Select Page

An overview of the regulation of virtual assets in Bahrain

1. Virtual asset laws and regulations in Bahrain

Bahrain’s regulations for cryptocurrency businesses have evolved since 2017, and the country is now seen as a pioneer in the Middle East region for its cryptocurrency and blockchain regulations The Central Bank of Bahrain (CBB) has established clear framework for licensing and regulation of crypto-asset services. The framework deals with licensing, governance, minimum capital, risk management, AML/CFT, conflicts of interest, business conduct, safeguarding und clients’ money, and cybersecurity for crypto-asset services. The regulatory framework is internationally based, with a focus on best practices that particularly relate to money laundering risk-based approach. The country has also established a regulatory sandbox for new and innovative Fintech products, including those related to digital assets.

In March 2023, the CBB issued amendments regarding crypto-assets following a consultation process with industry stakeholders, to cater to the ongoing developments in the crypto-assets markets and comply with the industry’s best practices. The amendments also describe the requirements for safeguarding the client’s assets to provide a higher level of protection to the investor.

What is considered a virtual asset in Bahrain?

In Bahrain, a virtual asset is defined as a digital representation of value that can be digitally traded and functions as a medium of exchange, unit of account, or store of value. It does not have legal tender status in any jurisdiction and is neither issued nor guaranteed by a jurisdiction.

The CBB has categorises virtual assets into four main types: Payment Tokens, Utility Tokens, Asset Tokens, and Hybrid Tokens. Combined they are called as ‘Accepted Crypto Assets’. The CBB has the power to evaluate whether a crypto-asset is appropriate for trading before accepting it as an ‘Accepted Crypto Asset’.

  1. Payment Tokens: These are akin to cryptocurrencies, like Bitcoin, and are intended to be used as a means of payment for acquiring goods or services or for value transfer. They are usually decentralised and do not confer any claims on their issuer.
  2. Utility Tokens: These provide access to a specific application or service but are not accepted as a means of payment for other applications. They do not represent a claim on the issuer.
  3. Asset Tokens: These are more aligned with traditional securities as they represent assets such as equity or debt claims on the issuer. Asset Tokens promise a share in future company earnings or capital flows, analogous to equities, bonds, or derivatives.
  4. Hybrid Tokens: These have features of one or more of the other token types.

What are the relevant laws and regulations?

The table given below is a comprehensive list of the regulatory framework for virtual assets in Bahrain. It includes information on the various regulations and guidelines that govern the use of virtual assets in the country.

Event Description
Launch of Regulatory Sandbox The CBB launched the regulatory sandbox to test fintech solutions, including those involving crypto-assets.
Public Warning The CBB issued a public warning about the risks associated with cryptocurrencies, such as Bitcoin and Ethereum, and emphasised that they were not recognised as legal tender in Bahrain.
Launch of Bahrain FinTech Bay Bahrain FinTech Bay, the largest FinTech hub in the Middle East, was launched to foster innovation in financial technologies, including blockchain and virtual assets.
Comprehensive Regulatory Framework The CBB introduced a comprehensive regulatory framework for crypto-asset platforms, covering licensing, governance, risk management, consumer protection, and AML/CFT requirements.
Amendments to Regulatory Framework The CBB amended its regulatory framework for crypto-assets to align with the standards set by the Financial Action Task Force (FATF), focusing on enhancing AML/CFT measures.
Issuance of Crypto Assets Module (CRA) The CBB issued the Crypto Assets Module under its Capital Markets Rulebook, providing comprehensive regulations for digital assets services.
Public Consultations The CBB invited public consultations and feedback on the draft regulations.
Final Regulations The CBB issued the final CRA regulations after the consultation process.
Amendments to Crypto Assets Module The CBB issued amendments to the Crypto Assets Module to cater to ongoing developments in the crypto-assets markets and comply with industry best practices.

Who do such laws and regulations apply to?

The laws and regulations related to virtual assets in Bahrain apply to any individual or entity that engages in the business of virtual assets services, including trading, dealing, advisory, or portfolio management services in accepted crypto-assets, either as principal, agent, custodian or as a crypto-asset exchange within or from Bahrain.

Additionally, these laws and regulations also apply to any platform operator who creates or administers crypto-assets, publishes or uses software for the production or mining of crypto-assets, and runs a loyalty program.

Who are the relevant regulatory authorities in relation to virtual assets in Bahrain?

The relevant regulatory authorities in relation to virtual assets in Bahrain include:

  1. CBB: The CBB is responsible for regulating and overseeing the provision, use, and exchange of virtual assets in Bahrain. It has issued the CRA under its Capital Markets Rulebook, which regulates various digital assets services conducted in and from Bahrain.
  2. Bahrain Monetary Agency (BMA): The BMA was the central bank of Bahrain until it was succeeded by the CBB on September 7, 2006. The BMA was responsible for various regulatory tasks, including the issuance of currency, oversight of financial institutions, and the implementation of monetary policy.

What are the penalties for breaches of virtual asset laws and regulations in Bahrain?

If an entity or individual breaches the virtual asset laws and regulations in Bahrain, they may be subject to various penalties, including monetary fines, revocation of license, and even imprisonment, depending on the severity of the breach. The penalties and punishment for virtual asset-related offenses are explained in the regulations issued by the Central Bank of Bahrain, under its Rulebook Volume 6.

The penalties for offenses related to virtual assets can range from monetary fines up to BHD 100,000 in some cases, revocation of licenses, and imprisonment. For instance, if an entity or an individual receives compensation for providing unlicensed virtual asset services, they may be fined up to BHD 50,000. Operating a crypto-asset exchange without a valid license may lead to imprisonment for a period of up to five years or a fine of up to BHD 500,000.

Furthermore, a sentence of imprisonment and/or a maximum fine of BHD 30,000 may be imposed on the perpetrator who has unlawfully accessed an IT system. Also, an imprisonment sentence and/or maximum fine of BHD 1,00,000 may be imposed on the perpetrator who uses encryption in order to commit or conceal any of the crimes provided for in the Law or any other law.

2. Regulation of virtual assets and offerings of virtual assets in Bahrain

Are virtual assets classified as ‘securities’ or other regulated financial instruments in Bahrain?

In Bahrain, virtual assets are not generally classified as ‘securities’ or other regulated financial instruments. However, the CBB provides a regulatory framework that can classify certain virtual assets as financial instruments depending on their characteristics and usage.

  1. Payment Tokens: These are typically treated as virtual assets and not classified as securities. They are regulated under the CRA for their use in payments, trading, and transfers.
  2. Asset/ Security Tokens: If a virtual asset exhibits characteristics similar to traditional securities (e.g., representing shares, bonds, or other investment instruments), it may be classified as a security and subjected to relevant securities regulations under the CBB’s oversight.
  3. Utility Tokens: Tokens providing access to a product or service are generally not considered securities but are regulated as virtual assets under the CRA rules.

Are stablecoins and NFTs regulated in Bahrain?

  1. Stablecoins: Stablecoins in Bahrain are regulated under the framework provided by the CBB. Stablecoins are digital currencies designed to minimise price volatility by pegging their value to a stable asset, like the US dollar or other traditional currencies.

    Regulatory framework: The CBB’s CRA applies to stablecoins, similar to other virtual assets. This module consists of licensing requirements, operational standards, and compliance obligations for entities dealing with stablecoins. Entities offering stablecoin-related services, such as issuance, trading, or custodial services, must obtain a license from the CBB and adhere to regulations concerning minimum capital requirements, cybersecurity, and client asset protection.

    Compliance requirements: Licensed entities must implement Anti-money laundering and counter-terrorism financing (AML/CTF) measures. Regular reporting and auditing are mandatory to ensure transparency and regulatory compliance. Stablecoin issuers must maintain sufficient reserves of the pegged asset to back the value of the issued stablecoins.

  2. NFTs: NFTs are unique digital tokens that represent ownership of a specific asset or piece of content, such as art, music, or in-game items. Currently, there are no specific regulations in Bahrain that directly address NFTs.However, NFTs may fall under the broader umbrella of the CBB’s crypto-asset regulatory framework. Additionally, other laws and regulations in Bahrain, such as those related to intellectual property rights, consumer protection, AML/CFT, may also apply to NFTs and their creation, sale, and use.

Are decentralised finance (DeFi) activities (e.g. lending virtual assets) regulated in Bahrain?

DeFi activities, including lending virtual assets, are regulated in Bahrain under the comprehensive regulatory framework established by the CBB. The CBB has issued detailed guidelines for DeFi and virtual assets, which include licensing requirements, minimum capital requirements, measures to safeguard client assets, technology standards, cybersecurity requirements, risk management requirements, reporting, notifications and approval requirements, conduct of business obligations, and rules for the prevention of market abuse and manipulation. These regulations are explained in the CRA under the CBB’s Capital Markets Rulebook.

The CRA regulate various digital asset services conducted in and from Bahrain, including dealing, broking, advisory, portfolio management, providing custody, and operating a digital assets exchange. Entities and individuals engaged in DeFi activities such as trading, dealing, advisory, or portfolio management services held in virtual assets either as principal, agent, custodian, or as a crypto-asset exchange within or from Bahrain must obtain a ‘Bahrain Crypto Asset Service Provider License’ from the CBB. These regulations also cover the practices and guidelines for lending, borrowing, and other DeFi activities, including requirements for minimum capital, risk management, standards of business conduct, and avoiding conflicts of interest. Furthermore, the regulations include measures required for safeguarding client or customer interests and managing cybersecurity risks.

Are there any restrictions on issuing or publicly offering virtual assets in Bahrain?

The CBB has implemented comprehensive regulations to govern the issuance and public offering of virtual assets in Bahrain. These regulations, explained in the CRA under its Capital Markets Rulebook. Following are the restrictions/requirements in relation to public offering of virtual assets in Bahrain:

  1. Licensing requirements: Entities wishing to issue or publicly offer virtual assets in Bahrain must obtain a license from the CBB. The licensing process ensures that only qualified and compliant entities can operate in the market. The CBB requires detailed documentation and preliminary assessments to determine the eligibility of applicants.
  2. Minimum capital requirements: To ensure financial stability, entities issuing or publicly offering virtual assets must meet minimum capital requirements set by the CBB. These requirements help cover potential losses and maintain the financial health of the entities.
  3. Measures to safeguard client assets: Entities must implement robust measures to safeguard client assets, including maintaining separate accounts for client assets, ensuring the security and integrity of client data, and implementing comprehensive risk management procedures.
  4. Technology standards: The CBB mandates that entities meet specific technology standards to manage and store virtual assets.
  5. Cybersecurity requirements: To protect against cyber threats, entities must adhere to stringent cybersecurity requirements set by the CBB.
  6. Risk management requirements: Entities are required to implement an extensive risk management system to identify, assess, and manage risks associated with virtual assets. Effective risk management is essential to mitigate potential risks and ensure the stability of the financial system.
  7. Reporting, notifications, and approval requirements: Entities must report and notify the CBB about various activities, including the issuance and public offering of virtual assets, and any changes to their operations or management. This ensures ongoing compliance and allows the CBB to monitor the activities of licensed entities effectively.
  8. Conduct of business obligations: Entities must comply with conduct of business obligations, ensuring they operate fairly and transparently. This includes not engaging in activities that could harm the stability and integrity of the financial system.
  9. Prevention of market abuse and manipulation: To maintain market integrity, entities must prevent market abuse and manipulation. They are required to implement measures that prevent activities which could distort the market or harm its stability.

Are there any exemptions to the restrictions on issuing or publicly offering of virtual assets in Bahrain?

In Bahrain, while there are comprehensive regulations governing the issuance and public offering of virtual assets, certain activities are exempt from these restrictions as outlined by the CBB in the CRA under its Capital Markets Rulebook:

  1. Creation and mining of crypto assets: Activities related to the creation or mining of crypto assets are not considered regulated services. This includes the development and dissemination of software used for creating or mining crypto assets​​.
  2. Loyalty programs: Virtual assets issued as part of a loyalty or rewards program, where tokens are earned through engagement or purchases, are typically exempt. These tokens are not treated as investments and are used within a specific ecosystem or platform​​.
  3. Software development: The development and use of software for creating or mining crypto assets do not fall under the regulated services category. This means that developers creating software tools for the crypto industry are generally exempt from needing a license​​.
  4. Activities deemed non-regulated by the CBB: The CBB has the discretion to determine and exempt any other activity or arrangement that it does not consider as undertaking regulated crypto-asset services. This provides flexibility for the CBB to adapt to new developments and technologies in the crypto space​​.
  5. Private offerings: If the offering is private and targets a small number of sophisticated investors rather than the general public, it might be exempt from full public offering regulations.
  6. Small-scale offerings: Offerings below a certain monetary threshold may be exempt from extensive regulatory requirements, making it easier for smaller projects to raise funds.

3. Regulation of VASPs in Bahrain

Are VASPs operating in Bahrain subject to regulation?

VASPs operating in Bahrain are regulated and must comply with the requirements laid down in the regulatory framework issued by the CBB. CBB has been providing regulations to oversee and manage the ‘Regulated crypto-asset services’ in Bahrain with a view to becoming the region’s premier FinTech center. The regulatory framework also permits foreign entities already operating in other countries to apply for a cryptocurrency license with Bahrain and can operate in the country as an ‘overseas crypto asset service licensee’ after complying with the requirements of Bahrain company registration.

The regulatory framework sets out rules for the provision of ‘Regulated crypto-asset services’. ‘Regulated crypto-asset services’ are defined as the conduct of any or any combination of the following types of activities:

  1. Reception and transmission of orders: The reception from a client of an order to buy and/or sell one or more accepted crypto-assets and the transmission of that order to a third party for execution;
  2. trading in accepted crypto assets as an agent;
  3. trading in accepted crypto assets as a principal;
  4. portfolio management;
  5. investment advice; and
  6. crypto-asset custody.

The CBB only allows Crypto-asset service licensees (and overseas crypto-asset service licensees) to provide services relating to ‘Accepted Crypto Assets’. The CBB has the power to evaluate whether a crypto-asset is appropriate for trading before accepting it as an ‘Accepted Crypto Asset’. The CBB takes into account various factors, including but not limited to, the security, traceability/monitoring, resolution mechanisms, geographical distribution, connectivity, market demand/volatility, type of distributed ledger used, the applicable consensus algorithm of the distributed ledger, innovation and practical applicability/functionality, and whether the crypto-asset has been traded on any darknet marketplaces.

Are VASPs providing virtual asset services from offshore to persons in Bahrain subject to regulation in Bahrain?

Yes, VASPs providing virtual asset services from offshore to persons in Bahrain are subject to regulation in Bahrain. According to the regulatory framework issued by the CBB, foreign entities that are already operating in other countries can apply for a crypto-asset license in Bahrain and operate in the country as an ‘overseas crypto asset service licensee’ after complying with the requirements of Bahrain company registration. These entities are subject to the same requirements and regulations as a Bahraini joint stock company providing regulated crypto-asset services.

Here are a few examples of VASPs that are providing virtual asset services from offshore to persons in Bahrain:

  1. Binance, which is one of the largest cryptocurrency exchanges in the world, has obtained a license from the Central Bank of Bahrain to operate as an “overseas crypto asset service licensee” in Bahrain.
  2. BitOasis, which is a Dubai-based cryptocurrency exchange, has also obtained a license from the Central Bank of Bahrain to operate as an “overseas crypto asset service licensee” in Bahrain. BitOasis provides virtual asset trading and storage services to customers in the Middle East and North Africa region, including Bahrain.

What are the main requirements for obtaining licensing / registration as a VASP in Bahrain?

The CBB provides licenses to VASPs under four categories, which are as follows:

  1. Type 1 Crypto Asset License: This license is required for VASPs that provide custody services and hold a customer’s cryptocurrencies. The minimum required capital is BHD 200,000. The annual licensing fee is 0.25% of the licensee’s operational expenses, with a minimum of BHD 2,000 and a maximum of BHD 35,000.
  2. Type 2 Crypto Asset License: This license is required for VASPs that provide exchange services or trading platforms that match buyers and sellers. The minimum required capital is BHD 50,000. The annual licensing fee is 0.25% of the licensee’s operational expenses, with a minimum of BHD 2,000 and a maximum of BHD 25,000.
  3. Type 3 Crypto Asset License: This license is required for VASPs that provide brokerage services to clients and make investments on their behalf. The minimum required capital is BHD 50,000. The annual licensing fee is 0.25% of the licensee’s operational expenses, with a minimum of BHD 2,000 and a maximum of BHD 25,000.
  4. Type 4 Crypto Asset License: This license is required for VASPs that provide advisory services related to cryptocurrencies, including research and analysis of cryptocurrencies. The minimum required capital is BHD 50,000. The annual licensing fee is 0.25% of the licensee’s operational expenses, with a minimum of BHD 2,000 and a maximum of BHD 25,000.

Each category has its own specific requirements that VASPs need to meet to be eligible for licensing:

  1. VASPs are required to be registered as a legal entity in Bahrain, either as a Bahraini Joint Stock Company or as an overseas company registered in Bahrain.
  2. They must have a clear and detailed business plan that outlines proposed operations, personnel, risk management, and compliance program.
  3. VASPs must maintain a compliance program to prevent money laundering, terrorism financing, and other financial crimes, rooted in the FATF Standards.
  4. They must have a suitable organisational structure, administrative procedures, and internal controls.
  5. VASPs must maintain adequate capital reserves, cybersecurity policies, and documentation policies and procedures, as well as meet other relevant requirements.
  6. The application for a VASP license must include:
    • Business plan covering expertise, technology, marketing, resources, outsourcing, financials;
    • risk assessment;
    • compliance manual;
    • details on client asset handling, custodians, complaints;
    • information on directors, executives, shareholders;
    • auditor and authorised representative details;
    • proposed safeguards for data protection and client assets; and
    • additional requirements apply for custody and exchange services to demonstrate capability to protect client assets.
  7. Application Process: The application process involves:
    • Obtaining commercial registration from the Ministry of Industry and Commerce;
    • applying for the VASP license from the CBB, which takes approximately 60 days;
    • submitting notarised and legalised or apostilled foreign documents; and
    • paying the application fee, which ranges from BD 2,000 to BD 12,000 annually depending on the license category.

What are the main ongoing requirements for VASPs regulated in Bahrain?

The CBB has implemented a comprehensive set of ongoing requirements for VASPs to ensure compliance. Here are the main requirements:

  1. Client asset protection (CRA 8.1 Client Protection): VASPs are required to implement measures to protect client assets, including keeping client assets in separate accounts from the company’s own assets, ensuring the security and integrity of client data, and regularly reconciling client accounts and conducting audits to prevent misappropriation of assets.
  2. Risk management (CRA-6.1 Risk Management): VASPs must have a risk management system in place. They need to identify, assess, and manage risks associated with their operations, implement policies and procedures to mitigate these risks, and regularly review and update their risk management strategies.
  3. Technology and Cybersecurity (CRA 5.1 Technology Governance and Cyber Security): The CBB issued mandates under CRA to meet requirements for licensing, minimum capital, client asset safeguarding, cybersecurity, risk management, AML/CFT compliance, and business conduct. VASPs must use cybersecurity controls, including multi-factor authentication, encryption, secure storage, and incident response plans.The Law on Combating Cybercrime (2014) criminalises offenses like illegal access, data and system interference, and IT fraud, with penalties up to 10 years imprisonment and fines up to BHD 200,000.The Personal Data Protection Law (2018) governs data collection, processing, storage, and transfer, requiring consent, security measures, data access, and appointing data protection officers, with violations fined up to 20,000 Bahraini Dinars.The National Cybersecurity Framework by the National Cyber Security Center (NCSC) includes cybersecurity governance, technical controls, incident response, and audit requirements, with sector-specific controls for banking, insurance, and payments.
  4. Reporting and Notifications (CRA 10.1 Reporting, Notifications and Approvals): VASPs are required to regularly report to the CBB and notify them of significant changes. This includes providing periodic reports on their financial status, operational activities, and compliance with regulatory requirements, and notifying the CBB of any significant changes in management, business operations, or control structures.
  5. Conduct of Business (CRA 12.1 Conduct of Business Obligations): VASPs must conduct their business in a fair and transparent manner. They must ensure that their operations do not harm the stability and integrity of the financial system, avoid conflicts of interest and operate ethically, and provide clear and accurate information to their clients about their services and associated risks.
  6. Prevention of Market Abuse (CRA 13.1 Prevention of Market Abuse and Manipulation): VASPs must take steps to prevent market abuse and manipulation. They should implement measures to detect and prevent activities that could distort the market or harm its stability and ensure transparent and fair-trading practices.
  7. Compliance with AML/CFT Regulations (CRA 4.4 Dealing with Clients and AML/CFT Requirements): VASPs must comply with Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) regulations. This involves implementing AML/CTF policies and procedures, conducting due diligence on clients to prevent money laundering and terrorist financing, and reporting suspicious activities to the relevant authorities.
  8. Custody Requirements (CRA 8.1 Custody Requirements): VASPs that hold customer funds or cryptocurrencies are subject to additional regulatory requirements pertaining to custody and safeguarding these assets.
  9. Internal Controls and Record Keeping (CRA 4.2 Auditors and Accounting Standards): VASPs must put in place internal controls and processes to ensure the integrity of their business operations and maintain accurate and complete records of their transactions.
  10. Supervision and Monitoring (CRA 11.1 Information Gathering by the CBB): VASPs are subject to ongoing supervision and monitoring by the CBB. This includes periodic onsite inspections and audits to ensure compliance with regulations and requirements.

What are the main restrictions on VASPs in Bahrain?

Bahrain imposes several key restrictions on VASPs which are primarily outlined in the CRA under its Capital Markets Rulebook and AML/CFT Regulations. Here are the main restrictions, with instances and examples:

  1. Restrictions on certain activities (CRA 2 General Requirements): The CBB may restrict or prohibit VASPs from engaging in certain activities that pose unacceptable risks to the financial system, such as high-risk trading practices or certain investment schemes. For example, a VASP may be prohibited from engaging in margin trading or offering certain high-risk financial products without specific approval from the CBB.
  2. Compliance with AML/CFT regulations (CRA 4.4 Dealing with Clients and AML/CFT Requirements): VASPs must strictly comply with AML/CFT regulations. This includes customer due diligence, suspicious transaction reporting, and sanctions screening. For instance, a VASP must verify the identity of its clients and monitor transactions for suspicious activities, reporting any such activities to the relevant authorities.
  3. Restrictions on advertising and marketing (CRA 12.2 Conduct of Business Obligations): The CBB may impose restrictions on how VASPs advertise and market their services to protect consumers from misleading information and ensure transparency. For example, a VASP may be required to include disclaimers about the risks of investing in virtual assets in their advertisements.
  4. Restrictions on outsourcing (CRA 5 Technology Governance and Cyber Security): VASPs must obtain prior approval from the CBB before outsourcing any critical functions to ensure that these functions are managed securely and effectively. For instance, if a VASP wants to outsource its customer service operations to a third-party provider, it must first get approval from the CBB.
  5. Restrictions on ownership changes (CRA 10 Reporting, Notifications and Approvals): VASPs must obtain prior approval from the CBB for any changes in ownership or control to maintain oversight of the entity’s governance and financial health. For example, if a major shareholder in a VASP decides to sell their stake to another investor, this transaction must be approved by the CBB.
  6. Restrictions on branches and subsidiaries (CRA 10 Reporting, Notifications and Approvals): VASPs must obtain prior approval from the CBB before establishing branches or subsidiaries, whether in Bahrain or abroad. This ensures that the CBB can monitor and regulate the expanded operations. For example, if a VASP wants to open a branch in another country, it must first seek approval from the CBB.
  7. Restrictions on dealing with high-risk countries (CRA 4.4 AML/CFT Compliance): VASPs are restricted from dealing with individuals or entities from high-risk countries subject to sanctions or with inadequate AML/CFT controls. This mitigates the risk of money laundering and terrorist financing. For instance, a VASP cannot engage in transactions with entities from countries listed on the FATF high-risk and non-cooperative jurisdictions list.
  8. Restrictions on dealing with unlicensed entities (CRA-4.3 Dealing with Clients): VASPs are prohibited from dealing with unlicensed virtual asset service providers to ensure that all parties involved in the transaction are properly regulated and compliant with the law. For example, a licensed VASP in Bahrain cannot execute trades or collaborate with an unlicensed foreign crypto exchange.

What are the main information that VASPs have to make available to its customers?

In Bahrain, VASPs must provide several key pieces of information to their customers to ensure transparency and protect consumers. VASPs are required to clearly display their licensing status and regulatory approvals from the CBB to verify their legitimacy. They must provide comprehensive risk disclosures about the potential risks of virtual assets, such as price volatility and cybersecurity threats. Customers should be informed about the fee structure, including transaction and withdrawal fees, to avoid hidden charges. Clear terms and conditions must outline the rights and obligations of both parties. Privacy and data protection policies should explain how customer data is collected, used, and safeguarded. Information on AML/CFT policies, including customer due diligence and transaction monitoring, must be available. VASPs should also provide details on how to file complaints and the process for resolving them, ensuring issues are addressed promptly. Additionally, information on service availability and any potential downtime should be communicated to manage customer expectations effectively.

What market misconduct legislation/regulations apply to virtual assets?

Market misconduct legislation and regulations in Bahrain are primarily described in the CRA under its Capital Markets Rulebook and related laws. Here are the key provisions:

  1. Prohibition of market manipulation: The CRA prohibits market manipulation, including creating false signals about the supply, demand, or price of virtual assets. For example, a VASP cannot artificially inflate the price of a cryptocurrency by placing large orders they do not intend to execute.
  2. Prohibition of fraudulent trade practices: The CRA Rules also prohibit fraudulent trade practices, such as making false statements or misrepresentations of material facts. For instance, a VASP must not provide misleading information about the potential returns on a virtual asset investment.
  3. Prohibition of trading virtual assets issued by VASPs or their Related Parties: VASPs are prohibited from trading or engaging in transactions involving virtual assets issued by themselves or their related parties, except in specific circumstances approved by the CBB. This rule is in place to prevent conflicts of interest and ensure market fairness.
  4. Prohibition of discretionary blocking of deposits or withdrawals: The CRA prohibit VASPs from arbitrarily blocking users’ deposits or withdrawals. Any blocking must be justified, and users must be notified in advance.
  5. Monitoring of abnormal transactions: VASPs are required to continuously monitor transactions for abnormal activity and respond appropriately to protect users and maintain transaction integrity. This includes detecting and investigating unusual patterns that might indicate fraudulent or manipulative behavior.
  6. Sanctions for Unfair Trade Practices: Violations of the CRA Rules related to unfair trade practices can result in severe penalties, including imprisonment for a minimum of one year or fines up to three to five times the profit gained from the misconduct.

Additional Regulatory Sources

  1. Law on Combating Cybercrime (2014): Bahrain’s Law No. 60 of 2014 on Combating Cybercrimes addresses various cyber offenses related to virtual assets, including illegal access to information systems and data interference. Penalties can include imprisonment of up to 10 years and fines up to BHD 200,000.
  2. AML/CFT Regulations: VASPs must comply with AML/CFT regulations, which include customer due diligence, suspicious transaction reporting, and sanctions screening. This ensures that virtual asset activities are not used for money laundering or terrorist financing.

4. Regulation of other crypto-related activities in Bahrain

Are managers of crypto funds regulated in Bahrain?

Yes, managers of crypto funds are regulated in Bahrain under the comprehensive regulatory framework established by the CBB. The CBB’s CRA, part of Volume 6 of the CBB Rulebook, provides the guidelines for the licensing and operation of entities involved in various aspects of crypto-assets, including portfolio management.

  1. Licensing Requirements: The licensing process for crypto fund managers involves several key requirements:
  2. Business plan: Applicants must submit a detailed business plan specifying the type of crypto-asset services they intend to offer.
  3. Shareholder and controlled function applications: Application forms must be submitted for all shareholders and individuals occupying controlled functions within the organisation.
  4. Minimum Capital Requirements: The CBB mandates minimum capital requirements for different categories of licensees. For portfolio management services, entities must meet the capital adequacy standards set by the CBB.

Regulatory and Ongoing Requirements: Licensed crypto fund managers must adhere to strong governance frameworks and internal controls while implementing AML/CFT measures, including enhanced due diligence on clients. They must also establish effective risk management procedures and security measures to protect crypto-assets. Additionally, managers are responsible for educating clients and providing clear instructions on using crypto-asset services. Ongoing obligations include regular reporting to the CBB on operations and compliance, undergoing periodic audits, and ensuring the protection and segregation of client assets.

Are distributors of virtual asset funds regulated in Bahrain?

Yes, distributors of virtual asset funds are regulated in Bahrain. The CBB has established a comprehensive regulatory framework to govern various activities involving crypto-assets, including the distribution of such assets. This framework is encapsulated in the CRA of Volume 6 of the CBB Rulebook.

Licensing Requirements: Entities wishing to engage in the distribution or any form of dealing, advising, or portfolio management involving virtual assets must obtain the appropriate license from the CBB. The licensing categories cover a range of activities and include:

  1. Reception and transmission of orders: Receiving orders to buy or sell crypto-assets from clients and transmitting those orders to a third party for execution.
  2. Trading as agent: Acting to conclude agreements to buy or sell crypto-assets on behalf of clients.
  3. Trading as principal: Trading against proprietary capital.
  4. Portfolio management: Managing crypto-assets on behalf of clients.
  5. Crypto-asset custodian: Safeguarding, storing, and holding crypto-assets for clients.
  6. Investment advice: Providing personalised recommendations to clients regarding crypto-assets.
  7. Operating a crypto-asset exchange: Facilitating the trading, conversion, or exchange of crypto-assets​​​​.

Applicants for a license must submit a detailed business plan, application forms for shareholders and controlled functions, and meet minimum capital requirements which vary depending on the category of the license. For example, Category 1 licensees have a minimum capital requirement of BHD 25,000, while Category 4 licensees require BHD 300,000​​.

Regulatory and ongoing requirements: Licensed entities must establish strong governance frameworks and internal controls while implementing AML/CFT measures, including enhanced due diligence on clients. They must maintain adequate risk management procedures and security measures to protect crypto-assets, and provide clients with clear instructions and educational materials. Additionally, they are required to regularly report to the CBB on their operations, undergo periodic audits, and ensure the protection and segregation of client assets.

Are there requirements for intermediaries seeking to provide trading in virtual assets for clients or advise clients on virtual assets in Bahrain?

Yes, there are specific requirements for intermediaries seeking to provide trading in virtual assets for clients or advise clients on virtual assets in Bahrain. Here are the key points:

  1. Licensing requirements: Intermediaries must obtain a license from the CBB to provide crypto-asset services. This includes trading in virtual assets for clients or advising clients on virtual assets. The licensing categories cover activities such as reception and transmission of orders, trading as an agent or principal, portfolio management, and providing investment advice.
  2. Minimum capital requirements: The minimum capital requirements vary depending on the licensing category, ranging from BHD 25,000 to BHD 300,000. This ensures that intermediaries have sufficient financial stability to support their operations.
  3. Risk management: Intermediaries must have effective risk management policies and procedures in place to identify, assess, monitor, and manage risks associated with their crypto-asset services.
  4. Information security: Companies must have adequate measures in place to protect their systems and customers’ information from unauthorised access and data breaches. This includes adhering to cybersecurity risk requirements to prevent and mitigate potential cyber threats.
  5. Professional indemnity coverage: Intermediaries must maintain professional indemnity coverage to ensure they are protected against potential losses or damages arising from their services.
  6. Reporting and notification obligations: Intermediaries must report and notify the CBB of various activities, including transactions, client information, and any changes to their operations.
  7. Client registration: Intermediaries can only undertake transactions with clients who are registered and meet specific eligibility criteria, such as being a legal entity or a natural person above the age of 21. This ensures that clients are adequately vetted and eligible for crypto-asset services.
  8. Agreement requirements: Intermediaries must enter into an agreement with their clients that outlines specific terms and conditions, including the scope of services, fees, and risk management procedures. This helps in setting clear expectations and protecting the interests of both parties.
  9. CBB approval: Intermediaries must obtain the CBB’s approval for individuals in “controlled functions,” such as branch managers or those responsible for managing the company’s operations in Bahrain.

5. Other relevant regulatory information

Are there any upcoming regulatory developments in respect of crypto-related activity in Bahrain?

There are no specific upcoming regulatory developments in respect of crypto-related activity in Bahrain that are publicly announced. However, the CBB plans to implement regulations for digital token offerings, ensuring that all digital tokens exhibiting the characteristics of securities are regulated to enhance investor protection. New requirements will improve the safeguarding of client assets, and expanded services for licensees will be permitted.

Additionally, the CBB will support the inclusion of foreign entities by allowing overseas companies to apply for licenses as ‘Overseas crypto-asset service licensees.’ The emphasis on cybersecurity and risk management will be strengthened, introducing higher standards to mitigate potential threats.

Has there been any notable events in Bahrain that has prompted regulatory change recently?

Recently, Bahrain made changes to its crypto regulations to keep up with the fast-moving crypto market and new risks. A key event was in March 2023 when the CBB updated its Crypto-Asset Module. These updates came after talking with industry experts and aimed to better protect investors, include rules for digital token offerings, and ensure the safety of clients’ assets. The CBB also allowed licensed crypto businesses to offer more services with approval. These changes show Bahrain’s dedication to creating a safe and innovative space for crypto activities, staying in line with global standards.

6. Pending litigation and judgments related to virtual assets in Bahrain (if any)

There are no specific pending litigation and judgments related to virtual assets in Bahrain that are publicly announced.

7. Government outlook on virtual assets and crypto-related activities in Bahrain

Bahrain appears to have a positive outlook on virtual assets and crypto-related activities. The CBB has implemented a legislative framework to oversee and manage crypto assets, with regulations based on international best practices, particularly regarding money laundering. These regulations cover licensing requirements, safeguarding rules, technology standards, and reporting, notification, and approval requirements. Additionally, in March 2022, Binance, one of the largest crypto exchange platforms, was granted a license by the CBB, which was the first of its kind in the Gulf Cooperation Council. This is a clear indication of Bahrain’s progressive regulatory policies and its openness to cryptocurrency and digital assets.

In Bahrain, there are currently no specific tax provisions targeting income earned from crypto assets. This means that, as of now, income generated through activities such as trading, investing, or holding cryptocurrencies is not subject to income tax or capital gains tax. Bahrain does not impose personal income taxes on its residents, which extends to earnings from virtual assets.

Compliance with FATF Standards: Bahrain, a member of the Middle East and North Africa Financial Action Task Force (MENAFATF), aligns its AML and CFT measures with the recommendations of the FATF. Through the CRA in its Capital Markets Rulebook, Bahrain has integrated FATF’s standards on AML/CFT. This includes stringent requirements for customer due diligence, suspicious transaction reporting, and the FATF’s Travel Rule, which mandates VASPs to share relevant information for virtual asset transactions​.

Besides FATF, Bahrain aligns its regulations with several international frameworks:

  1. Basel Committee on Banking Supervision: Bahrain adheres to the Basel Committee’s guidelines on banking supervision, which include aspects of virtual asset regulation to ensure financial stability and integrity.
  2. International Organisation of Securities Commissions (IOSCO): Bahrain follows IOSCO’s principles for regulating securities markets, extending these principles to virtual assets to ensure market transparency and investor protection.

Red Flag Indicators: The CBB has issued guidance on identifying red flag indicators related to suspicious activities in the crypto-assets market.

Red Flag Indicators for virtual asset in Bahrain include structuring transactions in small amounts to avoid detection, making multiple high-value transactions in quick succession, transferring VAs to multiple VASPs in different jurisdictions without a clear connection to the customer’s location, and quickly withdrawing deposited VAs without additional exchange activity. Other red flags involve large initial deposits by new users inconsistent with their profiles, frequent transfers to the same account, and economically irrational transactions like exchanging VAs at a loss. Indicators related to anonymity include using anonymity-enhanced cryptocurrencies, operating unregistered VASPs on peer-to-peer websites, and employing mixing or tumbling services to obscure fund origins. Red flags also arise from irregularities during account creation, such as multiple accounts from the same IP address, incomplete KYC information, and profile discrepancies. Source of funds red flags include links to known fraud or illicit activities, transactions from online gambling services, and funds from high-risk jurisdictions with weak AML/CFT regulations. To address these indicators, VASPs should apply enhanced due diligence, use advanced transaction monitoring systems, conduct regular audits, educate customers on compliance, and report suspicious activities promptly.

In recent years, Bahrain has faced a mix of stability and challenges. While political stability has mostly been maintained, occasional unrest and demands for democratic reforms have influenced regulatory policies. Balancing security with reform efforts has affected Bahrain’s international reputation and internal policies. Economic pressures from changing oil prices have led Bahrain to diversify its economy, focusing on finance, technology, and tourism.

8. Advantages of setting up a VASP in Bahrain

Setting up a VASP in Bahrain comes with several benefits. Firstly, Bahrain offers a comprehensive regulatory framework for VASPs, established by the CBB. This framework provides precise licensing requirements, ensuring that VASP operations are legitimate and transparent.

Moreover, Bahrain’s regulations include AML/CTF measures. This not only mitigates legal risks but also ensures that VASP operators have strong compliance controls, providing confidence in meeting regulatory obligations and avoiding enforcement actions.

Another significant advantage is Bahrain’s fintech regulatory sandbox. This initiative allows crypto-related entities to test their products and solutions in a controlled environment before obtaining a full license. This is particularly beneficial for startups and businesses developing new virtual asset-based products, as it supports innovation and growth.

Additionally, Bahrain has specific corporate structuring requirements, including the need for resident directors and a local office. This ensures that VASPs have a tangible presence in the country, enhancing their credibility and operational effectiveness.

The licensing fees in Bahrain are variable, but the framework ensures that all necessary AML/CTF measures and regular audits are in place. Bahrain does not impose income or capital gains tax, making it a financially attractive destination for VASPs. Penalties for non-compliance are severe, which shows the importance of adhering to regulations.

Bahrain’s regulatory framework is aligned with international best practices, including those of the FATF, ensuring that VASPs operate within globally recognised standards. The country also has strong cybersecurity measures, supporting the safe and secure operation of virtual asset services.

Additionally, operating within Bahrain gives VASPs access to a fast-growing market for virtual currencies and digital assets. This opens up numerous investment opportunities and allows businesses to expand their reach within the region.