21 April 2023
Bermuda Blockchain Chapter (Mondaq)
This guide to blockchain regulation in Bermuda covers the legal and enforcement framework, market, cryptocurrencies, smart contracts, data, cybersecurity, intellectual property, trends and predictions.
- Legal and Enforcement Framework
- Blockchain Markets
- Smart Contracts
- Data and Privacy
- Intellectual Property
- Trends and Predictions
- Tips and Traps
Legal and Enforcement Framework
What general regulatory regimes and issues should blockchain developers consider when building the governance framework for the operation of blockchain/distributed ledger technology protocols?
Bermuda has a digital asset sector specific legal and regulatory regime that governs both the issuance of digital assets and the carrying on of digital asset business activities in and from Bermuda. The Digital Asset Issuance Act (DAIA) requires any person seeking to offer digital assets to the public by way of a new issuance (Digital Asset Issuance) to obtain the permission of the Bermuda Monetary Authority (BMA), Bermuda's financial sector regulator. The Digital Asset Business Act (DABA) established a governing framework (DAB Framework) that regulates the conduct of digital asset business activities in and from Bermuda and requires any person seeking to conduct digital asset business activities in or from Bermuda to obtain a licence from the BMA.
"Digital Assets" are defined as anything that exists in binary format and comes with the right to use it and includes a digital representation of value that (a) is used as a medium of exchange, unit of account, or store of value and is (b) not legal tender, whether or not denominated in legal tender, (c) is intended to represent assets such as debt or equity in the promoter, (d) is otherwise intended to represent any assets or rights associated with such assets, or (e) is intended to provide access to an application or service or product by means of distributed ledger technology, but does not include (x) a transaction in which a person grants value as part of an affinity or rewards program, which value cannot be taken from or exchanged with the person for legal tender, bank credit or any digital asset; or (y) a digital representation of value issued by or on behalf of the publisher and used within an online game, game platform, or family of games sold by the same publisher or offered on the same game platform.
"Digital Asset Business Activities" includes:
- Issuing, selling or redeeming virtual coins, tokens or any form of digital assets
- Operating as a payment service provider business utilising digital assets which includes the provision of services for the transfer of funds
- Operating as a digital asset exchange
- Carrying on digital asset trust services
- Providing custodial wallet services
- Operating as a digital asset derivative exchange provider, and
- Operating as a digital asset services vendor.
How do the foregoing considerations differ for public and private blockchains?
The DABA regulates the provision of Digital Asset Business Activities to the general public, where the word "public" is deemed to be anyone other than yourself. Further, "distributed ledger technology” is defined as a database system in which (a) information is recorded and consensually shared and synchronised across a network or multiple nodes, and (b) all copies of the database are regarded as equally authentic. There is no express differentiation between a public and a private blockchain, but the DAB Framework follows a proportionality principle which allows the BMA to assess compliance with the DAB Framework in a proportionate manner relative to the nature, scale, complexity and risk profile of the project.
What general regulatory issues should users of a blockchain application consider when using a particular blockchain/distributed ledger protocol?
The DAB Framework is technology agnostic and is focussed on the ability of the system to comply with the principles set out in the DABA Code of Practice and Statement of Principles, together with ancillary regulations, issued by the BMA. Accordingly any developer seeking to launch a product or service using a particular blockchain application or distributed ledger protocol should consider the security of the system and whether it is secure and flexible enough for them to meet these standards. For users of the products or services, the fact a digital asset business in Bermuda is required to be licensed should give a level of comfort to the stability of the platform being used.
Which administrative bodies are responsible for enforcing the applicable laws and regulations? What powers do they have?
The BMA is responsible for regulating and licencing Digital Asset Issuances and Digital Asset Business Activities. The BMA has been granted wide-ranging powers of supervision and enforcement under the DABA and the DAIA. The BMA has the power to compel production of information and documents, the power to issue directions that safeguard the interest of the licensee's clients and the power to impose restrictions and conditions on licenses. The BMA has issued numerous documents, including guidance notes, codes of conduct, statements of principles and information bulletins, which set out the basic principles on how a digital asset business (DAB) is expected to conduct business.
If a DAB does not comply with the DAB Framework, including any specific BMA requests or directions, the BMA has the power and authority to impose fines of up to $10,000,000, depending upon the severity and type of infraction. In the most extreme cases the BMA may also revoke a DABA license. The BMA will use its enforcement powers in a manner consistent with the Statement of Principles and Guidance on the Exercise of Enforcement Powers.1
What is the regulators’ general approach to blockchain?
The BMA welcomes and openly engages with persons seeking to use blockchain thanks to the sector specific legislation and regulations in place in Bermuda. The BMA have established a FinTech Team, comprising individuals chosen for their experience in and knowledge of both the technology sector (blockchain specifically) and application of regulation, to oversee the application and implementation of the DAB Framework.
Are any industry or trade associations influential in the blockchain space?
The BDA FinTech Legal & Regulatory Sub-Committee comprises individual lawyers, licensed to provide Bermuda legal advice, who are proficient and experienced in advising DABs on the DAB Framework. The Sub-Committee's core purpose is to provide collective legal and regulatory feedback on, and propose amendments to, the DAB Framework and is actively engaged with both the Government of Bermuda and the BMA to achieve this. It is also used to seek clarification and certainty from the BMA on its interpretation and application of the principles that are the foundation of the DAB Framework.
NEXT is the Bermuda Digital Assets Industry Forum that is an autonomous industry advocacy group for Bermuda-based digital asset companies licensed by the BMA providing a collective voice and opportunities for collaboration within Bermuda and globally.2
Which blockchain applications and protocols have become most embedded in your jurisdiction?
Bermuda is technology agnostic and supports innovation through the development of all available technologies, including blockchain applications and protocols. The DAB Framework that governs and regulates Digital Asset Issuances and the provision of Digital Asset Business Activities in and from Bermuda is focussed on minimising fraud, money laundering and terrorist financing whilst promoting the highest quality of good corporate governance and risk management across the digital asset sector. It is the purpose and objectives of, as well as the individuals and organisations that develop, maintain and promote, blockchain projects that are important to the BMA, not necessarily the particular technology being used.
What potential new applications/protocols are most actively being explored?
The exploration of new applications/protocols is conducted by industry participants themselves and not the regulator. With such a varied number and type of Digital Asset Business Activities already licensed in Bermuda, and many more in the pipeline, it is impossible to identify any specific application/protocol that is being more actively explored than any other. Bermuda has become an innovation hub with blockchain and the digital asset sector being only one aspect of this wider sectoral expansion.
Which industries within your jurisdiction are making material investments within the blockchain space?
The Bermuda Government together with the Insurance & Reinsurance, Banking, Digital Asset Business, Trusts & Private Wealth Management and Fund and Asset Management sectors are making material investments within the blockchain space.
The Bermuda Government is developing numerous projects that involve blockchain, including the introduction of a stimulus token and related infrastructure, including digital ID, in Bermuda to facilitate the use of digital assets as an accepted method of payment across the retail sector and Government Agencies. The digital asset sector is itself also investing heavily in the development of existing and new technology, as well as the introduction of new digital asset products and services to the private and public sectors. Bermuda has the third largest reinsurance sector in the world after Lloyds of London and New York, and with the introduction of a regulatory sandbox regime for the insurance and reinsurance sector in Bermuda we have seen a massive investment in innovative insurance products and services, including numerous insurance projects seeking to use blockchain and smart contracts to increase capacity and delivery of service in the sector. Bermuda has also seen an increase in the use of fund and investment management vehicles that hold and manage portfolios or baskets of digital assets. The Bermuda Stock Exchange has the accolade of having been the first recognised stock exchange in the world to list a digital asset exchange traded fund. The trust and private wealth sector is also investing in blockchain by the promotion of trust services and family offices, as well as wealth management services, to those keen for regulated exposure to Digital Assets. The banking sector has also adapted to the global attention received by blockchain projects and the issues that exist in the banking of the digital asset sector. The Bermuda Government introduced amendments to the Banks and Deposit Companies Act 1999 which provided for banks to obtain a license from the BMA to provide banking services to persons operating in the digital asset sector. To date Jewel Bank is the only institution to have been issued such a license after massive investment of both time and money in its infrastructure and compliance framework.
Are any initiatives or governmental programmes in place to incentivise blockchain development in your jurisdiction?
Bermuda has a number of regulatory sandbox regimes that seeks to promote innovation and investment across all sectors, including blockchain, digital assets, insurance & reinsurance, banking and investment business. Bermuda also has a number of incubators and accelerators to support innovative entrepreneurs from both home and abroad, including Innofund and Ignite. InnoFund is a Bermuda initiative which assists entrepreneurs and their companies by providing the necessary tools, advice, and capital to grow. They also provide an incubator which provides access to programming and the services required to further the growth and development of technology-based start-ups.3 Ignite Bermuda was created specifically for local innovators with the drive and commitment to grow and scale their business or organisation. Ignote have teamed up with Entrepreneurial Spark to bring a truly global accelerator model to the ambitious entrepreneurs and community leaders of Bermuda.4
How are cryptocurrencies and/or virtual currencies defined and regulated in your jurisdiction?
Bermuda has introduced an all-encompassing definition of "Digital Asset" that includes cryptocurrencies and virtual currencies. The full definition is anything that exists in binary format and comes with the right to use it and includes a digital representation of value that (a) is used as a medium of exchange, unit of account, or store of value and is (b) not legal tender, whether or not denominated in legal tender, (c) is intended to represent assets such as debt or equity in the promoter, (d) is otherwise intended to represent any assets or rights associated with such assets, or (e) is intended to provide access to an application or service or product by means of distributed ledger technology, but does not include (x) a transaction in which a person grants value as part of an affinity or rewards program, which value cannot be taken from or exchanged with the person for legal tender, bank credit or any digital asset; or (y) a digital representation of value issued by or on behalf of the publisher and used within an online game, game platform, or family of games sold by the same publisher or offered on the same game platform. The DAB Framework does not differentiate between a utility token, NFT, stablecoin, securities token or cryptocurrency from the perspective of whether something is a Digital Asset, but it does apply proportionality principles when assessing each type of Digital Asset as part of an application by a DAB to conduct either a Digital Asset Issuance or provide Digital Asset Business Activities to the public.
What anti-money laundering provisions apply to cryptocurrencies?
Persons seeking to conduct either a Digital Asset Issuance or provide Digital Asset Business Activities to the public in or from Bermuda are required to establish Anti-Money Laundering and Anti-Terrorist Financing policies and procedures in accordance with the DABA, the Proceeds of Crime (Anti-Money Laundering and Anti-Terrorist Financing Supervision and Enforcement) Act 2008, the Proceeds of Crime Act 1997, and the Anti-Terrorism (Financial and Other Measures) Act 2004. These policies and procedures must include customer due diligence, ongoing monitoring, reporting of suspicious transactions, record-keeping, internal controls, risk assessment and management, and the monitoring and management of compliance with, and internal communication of, these policies and procedures.
What consumer protection provisions apply to cryptocurrencies?
Safeguarding client assets by preventing fraud or misappropriation is a primary concern of the BMA. Consumer protection provisions are contained in multiple pieces of legislation and related regulations and codes of conduct. The DABA prescribes requirements relating to safeguarding client assets, whilst the Digital Asset Business Code of Practice sets out the requirement to ensure that client assets are segregated from those of the DAB. The Digital Asset Custody Code of Conduct builds on these principles and provides greater clarity over the standards in relation to the level of care expected by the BMA in relation to safeguarding client assets. The DABA also contains provisions that require the establishments of formal customer complaints policies and procedures.
How are cryptocurrencies treated from a tax perspective?
Bermuda does not impose any tax on the issuance, acquisition, purchase, subscription, sale or maintenance of digital assets or on transactions involving digital assets.
What regulatory requirements apply to a cryptocurrency trader/exchange?
Any person that provides Digital Asset trading or exchange services (including Digital Asset derivative exchange services) to the public in or from Bermuda is required to obtain a Digital Asset Business licence from the BMA in accordance with the requirements of the DABA.
How are initial coin offerings and securities token offerings defined and regulated in your jurisdiction?
A “digital asset issuance” means an offer to the public to acquire digital assets or to enter into an agreement to acquire digital assets at a future date, and “offer, or offering, via a digital asset issuance” shall be construed accordingly. Subject to certain limitations and exclusions, any person that seeks to conduct an initial coin offering or securities token offering that is captured within this definition is required to obtain the prior permission of the BMA in accordance with the DAIA. The DAIA specifies what activities amount to a digital asset issuance, prohibits such activities other than by authorised undertakings, lays out the criteria a person must meet before it can become an authorised undertaking, imposes (and permits the BMA to impose) certain continuing obligations on any authorised undertaking, and grants to the BMA supervisory and enforcement powers over the issuers and/or promoters of digital asset issuances.
Can a smart contract satisfy the legal requirements of a legal contract under the laws of your jurisdiction? What will be considered when making this determination?
The Electronic Transactions Act 1999 (ETA) provides that information, which includes data, text, images, sounds, codes, computer programs, software and databases, shall not be denied legal effect, validity, admissibility or enforceability solely on the ground that it is (a) in the form of an electronic record, or (b) not contained in the electronic record purporting to give rise to such legal effect, but is referred to in that electronic record. Where information is required by law to be in writing or is described in any statutory provision as being written, that requirement or description is met by an electronic record if the information contained in the electronic record is accessible and is capable of retention for subsequent reference. In any legal proceedings, nothing in the rules of evidence shall apply so as to deny the admissibility of an electronic record in evidence solely on the ground that it is an electronic record. Information in the form of an electronic record will be given due evidential weight and in assessing the evidential weight of an electronic record, regard shall be had to (a) the reliability of the manner in which the electronic record was generated, stored or communicated, (b) the reliability of the manner in which the integrity of the information was maintained, (c) the manner in which the originator was identified, and any other relevant factor. Accordingly, provided the principles of contract law are met and the subject of the contract does not otherwise offend the laws of Bermuda, a smart contract should be recognised under Bermuda law, subject to evidence to the contrary, as a legally binding contract between the parties to which the smart contract relates.
It should also be noted that in 2020, the Bermuda Government signed a Memorandum of Understanding ("MoU") with The Proof of Trust, a globally patented smart contract validation and automated dispute resolution technology Company.5 This MoU enables the Bermuda Government to explore, develop applications and adopt smart contract technology.
Are there any regulatory or governmental guidelines or policies within your jurisdiction which provide guidance on regulating/defining smart contracts?
Whilst the principles and guidelines applicable to the conduct of Digital Asset Issuances and provision of Digital Asset Business Activities to the public in and from Bermuda do not expressly reference smart contracts, they do contain the standards and requirements that any Digital Asset project must adhere to for the purposes of compliance with the DAB Framework. DABs must ensure that any use and involvement of smart contracts in a project will not adversely affect the DABs ability to comply with the DABA Framework. Conversely, smart contracts would be a welcome addition if they can be shown to assist or increase in a DABs ability to comply. Of importance is the ability to ensure the smart contract is auditable so that its purpose and terms can be understood and verified.
What parts of traditional contract might smart contracts be able to replace?
The ETA was designed to facilitate electronic transactions on a technology neutral basis by means of reliable electronic records. Accordingly, other than the creation, execution or revocation of a will or testamentary instrument or the conveyance of real property or the transfer of any interest in real property, provided the criteria set out under the ETA are met, any transaction or contract has the ability to be carried out by electronic means in Bermuda. It is generally accepted that aspects of contracts which require third party involvement may be replaceable by smart contract. Escrow arrangements and notification provisions are two obvious examples. Certain insurance contracts can also be improved upon by the use of smart contracts where trigger events and pay-outs can be hardcoded.
What parts of traditional contracts might smart contracts be unable to replace?
The creation, execution or revocation of a will or testamentary instrument or the conveyance of real property or the transfer of any interest in real property are excluded from the ETA.
Due to their self-executing nature, the possible outcomes of a smart contract are typically limited to being binary. The risks of an unintended outcome can be high if the smart contract itself contains errors or has not been properly coded. In addition, common yet subjective terms (such as 'good faith') are incapable of being incorporated into smart contracts.
What issues might present themselves in your jurisdiction with regard to judicial enforcement of smart contracts?
No specific issues have presented themselves before the Courts in Bermuda. However, if the smart contract has not been coded, prepared or established with the basic principles of contract law, the ETA, the DAIA or the DABA in mind, there may be issues surrounding the validity and enforceability of the underlying contract. Also, issues that might arise may centre on the way in which a smart contract might be undone or amended. There may also be jurisdictional issues, where it is not easy to identify the location of a particular digital asset.
What are some practical considerations that parties should consider when drafting a smart contract?
It is important to consider the ability to audit the smart contract and the method for evidencing acceptance of its terms. The ability of anyone to evidence and prove that they are legally entitled to the rights attached to the smart contract is also something to be considered.
How will the foregoing considerations differ when smart contracts are running on a private versus public blockchain?
The same principles of contract law apply when considering validity and enforceability.
Data and Privacy
What specific challenges or concerns does blockchain present from a data protection/privacy perspective?
Bermuda has introduced legislation to provide for the protection of personal and sensitive personal information. Whilst not yet fully enacted, the Personal Information Protection Act (PIPA) sets out the standards required of all organisations in Bermuda that use personal or sensitive personal information. It also introduced a regulatory and oversight function administered by the Office of the Privacy Commissioner for Bermuda.
Given a blockchain's immutable nature, a particular challenge that may arise will be in respect of an individual's right to have their personal information erased by an organisation in certain circumstances under PIPA - since an individual could find their personal data recorded on a blockchain forever.
What potential advantages can blockchain offer in the data protection/privacy context?
The area of data protection/privacy that blockchain can likely have the biggest positive impact in is the recording and retention of anonymised data. Being able to continuously update and record important records and statistics (i.e. medical journals, government statistics) could offer the ability to ensure statistics are public, easily accessible, auditable and at the same time secure and un-editable. This has many potential benefits, one of which being that a person does not need to rely a on a third party to provide safe keeping of important records.
What specific challenges or concerns does blockchain present from a cybersecurity perspective?
DABs are susceptible to cyber threats or systems failures. However, these concerns are mitigated as a DAB must have a comprehensive cyber security programme which is governed by the Digital Asset Business (Cybersecurity) Rules 2018 ("Cybersecurity Rules") and the DABA Code of Practice. The DAB must have a comprehensive security programme that is proportionate to the nature, scale, complexity, and risk profile of the business. They must also implement a written cyber security policy which must address the following:
- Information security;
- Data governance and classification;
- Access controls;
- Business continuity and disaster recovery planning and resources;
- Capacity and performance planning;
- Systems operations and availability concerns;
- Systems and network security;
- Systems and application development and quality assurance;
- Physical security and environmental controls;
- Customer data privacy;
- Vendor and third-party service provider management;
- Monitoring and implementation of changes to core protocols not directly controlled by the DABs; and
- Incident response.
What potential advantages can blockchain offer in the cybersecurity context?
Blockchain applications offer the following major advantages in the cybersecurity context:
- Secure data storage and processing
Blockchain records are immutable and any change recorded on the blockchain is transparent and non- removable. Therefore, data stored on a blockchain is protected better than traditional digital or paper- based records.
- Transfer of data in a secure manner:
The blockchain enables fast and secure transactions of data and finances. Features like smart contracts allow for automatic execution of agreements between several parties.
All blockchain transactions are digitally signed and time-stamped, so participants can trace transaction history and track accounts at a point in time.
- User confidentiality
The confidentiality of blockchain network participants is high due to the public key cryptography that authenticates users.
- No single point of failure
Permissionless blockchains are decentralised so the failure or compromise of a single node will not compromise the operation or security of the blockchain as a whole.
What tools and measures could be implemented to mitigate cybersecurity risk?
The most effective tool we are aware of that can help to mitigate cyber security risk (in all blockchains but specifically in new and therefore more centralised chains) are security audits. The comprehensive cyber security programme a DAB must have in line with the Cybersecurity Rules and the DABA Code of Practice is to set out and include the protocol for audits of their systems.
What specific challenges or concerns does blockchain present from an IP perspective?
One challenge for IP is that different protocols can involve IP in different ways from code to branding. For decentralised projects, it is not always clear where the ownership of the relevant IP sits.
What type of IP protection can blockchain developers obtain?
IP protection in Bermuda is available through sophisticated IP legislation for trademarks, patents, copyright, and designs. Any Bermuda entity looking to register any intellectual property in Bermuda will also need to consider the potential impact of the Economic Substance Act 2018 and whether it has to demonstrate substance in Bermuda.
What are the best open-source platforms that could be used to protect developers’ innovations?
We cannot recommend a specific open-sourced platform.
What potential advantages can blockchain offer in the IP context?
Blockchain technology is already transforming the way intellectual property rights are recorded or evidenced. An example of this is the popularity of NFTs. While they were initially used to represent digital artwork, their use in other industries (for example the hospitality and gaming industries) is increasing as a way of providing digital identifiability and authenticity for property of all varieties.
Trends and Predictions
How do you think the regulatory landscape in your jurisdiction will evolve in the blockchain space over the next two years? Are any pending changes currently being considered?
Bermuda has proven itself to have a robust regulatory regime that has helped protect both the jurisdiction and its licensed digital asset businesses from recent turmoil in the sector. The continued open dialogue between the Bermuda government, the BMA and the industry has allowed solid progress to be made to improve the DABA and DAIA regimes with a view to the Bermuda regulation continuing to be fit for the nature, scale, complexity, and risk profile of business in the blockchain sector. As the world settles in to understanding the true potential of the underlying technology and the risks it brings, we expect to see an increased interest in the DABA and DAIA regimes from credible and legitimate projects seeking certainty and legitimacy through compliance with the standards set by Bermuda. There is also likely to be more focus on consumer protection and, through collaboration with Bermuda's insurance and reinsurance sectors, the availability of insurance for licensed businesses.
What regulatory changes would you like your jurisdiction to implement to further advance the blockchain industry?
The DABA and DAIA are solid pieces of legislation that give certainty to the regulation of digital asset businesses in Bermuda. Industry groups, the Government and the BMA are constantly looking at ways in which to improve the regimes and to provide solutions to new and innovative projects. This cuts across both the legislative and regulatory infrastructure as well as the implementation of actual technology in Government and across the island. There are several projects underway to help advance the blockchain sector and we expect to see continual improvement throughout the coming year.
What is the largest impediment within your jurisdiction to the adoption of blockchain technology?
There is no one impediment to the adoption of blockchain in Bermuda. The areas that will need consideration before adoption in certain areas include land title registration and the issuance and transfer of securities of Bermuda companies. These are subject to specific rules and permissions that would require development of a blockchain protocol and related smart contracts for it to be workable under these existing rules.
Tips and Traps
What are your top tips for effective use of blockchain technologies in your jurisdiction and what potential sticking points would you highlight?
The most important factor when considering offering blockchain technology to the public in or from Bermuda is to understand the potential impact of the DABA and DAIA. We would always recommend obtaining product specific advice as a first step to understand the regulatory implications of the product or services before undertaking any blockchain related activities.
- 2018-12-29-02-21-00-Enforcement-Guide---Statement-of-Principles-and-Guidance-on-the-Exercise-of-Enforcement-Powers.pdf (bma.bm)
- NEXT - Bermuda Digital Assets Industry Forum
- InnoFund | Bermuda | Incubator & Accelerator
- The Proof of Trust hail the Ottiwell Simmons International Arbitration Centre | Government of Bermuda (www.gov.bm)
Originally published in conjunction with Mondaq.