QU OF NT AT A FE RU

BERMUDA

DIGITAL ASSET ISSUANCE RULES 2020

BR 128 / 2020

PART 1PRELIMINARY

Citation

1 These Rules may be cited as the Digital Asset Issuance Rules 2020.

Interpretation

2 In these Rules—

“Act” means the Digital Asset Issuance Act 2020;

“AML/ATF regulated financial institution” has the meaning given in regulation 2(2) of the Proceeds of Crime (Anti-Money Laundering and Anti-Terrorist Financing) Regulations 2008;

“appropriate measures” has the meaning given in rule 19;

DIGITAL ASSET ISSUANCE RULES 2020

“Authority” means the Bermuda Monetary Authority established under the Bermuda Monetary Authority Act 1969;

“Chief Information Security Officer” means the senior executive, by whatever title called, appointed by the authorised undertaking to oversee and implement its cyber security program and enforce its cyber security policies;

“custody” means the holding, or arranging for the holding, of any assets from digital asset acquirers by the issuer until the latest of—

(a) the time at which the offering via the digital asset issuance has reached the minimum stated in the issuance document;

(b) any time specified in the issuance document for the use of proceeds; or

(c) any time required by the Authority in its authorisation, and “custodian” shall be construed accordingly;

“Cyber Security Event”” has the meaning given in section 2 of the Digital Asset Business Act 2018;

“hard cap” means the maximum amount of money equivalent (in Bermuda dollars) that the digital asset issuance is intended to raise by reference to the number of digital assets, above which amount no further digital assets shall be offered by the issuer via its digital asset issuance;

“independent professional” means a professional legal adviser or accountant being a firm or sole practitioner in independent practice who by way of business provides legal or accountancy services to other persons;

“issuer” means an undertaking conducting a digital asset issuance in or from within Bermuda;

“local issuer” means an issuer whose digital asset issuance–

(a) relates to a project from a local company, a local LLC, a local partnership or an undertaking that the Authority is satisfied meets the “Head Office” requirements pursuant to section 21 of the Digital Asset Business Act 2018; and

(b) has a set hard cap not exceeding ten million Bermudian dollars: Provided that, in case of an issuer conducting a digital asset in multiple tranches, the said hard cap shall be calculated in aggregate;

“project” has the meaning given in section 2 of the Act;

“soft cap” means the minimum amount of money equivalent (in Bermuda dollars) that the digital asset issuance is intended to raise by reference to the number of digital assets, which shall be refunded by the issuer to its digital asset acquirers in case such minimum amount is not reached.

DIGITAL ASSET ISSUANCE RULES 2020

PART 2MINIMUM REQUIRED INFORMATION FOR DIGITAL ASSET ISSUANCE

General

3 The issuance document shall include the minimum required information set forth in this Part.

4. Issuance document: summary

(1) The issuance document shall include a summary which shall, in non-technical language, convey the key information in relation to the offering.

(2) For the purposes of this rule, “key information” means essential information which is to be provided to digital asset acquirers with a view to enabling them to understand the nature and the risks of the proposed project, the issuer and the digital assets that are being offered to them.

Authority may request further information

5 The Authority may, at its discretion, require any further information or documentation in relation to a digital asset issuance as it may deem necessary in view of the nature, scale and complexity of such digital asset issuance.

Minimum required information to be included in the issuance document

6 An issuer shall, to the extent it is applicable, include the following minimum required information in the issuance document relating to its digital asset issuance―

(1) name of the issuer, including the registered office address, email addresses, websites, social media accounts and any other jurisdiction in which the applicant is registered: Provided that where the issuer is part of a group, the group structure as well as relevant information of the said group shall be required to be included in the issuance document;

(2) the details of all persons involved with the digital asset issuance, including the applicant’s directors, chief executives, senior executives, shareholder controllers, promoters, service providers, auditors and other such information;

(3) name of the issuer’s local representative, including its address, email addresses and websites as well as a statement that any complaints may be addressed by digital asset acquirers to the said representative;

(4) confirmation as to whether any or more of the persons referred to in paragraph (1) or (2) have applied for or been granted a licence, permission or other authority under any law relating to the proposed digital asset issuance or otherwise relating to financial markets in any other country or countries and, if so, the relevant details;

(5) confirmation as to whether any or more of the persons referred to in paragraph (1) or (2) are or have been involved with any other digital asset

DIGITAL ASSET ISSUANCE RULES 2020

issuance or digital asset business in Bermuda, or similar undertakings in any other jurisdiction, and if so the relevant details;

(6) disclosure of any legal proceedings having an important effect on the issuer’s financial position or its digital asset issuance;

(7) confirmation as to whether the issuance document was submitted to the Authority for approval and, if not, reference to the applicable exemption in terms of section 16(2) of the Act should be made;

(8) name and nature of the project;

(9) information about the project organisation and project planning including the project phases, milestones and estimated time for delivery, as well as the envisaged frequency of updates to be made by the issuer to its digital asset acquirers (via its electronic facility and any other communicational channel as the issuer may decide) on the progress being achieved;

(10) key features of the product or service to be developed;

(11) at least two-year financial projections regarding the project, including any key assumptions made therefor;

(12) the targeted digital asset acquirers and jurisdiction or jurisdictions, as well as any restrictions thereof, including the following―

(a) the marketing methods and communicational channels utilised by the issuer to promote the project;

(b) confirmation as to whether the digital asset has been marketed by the issuer or any other person referred to in paragraph (1) or (2) as an investment, as defined in section 3(1)(a) of the Investment Business Act 2003; and

(c) confirmation as to whether any restrictions are, or will be, in place regarding certain types of investments and, in the affirmative, detailed description of such restrictions;

(13) detailed description of the technology or technologies to be used, including the following―

(a) rationale behind, and nature of, distributed ledger technology being utilised for the development of the protocol, platform, application or service;

(b) the protocol developed or utilised, including a specification as to whether it is a first or second layer protocol;

(c) the consensus mechanism;

(d) the incentive mechanism to secure any transaction or any other applicable fees;

DIGITAL ASSET ISSUANCE RULES 2020

(e) scalability of the project (including off-chain activity and the deployment of side chains) and interoperability with other projects, platforms, applications or protocols;

(f) the smart contracts deployed, including their underlying technical standard, associated operational costs, oracles and any restrictions embedded therein;

(g) the issuer’s technological and cybersecurity infrastructure;

(h) any intellectual property rights associated with the digital asset issuance, including the issuer’s technological and cybersecurity infrastructure;

(i) corporate governance arrangements embedded in the technology underlying the issuance, including a clear description of the decision- making procedure or procedures; and

(j) type of wallet or wallets to be used and interoperability with other platforms or protocols;

(14) detailed description of the digital asset issued, or to be issued, including the following―

(a) the digital asset’s functionalities and, if not already active, a description of the point or points when the planned functionalities will apply or become active;

(b) the distribution of the digital assets, including the amount or proportion to be retained by the issuer or any of the persons referred to in paragraph (1) or (2), whether there is any vesting period and, if so, details of the timeline;

(c) the point at which, by whom and the manner wherein the digital asset will be transferred to the acquirers;

(d) all applicable fees, including those associated with the acquisition, custody and disposal of the digital assets offered via the digital asset issuance;

(e) the rights as well as the obligations associated with the acquisition of the digital assets; and

(f) confirmation as to whether there are any restrictions on transferability or tradability of the digital asset offered via the digital asset issuance, including whether it can be traded or transferred between persons with or without an intermediary or other third party custodian and, if so, relevant details thereof;

(15) detailed description of the offer, including the following―

(a) the opening and closing dates of the offer;

DIGITAL ASSET ISSUANCE RULES 2020

(b) confirmation as to whether a pre-sale of the digital assets has taken (or will take) place and, if so, description of the terms of such pre-sale, including quantity of digital assets to be offered and any applicable bonuses or discounts;

(c) confirmation as to whether a minimum holding or lock-up period is applicable and, if so, detailed description of the terms thereto;

(d) confirmation as to whether the issuer has entered into any Simple Agreements for Future Tokens or similar agreements with any acquirers and, if so, description of the terms of such agreements including quantity of digital assets covered thereunder as well as the manner to be allocated;

(e) confirmation as to whether any person is underwriting or guaranteeing the issuance and, if so, the details of such person or persons;

(f) confirmation as to whether any rights of pre-emption exist and, if so, the procedure to exercise such rights;

(g) confirmation as to whether burning will be deployed and, if so, specification of the reason that such method will be utilised (as deflationary mechanism, safeguard against money laundering or terrorist financing etc.);

(h) confirmation as to whether the issuer is planning to carry out any further future digital asset issuances in relation to the project and, if so, description of the terms of such issuances;

(i) the exchange or exchanges on which the digital assets being offered will (or may) be listed, to the extent known by the issuer, including a confirmation as to whether such exchange or exchanges hold a licence, permission or other authority under any law to operate as such and, if so, relevant details thereof;

(j) confirmation as to whether it is intended that the digital asset may be used in exchange for goods or services of the issuer or third parties and, if so, relevant details thereof; and

(k) confirmation as to whether there are plans for the issuer to buy back the digital assets and the terms of the repurchase and, if so, relevant details thereof;

(16) detailed description of the custodial arrangements in place, including a specification as to whether the assets of digital asset acquirers will be held by the issuer or a third party: Provided that, where the digital assets of the digital asset acquirers will be held by a third party, the issuer shall also include a confirmation that such third party to be appointed is a qualified custodian, as defined in section 2(1) of the Digital Asset Business Act 2018;

DIGITAL ASSET ISSUANCE RULES 2020

(l7) detailed description of the risks associated with the issuance and its underlying technologies as well as of the safeguards to be put in place to mitigate such risks;

(18) the means by which the project will be financed, including any past, present or future financing arrangements sought by the issuer in conjunction with the proposed digital asset issuance;

(19) detailed description of the manner as well as the timeline the funds raised through the issuance will be allocated;

(20) the soft cap and hard cap set for the issuance (in Bermuda dollars), including the payment methods to acquire the digital asset offered by the issuer;

(21) detailed description of the procedure to be followed by digital asset acquirers wishing to exercise their cooling-off rights, in terms of section 19 of the Act, as well as of the refund mechanism in place, which shall be triggered where the soft cap referred to in paragraph (20) is not reached; and

(22) description of systems and controls in place to ensure data protection and privacy in relation to information pertaining to acquirers.

PART 3ONGOING DISCLOSURES AND OTHER REQUIREMENTS

General

7 The communications and disclosures required to be made to digital asset acquirers by the issuer under this Part shall be made via the issuer’s electronic facility pursuant to section 18 of the Act and any other communicational channel that the issuer may decide.

Communications regarding milestones

8 The issuer shall provide digital asset acquirers with updates on the progress being achieved with respect to the milestones set out in the issuance document, the frequency of which shall be disclosed in the issuance document pursuant to rule 6(9), including the instances where such milestones are not being met, along with a detailed explanation therefor.

Material change

9 The issuer shall inform its digital asset acquirers of any material change relating to its digital asset issuance prior to such material change taking effect: Provided that, where the material change referred to in this rule could not have been foreseen, the issuer shall inform its digital asset acquirers as soon as practically possible following such occurrence;

DIGITAL ASSET ISSUANCE RULES 2020

Provided further that, the obligation under this rule shall be without prejudice to any other obligation applicable to the issuer in terms of the Act, any applicable law or the codes of conduct issued by the Authority pursuant to section 8 of the Act.

Service providers

10 Notwithstanding rule 9, the issuer shall also inform its digital asset acquirers of the removal or replacement of any of its service providers stated in the issuance document as soon as practically possible following such removal or replacement: Provided that the obligation under this rule shall be without prejudice to any other obligation applicable to the issuer in terms of the Act, any applicable law or the codes of conduct issued by the Authority pursuant to section 8 of the Act.

11. Periodic return

(1) An issuer shall, for the duration of its authorization, within the period and at such intervals specified in its authorization, file with the Authority a return, which shall be in an electronic format prescribed by the Authority and contain information in respect of the matters set out in paragraph (2), as such matters stand when the return is filed.

(2) The following information is required in a return—

(a) name of issuer;

(b) organizational and group structure;

(c) in relation to directors―

(i) official name and any given or used names where appropriate;

(ii) type of directors (whether executive, non-executive, independent); and

(iii) confirmation of primary residence;

(d) in relation to officers and senior executives―

(i) official name and any given or used names where appropriate;

(ii) confirmation of primary residence; and

(iii) role or job title;

(e) details of the gross revenue from the digital asset issuance;

(f) total transaction volume by digital asset type;

(g) number of digital asset acquirer accounts and in the aggregate composition of digital asset acquirer balances ( in aggregate fiat currency, digital asset and digital asset type);

(h) geographical profile of clients, (aggregate number of client transactions by territory, aggregate client transactional balances by territories where clients reside, aggregate fiat currency and securities);

(i) public wallet addresses and customer deposit addresses;

DIGITAL ASSET ISSUANCE RULES 2020

(j) names of outsourcing partners, copies of service level agreements setting out the roles, duties and functions of outsourced partners, including third parties or affiliates of outsourced partners performing custody, cybersecurity, compliance and other key functions of the issuer.

(3) The return in electronic format referred to in paragraph (1) shall be set out on the website of the Authority: www.bma.bm.

(4) An issuer shall, at the time of filing its return, file with the Authority a declaration signed by two directors or a director and an officer, that to the best of their knowledge and belief, the information in the return is fair and accurate.

Prevention of insider market abuse in secondary trading

12 Where the issuer’s digital assets offered via its digital asset issuance are or will be traded on the secondary market, the issuer shall implement effective internal arrangements, systems and procedures to prevent, detect and report market abuse carried out by any one of the persons referred to in rule 6(1), any other employee, any seconded member of staff, or any service provider of the issuer not otherwise captured under the said rule.

Risk management framework

13 The issuer shall establish, and have at all times in place for the duration of its authorization, and for such further period beginning from the end of the offering via its digital asset issuance as may be specified in its authorization, a risk management and internal controls framework which complies with any guidelines issued by the Authority.

PART 4INFORMATION TECHNOLOGY AND CYBERSECURITY

General

14 The issuer shall ensure that its technological and cybersecurity infrastructure comply with international best practices: Provided that, for purposes of this rule, the issuer shall take into account the nature, scale and complexity of its operations.

Data audit node

15 Further to rule 14, the issuer shall also establish, and have at all times in place, for the duration of its authorization and thereafter for the period of five years beginning from the end of its offering via its digital asset issuance, a data audit node in Bermuda, where all information relevant to the digital asset issuance will be stored real-time in an accurate and tamper-proof manner, including transactions and other events taking place on-chain or off-chain.

DIGITAL ASSET ISSUANCE RULES 2020

Cyber security report

16 Every issuer shall file with the Authority within three months from the granting of its authorisation and subsequently, to the extent applicable to an issuer, on an annual basis thereafter, a written report prepared by its Chief Information Security Officer assessing—

(a) the availability, functionality and integrity of its electronic systems;

(b) any identified cyber risk arising from its digital asset issuance;

(c) the cyber security program implemented and proposals for steps for the redress of any inadequacies identified.

Cyber security program

17 The cyber security program of an issuer shall include but is not limited to, the audit functions set forth below—

(a) penetration testing of its electronic systems and vulnerability assessment of those systems conducted at least on a quarterly basis;

(b) audit trail systems that—

(i) track and maintain data that allows for the complete and accurate reconstruction of all financial transactions and accounting;

(ii) protect the integrity of data stored and maintained as a part of the audit trail from alteration or tampering;

(iii) protect the integrity of hardware from alteration or tampering, including by limiting electronic and physical access permissions to hardware and maintaining logs of physical access to hardware that allows for event reconstruction;

(iv) log system events including but not limited to access and alterations made to the audit trail systems, and Cyber Security Events;

(v) maintain records produced as part of the audit trail.

PART 5CUSTODY OF ASSETS

Custody of assets

18 An issuer holding the assets of digital asset acquirers under custody shall carry out reconciliations of such assets with acquirers’ records at least on a monthly basis and where it discovers discrepancies following such reconciliations, it shall maintain a record of such discrepancies as well as the measures taken to remedy same: Provided that where an issuer wishes to appoint a third party custodian, it shall ensure that such third party is a qualified custodian, as defined in section 2(1) of the Digital Asset Business Act 2018.

DIGITAL ASSET ISSUANCE RULES 2020

PART 6COMPLIANCE MEASURES

19. Meaning of “appropriate measures”

(1) An issuer shall, in relation to a digital asset issuance, ensure that it applies appropriate measures.

(2) For the purposes of these Rules, “appropriate measures” include the following—

(a) identifying any digital asset acquirer and verifying the acquirer’s identity on the basis of documents, data or information obtained from a reliable and independent source;

(b) in the case of a legal entity or legal arrangement, identifying the digital asset acquirer including―

(i) full name and trade name;

(ii) date and place of incorporation, registration or establishment;

(iii) registered office address and, if different, mailing address;

(iv) address of the principal place of business;

(v) whether and where listed on a stock exchange;

(vi) official identification number (where applicable);

(vii) name of regulator (where applicable);

(viii) legal form, nature and purpose (whether discretionary, testamentary, bare etc.);

(ix) control and ownership;

(x) nature of business;

(xi) information about the legal powers that regulate and bind that legal entity or legal arrangement, and verifying the identity of the relevant natural person carrying out the transaction or proposed transaction;

(c) in the case of a person purporting to act on behalf of a digital asset acquirer, verifying that the person is in fact so authorised and identifying and verifying the identity of that person;

(d) complying with the International Sanctions Act 2003 and the International Sanctions Regulations 2013; and

(e) conducting enhanced due diligence whenever necessary in accordance with rule 22.

DIGITAL ASSET ISSUANCE RULES 2020

20. Verification of identity and timing of verification

(1) An issuer shall, in relation to a digital asset issuance, ensure that it applies appropriate measures relating to identification and verification of the acquirers in the digital asset issuance.

(2) Subject to paragraph (3), an issuer must verify the identity of a digital asset acquirer before the issuance of a digital asset to the acquirer with respect to the digital asset issuance.

(3) Such verification may be completed after the issue of a digital asset if―

(a) the rights and functionalities are such that the digital asset can only be used for services and products provided by the issuer;

(b) this is necessary not to interrupt the normal conduct of business;

(c) there is little risk of money laundering or terrorist financing occurring, provided that the verification is completed as soon as practicable after the digital asset is issued;

(d) any money laundering or terrorist financing risks that may arise are effectively managed; and

(e) it appears that a digital asset acquirer, or any person purporting to act on behalf of the digital asset acquirer, is not or does not appear to be anonymous or fictitious.

Requirement to cease transactions, etc.

21 Where in relation to any digital asset acquirer in a digital asset issuance, an issuer is unable to apply appropriate measures in accordance with the provisions of these Rules, the issuer―

(a) shall not open any account or carry out a transaction for the person;

(b) shall not issue a digital asset to the person; and

(c) in the case of a digital asset acquirer in an issuance, shall not permit that digital asset acquirer to undertake any further transactions of any nature, until such time as the issuer has been able to apply the measures.

22. Enhanced due diligence

(1) An issuer must apply on a risk-sensitive basis enhanced due diligence to business relationships with existing digital asset acquirers in its issuance—

(a) in accordance with paragraph (2);

(b) in instances where a person or a transaction is from or in a country that has been identified as having a higher risk by the Financial Action Task Force;

DIGITAL ASSET ISSUANCE RULES 2020

(c) in instances where a person or a transaction is from or in a country that represents a higher risk of money laundering, corruption, terrorist financing or being subject to international sanctions;

(d) in instances where a digital asset acquirer is a “politically exposed person” as defined in the Proceeds of Crime (Anti-Money Laundering and Anti- Terrorist Financing) Regulations 2008, regulation 11(6) or (6A);

(e) in any other situation which by its nature may present a higher risk of money laundering or terrorist financing;

(f) in instances where the issuer suspects money laundering or terrorist financing; or

(g) in instances where the issuer doubts the veracity or adequacy of documents, data or information previously obtained for the purpose of identification or verification.

(2) Where any of the circumstances in paragraph (1) exist, an issuer must take specific and adequate measures to compensate for the potential risk, for example by applying one or more of the following measures—

(a) ensuring that the digital asset acquirer’s identity is established by additional documents, data or information;

(b) take adequate measures to establish the source of wealth and source of funds which are involved in the transaction;

(c) employing supplementary measures to verify or certify the documents supplied, or requiring confirmatory certification by an AML/ATF regulated financial institution (or equivalent institution) which is subject to equivalent regulations;

(d) in instances where a digital asset acquirer participates in the digital asset issuance with fiat currency, ensuring that the payment (or first payment in case of linked transactions) is carried out through an account opened in the digital asset acquirer’s name with a banking institution;

(e) monitoring the digital asset acquirer’s activity.

Reporting Officer

23 An issuer must appoint a Reporting Officer and maintain internal reporting procedures which require that—

(a) a report is to be made to the Reporting Officer of any information or other matter which comes to the attention of an employee and which in the opinion of that employee gives rise to a knowledge or suspicion that another person is engaged in money laundering or terrorist financing;

(b) any such report be considered by the Reporting Officer in the light of all other relevant information for the purpose of determining whether or not

DIGITAL ASSET ISSUANCE RULES 2020

the information or other matter contained in the report does give rise to such a knowledge or suspicion;

(c) the Reporting Officer be given access to any other information which may be of assistance to him in considering the report; and

(d) the Reporting Officer disclose to the Financial Intelligence Agency (established by section 3 of the Financial Intelligence Agency Act 2007) the information or other matter contained in a report, where the reporting officer knows or suspects or has reasonable grounds to suspect that a person is engaged in money laundering or terrorist financing.

24. Compliance Officer

(1) An issuer shall designate a person employed at managerial level as the Compliance Officer.

(2) The issuer shall be responsible for ensuring its Compliance Officer is adequately trained to carry out the role.

(3) The Compliance Officer shall—

(a) ensure that the necessary compliance measures required by these Rules are in place; and

(b) coordinate and monitor the compliance measures to ensure continuous compliance with these Rules.

(4) A Compliance Officer may also be appointed as a Reporting Officer.

25. Reliance on third parties

(1) An issuer may rely on a person who falls within paragraph (2) to apply any measures required by these Rules, provided that—

(a) the other person consents to being relied on; and

(b) notwithstanding the issuer’s reliance on the other person, the issuer—

(i) must obtain information sufficient to identify digital asset acquirers;

(ii) must satisfy itself that reliance is appropriate given the level of risk for the jurisdiction in which the party to be relied upon is usually resident; and

(iii) will remain liable for any failure to apply such measures.

(2) The persons are—

(a) an AML/ATF regulated financial institution;

(b) an independent professional supervised for the purposes of these Rules by a designated professional body in accordance with section 4 of the Proceeds of Crime (Anti-Money Laundering and Anti-Terrorist Financing Supervision and Enforcement) Act 2008;

DIGITAL ASSET ISSUANCE RULES 2020

(c) a person who carries on business in a country or territory other than Bermuda who is—

(i) an institution that carries on business corresponding to the business of an AML/ATF regulated financial institution or independent professional;

(ii) in the case of an independent professional, subject to mandatory professional registration recognised by law;

(iii) subject to requirements equivalent to those laid down in these Rules; and

(iv) supervised for compliance with requirements equivalent to supervision by his supervisory authority.

26. Record-keeping

(1) An issuer must keep the records specified in paragraph (2) for at least the period specified in paragraph (3).

(2) In respect of a transaction, the records are—

(a) a copy of, or the references to, the evidence of the person’s identity obtained pursuant to these Rules, together with the results of any analysis or enhanced due diligence undertaken in relation to that person; and

(b) the records of transactions, provided that such records must be sufficient to permit the reconstruction of individual transactions, and in this rule, the period is five years beginning on the date the transaction is completed.

(3) An undertaking who is relied on by another person must keep the records specified in paragraph (2)(a) for five years beginning on the date on which he is relied on for the purposes of these Rules in relation to any transaction.

(4) But in any case where an issuer has been notified in writing by a police officer that particular records are or may be relevant to an investigation which is being carried out, the issuer must keep the records pending the outcome of the investigation.

(5) For the avoidance of doubt, all documents and findings related to the investigations of—

(a) complex transactions;

(b) unusually large transactions; or

(c) unusual patterns of transactions (in case of linked transactions), must be recorded and kept for a minimum period of five years and shall be made available to the Authority and any other regulatory authorities or law enforcement agencies.

(6) A person referred to in rule 25(2)(a) or (b) who is relied on must, if requested by the person relying on him within the period referred to in paragraph (4)—

DIGITAL ASSET ISSUANCE RULES 2020

(a) make available to the person who is relying on him as soon as reasonably practicable after the request but not later than five business days thereafter any information about the digital asset acquirer which he obtained when applying appropriate due diligence measures; and

(b) without delay forward to the person who is relying on him, copies of any identification and verification data and other relevant documents on the identity of the digital asset acquirer which he obtained when applying those measures.

(7) An issuer who relies on a person referred to in rule 25(2)(c) (a “third party”) to apply appropriate measures must take steps to ensure that the third party will, if requested by the issuer, within the period referred to in paragraph (4)—

(a) as soon as reasonably practicable make available to him any information about the digital asset acquirer; and

(b) as soon as reasonably practicable forward to him copies of any identification and verification data and other relevant documents on the identity of the digital asset acquirer, which the third party obtained when applying those measures.

(8) For the purposes of this rule, a person relies on another person where he does so in accordance with rule 25(1).

Audit of digital asset issuance

27 An issuer must carry out an internal compliance review with respect to the conduct of its digital asset issuance and financial operations (including financial expenditures, if any) connected therewith and submit any outcome thereof together with the certificate of compliance referred to in section 70 of the Act.

PART 7EXEMPTIONS

28. General

(1) Where an issuer wishes to avail itself of any of the exemptions included in section 16(2) of the Act, it shall file an exemption form with the Authority in the specified format before proceeding with the digital asset issuance in or from within Bermuda.

(2) The exemption form referred to in this rule shall be set out on the website of the Authority: www.bma.bm.

Digital asset issuance through an accredited digital asset business

29 Where an issuer offers its digital assets to the public through an accredited digital asset business, only rules 5 and 7 to 10 shall be applicable to such issuer:

DIGITAL ASSET ISSUANCE RULES 2020

Provided that, where the issuer is holding assets of digital asset acquirers under custody, but not through the accredited digital business, rules 14 to 18 shall also be applicable to such issuer in relation to the said activity.

30. Local issuers

(1) Where an issuer qualifies as a local issuer, such issuer shall not be required to appoint a local representative pursuant to section 27 of the Act.

(2) Additionally, rules 11, 12, 13, 15 and 16 shall not be applicable to such issuer.

Digital asset issuance authorised by another competent authority

31 Where a digital asset issuance is subject to the rules or regulations of another competent authority, or has otherwise been authorised or vetted by another competent authority, thus falling within the scope of section 16(2)(c) or (d) of the Act, rules 3, 4, 6 and

15 shall not be applicable to the issuer of such digital asset issuance.

Made this 7th day of December 2020

Chairman Bermuda Monetary Authority

[Operative Date: 07 December 2020]