Gibraltar is the first area in Europe and one of the first in the world to start regulating businesses engaged in Distributed Ledger Technology (DLT), which includes blockchain technology. As of December 15, 2017, The Gibraltar Financial Services Commission (GFSC) have introduced a new regulatory framework, Distributed Ledger Technology Regulatory Framework (DLT Framework), which will be in effect as of January 1st 2018. The framework regulates activities of Gibraltar-based companies that use DLT for virtual currency exchanges, and will be an amendment to the Gibraltarian Financial Services (Investment and Fiduciary Services) Act 1989. It is indicative of a broader movement to promote DLT-based operations and present a safe, well-regulated environment to conduct business in the field, which is consistent with its early moves in 2016 to regulate cryptocurrencies and conduct research on the DLT, to attract investments for a number of crypto-currency affiliated companies like Xapo and Coinsilium [1]. Gibraltar is also considering a complementary regulatory framework which would cover the promotion and sale of tokens, which is aligned with the DLT framework [2].

The Gibraltarian DLT framework applies to individuals and companies who use DLT for business activities engaged in using blockchain for “the transmission or storage of value belonging to others” which are not subject to other existing legal regulations which includes: “centralized virtual currency, administrators, VC wallet providers, trading platforms, VC exchanges, payment service providers, issuers of asset-backed tokens, pre-loaded VC, vouchers and wallets, and peer-to-peer gaming platform operators” [1] and covers ICOs, custodians, and exchanges [3]. These businesses are required to seek authorization from the Gibraltar Financial Services Commission (GFSC) as a DLT provider. Some types of business-related to VC which fall outside the scope of the new regulatory framework, which includes “decentralized VC schemes (like Bitcoin), DLT software developers, users purchasing goods and services with VC, and investment in VC for private purposes.” [1]

According to the DLT Regulatory framework, the following are relevant principles of blockchain business regulation:

• Protection of Client Assets: The DLT provider must have effective arrangements to protect the client’s assets and money when it is responsible for them. DLT providers are expected to take all reasonable precautions to protect customer assets in their custody or control against unexpected threats. Custodial assets and the DLT provider’s assets must be segregated [4]
• Cyber Security: The DLT provider must ensure that all systems and security access protocols are maintained to high standards. “Systems should ensure the right level of access to authorized personnel with up-to-date monitoring systems. On-going and proactive security assessments should be conducted on DLT technologies to keep up-to-date with any new threats and potential vulnerabilities.” These include: [4]
  • Risk assessment
  • Skilled and experienced staff
  • On-going vulnerability and threat analysis
  • Monitoring and response provisions
  • Independent compliance audit and reporting
• Financial Crime: DLT providers must adequately apply anti-money laundering and counter-terrorist financing preventive measures [4].
• Resilience: DLT provider must be resilient and thus develop its own contingency, crisis management plans [4].

Gibraltar’s anti-money laundering requires businesses to register with relevant supervisory authority and to have the necessary systems in place to prevent money laundering and report suspicious transactions. The range of businesses under these regulations include companies which are required to be licensed by the Financial Services Commission or the Gibraltar Regulatory Authority, for example. Therefore, at the early-stages of conception, the company should decide whether it will:[4]

• Be subject to the regulations
• Be registered with a relevant supervisory authority

Published DLT regulations can be found here
May 2017 Government of Gibraltar Consultation Document
DLT Seminar slides – 20th of October 2017
GSFC Statement on ICOs
DLT Application Process and Fees document

To seek further clarification, one can contact the Gibraltar Financial Services Commission, DLT Working Group, and the Cryptocurrency Working Group.

SOURCE
[1] Nomoretax.eu
[2] Fintechlawblog.com
[3] bitlegal.io
[4] GFSC.gi