Gibraltar’s milestone DLT regulations enter force

This article originally appeared in the January 2018 edition of Payments & FinTech Lawyer – scroll down to the bottom of the page to view the published version as an embedded PDF, or click here to download.


DLT Regulation - Payments & FinTech Lawyer

Anthony Provasoli and Roy Balestrino of Hassans International Law Firm discuss Gibraltar’s Financial Services (Distributed Ledger Technology Providers) Regulations 2017 (the ‘DLT Regulations’), which came into force on 1 January 2018. In particular, they look at the core principles underlying the DLT Regulations, and explain why, in their view, DLT businesses should embrace regulation.

The DLT Regulations mark a significantly progressive milestone for the jurisdiction and are also a turning point for the crypto industry as a whole, which is largely unregulated and even banned in certain jurisdictions. Although it was never the intention to bring token sales within the scope of the DLT Regulations, given the huge increase in popularity of this form of raising funds, the Gibraltar Financial Services Commission (the ‘FSC’) has announced plans to bring token sale activity within the regulatory scope.

The FSC has the responsibility to issue licences under the DLT Regulations (the ‘DLT Licence’) and ensure subsequent compliance with the said regulations. The FSC encourages DLT businesses wishing to operate in Gibraltar to communicate and work with it so that the FSC can understand the underlying business and make the DLT Licence application process as smooth as possible. When determining a DLT Licence application, the FSC will adopt a discretionary approach that remains flexible by focusing on the nine core principles as listed in the DLT Regulations. The FSC states that the primary purpose of these Regulations is to create a safe environment for DLT-related businesses to operate and innovate, while simultaneously protecting consumers and safeguarding Gibraltar’s reputation as a trusted and stable global business hub. The principles-based approach was designed to provide a robust framework with an optimum level of flexibility that is required in such a fast-moving industry.

The nine core principles are as follows:

1. Honesty and integrity: DLT providers must, both internally and when dealing with the public, always conduct themselves “with honesty, integrity and professionalism” and “not pose a risk to the public or to the reputation of Gibraltar.”

2. Customer care: In addition to the above principle, providers must always put their customers first by handling complaints swiftly and communicating in a clear, unambiguous and transparent manner, with full disclosures of any conflicts of interest.

3. Resources: Whilst there are no specific requirements, the FSC will want DLT providers to satisfy it that they have in place both financial and nonfinancial resources such as available capital, internal procedures and adequate insurance. As each case is different, a provider’s resources are evaluated using a common sense approach on a case-by-case basis.

4. Risk management: In addition to adequate resources, a holistic approach to risk management, encompassing all internal systems
and procedures, is required.

5. Protection of client assets: From adequate and appropriate record keeping, to data security and other technical aspects, this principle ensures the safeguarding of client assets is of paramount importance to any DLT licensed operation.

6. Corporate governance: The principle of corporate governance concerns itself exclusively with how the operation is run, its internal structure, working procedures and business strategy, as well as its overall corporate culture and oversight.

7. Cyber security: In order to obtain a DLT Licence in Gibraltar, a provider must guarantee ironclad security, be swift and proactive when dealing with threats and also submit to independent audits by approved third party ICT security consultants.

8. Financial crime: The provider must also undertake appropriate due diligence and know-your-customer vetting in accordance with the
Proceeds of Crime Act 2015 (‘POCA’).

9. Resilience: Finally, a DLT provider must also prepare for all eventualities to ensure minimal loss and/or disruption to clients and “develop contingency plans for the orderly and solvent wind down of its business.”

In order to assist providers applying for a DLT Licence, the FSC has published guidance notes3 on each of the nine core principles outlined above.
These guidance notes expand on the operational, technical and organisational standards that are expected and in some circumstances are required by the FSC.

Why should DLT businesses embrace regulation?

Embracing regulation from a central body in this industry is arguably at odds with the decentralised nature of DLT. If an overly prescriptive and rigid approach had been introduced in Gibraltar it may have stifled the innovation and development of DLT businesses.

However, a regulatory framework that is sufficiently flexible to allow the continued development of the industry and the underlying technology, while
also providing adequate protection for customers and maintaining, if not improving, the reputation and appeal of Gibraltar as a financial services
jurisdiction, will be beneficial for all stakeholders. The FSC’s approach and the DLT Regulations should therefore dispel concerns that Gibraltar’s
regulatory standpoint may be overly restrictive and consequently detrimental to the development of the crypto industry. In principle, Gibraltar’s well-constructed regulatory framework should provide the following benefits:

  • Only reputable DLT providers will obtain a DLT Licence;
  • Consumers transacting with a DLT Licence holder will have the comfort of knowing that the business they are dealing with is operating in a
    regulated environment where the FSC is protecting the interests of the consumer;
  • Consumers transacting with a DLT Licence holder will be informed and protected;
  • The crypto industry will become more secure and transparent, which are some of the underlying qualities of blockchain technology;
  • The reputation of the crypto industry and the quality of service provided by DLT businesses will improve;
  • The aforementioned benefits are already attracting big players in the crypto industry to Gibraltar but also large multinational companies from traditional industries who are expanding their offering by utilising blockchain technology; and
  • The involvement of large multinational companies with vast amounts of capital may lead to further innovation.

We are optimistic that the combination of the DLT Regulations and the open approach adopted by the FSC will encourage the crypto industry to thrive
and allow Gibraltar to become the ‘gold standard’ jurisdiction for crypto businesses, in the same way it has been for the online gaming sector.

What is next?

As referred to above, the Government of Gibraltar and the FSC recently confirmed at the Gibfin conference (the Gibraltar International FinTech Conference held in Gibraltar on 18 October 2017) that they are in the process of developing regulations and guidance to cover ICOs (the ‘ICO Regulations and Guidance’) undertaken in Gibraltar. The FSC’s aim is to have the ICO Regulations and Guidance in place for 1 February 2018,
to complement the DLT Regulations.

Although we do not yet have a great deal of information on what obligations the ICO Regulations and Guidance will impose on token issuing companies, we are confident that the FSC will adopt a similar flexible and appropriate approach as it has done with the DLT Regulations.

PFL January 2018 p13-14