Blockchain Regulatory Set Up In Gibraltar By Simon Pearson

Blockchain Regulatory Set Up In Gibraltar By Simon Pearson

On January 1, 2018, Gibraltar became the first jurisdiction in the world to deliver a framework that regulates Distributed Ledger Technology (DLT). This DLT Framework includes blockchain, cryptocurrencies based on this technology, exchanges, and all sorts of businesses that use one way or another DLT to power their services or products. Gibraltar’s nine principles-led approach facilitated thorough and swift engagement between businesses and regulators while also allowing flexibility for guidelines to evolve alongside the blockchain sector. The first company ever to be licensed was the Gibraltar Blockchain Exchange (GBX).

Working hand-in-hand with the Private Sector

The government of Gibraltar and financial regulators began talks about regulating this sector back in 2014. The idea underlying these talks was a “uniquely receptive and progressive attitude” and ended up with the creation of the Cryptocurrency Working Group. “When the government of Gibraltar decided that it wanted to regulate the blockchain industry in 2014, it started working closely with the private sector to identify what the most appropriate form of regulation should be. The aim was to create a principles-based regulatory framework that would be appropriate for blockchain and cryptocurrency businesses and also flexible enough to remain relevant as new technologies develop,” said experts Anthony Provasoli and Serhii Mokhniev.

This has resulted in a flexible principles based approach that acknowledges individual business models and the unique attributes of each Fintech business, whilst adhering to the Gibraltar’s government desired standards. Likewise, as pointed out by Manisha Patel from The Fintech Times, the legislation does not place restrictions on the advantages brought about by the blockchain technology, nor does it interfere with the decentralised concept on which this industry is founded. The aim of the legislation is to regulate DLT-related activities in order to create a safer environment for these firms to operate in, with a strong emphasis on consumer protection. “The main focus is on integrity, corporate governance, risk management, protection of client assets and IT security. The firms that embrace this and are able to satisfy the regulatory requirements are likely to enjoy a competitive advantage in this fast moving industry,” the expert said.

In October 2016, Sian Jones joined the Government of Gibraltar’s DLT working group with the Gibraltar Financial Services Commission (GFSC)

It is important to recognise that there were various people that were instrumental in establishing these regulations in Gibraltar. For example, in October 2016, Sian Jones joined the Government of Gibraltar’s DLT working group with the Gibraltar Financial Services Commission (GFSC). Siân became a consultant for what developed into DLT Regulation, which came into force In January of 2018. People were interested in what Siân had to say due to her background in regulatory compliance. She understood the old financial services world – the traditional one – but also the technological. Straddling these two disciplines was to her advantage, and she soon began advising start-ups in her consultancy career and became a key in the implementation of  the DLT regulations of Gibraltar.

Joey Garcia, a partner of the law firm Isolas, who also co-chaired the Gibraltar Government working group/think tank on digital currencies and was a key driver in developing the policy and framework in respect of Gibraltar’s position on digital currencies and the DLT Regulations.

DLT Framework: Scope

The DLT Framework applies to all businesses that use blockchain as a way of business. In fact, it will apply to all natural and legal persons that use the DLT for business activities engaged in “the transmission or storage of value belonging to others” and which are not subject to other existing legal regulations. Such business activities include, for example, centralised virtual currency (VC) administrators, VC wallet providers, trading platforms, VC exchanges, payment service providers, issuers of asset-backed tokens, pre-loaded VC, vouchers and wallets, and peer-to-peer gaming platform operators. It is important to note that some types of businesses related to VC fall outside the scope of the new regulatory frameworks, such as decentralised VC schemes (e.g. Bitcoin), DLT software developers, users purchasing goods and services with VC, and investment in VC for private purposes. It is also proposed that investment advice about VC will not fall within scope of the new DLT framework.

The Regulatory Principles

The principles-based approach means that there are no specific regulatory requirements. The Gibraltar DLT Regulations contain nine principles and, as part of the application process, each applicant will have to demonstrate to the regulator how it addresses, and satisfactorily complies with, each of these principles.

Likewise, the Gibraltar Financial Services Commission (GFSC) will be the body to authorise and supervise DLT companies and to ensure that the DLT framework principles are properly applied to the business operations of such companies.

The nine principles set out below applied to DLT Providers will ensure that the GFSC’s regulatory outcomes are achieved.

1. A DLT Provider must conduct its business with honesty and integrity.

The GFSC must be satisfied that the applicant, including the persons associated with it, are fit and proper to undertake the DLT activity. The basic elements which are relevant to such an assessment include:

· honesty, integrity and reputation;
· skill, competence, care and experience; and
· financial position.

2. A DLT Provider must pay due regard to the interests and needs of each and all its customers and must communicate with its customers in a way which is fair, clear and not misleading.

DLT Providers are expected to devote as much time and consideration to protecting consumers’ interests as to their own, and dedicate sufficient resources necessary to protect consumers.

3. A DLT Provider must maintain adequate financial and non-financial resources.

DLT Providers are expected to maintain sufficient financial resources to ensure that it can be run in a sound and safe manner. Capital levels must be monitored to ensure that sufficient capital is held to support business objectives. Capital level must be commensurate with the prudential risks. As a minimum, DLT Providers are expected to hold sufficient capital to ensure an orderly, solvent wind-down of its business. Where appropriate, DLT Providers are required to hold professional indemnity insurance cover.

4. A DLT Provider must manage and control its business effectively, and conduct its business with due skill, care and diligence; including having proper regard to risks to its business and customers.

5. A DLT Provider must have effective arrangements in place for the protection of client assets and money when it is responsible for them.

DLT Providers are expected to take all reasonable precautions to protect customer assets in their custody or control against unexpected eventualities and threats. Custodial assets will need to be segregated from the DLT Provider’s own assets.

Joey Garcia, a partner of the law firm Isolas, co-chaired the Gibraltar Government working group/think tank on digital currencies

6. A DLT Provider must have effective corporate governance arrangements.

DLT Providers need to implement good corporate governance. This is crucial as it will establish the system by which firms will be run and business overseen, including its structure, processes, culture and strategies. It will establish the rules by which authority is exercised and decisions taken and implemented to manage all risk types and exposures.

7. A DLT Provider must ensure that all systems and security access protocols are maintained to appropriate high standards.

All systems used should ensure the right level of access to authorised personnel with up to date monitoring systems. On-going and proactive security assessments should be conducted on DLT technologies to keep up to date with any new threats and potential vulnerabilities.

8. A DLT Provider must have systems in place to prevent, detect and disclose financial crime risks such as money laundering and terrorist financing.

DLT Providers must adequately apply anti-money laundering and counter terrorist financing preventive measures which are commensurate with their risks, and report suspicious transactions.

9. A DLT Provider must be resilient and must develop contingency plans for the orderly and solvent wind down of its business.

DLT Providers need to develop, test and maintain adequate business continuity, disaster recovery and crisis management plans.

Since it went into effect in 2018, there are multiple companies that have been granted license to operate in Gibraltar. The list of licensed companies includes Huobi, the fourth largest exchange by daily trading volume, Coinfloor, the oldest crypto trading platform in the U.K., Covesting, which is another crypto exchange based in Europe, the Gibraltar Blockchain Exchange (GBX), operated by the local stock exchange, Digital Asset Management a secure military grade Cold-storage facility for digital assets and Xapo custody which is expanding beyond Bitcoin to create a robust banking alternative and the most recently licensed entity, digital asset platform Etorox.

Since the cryptocurrency boom of late 2017, regulators across the globe have been struggling to put rules in place to govern what has been, and arguably still is, something of a wild west industry. But Gibraltar has moved fast and has gained a competitive advantage in this always-innovating spectrum.

“We believe blockchain technology has got a lot of promise,” commented Alberto Isola – Gibraltar’s Minister for Commerce. “We thought if we can regulate it safely – where all the usual parameters of traditional financial regulation can be applied – and which doesn’t stifle innovation but encourages it, we could end up in a similar place to where we were with online gaming twenty-five years ago.”