Virtual Asset Service Providers (VASP) in Gibraltar

Virtual Asset Service Providers (VASP)

By establishing a regulatory framework, Gibraltar aims to attract virtual asset businesses while ensuring the integrity of the sector and protecting consumers. VASPs in Gibraltar are required to comply with applicable regulations, including anti-money laundering (AML) and counter-terrorism financing (CTF) measures.

The specific requirements and licensing procedures for VASPs in Gibraltar are determined by the Gibraltar Financial Services Commission (GFSC) , and businesses operating within this sector must adhere to these regulations to operate legally in the jurisdiction.

Initial Coin Offering (ICO) Gibraltar

An ‘Initial Coin Offering’ (ICO) is a means of raising finance, especially by early-stage tech start-ups, that is facilitated using distributed ledger technology (DLT).

Just as an initial public offering (IPO) issues shares or other securities to investors in exchange for fiat currency, an ICO issues transferable tokens to investors, often in exchange for cryptocurrency or digital tokens.

In 2022, the Gibraltar government released a complementary regulatory framework for digital Virtual Assets (VAs), that is fully aligned with its DLT framework, covering the promotion and sale of coins or tokens, operating secondary market platforms trading in VAs, as well as providing investment and ancillary services relating to VAs.

VAs are defined as a digital representation of value that can be digitally traded or transferred and can be used for payment or investment purposes. They do not include digital representations of fiat currencies or financial instruments specified under the Financial Services Act 2019.

The new framework aims to set the highest standards for market integrity, while recognising the diversity of the assets and activities within the virtual asset marketplace

Distributed Ledger Technology (DLT) Regulations

The amending regulations added a tenth Regulatory Principle to Gibraltar’s Financial Services (Distributed Ledger Technology Providers) Regulations, which requires that all DLT providers operating in Gibraltar conduct themselves in a manner that maintains or enhances the integrity of the markets in which they participate.

Simultaneously, and maintaining consistency with the approach to the other nine Regulatory Principles, the GFSC published a Guidance Note setting out its expectations of DLT providers.

This introduced a number of key responsibilities, designed to enable DLT providers to root out insider trading and other forms of market abuse, improve standards around disclosure and transparency, and ultimately safeguard the rights and interests of consumers.

Virtual Asset Service Providers (VASPs) in Gibraltar are required to comply with anti-money laundering (AML) and counter-terrorist financing (CTF) in accordance with the internationally agreed ‘Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers’ which was issued by the Financial Action Task Force (FATF) global watchdog in 2021.

'Relevant Financial Businesses’ (RFBs)

Businesses involving activities related to virtual assets that fall under the definition of a ‘relevant financial business’ (RFB) under section 9 of Gibraltar’s Proceeds of Crime Act 2015 (POCA), which was specifically amended to capture this activity, are required to apply to register as a VASP with the GFSC unless they require a full DLT Provider authorisation.

The definition of an RFB includes:

Undertakings that receive, whether on their own account of on behalf of another person, proceeds in any form from the sale of tokenised digital assets involving the use of DLT or a similar means of recording a digital representation of an asset.
Persons that, by way of business, exchange, or arrange to make arrangements with a view to the exchange of:

Virtual assets for money.
Money for virtual assets.
One virtual asset for another.

Failure to register is a criminal offence but the registration requirements are not applicable where a person is already subject to supervision by a supervisory authority

Customer Due Diligence (CDD) procedures

Firms are required to establish procedures to:

Apply customer due diligence (CDD) procedures.
Appoint a Money Laundering Reporting Officer (MLRO) to whom money laundering reports must be made.
Establish systems and procedures to forestall and prevent money laundering.
Provide relevant individuals with training on money laundering and awareness of their procedures in relation to money laundering.
Screen relevant employees.
Undertake an independent audit for the purposes of testing CDD measures, ongoing monitoring, reporting, record keeping, internal controls, risk assessment and management, compliance management and employee screening. The frequency and extent of the audit shall be proportionate to the size and nature of the business.

POCA states that CDD measures shall include identifying the customer and all beneficial owners, and understanding the ownership and control structure, obtaining information on the purpose and intended nature of the business relationship or occasional transaction, and taking a risk-based approach to the verification of the identity of the customer, all beneficial owners and the source of funds and wealth of the same.

In the case of a corporate or legal entity, CDD measures include obtaining its name, legal form and proof of existence, the powers that regulate and bind the corporate or legal entity, the names of the relevant persons in a senior management position, the address of its registered office and, if different, its principal place of business.

FATF 'Travel Rule' requirement

RFBs under POCA, including persons who send or receive virtual assets to or from VASPs, are also subject to the FATF ‘Travel Rule’ requirements.

The ‘Travel Rule” applies to transfers of virtual assets where the transaction has a value equal to or in excess of €1,000 and requires VASPs, including cryptocurrency exchanges, digital wallet providers, OTC trading desks, and other companies dealing with crypto assets, to make sure that specific customer information is obtained, disclosed and transferred between counterparties in a crypto asset transaction.

Sovereign's VASP services

Gibraltar has established itself as a leading hub for VASPs, providing a balance between regulatory diligence and operational flexibility. It offers proactive policies, robust regulations and a competitive edge in respect of skilled talent and government incentives, including tax benefits and grants.

Consistently ranking among the top five crypto fund domiciles globally, Gibraltar’s Experienced Investor Funds (EIFs) have gained popularity among crypto funds seeking effective regulatory oversight and the use of a Protected Cell Company structure.

As a member of the the Gibraltar Association for New Technologies (GANT), Sovereign can assist clients through the VASP application process and offers the following services to support VASPs and initial coins offerings (ICOs) projects in Gibraltar:

Establishing the legal entity.
Banking introductions.
Engaging a local lawyer of your choice for specialist legal advice.
Accounting.
Sourcing local auditors.
Company Secretarial and administrative support.

For any VASP establishing a physical presence in Gibraltar, Sovereign also offers the additional following services:

Bespoke corporate insurance coverage including Cyber Security, Directors and Officers, PI, Key Man and Healthcare.
Assistance locating commercial and residential premises.
Occupational and private pensions.
Accounting and payroll.
Executive relocation / High Executive Possessing Specialist Skills (HEPSS) applications.