Bermuda was the first country in the world to introduce and implement a fully comprehensive sector specific legal and regulatory regime to govern the conduct of digital asset business (“DAB Regime“), which included activities relating to digital assets that were intended, inter alia, to provide access to an application or service or product by means of distributed ledger technology (“DLT“).�� Since the introduction of the DAB Regime in 2018, the Bermuda Monetary Authority (“BMA“) has, in its capacity as Bermuda’s financial regulator, issued Statement of Principles, Custody Code of Conduct, Code of Practice, Operational Cyber Risk Management Code of Practice and several guidance notes which have contributed to the development and sophistication of the DAB Regime and treats organisations that provide digital asset business products or services akin to other regulated financial service businesses.

The early adoption of the DAB Regime provided industry with legal and regulatory certainty, missing from other jurisdictions, around how DLT and business products and services connected to it shall be treated, whilst protecting Bermuda’s established reputation for regulatory excellence in the existing sectors of (re)insurance, banking, trusts, funds and investment business.  The innovative approach taken by the Government of Bermuda and the BMA (see our answer to question 2) has allowed for the application and operation of DLT across a diverse array of sectors and use cases.

The BMA introduced new classes of (re)insurance licences and a sandbox regulatory regime to allow for the testing and development of innovative insurance products, services and solutions, which has resulted in several projects being licensed, including the use of DLT to establish an on-chain insurance marketplace.  The use of DLT for the tokenisation of funds and other real-world assets (including stablecoins, yield tokens, bonds and other financial instruments) has been another example of the real use application of DLT by Bermuda-based companies seeking an advantage in the financial services sector.  Climate related projects have also launched in Bermuda using DLT, including a patent pending technology platform that seeks to connect big data with traditional securitisation aimed at accelerating the transition to a zero-emission and climate resilient global economy.  Other projects in Bermuda have included the testing of DLT based retail payment systems and NFT exhibitions and sales.

The Government of Bermuda has itself promoted the innovation and use of DLT in the public sector with projects currently investigating the use of DLT to improve the efficiency and resilience of public services, including the distribution of benefits and collection of taxes. The Bermuda Government, in conjunction with the Bermuda Business Development Agency (“BDA“), has also collaborated with industry to establish working groups that are focussed on developing policy, infrastructure, law and regulation in relation to DLT based products and services, including, inter alia, decentralised autonomous organisations (“DAOs“), digital identification and artificial intelligence (“AI“).

Bermuda has introduced and implemented the Digital Asset Business Act 2018 (“DABA“) and the Digital Asset Issuance Act 2020 (“DAIA“), both of which, whilst technology agnostic, govern the provision and offering of DLT based or related products and services in and from Bermuda.

The DABA is a licensing regime that governs all digital asset business activities (see definition below) and requires any person conducting digital asset business in or from within Bermuda to first obtain a licence from the BMA.  The DABA provides for three different classes of licence to cover testing (Class T), sandbox and project scaling (Class M) and full operations (Class F).

The DAIA is a permission-based regime that governs the issuance and offering of digital assets in or from within Bermuda to the public to raise capital for a given project or business opportunity.  Prior to issuing or offering digital assets to the public a person needs the prior permission of the BMA.

Both the DABA and DAIA regimes require an application to be made to the BMA for either a licence, if under DABA, or permission, if under DAIA.  Such applications must be supported by a business plan and requisite ancillary documents which include, inter alia, Financial Action Task Force (“FATF“) standard anti-money laundering and anti-terrorist financing (“AML/ATF“) policies, procedures and risk assessment framework, corporate governance framework and capitalisation calculations.  Depending on the type of digital asset business being conducted, applicants may also be required to submit a relevant white paper, cyber risk assessment, smart contract audit and evidence of segregation and adequate custody of customer assets.

The DABA defines a digital asset as “..anything that exists in binary format and comes with the right to use it and includes a digital representation of value that: – (a) is used as a medium of exchange, unit of account, or store of value and is not legal tender, whether or not denominated in legal tender; (b) is intended to represent assets such as debt or equity in the promotor; (c) is otherwise intended to represent any assets or rights associated with such assets; or (d) is intended to provide access to an application or service or product by means of distributed ledger technology.”.

The DABA defines digital asset business as “..the business of providing any or all of the following digital asset business activities to the general public: – (a) issuing, selling or redeeming virtual coins, tokens or any other form of digital asset; (b) operating as a payment service provider business utilising digital assets which includes the provision of services for the transfer of funds; (c) operating as a digital asset exchange; (ca) carrying on digital asset trust services; (d) providing custodial wallet services; (da) operating as a digital asset derivative exchange provider; (e) operating as a digital asset services vendor; and (f) operating as a digital asset lending or digital asset repurchase transactions service provider.”

The DAIA uses the same definitions for digital assets and digital asset business as the DABA, but establishes a separate definition for a digital asset issuance which means “..an offer to the public to acquire digital assets or to enter into an agreement to acquire digital assets at a future date..”.

The Government of Bermuda has been extremely supportive and continues to promote the use of DLT in Bermuda thanks to the introduction and implementation of the DAB Regime and related regulations.  The Government of Bermuda seeks to promote the island as an innovative and proportionately regulated jurisdiction where organisations seeking to establish DLT based or related projects and services can incorporate, test, develop and scale with proportionately risk based regulation and oversight not found elsewhere.  The certainty around the legal and regulatory treatment of digital asset business in Bermuda allows organisations to plan long-term, which assists in attracting finance and strategic partners for the lifecycle of the project.

The BMA continues to be a global leader and setter of standards when it comes to balancing  the regulatory oversight of organisations providing digital asset business products and services, the protection of members of the public receiving such products and services, as well as Bermuda’s own reputation as a well-regulated and globally recognised international financial centre with the desire for flexibility and proportionality in its application of regulations to help promote and encourage innovation.  The BMA is not afraid of innovation or risk, and in fact welcomes the challenges brought by ever-evolving technologies like DLT to the application of the DAB Regime, but they do expect all innovators to be aware of the risks that their projects face and create and have the sophistication to mitigate such risks in a proportionate and commensurate manner.  It is the relationship with the BMA and the environment which the BMA establishes for regulated organisations that is so attractive to technology companies, particularly those using or providing products and services related to DLT.

Bermuda does not have a central bank and as such no CBDC project exists.  The BMA is the issuer of the Bermuda dollar, which is pegged 1:1 with the United States dollar.  The Bermuda Government has publicly announced its support for a digital currency or token that could be used in Bermuda for retail and commercial purposes, including the collection of taxes and payment of benefits.  Several projects have already tested DLT based payment systems that could form the basis of such a digital currency or token.

Bermuda introduced sector specific legislation and regulation in 2018 to regulate digital asset business and the offering and promotion of digital assets to the public and has continued to develop and finesse these regimes as the sector has grown.  Rather than seeking to apply existing financial services legislation and regulation to the new products and services being offered using or in connection with DLT, Bermuda decided to create immediate certainty and clarification by identifying all virtual coins, tokens and other forms of digital asset under one single definition, thereby capturing all activities involving digital assets that run the risk of fraud, money laundering or terrorist financing.  Digital assets, as defined above, captures all types of cryptoassets and allows the BMA to regulate digital asset business activities involving cryptoassets in a manner proportionate to the relevant and applicable risk of the specific type of cryptoasset and product or services being offered.

The DAB Regime provides for the regulation of activities conducted by persons (both individuals and organisations), and where applicable their boards of directors and ultimate controllers.  Any person launching or offering decentralised financial products or services that falls within the definition of digital asset business will be regulated by the DAB Regime.  However, where a platform is truly decentralised, no person will ordinarily exist that can be identified as responsible for the products and services being offered.  The question of how a DAO that is truly decentralised is recognised under Bermuda law and specifically the DAB Regime is currently under consideration by a DAO working group established by the BDA in conjunction with the Government of Bermuda.  This does not mean that there is no existing recognition of the legal relationships established by and within a DAO, but more of an indication that Bermuda is willing to consider the innovative nuances of such an organisation created by DLT and seek its own novel and innovative solution to providing legal and regulatory certainty to such arrangements.  As matters currently stand, where a DAO is wrapped by a foundation (or other similar legal entity) or has been incorporated under specific DAO legislation in a foreign country, the BMA will look to regulate the legal entity wrapped around the DAO to the extent it is in fact conducting digital asset business or is acting on behalf of the participants of the DAO to enter into legal engagements for services necessary for the proper operation of the DAO (e.g. custody or IT services).

To the extent a person is conducting digital asset business using or connected with cryptoassets or DeFi, then such person, unless exempt under the DAB Regime, will be subject to FATF standard and sector specific AML/ATF legislation and regulations, as well as sanctions legally applicable to persons in Bermuda.

As of the date of this publication, Bermuda does not currently have income, capital gains or value added tax and as such the question of how cryptoassets and DeFi are treated for tax purposes is, in the main, moot.  However, the Government of Bermuda has passed the Corporate Income Tax Act 2023 (CIT Act), which will take full effect on 1 January 2025. The CIT Act implements the OECD’s global minimum corporate income tax for multi-national enterprises with greater than €750,000,000 annual revenue.

Also, stamp duty is applicable on the affidavit of value of a deceased’s estate, which could include digital assets (as defined under the DABA).  Where such digital assets are identifiable as forming part of a deceased’s estate and have a calculable value, stamp duty would be payable on the value of the estate in accordance with the Stamp Duties Act 1976.

The proprietary use and trading of cryptoassets is not prohibited or regulated in Bermuda.  However, operating a digital asset exchange or digital asset derivative exchange provider, acting as a digital asset services vendor (which includes conducting a digital asset transaction on behalf of another person and acting as a market maker or liquidity provider), lending or conducting repurchase transactions of digital assets, or the provision of services to persons seeking to trade digital assets are all activities captured by the DAB Regime and are regulated activities that may require a licence.  Also, Bermuda investment funds that deal in digital assets as part of their investment strategy are required to be registered or licenced under the Investment Funds Act 2006. Depending on the type of fund, an investment fund that has appointed an investment manager that is licensed under the Investment Business Act 2003 or authorised by a recognised regulator (as such term is defined dunder section 2 of the Investment Business Act 2003) will be exempt from licensing under the DABA under the Digital Asset Business Exemption Order 2023, provided an annual notice is filed with the BMA.

The trading of digital assets across or by persons licenced in Bermuda to conduct such activities is common thanks to the certainty and credibility provided by the DAB Regime to Bermuda digital asset businesses.

Provided an ICO meets the definition of a digital asset issuance under the DAIA (see responses to question 2 above), such ICO is permissible but will require the prior approval of the BMA.  If it does not meet the definition under the DAIA, it will most likely fall under the DABA category of digital asset business of “issuing, selling or redeeming virtual coins, tokens or any other form of digital asset” and thereby is also permitted but requires a licence issued by the BMA in accordance with the DABA.

If an organisation seeks to launch an ICO that falls within the DAIA’s definition of a digital asset issuance, the organisation must first obtain the BMA’s prior approval by submission of an application.  If the ICO is designed not to result in the digital assets becoming available to more than 150 persons or is available only to persons whose ordinary business involves the acquisition, disposal or holding of digital assets or is an offer to Qualified Acquirers (defined below), then the ICO would not be treated as an offer to the public and the organisation acting as issuer and/or promoter would only be required to file a digital asset placement declaration form with the BMA prior to entering into any transaction rather than submission of an application for approval.

“Qualified acquirers” include high-income (US$200,000 per annum for two years) and high-net-worth (greater than US$1,000,000 excluding residence value) private acquirers, corporate and unincorporated bodies with not less than US$5,000,000 in assets and other similar persons and arrangements.

An application to the BMA for prior approval to launch an ICO pursuant to the DAIA comprises a completed application form, a business plan containing the nature and scale of the digital asset issuance to be conducted, a copy of the issuance document available to the public, a detailed description of the arrangements for the management of the offering via the issuance, policies and procedures to be adopted by the organisation to meet the requirements of the DAIA and the Proceeds of Crime (Anti-Money Laundering and Anti-Terrorist Financing) Regulations 2008, and such other information and documents as the BMA may reasonably require.  The requisite application fee must also have been paid prior to or at the time of submission of the application.

The BMA must be satisfied that the organisation acting as issuer and/or promoter fulfils the minimum criteria addressing the fitness and propriety of directors and officers, ensuring business is conducted in a prudent manner, the integrity and skill of the organisation’s management and standards of corporate governance observed by the organisation, before granting its approval to any ICO.  When assessing this criteria, the BMA will expect standards similar to those required of other regulated financial service sectors.  The BMA has published the Digital Asset Issuance Rules 2020 which sets out requirements as to, inter alia, minimum required information for an ICO offering document, ongoing disclosures and information technology and cybersecurity, custody of customer assets and compliance measures.

If an organisation seeks to launch an ICO that falls within the DABA definition of issuing, selling or redeeming virtual coins, tokens or any other form of digital assets, then the organisation must first obtain a licence from the BMA by submission of an application specifying the class of licence sought.  The application must comprise a completed application form, a business plan containing the nature and scale of the digital asset activities to be conducted, particulars of the organisation’s arrangements for the management of the business, policies and procedures to be adopted by the organisation to meet the requirements of the DABA and the Proceeds of Crime (Anti-Money Laundering and Anti-Terrorist Financing) Regulations 2008, and such other information and documents as the BMA may reasonably require. The requisite application fee must also have been paid prior to or at the time of submission of the application.

The BMA must be satisfied that the organisation submitting the application fulfils the minimum criteria addressing the fitness and propriety of directors and officers, ensuring business is conducted in a prudent manner, the integrity and skill of the organisation’s management, and standards of corporate governance observed by the organisation.  When assessing this criteria, the BMA will expect standards similar to those required of other regulated financial service sectors.  The BMA has published a code of practice (“Code“) detailing requirements as to, inter alia, governance, risk management and internal controls applicable to licensed organisations and will assess an organisation’s compliance with the Code in a proportionate manner relative to the nature, scale and complexity of the organisation’s proposed offering.

The laws of Bermuda are based on the common law legal system of England and Wales and subject to the enactment of legislation by the Parliament of Bermuda, English common law continues to apply in Bermuda.

Accordingly, subject to the provisions of the DABA and DAIA and recent case law on point, the common law recognition and treatment of property (being real property or tangible/intangible personal property) applies in Bermuda as it applies in England and Wales (for details on the English position we refer you to the United Kingdom chapter on blockchain contributed by Slaughter & May).

The DABA and DAIA have sought to recognise digital assets as personal property to the extent that ownership and legal title in them are to be protected and can be transferred, held in trust and/or custody and exist with the risk of loss.  The BMA has set out rules and code of practice on how customer assets and funds (itself evidencing legislative recognition of digital assets being proprietary in nature) shall be treated and managed for the purposes of regulatory compliance.  Whilst the legislation does not expressly address the ability to grant security over digital assets, principles applied and recognised under English common law have been used in Bermuda for the purposes of seeking security over digital assets and in particular, the wallets in which the relevant private keys related to the digital assets in question are stored.

Bermuda recognises the common law principles of contract and to the extent a smart contract is established in Bermuda in accordance with the recognised principles of the law of contract (being offer, acceptance, consideration and intention) and whether chosen or by default is subject to the laws of Bermuda, the smart contract will be recognised and enforceable to the extent permitted under such law.  However, due to the very nature of smart contracts, being computer code, it is necessary to first ask whether the smart contract in question is intended to be a representation of a legally binding contract or an automated mechanism used to establish and implement the parameters of a legally binding contract formed outside of the smart contract itself.  In other words, it will be important to determine if the smart contract is the contract itself or a mechanism agreed for inclusion and use within the contract.

Issues arising from using a smart contract as a legally binding contract or as part of a contract’s mechanism for effective implementation include the irrevocable nature of transactions effected on DLT and the innate pseudonymity of the parties involved.  These are not Bermuda specific issues and are recognised and considered in all common law jurisdictions.  Accordingly, solutions established or recognised as effective under English common law will be equally recognised and effective in Bermuda to the extent not otherwise provided for by statute.

Under the DABA, the DAIA and ancillary regulations, codes, guidelines and statement of principles, it has become a recognised requirement that where a licenced or approved organisation uses a smart contract as part of its offering, products or services, such smart contract must be audited, and the organisation must comply with requisite disclosure rules relating to the same.  Whilst this does not in of itself remove the technical issues faced by persons seeking to enforce a smart contract, it does provide for clarity and veracity of the code contained in any given smart contract and focuses participants’ attention to such issues so that they can be appropriately addressed if so desired.

There are already examples of the use of smart contracts in the products and services being offered by DABA licenced organisations from an on-chain digital insurance marketplace using smart contracts to effect insurance contracts to the tokenisation of real-world assets and traditional financial instruments relating to yield or similar increased valuation mechanisms.

A truly DAO that is truly decentralised is treated in Bermuda as an organisation without separate legal personality, which means it cannot, as an organisation or protocol, obtain a licence or permission under the current DABA and DAIA regimes which look at the regulation of legal persons, their board of directors and ultimate controllers as defined under the DABA and DAIA.  Where a DAO has taken a legal form (e.g. foundation/company limited by guarantee/limited liability company) or is wrapped by a legal person, Bermuda will look at the activities being conducted by and/or through the DAO and seek to determine whether the legal person can be regarded as conducting such activity, or if not, what role they play as a legal person within or around the DAO for the purposes of identifying regulated activity.  The DAB Regime seeks to regulate the activities of legal persons in an effort to, inter alia, minimise fraud, money laundering and terrorist financing and as such looks to identity the persons who are conducting the digital asset business activities rather than regulate the function of the technology being used, and so when establishing a DAO in or from Bermuda, the persons involved should consider very carefully how the DAB Regime will determine their own involvement in the project and who will be held legally responsible for the launch of the DAO and the products and services available through the DAO.  See also our response to question 5 above.

The BDA, in conjunction with the Government of Bermuda and industry has established a DAO working group that has been considering how DAOs should be recognised for legal and regulatory purposes under the DAB Regime.  Until any proposals of the working group are made public and considered by the Government of Bermuda for possible adoption and implementation, the treatment of DAOs is as stated above and at question 5.

The BMA have extensive power and authority to take action against organisations and their controllers that are found to have breached the DABA or DAIA, similar to any other regulated financial services sector.  There exist civil penalties comprising both fines and incarceration as well as regulatory penalties that range from warning notices to public admonishment, and from fines to restrictions or even termination of licences.

There have been no public admonishments or penalties announced or other publicly declared enforcement action taken against any Bermuda organisation to date, whether licenced or not.  However, there have been several public notices published by the BMA about foreign organisations falsely claiming to be regulated under the DABA by the BMA and that appear to form part of a fraud or scam.  As the BMA only has jurisdiction over Bermuda organisations, or foreign organisations conducting business in or from Bermuda, these notices have not in themselves been enforcement action but a positive warning to the public about scams identified by the BMA.

The permissionless nature of DLT provides several issues from a control and oversight perspective and in particular in relation to the laws of exchange control and data protection.

Bermuda has exchange control laws and regulations that affect the ability to issue or transfer the securities of Bermuda companies to or between non-residents, which means that legislative changes, or potentially regulatory declarations, would be required if a Bermuda company, or other corporate entity, sought to use DLT for maintaining its register of members.

From 1 January 2025, the Personal Information Protection Act 2016 will be fully effective and may prove challenging for those using personal information on a DLT platform.  The key issues are an individual’s right to have personal information corrected or deleted and the obligation on organisations to only retain information for as long as is necessary for the purpose of its use.  The question of security is also potentially an issue due to the obligation on organisations using personal information to apply security and protective measures around personal information commensurate with the risk of harm to the individuals whose personal information is being used, although improvements in the technology itself may prove to be a workable solution in the medium to long term.

Due to Bermuda’s approach to DLT and the introduction of a sector specific legal and regulatory regime in 2018 that identifies and treats all virtual coins, tokens and crypto-assets as a single identifiable asset, being a digital asset, the concept of whether a token issued by a Bermuda organisation is a utility token, security token, stablecoin or non-fungible token (as examples), is, for local legal purposes under the DAB Regime, superfluous.  The use and purpose of a given digital asset and the products and services offered by an organisation will be the key components of any given project that will be risk assessed from a regulatory perspective and an expected commensurate and proportionate application of oversight and regulatory expectation will be afforded accordingly.

Practitioners should also be aware of the comprehensive nature of the DAB Regime.  Whilst this causes no local issues and in fact is an attractive aspect of Bermuda’s approach to the digital asset sector, it does require organisations seeking a DABA licence to be aware of how the jurisdictions of a target audience treat the same activity under their own local legal and regulatory framework.