An overview of the regulation of virtual assets in Gibraltar

British Virgin Islands (BVI) Flag

Download PDF | Download Word

More information on Gibraltar

Virtual asset laws and regulations in Gibraltar

Regulation of virtual assets and offerings of virtual assets in Gibraltar

Regulation of VASPs in Gibraltar

Regulation of other crypto-related activities in Gibraltar

Other relevant regulatory information

Pending litigation and judgments related to virtual assets in Gibraltar (if any)

Government outlook on virtual assets and crypto-related activities in Gibraltar

Advantages of setting up a VASP in Gibraltar

1. Virtual asset laws and regulations in Gibraltar

The Gibraltar Financial Services Commission (GFSC) initiated a consultation process in May 2017 to develop a regulatory framework for Distributed Ledger Technology (DLT) providers. The objective was to create a principles-based and adaptable framework that could address the aspects and risks associated with various business models and technologies in the virtual assets sector.

Following the consultation process, the GFSC finalised and implemented the DLT framework in January 2018. This framework established nine core principles and accompanying 10 guidance notes for DLT providers, with a focus on key areas such as corporate governance, risk management, consumer protection, and financial crime prevention.  Furthermore, the Financial Services Act, 2019 (FSA) ensures that any activities involving virtual/digital assets are conducted in compliance with regulations set by the GFSC. The GFSC has continued to refine and develop its regulatory approach, introducing additional regulations for Initial Coin Offerings (ICOs), Security Token Offerings (STOs), and other token sales.

Moreover, Gibraltar adheres to international Anti-Money Laundering and Counter-Terrorist Financing (AML/CFT) regulations for virtual asset service providers (VASPs) in line with the recommendations set forth by the Financial Action Task Force (FATF). This commitment to maintaining high regulatory standards further solidifies Gibraltar’s reputation as a leading jurisdiction in the virtual assets space.

What is considered a virtual asset in Gibraltar?

According to the Proceeds of Crime Act 2015 (Transfer of Virtual Assets) Regulations 2021, a virtual asset is “any digital representation of value that can be digitally traded or transferred and can be used for payment or investment purposes, but does not include digital representations of fiat currencies and securities.”

In Gibraltar, the virtual assets can be bought, sold, held, or transferred using DLT. Under the DLT regulation system, VASPs must have a local presence in the jurisdiction, be licensed and to be compliant with any anti-money laundering AML/CTF regulations.

What are the relevant laws and regulations?

Gibraltar has established a comprehensive regulatory framework for virtual assets, which includes several relevant laws, regulations, and guidance documents. Key components of this framework are:

  1. The Proceeds of Crime Act 2015 (Transfer of Virtual Assets) Regulations 2021: known as the travel rule regulations, require virtual asset service providers to gather specific customer information for transactions equal to or exceeding one thousand euros.
    Additionally, the Proceeds of Crime Act 2015 (Amendment) Regulations 2021 also introduced definitions of virtual asset that has explicitly excluded ‘digital representations of fiat currencies’ and explains registration requirements for businesses involved in tokenised digital asset sales or DLT-based value exchanges. Failure to register or comply may lead to enforcement actions by the GFSC, including registration suspension or cancellation, subject to appeal in the Supreme Court within 28 days of the decision notice.
  2. Financial Services Act, 2019: The FSA provides the GFSC with the necessary powers to regulate and supervise financial activities, including those related to virtual assets. It ensures that any activities involving virtual assets are conducted in compliance with regulations set by the GFSC.
  3. DLT Framework: Introduced by the GFSC in January 2018, the DLT framework is a purpose-built, principles-based, and flexible regulatory framework for DLT providers. It consists of nine core principles and accompanying guidance notes that focus on areas such as corporate governance, risk management, consumer protection, and financial crime prevention. The principles are:
    1. Honesty and integrity: DLT providers must conduct their business with honesty and integrity.
    2. Customer care: Firms must pay due regard to the interests and needs of each and all its customers and must communicate with its customers in a way that is fair, clear, and not misleading.
    3. Resources: A DLT provider must maintain adequate financial and non-financial resources.
    4. Risk management: Firms must manage and control their business effectively and take reasonable care to identify, manage, and mitigate risks.
    5. Protection of client assets: A DLT provider must arrange adequate protection for client assets.
    6. Corporate governance: Firms must have effective corporate governance arrangements.
    7. Cybersecurity: DLT providers must have systems and security access protocols that are maintained to appropriate high standards.
    8. Financial crime: Firms must have systems in place to prevent, detect, and disclose financial crime risks like money laundering and terrorist financing.
    9. Resilience: DLT providers must have contingency plans in place to ensure they can continue their operations and meet their regulatory obligations during disruptions.
  5. Guidance Notes: The GFSC has issued 10 guidance notes to supplement the DLT framework. These notes provide clarification on various aspects, including regulatory principles, risk management, protection of client assets, financial crime risks, technology and cybersecurity risks, resilience and contingency planning, governance arrangements, fitness and propriety of key individuals, outsourcing arrangements, and conflicts of interest.
  6. The Financial Services (Distributed Ledger Technology Providers) Regulations 2020: is a set of rules that apply in Gibraltar to people who want to create and sell virtual assets. These people first have to get permission from the GFSA by submitting an application and relevant documents. These regulations cover the conditions for getting permission, the ongoing obligations that must be met, and the regulatory principles that must be followed. It’s to note that these regulations don’t stop people from creating virtual assets, but strict rules must be followed when doing so.
  7. AML/CFT Regime: Gibraltar adheres to international AML/CFT regulations for VASPs in line with the recommendations set forth by the FATF. The Proceeds of Crime Act 2015 and the Criminal Justice (Proceeds of Crime) (Amendment) Regulations 2019 are examples of relevant legislation addressing AML/CFT requirements in Gibraltar.

Who do such laws and regulations apply to?

The virtual assets laws and regulations in Gibraltar are primarily designed for DLT providers, encompassing a wide range of activities related to virtual assets and blockchain technology. DLT providers include firms that use DLT for storing or transmitting value belonging to others, such as cryptocurrency exchanges, wallet service providers, and other businesses that facilitate the transfer, storage, or management of virtual assets.

Who are the relevant regulatory authorities in relation to virtual assets in Gibraltar?

The GFSC serves as the primary regulatory authority in Gibraltar, overseeing virtual assets and DLT. As an independent statutory body, the GFSC is responsible for the regulation and supervision of financial services in Gibraltar, including the virtual assets sector.

The GFSC’s role in the DLT and virtual assets sector includes:

  1. Regulation and Licensing: The GFSC regulates and licenses DLT firms and activities, such as:
    • Crypto exchanges
    • Crypto-currency purse and asset storage service providers
    • Crypto-currency purse providers
    • DLT-based trading platforms that facilitate the purchase and sale of goods and services
  1. Authorisation and Licensing of DLT Suppliers: The GFSC is responsible for authorising and licensing DLT suppliers, including distributors like cryptocurrency exchanges and depositories.
  2. Active Supervision and Enforcement: The GFSC actively supervises and enforces DLT regulations in Gibraltar, ensuring that licensed entities comply with international standards and maintain high levels of corporate governance, risk management, and consumer protection.
  3. Guidance and Regulatory Updates: The GFSC issues guidance notes and regulatory updates to help DLT providers understand and comply with their obligations under the DLT regulatory framework.

The Gibraltar New Technologies Association (GANT) has also been established to promote the development of blockchain and DLT.

What are the penalties for breaches of virtual asset laws and regulations in Gibraltar?

In Gibraltar, breaches of virtual asset laws and regulations can lead to various penalties and enforcement actions. These include:

  1. Penalties:
    • Imprisonment and Fines: Individuals failing to comply with regulations can face imprisonment for up to 2 years, fines, or both on conviction.
    • Administrative Penalties: Offenders may face administrative penalties, public statements, cease and desist orders, temporary suspension, or prohibition orders for contravening regulatory requirements.
    • Financial Penalties: Providing DLT services without a license can result in fines of up to £10,000.
  1. Enforcement Actions:
    • Financial Penalties: The GFSC can impose financial penalties of up to £5 million on firms or individuals for breaches.
    • Public Censure: GFSC can publicly censure those in breach, impacting their reputation.
    • Suspension or Revocation of Authorisation: GFSC can suspend or revoke authorisation, preventing further provision of virtual asset services.
    • Criminal Prosecution: Serious breaches may lead to criminal prosecution by law enforcement authorities.

2. Regulation of virtual assets and offerings of virtual assets in Gibraltar

Are virtual assets classified as ‘securities’ or other regulated financial instruments in Gibraltar?

In Gibraltar, virtual assets are not automatically classified as ‘securities’ or other regulated financial instruments. Instead, the classification of a virtual asset depends on its specific characteristics and the purpose for which it is used.

The Financial Services (Investment and Fiduciary Services) Act 1989 is the primary legislation that governs the regulation of securities and other financial instruments in Gibraltar. It defines a ‘security’ as any shares, stocks, bonds, debentures, warrants, options, futures, or other instruments of a like nature. Whether a virtual asset falls within the definition of a ‘security’ under this Act will depend on its specific features. For example, if a virtual asset is structured as a share or bond and provides its holder with ownership rights or an entitlement to receive dividends, it is likely to be classified as a security.

If a virtual asset is not classified as a security, it may still be subject to other regulations in Gibraltar. For example, if a virtual asset is used as a means of payment, it may be subject to the Financial Services (Money Transmission Services) Regulations 2018.

The GFSC has issued guidance on the classification of virtual assets, which provides further details on how virtual assets are classified in Gibraltar. The guidance sets out the factors that the GFSC considers when assessing the regulatory status of a virtual asset.

The GFSC considers various factors when assessing the regulatory status of a virtual asset, including:

  1. The nature and purpose of the virtual asset: The GFSC considers the specific features of the virtual asset, such as its functionality, use case, and underlying technology. The GFSC also considers the purpose for which the virtual asset is used, such as whether it is used as a means of payment, a store of value, or a unit of account.
  2. The rights and obligations attached to the virtual asset: The GFSC considers the rights and obligations that are attached to the virtual asset, such as whether it provides its holder with ownership rights, voting rights, or an entitlement to receive dividends.
  3. The marketing and distribution of the virtual asset: The GFSC considers how the virtual asset is marketed and distributed, such as whether it is offered to the public or targeted at specific investors.
  4. The regulatory status of the issuer: The GFSC considers the regulatory status of the issuer of the virtual asset, such as whether it is authorised or licensed by the GFSC or another regulatory authority.

Are stablecoins and NFTs regulated in Gibraltar?

In Gibraltar, the regulation of stablecoins and NFTs depends on their specific characteristics and the purpose for which they are used.

Stablecoins are a type of virtual asset that is designed to maintain a stable value relative to a specific asset or basket of assets. NFTs are a type of virtual asset that represents ownership of a unique item or piece of content, such as a work of art or collectible.

Stablecoins and NFTs are types of virtual assets that are subject to the GFSC’s general approach to the regulation of virtual assets in Gibraltar. While the GFSC has not issued any specific guidance on the regulation of stablecoins or NFTs, they may be classified as securities or other regulated financial instruments if they meet the relevant criteria. The GFSC assesses virtual assets, including stablecoins and NFTs, on a case-by-case basis to determine their regulatory status, taking into account various factors such as their specific features, the rights and obligations attached to them, and the purpose for which they are used.

Are decentralised finance (DeFi) activities (e.g. lending virtual assets) regulated in Gibraltar?

DeFi activities, such as lending virtual assets, may be regulated in Gibraltar under the Financial Services (Distributed Ledger Technology Providers) Regulations 2020. However, it’s important to note that the regulations do not specifically mention DeFi activities, but rather apply to DLT providers that use DLT to store or transfer value belonging to others.

Under the Financial Services (Distributed Ledger Technology Providers) Regulations 2020, any person who wishes to provide DLT services, including DeFi activities, must apply for permission to carry out DLT Provider’s business under the FSA. The application process involves submitting an application assessment request to the GFSC along with relevant documents and fees. The GFSC will then assess the nature and complexity of the proposed business model and inform the applicant of any steps that must be taken before applying for permission.

Once authorised, DLT Providers must comply with certain ongoing obligations, such as maintaining adequate financial and non-financial resources, implementing appropriate risk management systems, and complying with anti-money laundering and counter-terrorist financing requirements. DLT Providers must also adhere to the nine regulatory principles given in the regulations, which include principles such as acting with honesty and integrity, maintaining adequate IT systems and security, and protecting client assets.

The GFSC is responsible for supervising and enforcing compliance with the regulations. The GFSC has the power to issue directions and impose administrative penalties if a DLT Provider violates the regulations. The GFSC may also suspend or revoke a DLT Provider’s authorisation if it fails to comply with the regulatory requirement.

Are there any restrictions on issuing or publicly offering virtual assets in Gibraltar?

The FSA and the Financial Services (Distributed Ledger Technology Providers) Regulations 2020 in Gibraltar establish a comprehensive regulatory framework for the issuance and public offering of virtual assets. Here are the key requirements and restrictions that apply to individuals and entities engaging in such activities:

  1. Authorisation requirement: Any person who wishes to issue or publicly offer virtual assets in or from Gibraltar must obtain authorisation from the GFSC as a DLT provider. The authorisation process involves submitting an application assessment request to the GFSC and providing relevant documents and fees. The GFSC will assess the proposed business model, products and services to be offered, and will provide the applicant with an initial assessment notice informing them of any required steps.
  2. Regulatory principles: DLT providers that are authorised to issue or offer virtual assets must comply with the 9 regulatory principles given in the regulations, including conducting business with honesty and integrity, paying due regard to the interests and needs of all customers, and maintaining adequate financial and non-financial resources.
  3. General prohibition: It is a criminal offense to carry out regulated activities related to virtual assets without proper authorisation from the GFSC. This includes issuing or publicly offering virtual assets without authorisation.
  4. Financial promotion restrictions: The FSA imposes restrictions on financial promotions related to virtual assets. Any financial promotion must be clear, fair, and not misleading, and must comply with relevant GFSC rules and guidance.
  5. AML/CFT compliance: DLT providers that issue or offer virtual assets must comply with AML/CFT regulations. This includes conducting customer due diligence, monitoring transactions, and reporting suspicious activity to the relevant authorities.
  6. Disclosure requirements: DLT providers that issue or offer virtual assets must provide clear and accurate information to potential investors about the nature of the virtual asset, the risks involved, and the terms of the offer.
  7. Ongoing obligations: DLT providers that are authorised to issue or offer virtual assets must comply with ongoing regulatory obligations, such as maintaining adequate financial and non-financial resources, implementing appropriate risk management systems, and adhering to AML/CFT regulations.

Are there any exemptions to the restrictions on issuing or publicly offering of virtual assets in Gibraltar?

Yes, there are some exemptions to the restrictions on issuing or publicly offering of virtual assets in Gibraltar. The Financial Services (Distributed Ledger Technology Providers) Regulations 2020 provide certain exemptions to the requirement to obtain authorisation as a DLT provider for the issuance or public offering of virtual assets. These exemptions include:

  1. Offers to a restricted number of persons: An offer of virtual assets to a restricted number of persons (not exceeding 150) may be exempt from the requirement to obtain authorisation as a DLT provider, provided that certain conditions are met.
  2. Offers to existing customers: An offer of virtual assets to existing customers of a DLT provider, provided that certain conditions are met, may be exempt from the requirement to obtain authorisation as a DLT provider.
  3. Offers of virtual assets with a denomination of €100,000 or more: An offer of virtual assets with a denomination of €100,000 or more, provided that certain conditions are met, may be exempt from the requirement to obtain authorisation as a DLT provider.
  4. Offers of virtual assets to persons outside of Gibraltar: An offer of virtual assets to persons outside of Gibraltar may be exempt from the requirement to obtain authorisation as a DLT provider, provided that certain conditions are met.

3. Regulation of VASPs in Gibraltar

Are VASPs operating in Gibraltar subject to regulation? 

Yes, VASPs operating in Gibraltar are subject to regulation under the Financial Services (Distributed Ledger Technology Providers) Regulations 2020. The regulations define VASPs as any person who, by way of business, provides one or more of the following services:

  1. exchange between virtual assets and fiat currencies;
  2. exchange between one or more forms of virtual assets;
  3. transfer of virtual assets;
  4. safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and
  5. participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.

VASPs operating in Gibraltar must obtain authorisation from the GFSC as a DLT provider. The authorisation process involves submitting an application assessment request and providing relevant documents and fees. Once authorised, VASPs must comply with ongoing regulatory obligations such as AML/CFT regulations, maintaining adequate resources, implementing risk management systems, and adhering to regulatory principles such as conducting business with honesty and integrity.

Are VASPs providing virtual asset services from offshore to persons in Gibraltar subject to regulation in Gibraltar?

Yes, VASPs providing virtual asset services from offshore to persons in Gibraltar may be subject to regulation in Gibraltar, depending on the nature and scope of their activities.

Under the Financial Services (Distributed Ledger Technology Providers) Regulations 2020, any person who carries out a “controlled activity” in or from Gibraltar is required to obtain authorisation from the GFSC as a DLT provider. Controlled activities include the exchange, transfer, safekeeping, and administration of virtual assets, as well as the provision of financial services related to an issuer’s offer and/or sale of a virtual asset.

If a VASP is providing virtual asset services from offshore to persons in Gibraltar, and those services constitute a controlled activity, then the VASP may be required to obtain authorisation from the GFSC. This would depend on various factors, such as the nature and frequency of the services provided, the location of the VASP’s headquarters and servers, and the degree of control exercised by the VASP over the virtual assets involved.

Even if a VASP is not required to obtain authorisation from the GFSC, it may still be subject to other regulatory regimes in Gibraltar, such as AML/CFT regulations.

What are the main requirements for obtaining licensing / registration as a VASP in Gibraltar?

The main requirements for obtaining licensing/registration as a VASP in Gibraltar are as follows:

  1. submission of an application assessment request to the GFSC, along with relevant documents and fees;
  2. provision of a detailed business plan outlining the proposed business model, products and services to be offered, and risk management systems;
  3. demonstration of adequate financial and non-financial resources to support the proposed business activities;
  4. implementation of appropriate AML/CFT policies and procedures, including customer due diligence and ongoing monitoring;
  5. compliance with the regulatory principles outlined in the Financial Services (Distributed Ledger Technology Providers) Regulations 2020, including conducting business with honesty and integrity, paying due regard to the interests and needs of all customers, and maintaining adequate financial and non-financial resources;
  6. appointment of a suitable compliance officer and money laundering reporting officer;
  7. provision of adequate IT systems and security measures to protect customer data and assets;
  8. maintenance of adequate insurance coverage to protect against potential risks; and
  9. compliance with ongoing regulatory reporting and disclosure requirements.

Licensing fees for VASPs in Gibraltar are determined by the GFSC and are based on the complexity and risk profile of the applicant’s proposed business model. The fees are split into two categories:

  1. Application fee: This fee is payable at the time of submitting the application and covers the cost of the GFSC’s initial assessment of the application. The application fee is currently set at £2,000.
  2. Annual fee: This fee is payable once the license has been granted and is based on the VASP’s annual revenue. The annual fee is calculated on a sliding scale, with the current rates ranging from a minimum of £10,000 to a maximum of £400,000.

It’s worth noting that the GFSC may also impose additional fees for specific services, such as on-site inspections or investigations.

What are the main ongoing requirements for VASPs regulated in Gibraltar?

The main ongoing requirements for VASPs regulated in Gibraltar include:

  1. Compliance with AML/CFT regulations: VASPs must have appropriate policies, procedures, and controls in place to prevent money laundering and terrorist financing. This includes conducting customer due diligence, monitoring transactions, and reporting suspicious activity to the relevant authorities.
  2. Maintenance of adequate financial and non-financial resources: VASPs must maintain sufficient financial and non-financial resources to support their business operations and meet their regulatory obligations. This includes maintaining adequate capital, insurance, and liquidity.
  3. Implementation of appropriate risk management systems and controls: VASPs must have appropriate risk management systems and controls in place to identify, assess, and manage risks associated with their business operations. This includes implementing appropriate IT systems and security measures to protect customer data and assets.
  4. Compliance with regulatory principles and guidance: VASPs must comply with the 9 core principles and 10 guidance notes issued by the GFSC. This includes conducting business with honesty, integrity, and fairness, and having proper controls and governance arrangements in place.
  5. Reporting and disclosure requirements: VASPs must comply with ongoing reporting and disclosure requirements, including submitting annual financial statements, regulatory returns, and other reports as required by the GFSC.
  6. Record-keeping requirements: VASPs must maintain accurate and complete records of their business operations, including customer information, transactions, and financial records.

What are the main restrictions on VASPs in Gibraltar?

The main restrictions on VASPs in Gibraltar are as follows:

  1. Prohibited activities: VASPs are prohibited from engaging in certain activities, such as providing investment advice or managing investments on behalf of customers, unless they hold additional authorisations or licenses.
  2. AML/CFT compliance: VASPs must comply with AML/CFT regulations, including conducting customer due diligence, monitoring transactions, and reporting suspicious activity to the relevant authorities.
  3. Customer due diligence: VASPs must conduct appropriate customer due diligence measures to verify the identity of their customers and assess the risks associated with their business relationships.
  4. Risk management: VASPs must implement appropriate risk management systems and controls to identify, assess, and manage risks associated with their business operations.
  5. IT security: VASPs must implement appropriate IT security measures to protect customer data and assets, and to ensure the integrity and availability of their systems.
  6. Conflicts of interest: VASPs must have policies and procedures in place to identify and manage conflicts of interest, and to ensure that they act in the best interests of their customers.
  7. Marketing and advertising: VASPs must ensure that their marketing and advertising materials are clear, fair, and not misleading, and that they comply with all relevant regulations and guidance.
  8. Record-keeping: VASPs must maintain accurate and complete records of their business operations, including customer information, transactions, and financial records.
  9. Reporting and disclosure: VASPs must comply with ongoing reporting and disclosure requirements, including submitting annual financial statements, regulatory returns, and other reports as required by the GFSC.

What are the main information that VASPs have to make available to its customers?

The main information that VASPs have to make available to their customers in Gibraltar includes:

  1. Terms and conditions: VASPs must provide their customers with clear and concise terms and conditions that outline the rights and obligations of both parties.
  2. Fees and charges: VASPs must disclose all fees and charges associated with their services, including transaction fees, deposit and withdrawal fees, and any other charges.
  3. Risks: VASPs must provide their customers with clear and prominent warnings about the risks associated with virtual assets and the services provided by the VASP.
  4. Privacy policy: VASPs must provide their customers with a privacy policy that outlines how their personal data will be collected, used, and protected.
  5. Complaints procedure: VASPs must provide their customers with a clear and accessible complaints procedure, including information on how to make a complaint and the timeframes for resolving complaints.
  6. AML/CFT policies and procedures: VASPs must provide their customers with information about their AML/CFT policies and procedures, including how customer due diligence is conducted and what information is required.
  7. Service availability: VASPs must provide their customers with information about the availability of their services, including any planned or unplanned downtime.
  8. Insurance: VASPs must provide their customers with information about any insurance coverage that is in place to protect customer assets.

What market misconduct legislation/regulations apply to virtual assets?

In Gibraltar, there is no specific market misconduct legislation or regulation that applies solely to virtual assets. However, the FSA provides a regulatory framework for financial services in Gibraltar, including the regulation of virtual assets.

The GFSC has issued guidance notes for VASPs operating in Gibraltar, which provide detailed information on the GFSC’s expectations for VASPs in areas such as AML/CFT compliance, risk management, IT security, and customer due diligence.

The GFSC’s guidance notes for VASPs also include expectations for preventing and detecting market misconduct, such as insider dealing and market manipulation. The guidance notes emphasise the importance of VASPs implementing appropriate systems and controls to prevent, detect, and report market misconduct, and to ensure that they are conducting their business with honesty, integrity, and fairness.

In addition to the guidance notes, the GFSC has also issued nine core principles for VASPs operating in Gibraltar. These core principles provide a framework for VASPs to operate in a safe and sound manner, and to protect the interests of their customers. The core principles include requirements for VASPs to:

  1. conduct their business with honesty, integrity, and fairness;
  2. pay due regard to the interests and needs of their customers;
  3. maintain adequate financial and non-financial resources;
  4. manage and control their business effectively;
  5. establish and maintain effective risk management systems;
  6. maintain effective systems and controls to counter the risk of financial crime;
  7. be open and cooperative with the GFSC;
  8. pay due regard to the information needs of their customers; and
  9. conduct their business in a way that does not harm the reputation of Gibraltar.

4. Regulation of other crypto-related activities in Gibraltar

Are managers of crypto funds regulated in Gibraltar?

The Financial Services (Distributed Ledger Technology Providers) Regulations 2020 apply to regulation of crypto fund managers (DLT Providers) in Gibraltar. These regulations state that managers of crypto funds must be authorised before they can carry on this business. To obtain authorisation, managers of crypto funds must submit an initial application assessment request to the GFSC, providing relevant documents and other information.

Once authorised, managers of crypto funds must comply with ongoing obligations specified in the regulatory principles set out in the Schedule to the regulations. The regulatory principles require managers of crypto funds to conduct their business with honesty, integrity, due skill, care, and diligence, among other requirements. So overall, managers of crypto funds in Gibraltar are subject to substantial regulation and oversight under the Financial Services (Distributed Ledger Technology Providers) Regulations 2020.

Are distributors of virtual asset funds regulated in Gibraltar?

The Financial Services (Distributed Ledger Technology Providers) Regulations 2020 are regulations that monitor the actions of virtual asset fund managers and distributors in Gibraltar. To run such a business in Gibraltar, the FSA requires authorisation from the GFSC. These regulations set out various obligations that such businesses must maintain to be eligible for authorisation from the GFSC. These include carrying adequate resources (both financial and non-financial), having effective prevention and detection systems against financial crimes, and informing the GFSC immediately of anything that could compromise their compliance with the regulations.

The GFSC has also issued guidance notes on various aspects of virtual assets, including the regulation of ICOs, tokens, and other related activities. These guidance notes provide clarification on the GFSC’s expectations and the regulatory treatment of different types of virtual assets and activities. Moreover, it is essential for distributors of virtual asset funds to also adhere to Gibraltar’s AML/CFT regulations, as well as any other relevant laws and guidelines.

Are there requirements for intermediaries seeking to provide trading in virtual assets for clients or advise clients on virtual assets in Gibraltar?

Yes, there are requirements for intermediaries seeking to provide trading in virtual assets for clients or advise clients on virtual assets in Gibraltar. The GFSC regulates intermediaries that offer services related to virtual assets under the Financial Services (Distributed Ledger Technology Providers) Regulations 2020.

Intermediaries, such as brokers, dealers, and investment advisors, must obtain a license from the GFSC to provide services related to virtual assets. To be granted a license, intermediaries must demonstrate compliance with the GFSC’s regulatory principles, which include maintaining adequate financial and non-financial resources, implementing effective risk management and governance arrangements, and adhering to strict AML/CFT measures.

In addition to obtaining a license, intermediaries must also comply with the GFSC’s guidance notes on the regulation of ICOs, tokens, and other related activities. These guidance notes provide clarity on the GFSC’s expectations for intermediaries operating in the virtual assets sector.

Intermediaries are required to maintain risk management and governance frameworks, implement appropriate internal controls, and ensure the protection of client assets. They must also provide clear and accurate disclosure to clients about the risks associated with virtual assets and ensure that their services are suitable for the clients’ investment objectives and risk tolerance.

Ongoing supervision and monitoring by the GFSC are essential aspects of the regulatory framework for intermediaries in Gibraltar. Intermediaries must be prepared for on-site inspections, investigations, and periodic reporting requirements to ensure that they remain compliant with the relevant laws, regulations, and guidance notes.

5. Other relevant regulatory information

Are there any upcoming regulatory developments in respect of crypto-related activity in Gibraltar?

There are no specific upcoming regulatory developments in respect of crypto-related activity in Gibraltar beyond the current regulations and guidelines. However, the GFSC continues to supervise all DLT Providers, including AML/CTF supervision, to ensure compliance with the existing regulations.

Has there been any notable events in Gibraltar that has prompted regulatory change recently?

Gibraltar is a well-known hub for online gaming companies. In recent years, there have been regulatory changes in the gaming industry, such as the introduction of the Gambling Act 2005 and subsequent updates. These changes have helped Gibraltar maintain its reputation as a well-regulated jurisdiction for online gaming and have encouraged other sectors, like blockchain and cryptocurrencies, to seek similar regulatory clarity.

In March 2021, Gibraltar made significant changes to the Proceeds of Crime Act 2015 to address AML/CFT, particularly for DLT and virtual asset businesses. These changes include the introduction of the FATF Travel Rule for VASPs, which requires affected firms to comply with travel rule requirements, such as obtaining and securely storing particular information on their customers when there is a transaction value equal to or in excess of one thousand euros.

6. Pending litigation and judgments related to virtual assets in Gibraltar (if any)

  1. Globix Missing Funds Investigation: The Gibraltar court freezes crypto assets totaling $43 million in a bid to locate and recover missing funds from the collapsed cryptocurrency trader Globix. This action involves freezing the digital assets of the company and its directors as part of the ongoing investigation.
  2. Mañasco Fund Misuse Allegations: Former Mansion Casino CEO Karel Christian Mañasco faces a £5.0 million global freezing order on his assets following accusations of breaching duties, making unauthorised payments, and misusing company funds during his tenure at Mansion Casino.
  3. Miracle World Ventures Liquidation: Miracle World Ventures Limited, registered in the British Virgin Islands, undergoes liquidation, prompting the Gibraltar Court to issue injunctions and disclosure orders pertaining to crypto assets against various parties, including unidentified individuals. This marks the first instance of Gibraltar Courts issuing such injunctions regarding crypto assets.

7. Government outlook on virtual assets and crypto-related activities in Gibraltar

Gibraltar has established a comprehensive regulatory framework for virtual assets. The Financial Services (Distributed Ledger Technology Providers) Regulations 2020 set the rules that apply in Gibraltar to people who want to create and sell virtual assets. Under these regulations, entities must obtain authorisation from the GFSA before conducting activities involving virtual/digital assets. The regulations also specify the ongoing obligations that must be met and the regulatory principles that must be followed. The rules are designed to address risk management and represent principles-based regulations that allow innovation to flourish.

The GFSC has also issued ten guidance notes to supplement the DLT framework. These provide clarification on regulatory principles, risk management, financial crime risks, technology and cybersecurity risks, contingency planning, governance arrangements, fitness and propriety of key individuals, outsourcing arrangements, and conflicts of interest. The guidance notes are designed to assist DLT providers in understanding their obligations under the regulatory framework and maintaining high regulatory standards.

In addition to the guidance notes mentioned above, the GFSC provides additional guidance notes for VASPs operating in Gibraltar. These offer detailed information on the GFSC’s expectations for VASPs in areas such as AML/CFT compliance, risk management, IT security, and customer due diligence. The guidance notes also include expectations for preventing and detecting market misconduct, such as insider dealing and market manipulation.

Failure to comply with these requirements may result in significant penalties, including fines and/or the revocation of authorisation, which could seriously impact the operations of the fund. Managers of crypto funds also must be prepared for ongoing supervision and monitoring by the GFSC. This includes on-site inspections and investigations by the GFSC, to ensure that the manager is fully compliant with the laws and regulations that are relevant to the operation of the fund in Gibraltar.

8. Advantages of setting up a VASP in Gibraltar?

Gibraltar has become an attractive jurisdiction for VASPs due to its well-defined regulatory framework, favorable business environment, and adequate approach to the development of the blockchain and cryptocurrency industry. Some advantages of setting up a VASP in Gibraltar include:

  1. Regulatory clarity: Gibraltar was one of the first jurisdictions to introduce a comprehensive regulatory framework for DLT providers, including VASPs. The GFSC grants licenses to VASPs under the Financial Services (Distributed Ledger Technology Providers) Regulations 2020, ensuring a well-defined regulatory environment.
  2. Access to a skilled workforce: Gibraltar has a growing pool of professionals with expertise in blockchain technology, cryptocurrencies, and financial services, making it easier for VASPs to find and hire qualified personnel.
  3. Favorable tax regime: Gibraltar offers an attractive corporate tax system with a standard corporate tax rate of 10%. Additionally, there is no capital gains tax, withholding tax, or value-added tax in Gibraltar.
  4. Collaborative approach: The Gibraltar government and the GFSC actively engage with industry stakeholders and promote the development of the blockchain and cryptocurrency ecosystem.
  5. Access to European markets: Although Gibraltar is a British Overseas Territory, it maintains a close relationship with the European Union. This strategic location can provide VASPs with access to European markets, although the specific arrangements may change due to Brexit and other factors.
  6. AML/CFT framework: Gibraltar has implemented strong AML/CFT regulations, ensuring that VASPs operating in the jurisdiction adhere to international standards and best practices.
  7. English common law: Gibraltar’s legal system is based on English common law, which provides a familiar and stable legal environment for businesses from common law jurisdictions.