Fintech 2025

BRITISH VIRGIN ISLANDS Law and Practice Contributed by: Chris Duncan and Katrina Lindsay, Carey Olsen

seeing compliance with the BVI’s rules and regu - lations maintenance of economic substance. The BVI Financial Investigation Agency (FIA) is the competent authority for the prevention and detection of financial crime, including money laundering, terrorist financing and proliferation financing. The Data Protection Act 2021 (DPA) established the office known as the Office of the Informa - tion Commissioner as the competent authority to monitor compliance with the DPA and inves - tigate and enforce in respect of any violations thereunder. The newly created Beneficial Ownership Unit of the BVI Registry of Corporate Affairs will oversee compliance with the BVI’s rules and regulations on disclosure of beneficial ownership, which were recently amended pursuant to the BVI Business Companies (Amendment) Act 2024. 2.7 No-Action Letters Regulators in the BVI do not issue no-action let - ters. 2.8 Outsourcing of Regulated Functions Outsourcing of functions by entities licensed by the FSC is governed by the terms of the Regu - latory Code. The Regulatory Code recognises that outsourcing has clear benefits ‒ for example, enabling a licensee to have a function under - taken more efficiently or to utilise resources not available in-house. However, the Regulatory Code also recognises that there are dangers, as outsourcing has the potential to transfer risk, management and compliance to third parties who may not be regulated and may be estab - lished in (and operating from) another jurisdic - tion.

The definition of an outsourcing arrangement under the Regulatory Code is broad and cap - tures all activities that a licensee would oth - erwise normally carry out itself, not just those activities that are regulated. A licensee is not permitted to outsource its compliance function, core management functions, or any activity that ‒ if outsourced ‒ would impair the FSC’s ability to supervise the licensee or affect the rights of a customer against the licensee. If a licensee does intend to outsource any func - tion, it must have in place a comprehensive out - sourcing policy with regard to the activities to be outsourced, and must establish and maintain appropriate and adequate systems and controls to manage its outsourcing risk. The licensee must also conduct due diligence on any poten - tial vendor, so it can assess the vendor’s capac - ity and ability to undertake the outsourced activi - ties and the risks associated with outsourcing the proposed activities to the vendor. Any outsourcing arrangement with a suitable vendor must be governed by a written contract with that vendor, clearly specifying all material aspects of the outsourcing arrangement and providing the licensee (and, if relevant, its auditor and actuary) with access to all documents and information relevant to the outsourced activity. 2.9 Gatekeeper Liability The extent to which fintech providers accept responsibility for the activities on their platform will vary, depending on their business model, their regulatory status, and the specific terms of service and acceptable use policies they have in place. However, all fintech providers ‒ to vary - ing degrees – will be deemed “gatekeepers” of the products and services offered through their platform.

131 CHAMBERS.COM

Powered by