The policy standardises the approval process for VASP registration, licensing, or waivers under the Virtual Asset (Service Providers) Act (2022 Revision) (the VASP Act), focussing on:

• Consumer protection
• Transparency
• Strengthening the jurisdiction's global financial reputation

CIMA enforces the policy under the VASP Act, Monetary Authority Act (2020 Revision), and other applicable financial services legislation, regulation and guidance. Applicants must qualify as a registered, licensed, or waiver-approved party, with valid roles defined by law (eg, beneficial owner, senior officer).

The policy targets individuals and entities seeking to:

• Register under section 6 of the VASP Act
• Obtain licences under section 8 of the VASP Act (eg, custody services, trading platforms)
• Request waivers under section 16 of the VASP Act

Note worthy is that the sandbox licence applications are excluded and handled separately.

Applicants must also adhere to related laws covering anti-money launder, counter-terrorist financing, counter-proliferation financing and sanctions (AML/CFT/CPF), corporate governance, and cybersecurity.

In summary this involves:

• Preparation: Consider seeking independent legal opinion and optional pre-application meetings with CIMA.
• Submission: Complete official forms with business plans, ownership details, and compliance and technical policy and procedure documents.
• Review: CIMA may request additional information and any decisions on the filed application will typically be communicated to applicants in the days following the initial filing.
• Approval: Conditional or full approval is granted if criteria are met.
• Rejection: Incomplete or non-compliant applications may be rejected or returned for amendment and/or re-submission.

CIMA evaluates applications based on:

• Fitness and propriety: Integrity and competence of key personnel.
• Ownership and governance: Transparent structures and robust oversight.
• Business plan and resources: Viability and adequacy of capital, staff, and systems.
• Risk and compliance: Strong AML/CFT/CPF, cybersecurity, and business continuity frameworks.
• Operational standards: Effective record-keeping, outsourcing controls, and information technology governance.

Applications are reviewed weekly, with CIMA prioritising transparency and robust due diligence in its assessments.

This regulatory framework reinforces the Cayman Islands’ position as a leading hub for virtual asset services. Success of regulatory applications, and indeed VASP styled applications, hinges on thorough preparation and compliance with all applicable regulatory standards.

For further details, the Regulatory Policy can be found here.