Cayman Legal Update: Virtual Asset Service Provider Registration/Notification Requirements
With the coming into effect of the Virtual Asset (Service Providers) Act, 2020 (the “VASP Act”), the Cayman Islands Monetary Authority (“CIMA”) announced that the regulatory framework for the VASP Act would be implemented in two phases. Phase one focuses on anti-money laundering (“AML”) and countering the financing of terrorism (“CFT”) compliance, supervision and enforcement, and other key areas of risk. CIMA announced that under phase one, entities engaged in or wishing to engage in virtual asset services must be registered with CIMA under the VASP Act. Entities engaged in or wishing to engage in virtual asset services, already subject to CIMA’s supervision under another regulatory law, must notify (in the case of CIMA licensees) or register with CIMA (in the case of entities registered with CIMA e.g. under the Securities Investment Business Act) under the VASP Act. Phase two will include a licensing and virtual asset issuance approval process that will begin when the appropriate clauses and aspects of the VASP Act come into effect.
See the following links for further details of the regulatory regime in the Cayman Islands for token issuers, providers of custody services for digital assets, crypto exchanges, and other providers of virtual asset services.
Game changer- Introduction of the regulation of Virtual Assets in the Cayman Islands (Part I)
Game changer-Licensing requirements for Virtual Assets in the Cayman Islands (Part II)
Who are impacted by Phase 1 of the new VASP regime?
CIMA announced that phase one (registration or notification) targets three groups:
i. Entities wishing to perform virtual asset services for the first time (“New Market Entrants”);
ii. Entities providing virtual asset services prior to the commencement of the VASP Act (“Pre-Existing Service Providers”); and
iii. Existing CIMA licensees that provide or propose to provide virtual asset services (“Other Authorized Entities”).
With effect from 31 October 2020, all New Market Entrants, Pre-Existing Service Providers and Other Authorized Entities are required to complete the VASP Application Form via CIMA’s REEFS platform.
Registration or notification can be done through the VASP Application Form on CIMA’s Regulatory Enhanced Electronic Forms Submission (REEFS) online platform. As part of the registration or notification process, entities will also be required to complete an AML/CFT form (to set out, among other things, (i) client customer risk, (ii) distribution channels risk, and (iii) products and services risk) which will also be available on CIMA’s REEFS platform.
As part of the application to CIMA for registration under the VASP Act, CIMA will require, among other things, (i) details of anti-money laundering (AML) compliance policies and procedures as per Cayman Islands’ Anti-Money Laundering Regulations, (ii) details AML compliance officers appointed, (iii) details of the virtual asset services being provided by the entity, (iv) business plan, (v) cybersecurity policies and procedures as per Cayman Islands’ Regulations, (vi) details of how the services will be provided to the public, (vii) details of its risk identification and mitigation strategy.
When will Phase 2 of the new VASP regime be implemented?
Entities providing custody services in respect of virtual assets or operating virtual asset exchanges are presently required to register with CIMA, but the licensing regime (to which such service providers will be subject) is not yet in force. Phase 2 of the implementation of the regulatory framework for the VASP Act will begin later this year, in June 2021.
Entities must not now provide virtual asset services until their application for registration with CIMA has been approved or the requisite notification made. To do so will be in breach of the VASP Act and such entities may be subject to penalties and other enforcement measures from CIMA, in-cluding to cease and desist providing virtual asset services.
Our Blockchain Technology and Digital Assets team have already advised on the success-ful registration of a number of entities with CIMA including advising on (i) preparing anti-money laundering (AML) compliance policies and procedures manual, (ii) drafting cybersecurity policies and procedures, (iii) regulatory requirements of how the services will be provided to the public, and (iv) risk identification and mitigation strategies. We look forward to the opportunity to work with you to achieve a successful registration of your entity with CIMA.
For specific advice on the registration with CIMA under the VASP regime, please contact any of: