Bermuda: Fintech

A ‘payment service provider’ is defined in Bermuda’s Proceeds of Crime (Anti-Money Laundering and Anti-Terrorist Financing) Amendment Regulations 2010 as “a person whose business includes the provision of services for the transfer of funds”. Pursuant to the Money Service Business Act 2016, a “payment service business” means a business that is licensed to provide and execute payment services to and for third parties by whatever means. Such licenses are issued by the Bermuda Monetary Authority (“BMA”) as the regulatory body with supervisory jurisdiction of Bermuda-based financial institutions. While the traditional financial institutions are governed by the Banks and Deposit Companies Act 1999 (as amended) (the “Banks Act”), The Digital Asset Business Act 2018 (“DABA”) governs businesses dealing with digital assets (including payment service businesses, custodians and electronic exchanges). The legislation covers the issuing, selling and redeeming of virtual coins, tokens or other digital assets to businesses, such that ICOs fall instead within scope of Digital Asset Issuance Act 2020 (“DAIA”) as discussed at question 15 below. The BMA can issue restricted licenses under the Banks Act (pursuant to the 2018 amendments) to enable businesses to provide banking services to DABA-licensed companies without the need for a physical presence in the jurisdiction.

Subject to some exceptions, section 2(2) of The Money Service Business Act 2016 defines a money service business as a business which provides services to the general public such as money transmission services; cashing cheques; issuing, selling or redeeming drafts, money orders or traveller’s cheques for cash; payment services business; and operating a foreign currency exchange. Any such business requires a license from the BMA, though institutions licensed under the Banks Act are exempted. As noted at question 1, DABA regulates businesses dealing with digital assets (defined broadly), whether based in or outside of Bermuda. Such businesses include, for instance, payment service providers and processors (using digital assets) and those whose business involves the issuing, exchange and custody of virtual coins and tokens (save where digital assets are offered to the public by way of an Initial Coin Offering, which would be governed by separate legislation as discussed at question 15).

While the legislative framework in Bermuda is progressive and the government encourages the development and adoption of technology in the financial sector, payment methods and instruments remain largely traditional. With a population of around 65,000 people, many of the so-called challenger banks are yet to reach Bermuda, and even digital wallets (such as ApplePay) remain largely under-utilised. Instead, companies and residents alike tend to use only fiat bank accounts and major debit and credit cards, with peer-to-peer payments therefore being less efficient and more costly than in other jurisdictions. That said, the Bermuda government has put measures in place to facilitate the use of cryptocurrency and, most notably in October 2019, announced its Currency Standard Initiative whereby it would accept payments in 1:1 US dollar-backed digital currencies that get licensed by the BMA. The first such stimulus token (USDC) can now be used to buy food and other essentials as part of a pilot program which commenced in July 2020.

While open banking has not yet been introduced in Bermuda, it is possible (if not likely in view of the government’s desire to see Bermuda become a leading fintech jurisdiction) that such data-sharing provisions will be implemented in due course. As the jurisdiction strives for greater corporate transparency generally, and with the implementation of modernised data protection provisions (as to which see Question 5) it is anticipated that consumers will in turn be afforded enhanced rights regarding their information, including authorising the transfer of such data to third party developers. Indeed, the BMA issued a Discussion Paper titled ‘A Conduct of Business Regulatory Framework for Bermuda’ on 19 August 2020 which, amongst other things, focused on the principles highlighted by the G20 and the Organisation for Economic Co-operation and Development (OECD)), including disclosure and transparency. While the Paper does not specifically refer to open banking, there is a clear indication that consumer rights need to be improved and access to information more readily facilitated.

The Personal Information Protection Act 2016 (PIPA) received Royal Assent on July 27, 2016 and governs the use of personal information by all Bermuda-based organisations, businesses and the government. However, the legislation is still not operative, notwithstanding the appointment of Bermuda’s first Privacy Commissioner (the data protection regulator) in January 2020. Bermuda businesses have therefore been afforded a transitional period during which they must implement appropriate measures and safeguards to achieve compliance with the legislation before it becomes fully operative. In the interim, local businesses that operate internationally (including by way of engaging overseas/international clients) must still be cognizant of international data protection legislation such as the General Data Protection Regulation (GDPR) and the U.S. Federal and State laws where applicable. When PIPA is fully operative, it will govern such practices as the collection, protection, use, transfer and destruction of personal information (and therefore will be of particular importance to financial services businesses).

Bermuda continues to enhance its regulatory framework to ensure that it is able to provide a safe and transparent test space for innovative products and services. The Regulatory Sandbox and Innovation Hub (both launched in 2018) continue to attract businesses and entrepreneurs to the jurisdiction for the purpose of testing and enhancing their products. This includes businesses utilising distributed ledger technology (DLT) (including digital asset businesses) and those developing Artificial Intelligence (AI)-based products/services for use in the financial services / insurance industry. The regulator (BMA) has issued both full and restricted licenses to a number of fintech businesses in recent years, including innovative tech start-ups and established international companies. The BMA also regularly issues Consultation Papers to industry professionals to ensure that it is amending the regulatory framework where necessary, so as to promote innovation for the benefit of consumers and negate or minimise the risks associated with the adoption of new technologies. The BMA also participates in conferences to promote discussion on emerging technologies including, for instance, the Bermuda Virtual Tech Summit in October 2021 – “Transforming the Digital Landscape” (part of Bermuda’s Tech Week) – where a host of major international fintech companies and renowned speakers explore issues such as innovation and regulation, developments in DLT, the adoption of AI and concerns surrounding data privacy. As well as its focus on stakeholder collaboration, operational excellence and regulatory oversight, the BMA also places great value in collaborative learning, and in February 2021 entered into its first Memorandum of Understanding with the Wyoming Division of Banking that creates a framework to establish and supervise digital asset entities across jurisdictions.

There is a catalogue of risks to the growth of fintech in any jurisdiction. Fraud and cyber theft threaten digital assets, and product failure is almost inevitable with so many new technologies. There are risks associated with DLT (such as key management), which remains in its infancy in terms of development and adoption, and with AI (such as bias and compromised/unreliable data pools from which machines learn), such that further regulation is likely to be required in the near future (particularly where consumer investment is involved). However, given Bermuda’s legislative framework and the regulator’s facilitation of transparency, trust and consumer protection, many of these risks are being minimised. By way of example, the BMA’s screening of license applications under DABA and DAIA means that the risk to investors and consumers is greatly reduced by the need of businesses to comply with strict disclosure and compliance measures (including enhanced KYC and AML requirements). Further, the government’s fintech regime is aimed at encouraging innovative ways around many of these risks – DLT is (predominantly) aimed at removing the trust element of transacting, meaning that its wide adoption could significantly reduce the risks of fraud and theft. By providing a regulated environment for the testing of these technologies, Bermuda is reducing the risk of innovative technologies being stymied or corrupted, not only in its own jurisdiction, but across the globe.

Digital assets (and transactions involving digital assets) are not subject to income tax, capital gains tax, withholding tax or other taxes in Bermuda (though foreign taxation laws may encapsulate such assets and transactions). A company incorporated in Bermuda shall be considered tax resident in the jurisdiction and thereby eligible for certain exemptions from the Minister of Finance in relation to taxes including imputed profits or income, capital gains tax and inheritance tax. However, any Bermuda company carrying on a relevant activity will be subject to The Economic Substance Act 2018 (and related Regulations).

Due to its status as a global leader in reinsurance, it is no surprise that insuretech has seen significant investment in recent years. For several years, Bermuda has been amongst the top (if not the top) jurisdiction for financial investment in fintechs, largely due to its reinsurance industry. Mostly this investment is at Series A level, with an increasing number of companies now at Series B. By way of example, in September 2021, Envelop Risk (a leading data-driven underwriting and risk analytics business) announced a Series B investment of $130 million led by SoftBank Vision Fund 2. The funds are to be used to develop proprietary machine-learning and data-driven underwriting activity in Bermuda (and London). There has also been investment in other technologies, including DLT (not just in relation to cryptocurrency or exclusively in the insurance sector) and AI.

Bermuda is one of the only jurisdictions in the world to implement a legislative framework that encourages the testing and development of innovative technology aimed at disrupting the financial services sector. Not only does it provide a regulatory sandbox to facilitate the use of fintech products in the real world, but its robust regulatory regime provides for transparency and investor/consumer confidence. Further, the island’s physical proximity (and ease of access to) major financial hubs such as New York and London, as well as its natural beauty and unparalleled lifestyle opportunities, makes it an attractive jurisdiction in which to physically establish a presence. The fintech regulator (BMA) is also incredibly proactive in conducting market consultations, releasing regular guidance to fintechs and (where necessary) pushing through legislative amendments to ensure that regulation tracks innovation. For instance, in its 2021 Business Plan, the BMA expressed its desire to see Bermuda equipped with a licensing regime that adequately supports the early stage of innovation, typically so critical to the success of fintech start-ups. Accordingly, the BMA has recommended enhancements to DABA to facilitate licensees conducting investment business.

As part of its plans to see the jurisdiction become a global leader in the fintech space, the Bermuda government has sought to attract both established players and innovative start-ups and individuals to the country. The Fintech Business Work Permit allows a fintech company that is new to the jurisdiction to receive automatic approval for up to five work permits in its first six months of operation under a Fintech Business Permit. Such Work Permits are issued to non-Bermudians for up to five years without the need to advertise locally, though they are restricted to non-protected positions (i.e. they should not be entry-level, graduate or trainee positions or fall within a restricted category). The Global Entrepreneur Work Permit (which may be issued for one year) allows a person to work and reside in Bermuda for such purposes as business planning, seeking government or regulatory approvals, meeting compliance or financial requirements or raising capital. While not exclusive to the Fintech industry, the recently introduced Work from Bermuda Visa allows those working (or studying) remotely from elsewhere to relocate to Bermuda for one year.

In its 2020 Business Plan, the BMA expressed its objective to develop a highly-skilled team to meet the demands of the future. This objective, it said, will be achieved by recruiting top-tier talent, upskilling and reskilling its current employees, and developing a sound succession plan for its leadership positions. Indeed, the regulator has sought to work with technology experts within the industry and has set out to recruit key fintech personnel to help drive the jurisdiction forward.

Intellectual Property protection is available for trademarks, patents, domain names, copyright and design. As with other common law jurisdictions, an infringed party can seek relief from the court in a variety of manners, including injunctive relief to prevent use of such IP, Anton Piller orders (which give the infringed party the right to search premises and seize evidence without prior warning), delivery up/destruction of infringing articles, damages and an account of profits. As an offshore jurisdiction with certain tax incentives, many companies establish entities as vehicles to hold intellectual property and collect income deriving from such IP (e.g. license fees). The framework in place provides these companies with protection in the event of an infringement.

The Bermuda government has embraced the development and use of cryptocurrencies to establish itself as a progressive and innovative jurisdiction that can act as a regulatory sandbox for the benefit of global innovation. Bermuda has enacted legislation in line with its vision and that includes a regulatory framework designed to facilitate the development and adoption of cryptocurrency/digital assets. Under DABA, a “digital asset” is defined broadly as anything that exists in binary format and comes with the right to use it and includes a digital representation of value that: (a) is used as a medium of exchange, unit of account, or store of value and is not legal tender, whether or not denominated in legal tender (for instance, so-called stablecoins); (b) is intended to represent assets such as debt or equity; (c) is otherwise intended to represent any assets or rights associated with such assets; or (d) is intended to provide access to an application or service or product by means of DLT; A “digital asset business” is defined as a business that provides any or all of the following digital asset business activities to the general public: (a) issuing, selling or redeeming virtual coins, tokens or any other form of digital asset; (b) operating as a payment service provider business utilising digital assets which includes the provision of services for the transfer of funds; (c) operating as an electronic exchange; (d) providing custodial wallet services; (e) operating as a digital asset services vendor. Each of the above definitions have been incorporated into DAIA which governs ICOs. The BMA can now issue three types of license to digital assets businesses, namely: Class T (Test Licence): for those seeking to test their proof of concept. This licence is issued for a defined period and is intended for pilot or beta testing purposes, allowing the licence-holder to develop a minimum viable product within the initial period and without the need to establish a physical presence in Bermuda^[1]; Class M (Modified) Licence: a restricted license for a specified period of time, often referred to as a “sandbox license”, issued to facilitate innovation and testing of new products and services in Bermuda; or Class F (Full Licence): for companies seeking to provide any or all of the DAB activities. Certain minimum licencing criteria must be met for the BMA to issue a licence under DABA.

Further, as noted at question 3 above, the Bermuda government implemented a Currency Standard Initiative to accept payments in 1:1 US dollar-backed digital currencies that get licensed by the BMA. The USDC stablecoin can therefore, since July 2020, be used to pay taxes and buy essentials as part of a pilot program.

Reference

^[1]   Only one such Class T licence has been issued by the BMA to date for a period of 6 months for the purposes of (i) operating as a digital asset exchange; and (ii) operating as a digital asset derivative exchange provider.

On May 6 2020, the Bermuda government enacted DAIA to replace the ICO regime and to facilitate the regulation of digital asset issuance by the BMA rather than the Ministry of Finance. In December 2020, the Digital Asset Issuance Rules 2020 (the “Issuance Rules”) became operative, setting out the explicit requirements as to how a digital asset issuance must be conducted.^[1] There are a number of hoops to jump through to be granted permission by the BMA to register as a digital assets business, most of which are similar to the previous regime (e.g. disclosure requirements and a detailed business plan). However, businesses must now also have a BMA-approved local representative to report to the BMA on various significant issues (matters such as compliance, solvency and disclosures) and once registered there are now strict KYC and AML/CTF measures that must be put in place. There are also, in certain instances, conditions and restrictions placed on the change and removal of officers and shareholders, and of course requirements for the safeguarding of digital assets.  A key reason for the introduction of DAIA was that, while Bermuda has its own regime, such laws do not avail businesses of the laws of other jurisdictions, including the U.S which has far-reaching jurisdiction in relation to its own citizens.^[2] Transparency and ongoing regulation is therefore paramount to facilitating the development and adoption of digital assets. Aside from ICOs, DABA covers the issuing, selling or redeeming of virtual coins, tokens or other digital assets to other businesses or individuals. Reference [1] Indeed, the Security and Exchange Commission (SEC) recently deemed a digital token issued from Bermuda (prior to the introduction of DAIA) as an unregistered security, resulting in the token being disabled and a substantial fine being levied against the issuer.

References

^[1]     The Issuance Rules introduced a minimum requirement of information for digital asset issuance – including a detailed description of the underlying project, the digital asset and the terms and conditions of the digital asset issuance – and ongoing disclosure requirements.

^[2]       Indeed, the Security and Exchange Commission (SEC) recently deemed a digital token issued from Bermuda (prior to the introduction of DAIA) as an unregistered security, resulting in the token being disabled and a substantial fine being levied against the issuer.

There are a number of live blockchain projects operating in and from Bermuda. Most notably, perhaps, the government of Bermuda introduced the digital stimulus token as a means to distribute financial aid to the country’s population at the start of the COVID-19 pandemic, allowing stablecoins to be used for the payment of taxes and purchase of essential products. It has also facilitated the development of cryptocurrency and DLT businesses such as a blockchain-based digital ID system, cryptocurrency exchanges and custodial wallet services, and has created an environment for insurance-related businesses to benefit from DLT (for instance, with the BMA licensing the world’s first captive to insure crypto custody).

In its 2020 Business Plan, the BMA observed that AI is changing the nature of work in a broad range of jobs and professions, including data-intensive functions of the BMA such that it had reduced its own operating costs. In its 2021 Business Plan, encouraged by the benefits of AI adoption, the BMA set out its intention to “further embed machine learning and AI into its supervisory processes, as well as implement a centralised data management strategy for a single version of truth (including data lakes/warehouses to aid data science and AI development)”.  In the private sector, the island has seen businesses adopt AI in a number of ways, e.g. by utilising roboadvisors for financial investment and in cyberunderwriting (e.g. analyzing economic, technical, historical and behavioural information to predict outcomes and analyse risk). Bermuda businesses will likely increase their use of AI in their financial services offerings, which will likely lead to increased regulation. Indeed, Bermuda has already implemented legislation which anticipates the continued development and adoption of AI technologies, for example, PIPA (discussed at question 5) anticipates the use of advanced data processing (e.g. using AI, facial recognition technology and/or automated decisions that could impact an individual). Regulation of AI will of course lead to increased compliance costs for businesses, but start-ups are presently well placed to exploit AI technologies to get a foothold in the market before the regulatory regime becomes complex and costly. Those adopting AI into their businesses now are also best placed to work with the government to guide policy, in circumstances where common technical standards will need to be implemented if governance is to be effective (e.g. as to data privacy – given that AI is contingent upon the mass processing of customer data- security, product safety, accuracy and managing social biases).

The Insurance Amendment Act, 2018 provided for an insurtech ‘regulatory sandbox’ to facilitate and encourage the supervised development and application of innovative technology in the insurance sector. The sandbox, together with the BMA’s Innovation Hub, has aided in the development of insuretech/Reinsuretech in Bermuda, with the Act providing for additional license classifications for Innovative Intermediaries, namely Insurance Agents, Brokers and Managers, which operate their business in an innovative and/or experimental manner. AI is presently being used in Bermuda to enhance certain insurance services, including cyber-underwriting services and the BMA recently licensed a British insuretech firm that seeks to apply smart contract technology to facilitate underwriting of digital asset risk and provide liquidity for insurance-linked securities trading. The BMA also licensed a renowned international cryptocurrency exchange and custodian to launch the world’s first captive insurance company, thereby increasing its insurance capacity beyond the coverage currently available in the commercial insurance market, to facilitate the largest limit of insurance coverage by any crypto custodian in the world. The Bermuda Business Development Agency also joined forces with InsureTech NY in early 2021 to provide start-ups from around the world with the opportunity to present their ideas to potential to early-stage investors and insurance leaders.

While the fintech regulatory framework is still in its infancy, the jurisdiction has seen an influx of technology businesses in the last 12 months, notwithstanding the global pandemic and its impact on start-ups. As noted at question 16, Bermuda has, in particular, facilitated the emergence and development of cryptocurrency and DLT businesses such as a blockchain-based digital ID system and various cryptocurrency exchanges, as well as providing an environment for insurance-related businesses to benefit from DLT (for instance, with the BMA licensing a Nasdaq Crypto Index ETF to trade on the Bermuda Stock Exchange, and the establishment of the world’s first captive to insure crypto custody).

Incumbent financial institutions do not appear, at the time of writing, to have implemented any significant changes which suggest they perceive a threat from incoming fintech companies for which they need to provide competing services, nor have they necessarily adapted in a manner which would facilitate collaboration with such fintechs. It is anticipated that the growth of the fintech industry will see existing financial institutions seek to collaborate more closely with those seeking to disrupt the market. Local banking institutions are restricted not only by correspondent banking relationships but also by strict regulatory requirements.

Local financial services providers are largely avoiding the costs of innovation and leaving this to incoming entrepreneurs. The government’s intention is to provide a space for emerging technologies to be tested, meaning that the jurisdiction is focussing heavily on the private sector, while trying to work closely with those companies to facilitate testing where possible (e.g. I.D. and payment services for tax etc). However, banking institutions are restricted not only by correspondent banking relationships but also by stricter regulatory requirements.

While there are no examples of significant disruption in Bermuda as yet, the legislative framework continues to be developed and is attracting start-ups and established fintech players to the island. As the government promotes innovative technology and facilitates its use in a controlled and regulated environment, major disruption will likely occur. However, even if such market disruption does not materialise in Bermuda in the short-term, the jurisdiction is paving the way for companies to roll out tested products to much bigger markets. Global financial hubs will therefore benefit from Bermuda’s proactive measures in facilitating the development and adoption of technology in finance.