The Cayman Islands’ position as a hub for the establishment
of FinTech structures has been enhanced by the introduction in 2021
of the Virtual Asset (Service Providers) Act (VASP Act) as amended,
which provides invaluable regulatory oversight for innovative
virtual asset business. This article will explore the key features
of the VASP legislation and the registration and licencing
regime.
The Cayman Islands has proven to be a popular jurisdiction for
establishing a range of digital asset structures, including crypto
investment funds, ICOs, exchanges, and entities established in
connection with decentralised autonomous organisations (DAOs).
Cayman’s VASP regulatory framework is based on internationally
recognised standards for virtual asset service providers. Virtual
asset service providers include companies, limited liability and
foreign companies, and general, limited, and exempted limited
partnerships, formed and, where required, registered or licenced
under the VASP Act when such an entity provides virtual asset
services as a business in or from within the Cayman Islands.
What Is A ‘Virtual Asset’?
Broadly, the VASP Act defines ‘virtual assets’ as
digital representations of value that can be digitally traded or
transferred, and can be used for payment or investment purposes. It
requires the licencing and/or registration of various entities
engaging in virtual asset services with the Cayman Islands Monetary
Authority (CIMA). Under Cayman’s VASP, “virtual asset
services” include:
- Offering an exchange between virtual assets and fiat
currencies, or between one or more forms of convertible virtual
assets. - The transfer of virtual assets.
- Virtual asset custody services.
- The participation in, and provision of, financial services
related to a virtual asset issuance or the sale of a virtual
asset.
VASPs may also apply for a sandbox licence (based on the
innovative technology or innovative methods of delivery, or on the
supervisory needs of the sandbox licenced entity) in order to carry
on business as a virtual asset service provider. Under the VASP
Act, a sandbox licence is a temporary licence of up to one year
that CIMA may direct a VASP to apply for, where:
- The service being provided represents an innovative use of
technology or uses an innovative method of delivery such that
additional supervision and oversight is required. - It is in the best interests of the public, regulated persons or
financial markets, that the service be temporarily restricted or
subject to specific requirements. - The service promotes technology or a method of delivery that
may create a systemic risk to financial markets or the
jurisdiction. - The service poses a money laundering, terrorist financing or
proliferation financing risk that existing AML rules don’t
properly mitigate.
Virtual Asset Service Licences
A VASP must hold a virtual asset service licence (VASL) in order
to provide virtual asset custodial services, or operate a virtual
asset trading platform, or if it currently provides or operates any
of these services. In determining VASL applications, CIMA will
consider whether:
- An approval is against the public interest.
- The applicant has adequate personnel with the necessary skills,
knowledge and experience, facilities, books, records and accounting
systems, and capital and cybersecurity measures with regard to its
size, scope and complexity of business. - The applicant has complied with other requirements under the
VASP Act upon CIMA’s request.
Where a licence is not required, VASPs must register under the
VASP Act in order to carry on virtual asset services. Once
registered, VASPs may only issue virtual assets directly to members
of the public within a prescribed threshold, and must submit an
issuance request to CIMA in order to obtain its prior approval.
CIMA determines such requests in accordance with certain
considerations, including the nature, function and purpose of the
virtual asset and its likely effect on CIMA’s functions as they
relate to anti-money laundering, the financial services market, and
the public generally. A registered VASP may also engage a virtual
asset trading platform licenced under the VASP Act in order to
issue newly created virtual assets over the prescribed threshold,
but must obtain CIMA’s prior approval. Where a virtual asset
issuance involves the transfer or exchange of other virtual assets
or fiat currency, the VASP must maintain appropriate records for
each transaction involving the public and make these available for
CIMA’s inspection.
CIMA requires evidence of the organisational structure of a VASP
to include:
- A comprehensive full group companies structure chart, including
the ultimate beneficial owners. - Details of regulated status of entities within the group, the
relevant regulated services and jurisdictions. - Details of services provided by any related entity to the
VASP.
VASPs seeking to register with CIMA must comply with the Cayman
Islands money laundering, countering the financing of terrorism,
countering proliferation financing and sanctions regimes. This
includes appointing natural persons to act as the VASP’s
anti-money laundering compliance officer, money laundering
reporting officer, and deputy money laundering reporting
officer.
The registration application submitted to CIMA must be supported
with the following information:
- List of the applicant’s blockchain addresses (per
coin). - Details of all shareholders with more than 10 per cent
shareholding together with a completed CIMA personal
questionnaire. - Information on Chief Information Officer/Chief Information
Security Officer, including CV. - Copies of cybersecurity policies (follow CIMA’s guidance on
cybersecurity). - Copies of AML/CFT policies (in line with the AML Regulations
and Guidance Notes). - Comprehensive Business Plan.
- Transaction flow charts.
- Details of outsourced arrangements and related agreements.
VASP Business Plan
A comprehensive business plan should clearly outline the
following, at a minimum:
- A description of the business being undertaken or to be
conducted. - Products and services being offered or to be offered in the
future and details on the process of how those services are being
offered. - Standalone financial statements covering two years and
financial projections. - Physical location of operations.
- Customer base (eg number of customers,
geography/jurisdiction). - Delivery channels and marketing plan/strategy.
- Corporate governance eg composition of board of directors,
senior management, and any committees. - Staff complement and organisational chart showing reporting
lines. - Information about contracts with affiliates and outsourcing
arrangements, where applicable, and details on whether they are
regulated in any jurisdictions.
All applications must be submitted with an assessment fee and a
registration fee based on expected annual turnover, and an
assessment by CIMA of the nature, scope and complexity of the
applicant’s business.
Travel Rule
Financial Action Task Force (FATF) Recommendation 16 prescribes
that originating VASPs must obtain and hold required and accurate
originator information and required beneficiary information on
virtual asset transfers. These requirements apply to VASPs whenever
their transactions (in fiat currency or virtual assets)
involve:
- A traditional wire transfer.
- A virtual asset transfer between a VASP and another obliged
entity. - A virtual asset transfer between a VASP and a non-obliged
entity.
The application of the FATF’s wire transfer requirements in
the virtual asset context is known as the ‘Travel
Rule’.
The AML Regulations contain definitions and provisions
pertaining to the identification, verification, production,
record-keeping, and other relevant obligations relating to virtual
assets, including the Travel Rule requirements for VASPs.
All VASPs registered or in the process of registering with CIMA
were required to advise how they will comply with the Travel Rule
related provisions as outlined in the AML Regulations, by
submitting details of their compliance arrangements, including the
relevant policies and procedures and the use of resources
(including technological tools), to CIMA.
All new applicants for VASP registrations/licences are required
to indicate in their applications how they will comply with the
Travel Rule related provisions as part of their compliance
arrangements. This information should be included as an attachment
when submitting their policies pertaining to anti-money laundering
and counter terrorist financing as part of CIMA’s application
process.
The Benefits of VASP Laws
While VASP legislation is still at a relatively early stage of
its implementation, it is expected in the long run to result in the
Cayman Islands being well-placed to provide a gold standard
regulatory framework to support the establishment of entities which
undertake FinTech-related services and activities.
This article originally appeared in IFC Review.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
#Virtual #Asset #Services #Provider #Legislation #Fin #Tech
