Financial Crime World

Power to Enforce Compliance in the Bermuda Digital Asset Sector

The Bermuda Monetary Authority (BMA) has been granted significant powers to enforce compliance with regulations in the digital asset sector. This includes:

  • Imposing fines of up to $10 million
  • Issuing public censures naming and shaming licensees
  • Prohibiting individuals from performing certain functions for regulated entities
  • Seeking injunctions from the court

In extreme cases, the BMA may revoke a licence and petition the court for the winding-up of the entity whose licence has been revoked. These powers are designed to ensure that digital asset businesses operating in Bermuda comply with all relevant regulations and laws.

Personal Information and Protection Act (PIPA)

Bermuda’s Personal Information and Protection Act 2016 (PIPA) is a key piece of legislation that regulates the use of personal information. PIPA will come into effect fully on January 1, 2025, and applies to all organizations in Bermuda that use personal information.

To comply with PIPA, organizations must:

  • Only use personal information where there is a lawful basis for doing so
  • Adopt suitable measures and policies
  • Designate a privacy officer
  • Ensure accurate and up-to-date personal information
  • Implement safeguards to protect against unauthorized access
  • Provide a clear privacy notice to individuals

Cybersecurity

The Cybersecurity Rules and the DAB Operational Cyber Risk Management Code of Practice apply specific cybersecurity rules to digital asset businesses licensed in Bermuda. These entities must:

  • Appoint a senior executive responsible for overseeing their cybersecurity programme
  • Report regularly to their board of directors
  • Implement adequate measures to protect against cyber threats, including regular security audits and penetration testing

Anti-Money Laundering and Counter-Terrorism Financing (AML/CFT)

Digital asset businesses operating in Bermuda are required to comply with anti-money laundering (AML) and counter-terrorism financing (CFT) regulations. This includes:

  • Adopting a risk-based approach to client due diligence
  • Ongoing monitoring of client relationships
  • Reporting suspicious activities
  • Identifying and verifying participants in public offerings of digital assets
  • Complying with specific AML/CFT requirements

Sanctions

The UK’s sanctions regime applies to Bermuda through Overseas Territories Orders in Council (OT Orders) and the International Sanctions Act 2003. Digital asset businesses licensed in Bermuda must:

  • Report any potential matches to names and sanctions lists
  • Maintain adequate records of clients and business activities
  • Establish risk-sensitive policies and procedures

Anti-Bribery

Bermuda’s Bribery Act 2016 prohibits both individuals and corporations from bribing or being bribed. Offences under the act include:

  • Offering, promising, or giving a financial or other advantage to influence someone in their official capacity
  • Maintaining adequate records of business activities and transactions

Digital asset businesses operating in Bermuda must ensure that they comply with all anti-bribery laws and regulations.