Contact Us

+350 20079000

This data will only be used by Hassans for processing your query and for no other purpose. View our privacy policy
| 3 minutes read

The Importance of Safeguarding Customer Assets - Gibraltar: A Rock Solid Solution

As we sit and watch the ongoing crypto telenovela, it is without doubt that recent events are having a negative impact on how our industry is viewed on a global scale. Once again, further highlighting the need for clear and thorough regulation. Although this may not be music to the ears of most purists, the integrity of the crypto ecosystem hinges on its ability to safeguard customer funds and assets. This is not for the mere purpose of pushing regulatory constraints, but to ensure that entities in this space abide by the basic and fundamental ethical principles expected of any business within the wider financial services sector.

It came as no surprise that several exchanges scrambled to issue statements outlining their fund reserves and publicly flaunting their Merkle Tree proof-of-reserve (PoR) systems. PoR is an independent audit conducted by a third party that ensures that custodians genuinely have ownership of their customer’s assets and do not misuse or engage in transactions that may put these funds at risk.

Whilst we understand that most big players in the industry do not shy away from regulation (with some even promoting and adopting regulation where possible), it has become obvious how important the implementation of careful corporate governance and regulatory oversight are. Given recent events, we have once again been reminded of the catastrophic results awaiting those without robust protections. We have also seen how quickly fortunes can turn within the space. It is all good and well to advocate and lobby for digital asset regulation, however, without adequate corporate governance, compliance and risk management – a licence has little to no value. It is therefore of crucial importance that we avoid these pitfalls and implement clear and robust frameworks for digital asset exchanges.

Gibraltar’s bespoke DLT regulations encourages businesses wishing to operate in Gibraltar to communicate and work towards creating a safe environment to innovate, while simultaneously safeguarding consumers and the jurisdictions reputation. When applying for a licence in Gibraltar, the Gibraltar Financial Services Commission (GFSC) will adopt a discretionary approach that remains flexible, using their ten core principles. These ten core principles are as follows:

Principle One - Honesty and Integrity: Firms that operate in Gibraltar will need to conduct themselves “with honesty, integrity and professionalism” and “not pose a risk to the public or to the reputation of Gibraltar”.

Principle Two - Customer Care: DLT providers must focus on their customers’ needs and create exemplary procedures for handling complaints swiftly. These requirements also extend to communicating in a clear and transparent manner, whilst always making full disclosure of any conflicts of interest.

Principle Three - Resources: The GFSC will want firms to demonstrate that they possess financial and nonfinancial resources. This may include available capital, internal procedures and adequate insurance. The GFSC will approach this on a case-by-case basis.

Principle Four - Risk Management: Firms will be required to adopt a holistic approach to risk management, encompassing all internal systems and procedures.

Principle five - Protection of Client Assets: Perhaps the most relevant requirement, the firm will need to demonstrate that they conduct adequate and appropriate record keeping, adequate storage and implement data security procedures that ensures consumer funds are safeguarded at all times.

Principle Six - Corporate Governance: This principle primarily focuses on how the firm’s operation is run, its internal structure, business strategy, and overall corporate culture and oversight.

Principle Seven - Cyber Security: Firms wishing to operation in Gibraltar “must ensure that all systems and security access protocols are maintained to appropriate high standards”. They must therefore guarantee ironclad security, be swift and proactive when dealing with threats and also ensure that all employees are aware of these threats.

Principle Eight - Financial Crime: Firms must undertake appropriate due diligence and know-your-customer vetting in accordance with the Proceeds of Crime Act 2015 (POCA).

Principle Nine - Resilience: It is vital that firms prepare for all eventualities and contingencies to ensure minimal loss and/or disruption to clients.

Principle Ten – Market Integrity: Finally, the tenth principle focuses on combatting market and price manipulation, as well as liquidity and transaction manipulation. This principle also extends to any activity that may negatively affect the integrity of Gibraltar’s digital asset market.

It is clear that stable and secure governance is needed to grow this sector.

Please feel free to reach out for further information at

Although this may not be music to the ears of most purists, the integrity of the crypto ecosystem hinges on its ability to safeguard customer funds and assets.

Top-ranked in all practice areas in Legal 500 EMEA 2024

Hassans is pleased to announce that it has once again achieved top tier rankings in all areas covered by Legal 500 EMEA for Gibraltar....

Posted on
Read more

Latest Insights

Going Green to Strike Gold

Abu Dhabi conglomerate IHC's change in strategy (in purchasing mining concessions as opposed to funding established operators in exchange...

Posted on
Read more

Streamline Your Payroll Operations

Navigating the complexities of payroll management in Gibraltar can be challenging and time consuming, leading many business owners to...

Posted on
Read more

Gibraltar Young Enterprise ’24 Winner Announced

Hassans' Partner Andrew Montegriffo was one of three judges on the panel at this year’s Young Enterprise Gibraltar Finals, at which Vital...

Posted on
Read more