Conduct, licensed banks and deposit-taking companies are required to identify and implement policies and procedures to accommodate and afford reasonable care to an individual who is identified as vulnerable or who discloses these needs to the institution. Otherwise, the Banks Act does not differentiate between the business of lending to individuals, small businesses or others.
Additionally, in 2023, operating as a digital asset lending service provider or operating as a digital asset repurchase transactions service provider were included as separate regulated digital asset activities under the DABA. These categories (respectively) encompass circumstances where:
The counterparty in the above-mentioned circumstances can be any type of person or entity.
Bermuda also introduced one of the world’s first digital asset business bank licensing regimes, which provides for a banking licence to be issued to persons seeking to provide traditional banking services to the digital asset sector.
There are no additional requirements for the underwriting of digital assets, other than compliance with regulations under the DABA and the Banks Amendment Act mentioned in 2.11 Review of Industry Participants by Parties Other than Regulators, as applicable. A person conducting digital asset lending will be required to deliver details of risk management and controls to the BMA.
Bermuda’s legal and regulatory landscape – in particular, the regulation of lending or repurchase transactions under the DABA ‒ does not distinguish between the sources of funds for loans. An entity lending either fiat or digital assets will be required to submit its credit risk management framework and controls to the BMA with its licensing application and as part of its ongoing regulatory monitoring and reporting obligations.
DABA licensees, banks and deposit-taking companies are prescribed as AML/CTF-regulated financial institutions and must comply with relevant AML/ATF regulations, which may include requirements to verify source of funds of customers.
The syndication of loans involving Bermuda obligors is not uncommon. Typically, the syndication of loans takes place on a cross-border basis involving lenders and counterparties overseas where documentation is usually subject to the laws of a foreign jurisdiction and is not otherwise directly captured under current regulation (subject to bespoke conditions such as minimum capitalisation requirements for DABA licensees or regulated insurtech entities in Bermuda).
Payment processes are not required to use existing payment rails under Bermuda law, nor are they precluded from creating or implementing new payment rails. However, creating or implementing a new payment rail for the purposes of advancing digital asset business may prompt the licensing requirements under the DABA.
A payment processor (excluding an entity licensed under the Banks Act) may also require a licence under Bermuda’s Money Service Business Act 2016 (unless subject to an exemption under the Guidance Notes – Money Service Business Act 2016) if it conducts any of the following money service business activities:
Any purchases of foreign fiat currency made by a Bermuda resident in Bermuda dollars from an institution licensed under the Banks Act will be subject to a transaction tax of 1.25%. This must be withheld by the applicable institution and thereafter remitted to the Bermuda Tax Commissioner.
Cross-border payments and remittances using digital assets are separately regulated under the DAB Regime. However, they are not subject to the foreign currency payment tax.
Entities involved in providing fund administration provider business are required to be licensed by the BMA under the Fund Administration Provider Business Act 2019 (the “Fund Administration Act”). The Fund Administration Act describes a fund administrator as any person who provides one or more of the following services to an investment fund:
Fund advisers typically engage fund administrators by way of services agreements to assist with compliance matters, such as:
Although the provisions of services agreements between fund administrators and fund advisers are typically negotiated contracts, fund administrators are subject to the BMA’s Code of Practice, Statement of Principles and Corporate Governance policies for fund administrators. This offers guidance as to the duties, requirements and standards to be complied with – and the procedures and sound principles to be observed ‒ by persons carrying on fund administration provider business.
Digital Asset Exchanges/Digital Asset Derivative Exchanges
Digital asset exchanges and digital asset derivative exchanges are permissible, and the operation of both are regulated under the DABA. There are no material differences between the requirements applicable under the DABA to these two different types of platforms.
A digital asset exchange is a centralised or decentralised electronic marketplace used for digital asset issuances, distributions, conversions and trades, including primary and secondary distributions, with or without payment. This may include digital asset conversions and trades entered into by the electronic marketplace as principal or agent.
A digital asset derivative exchange means a centralised or decentralised marketplace used for digital asset derivative issuances, distributions and trades with or without payment. This may include digital asset derivatives trades entered into by the marketplace as principal or agent. A digital asset derivative means an option, a swap, a future, a contract for difference or any other contract or instrument whose market price, value or delivery or payment obligations are derived from, referenced to or based on a digital asset underlying interest.
Insurance Marketplace Provider
The Insurance Act also licenses the operation of a platform (of any type) established for the purpose of buying, selling or trading contracts of insurance. Such licensed activities may be done in a traditional manner or through the Insurtech Sandbox as an innovative insurance marketplace provider.
Bermuda Stock Exchange
When it comes to the general trading of securities of publicly listed companies in Bermuda, the Bermuda Stock Exchange (BSX) is the primary trading platform. Traditional securities of all types can be listed on the BSX, provided they meet the application and maintenance requirements of BSX Listing Regulations.
Please refer to 7.1 Permissible Trading Platforms.
Please refer to 7.1 Permissible Trading Platforms.
Traditional securities that are listed on the BSX must meet the standards and requirements set out in the BSX Listing Regulations. The principal function of the BSX is to provide a fair, orderly and efficient market for the trading of securities of both domestic and foreign issuers and is itself regulated by the BMA.
In contrast, digital asset exchanges and digital asset derivative exchange providers are all regulated under the DABA and are required to conduct their business in a prudent manner. Specifically, in relation to the listing of digital assets and digital asset derivatives, there are no definitive regulatory criteria for exchanges to adhere to other than in relation to seeking BMA approval to introduce a new product or service.
The standards by which each licensed entity chooses to list different products will be set and maintained by that licensed entity as part of their application for a licence. The general overview of such standards must be included in and approved by the BMA upon the entity’s initial application for licensing or as part of a notification or application to introduce new listings. The BMA has also issued the Digital Asset Business Act 2018 – Product Due Diligence Guidance Notes, which outline the BMA’s expectation in relation to the diligence conducted on products and services (including digital assets listed on a Bermuda exchange) introduced by a DABA licensee.
See 3.3 Issues Relating to Best Execution of Customer Trades and 7.4 Listing Standards.
Peer-to-peer trading platforms that offer services to the public as a business in and from within Bermuda and allow the trading of digital assets are generally captured under the DABA and are subject to the same regulatory requirements and scrutiny as operators of a digital asset exchange or digital asset derivative exchange. There is still open discussion and consideration as to how a decentralised autonomous organisation would be treated if providing such services, but in most instances there would need to be a legal person or organisation with a nexus to Bermuda to be captured.
See 3.3 Issues Relating to Best Execution of Customer Trades and 7.4 Listing Standards.
See 3.3 Issues Relating to Best Execution of Customer Trades and 7.4 Listing Standards.
The BSX has a clear set of principles around the market integrity expected of a traditional securities exchange within its Listing Regulations.
The BMA has produced the DAB Code of Practice, the DAB Client Disclosure Rules, the Cybersecurity Rules, and the Sector-Specific Guidance Notes (SSGN) for Digital Asset Business, among others ‒ all of which include principles governing the conduct of digital asset business generally and which supplement the principles and regulations found within the primary legislation. Under these codes and rules, DABA-licensed entities are required to observe principles including ethical corporate behaviour, client protection and security, business integrity and prudence, and regulatory and legal compliance. Within the relevant rules and codes, as well as under the DABA, the BMA is granted authority to review, monitor and enforce the relevant requirements.
Currently, there are no specific regulations exclusively for the creation and use of digital assets in high-frequency and algorithmic trading. Such activities may fall under either the DABA or IBA licensing regimes, depending upon the type of asset being traded and whether such activity falls within proprietary trading or operating as a business to the public.
The DABA specifically includes market-making activities within the scope of “digital asset service vendors”. A licence is required for such operations from or within Bermuda. Within the DABA’s framework, a market maker is defined as someone who ‒ as part of their business ‒ engages in trading digital assets by providing bid-and-ask prices to profit from spreads, fulfilling client orders, or hedging positions resulting from these activities.
However, individuals trading solely on a principal basis (eg, proprietary traders) are likely to fall outside the scope of the definition of market makers under the DABA. A thorough examination of agreements between these individuals and trading platforms or exchanges is essential to determine their classification in each case.
Although the IBA and Investment Funds Act (IFA) specifically differentiate between funds and dealers of traditional investments, the DABA does not. Typically, an investment fund falls outside the scope of the DABA unless it engages in digital asset business activities. Also, an investment fund that has appointed an investment manager who is licensed under the IBA or authorised by a recognised regulator is exempted from needing to apply for a DABA licence, provided it gives prior notice to the BMA.
Meanwhile, a licensed digital asset business entity is explicitly excluded from the definitions of an investment fund under the IFA.
The BMA will look at the overall structure of the business, the rights, powers and obligations of participants, as well as the overarching objective in order to properly assess whether a business or other arrangement is captured under the Digital Asset Regimes.
The activity of developing and creating trading algorithms and other electronic trading tools is not regulated. However, if the benefit or use of such services is offered directly to the public as part of that business, such activities may be captured under the DABA or the IBA, depending on the type of asset being traded.
The DAB Regime applies to persons conducting the business of providing any or all of the specified digital asset business activities to the public. DeFi is not expressly defined under the DAB Regime.
Depending on the activities being conducted via or in relation to a DeFi platform, activities conducted could be caught under any number of the existing digital asset business categories of the DABA. It is anticipated that, given the higher risk surrounding DeFi management, the BMA will take a heightened approach to regulating persons that provide services to the public using a DeFi protocol in accordance with its proportionality principles.
As regards DeFi protocols, developing software technology is unlikely to fall under any regulations in Bermuda (other than the economic substance regime, which applies to all companies whose revenue is derived from IP in Bermuda). Those looking to be regulated in Bermuda and provide services to the public through a DeFi protocol should consider using a legal “wrapper” that can act on behalf of the protocol and its participants. An example would be using a company limited by guarantee structure whereby the company has members limited by guarantee rather than shareholders and is restricted from making any distributions to its members. This would allow the BMA to regulate the legal “wrapper” as the person responsible for the protocol’s compliance with the DAB Regime.
There is no requirement in Bermuda for the registration of financial research platforms.
However, a person that has control over the provision of a digital asset benchmark – including administering the arrangements for determining a benchmark, collecting, analysing or processing input data for the purpose of determining a benchmark, and determining a benchmark through the application of a formula or other method of calculation or by an assessment of input data provided for that purpose ‒ will be within the scope of the DABA and required to be licensed if undertaking this activity as a business in or from Bermuda.
Also, it should be noted that the giving or offering of investment advice to clients or potential clients is a regulated activity under the IBA. The giving or offering of such advice constitutes investment business, which may not be conducted in or from Bermuda without being licensed or registered under the IBA (subject to any applicable designation by the Bermuda Minister of Finance as a non-registrable person). It should be noted that “investments” do not generally include digital assets, but may include certain types of digital asset derivatives.
The BMA monitors DABA licensees to ensure that business is being conducted in a prudent manner and in accordance with the DABA provisions. Although the provisions of the DABA do not currently provide for the direct regulation of unverified information, the BMA is empowered to take necessary actions against a DABA licensee who contravenes the requirement of prudent business conduct where such conduct poses a threat to the public, clients, or potential clients, including market manipulation as well as the dissemination and disclosure of inaccurate information where it relates to a product or services being offered.
The BMA requires prudent and ongoing monitoring of exchange activities by the DABA licensee to mitigate against the risk of “pump and dump” schemes or the illegal promotion of a particular product or service. Please also refer to 9.2 Regulation of Unverified Information.
The underwriting process for traditional insurers is currently regulated by the Insurance Act and related regulations. An insurer will be required to submit a detailed description of its underwriting strategy to the BMA. The underwriting process may be conducted by the insurer or outsourced with the prior approval of the BMA. Although not expressly provided for in the statute, it is typical for the BMA to require a proportionately similar process for innovative insurers.
There are various classes and types of (re)insurers and insurance intermediaries regulated under the Insurance Act – all of which will attract different regulatory treatment by the BMA. However, the lines of insurance business are only statutorily divided between general business and long-term business. There is also a robust captive industry, which is regulated differently under the Insurance Act, as well as the innovative classes of insurance and insurance intermediaries who operate within the Insurtech Sandbox.
There are no legislative or regulatory provisions governing the design, provision or delivery of regulatory technology. Persons who use the technology may be caught by any one of Bermuda’s regulatory regimes, including those created under the DABA or the DAIA, if the business activity that they are conducting using the technology is itself a regulated activity.
Financial service providers in Bermuda will seek and expect contractual terms based on international market practice. The financial service provider using the technology will be expected to ensure the technology assists or permits them to comply, and does not prohibit them from complying, with the legal and regulatory obligations of the financial service provider.
Traditional financial service providers in Bermuda have benefited from the country’s early adoption of sector-specific legislation and regulation through the inevitable and rapid education of the workforce around the use of blockchain technology. All industry sectors have been involved in the consideration of the potential implementation of blockchain as a technological solution to existing infrastructure demands.
What has been clearly evident is the traditional financial sector’s willingness to co-operate with new entrepreneurial businesses that are offering novel ways to conduct traditional business using innovative technology, including blockchain. As an example, NAYMS is a Bermuda digital insurance marketplace that uses blockchain technology for the conduct of brokering insurance contracts and has secured some of the oldest names in the industry as participants. There are also numerous other projects involving both the public and private sector that have secured funding and gained traction in developing blockchain solutions, often involving professional service companies (eg, law firms) to assist in building both the digital and regulatory infrastructure to ensure solutions are as legally sound as they are technically robust.
Notably, with regard to the Bermuda government and blockchain, the government has indicated its intention to launch a blockchain-based stimulus token for use in Bermuda’s retail market. As mentioned in 1.1 Evolution of the Fintech Market, such token is intended to be a Bermuda dollar-backed stablecoin and employ technology developed by a DABA-regulated entity.
Demonstrating its role as an active, engaged and responsive regulator, the BMA (together with the Bermuda government) regularly consults with industry with a view to the continued improvement of the digital asset regulatory framework, including its effective administration and enforcement. The BMA and industry stakeholders continually review and monitor this framework (including the DABA and the DAIA) to ensure that it continues to meet or exceed applicable international standards – including with regard to regulation, compliance and transparency – and that it continues to be fit for purpose.
See 2.2 Regulatory Regime for how “digital assets” are defined and treated. The Digital Asset Regimes do not differentiate between the different types of digital assets that exist or can be created and are agnostic when it comes to the underlying technology. The Digital Asset Regimes seek to regulate the business and service activities surrounding digital assets in a manner that recognises the unique factors of the technology, rather than seeking to fit the different types of digital assets within existing legal and regulatory definitions.
Please refer to 2.2 Regulatory Regime and the broad definition of “digital assets” in the DABA and the DAIA and their application to issuers. The DAIA requires regulatory permission to conduct a digital asset issuance that is conducted for the purposes of raising funds for a specific project, whereas the DABA is a licensing regime focused on regulating digital asset issuances that have an ongoing business element to them and regulating digital asset issuances as a service.
Blockchain asset trading platforms that are offered to the public and operate as a “digital asset exchange” or a “digital asset derivative exchange provider” (each as defined under the DABA) are regulated under the DABA as “digital asset businesses” and must be licensed thereunder.
Peer-to-peer trading, when conducted in a proprietary manner, is not specifically regulated. However, the DABA includes a broad spectrum of activities that might appear to be proprietary trading but, owing to the way in which they are being conducted are deemed to be digital asset business activities, including the provision of intermediary services.
The BMA apply a broad interpretation to the list of digital asset business activities contained in 2.2 Regulatory Regime and legal advice should be sought on any proposed digital asset transactions or activities in or from within Bermuda. Even if the transaction is intended to be proprietary in nature, there can be nuances to an arrangement that could bring the transaction within the scope of the DABA.
Any fund that is captured within the definition of “investment fund” in the IFA, including funds that deal in digital assets, will be subject to regulation under the IFA. However, pursuant to the Digital Asset Business Exemption Order 2023, an investment fund that conducts a digital asset business activity and has appointed an investment manager who is licensed under the IBA or is authorised by a “recognised regulator” (as defined in the IBA) will be exempt from licensing under the DABA – as long as an annual notice is filed with the BMA. It should be noted that, even though the fund itself may be exempt, the investment manager, custodian or administrator may well be deemed to be conducting a digital asset business activity and require a DABA licence if they are based in Bermuda.
Refer to 2.2 Regulatory Regime and the broad definition of “digital assets” in the DABA and the DAIA. Virtual currencies that meet the definition of “digital assets” are treated the same as other blockchain-derived assets from a regulatory perspective.
See 8.5 Decentralised Finance (DeFi).
For the purposes of Bermuda law, NFTs would constitute digital assets (see 2.2 Regulatory Regime). As such, a platform that facilitates the trading of NFTs would be conducting the digital asset business of operating a digital asset exchange, which requires a DABA licence.
The Bermuda government has indicated its support to the BMA “in advancing open banking standards in Bermuda to provide better services to local consumers while enabling new digital banking services to be offered”.
An entity intending to conduct open banking activities in or from within Bermuda would be required to adhere to the licensing requirements and provisions of the Banks Amendment Act, as well as the provisions of the DABA where such business constitutes digital asset business activity. There is currently no express prohibition on open banking activity under the Bermuda legal regime.
To date, the concept of open banking has not been prevalent for banks operating from within Bermuda. With PIPA coming into effect on 1 January 2025 (see 2.10 Implications of Additional, Non-financial Services Regulations), Bermuda banks may be deterred from pursuing open banking concepts in the near future, owing to the increased scrutiny concerning the protection of personal information. However, it is anticipated that the consensual use of personal information in these optional and contractual relationships will prevail once the law has settled in and adequate protection has been implemented.
A specific body of law setting out the elements of fraud as it relates to the DAB Regime in Bermuda has not been developed. The general common law position would apply should this be considered by Bermuda courts.
From a regulatory perspective, the BMA focuses on safeguarding client assets by seeking to prevent or minimise the potential for fraud and misappropriation. There are multiple pieces of legislation, regulation and various codes of conduct that govern consumer protection in Bermuda. The DABA mandates the safeguarding of client assets and sets out the provisions for establishing formal customer complaints policies and procedures. The Digital Asset Business Custody Code of Practice supplements the provisions of the DABA and specifies the requirements of segregating client assets from those of the DABA licensee.
Among other matters, the BMA focuses on protecting customers and stakeholders, maintaining market integrity and fostering trust in Bermuda’s digital asset business sector. Although fraud is not a singular focus of the BMA’s regulatory regime, the Digital Asset Regimes have been curated to combat the risk of fraud. The BMA closely monitors the activities of regulated business for potential fraud and monitors all sectors (including, specifically, the digital asset sector) for other corrupt activities, such as:
Rosebank Centre
5th Floor
11 Bermudiana Road
Pembroke HM 08
Bermuda
+1 441 542 4525
steven.reesdavies@careyolsen.com www.careyolsen.com/locations/bermuda