- The Gibraltar Financial Services Commission’s (GFSC) DLT Regulatory Framework came into force on 1 January 2018.
- All Gibraltar-based firms using distributed ledger technology on a commercial basis to store or transmit value belonging to others now have to be licensed by the GFSC, adhere to the required principles and be actively supervised by the GFSC.
- The GFSC plans to bring token sales (ICOs) within the scope of the regulatory framework soon.
All Gibraltar-based firms using distributed ledger technology on a commercial basis to store or transmit value belonging to others now have to be licensed by the GFSC, adhere to the required principles and be actively supervised by the GFSC.
Gibraltar has become the first jurisdiction worldwide to offer a fully regulated framework for firms working with distributed ledger technology (DLT)—also known as blockchain. The new regulatory framework means that FinTech and other firms in Gibraltar which want to use DLT for transmitting payments, recording transactions and similar use cases will now need to be licensed by the GFSC in much the same way that banks are authorised.
We are really excited to finally welcome applications from DLT Providers. The team expect to be very busy in the coming months, and are looking forward to working on some interesting and innovative ideas with applicants. Working closely and collaboratively with the financial services industry and the Government of Gibraltar has resulted in the GFSC becoming the first regulator to introduce a DLT Regulatory Framework—it is a very encouraging time and we are also looking forward to the challenge!
—Nicky Gomez, Head of Risk and Innovation, GFSC
Rather than adopting hard and fast rules which can quickly become outdated and unfit for purpose, the GFSC felt that a flexible and adaptive approach was called for in order to regulate DLT Providers whose businesses are based on rapidly evolving technology. Accordingly, the DLT Regulatory Framework is an outcomes-focused, principles-based regulatory framework based around nine regulatory principles. According to these principles, a DLT Provider must:
- Conduct its business with honesty and integrity.
- Pay due regard to the interests and needs of its customers and communicate with them in a way which is fair, clear and not misleading.
- Maintain adequate financial and non-financial resources.
- Manage and control its business effectively, and conduct its business with due skill, care and diligence; including having proper regard to risks to its business and customers.
- Implement effective arrangements for the protection of client assets and money when it is responsible for them.
- Have effective corporate governance arrangements.
- Ensure that all systems and security access protocols are maintained to appropriate high standards.
- Implement systems to prevent, detect and disclose financial crime risks such as money laundering and terrorist financing.
- Have adequate business continuity, disaster recovery and crisis management plans in place, as well as contingency plans for the orderly and solvent wind down of its business.
The GFSC’s guidance notes on these principles, together with further information about the regulatory framework, are available on its website.
GFSC will apply a risk-based approach to all aspects of the authorisation process, which it says will be streamlined, consistent, fair and efficient. Applicants can expect the assessment process to take three months but are advised to engage early with the Risk and Innovation team at the GFSC prior to making an application and to seek appropriate advice. Applicants should then make an application for an initial assessment, before proceeding (if given the green light) to the full application process.
The full application process requires applicants to submit a complete application and to make a presentation which addresses any specific requirements of the GFSC based on the nature and complexity of the proposed business and which were identified at the initial assessment stage, as well as:
- the background of the key individuals involved in the business;
- the business plan, including corporate structure, products and services, target market and strategy;
- the firm’s financial projections; and
- evidence of how the firm will meet the nine regulatory principles.
Once a licence has been granted, GFSC will make an onsite visit that will give the firm the opportunity to present evidence to the GFSC that the processes and controls implemented and communicated during the presentation are effective and work in practice.
Any firm wanting to carry out DLT activities from 1 January 2018 must to apply to the GFSC for authorisation and will not be allowed to carry out the activities until a licence to operate as a DLT Provider is granted. Firms already carrying out DLT activities in or from within Gibraltar should make use of transitional arrangements which require them to submit a complete application to the GFSC by the 31 March 2018. Whilst their application is under consideration, they will be allowed to continue to operate pending a decision. Firms which fail to use the transitional arrangements will have to cease carrying out DLT activities on 31 March.
The GFSC is well known for facilitating innovation whilst maintaining a strong regulatory presence. Gibraltar is already popular with insurance and gaming businesses and now hopes to attract FinTech firms to a growing and well-supported DLT and crypto ecosystem in the British Overseas Territory as it prepares for Brexit.
The GFSC has also announced plans to expand the framework to cover initial coin offerings (ICOs) on a DLT shortly. The EU-regulated Gibraltar Stock Exchange has announced that it will launch the Gibraltar Blockchain Exchange to provide a cryptocurrency exchange which abides by the governance standards of a regulated exchange. This is a notable development and is another component in the drive by the GFSC to be forward thinking. Whilst, for the time-being, the UK’s FCA has decided not to issue specific regulations on the basis that the current regime is sufficient at present, other countries including Malta and Estonia are set to follow Gibraltar and adopt their own DLT regulatory frameworks in early 2018.