BVI virtual asset service providers must comply with BVI AML regulations from 1 December 2022
Effective 1 December 2022, all BVI persons falling within the new definition of “virtual asset service providers” (VASPs) will be required to comply with BVI anti-money laundering, counter-terrorist financing, and anti-proliferation financing laws and regulations, namely:
- the Anti-money Laundering Regulations 2008 (as amended) (the AML Regulations); and
- the Anti-money Laundering and Terrorist Financing Code of Practice 2008 (as amended),
together the (BVI AML Regime).
Virtual asset projects or businesses with a BVI vehicle should seek legal advice on whether their BVI vehicle might be a VASP and, if so, prepare for compliance with the BVI AML Regime.
Although an individual could be a VASP, this alert focusses on entities.
Is this the new BVI VASP law?
No, these are changes to the BVI AML Regime which is designed to include VASPs. The primary BVI VASP legislation has not yet been published. The obligation on VASPs to comply with the BVI AML Regime from 1 December 2022 is separate to any obligations that may be contained in the BVI VASP legislation when it is published.
We will issue a separate client alert and client guide on the primary BVI VASP legislation, when it is published.
What has changed?
The Anti-money Laundering (Amendment) Regulations, 2022 (the Amending Regulations) were gazetted on 19 August 2022.
The Anti-money Laundering and Terrorist Financing (Amendment) Code of Practice, 2022 was gazetted on 29 August 2022 (the Amended Code of Practice).
While most of the provisions of the Amending Regulations and the Amended Code of Practice are now in force and effective, those that relate to VASPs will not come into force until 1 December 2022. On and from this date, providing a virtual asset service will be considered “relevant business” under the AML Regulations. VASPs will be treated as “relevant persons” and will therefore need to comply with the BVI AML Regime from 1 December 2022. At a very high level these obligations include requirements to:
- Appoint a money laundering reporting officer (MLRO) – see our client guide for more details on the MLRO’s role and its responsibilities
- Establish and maintain policies and procedures and internal controls for customer identification (ie collecting and verifying customer due diligence and conducting politically exposed persons, fraud, adverse media, and sanctions screening), record keeping and internal reporting, which are appropriate for the purposes of detecting and preventing money laundering, terrorist financing, and proliferation financing – this includes reporting suspicious transactions
- Make staff aware of, and provide training on, the various policies, procedures, and internal controls
- Comply with the new “travel rule” in relation to transfers of virtual assets. The travel rule requires originating and beneficiary VASPs to obtain, verify, and maintain complete information on the originator and beneficiary of each transfer of virtual assets, before the transaction is executed, or accepted. Intermediary VASPs have separate obligations related to ensuring all such information is complete and to detect missing or incomplete information. VASPs holding both sides of the transfer must determine whether a suspicious activity report should be filed and, if required, make the filing. Originating and beneficiary VASPs can deem verification of such information if:
- it is to or from an account maintained by the VASP and the VASP has verified the identity of the account holder; or
- it is not to or from an account maintained by the VASP, does not exceed US$1,000 in value, does not form part of several operations that appear to be linked and together exceed US$1,000, and the relevant VASP does not otherwise suspect money laundering, terrorist financing, proliferation financing, or other financial crime.
Under the Amended Code of Practice, the requirement for a VASP to collect customer due diligence is subject to a US$1,000 base for one-off transactions.
One important change that applies to all persons that are required to comply with the AML Regulations is that the fine for a breach of any provision of the AML Regulations (and a breach is a criminal offence) on any type of conviction (indictment or summary) is now up to US$150,000. Previously, that amount was the maximum penalty for a conviction on indictment only, but may now also be imposed on a summary conviction.
The comments above only deal with the changes that are relevant to VASPs and both the Amending Regulations and Amended Code of Practice contain other significant changes to the BVI AML Regime, in general, which will be the subject of separate client guides.
Why are these changes being made?
These changes are being made as the BVI is geared towards implementing Recommendation 15 (New Technologies) of the Financial Action Task Force’s (FATF) recommendations on international standards on combating money laundering and the financing of terrorism and proliferation. The changes are also guided by the FATF’s guidance for a risk-based approach to virtual assets and virtual asset service providers (the FATF Guidance).
What is a VASP?
The Amending Regulations’ definitions of a virtual asset, virtual asset service, and VASP are largely derived from the FATF glossary.
Under the Amending Regulations:
- A “virtual asset” means a digital representation of value that can be digitally traded or transferred, and can be used for payment or investment purposes, but does not include: (a) digital representations of fiat currencies and other assets or matters specified by enactment or guidelines; or (b) a digital record of a credit against a financial institution of fiat currency, securities, or other financial assets that can be transferred digitally.
- A “virtual asset service” means the business of engaging, on behalf of another person, in any VASP activity or operation (as outlined in the definition of “VASP”), and includes: (a) hosting wallets or maintaining custody or control over another person’s virtual asset, wallet, or private key; (b) providing financial services relating to the issuance, offer or sale of a virtual asset; (c) providing kiosks (such as automatic teller machines, bitcoin teller machines, or vending machines) for the purpose of facilitating virtual assets activities through electronic terminals to enable the owner or operator of the kiosk to actively facilitate the exchange of virtual assets for fiat currency or other virtual assets; or (d) engaging in any other activity that, by enactment or guidelines, constitutes the carrying on of the business of providing virtual asset service or issuing virtual assets or being involved in virtual asset activity.
- A “VASP” means a virtual asset service provider who provides, as a business, one or more of the following activities or operations for or on behalf of another person: (a) exchange between virtual assets and fiat currencies; (b) exchange between one or more forms of virtual assets; (c) transfer of virtual assets, where the transfer relates to conducting a transaction on behalf of another person that moves a virtual asset from one virtual asset address or account to another; (d) safekeeping or administration of virtual assets or instruments enabling control over virtual assets; (e) participation in, and provision of, financial services related to an issuer’s offer or sale of a virtual asset; (f) perform such other activity or operation as may be specified by enactment.
The approach taken by the BVI here is very similar to that taken by other international financial centres, such as the Cayman Islands. Although there are some differences in the wording of the definitions in the FATF Guidance, in practice they are essentially the same.
Do I meet the definition of a VASP?
Any analysis like this will always be fact specific.
However, our general view is that entities in the business of doing one or more of the following are more likely than not to be considered VASPs:
- Virtual asset exchanges (with or without any fiat on-ramp and off-ramp) – this may include NFT marketplaces and decentralised exchange/swap services if transaction fees are charged
- Virtual asset payment or transfer services, particularly if there are any fiat on-ramps and off-ramps
- Selling virtual assets on behalf of another person or entity
- Virtual asset custody, including hosted wallets (ie the customer does not have access to the private key)
- Market making or providing liquidity or other financial services in connection with token issuances, exchange listings or auctions
- Operating token sale “launchpads”
- Operating staking pools and liquidity pools for profit where there is control of third party virtual assets (ie as opposed to non-custodial staking)
Our general view is that entities that are only conducting token issuances on their own behalf, ie proprietary trading, are unlikely to be VASPs.
What do I need to do now?
If you are located in the BVI or operating a BVI entity in the virtual asset space, we recommend that you seek advice from BVI legal counsel with demonstrable expertise and experience in the virtual assets sector to determine whether you are operating as a VASP well before 1 December 2022.
If you think you are likely to be a VASP, you should start preparing now to be compliant with the BVI AML Regime.
For more information, please contact the authors, your usual Harneys contact, or send a query to our dedicated virtual assets team at BVIVASPQueries@harneys.com.
Is your BVI entity a VASP?
Our free initial assessment tool makes it easy to determine if your entity is or might be a VASP under the BVI AML and VASP regime.