Crypto regulation in Gibraltar
Gibraltar is an example of a jurisdiction that has introduced rules aimed at attracting blockchain and crypto companies. Gibraltar’s approach was named “progressive”, and as a result the country became the preferred jurisdiction for many cryptocurrency companies.
DLT Regulatory Framework
Gibraltar developed particular legislation known as the DLT (Distributed Ledger Technology) regulatory framework, which came into force on 1 January 2018 and applies to firms operating DLT, that is, which is not subject to regulation under any other legal framework, which uses distributed register technology (DLT) to transfer or store valuables belonging to other persons. Types of activities that require a DLT license include the operation of a crypto exchange, crypto purse service providers and asset storage service providers, cryptocurrency purse providers and DLT-based trading platforms, that facilitate the purchase and sale of goods and services. Firms and activities subject to a different regulatory framework shall continue to be regulated under this structure. Distributors, including cryptocurrency exchanges and depositories, must be authorized and licensed by the Gibraltar Financial Services Commission (GFSC) as DLT suppliers.
The Gibraltar regulator’s approach to the DLT requires DLT suppliers to follow the nine principles developed to ensure that the desired regulatory outcomes are achieved, including investor protection. The nine main requirements of the Gibraltar Regulator are as follows:
- Fair and faithful conduct of business – GFSC must ensure that the applicant and the people associated with the applicant are suitable for the performance of relevant DLT activities. The main elements established by the GFSC are (i) integrity; (ii) skills, competence, diligence and experience; and (iii) financial standing;
- Give due consideration to the interests and needs of customers and communicate with their customers in an honest, clear and non-misleading manner. The DLT provider should, among other things, make every effort to reduce the risks associated with the use of DLT and apply best practices in the conduct of its business;
- Maintaining sufficient financial and non-financial resources – DLT Provider must ensure that it has sufficient financial resources and capital levels, which should be controlled and sufficient to support business objectives;
- Effectively manage, control and conduct business with due diligence, including appropriate risk management for their business and clients, which includes the adoption of appropriate forward-looking risk management techniques;
- Have effective mechanisms to protect client assets and money when it is responsible for them – DLT suppliers are expected to take the necessary precautions to protect customers’ assets, and the stored assets will need to be separated from the DLT vendor’s own assets;
- Effective corporate governance mechanisms are in place – DLT suppliers must implement strict corporate governance procedures that include (a) the board structure of directors, including the composition to ensure a good balance and a combination of skills and experience to complement the business; (b) adequate application of the principle of «four eyes» (separation of different functions, cross-checking, double signatures, dual control of assets etc.) and (c) Application of reason and direction from Gibraltar;
- Ensure that all secure access systems and protocols are maintained to high standards;
- Financial Crime Prevention – DLT providers should have systems in place to prevent, detect and disclose financial crime risks such as money laundering and countering terrorist financing (AML/CFT). DLT providers should adopt and implement adequate preventive measures against money laundering and terrorist financing that are commensurate with their risks, and DLT providers should also report suspicious transactions where applicable; and also
- Be sustainable and develop contingency plans for orderly and solvent liquidation of their business.
These requirements and conditions will also apply to the licensing of cryptocurrency exchanges, which trade only virtual assets. The advantage is that there are no restrictions on the provision of services only to professional investors.
According to PwC, Gibraltar ranks third in terms of cryptocurrency hedge fund managers (after the United States and the United Kingdom, and Hong Kong fourth). Gibraltar is also the fourth most popular home for crypto hedge funds. A positive development was the establishment of the Gibraltar New Technologies Association (GANT), which included leading Gibraltarian law firms, accountants and technology companies. GANT has the task not only to accelerate the development of blockchain and DLT, but also to increase the prestige of «new technologies».
In 2018, Gibraltar’s Proceeds of Crime Act 2015 was amended to extend the obligations under POC/FT to businesses that earn income from any form of sale of tokenized digital assets, whether on its own behalf or on behalf of another person. Licensed DLT suppliers are also required to comply with the Proceeds of Crime Act and relevant instructions issued by the Gibraltar Financial Services Commission.
The EU Fifth Anti-Money Laundering Directive (5AMLD) applies to Gibraltar and has been transposed to Gibraltar’s laws under the provisions of the Proceeds of Crime Act 2015 (Amendment) 2020. 5AMLD has included service providers who exchange between virtual currencies and fiat currencies, as well as custodial purse providers in AML / CTF Regulation. In 2017, however, Gibraltar had already regulated that activity. Under the laws of Gibraltar, anyone who uses DLT to store or transfer property belonging to another person is already subject to the Fourth Anti-Money Laundering Directive. Gibraltar did not include the 5AMLD provisions for cryptocurrency service providers and cryptocurrency wallet providers, as these service providers already have obligations under the GPO and FT as DLT providers.
DLT rules do not specifically regulate ICOs, although they may fall under existing securities regulations. Gibraltar issued proposals to regulate the ICO in March 2018. The proposed rules would cover the promotion and sale of crypto tokens, secondary market platforms and token-related investment services and would regulate some crypto-related activities, carried out in or outside Gibraltar. The proposed regime would cover virtual assets that went beyond the DLT and Gibraltar’s financial services and securities laws.
It is important to note that the GFSC has stated that they do not want and do not see for themselves as a regulator the ability to prescribe what looks «good» when selling tokens. The GFSC would rather allow the market of authorized sponsors to offer different options on how a good ICO looks.
In Hong Kong, there are no plans for individual regulation. Instead, regulators have adopted a pragmatic approach whereby the SFC determines the regulatory status of the ICO on a case-by-case basis, depending on whether it has the features of a traditional security. If tokens are considered «securities», any party dealing with or advising on tokens must have a license or registration with the SFC. This is, of course, a clear discrepancy with the regulatory position in mainland China, but it is far from as progressive and active as the efforts in Gibraltar, where Hong Kong is the center of regulatory approaches.
Activities to be regulated under the proposals (if conducted in or from Gibraltar) include:
- Promotion, sale and distribution of tokens;
- Secondary market trading platforms; and
- Provision of token-related investment and related services.
The proposals will also introduce a requirement for an «authorized sponsor» of all publicly proposed ICOs and will regulate the behavior and impose obligations on authorized sponsors, secondary market operators of tokens.
However, the proposals will not regulate the token issuers or promoters, nor the tokens or technologies underlying them. Instead, regulation will be carried out by requiring authorized sponsors, crypto exchanges and service providers to comply with the new rules.
The purpose of the proposed management regime would be to reduce the risks associated with the activity. In the case of token-based crowdfunding, this will require full and accurate disclosure, while secondary market platforms will be subject to rules that ensure orderly and appropriate behavior. Competence requirements will apply to suppliers of investment services. The GFSC would be the appropriate regulatory body for POD/FT, and the provisions of the DLT rules would apply to firms subject to the new token rules.
Promotion, sale and distribution of tokens
The first part of the proposed rules would govern promotion in the primary market, The sale and distribution of tokens that are not securities (which are already subject to existing securities legislation, as in the case of Hong Kong)direct gifts or donations using the rules. covers the activities
- which imply or imply that they are made of Gibraltar;
- are intended to attract the attention or access of any person in Gibraltar;
- are conducted by foreign subsidiaries of Gibraltar-registered entities (in such cases the person of Gibraltar will be liable); or
- Carried out by foreign agents and trustees acting on behalf of Gibraltar-registered entities or on behalf of natural persons, habitually resident in Gibraltar (in such cases the person of Gibraltar shall be liable).
Under the proposals, these tokens are commonly referred to as service or access tokens, which offer commercial products or services (which may not exist at the time the tokens are sold). Tokens that function solely as a decentralized virtual currency (such as bitcoin) or as a digital currency, issued by the central bank (CBDC) will be excluded from this part of the rules. However, hybrid tokens (which have a basic economic function that is both virtual currency and also something else) will be caught.
Unless further details are included in the proposed legislation or guide, the current proposals provide little clarity on which tokens will be subject to the new legislation and existing securities laws, which will remain unregulated. In that way, regulation of the ICO proposals will still require an analysis of the nature of the rights attached to tokens and their intended use. From a European perspective, the closest equivalent of the American concept of security is probably the unit in the collective investment scheme. There is currently no guidance on how this concept applies to ICOs. It is unclear from Gibraltar’s proposals whether they will cover all «service tokens» regardless of whether they can be traded on the secondary market.
The proposed rules for the promotion, sale and distribution of tokens would require adequate, accurate and balanced disclosure so that anyone considering buying tokens in the primary market could make an informed decision. The rules may prescribe that, at a minimum, the disclosure is appropriate and in what form the disclosure is made (for example, in a key fact document of no more than 2 pages). Gibraltar’s FSC may from time to time publish instructions on disclosure rules.
Financial crimes regulation
Businesses that receive any form of token income into their own account or from another person have been included in the Proceeds of Crime Act 2015 (POCA) Amendment, which came into force in March 2018. Thus, issuers are already legally required to perform AML and CTF checks on token buyers.
The proposed rules would establish a regime for the authorization and supervision of token sponsors (authorized sponsors) who would be responsible for ensuring compliance with this part of the rules. An authorized sponsor must be appointed for each public offering of tokens promoted, sold or distributed in Gibraltar or from Gibraltar. Authorized sponsors may be appointed as promoters of Gibraltar or promoters of the proposal, wherever they may be.
Authorized sponsors would need to have the knowledge and experience of the ICO as well as the intelligence and administration of Gibraltar. They will be allowed to delegate some of their work to others, including offshore parties, but will remain directly responsible to the GFSC for the actions of their delegates.
Under the proposed regime, authorized sponsors would have to have one or more sets of rules for the proposals they sponsor. Authorized sponsors are considered to be best placed to identify best practices for the proposals they sponsor and are free to apply different codes to different categories of tokens and offers. Codes of practice may cover issues such as the application and distribution of sales proceeds.
The Code of Practice should be included in the authorized sponsors’ agreements with their ICO clients. The submission of codes of practice will be part of the application process for an authorized sponsorship license. Preliminary report of changes in codes of practice is required and it will be treated in the same way as other important changes in business.
It is proposed that the rules define the principles governing the contents of the rules. Authorized sponsors would have the right, subject to approval, to establish their own methodologies for implementing the principles.
Authorized sponsors’ registers, codes of practice, sponsors’ clients and tokens
GFSC will establish and maintain a public register of authorized sponsors and their codes of conduct (past and present).
The GFSC will add to the public registry the following information on public offers provided by authorized sponsors of public proposals in which they participate:
- the client(s) for which they operate;
- tokens included in the proposal;
- code of practice applicable to the proposal; and
- any interest that they and their associates have in the proposed tokens.
New controlled activity and offense
A new supervised activity by an authorized sponsor is proposed, and advertising, The sale or distribution of tokens in or from Gibraltar without complying with the following requirements shall be considered an offense:
- Requirement for an authorized sponsor;
- Requirement for a current record in the public registry;
- Certain disclosure obligations; and
- Relevant POCA provisions, where applicable.
The promotion, sale and distribution of the public offering of tokens can be done only once while the offer is in the registry.
Secondary market activity
Proposals include the regulation of secondary market platforms operating in or outside Gibraltar that are used for token trading and, to the extent not covered by other regulations, their derivatives. The rules seek to ensure that these markets operate in a fair, transparent and efficient manner and that organized trade takes place only on regulated platforms.
The proposed rules will set out requirements for:
- Public disclosure of trade activities;
- GFSC transaction disclosure; and
- Specific supervision of tokens and token derivatives positions.
These rules will cover the secondary market for trading all tokenized digital assets, including virtual currencies, and will, as far as possible, model the market platform in accordance with MiFID 2 and the Financial Instruments Markets and Amendment Regulations (MiFIR).
Authorized secondary token markets
Proposals include the addition of new controlled activities to operate the secondary market platform used for trading tokens and their derivatives. The GFSC will allow and control the operators of the secondary token market, as well as maintain a public registry of such operators.
Token investments and support services
The proposed legislation would include new supervised activities to provide investment and additional services related to tokens in or from Gibraltar and, to the extent not provided for in other regulations, their derivatives.
This part of the rules is intended to provide advice on investment in tokens, virtual currencies and digital currencies issued by the central bank, including:
- General recommendations (fairly and neutrally stating facts regarding investments and services in tokens);
- Product-related recommendations (selective and subjective presentation of the advantages and disadvantages of specific investments and services in tokens);
- and personal recommendation (based on the specific needs and circumstances of the individual investor).
At the moment, the main services of our company are legal and compliance solutions for FinTech projects. Our offices are located in Tallinn, Vilnius, and Warsaw. The legal team can assist with legal analysis, project structuring, and legal regulation.