BERMUDA Law and Practice Contributed by: Steven Rees Davies, Kyle Masters, Charissa Ball and Alexandra Fox, Carey Olsen
2.8 Outsourcing of Regulated Functions The Digital Asset Business Act 2018 – Code of Practice (the “DAB Code of Practice” ) provides that certain regulated functions, such as asset management, custodial services, cybersecurity, compliance and internal audit, can be outsourced to third parties. The BMA requires the disclosure of any material outsourcing arrangements and it has, through its general guidance on outsourc - ing as well as through the DAB Code of Practice, reiterated that the responsibility remains with the digital asset business to ensure that all legal and regulatory obligations (under the DABA and any other relevant rules and regulations) are met to the same degree as if the outsourced function was being performed internally. Where roles have been outsourced to either external third parties or to affiliated entities of the digital asset business licensee, it is the directors of the licensee who are responsible for ensuring that there is oversight and clear accountability for each role. Any service agreement for an out - sourced function must include terms on compli - ance with jurisdictional laws and regulations and should not prohibit co-operation with the BMA or its access to data and records in a timely man - ner. The directors of the licensee must assess the impact of outsourcing a role. Where outsourcing a particular function is rea - sonably expected to adversely affect govern - ance and risk management structures, exces - sively increase operational risk, affect the BMA’s ability to effectively supervise and regulate the entity, and/or adversely affect customer protec - tion, that function should not be outsourced. For the purposes of cross-border outsourc - ing arrangements, there is no list of approved or equivalent jurisdictions; however, it would be preferable to outsource to an entity that is
sectors following its successful implementation under the DABA. The sandbox regime permits businesses that are seeking to be innovative or have innovative products or services to apply for a conditional sandbox licence, which – under the DABA – originally comprised the Class M licence. This was later expanded to also include a Class T licence, which was introduced specifi - cally for persons seeking to test or run a proto - type with reduced regulatory obligations com - mensurate with their reduced risk status. Another example is an insurance regulatory sandbox under the Insurance Act 1978 and relat - ed regulations, each as amended (the “Insurance Act” ), which allows for companies to test new technologies and offer innovative products, ser - vices, and delivery mechanisms to a specified number of policyholders for a specific period. The BMA has the power to review applications for the applicable sandbox and determine the appropriate legislative and regulatory require - ments that should be modified during the period within the sandbox. 2.6 Jurisdiction of Regulators The BMA is the sole financial services regula - tor and controller for foreign exchange control purposes in Bermuda. 2.7 No-Action Letters There is no formal method whereby an entity can request the BMA to issue “no-action” let- ter under the Digital Asset Regimes. However, when presented with certain fact patterns, the BMA has been willing to provide reassurance on their approach to certain business models – particularly where such business models fall outside the Digital Asset Regimes (eg, business models involving gaming tokens and proprietary trading).
89
CHAMBERS.COM
Powered by FlippingBook