Digital Asset Business (Prudential Standards) (Annual Return) Rules 2018
Download PDF| Year | 2018 |
|---|---|
| Category | Consolidated |
| Last Updated | 2026-02-19 16:15:51 |
|---|---|
| File Size | 78.2 KB |
| Source | bermudalaws.bm |
QU OF NT AT A FE RU
BERMUDA
DIGITAL ASSET BUSINESS (PRUDENTIAL STANDARDS) (ANNUAL RETURN) RULES 2018
BR 98 / 2018
The Bermuda Monetary Authority, in exercise of the power conferred by section 7 of the Digital Asset Business Act 2018, makes the following Rules:
Citation
1 These Rules may be cited as the Digital Asset Business (Prudential Standards) (Annual Return) Rules 2018.
Interpretation
2 In these Rules— “Act” means the Digital Asset Business Act 2018; “financial year” has the meaning assigned to it in section 2 of the Act.
3. Annual Return
(1) A licensed undertaking shall file with the Authority an annual return in accordance with the requirements of section 7 of the Act.
(2) The annual return shall be in an electronic format prescribed by the Authority and contain information in respect of the matters set out in Schedules 1, 2, and 3 as such matters stand when the annual return is filed.
(3) The annual return shall also be accompanied by a copy of—
(a) the audited financial statements prepared in accordance with section 31 of the Act;
(b) the business plan for the next financial year;
DIGITAL ASSET BUSINESS (PRUDENTIAL STANDARDS) (ANNUAL RETURN) RULES 2018
(c) the certificate of compliance prepared in accordance with section 66 of the Act;
(d) any other information in a Rule or return required to be prepared by a licensed undertaking under section 7.
(4) The annual return in electronic format referred to in subparagraph (2) shall be set out on the website of the Authority: www.bma.bm.
Declaration
4 A licensed undertaking shall, at the time of filing its annual return, file with the Authority a declaration signed by two directors or a director and an officer, that to the best of their knowledge and belief, the information in the annual return is fair and accurate.
DIGITAL ASSET BUSINESS (PRUDENTIAL STANDARDS) (ANNUAL RETURN) RULES 2018
SCHEDULE 1
(section 7) MATTERS TO BE INCLUDED IN ANNUAL RETURN
1 The following information is required in an annual return—
(a) name of licensed undertaking and parent company name where different from that of licensed undertaking;
(b) in relation to directors provide:
(i) official name and any given or used names where appropriate;
(ii) type of directors (i.e., whether executive, non-executive, independent);
(iii) confirmation of primary residence;
(iv) a copy of a curriculum vitae or professional qualifications and experience;
(c) in relation to officers and senior executives provide:
(i) official name and any given or used names where appropriate;
(ii) confirmation of primary residence;
(iii) role or job title;
(iv) a copy of a curriculum vitae or professional qualifications and experience;
(d) details of the digital and non-digital asset services provided and associated client receipts for both;
(e) declaration of whether the licensed undertaking allows margin trading and if so the maximum leverage allowed;
(f) declaration on how a licensed undertaking mitigates its leveraged exposure;
(g) organizational and group structure;
(h) business model description, business strategy and risk appetite;
(i) details of products, and product features, including whether any product has an enhanced anonymity feature, and services;
(j) total transaction volume by digital asset type;
(k) number of client accounts and in the aggregate composition of client balances (i.e., in aggregate fiat currency, securities, digital asset and digital asset type);
DIGITAL ASSET BUSINESS (PRUDENTIAL STANDARDS) (ANNUAL RETURN) RULES 2018
(l) details of distributed ledger tracking software, details on digital assets tracked, and the vendor name and software details used for tracking purposes;
(m) public wallet addresses (both hot wallet addresses (if they are used) and customer deposit addresses);
(n) geographical profile of clients (i.e., aggregate number of client accounts by territory; aggregate client account balances by territories where clients reside; aggregate fiat currency, and securities);
(o) risk self-assessment and risk management policies;
(p) copies of cyber security program policy and customer private key storage policy;
(q) names of outsourcing partners, copies of service level agreements setting out the roles, duties and functions of outsourced partners; including third parties or affiliates of outsourced partners performing customer asset storage, cybersecurity, compliance, asset custody and other key functions of the licensed undertaking;
(r) details of arrangements implemented to protect client assets in accordance with section 18 of the Act;
(s) details of insurance or other arrangement in accordance with paragraph 2(6) of Schedule 1 to the Act.
DIGITAL ASSET BUSINESS (PRUDENTIAL STANDARDS) (ANNUAL RETURN) RULES 2018
SCHEDULE 2
(Paragraph 7) ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING
Table 1 Matters to be Included in Annual Return Section A - Client / Customer Numbers A licensed undertaking shall confirm or provide:
1 The total number of clients;
2 Whether clients are risk rated for ML/TF risk;
3 The number of clients in the following risk assessment category by Low Risk, Medium Risk, High Risk, Unknown.
Section B – Products / Services A licensed undertaking shall confirm or provide:
1 Whether the licensed undertaking only allows digital asset to digital asset transactions;
2 Whether the licensed undertaking only allows digital asset to fiat (and vice versa) transactions. If responded “no” to the above, does the licensed undertaking anticipate allowing digital asset to fiat (and vice versa) transactions;
3 (a) the percentage of transactions, including client transactions, which are digital asset to digital asset;
(b) the percentage of transactions, including client transactions, which are fiat to digital asset;
(c) the percentage of transactions, including client transactions, which are digital asset to fiat;
(d) other.
4 For transactions which are fiat-related:
(a) whether funds are received by: Cash Cheque Bank transfer Wire Other means
(b) If the licensed undertaking has answered “yes” to “other means” specify.
(c) whether funds are paid out by: Cash Cheque Bank transfer Wire Other means
(d) If the licensed undertaking has answered “yes” to “other means” specify.
DIGITAL ASSET BUSINESS (PRUDENTIAL STANDARDS) (ANNUAL RETURN) RULES 2018
5 For transactions which are digital asset-related:
(a) Do transactions involve mixing or tumbling services or technologies?
(b) Are transactions completed through anonymous browsers (Tor) or logless VPNs?
(c) Are multiple receiving addresses generated to transact for the same client?
6 The mechanism(s) used by the licensed undertaking to transact with clients: Bank transfer Cash Cheque Credit/debit card Digital assets Other (provide details) Section C - Delivery Channel A licensed undertaking shall confirm or provide:
1 The number of business relationships onboarded for the last 12 months by face to face with clients, via intermediary, by phone, email, fax or post, or other (provide examples).
2 The manner in which the licensed undertaking conducts business with its clients (allows transactions on its platform) directly with the client, via a licensed company intermediary arrangement, via unrelated intermediary arrangement, introduced from a member of a financial group, or other, by percentage of the total business
Section D - Geography (including sub-sections for customer, transactions and PEPs)
1 Provide the transaction value and number of clients based on the licensed undertaking’s clients’ residence (in accordance with the geographical zones set out in Table A); origin of transactions for the financial year
Table A - Transaction Geographical Zones
Transaction Zone Location Zone 1 – Central & Western Asia Armenia, Azerbaijan, Bahrain, Georgia, Iraq, Israel, Jordan, Kazakhstan, Kuwait, Kyrgyzstan, Lebanon, Oman, Palestine, Qatar, Saudi Arabia, Syria, Tajikistan, Turkey, Turkmenistan, United Arab Emirates and Uzbekistan Zone 2 – Eastern Asia China, Hong Kong, Japan, Macao, Mongolia, North Korea, South Korea and Taiwan Afghanistan, Bangladesh, Bhutan, Brunei Darussalam, South-Eastern Cambodia, India, Indonesia, Iran, Lao Zone 3 – South and South PDR, Malaysia, Maldives, Asia Myanmar, Nepal, Pakistan, Eastern Asia Philippines, Singapore, Sri Lanka, Thailand, Timor-Leste, and Vietnam Zone 4- Oceania American Samoa, Australia, Cook Islands, Fiji, French Polynesia, Guam, Kiribati, Marshall Islands, Micronesia, Nauru, New Caledonia, New Zealand, Niue, Norfolk Island,
DIGITAL ASSET BUSINESS (PRUDENTIAL STANDARDS) (ANNUAL RETURN) RULES 2018
N. Mariana Islands, Palau, Papua New Guinea, Pitcairn, Samoa, Solomon Islands, Tokelau, Tonga, Tuvalu, Vanuatu and Wallis & Futuna Islands Zone 5 – Northern Africa Algeria, Benin, Burkina Faso, Cameroon, Cape Verde, Central African Republic, Chad, Cote d' Ivoire, Egypt, Gambia, Ghana, Guinea, Guinea-Bissau, Liberia, Libya, Mali, Mauritania, Morocco, Niger, Nigeria, Saint Helena, Senegal, Sierra Leone, Sudan, Togo, Tunisia and Western Sahara Zone 6- Southern Africa Angola, Botswana, Burundi, Democratic Republic of Congo, Comoros, Djibouti, Equatorial Guinea, Eritrea, Ethiopia, Gabon, Kenya, Lesotho, Madagascar, Malawi, Mauritius, Mayotte, Mozambique, Namibia, Republic of Congo, Reunion, Rwanda, Sao Tome & Principe, Seychelles, Somalia, South Africa, South Sudan, Swaziland, Uganda, United Republic of Tanzania, Zambia, and Zimbabwe Zone 7- Eastern Europe Belarus, Bulgaria, Czech Republic, Hungary, Moldova, Poland, Romania, Russian Federation, Slovakia and Ukraine Zone 8- Northern Europe Aland Islands, Channel Islands, Denmark, Estonia, Faroe Islands, Finland, Guernsey, Iceland, Republic of Ireland, Isle of Man, Jersey, Latvia, Lithuania, Norway, Svalbard, Jan Mayen, Sweden and United Kingdom Zone 9 – Southern Europe Albania, Andorra, Bosnia, Croatia, Cyprus, Gibraltar, Greece, Italy, FYR of Macedonia, Malta, Montenegro, Portugal, San Marino, Serbia, Slovenia, Spain and Vatican City Zone 10- Western Europe Austria, Belgium, France, Germany, Liechtenstein, Luxembourg, Europe Monaco, Netherlands and Switzerland Zone 11- Northern America Canada, Greenland and St Pierre & Miquelon (excluding USA) Zone 12 - Caribbean Anguilla, Antigua & Barbuda, Aruba, Bahamas, Barbados, British Virgin Islands, Cayman Islands, Cuba, Dominica, Dominican Republic, El Salvador, Grenada, Guadeloupe, Haiti, Jamaica, Montserrat, Netherlands Antilles, Puerto Rico, St. Barthelemy, St Kitts & Nevis, St Lucia, St Martin, St Vincent, Trinidad & Tobago, Turks & Caicos Islands, and US Virgin Islands Zone 13 – Eastern South Brazil, Falkland Islands, French Guiana, Guyana, America Paraguay, Suriname and Uruguay Zone 14 – Northern, Southern Argentina, Bolivia, Chile, Colombia, Ecuador, Peru and and Western South America Venezuela
DIGITAL ASSET BUSINESS (PRUDENTIAL STANDARDS) (ANNUAL RETURN) RULES 2018
Zone 15 – North East United Connecticut, Delaware, District of Columbia, Maine, States Maryland, Massachusetts, New Hampshire, New Jersey, New York, Pennsylvania, Rhode Island and Vermont Zone 16 – South-East United Alabama, Arkansas, Florida, Georgia, Kentucky, States Louisiana, Mississippi, North Carolina, South Carolina, Tennessee, Virginia and West Virginia Zone 17 – Mid –West United Illinois, Indiana, Iowa, Kansas, Michigan, Minnesota, States Missouri, Nebraska, North Dakota, Ohio, Oklahoma, South Dakota and Wisconsin Zone 18 – Western United Alaska, Arizona, California, Colorado, Hawaii, Idaho, States Montana, Nevada, New Mexico, Oregon, Texas, Utah, Washington and Wyoming Zone 19 – Central America Belize, Costa Rica, Guatemala, Honduras, Mexico, Nicaragua and Panama Zone 20 - Bermuda Bermuda
2 Provide the transaction value and number of clients based on the licensed undertaking’s clients’ residence (in accordance with the geographical zones set out in Table A); destination of transactions for the financial year.
3 State whether the licensed undertaking identifies PEPs.
4 Provide the transaction value and number of clients based on the residence of PEPs who are clients of it (in accordance with the geographical zones set out in Table A); and the transactions for the financial year.
5 Confirm if the licensed undertaking performs transaction monitoring. Section E - Reporting
1 The licensed undertaking shall confirm whether it has registered with GoAML at www.fia.bm.
1.1 If yes, under what name and when?
1.2 If the licensed undertaking answered no to 1, does it have access to GoAML through another registration?
1.3 Under what name and how is the licensed undertaking connected?
1.4 If the licensed undertaking answered no to 1 and 1.2 who would file a SAR on its behalf?
2 The licensed undertaking shall provide the number of Suspicious Activity Reports
(SAR) it has filed within the last 4 years. Section F – Training / Personnel
1 The licensed undertaking shall confirm whether it provides employees with training in relating to Money Laundering and Terrorist Financing.
1.1 If yes, confirm if:
(a) ML/TF training is included in the induction program of new employees.
(b) The ML/TF training provided is specific to digital assets or is of general application.
DIGITAL ASSET BUSINESS (PRUDENTIAL STANDARDS) (ANNUAL RETURN) RULES 2018
(c) The frequency that employees must undertake ML/TF training.
2 The licensed undertaking shall confirm how many persons are employed by it on a full time and part time basis and:
2.1 Confirm the work arrangement of its Compliance Officer.
2.2 Confirm the work arrangement of its Reporting Officer.
2.3 Confirm whether the Senior Compliance Officer is located in Bermuda.
2.4 The licensed undertaking shall confirm if the Money-Laundering Reporting Officer is located in Bermuda.
3 The licensed undertaking shall confirm what actions are undertaken when recruiting staff:
(a) verify name;
(b) verify residential address;
(c) check if the individual should be considered a PEP;
(d) check individual against sanctions lists;
(e) check for any negative press against the individual;
(f) confirm employment history;
(g) confirm references;
(h) request details on any regulatory action taken against the individual;
(i) request details of any criminal convictions.
4 The licensed undertaking shall confirm if its Senior Compliance Officer is a member of its senior management.
Section G – AML / ATF Controls A licensed undertaking shall confirm or disclose:
1 That the licensed undertaking has AML/ATF controls that are specific for its business.
2 That the licensed undertaking, where it manages other entities, has AML/ATF controls that are specific for all other managed entities.
3 That it has other specific AML/ATF controls. If yes, describe the AML/ATF controls.
4 The frequency with which it rates the AML/ATF risks.
5 Whether senior management approval is required to approve new business, if the client has been risk rated as Low, Medium or High.
6 If senior management approval is required to retain an existing client, if the client’s risk rating has changed to Low, Medium or High.
7 If the policies and procedure manuals of the company relating to AML/ATF are in line with all applicable laws and regulations.
7.1 The frequency for which the licensed undertaking’s AML/ATF policies and procedures are reviewed. Provide a copy of the AML/ATF policies and procedures if they have been updated in the last 12 months.
8 The date the licensed undertaking last performed an entity-wide AML/ATF risk assessment.
9 The date the licensed undertaking last had an independent audit of its AML/ATF program along with a copy of the report.
DIGITAL ASSET BUSINESS (PRUDENTIAL STANDARDS) (ANNUAL RETURN) RULES 2018
10 The date of the last Compliance/ Reporting Officer report on the operation and effectiveness of the licensed undertaking’s AML/ATF policies, procedures and controls.
11 Whether the licensed undertaking documents the ML/TF risks associated with a product/service prior to launch?
Section H – Company Data A licensed undertaking shall confirm or disclose:
1 Whether the licensed undertaking is a member of a group. If yes, provide the names of the group members and Register of Companies number (where relevant).
2 Whether the licensed undertaking is listed on a stock exchange. If yes, list the name of the exchange.
3 Whether it is registered as a segregated accounts company ("SAC") in accordance with the requirements of the Segregated Accounts Companies Act 2000 or has created separate accounts in accordance with the provisions under any Private Act. If the answer is “yes” to the foregoing question, provide the number of—
(a) active SACs; and
(b) non-active SACs.
4 The jurisdiction(s) the licensed undertaking currently operates from within.
5 Whether the licensed undertaking is currently licensed in another jurisdiction. If yes, state the name of the regulatory authority (or authorities) providing the licence.
6 Any additional information/ comments which might be relevant to the Authority in achieving its regulatory objectives in relation to the licensed undertaking. TABLE II CORPORATE GOVERNANCE The licensed undertaking shall confirm the following corporate governance information as at the reporting period—
1 Whether the powers, roles, responsibilities and accountabilities between it, its board of directors (“Board”) and senior management are clearly defined, segregated and understood by all.
2 Whether the Board and senior management understand how it operates through structures which may impede transparency.
3 That the Board, or any related board committee, assists senior management in fulfilling its oversight function through the review and evaluation of the financial reporting process and adequacy and effectiveness of the system of internal controls, including financial reporting and information technology security controls.
4 Confirmation that the Board receives sufficient AML/ATF information to assess and understand the senior management’s process for evaluating its system of internal controls.
5 Whether the Board ensures that it complies with all relevant laws and regulations and endeavours to adopt best AML/ATF practices.
DIGITAL ASSET BUSINESS (PRUDENTIAL STANDARDS) (ANNUAL RETURN) RULES 2018
6 That the Board and senior management declare any conflicts dealings to the Compliance Department (or other relevant internal body) when applicable or required.
7 That senior management provides oversight to the licensed undertaking with regard to enterprise risk management and identifies key risk areas and key performance indicators and monitors these factors with due diligence.
8 Whether the Board ensures there is appropriate oversight by senior management that is consistent with its policies and procedures.
9 Whether senior management sets and enforces clear lines of responsibility and accountability throughout the organization.
10 That at least annually the Board monitors the senior management’s compliance with any strategy and direction policies set by the Board and senior management’s performance based on approved targets and objectives.
11 That the Board receives advice on all major financing transactions, principal agreements and capitalization requiring Board approval and senior management makes appropriate recommendations for the Board’s consideration.
12 Whether the compliance and audit function are independent of all operational and business functions when practicable; and whether such functions have direct lines of communication to the Board.
13 That it has instituted policies or procedures to provide for the Senior Compliance Officer to have regular contact with, and direct access to, the Board, to ensure that the Board is able to satisfy itself that its statutory obligations are being met and the measures taken to prevent risks of ML/TF are sufficiently robust. Employee Integrity
14 Whether it has established and maintains and operates appropriate procedures in order to be satisfied of the integrity of new employees.
15 That appropriate mechanisms have been established to ensure the protection of its employees; to report suspicious transactions and other actions to comply with AML/ATF obligations.
16 That adequate procedures and management information systems are in place to provide relevant employees with timely information which may include information regarding connected accounts or relationships.
17 Whether adequate procedures or document information systems are in place to ensure relevant legal obligations are understood and practised by employees and adequate guidance and training are provided by it to employees.
18 Whether the incidence of financial crime committed by employees (e.g. theft, fraud) is low. Employee Knowledge
19 That all employees are aware of the identity of the Reporting Officer and how to report suspicious activity.
20 Confirm whether training programmes are designed to cover the AML/ATF risks of the licensed undertaking.
21 Whether it has an appropriate number of suitably trained employees and other resources necessary to implement and operate its AML/ATF programme.
DIGITAL ASSET BUSINESS (PRUDENTIAL STANDARDS) (ANNUAL RETURN) RULES 2018
22 Whether employees fully comply with all AML/ATF procedures in respect of customer identification, account monitoring, record keeping and reporting.
23 That employees are expected to remain vigilant to the possibility of ML.
24 Whether employees who violate POCA Regulations or laws and AML/ATF policies and procedures are be subject to disciplinary action.
25 That all employees are required to (at least annually) undertake training to ensure that their knowledge of AML/ATF laws, policies and procedure is current.
26 Whether employees are updated on money laundering schemes and typologies on a regular basis.
27 That employees are required to declare personal dealings relevant in the jurisdictions that it operates in on a regular basis (at least annually). Employee Compliance
28 Whether it ensures that the Senior Compliance Officer has the requisite authority, resources and tools to oversee all activities relating to the prevention and detection of ML/TF.
29 That the Senior Compliance Officer is trained in all applicable Proceeds of Crime laws in Bermuda and ML/TF risks arising from it’s business.
30 That the Board monitors compliance with corporate governance regulations and guidelines.
31 Whether the Board supports the senior management’s scope of AML/ATF internal control assessment and receives regular (at least annually) reports from senior management. INSTRUCTIONS TO THE SCHEDULE For the purposes of this Schedule “POCA Regulations” means the Proceeds of Crime (Anti- Money Laundering and Anti-Terrorist Financing) Regulations 2008. INSTRUCTIONS TO TABLE 1
For the purposes of Table I—
(a) in table 1, “active SAC” means a segregated account cell that is undertaking transactions of business and “non-active SAC” means a segregated account cell that is not undertaking any transactions of business;
(b) “Reporting Officer” has the meaning given under paragraph 2(1) of POCA Regulations;
(c) “negative press” means any public information about the proposed employee that raises concerns about, amongst other things, the probity, fitness for the position or source of wealth of such person;
(d) “PEP” has the meaning given in section 11 (5) of POCA Regulations;
(e) “senior management” means chief and senior executives;
(f) “beneficiary” means a beneficiary as defined under paragraph 6(7) of POCA Regulations;
DIGITAL ASSET BUSINESS (PRUDENTIAL STANDARDS) (ANNUAL RETURN) RULES 2018
(g) “risk assessment” means the assessment of AML/ATF risks determined by the licensed undertaking in accordance with POCA Regulations and any relevant Guidance Notes issued by the Authority;
(h) “non-risk rated client” means a client who has not been “risk rated” in line with measures imposed under POCA Regulations and any relevant Guidance Notes issued by the Authority.
DIGITAL ASSET BUSINESS (PRUDENTIAL STANDARDS) (ANNUAL RETURN) RULES 2018
SCHEDULE 3
(section 7) SANCTIONS
A licensed undertaking shall confirm or disclose:
1 Whether it screens clients to determine if they are subject to measures imposed under Bermuda sanctions regime.
2 Whether it screens employees to determine if they are subject to measures imposed under Bermuda sanctions regime.
3 Whether it has frozen any assets in the last 12 months under Bermuda sanctions regime.
3.1 If yes, how many?
3.2 The licensed undertaking shall provide the following details for those asset freezes – group ID, name of the designated person as given on the consolidated list, name of the person/entity if owned/controlled by a designated person and value of assets.
4 The licensed undertaking shall include any additional information/comments which might be relevant to the Authority in achieving its regulatory objectives in relation to the licensed undertaking.
For the purposes of this Schedule-
(a) Consolidated List refers to UK HM Treasury “Consolidated List of Financial Sanctions Targets”. This Consolidated List provides the names of all of the sanctions targets under the UN, EU and UK sanctions.
(b) Designated persons are defined under each relevant Order (as amended). The Orders are listed in Schedule 1 of the International Sanctions Regulations 2013, and the Annexes to the relevant UN and/or EU measures referred to in the definition of "designated persons" or "listed persons" in the Order).
Made this 7th day of September 2018
Chairman The Bermuda Monetary Authority
[Operative Date: 11 September 2018]
No cases currently cite this legislation.