Fintech 2025

GUERNSEY Law and Practice Contributed by: Matthew Brehaut and Tom Carey, Carey Olsen

2.4 Variations Between the Regulation of Fintech and Legacy Players All Guernsey regulatory laws operate on simi - lar principles when it comes to the granting of a licence. Separate rules apply to licensees depending upon the regulatory law under which they are licensed. To the extent that a fintech participant is regulated under the POI Law, there will be no difference in the extent of the regula - tion. 2.5 Regulatory Sandbox The GFSC uses its “Soundbox” approach when considering potential VASP licensees. As part of this process, when the GFSC initially grants a licence to a VASP applicant it will – in most cases – have a limited duration and may be sub - ject to a number of conditions. These conditions may include, without limitation: • restrictions on the volume of business the firm can carry out; • restrictions on the kinds of business the firm can carry out; • more frequent reporting requirements; and • additional capital and liquidity requirements. Following completion of the initial period of licensing, the GFSC will decide whether to renew or extend the licence, how long for, and whether to amend any of the restrictions. Given the diverse nature of potential VASP busi - ness models and activities, as part of this pro - cess the GFSC may set additional requirements based on the business model and risk profile of potential licensees. Capital and conduct require - ments and rules for a virtual asset exchange are likely to be very different to those for a virtual asset custodian, for example.

2.6 Jurisdiction of Regulators The GFSC is the principal relevant regulator in Guernsey. For data protection, the Office of the Data Protection Authority in Guernsey has juris - diction. 2.7 No-Action Letters Regulators do not issue no-action letters in Guernsey. 2.8 Outsourcing of Regulated Functions Any Guernsey business that is licensed under Guernsey’s regulatory laws needs to consider whether the GFSC’s outsourcing policies appli - cable to those regulatory laws apply to any out - sourced function. In the case of a VASP licensee, the core out - sourcing principles are as follows. • The board of a licensee retains responsibility and accountability for the outsourced func - tions. • The board of a licensee must be fully aware of and understand the risks arising from out - sourcing its functions. • Due diligence must be conducted in the selection of outsourced service providers and monitoring an outsourced service provider’s performance. • A licensee must ensure that there is a writ - ten outsourcing agreement in place for every outsourced activity. • The licensee must ensure that there is an established and maintained appropriate contingency plan that enables alternative arrangements to be set up, with minimal disruption, in the event of the failure of the outsourced service provider or any other breakdown in the provision of services.

284 CHAMBERS.COM

Powered by