Bermuda: Fintech

A ‘payment service provider’ is defined in Bermuda’s Proceeds of Crime (Anti-Money Laundering and Anti- Terrorist Financing) Amendment Regulations 2010 as “a person whose business includes the provision of services for the transfer of funds”.  Pursuant to the Money Service Business Act 2016, a “payment service business” means a business that is licensed to provide and execute payment services to and for third parties by whatever means. Such licenses are issued by the Bermuda Monetary Authority (BMA) as the regulatory body with supervisory jurisdiction of Bermuda-based financial institutions.

While the traditional financial institutions are governed by the Banks and Deposit Companies Act 1999 (as amended) (BDCA), The Digital Asset Business Act 2018 (DABA) governs businesses dealing with digital assets (including payment service businesses, custodians and electronic exchanges). The legislation covers the issuing, selling and redeeming of virtual coins, tokens or other digital assets to businesses, such that ICOs fall instead within scope of Digital Asset Issuance Act 2020 (DAIA) as discussed at question 15 below.  The BMA can issue restricted licenses under the BDCA to enable businesses to provide banking services to DABA-licensed companies.

In its August 2020 Consultation Paper, the BMA stated that the current legislative framework has proven too onerous to support a viable restricted bank model in Bermuda.  It therefore intends to broaden the permitted customer base for restricted banks under the BDCA so as to facilitate financial inclusion for a wider group of people currently unable to access basic banking services from the traditional banks.

Subject to some exceptions, section 2(2) of The Money Service Business Act 2016 defines a money service business as a business which provides services to the general public such as money transmission services; cashing cheques; issuing, selling or redeeming drafts, money orders or traveller’s cheques for cash; payment services business; and operating a foreign currency exchange. Any such business requires a license from the BMA, though institutions licensed under the Banks and Deposit Companies Act 1999 are exempted.

As noted at question 1, DABA regulates businesses dealing with digital assets (defined broadly), whether based in or outside of Bermuda. Such businesses include, for instance, payment service providers (using digital assets) and those whose business involves the issuing, exchange and custody of virtual coins and tokens (save where digital assets are offered to the public by way of an Initial Coin Offering, which would be governed by separate legislation as discussed at question 15).

While the legislative framework in Bermuda is progressive and the government encourages the development and adoption of technology in the financial sector, payment methods and instruments remain largely traditional.  With a population of around 65,000 people, many of the so-called challenger banks are yet to reach Bermuda, and even digital wallets (such as ApplePay) remain largely under-utilised. Instead, companies and residents alike tend to use only fiat bank accounts and major debit and credit cards, with peer-to-peer payments therefore being less efficient and more costly than in other jurisdictions. That said, the Bermuda government has put measures in place to facilitate the use of cryptocurrency and, most notably in October 2019, announced its Currency Standard Initiative whereby it would accept payments in 1:1 US dollar-backed digital currencies that get licensed by the BMA. The first such stimulus token (USDC) can now be used to buy food and other essentials as part of a pilot program which commenced in July 2020.

While open banking has not yet been introduced in Bermuda, it is possible (if not likely in view of the government’s desire to see Bermuda become a leading fintech jurisdiction) that such data-sharing provisions will be implemented in due course. As the jurisdiction strives for greater corporate transparency generally, and with the implementation of modernised data protection provisions (as to which see Question 5) it is anticipated that consumers will in turn be afforded enhanced rights regarding their information, including authorising the transfer of such data to third party developers.

Indeed, the BMA issued a Discussion Paper titled ‘A Conduct of Business Regulatory Framework for Bermuda’ on 19 August 2020 which, amongst other things, focused on the principles highlighted by the G20 and the Organisation for Economic Co-operation and Development (OECD)), including disclosure and transparency. While the Paper does not specifically refer to open banking, there is a clear indication that consumer rights need to be improved and access to information more readily facilitated.

The Personal Information Protection Act 2016 (PIPA) received Royal Assent on July 27, 2016 and governs the use of personal information by all Bermuda-based organisations, businesses and the government. However, the legislation is not yet operative. Bermuda appointed its first Privacy Commissioner (the data protection regulator) on 20 January 2020, with Bermuda businesses being afforded a transitional period during which they must implement appropriate measures and safeguards to achieve compliance with the legislation before it becomes fully operative.

In the interim, local businesses that operate internationally (including by way of engaging overseas/international clients) must still be cognizant of international data protection legislation such as the General Data Protection Regulation (GDPR) and the U.S. Federal and State laws where applicable. When PIPA is fully operative, it will govern such practices as the collection, protection, use, transfer and destruction of personal information.

Bermuda continues to enhance its regulatory framework to ensure that it is able to provide a safe and transparent test space for innovative products and services. The Regulatory Sandbox and Innovation Hub (both launched in 2018) continue to attract businesses and entrepreneurs to the jurisdiction for the purpose of testing and enhancing their products. This includes businesses utilising distributed ledger technology (DLT) (including digital asset businesses) and those developing Artificial Intelligence (AI)-based products/services for use in the financial services / insurance industry.  The regulator (BMA)) has issued both full and restricted licenses to a number of fintech businesses in recent years, including innovative tech start-ups and established international companies.

The BMA also regularly issues Consultation Papers to industry professionals to ensure that it is amending the regulatory framework where necessary, so as to promote innovation for the benefit of consumers and negate or minimise the risks associated with the adoption of new technologies. The BMA also participates in conferences to promote discussion on emerging technologies including, for instance, the Bermuda Virtual Tech Summit in October 2020 (part of Bermuda’s Tech Week) where a host of major international fintech companies and renowned speakers explored issues such as innovation and regulation, developments in DLT, the adoption of AI and concerns surrounding data privacy.

There is a catalogue of risks to the growth of fintech in any jurisdiction. Fraud and cyber theft threaten digital assets, and product failure is almost inevitable with so many new technologies.  There are risks associated with DLT (such as key management), which remains in its infancy in terms of development and adoption, and with AI (such as bias and compromised/unreliable data pools from which machines learn), such that further regulation is likely to be required in the near future (particularly where consumer investment is involved).

However, given Bermuda’s legislative framework and the regulator’s facilitation of transparency, trust and consumer protection, many of these risks are being minimised. By way of example, the BMA’s screening of license applications under DAIA means that the risk to investors and consumers is greatly reduced by the need of businesses to comply with strict disclosure and compliance measures.  Further, the government’s fintech regime is aimed at encouraging innovative ways around many of these risks – DLT is (predominantly) aimed at removing the trust element of transacting, meaning that its wide adoption could significantly reduce the risks of fraud and theft. By providing a regulated environment for the testing of these technologies, Bermuda is reducing the risk of innovative technologies being stymied or corrupted, not only in its own jurisdiction, but across the globe.

Digital assets (and transactions involving digital assets) are not subject to income tax, capital gains tax, withholding tax or other taxes in Bermuda (though foreign taxation laws may encapsulate such assets and transactions).

A company incorporated in Bermuda shall be considered tax resident in the jurisdiction and thereby eligible for certain exemptions from the Minister of Finance in relation to taxes including imputed profits or income, capital gains tax and inheritance tax.  However, any Bermuda company carrying on a relevant activity will be subject to The Economic Substance Act 2018 (and related Regulations).

Due to its status as a global leader in reinsurance, it is no surprise that insuretech has seen significant investment in recent years. For several years, Bermuda has been amongst the top (if not the top) jurisdiction for financial investment in fintechs, largely due to its reinsurance industry. Mostly this investment is at Series A level, with some at Series B. By way of example, in May 2020 a leading data-driven underwriting and risk analytics business announced a USD $6m Series A investment led by an AI-specialist investor. The funds are to be used to develop proprietary machine-learning and data-driven underwriting activity in Bermuda (and London).

There has also been investment in other technologies, including DLT (not just in relation to cryptocurrency or exclusively in the insurance sector) and AI.

Bermuda is one of the only jurisdictions in the world to implement a legislative framework that encourages the testing and development of innovative technology aimed at disrupting the financial services sector. Not only does it provide a regulatory sandbox to facilitate the use of fintech products in the real world, but its robust regulatory regime provides for transparency and investor/consumer confidence.

Further, the island’s physical proximity (and ease of access to) major financial hubs such as New York and London, as well as its natural beauty and unparalleled lifestyle opportunities, makes it an attractive jurisdiction in which to physically establish a presence.

As part of its plans to see the jurisdiction become a global leader in the fintech space, the Bermuda government has sought to attract both established players and innovative start-ups and individuals to the country.  The Fintech Business Work Permit allows a fintech company that is new to the jurisdiction to receive automatic approval for up to five work permits in its first six months of operation under a Fintech Business Permit. Such Work Permits are issued to non-Bermudians for up to five years without the need to advertise locally, though they are restricted to non-protected positions (i.e. they should not be entry-level, graduate or trainee positions or fall within a restricted category).

The Global Entrepreneur Work Permit (which may be issued for one year) allows a person to work and reside in Bermuda for such purposes as business planning, seeking government or regulatory approvals, meeting compliance or financial requirements or raising capital.

While not exclusive to the Fintech industry, the recently introduced Work from Bermuda Visa allows those working (or studying) remotely from elsewhere to relocate to Bermuda for one year.

In its 2020 Business Plan, the BMA expressed its objective to develop a highly-skilled team to meet the demands of the future.  This objective, it said, will be achieved by recruiting top-tier talent, upskilling and reskilling its current employees, and developing a sound succession plan for its leadership positions. Indeed, the regulator has sought to work with technology experts within the industry and has set out to recruit key fintech personnel to help drive the jurisdiction forward.

Intellectual Property protection is available for trademarks, patents, domain names, copyright and design. As with other common law jurisdictions, an infringed party can seek relief from the court in a variety of manners, including injunctive relief to prevent use of such IP, Anton Piller orders (which give the infringed party the right to search premises and seize evidence without prior warning), delivery up/destruction of infringing articles, damages and an account of profits. As an offshore jurisdiction with certain tax incentives, many companies establish entities as vehicles to hold intellectual property and collect income deriving from such IP (e.g. license fees). The framework in place provides these companies with protection in the event of an infringement.

The Bermuda government has embraced the development and use of cryptocurrencies to establish itself as a progressive and innovative jurisdiction that can act as a regulatory sandbox for the benefit of global innovation.  Bermuda has enacted legislation in line with its vision and that includes a regulatory framework designed to facilitate the development and adoption of cryptocurrency.

Under DABA, a “digital asset” is defined broadly as anything that exists in binary format and comes with the right to use it and includes a digital representation of value that:

(a) is used as a medium of exchange, unit of account, or store of value and is not legal tender, whether or not denominated in legal tender (for instance, so-called stablecoins);

(b) is intended to represent assets such as debt or equity;

(c) is otherwise intended to represent any assets or rights associated with such assets; or

(d) is intended to provide access to an application or service or product by means of DLT;

A “digital asset business” is defined as a business that provides any or all of the following digital asset business activities to the general public:

(a) issuing, selling or redeeming virtual coins, tokens or any other form of digital asset;

(b) operating as a payment service provider business utilising digital assets which includes the provision of services for the transfer of funds;

(c) operating as an electronic exchange;

(d) providing custodial wallet services;

(e) operating as a digital asset services vendor

Each of the above definitions have been incorporated into DAIA which governs ICOs.

The BMA can currently issue two types of license to digital assets businesses, namely:

Class M: a restricted license for a specified period of time, often referred to as a “sandbox license, issued to facilitate innovation and testing of new products and services in Bermuda; or

Class F: a full license.  Such a license was issued to a major international cryptocurrency exchange in September 2020 to operate its platform in Bermuda under the supervision of the BMA.

It was proposed by the BMA in its August 2020 Consultation Paper that the DABA be amended to introduce a Class T (test) license to promote testing and development of innovate technology in Bermuda. This would include an amendment to the minimum criteria for licensing under DABA and allow a class T licensee to have to hold assets equivalent only to the amount of $10,000 and to not have to comply with the more stringent obligations of a Class M or F licensees.

Further, as noted at question 3 above, the Bermuda government implemented a Currency Standard Initiative to accept payments in 1:1 US dollar-backed digital currencies that get licensed by the BMA. The USDC stablecoin can therefore, since July 2020, be used to pay taxes and buy essentials as part of a pilot program.

On May 6 2020, the Bermuda government enacted DAIA to replace the ICO regime and to facilitate the regulation of digital asset issuance by the BMA rather than the Ministry of Finance.  There are a number of hoops to jump through to be granted permission by the BMA to register as a digital assets business, most of which are similar to the previous regime (e.g. disclosure requirements and a detailed business plan). However, businesses must now also have a BMA-approved local representative to report to the BMA on various significant issues (matters such as compliance, solvency and disclosures) and once registered there are now strict KYC and AML/CTF measures that must be put in place.  There are also, in certain instances, conditions and restrictions placed on the change and removal of officers and shareholders.

A key reason for the introduction of DAIA was that, while Bermuda has its own regime, such laws do not avail businesses of the laws of other jurisdictions, including the U.S which has far-reaching jurisdiction in relation to its own citizens.^[1] Transparency and ongoing regulation is therefore paramount to facilitating the development and adoption of digital assets.

Aside from ICOs, DABA covers the issuing, selling or redeeming of virtual coins, tokens or other digital assets to other businesses or individuals.

Reference

^[1] Indeed, the Security and Exchange Commission (SEC) recently deemed a digital token issued from Bermuda (prior to the introduction of DAIA) as an unregistered security, resulting in the token being disabled and a substantial fine being levied against the issuer.

There are a number of live blockchain projects operating in and from Bermuda.

Most notably, perhaps, the government of Bermuda introduced the digital stimulus token as a means to distribute financial aid to the country’s population at the start of the COVID-19 pandemic, allowing stablecoins to be used for the payment of taxes and purchase of essential products.  It has also facilitated the development of cryptocurrency and DLT businesses such as a blockchain-based digital ID system, and has created an environment for insurance-related businesses to benefit from DLT (for instance, with the BMA licensing the world’s first captive to insure crypto custody). The Liquidity Summit 2020 was also used to promote change and highlight the benefits of asset representation in digital form using DLT.

The BMA confirmed in its 2018 and 2019 Business Plans that it intended to adopt AI and machine learning technologies to enhance its operations and, in its 2020 Business Plan, the BMA confirmed that AI is changing the nature of work in a broad range of jobs and professions, including data-intensive functions of the BMA such that it had reduced its own operating costs.

In the private sector, the island has seen businesses adopt AI in a number of ways, e.g. by utilising robo-advisors for financial investment and in cyber-underwriting (e.g. analyzing economic, technical, historical and behavioral information to predict outcomes and analyse risk). Bermuda businesses will likely increase their use of AI in their financial services offerings, which will likely lead to increased regulation. Indeed, Bermuda has already implemented legislation which anticipates the continued development and adoption of AI technologies, for example, PIPA (discussed at question 5) anticipates the use of advanced data processing (e.g. using AI, facial recognition technology and/or automated decisions that could impact an individual).

Regulation of AI will of course lead to increased compliance costs for businesses, but start-ups are presently well placed to exploit AI technologies to get a foothold in the market before the regulatory regime becomes complex and costly. Those adopting AI into their businesses now are also best placed to work with the government to guide policy, in circumstances where common technical standards will need to be implemented if governance is to be effective (e.g. as to data privacy – given that AI is contingent upon the mass processing of customer data- security, product safety, accuracy and managing social biases).

The Insurance Amendment Act, 2018 provided for an insurtech ‘regulatory sandbox’ to facilitate and encourage the supervised development and application of innovative technology in the insurance sector.  The sandbox, together with the BMA’s Innovation Hub, has aided in the development of insuretech in Bermuda, with the Act providing for additional license classifications for Innovative Intermediaries, namely Insurance Agents, Brokers and Managers, which operate their business in an innovative and/or experimental manner.

AI is presently being used in Bermuda to enhance certain insurance services, including cyber-underwriting services and the BMA recently licensed a British insuretech firm that seeks to apply smart contract technology to facilitate underwriting of digital asset risk and provide liquidity for insurance-linked securities trading.

The BMA also licensed a renowned international cryptocurrency exchange and custodian to launch the world’s first captive insurance company, thereby increasing its insurance capacity beyond the coverage currently available in the commercial insurance market, to facilitate the largest limit of insurance coverage by any crypto custodian in the world.

While the fintech regulatory framework is still in its infancy, the jurisdiction has seen an influx of technology businesses in the last 12 months, notwithstanding the global pandemic and its impact on start-ups.   As noted at question 16, Bermuda has, in particular, facilitated the emergence and development of cryptocurrency and DLT businesses such as a blockchain-based digital ID system and use of stablecoins, as well as providing an environment for insurance-related businesses to benefit from DLT (for instance, with the BMA licensing a Nasdaq Crypto Index ETF to trade on the Bermuda Stock Exchange, and the establishment of the world’s first captive to insure crypto custody).

Incumbent financial institutions do not appear, at the time of writing, to have implemented significant changes to suggest that they perceive a threat from incoming fintech companies for which they need to provide competing services, nor have they necessarily adapted in a manner which would facilitate collaboration with such fintechs. It is anticipated that the growth of the fintech industry will see existing financial institutions seek to collaborate more closely with those seeking to disrupt the market.  Local banking institutions are restricted not only by correspondent banking relationships but also by strict regulatory requirements.

Local financial services providers are largely avoiding the costs of innovation and leaving this to incoming entrepreneurs.  The government’s intention is to provide a space for emerging technologies to be tested, meaning that the jurisdiction is focussing heavily on the private sector, while trying to work closely with those companies to facilitate testing where possible (e.g. I.D. and payment services for tax etc). However, banking institutions are restricted not only by correspondent banking relationships but also by stricter regulatory requirements.

While there are no examples of significant disruption in Bermuda as yet, the legislative framework continues to be developed and is attracting start-ups and established fintech players to the island. As the government promotes innovative technology and facilitates its use in a controlled and regulated environment, major disruption will likely occur. However, even if such market disruption does not materialise in Bermuda in the short-term, the jurisdiction is paving the way for companies to roll out tested products to much bigger markets. Global financial hubs will therefore benefit from Bermuda’s proactive measures in facilitating the development and adoption of technology in finance.