The fintech market has evolved quite significantly in the British Virgin Islands (BVI) in the past 12 months, with players operating in this space now able to benefit from the regulatory and legal certainty offered by the BVI Virtual Assets Service Providers Act 2022 (the “VASP Act”), which came into effect on 1 February 2023. The implementation of the VASP Act seeks to encourage innovation and technological development within the fintech space, while also ensuring the BVI’s continued compliance with international standards and adherence to specific recommendations from the Financial Action Task Force (FATF) in respect of virtual assets. This has helped the BVI secure its spot as a global hub for fintech development and the jurisdiction of choice for token generation.

The VASP Act bolsters steps previously taken by the BVI financial services industry in recent years to embrace digital innovation and to attract fintech and other Web3 and blockchain businesses to set up in the BVI. These steps include the launch of the regulatory sandbox for fintech businesses to conduct live-testing before they launch (discussed further in 2.5 Regulatory Sandbox) and the launch of Bank of Asia as one of the world’s first fully digital global banks.

The next 12 months are expected to involve further exploration of new BVI vehicles (such as Liability Autonomous Organisations (LAO) in an appropriate regulatory framework to accommodate developments in the blockchain and crypto industry. As technological innovations advance, international standards will also continue to evolve. In this regard, it is anticipated that international pressure on the BVI to adopt the OECD’s Crypto-Asset Reporting Framework requirements into domestic law will increase during the course of the next 12 months.

New entrants are driving the adoption of fintech business models in the BVI. The fintech business models currently predominate in the BVI include:

• lending and credit, with platforms offering alternative lending options, peer-to-peer lending and loan marketplaces;
• blockchain and cryptocurrency, with companies leveraging blockchain technology for various financial applications, including centralised and decentralised virtual asset exchange platforms; and
• digital payments, with companies providing digital payment solutions, including non-custodial multi-signature wallet solutions.

VASP Act

The VASP Act provides the framework for the licensing, regulation and supervision of VASPs providing virtual assets services in or from within the BVI.

The VASP Act defines a “VASP” as a Virtual Asset Service Provider who provides, as a business, a virtual assets service and is registered to conduct one or more of the following activities or operations for or on behalf of another person:

• exchange between virtual assets and fiat currencies;
• exchange between one or more forms of virtual assets;
• transfer of virtual assets, where the transfer relates to conducting a transaction on behalf of another person that moves a virtual asset from one virtual asset address or account to another;
• safekeeping or administration of virtual assets or instruments enabling control over virtual assets;
• participation in, and provision of, financial services related to an issuer’s offer or sale of a virtual asset; or
• performance of such other activity or operation as may be specified in the VASP Act or as may be prescribed by regulations.

A person engaged in any of the following activities or operations, for or on behalf of another person, will be deemed to be carrying on a virtual assets service:

• hosting wallets or maintaining custody or control over another person’s virtual asset, wallet or private key;
• providing financial services relating to the issuance, offer or sale of a virtual asset;
• providing kiosks (such as automatic teller machines, bitcoin teller machines, or vending machines) for the purpose of facilitating virtual assets activities through electronic terminals to enable the owner or operator of the kiosk to actively facilitate the exchange of virtual assets for fiat currency or other virtual assets; or
• engaging in any other activity that, under any guidelines that may be issued by the Financial Services Commission (FSC) under the Financial Services Act, constitutes the carrying on of the business of providing a virtual asset service or issuing virtual assets or being involved in virtual asset activity.

Whether an entity is carrying on a virtual assets service will turn on, among other things, whether the asset in question constitutes a “virtual asset”. For example, crypto-based derivative products would require more careful consideration and may be caught by the VASP Act and/or the Securities Investment Business Act (SIBA). Similarly, consideration should also be given to the list of excluded activities that would take a BVI company outside the scope of the VASP Act, such as solely creating or selling a software application or virtual asset platform.

SIBA

SIBA provides the framework for the licensing, regulation and supervision of investment business carried on in or from within the BVI. SIBA provides that no person shall carry on, or hold themself as carrying on, investment business of any kind in or from within the BVI unless they hold a licence authorising them to carry on that kind of investment business.

The term “investment business” is widely defined and covers:

• dealing in investments;
• arranging deals in investments;
• investment management;
• investment advice;
• custody of investments;
• administration of investments; and
• operating an investment exchange.

“Investments” is also widely defined and may include:

• shares, interests in a partnership, or fund interests;
• debentures;
• instruments giving entitlements to shares interests or debentures;
• certificates representing investments;
• options;
• futures;
• contracts for difference; and
• long-term insurance contracts.

If a person is registered under the VASP Act to provide a virtual assets service, that person will not be required to obtain a SIBA licence (or a licence under the Financing and Money Services Act (as amened) (FMSA)) to carry on that same activity (even if that activity would also otherwise be caught under SIBA or FMSA). However, a separate SIBA licence (in addition to VASP registration) would be required if a person also carries on investment business separate and distinct from its VASP activities.

Additionally, any pooling vehicle that is investing into the virtual asset space, or accepting virtual assets by way of subscription and then investing into more traditional asset classes, would be advised to seek BVI legal advice as to whether such activities would require registration as a fund under SIBA.

FMSA

FMSA provides the framework for the licensing, regulation and supervision of persons who carry on financing business and money services business in or from within the BVI. Licences issued under FMSA authorise a licensee to carry on a particular category or categories of financing or money services business, including money transmission services (Class A).

Although the consensus is that “money” and “currency” refer to fiat currencies rather than cryptocurrencies, the aforementioned specific exclusion in the VASP Act – whereby any person registered under the VASP Act to carry on only the business of providing a virtual assets service will be exempt from FMSA (and SIBA) – helps to provide certainty on this point to many virtual asset service providers (particularly those involved in the transfer of virtual assets from one account to another). However, care will need to be taken where a company is deemed to be carrying out any activities that fall outside the scope of the VASP Act, as the above-mentioned exemption would not apply in those circumstances.

A 2018 amendment to FMSA introduced a new licence class (Class F), which – once open to applications – will permit those licensees to carry on the business of international financing and lending in peer-to-peer fintech markets.

There are no restrictions in the BVI on the compensation models that industry participants are allowed to use to charge customers, whether directly or indirectly. Some common examples include transaction fee-based compensation and subscription fee-based compensation.

Care must be taken if a BVI company is proposing to adopt a compensation model based on licensing fees. If the BVI company is licensing its rights to any IP assets and receiving a licensing fee, it may be caught by the BVI economic substance regime (and will be required to demonstrate substance in the BVI accordingly).

Although legacy players and fintech industry participants alike are subject to regulatory oversight in the BVI aimed at protecting consumers and safeguarding financial stability, there are nuanced differences in the approach taken by the FSC ‒ and, indeed, by regulators around the world ‒ in regulating these industries, so as to accommodate the distinct characteristics and challenges associated with each sector. A more collaborative approach to regulation is evident under the VASP Act through, for example, the inclusion of the sandbox provisions. These demonstrate the FSC’s commitment to collaborating with fintech participants in order to foster technological innovations in a controlled environment and assess risks.

To the extent fintech industry participants undertake any activities akin to those of traditional financial institutions, they may be required to comply with the requirements of the traditional regulatory regime. Similarly, legacy players who adopt new fintech models and technologies could become subject to regulation under the crypto- and blockchain-focused VASP Act.

The BVI introduced the Financial Services (Regulatory Sandbox) Regulations 2020 (the “Sandbox Regulations”) to encourage technological innovation in the financial technology sector under a lighter-touch regulatory regime. The Sandbox Regulations were introduced to assist:

• start-ups that wish to provide new financial services solutions that involve a fintech business model that is not currently covered (whether explicitly or implicitly) under current BVI legislation;
• start-ups that wish to test innovative technology to deliver a licensable financial service; and
• entities already licensed by the FSC that wish to test an innovative technology as part of their already-approved financial service offering.

A person approved under the Sandbox Regulations as a sandbox participant prior to the VASP Act coming into force can notify the FSC in writing of their intention to provide innovative fintech in relation to virtual assets (with such notification being treated as an application for registration as a VASP).

Where a VASP that is not registered under the VASP Act or approved under the Sandbox Regulations wishes to carry on a virtual assets service and provide innovative fintech in accordance with the Sandbox Regulations, it may submit an application to the FSC in accordance with the Sandbox Regulations. It must be noted in the application that it intends to carry on the business of providing virtual asset services in relation to which the innovative fintech will be applied.

The FSC is established as the competent authority for the regulation and supervision of financial services conducted in or from within the BVI, including pursuant to the VASP Act and SIBA. The FSC plays a key role in ensuring compliance with local laws and regulations, as well as international standards for financial services.

The BVI International Tax Authority (ITA) is the competent authority with regard to all cross-border tax matters that currently affect, or have the potential to affect, the BVI. This includes overseeing compliance with the BVI’s rules and regulations on disclosure of beneficial ownership and maintenance of economic substance.

The BVI Financial Investigation Agency (FIA) is the competent authority for the prevention and detection of financial crime, including money laundering, terrorist financing and proliferation financing.

The Data Protection Act 2021 (DPA) established the office known as the Office of the Information Commissioner as the competent authority to monitor compliance with the DPA and investigate and enforce in respect of any violations thereunder.

Outsourcing of functions by entities licensed by the FSC is governed by the terms of the Regulatory Code. The Regulatory Code recognises that outsourcing has clear benefits ‒ for example, enabling a licensee to have a function undertaken more efficiently or to utilise resources not available in-house. However, the Regulatory Code also recognises that there are dangers, as outsourcing has the potential to transfer risk, management and compliance to third parties who may not be regulated and may be established in (and operating from) another jurisdiction.

The definition of an outsourcing arrangement under the Regulatory Code is broad and captures all activities that a licensee would otherwise normally carry out itself, not just those activities that are regulated. A licensee is not permitted to outsource its compliance function, a core management function or any activity that ‒ if outsourced ‒ would impair the FSC’s ability to supervise the licensee or affect the rights of a customer against the licensee.

If a licensee does intend to outsource any function, it must have in place a comprehensive outsourcing policy with regard to the activities to be outsourced, and must establish and maintain appropriate and adequate systems and controls to manage its outsourcing risk. The licensee must also conduct due diligence on any potential vendor, so it can assess the vendor’s capacity and ability to undertake the outsourced activities and the risks associated with outsourcing the proposed activities to the vendor.

Any outsourcing arrangement with a suitable vendor must be governed by a written contract with that vendor, clearly specifying all material aspects of the outsourcing arrangement and providing the licensee (and, if relevant, its auditor and actuary) with access to all documents and information relevant to the outsourced activity.

The extent to which fintech providers accept responsibility for the activities on their platform will vary, depending on their business model, their regulatory status, and the specific terms of service and acceptable use policies they have in place. However, all fintech providers ‒ to varying degrees – will be deemed “gatekeepers” of the products and services offered through their platform.

All fintech providers incorporated in the BVI are required to put in place appropriate risk-based mechanisms, policies and procedures to assess applicants for business, customers, and business relationships in order to determine whether they are under any sanctions imposed by the United Nations Security Council or the UK and extended to the BVI as sanctions orders.

Fintech providers who are regulated by the FSC (whether under the VASP Act, SIBA, FMSA or otherwise) will play an important role in gatekeeping access to the products and services offered on their platform ‒ principally, through the implementation of effective policies and procedures for managing money laundering, terrorist financing and proliferation financing risks, as required under the BVI AML regulatory framework. This framework primarily comprises the Proceeds of Criminal Conduct Act 1997 (as amended), the Anti-Money Laundering Regulations 2008 (as amended) (the “AML Regs”), and the Anti-Money Laundering and Terrorist Financing Code of Practice 2008 (as amended).

The VASP Act is still in its infancy and, as such, the FSC has not – to date – taken any enforcement action thereunder. The VASP Act does, however, furnish the FSC with wide enforcement powers, including the power to:

• impose administrative penalties;
• appoint examiners or qualified persons to conduct investigations;
• issue directives imposing a prohibition, restriction or limitation on the financial services business that may be undertaken; and
• remove the director or other persons (or withdraw its approval of such persons as fit and proper persons).

In more extreme cases, the FSC may revoke or suspend a licence or apply to the court under the BVI Insolvency Act 2003 for the appointment of a liquidator in respect of the licensee.

AML Regs

Amendments to the AML Regs, implemented by the Anti-Money Laundering (Amendment) Regulations 2022, brought the business of carrying on or providing virtual assets services when a transaction involves virtual assets valued at USD1,000 or more within the scope of the BVI AML regulatory regime. The FSC also issued a Virtual Assets Service Providers Guide to the Prevention of Money Laundering, Terrorist Financing and Proliferation Financing to provide VASPs with clarity on specific AML/CTF obligations, including the requirements for robust customer due diligence and enhanced customer due diligence procedures, proper record-keeping measures, frameworks to fulfil statutory reporting obligations, and monitoring and assessment of risks that are present in the use and exchange of virtual assets and in the operations of VASPs themselves.

DPA

The DPA is intended to safeguard personal data processed by public and private bodies in the BVI by balancing the need for the protection of personal data against the need to process personal data for legitimate means. The DPA also aims to promote transparency and accountability in the processing of such personal data.

Under the DPA, persons who process, have control over or authorise the processing of personal data can only process personal data (other than sensitive personal data) about a data subject without consent if the processing is necessary for:

• the performance of a contract to which the data subject is a party;
• entering into a contract at the request of a data subject;
• compliance with any legal obligation (other than an obligation imposed by contract);
• the protection of the vital interests of the data subject;
• the administration of justice; or
• the exercise of any functions conferred on a person by or under any law.

The circumstances under which sensitive personal data may be processed without the data subject’s consent are more limited.

In order to comply with the provisions of the DPA, data controllers will need to, among other steps:

• adopt suitable measures and policies that take into account the nature, scope, context and purposes of the use of personal data and the risk to individuals posed by the use of such information;
• ensure that all personal data it holds is accurate, up to date, adequate, relevant and proportionate to the purposes for which it is to be used (and is only kept as long as is necessary for its use); and
• implement safeguards to protect personal data against loss, misuse, modification, unauthorised or accidental access or disclosure, alteration or destruction.

Personal data cannot be transferred outside the BVI without proof of adequate data protection safeguards or consent from the data subject.

Cybersecurity

The Computer Misuse and Cybercrime Act 2014 (as amended) (CMCA) aims to address various offences related to unauthorised access to computer systems ‒ as well as unauthorised interception of, or interference with, data held on computer systems ‒ with a view to cause loss, gain or for any unlawful purpose.

Sanctions

The UK extends sanctions measures to the BVI in the form of new Overseas Territories Sanctions Orders. The sanctions orders provide for the legislative framework that enables the relevant authorities to take the necessary action to, among other things, freeze the funds/assets of designated persons and entities.

As a relevant person for the purposes of the AML Regs, VASP licensees must ensure that their compliance framework allows for effective ongoing client due diligence and transaction monitoring in order to allow for immediate sanctions screening. It is expected that VASPs should be able to screen their client base within 24 hours and identify any designated persons and take appropriate measures, including freezing assets/funds, prohibiting transactions and reporting to the competent authorities (the Governor’s Office, the FSC and the FIA) without delay.

The FSC may revoke a certificate of registration issued to a VASP under the VASP Act if it forms the opinion that the VASP has committed a breach of any sanctions orders.

Electronic Transactions, Transfers and Filings

The Electronic Transactions Act 2021, the Electronic Transfer of Funds Act 2021 and the Electronic Filing Act 2021 introduced, among other benefits, a statutory recognition of the validity of electronically created filed and retained electronic records and ‒ subject to certain criteria being met ‒ signatures applied to such records.

There are several stakeholders with an interest in the activities of fintech industry participants in the BVI ‒ some of whom are required by law to review those activities and others who will do so as a matter of industry best practice.

Auditors and Accounting Firms

The VASP Act requires that a VASP shall (unless exempt) have an auditor appointed at all times for the purposes of auditing its financial statements. The auditor of a VASP will be required to report immediately to the FSC any information relating to the affairs of the VASP that they have obtained in the course of acting as its auditor that, in their opinion, suggests that:

• the VASP is insolvent (or approaching insolvency);
• operating in a manner that may be detrimental to the interests of its clients;
• no longer compliant with the requirements of the VASP Act (or other financial services legislation);
• operating with significant weaknesses in its internal controls, which render it vulnerable to significant risks or exposures that have the potential to jeopardise its financial viability; or
• an offence has been or is being committed by the VASP in connection with its business.

Service Providers and Legal Advisers

Service providers that work with fintech providers, including independent directors, legal advisers, registered agents and authorised representatives, may review their activities to ensure alignment with contractual obligations, regulatory requirements and industry standards.

Industry Associations

Industry associations and working groups (including BVI Finance, the BVI’s financial services industry group, and the newly formed Virgin Islands Virtual Assets Association) play a key role in setting industry standards, promoting best practices and ensuring a collaborative approach between members, the BVI regulators and the BVI government to ensure the BVI maintains its competitive global advantage. 

Although it is possible for one legal entity to provide both regulated and unregulated products and services, in practice, the regulated products and services are often carried out through a separate entity from the entity established to provide the unregulated service and product offering. This is, in part, due to the additional layer of review and approval that the unregulated part of the business would be subjected to, in order to comply with the requirements of the licence/registration issued in respect of the regulated product and service offering.

See 2.10 Implications of Additional, Non-financial Services Regulations for discussion of the impact of sanctions rules impacting regulated and unregulated fintech companies.

The AML Regs are promulgated under the Proceeds of Criminal Conduct Act 1997 (as amended) and apply to relevant persons. The definition of “relevant person” was amended pursuant to the Anti-Money Laundering (Amendment) Regulations 2022 in order to include, with effect from 1 December 2022, the business of carrying on or providing virtual assets service when a transaction (or series of linked transactions) involves virtual assets valued at USD1,000 or more.

If it is determined that a fintech company is carrying on or providing virtual assets services, the fintech company will be required to comply with the BVI’s AML/CTF regime, which will include:

• adopting a manual of compliance procedures, which set out the identification, record-keeping, internal reporting and internal controls and communications procedures to be adopted by the fintech company for forestalling and preventing money laundering, terrorist financing and proliferation financing (the “Policies and Procedures”) and implement such Policies and Procedures;
• providing copies of the Policies and Procedures to the FSC or the FIA (as applicable);
• ensuring its employees are familiar with the Policies and Procedures and the provisions of the AML/CTF/proliferation financing legislative framework;
• obtaining evidence of identity, verifying evidence of identity and maintaining a record of the evidence obtained, transactions carried out and reports made to the FIA in respect of any applicant for business;
• maintaining a register of all reports made by the fintech company to the FIA and all inquiries relating to money laundering made to the fintech company by the FIA;
• appointing a money laundering officer and notify the FSC or the FIA (as applicable) within 14 days of such appointment; and
• providing training for employees to assist them in:
1. recognising and handling transactions for a person who is, or appears to be, engaged in money laundering; and
2. dealing with customers where such transactions have been reported to the FIA.

While automated investment platforms have gained in popularity and interest, the regulatory regime currently in place in the BVI does not expressly contemplate robo-advisers. To the extent that a BVI incorporated entity holds the algorithm or software that performs the function of a robo-adviser, it may be required to be registered or licensed under SIBA and will also need to consider any economic substance implications arising from holding the IP rights in and to such algorithms or software.

No BVI service providers appear to be introducing robo-advisers at this stage.

Under the BVI Regulatory Code (which all SIBA and VASP licensees are subject to), a licensee that deals with or for a customer must seek to provide best execution, unless there is a specific instruction in writing from the customer.

Best execution is defined as meaning:

• taking reasonable care to ascertain the best available price for the customer in the relevant market at the time for transactions of the kind and size concerned; and
• dealing at a price that is no less advantageous to the customer, unless the circumstances require the licenseeto do otherwise in the interests of the customer.

In applying best execution, a licensee must have regard to the best price, the likelihood of execution and settlement at that price, the costs of execution and the nature of the order. In addition, the licensee must leave out of account any charges disclosed to the client that the licensee or its agent would make.

There are no significant differences in the regulation of loans made by BVI entities to individuals, small business and others.

If a BVI company makes loans available to borrowers resident in the BVI, that company will be required to obtain a Class C financing business licence from the FSC under FMSA.

A BVI company carrying on the business of international financing and lending in the peer-to-peer fintech market (including peer-to-business and B2B markets) will, once Class F licences under FMSA become available for issuance, be required to obtain such a licence.

Any BVI company that makes an interest-bearing loan (for consideration) will, subject to certain exceptions, fall within scope of the BVI economic substance regime as carrying on finance and leasing business (and will be required to demonstrate substance in the BVI accordingly).

Underwriting business is not a regulated activity in the BVI. Underwriting activity typically takes place onshore and the FSC will require a lender engaging in it to be in compliance with the laws of the jurisdiction in which the underwriting is taking place.

The BVI’s legal and regulatory landscape does not distinguish between the sources of funds for loans.

Retail lending to BVI residents is primarily conducted by branches of a few major banks that are licensed under the Banks and Trust Companies Act (as amended) (BTCA) and do not hold a restricted banking licence.

Entities carrying on banking business (pursuant to the BTCA), financing business or money services business (pursuant to FMSA) or otherwise carrying on a relevant business (as such term is defined in the AML Regs) will be required to comply with the BVI’s AML/CTF/proliferation financing regime, which may include the requirement to verify source of funds of customers. These entities will also fall within scope of the BVI’s economic substance regime as carrying on banking business (and will be required to demonstrate substance in the BVI accordingly), subject to certain exceptions.

The syndication of loans involving BVI obligors is not uncommon. Typically, the syndication of loans takes place on a cross-border basis involving lenders and counterparties overseas, where documentation is usually subject to the laws of a foreign jurisdiction and is not otherwise directly captured under current BVI regulation.

PayTechs have emerged as a new subsection within the fintech industry. Although there are no restrictions on payment processors creating or implementing new payment rails, careful consideration will need to be given to any regulatory implications of doing so. By way of example, under FMSA, the transmission of fiat currency in any form, including electronic money, mobile money or payments of money) constitutes money services business and this can only be carried out upon being issued the relevant licence.

If a cross-border payment is made by way of a transfer of virtual assets from one wallet or account to another, with that transfer being effected by a BVI company for and on behalf of the payor and the payee, the BVI company may be required to be registered under the VASP Act to carry out this transfer service. Cross-border payments and remittances may fall within the scope of FMSA (as noted in 5.1 Payment Processors’ Use of Payment Rails).

BVI-based administrators are subject to regulation pursuant to SIBA. A mutual fund administrator licensed under SIBA is required to satisfy itself in terms of various criteria regarding the business and operation of a mutual fund and its service providers before it provides fund administration to such mutual fund.

Fund advisers typically engage fund administrators by way of service agreements to assist with compliance matters, such as:

• AML/CTF/proliferation financing requirements;
• implementing compliance and regulatory controls to support services; and
• the requirement at all times to exercise due care and diligence and to act in good faith in the performance of services under its agreement.

Even though the provisions of services agreements between fund administrators and fund advisers are typically negotiated contracts, fund administrators are subject to the Regulatory Code. This offers guidance as to the duties, requirements and standards to be complied with, as well as the procedures and sound principles to be observed by persons providing fund administration services.

Providing a facility, whether by electronic means or otherwise, for the orderly trading of investments or for the listing of investments for the purposes of trading is an activity that constitutes investment business for the purposes of SIBA.

Conducting an exchange between virtual assets and fiat currencies, or an exchange between one or more forms of virtual assets, for and on behalf of another person constitutes a virtual assets service for the purposes of the VASP Act. Any service provider considering this service will be required to be registered under the VASP Act accordingly.

Where an asset constitutes a “virtual asset” for the purposes of the VASP Act, any person carrying on a “virtual assets service” in respect of that virtual asset will be subject to regulation under the VASP Act. Where an asset falls within the scope of the definition of an “investment” for the purposes of SIBA, any person carrying on “investment business” in respect of that investment will be subject to regulation under SIBA.

Virtual asset exchanges are subject to enhanced regulatory oversight under the VASP Act. In addition to complying with the general requirements for a VASP, a virtual assets exchange must also be able to demonstrate the measures in place for the facilitation and protection of virtual assets trading on the virtual assets exchange, together with appropriate organisational, managerial and financial resources to ensure the proper operation of the virtual assets exchange and adequate measures to monitor and mitigate any risks related to the operation of the virtual assets exchange.

The standards by which each licensed entity chooses to list different products will be set and maintained by that licensed entity as part of their application for a licence. However, when approving and registering a VASP to operate a virtual assets exchange, the FSC may impose conditions relating to the listing of virtual assets (including issues relating to filing reports and providing net worth with regard thereto).

Licensees under SIBA must comply with certain dealing and managing rules, including order handling rules, in accordance with the Regulatory Code.

A BVI company may be required to be regulated under SIBA for arranging deals in investments if it provides a platform through which buyers and sellers of investments (as such term is defined in SIBA) are matched.

Unless the BVI entity has any control at any time over the assets traded via a peer-to-peer platform, it is likely that the activities will fall outside of the scope of the VASP Act.

A BVI entity will be required to obtain a Class F licence pursuant to FMSA (once available for issuance) if it is deemed to be carrying on the business of international financing and lending in the peer-to-peer fintech market.

See 3.3 Issues Relating to Best Execution of Customer Trades.

This is not applicable in the BVI.

See 9.2 Regulation of Unverified Information.

While no specific regulations currently exist for the creation and usage of high-frequency trading and algorithmic trading in the BVI, fintech participants engaging in such activities may fall within the scope of ‒ and be required to comply with ‒ the existing regulatory regime.

Pursuant to SIBA, buying, selling, subscribing for or underwriting investments as principal where the person holds themself out as engaging – as a market maker or dealer ‒ in the business of buying investments of the kind to which the transaction relates, with a view to selling them, will constitute an activity requiring a Category 1 licence (Dealing in Investments).

Market makers trading virtual assets (rather than traditional investments) in a principal capacity would be expected to fall outside the scope of the VASP Act, unless those market-making activities are provided for a third party, such as an exchange. This is on the basis that the VASP Act regulates only those VASPs providing virtual asset services as a business for and on behalf of others (and not players functioning in a principal capacity).

A thorough examination of agreements between these individuals and trading platforms or exchanges is essential to determine their classification in each case.

Funds engaged in trading activities on a proprietary basis will not be required to obtain a licence under SIBA or the VASP Act in relation to this specific activity. However, the fund would need to be regulated in accordance with the BVI fund legislative regime, and any investment advisor or investment manager carrying on investment business activities for and on behalf of the fund may require a licence to carry on these activities under SIBA or VASP (as applicable).

Dealers carrying on business for and on behalf of others will need to be registered as a VASP if they are dealing with virtual assets (or, under SIBA, if the assets in which they are dealing are deemed to be investments for the purposes of SIBA).

Programmers who develop and create trading algorithms and other electronic trading tools are not currently specifically regulated in the BVI. Indeed, the VASP Act explicitly excludes activities relating to the development and deployment of the underlying fintech technology from the scope of regulation.

There are currently no regulations governing DeFi protocols in the BVI. Subject to the VASP and SIBA licensing regimes, there is no general restriction on DeFi products being launched from the BVI. This is further supported by the generally accepted view that smart contracts are capable of satisfying the requirements for a binding contract and are enforceable by the courts (although there are no laws, regulations or BVI judicial decisions addressing the enforceability of smart contracts).

There is no requirement in the BVI for the registration of financial research platforms.

In line with internationally accepted standards for the prevention of market abuse and similar financial crimes, SIBA contains criminal offences for persons who make misleading statements relating to investment business, conduct insider trading or carry on market manipulation when in the BVI.

While there is no market abuse regime in place for virtual assets as yet, the Regulatory Code requires licensees to establish and maintain policies, systems and controls that promote high ethical and professional standards (with the dissemination of false or unverified information likely constituting a breach of such policies, systems and controls).

Furthermore, the CMCA criminalises unauthorised access to and use of computer materials, including offences relating to electronic defamation, forgery and fraud.

See 9.2 Regulation of Unverified Information.

There do not appear to be any specific and material insurtech underwriting initiatives or developments in the BVI.

The overarching goal of industry participants (including domestic or captive insurers, insurance managers, insurance intermediaries, insurance brokers and loss adjusters) and regulators as regards the BVI insurance industry is to ensure the safety, soundness and integrity of the insurance market.

The FSC supervises the insurance industry following the guidelines stipulated in the Insurance Act 2008, the Insurance Regulations 2009, and the Regulatory Code 2009. The legislation was written with consideration given to the Insurance Core Principles of the International Association of Insurance Supervisors, which is the international standard-setting body for insurance.

Regtech is not a regulated business in the BVI. Where provided in relation to virtual assets under the VASP Act, there are specific exclusions that regtech providers may benefit from.

Financial service providers in the BVI will seek and expect contractual terms based on international market practice . The key provisions generally relate to the protection of IP rights, personal data, and confidentiality.

The BVI already has a fully digital, global cross-border bank in operation. Although it is not anticipated that traditional players will be the drivers for the adoption of blockchain technology in the financial services industry, new players are expected to build on Bank of Asia’s movement towards digitalisation and adoption of innovative fintech solutions.

The VASP Act is the result of extensive industry consultation and collaboration, which focused on ensuring that the VASP Act does not stifle technological innovation, while also ensuring adherence to international standards and FATF recommendations.

Under the VASP Act, a virtual asset is defined as a digital representation of value that can be digitally traded or transferred and can be used for payment or investment purposes, but does not include digital representations of fiat currencies.

Accordingly, blockchain assets are likely to be treated as virtual assets under the VASP Act. Any entity providing a virtual assets service in respect of those blockchain assets will likely be required to be regulated as a VASP under the VASP Act.

The sole act of issuing virtual assets falls outside the scope of the VASP Act. However, in line with FATF guidance, persons who participate in – or provide related financial services to ‒ an issuer’s offer and/or sale of virtual assets through activities such as Initial Coin Offerings (including book building, underwriting, market making, and placement agent activity) will be caught by the VASP Act and will be required to apply for registration accordingly.

See 7.1 Permissible Trading Platforms.

There is no separate regulatory regime for funds that invest in blockchain assets and funds that invest in other more traditional asset classes. When a BVI entity pools investor funds for the purpose of collective investment, that entity will be required to be regulated as a BVI fund and will choose the investment fund product best suited to their business (whether a private fund, public fund, professional fund, incubator fund, approved fund or private investment fund).

The BVI incubator funds product appeals to the increasing number of pioneer managers who are looking to gain a track record before converting the incubator fund to a more sophisticated fund product. It works well for the growing fintech and crypto-asset fund type, as it minimises initial requirements in order to enable start-up cryptocurrency managers to come to market faster and more seamlessly.

Digital representations of value are expressly excluded from the definition of “virtual assets” under the VASP Act.

See 8.5 Decentralised Finance (DeFi).

The issuance of NFTs by a BVI company is an activity that falls outside the scope of the BVI regulatory regime. See 12.4 Regulation of “Issuers” of Blockchain Assets.

There is currently no express prohibition on open banking activity under the BVI legal regime, provided that the entity conducting any banking activities from within the BVI is regulated (as required) under the Banks and Trust Companies Act (as amended) or FMSA.

Bank of Asia, through the introduction of Application Programming Interface (API)-enabled architecture to its core banking functions, has positioned itself to be able to extend its service offerings through the open banking initiative.

To date, the concept of open banking has not been prevalent with banks operating in the BVI. However, it is anticipated that data privacy concerns will be alleviated by relying on the consensual nature of the open banking arrangements, which are created at the instigation and with the consent of the data subject.

Many of the elements of fraud as it relates to financial services in the BVI will be the same elements of fraud experienced in jurisdictions around the world, given the inherently decentralised nature of the technologies and the borderless nature of their application.

A specific body of law setting out the elements of fraud as it relates to the BVI financial services regime has not been developed. The general common law position would apply should this be considered by the BVI courts.

From a regulatory perspective, the FSC focuses on safeguarding client assets by seeking to prevent or minimise the potential for fraud and misappropriation.

In the fallout from the FTX collapse, regulators are keenly focused on the protection of client assets (including policies and procedures in place for the segregation and safeguarding of client assets, as well as minimum capital requirements). Data protection and data security vulnerabilities will also be a focus for regulators, given the capabilities of increasingly sophisticated hackers.