No.

17 of 2022
VIRGIN ISLANDS
VIRTUAL ASSETS SERVICE PROVIDERS ACT, 2022
ARRANGEMENT OF SECTIONS

SECTION
PART I
PRELIMINARY
1. Short title and commencement
2. Interpretation
3. Application and prohibition
4. Powers of the Agency and the Commission

PART II
REGISTRATION REQUIREMENTS FOR VASPS

5. Prohibition against providing or engaging in transactions involving virtual

assets
6. Application for registration
7. Approval of registration
8. Duty to notify change in information provided
9. Change of name
10. Maintaining financially sound condition
11. Directors and senior officers
12. Appointment of authorised representative
13. Functions of an authorised representative
14. Appointment of auditor
15. Powers of Commission in relation to the appointment of auditor
16. Obligations of auditor
17. Audit and audit report
18. Submission of audit report and extension of time
19. Group financial statements

PART III
GENERAL OBLIGATIONS OF VASPS
20. Duty to report information
21. Disposition or acquisition of significant or controlling interest in a VASP
22. Maintenance of records
23. Client assets

1
24. Misleading advertisement, statement, etc.
25. AML/CFT compliance
26. Obligations in relation to the Commission

PART IV
VIRTUAL ASSETS CUSTODY AND EXCHANGE
Virtual Assets Custody Service
27. Virtual asset custody service: additional information required
28. Virtual asset custody service: conditions for registration
29. Obligations and restrictions
Virtual Assets Exchange
30. Virtual assets exchange: requirements
31. Virtual assets exchange: conditions for registration
32. Restrictions and prohibitions

PART V
PARTICIPATION IN THE REGULATORY SANDBOX
33. Interpretation for this Part
34. Application to provide innovative FinTech
35. Approval to provide innovative FinTech
36. Termination of approval as a Sandbox participant

PART VI
MISCELLANEOUS
37. Register.
38. Cancellation of registration.
39. Revocation of registration.
40. Existing licensees.
41. Appointment of compliance officer.
42. Enforcement powers.
43. General powers of the Commission.
44. Exemption.
45. Fees, charges, etc.
46. Offences and penalties.
47. Regulations.
48. Application of Regulatory Code.
49. Amendment of Schedule.
SCHEDULE

2
No. 17 of 2022 Virtual Assets Service Providers Act, 2022 Virgin
Islands

I ASSENT
(Sgd.) John Rankin CMG,
Governor.
23rd December, 2022

VIRGIN ISLANDS
No. 17 of 2022
AN ACT TO MAKE PROVISION FOR THE REGISTRATION AND
SUPERVISION OF VIRTUAL ASSETS SERVICE PROVIDERS IN RELATION
TO TRANSACTIONS INVOLVING VIRTUAL ASSETS; THE APPROVAL OF
PROVISION OF VIRTUAL ASSETS CUSTODY SERVICE; AND THE
APPROVAL OF VIRTUAL ASSETS EXCHANGES; AND TO PROVIDE FOR
OTHER MATTERS CONNECTED THEREWITH.
[Gazetted 29th December, 2022]

ENACTED by the Legislature of the Virgin Islands as follows:

PART I
PRELIMINARY

Short title and commencement

1. (1) This Act may be cited as the Virtual Assets Service Providers Act,
2022.
(2) This Act shall come into force on such date as the Minister may, by
Notice published in the Gazette, appoint.

Interpretation
2. (1) In this Act, unless the context otherwise requires
“advertisement” means any form of communication that
(a) relates to a specific offer to the public to subscribe for, or purchase,
virtual assets; and
(b) is intended to specifically promote the potential subscription or
purchase of virtual assets;
“Agency” means the Financial Investigation Agency established under section
3(1) of the Financial Investigation Agency Act, Revised Edition 2020;

3
“AMLTFCOP” means the Anti-money Laundering and Terrorist Financing Code
of Practice, Revised Edition 2020;
“AMLR” means the Anti-money Laundering Regulations, Revised Edition 2020;
“applicant” means a person who makes or submits an application for the
registration of a VASP under, or otherwise in compliance with a provision
of, this Act;
“Commission” means the Financial Services Commission established under
section 3(1) of the FSCA;
“controlling interest” means interest in an entity whereby
(a) the person holding the interest has an influence over the activities
of any undertaking of the entity without having a significant
interest in the undertaking; or
(b) a director or senior officer of the entity is accustomed to acting on
the instructions of the person;
“entity” means a person that is engaged in a relevant business within the meaning
of regulation 2(1) of the AMLR;
“FSCA” means the Financial Services Commission Act, Revised Edition 2020;
“financial services legislation” has the meaning ascribed to it under section 2(1)
of the FSCA;
“Internet site”, in relation to the Commission, means the primary public access
Internet site for the time being maintained by, or on behalf of, the
Commission;
“licensee” means a person licensed, approved or otherwise authorised by the
Commission under the FSCA or a regulatory legislation specified in Part I
of Schedule 2 of the FSCA;
“money laundering” has the meaning ascribed to it in section 2(1) of the Financial
Investigation Act, Revised Edition 2020;
“proliferation financing” has the meaning ascribed to it in section 6 of the
Proliferation Financing (Prohibition) Act, No. 20 of 2021;
“senior officer” has the meaning ascribed to it under section 4 of the Regulatory
Code, Revised Edition 2020, and the reference therein to “licensee” shall
be construed to include a VASP issued with a certificate of registration
under section 7(3)(a);
“significant interest”, in relation to an entity, means a holding or interest in the
entity or any holding company of the entity held or owned by a person,
either alone or with any other person and whether legally or equitably, that
entitles or enables the person, directly or indirectly to
(a) control ten percent or more of the voting rights of that entity at a
meeting of the entity or of its members;
(b) a share of ten percent or more in any distribution (if applicable)
made by the entity;
(c) a share of ten percent or more in any distribution (if applicable) of
the surplus assets of the entity; or

4
 (d) appoint or remove one or more directors of the entity;
“terrorist financing” has the meaning ascribed to it in section 2(1) of the Financial
Investigation Agency Act, Revised Edition 2020;
“virtual asset” means a digital representation of value that can be digitally traded
or transferred, and can be used for payment or investment purposes, but
does not include
(a) digital representations of fiat currencies and other assets or matters
specified in the Guidelines; or
(b) a digital record of a credit against a financial institution of fiat
currency, securities or other financial assets that can be transferred
digitally;
“virtual assets custody service” means the acceptance for safekeeping of virtual
assets or instruments that enable a VASP to exercise control over the virtual
assets or instruments;
“virtual assets exchange” means a trading platform that is operated for the purpose
of allowing an offer or invitation to be made to buy or sell any virtual asset
in exchange for money or any virtual asset and which comes into custody,
control, power or possession of, or over, any money or any virtual asset at
any point in time during its course of business;
“virtual assets service” means the business of engaging, on behalf of another
person, in any VASP activity or operation (as outlined in the definition of
“VASP”), and includes
(a) hosting wallets or maintaining custody or control over another
person’s virtual asset, wallet or private key;
(b) providing financial services relating to the issuance, offer or sale of
a virtual asset;
(c) providing kiosks (such as automatic teller machines, bitcoin teller
machines or vending machines) for the purpose of facilitating
virtual assets activities through electronic terminals to enable the
owner or operator of the kiosk to actively facilitate the exchange of
virtual assets for fiat currency or other virtual assets; or
(d) engaging in any other activity that, under guidelines issued
pursuant to section 41A of the FSCA, constitutes the carrying on
of the business of providing virtual asset service or issuing virtual
assets or being involved in virtual asset activity;
“VASP”, subject to subsections (2), means a virtual asset service provider who
provides, as a business, a virtual assets service and is registered under this
Act to conduct one or more of the following activities or operations for or
on behalf of another person
(a) exchange between virtual assets and fiat currencies;
(b) exchange between one or more forms of virtual assets;
(c) transfer of virtual assets, where the transfer relates to conducting a
transaction on behalf of another person that moves a virtual asset
from one virtual asset address or account to another;

5
 (d) safekeeping or administration of virtual assets or instruments
enabling control over virtual assets;
(e) participation in, and provision of, financial services related to an
issuer’s offer or sale of a virtual asset; or
(f) perform such other activity or operation as may be specified in this
Act or as may be prescribed by regulations made under section 47.
(2) A person who engages in or performs any of the following activities
shall not qualify or be treated as a VASP
(a) providing ancillary infrastructure to allow another person to offer a
service, such as cloud data storage provider or integrity service
provider responsible for verifying the accuracy of signatures;
(b) providing service as a software developer or provider of unhosted
wallets whose function is only to develop or sell software or
hardware;
(c) solely creating or selling a software application or virtual asset
platform;
(d) providing ancillary services or products to a virtual asset network,
including the provision of services like hardware wallet
manufacturer or provider of unhosted wallets, to the extent that
such services do not extend to engaging in or actively facilitating
as a business any of those services for or on behalf of another
person;
(e) solely engaging in the operation of a virtual asset network without
engaging or facilitating any of the activities or operations of a
VASP on behalf of customers;
(f) providing closed-loop items that are non-transferable, non-
exchangeable, and which cannot be used for payment or investment
purposes; and
(g) accepting virtual assets as payment for goods and services (such as
the acceptance of virtual assets by a merchant when effecting the
purchase of goods).
(3) The reference to funds or value-based terms, such as “property”,
“proceeds”, “funds”, “funds or other assets” and “corresponding value” contained
in any financial services legislation, Financial Investigation Agency Act, Revised
Edition 2020, or any other enactment relating to money laundering, terrorist
financing and proliferation financing shall be construed to include virtual assets
with such modifications as may be necessary.
(4) The reference in the FSCA and any regulations made thereunder to
“licence” and “licensee” shall be construed as applying to a VASP, unless the
context otherwise dictates.
(5) Guidelines issued by the Commission under section 41A of the FSCA
may provide guidance on what constitutes providing or participating in financial
services for purposes of paragraph (b) of the definition of “virtual assets”, and
paragraph (e) of the definition of “VASP”, in subsection (1).

6
 (6) Where provision is made in this Act for the giving of notice, submitting
an application, or in any other way communicating any matter without specifying
how such notice, application or communication must be given, made or delivered,
the notice, application or other communication shall be given, made or delivered
in writing, which may be in electronic form if delivered to the correct address.

Application and prohibition

3. (1) This Act
(a) applies to all entities operating in or from within the Virgin Islands
that qualify and are registered as VASPs in accordance with the
provisions of this Act; and
(b) qualifies and shall be treated as financial services legislation under
Part I of Schedule 2 of the FSCA, but the provisions of the FSCA
shall apply only to the extent that the subject matter of application
is not addressed under this Act.
(2) The provisions of the Proceeds of Criminal Conduct Act, Revised
Edition 2020, Proliferation Financing (Prohibition) Act, No. 20 of 2021, Counter
Terrorism Act, No. 33 of 2021, AMLR, AMLTFCOP and other enactments
relating to money laundering, terrorist financing and proliferation financing shall,
unless otherwise stated, apply to virtual assets and VASPs as they apply to entities
and, if need be, with such modification as may be necessary to ensure full and
appropriate application to virtual assets and VASPs.

Powers of the Agency and the Commission

4. (1) The Agency shall have and may exercise any of its powers under the
Financial Investigation Agency Act, Revised Edition 2020, and any other powers
under an enactment dealing with money laundering, terrorist financing and
proliferation financing in relation to virtual assets and VASPs in so far as those
powers are exercisable with respect to an entity.
(2) The Commission shall have and may exercise any of its powers under
the FSCA and any other powers under an enactment dealing with money
laundering, terrorist financing and proliferation financing in relation to virtual
assets and VASPs as those powers are exercisable with respect to an entity that is
licensed by the Commission.
(3) For purposes of subsections (1) and (2), the absence of any reference to
virtual assets or VASPs in any of the enactments referred to in those subsections
shall not be construed as ousting the jurisdiction of the Agency or the Commission,
as the case may be, to exercise the powers exercisable under those enactments in
relation to virtual assets and VASPs.

7
 PART II
REGISTRATION AND REQUIREMENTS FOR VASPS

Prohibition against providing or engaging in transactions involving

virtual assets
5. (1) No person shall carry on in or from within the Virgin Islands the
business of providing a virtual asset service without being registered by the
Commission in that regard.
(2) An individual shall not carry on, or hold himself or herself out as
carrying on, in or from within the Virgin Islands, virtual assets service as a
business or in the course of business.
(3) For the purposes of, but without limiting, subsection (1), a person
carries on virtual assets service in the Virgin Islands if he or she occupies premises
in the Virgin Islands for the purpose of carrying on a virtual assets service.
(4) A BVI business company that carries on, or holds itself out as carrying
on or being able to carry on, a virtual assets service outside the Virgin Islands is
deemed to be carrying on the business of providing a virtual assets service from
within the Virgin Islands.
(5) Subsection (1) does not apply to a person excluded in such
circumstances and to such extent as may be prescribed in regulations made under
section 47.

Application for registration

6. (1) A person who wishes to carry on in or from within the Virgin Islands the
business of providing a virtual asset service (“the applicant”) may apply to the
Commission for registration as a VASP to undertake such business in one or more
of the following categories
(a) to carry on the business of providing a virtual assets service;
(b) to engage in the business of providing a virtual assets custody
service; and
(c) to operate a virtual assets exchange.
(2) Where a person wishes to carry on the business of providing a virtual
assets custody service or operate a virtual assets exchange, the person shall, in
addition to complying with the requirements of this Part and Part III, comply with
the requirements of Part IV as applicable.
(3) An application under subsection (1) shall be in such form as the
Commission may determine and publish on the Internet site.
(4) Without prejudice to subsection (3), the applicant under subsection (1)
shall, subject to subsection (7), provide the following information together with
the application
(a) the names and addresses of the persons proposed as directors and
senior officers of the VASP;
(b) the names and addresses of the persons who hold shares, including
their level of shareholding in the VASP;

8
 (c) the names and addresses of the persons who have a controlling
interest in the VASP;
(d) the physical address in the Virgin Islands of the VASP;
(e) the name and address of the auditor of the VASP, including the
auditor’s consent to act as such;
(f) the name and address of the proposed authorised representative of
the VASP;
(g) a business plan in relation to the VASP which shall, at minimum,
include the following
(i) the knowledge, expertise and experience of the person
applying for registration;
(ii) detailed information on the nature, size, scope and complexity
of the VASP, the underlying technology intended to be used,
method of delivery of the virtual asset service and the virtual
asset to be utilised;
(iii) information on how the VASP will be marketed and the
expected source of business;
(iv) information on the anticipated human resource capacity of the
VASP at commencement of business and in the long term;
(v) any planned outsourcing arrangements and the systems to be
put in place to govern such outsourcing arrangements; and
(vii) an indication of the initial capital and financial projections of
the VASP covering the first three years of operation, including
projected set-up costs;
(h) a written risk assessment of the VASP, outlining the risks the
VASP will or may be exposed to and specifying how those risks
are to be identified, measured, assessed, monitored, controlled and
reported;
(i) a written manual showing how the applicant, if granted
registration, intends to comply with the requirements of this Act
and any regulations made thereunder, including how the applicant
intends to safeguard against the activities of money laundering,
terrorist financing and proliferation financing;
(j) the internal safeguards and data protection (including cyber
security) systems intended to be utilized; and
(k) the system to be put in place on how the VASP will handle client
assets, custodian relationships and complaints.
(5) For the purposes of processing an application for the registration of a
VASP, the Commission may, in addition to the information provided under
subsection (4), require such additional information as it considers appropriate and
within such period as the Commission determines.
(6) Where the Commission forms the view that, in relation to an
application under subsection (1), any information required under subsection (4)

9
has not been provided, it shall notify the applicant to provide the information
within such period as the Commission determines.
(7) Where, subject to the receipt of an application in that regard, the
Commission forms the view that, having regard to the type and nature of the
business of the applicant, a requirement outlined in subsection (4) should not
apply, the Commission may, in writing, waive that requirement in respect of the
applicant.
(8) Subject to a waiver by the Commission of a requirement pursuant to
subsection (7), an application for the registration of a VASP under this section
which fails to provide all the information required under subsection (4), or any
additional information or missing information respectively required under
subsection (5) or (6), within the prescribed period, shall be considered incomplete
and abandoned.

Approval of registration
7. (1) Subject to subsection (2), the Commission may approve an application
for the registration of a VASP if the Commission is satisfied that
(a) the applicant satisfies the requirements of this Act and any
regulations made thereunder and the provisions of the Regulatory
Code, Revised Edition 2020, applicable to the applicant;
(b) the applicant intends, if registered as a VASP, to carry on the
business for which it is to be registered;
(c) the auditor of the proposed VASP has consented to so act and is
approved by the Commission;
(d) the proposed VASP and its directors, senior officers and persons
with a significant interest or controlling interest in the proposed
VASP meet the fit and proper criteria outlined in Schedule 1A of
the Regulatory Code, Revised Edition 2020;
(e) the organisation, management and financial resources of the
proposed VASP are, or on registration will be, adequate for the
carrying on of the VASP business;
(f) the applicant, if registered as a VASP, has or will have the ability
and capacity to manage and mitigate the risks of engaging in the
VASP’s business activities, including the detection and prevention
of activities that involve the use of anonymity-enhancing
technologies or mechanisms (such as mixers, tumblers and similar
technologies) that obfuscate the identity of the sender, recipient,
holder or beneficial owner of a virtual asset; and
(g) registering the VASP is not against the public interest.
(2) Without limiting subsection (1), the Commission may refuse to register
an applicant as a VASP if it forms the opinion that a person having a share or other
interest in the applicant, whether significant, controlling or otherwise or legal or
equitable, does not satisfy the fit and proper criteria outlined in Schedule 1A of
the Regulatory Code, Revised Edition 2020.
(3) Where the Commission approves an application for registration under
subsection (1), it

10
 (a) shall register the applicant and issue a certificate of registration in
such form as it considers appropriate; and
(b) may impose such conditions on the registration as it considers
appropriate.
(4) Where the Commission does not approve an application under
subsection (1) for registration as a VASP, it shall so inform the applicant in writing
giving the Commission’s reason for the refusal.

Duty to notify change in information provided

8. (1) Where, prior to the approval and registration of an application under
section 7, there is a material change in the information provided to the
Commission under section 6, the applicant shall forthwith notify the Commission
of that fact.
(2) Where, after the approval and registration of an application under
section 7, there is a material change in the information provided to the
Commission under section 6 or any other change which is likely to materially
affect the basis on which an applicant was approved and registered, the applicant
shall forthwith notify the Commission of that fact indicating
(a) the nature and scope of the change;
(b) the reason for, or circumstance that gave rise to, the change;
(c) whether or not the change is likely to materially affect the business
of the VASP; and
(d) in the case of a change in the information provided under section
6(4) and, if applicable, section 6(5), the reason for the change.
(3) Where the Commission is notified of any change under subsection (1)
or (2), it may issue such directive and exercise such power, including the power
to deregister the registered VASP, as it considers appropriate, having regard to the
requirements of this Act and any regulations made thereunder, the FSCA and the
applicable provisions of the Regulatory Code, Revised Edition 2020.

Change of name
9. (1) A VASP that is registered in accordance with this Act shall not, without
the prior approval of the Commission, change its corporate name or the name
under which it carries on business.
(2) An application by a VASP to change its name shall be addressed to the
Commission
(a) giving reasons for the proposed change of name;
(b) indicating whether or not the proposed change in name will or is
likely to affect the nature or type of business for which the VASP
was registered by the Commission; and
(c) providing such additional information as may be necessary in
assisting the Commission to properly and fully assess the
application for change of name.
(3) Without prejudice to subsection (2), the Commission may, by notice
and within such period as is provided in the notice, direct a VASP to change the

11
name under which it carries on business if the Commission is of the opinion that
the name
(a) is identical to that of any other person, whether within or outside
the Virgin Islands, or which so nearly resembles that name as to be
likely to confuse or deceive; or
(b) is otherwise misleading or undesirable.

Maintaining financially sound condition

10. (1) A VASP shall, at all times, maintain its business in a financially sound
condition by
(a) having assets;
(b) providing for its liabilities; and
(c) generally conducting its business,
so as to be in a position to meet its liabilities as they fall due.
(2) If a VASP forms the opinion that it does not comply with subsection
(1), it shall forthwith notify the Commission in writing.

Directors and senior officers

11. (1) Subject to subsection (2), every VASP shall have at least 2 individual
directors.
(2) The Commission may at any time, having regard to the nature and risk
associated with a VASP, require the VASP to have an individual director
physically resident in the Virgin Islands if it does not already have one.
(3) No VASP shall appoint a director or senior officer without the prior
written approval of the Commission.
(4) The Commission shall not grant approval under subsection (3) unless
it is satisfied that the person proposed for appointment as a director or senior
officer
(a) satisfies the fit and proper criterial set out in Schedule 1A of the
Regulatory Code, Revised Edition 2020; and
(b) complies with the requirements of any guidelines issued by the
Commission relating to the approval of directors and senior
officers.
(5) For the purposes of subsection (1), a director is considered to be
physically resident in the Virgin Islands if, during the course of the year, the
cumulative period of the director’s absence (if any) from the Virgin Islands does
not exceed 120 days.

Appointment of authorised representative

12. (1) A VASP shall appoint and at all times have an authorised representative
who shall be a person approved by the Commission.
(2) Subject to subsections (3), (4) and (5), a person qualifies to be
considered for approval as an authorised representative if

12
 (a) the person submits an application to the Commission seeking such
approval; and
(b) the person is
(i) a BVI business company incorporated or registered under the
BVI Business Companies Act, Revised Edition 2020;
(ii) a partnership formed under the Partnership Act, Revised
Edition 2020, or the Limited Partnership Act, Revised Edition
2020; or
(iii) an individual who is physically resident in the Virgin Islands,
and has knowledge of virtual assets service or management skills related to risks,
whether in relation to VASPs or otherwise as the Commission considers relevant.
(3) The Commission may, upon receipt of an application for the approval
of a person as an authorised representative of a VASP under subsection (2)(a),
approve the application if it is satisfied that
(a) the person satisfies any of the requirements outlined in subsection
(2)(b);
(b) the person meets the fit and proper criteria outlined in Schedule 1A
of the Regulatory Code, Revised Edition 2020;
(c) where the person is a BVI business company, the company’s
directors and senior officers and any other person having a
significant interest or controlling interest in the company satisfy
the fit and proper criteria outlined in Schedule 1A of the Regulatory
Code, Revised Edition 2020;
(d) where the person is a partnership, the partners satisfy the fit and
proper criteria outlined in Schedule 1A of the Regulatory Code,
Revised Edition 2020; and
(e) approving the person is not against the public interest.
(4) A person who has been certified as an authorised representative in
accordance with section 64 of the Securities and Investment Business Act, Revised
Edition 2020, may, subject to complying with subsection (2)(a), be approved by
the Commission as an authorised representative under this section.
(5) The Commission may refuse to approve an application for the
appointment of an authorised representative of a VASP if the Commission is of
the opinion that the person that is the subject of the application does not satisfy
the fit and proper criteria outlined in Schedule 1A of the Regulatory Code, Revised
Edition 2020.
(6) This section and section 13 do not apply in respect of a VASP that has
a significant management presence in the Virgin Islands.
(7) Where an authorised representative resigns or has his or her
appointment terminated or the office of authorised representative becomes vacant
for any reason, the VASP concerned does not commit an offence if it appoints
another authorised representative approved in accordance with this section within
21 days of the date of the previous authorised representative ceasing to so act.

13
 (8) In reckoning the 21 days period under subsection (7), the period during
which an application is pending before the Commission for approval shall not be
counted.
(9) No person shall act, or hold himself or herself out as acting, as an
authorised representative of a VASP unless the person has been approved by the
Commission and appointed as such by a VASP.
(10) For purposes of subsection (6) and section 13(2), the Commission shall
prescribe in the Regulatory Code, Revised Edition 2020, the criteria for what
constitutes significant management presence in the Virgin Islands.

Functions of an authorised representative

13. (1) An authorised representative of a VASP shall perform the following
functions
(a) act as the main intermediary between the VASP that he or she
represents and the Commission;
(b) accept service of notices and other documents on behalf of the
VASP that he or she represents; and
(c) keep in the authorised representative’s office in the Virgin Islands
such records, or copies of such records, as may be prescribed in the
Regulatory Code, Revised Edition 2020, or in regulations made
under section 47.
(2) Except in relation to a VASP that has a significant management
presence in the Virgin Islands and as may otherwise be provided in regulations
made under section 47, all documents to be submitted, or fees to be paid, by a
VASP to the Commission shall be submitted or paid by its authorised
representative.

Appointment of auditor
14. (1) Subject to subsection (2), a VASP shall appoint and at all times have
an auditor for the purposes of auditing its financial statements.
(2) The Commission may, in exercise of the powers conferred by section
40C of the FSCA, exempt a VASP from the requirement to appoint and have an
auditor.
(3) A person shall not be appointed auditor under subsection (1) unless he
or she
(a) is qualified under the Regulatory Code, Revised Edition 2020, to
act as auditor of a licensee;
(b) has consented to act as auditor of the VASP; and
(c) has been approved by the Commission.
(4) Subject to subsection (5), the Commission may approve the
appointment of a person as an auditor under subsection (1), if it is satisfied that
the person has met the requirements of subsection (3)(a) and (b) and has sufficient
experience and is competent to audit the financial statements of the VASP.
(5) The approval by the Commission of the appointment of an auditor
under subsection (4) is not required if

14
 (a) the auditor appointed in respect of a financial year acted as auditor
of the VASP in the previous financial year; and
(b) the Commission has not revoked its approval of the appointment of
the auditor by the VASP.
(6) A VASP shall, within 14 days of the appointment of its auditor, submit
a notice of appointment to the Commission.
(7) A VASP shall make such arrangements as are necessary to enable its
auditor to audit its financial statements in accordance with the requirements of this
Act, the Regulatory Code, Revised Edition 2020, and any regulations made under
section 47 including, as the auditor may reasonably require for the purposes of the
audit
(a) by giving the auditor a right of access at all reasonable times to its
financial records and all other documents and records; and
(b) by providing the auditor with such information and explanations as
the auditor may request.
(8) Where a person ceases to be the auditor of a VASP, the VASP does not
contravene subsection (1) if it appoints another auditor in accordance with this
section within 2 months of the date that the person who was previously appointed
auditor ceased to hold that appointment.

Powers of Commission in relation to the appointment of auditor

15. (1) Where the Commission is satisfied that the auditor of a VASP has failed
to fulfil his or her obligations under this Act or is otherwise not a fit and proper
person, in accordance with Schedule 1A of the Regulatory Code, Revised Edition
2020, to act as the auditor of the VASP, it may, by notice to the VASP, revoke the
approval of the appointment of the auditor.
(2) Where a VASP receives a notice under subsection (1) revoking the
approval of appointment of its auditor, the VASP shall
(a) provide the auditor with a copy of the notice; and
(b) appoint a new auditor in accordance with section 14.
(3) If a VASP fails to appoint a new auditor as required under subsection
(1), the Commission may appoint an auditor for the VASP, and an auditor so
appointed shall be deemed, for the purposes of this Act, to have been appointed
by the VASP.

Obligations of auditor
16. (1) Notwithstanding anything to the contrary contained in any other
enactment, the auditor of a VASP shall report immediately to the Commission any
information relating to the affairs of the VASP that he or she has obtained in the
course of acting as its auditor that, in his or her opinion, suggests that
(a) the VASP is insolvent or is likely to become insolvent or is likely
to be unable to meet its obligations as they fall due;
(b) the VASP is operating in a manner that may be detrimental to the
interest of its clients;

15
 (c) the VASP no longer meets any of the conditions outlined in section
7(1);
(d) the VASP is no longer compliant with the requirement of section
10;
(e) the VASP has significant weaknesses in its internal controls which
render it vulnerable to significant risks or exposures that have the
potential to jeopardise its financial viability;
(f) an offence has been or is being committed by the VASP in
connection with its business; or
(g) serious breaches of this Act or the Regulatory Code, Revised
Edition 2020, or such enactments, guidelines or Codes relating to
money laundering, terrorist financing or proliferation financing as
may be enacted, issued or prescribed have occurred in respect of
the VASP or in connection with its business.
(2) Where a VASP terminates the appointment of an auditor or an auditor
resigns, the auditor shall
(a) forthwith inform the Commission of the termination of his or her
appointment or his or her resignation, and disclose to the
Commission the circumstances that gave rise to such termination
or resignation; and
(b) if, but for the termination of his or her appointment or his or her
resignation, he or she would have reported information to the
Commission under subsection (1), he or she shall report the
information concerned to the Commission as if his or her
appointment had not been terminated or he or she had not resigned.
(3) The Commission may require an auditor of a VASP to discuss any audit
the auditor has conducted or commenced with, or provide additional information
regarding the audit to, the Commission.
(4) Where, in good faith, an auditor or former auditor provides any
information to the Commission in accordance with this section, the auditor is
deemed not to be in contravention of this Act or any other enactment, or rule of
law, agreement or professional code of conduct to which he or she is subject and
no civil, criminal or disciplinary proceedings shall lie against him or her in respect
thereof.
(5) The failure, in good faith, of an auditor or former auditor to provide a
report or any information to the Commission pursuant to this section does not
confer upon any other person a right of action against the auditor which, but for
that failure, that other person would not have had.

Audit and audit report

17. (1) An auditor shall carry out sufficient investigation to enable him or her
to form an opinion on the financial statements of a VASP and prepare an audit
report, in compliance with Division 6 of Part II of the Regulatory Code, Revised
Edition 2020, and any regulations made under section 47.
(2) The auditor shall, upon completion of his or her audit of the financial
statements of a VASP, provide an audit report to the VASP complying with the

16
provisions of Division 6 of Part II of the Regulatory Code, Revised Edition 2020,
and any regulations made under section 47.
(3) The Commission may at any time, by notice in writing, direct a VASP
to supply the Commission with a report, prepared by its auditor or such other
person as may be nominated by the Commission, on such matters as the
Commission may determine, which may include an opinion on the adequacy of
the accounting systems and controls of the VASP.
(4) A report prepared under subsection (3) shall be at the cost of the VASP.

Submission of audit report and extension of time

18. (1) A VASP shall, within 6 months of the end of its financial year, submit
a copy of its auditor’s report in respect of the VASP’s financial statements to the
Commission.
(2) The Commission may, on the application of a VASP, extend the time
for compliance with subsection (1) for a period of, or where it grants more than
one extension for an aggregate period not exceeding, 6 months.
(3) An extension under subsection (2) may be granted subject to such
conditions as the Commission considers appropriate.

Group financial statements

19. (1) Where a VASP is a member of a group of companies, the VASP may
submit to the Commission its group financial statements, so long as those
statements are presented in a manner that would enable a proper evaluation of the
VASP’s financial position.
(2) The Commission may require the group financial statements to be
audited by the auditor of the VASP or by another auditor approved by the
Commission.

PART III
GENERAL OBLIGATIONS OF VASPS

Duty to report information

20. (1) A VASP shall report to the Commission such information, within such
time, and verified in such manner, as the Commission may prescribe in writing,
including information on the following:
(a) the level of compliance with the requirements of this Act;
(b) the level of exposure of clients;
(c) a summary of the VASP’s clients by geographical location;
(d) the financial position of the VASP;
(e) the risks encountered and how they have been resolved or are being
resolved, including whether there has been any financial or other
loss;

17
 (f) the VASP’s key performance indicators, achievements and any
relevant statistical information;
(g) any significant complaints by clients and how such complaints
have been resolved; and
(h) where a significant complaint by a client has not been resolved, the
plan put in place to resolve the client’s complaint.
(2) Where the Commission considers that any information reported by a
VASP is inaccurate or is not verified in the prescribed manner, it may, by written
notice and within such time as it may specify, require the VASP to report amended
or additional information to the Commission or to verify the information in such
manner as may be specified in the written notice.

Disposition or acquisition of significant or controlling interest in a

VASP
21. (1) A person owning or holding a significant interest controlling interest in
a VASP shall not, whether directly or indirectly, sell, transfer, charge or otherwise
dispose of his or her interest in the VASP, or any part of his or her interest , unless
the prior written approval of the Commission has been obtained.
(2) A person shall not, whether directly or indirectly, acquire a significant
interest or controlling interest in a VASP unless the prior written approval of the
Commission has been obtained.
(3) A VASP shall not, unless the prior written approval of the Commission
has been obtained
(a) cause, permit or acquiesce in a sale, transfer, charge or other
disposition referred to in subsection (1); or
(b) issue or allot any shares or cause, permit or acquiesce in any other
reorganisation of its share capital that results in
(i) a person acquiring a significant interest or controlling interest
in the VASP; or
(ii) a person who already owns or holds a significant interest or
controlling interest in the VASP, increasing or decreasing the
size of his or her interest.
(4) Where a sale, transfer, charge or other disposition referred to in
subsection (1) takes place, the VASP shall, for the purposes of subsection (3), be
deemed to have caused, permitted or acquiesced in the sale, transfer, charge or
other disposition referred to in subsection (1).
(5) An application to the Commission for approval under subsection (1),
(2) or (3) shall be made by the VASP, and any fees payable for the application and
any approval of the application in that regard shall be paid by the VASP.
(6) The Commission shall not grant approval under subsection (1), (2) or
(3) unless it is satisfied that, following the acquisition or disposition, any person
who will acquire a significant interest or controlling interest in the VASP satisfies
the fitness and propriety criteria outlined in Schedule 1A of the Regulatory Code,
Revised Edition 2020.

18
 (7) Where the Commission, in the exercise of its powers under the FSCA
or any other enactment, is minded to take enforcement action for the breach of
subsection (1), (2) or (3), such enforcement action may be taken against the VASP
if the VASP has caused, permitted or acquiesced in the sale, transfer, charge or
other disposition or in the acquisition as referred to in the subsection.
(8) This section shall not apply to a VASP that is listed on a recognised
exchange.
(9) For the purposes of subsection (8), “recognised exchange” means an
exchange that is listed in the Regulatory Code (Recognised Exchanges) Notice,
Revised Edition 2020.

Maintenance of records
22. (1) A VASP shall keep records that are sufficient to
(a) show and explain its transactions;
(b) enable its financial position to be determined with reasonable
accuracy;
(c) enable it to prepare such financial statements and make such returns
as it is required to prepare and make under this Act or any other
financial services legislation;
(d) enable its financial statements to be audited in accordance with the
provisions of this Act;
(e) show any complaints made by its clients and how such complaints
have been dealt with; and
(f) show the steps it takes to guard against the activities of money
laundering, terrorist financing and proliferation financing.
(2) In addition to maintaining the records specified in subsection (1), a
VASP shall record and maintain all customer due diligence information in respect
of its clients in accordance with the requirements of any enactment relating to
money laundering, terrorist financing and proliferation financing.
(3) The records referred to in subsection (1) shall be maintained in a form
that they can be easily retrievable, and a retrievable form may consist of
(a) an original copy or a certified copy of an original copy;
(b) microform;
(c) a computerized or other electronic data; or
(d) a scanned document of the original document which is certified
where necessary.
(4) A VASP shall retain the records required to be maintained under this
Act and any other enactment relating to money laundering, terrorist financing and
proliferation financing for a period of at least 5 years.
(5) For the purposes of subsection (4), the 5-year period shall
(a) in the case of records required under this Act, be reckoned to
commence from the date of termination of a business relationship

19
 (as defined in regulation 2 of the AMLR) to which the records
relate; and
(b) in the case of records relating to money laundering, terrorist
financing and proliferation financing, be reckoned in accordance
with the requirements of the AMLR and AMLTFCOP.
(6) Subsections (4) and (5) apply to a VASP after the cancellation or
revocation of its registration as if its registration had not been cancelled or
revoked.

Client assets
23. A VASP shall
(a) ensure that client assets are identified, or identifiable, and
appropriately segregated and accounted for;
(b) make arrangements for the proper protection of client assets; and
(c) immediately notify
(i) any client whose asset has in any way been unlawfully
interfered with or otherwise compromised, upon becoming
aware of such interference; and
(ii) the Commission regarding the event mentioned in
subparagraph (i); and
(d) in relation to paragraph (c), inform the client and the Commission
of the steps the VASP has taken or is taking to restore the client’s
assets and protect the assets from any further unlawful interference
or from otherwise being compromised.

Misleading advertisement, statements, etc

24. (1) A VASP shall not, in relation to any activity that involves the business
of the exchange, transfer, safekeeping, administration, or participation in, or
provision of, virtual assets, whether or not carried on by the VASP and whether
or not the activity is one the VASP is authorised to carry on, or in relation to any
virtual asset business
(a) issue, or cause or permit to be issued, an advertisement, brochure
or similar document or make, or cause or permit to be made, a
statement, promise or forecast, which the VASP knows, in a
material particular
(i) is false or misleading; or
(ii) contains an incorrect statement of fact;
(b) issue, or cause or permit to be issued, an advertisement, brochure
or similar document or make, or cause or permit to be made, a
statement, promise or forecast, where the VASP is reckless as to
whether the advertisement, brochure, document, statement,
promise or forecast, in a material particular
(i) is false or misleading; or
(ii) contains an incorrect statement of fact; or

20
 (c) dishonestly conceal a material fact, whether in connection with an
advertisement, brochure or similar document, statement, promise
or forecast, or otherwise.
(2) If the Commission is of the opinion that an advertisement, brochure or
other similar document issued, or to be issued, or a statement, promise or forecast
made, or to be made, by or on behalf of a VASP contravenes subsection (1) or is
contrary to the public interest, it may
(a) direct the VASP in writing not to issue the document, or not to
make the statement, promise or forecast, or to withdraw it; or
(b) grant approval to the VASP to issue the document, or make the
statement, promise or forecast, with such changes as the
Commission may specify.
(3) Subsection (2) does not limit the powers of the Commission to take
enforcement action in accordance with section 42.

AML/CFT compliance
25. (1) Without derogating from section 3(2), every VASP shall take
appropriate steps to comply with the requirements of this Act and other enactments
relating to money laundering, terrorist financing and proliferation financing and
shall, for that purpose, put in place appropriate systems and procedures to ensure
such compliance.
(2) As part of, and in addition to, its customer due diligence obligations
under other enactments relating to money laundering, terrorist financing and
proliferation financing, a VASP shall adopt measures to assist it in
(a) tracing and collecting the Internet Protocol (IP) addresses of its
customers, including their associated dates, stamps, geographical
data, device indicators, virtual assets wallet addresses and
transaction hashes; and
(b) collecting such other information relating to its customers as is
consistent with the Data Protection Act, No. 3 of 2021.

Obligations in relation to the Commission

26. (1) A VASP shall, at all times, cooperate with the Commission in ensuring
the VASP’s compliance with the requirements of this Act and any other enactment
relating to a regulated activity which applies to a VASP, including compliance
with other enactments relating to money laundering, terrorist financing and
proliferation financing.
(2) A VASP shall
(a) provide the Commission with such documents and information as
the Commission may require for the purpose of discharging its
functions under this Act, the FSCA and any other enactment in
relation to which the Commission has functions with respect to the
VASP; and
(b) forthwith notify the Commission if
(i) the VASP is registered or licensed in another jurisdiction;

21
 (ii) the VASP opens another office or establishes a physical
presence in another jurisdiction;
(iii) any enforcement action (whether in the nature of a censure or
a regulatory or disciplinary action or otherwise) is taken, or
criminal proceedings are brought, against the VASP in the
Virgin Islands or in another jurisdiction;
(iv) the VASP holds or acquires a significant interest or
controlling interest in another entity, whether in the Virgin
Islands or otherwise, that is engaged in the business of
providing a virtual assets service; or
(v) the VASP no longer meets any of the matters specified in
section 7(1).
(3) For the purposes of subsection (2)(a), if the Commission considers that
any information provided by a VASP is inaccurate or incomplete or is not verified
in a manner prescribed by law or by the Commission in the exercise of any of its
powers, the Commission may, by notice and within such time as it may specify in
the notice, require the VASP to
(a) provide amended or additional information to the Commission; or
(b) verify the information in such manner as may be specified in the
notice.

PART IV
VIRTUAL ASSETS CUSTODY AND EXCHANGE
VIRTUAL ASSETS CUSTODY SERVICE

Virtual assets custody service additional information required

27. (1) A VASP that wishes to provide a virtual assets custody service shall
include in its application under section 6(1) information on the following.
(a) the facilities the VASP has to enable the safekeeping of virtual
assets and related instruments;
(b) the security measures in place to ensure the safekeeping of virtual
assets and related instruments, including internal safeguards;
(c) the measures in place to ensure a proper segregation of client assets;
(d) the disclosure measures in place to ensure the transparency of the
VASP’s operations, including notifications to clients regarding the
safety of their virtual assets and related instruments;
(e) the risks associated with the VASP’s safekeeping arrangements;
(f) the methods of access to clients’ virtual assets held; and
(g) any other measures the VASP has in place that are considered to be
in the best interest of the beneficial owners of the virtual assets or
related instruments held by the VASP.

22
 (2) In addition to the information required under subsection (1), the
Commission may require such further information as it considers appropriate and
within such period as it may determine.
(3) Where information required under subsection (1) or, where further
information required by the Commission in accordance with subsection (2) is not
provided within the period determined by the Commission, the application for
approval shall be considered incomplete and abandoned.

Virtual assets custody service conditions for registration

28. The Commission may approve and register, pursuant to section 7(1), an
applicant as a VASP to provide a virtual assets custody service if satisfied that, in
addition to the applicant complying with the requirements of Parts II and III
(a) the applicant has provided the information required under section
27(1) and, if applicable, the further information required under
subsection (2) thereof;
(b) the applicant has taken appropriate measures to limit or mitigate
any risks that may be associated with its safekeeping arrangements
in respect of the assets of its clients and any related instruments;
(c) the applicant has adequate security and other measures in place to
properly safeguard the virtual assets of its clients and any related
instruments;
(d) the organisation, management and financial resources of the
applicant are or, on approval will be, adequate to ensure the
safekeeping of virtual assets and related instruments; and
(e) it is not against the public interest to approve the applicant.

Obligations and restrictions

29. (1) A VASP that is registered by the Commission to provide virtual assets
custody service shall take appropriate steps to safeguard the virtual assets and
related instruments against theft and loss.
(2) Without prejudice to subsection (1), the VASP shall also undertake the
following functions in relation to virtual assets and related instruments
(a) enter into safekeeping arrangements with the owner of a virtual
asset and related instruments with respect to
(i) the duration of the safekeeping arrangements and whether or
not such arrangements are renewable and, if so, on what
terms;
(ii) the manner in which the virtual assets and related instruments
are to be held and maintained;
(iii) the transactions that the VASP can engage in and how such
transactions are to be conducted;
(iv) the required disclosures relating to any risks associated with
the safekeeping of the virtual assets and related instruments
and the mitigating factors that should be employed thereby;

23
 (v) the fees, spreads and any other remuneration payable to the
VASP for safekeeping the virtual assets and related
instruments;
(vi) the manner in which clients may access their virtual assets and
related instruments;
(vii) the manner in, and conditions under, which the safekeeping
arrangements may be terminated;
(viii)the provision of information to the client regarding the
security measures the VASP has in place to protect the virtual
assets and related instruments;
(ix) the remedies that may be available to the owner of the virtual
assets and related instruments in the event of the theft or loss
thereof; and
(x) such other matter as the owner and the VASP may agree to
include in the safekeeping arrangement, or the Commission
may specify in an Order published on the Internet site;
(b) source and adopt best practices in relation to information
technology to be applied to the safekeeping of virtual assets and
related instruments the VASP maintains on behalf of the owner;
(c) ensure that any ancillary or subsidiary proceeds relating to virtual
assets and related instruments accrue to the benefit of the owner of
the virtual assets, unless otherwise agreed between the parties; and
(d) take such other measures as may be necessary to safeguard the
virtual assets and related instruments held on behalf of third parties.
(3) A VASP shall not, unless specifically agreed with the beneficial owners
of the virtual assets held by the VASP, encumber or cause to be encumbered the
virtual assets deposits held or maintained on behalf of the VASP’s clients.

VIRTUAL ASSETS EXCHANGE

Virtual assets exchange requirements

30. (1) A VASP that wishes to operate a virtual assets exchange shall comply
with such requirements and contain such information as may be prescribed in
regulations made under section 47 and any additional requirements the
Commission considers necessary for its approval of an application to operate a
virtual assets exchange, including measures for the facilitation and protection of
virtual assets trading on a virtual assets exchange.
(2) Where a requirement or any information required pursuant to
subsection (1), or where additional information required by the Commission in
accordance with that subsection, is not provided within such time frame as the
Commission may determine, the application for approval shall be considered
incomplete and abandoned.

24
Virtual assets exchange conditions for registration
31. (1) Subject to subsection (2), the Commission may approve and register,
pursuant to section 7(1), an applicant as a VASP to operate a virtual assets
exchange if satisfied that, in addition to the applicant complying with the
requirements of Parts II and III, the applicant has satisfied any requirements
prescribed in regulations made under section 47, including any additional
information required by the Commission in accordance with section 30(2).
(2) In making a determination under subsection (1), the Commission shall
consider whether
(a) the virtual assets exchange
(i) shall, if approved, engage in the operation of a virtual assets
exchange by listing or facilitating the issuance of virtual
assets;
(ii) has or, on approval will have, in place, appropriate
organisational, managerial and financial resources to ensure
the proper operation of the virtual assets exchange; and
(iii) has in place adequate measures to monitor and mitigate any
risks related to the operation of the virtual assets exchange,
including risks related to money laundering, terrorist
financing and proliferation financing; and
(b) approving the virtual assets exchange is not against the public
interest.

Restrictions and prohibitions

32. (1) In approving and registering an applicant under section 7(1) to operate
a virtual assets exchange, the Commission may, without limiting subsection (3)(b)
thereof, impose conditions relating to
(a) the geographic area the virtual assets exchange may carry on its
business;
(b) the nature of the access of users to the virtual assets exchange;
(c) the types of clients that the virtual assets exchange may market its
services to;
(d) restrictions on the types of virtual assets that may be traded on the
virtual assets exchange;
(e) the listing of virtual assets, including issues relating to filing reports
and providing net worth with respect thereto;
(f) identifying and managing conflicts of interest;
(g) price discovery mechanisms designed to detect and prevent price
manipulation and other unfair trading activities;
(h) disclosures to be made to clients in relation to the operation of the
virtual assets exchange, including disclosures relating to theft or
loss of assets and any related insurance obligations;

25
 (i) the need to appropriately monitor and supervise trading activities
on the virtual assets exchange, including actions concerning the
freezing and suspension of trading of virtual assets;
(j) the technology used in the operation of the virtual assets exchange,
including measures relating to the resiliency of the exchange and
the security measures in place to safeguard the exchange;
(k) the clearing and settlement process in relation to transactions
between sellers and purchasers of virtual assets;
(l) financing in relation to the purchase of virtual assets; and
(m) any other necessary control measures to safeguard the integrity of
the virtual assets exchange and protect the interests of persons
investing on the exchange.
(2) A VASP that is registered to operate a virtual assets exchange shall not
(a) provide financing to its clients for the purchase of virtual assets,
unless
(i) it applies to, and obtains the approval of, the Commission; and
(ii) after obtaining the requisite approval under sub-paragraph (i),
it makes disclosures to its clients regarding the terms of, and
the risk associated with, the financing;
(b) engage in trading or marketing activities in relation to any virtual
assets for its own benefit which may be detrimental to the interests
of its clients, unless such activities
(i) are necessary for the operation of the virtual assets exchange;
and
(ii) have been disclosed to its clients prior to engaging in the
trading or marketing activities;
(c) permit the trading of a virtual asset on its virtual assets exchange in
a manner that is misleading or deceptive, or designed to defraud
persons who subscribe for, or purchase, the virtual asset;
(d) permit a client to trade in or purchase a virtual asset on its virtual
assets exchange without first
(i) satisfying itself that the client is aware of the risks involved in
trading in, subscribing for, or purchasing, the virtual asset;
and
(ii) making the disclosures required under this section;
(e) provide fiat currency-to-fiat currency exchange services to users of
its virtual assets exchange without the written approval of the
Commission; or
(f) engage in any other activity not specified in paragraphs (a) to (e)
which has the potential to compromise the integrity of the virtual
assets exchange or erode public confidence in the exchange.
(3) For purposes of subsection (2)(a), the provisions of the Financing and
Money Services Act, Revised Edition 2020, shall not apply.

26
 PART V
PARTICIPATION IN THE REGULATORY SANDBOX

Interpretation for this Part

33. In this Part, unless the context otherwise requires
(a) the terms “innovative FinTech”, “Regulatory Sandbox” and
“Sandbox participant” bear the meanings respectively provided in
regulation 2 of the Financial Services (Regulatory Sandbox)
Regulations, 2020; and
(b) “regulatory legislation” means any financial services legislation
that is listed in Part I of Schedule 2 of the FSCA.

Application to provide innovative FinTech

34. (1) A VASP may be permitted to participate in the Regulatory Sandbox by
submitting an application to the Commission for approval.
(2) Where a VASP that is not registered under this Act or approved under
the Financial Services (Regulatory Sandbox) Regulations, 2020 wishes to carry
on a virtual assets service and provide innovative FinTech in accordance with the
Financial Services (Regulatory Sandbox) Regulations, 2020, it
(a) may submit an application to the Commission in accordance with
those Regulations for approval as a sandbox participant; and
(b) shall indicate in the application its intention to carry on the business
of providing virtual assets service in relation to which the
innovative FinTech will be applied.
(3) Where prior to the coming into force of this Act, a person who was
approved by the Commission under the Financial Services (Regulatory Sandbox)
Regulations, 2020 to be a Sandbox participant wishes, after the coming into force
of this Act and upon being registered as a VASP, to provide innovative FinTech
in relation to virtual assets, the person shall
(a) notify the Commission in writing in that regard; and
(b) provide the innovative FinTech in relation to virtual assets after
receiving the written approval of the Commission under section 35
and, for the purposes of that section, the notification under
paragraph (a) shall be treated as if it were an application.
(4) A person who submits an application under subsection (1), (2) or (3)
shall
(a) in the case of an application to provide a virtual assets service,
provide to the Commission the information required under section
6;
(b) in the case of an application to provide a virtual assets custody
service, provide to the Commission the additional information
required under section 27;

27
 (c) in the case of an application to operate a virtual assets exchange,
comply with any requirement outlined under or pursuant to section
30(1); and
(d) upon approval, comply with the requirements and restrictions
provided under this Act in relation to transactions involving virtual
assets, including the provision of virtual assets custody service or
the operation of a virtual assets exchange if approval is received in
that regard.

Approval to provide innovative FinTech

35. (1) Where the Commission, upon reviewing an application under section
34 (1) or (2) or receiving a notification under subsection (3) of that section, is
satisfied that, having regard to the provisions of this Act with respect to an
application for approval to provide a virtual asset service, it may, subject to
subsection (4), approve the application and issue the applicant with a certificate of
approval.
(2) A person who is approved under subsection (1) in relation to an
application under section 34(1) or (2) or a notification under subsection (3) of that
section shall
(a) be deemed to be approved as a Sandbox participant under the
Financial Services (Regulatory Sandbox) Regulations, S.I. No. 27
of 2020;
(b) comply with the requirements and restrictions of the Financial
Services (Regulatory Sandbox) Regulations, S.I. No. 27 of 2020,
so long as the person remains in the Regulatory Sandbox; and
(c) subject to subsection (3), comply with the requirements and
restrictions under this Act in relation to virtual assets.
(3) Where the Commission considers it necessary in any particular case or
class of cases, it may exempt a person approved under subsection (1) from the
requirements of any provision of this Act, but such exemption shall not extend to
requirements relating to money laundering, terrorist financing and proliferation
financing.
(4) Nothing contained in this section shall be construed to exempt a person
from complying with the requirements of regulation 4 (2) of the Financial Services
(Regulatory Sandbox) Regulations, S.I. No. 27 of 2020, and, if applicable, sub-
regulation (3) thereof, in relation to an application for approval as a Sandbox
participant.
(5) If the Commission does not approve under this section an application
made in accordance with section 34, it shall notify the person concerned with the
application in writing, providing the Commission’s reason for the refusal of
approval.

Termination of approval as a Sandbox participant

36. (1) Where a person is granted an approval in accordance with section 35,
the approval may only be terminated in accordance with the provisions of the
Financial Services (Regulatory Sandbox) Regulations, S.I. No. 27 of 2020, or for

28
failure to comply with a requirement of this Act or the FSCA or any directive
given thereunder.
(2) Where a person approved as a Sandbox participant ceases to participate
in and test within the Regulatory Sandbox on the basis that the period specified in
accordance with the provisions of the Financial Services (Regulatory Sandbox)
Regulations, S.I. No. 27 of 2020, has come to an end, the person may, if he or she
(a) was approved pursuant to an application under section 34(1)
(i) revert to providing virtual assets service under this Act
without the need for preparing and submitting a new
application to the Commission; or
(ii) surrender the certificate of registration issued under this Act
and cease to carry on the business of providing virtual assets
service;
(b) was approved pursuant to an application under section 34(2), apply
to
(i) be licensed under a regulatory legislation; or
(ii) be registered under this Act to provide virtual assets service
only; or
(c) was approved pursuant to an application under section 34 (3), apply
to be licensed under a regulatory legislation.

PART VI
MISCELLANEOUS

Register
37. (1) The Commission shall establish and maintain a Register of VASPs
which shall be divided in a way that shows the VASPs that are
(a) registered to carry on the business of providing virtual assets
service;
(b) registered to provide virtual assets custody service;
(c) registered to operate virtual assets exchange;
(d) registered to carry on more than one of the activities mentioned in
paragraphs (a), (b) and (c); and
(e) approved to participate in the Regulatory Sandbox.
(2) A person may, upon payment of such fee as may be prescribed in
accordance with section 45
(a) inspect the Register kept and maintained pursuant to subsection (1);
or
(b) request a certified or uncertified copy or extract of a certificate of
registration of a VASP.

29
 (3) A document or a copy or an extract of any document or a certificate of
registration or any part thereof, whether in paper or electronic form, certified by
the Commission is admissible in evidence in any proceedings as if it were the
original document or certificate of registration.

Cancellation of certificate of registration

38. (1) A VASP that is registered to provide a virtual assets service under this
Act may apply to the Commission to cancel its registration by surrendering its
certificate of registration issued under section 7(3).
(2) Where the Commission receives an application under subsection (1), it
may, if it considers it appropriate, cancel the VASP’s certificate of registration.
(3) The cancellation of registration under subsection (2) is without
prejudice to
(a) the discharge of any legal obligation outstanding against the VASP
seeking the cancellation of registration under this Act, the Financial
Services (Regulatory Sandbox) Regulations, S.I. No. 27 of 2020,
FSCA or any other enactment; or
(b) any rights the Commission or a third party may have or bring
against the VASP that was the holder of the certificate of
registration.

Revocation of registration
39. (1) The Commission may, subject to subsection (3), revoke a certificate of
registration issued under section 7(1) if it forms the opinion that the VASP holding
the certificate of registration
(a) has committed a money laundering, terrorist financing or
proliferation financing breach or other financial offence which is
considered by the Commission to be sufficiently serious to warrant
a revocation of the certificate of registration;
(b) is no longer able to meet the requirements of this Act or any
directive issued by the Commission under this Act, the FSCA or
any other relevant financial services legislation;
(c) had, at the time of applying for registration under this Act, provided
information which was materially false or misleading;
(d) no longer satisfies any of the considerations specified under section
7(1) on the basis of which the registration or approval was granted;
(e) is providing a virtual assets service that poses a material risk to
(i) persons who subscribe for, or purchase, virtual assets or have
already subscribed for, or purchased, such assets;
(ii) the financial services industry;
(iii) the public welfare or reputation of the Virgin Islands; or
(iv) the financial stability of the Virgin Islands; or
(f) has otherwise engaged in conduct that is incompatible with

30
 (i) the objective of registration under this Act to provide a virtual
asset service; or
(ii) a condition attached to the issuing of the certificate of
registration.
(2) The Commission may also revoke a certificate of registration referred
to in subsection (1) if it forms the opinion that it is not in the public interest that
the VASP holding the certificate of registration should continue to hold such
certificate.
(3) The Commission shall, before revoking a certificate of registration
under subsection (1) or (2), notify the person holding the certificate of registration
of the Commission’s intention to revoke the registration, giving its reason for the
intention.
(4) A person who receives a notification under subsection (3) may, within
21 days after receipt of the notification, submit a response to the Commission
(a) not opposing the Commission’s intention to revoke the person’s
certificate of registration; or
(b) opposing the Commission’s intention to revoke the certificate of
registration and giving his or her reason for the opposition.
(5) Where the Commission receives a response under subsection (4) within
the specified period and after considering the response, it may
(a) carry out its intention to revoke the certificate of registration; or
(b) take such other decision as it considers appropriate.
(6) The Commission may act under subsection (5) if it does not receive any
response pursuant to subsection (4).
(7) Where the Commission forms the opinion that any of the matters
outlined in subsection (1) or (2) is of a grave nature, it may, at the same time as
providing the notification under subsection (3), direct the person concerned to
suspend any business or activity relating to the provision of virtual assets service,
and such directive shall remain in force pending the outcome of the Commission’s
decision under subsection (5).
(8) For the avoidance of doubt, the Commission may revoke a registration
under this Act notwithstanding that the person registered or approved is also
approved as a Sandbox participant in relation to virtual assets.
(9) Where a person registered under this Act is also approved as a Sandbox
participant in accordance with section 35 and the person’s registration is revoked
under this section, the person shall, from the date of revocation of registration,
cease to be deemed approved as a Sandbox participant under section 35(2)(a).
(10) For the purposes of subsection (1)(a), a “financial offence” means an
offence under any financial services legislation, including drug money laundering
or the breach of any international or domestic sanction prescribed by or under any
enactment.

Existing providers of virtual assets service

40. (1) If, on the coming into force of this Act, a person was carrying on the
business of providing a virtual assets service in and from within the Virgin Islands,

31
the person shall, if he or she intends to continue with the provision of the virtual
assets service, submit an application for registration in accordance with the
requirements of this Act.
(2) An application under subsection (1) shall be made within 6 months of
the date of coming into force of this Act.
(3) Where the Commission receives an application within the time frame
specified in subsection (2), the person carrying on the business of providing the
virtual assets service may continue to provide such service until he or she receives
notification from the Commission approving or refusing the application.
(4) For the purposes of subsection (3), a person providing virtual assets
service shall be deemed to have received notification from the Commission
approving or refusing the application for registration
(a) if sent by post, at the time when the envelope containing the
notification would have been received in the ordinary course of
post;
(b) if by direct delivery, the document containing the notification is
received by the applicant or by a secretary or clerk at the
applicant’s office, whether or not the receipt of the document has
been signed for; or
(c) if sent by email, the notification is shown to have been
electronically sent to the correct address.
(5) Where a person receives notification from the Commission refusing an
application made in accordance with this Act, the person shall, subject to
subsection (6), immediately after receipt of the notification cease to provide virtual
assets service in and from within the Virgin Islands.
(6) Where the Commission refuses an application in accordance with
subsection (3) but forms the view that the applicant needs time to wind down its
business in an orderly manner, it may give the applicant such time as it considers
necessary to wind down its business.
(7) The Commission may, where it considers it necessary having regard to
the nature and complexity of the applicant’s business or other extenuating
circumstance, extend the time given to the applicant under subsection (6) to wind
down its business.
(8) Any extension of time given under subsection (7) shall be such as the
Commission may consider fair and reasonable.

Appointment of compliance officer

41. (1) Every VASP shall, unless otherwise exempted under the Financial
Services (Miscellaneous Exemptions) Regulations, Revised Edition 2020,
establish and maintain adequate systems and controls for ensuring compliance
with the requirements of, and its obligations under, this Act.
(2) For the purposes of subsection (1), sections 34, 34A (as applicable) and
35 of the FSCA and Division 4 of Part II of the Regulatory Code, Revised Edition
2020, shall apply to a VASP with such modifications as may be necessary to
ensure the VASP’s compliance with the requirements of, and obligations under,

32
those sections of the FSCA and Division 4 of Part II of the Regulatory Code,
Revised Edition 2020.

Enforcement powers
42. (1) The Commission may take enforcement action against a VASP or other
person if the VASP or that other person commits a breach or an an offence in
respect of any provision of this Act.
(2) Any enforcement action taken against a VASP or other person under
subsection (1) may include the imposition of an administrative penalty.
(3) The fines prescribed under the Schedule may, notwithstanding section
46, be treated as administrative penalties for the purposes of subsections (1) and
(2), and a VASP or other person may not be proceeded against criminally under
section 46 if the Commission has, in respect of that VASP or other person,
exercised its power to impose an administrative penalty.
(4) Without prejudice to subsections (1) and (2), the Commission may,
whether in addition to taking any enforcement action under this section or
otherwise in respect of a VASP or other person, exercise in relation to the VASP
or other person (as applicable) any of its powers under the FSCA relating to
(a) section 36 (appointment of examiners);
(b) section 36A (appointment of qualified person);
(c) section 37 (enforcement action, but only to the extent that such
enforcement action, including power exercisable, is not prescribed
under this Act);
(d) section 37A (public statement);
(e) section 39 (application for a protection order);
(f) section 40 (power to issue directive);
(g) section 40A (power to issue practice directions);
(h) section 40D (power to require removal of directors and other
persons); and
(i) section 41A (power to issue guidelines).
(5) For the purposes of subsection (4), the sections specified therein shall
be applied with such modifications as may be necessary to make them applicable
(a) to a VASP or other person;
(b) in relation generally to the provision of virtual assets in and from
within the Virgin Islands; or
(c) for the purpose of taking enforcement action under this Act.
(6) A person commits a breach or an offence under this Act if he or she
contravenes or fails to comply with a provision of this Act in relation to which a
penalty is prescribed in the Schedule.

General powers of the Commission

43. (1) The Commission may, where it considers it necessary, require a VASP
to provide the Commission with such report in relation to its obligations,

33
operations and business activities with respect to the provision of a virtual assets
service as the Commission may determine.
(2) The report required under subsection (1) shall be provided in such
manner and within such period as the Commission may determine and may
include a requirement to provide interim reports.

Exemptions
44. Notwithstanding anything to the contrary contained in this Act, a
person registered under this Act
(a) is not required to be licensed under the Business Licensing Act,
2022 to carry on the business of providing a virtual assets service
in and from within the Virgin Islands; or
(b) who carries on only the business of providing a virtual assets
service, need not be licensed under the Securities and Investment
Business Act, Revised Edition 2020, or the Financing and Money
Services Act, Revised Edition 2020.

Fees, charges, etc.

45. (1) Regulations made under section 62 of the FSCA may provide for the
fees chargeable and payable under this Act.
(2) The Commission may refuse to take any action required of it with
respect to a person registered or approved under this Act for which a fee is payable
until the fee and any other fees, penalties and charges payable by, or in respect of,
the person have been paid.
(3) Any fee, charge or penalty that is owed to the Commission under this
Act may be recovered as a debt due to the Commission.

Offences and penalties

46. (1) Subject to section 40 (2), a person who contravenes or fails to comply
with a provision of this Act specified in Column 1 of the Schedule and described
in Column 2 of that Schedule commits an offence and, if proceeded against
criminally, is liable on conviction up to the maximum of the penalty provided
(a) in Column 3 of that Schedule, in the case of a body corporate or an
unincorporate body; or
(b) in Column 4 of that Schedule, in the case of an individual.
(2) Where an offence is committed by a body corporate or an unincorporate
body, a director, partner and every senior officer of the body corporate or
unincorporate body who knowingly authorised, permitted or acquiesced in the
commission of the offence also commits an offence and, if proceeded against
criminally, is liable on conviction to the same penalty prescribed for the body
corporate or unincorporate body.

Regulations
47. (1) The Cabinet may, on the advice of the Commission, make such
regulations as it considers fit for the effective carrying out of the provisions of this
Act.

34
 (2) Without prejudice to subsection (1), the regulations may
(a) require additional information to be provided for the registration of
a VASP;
(b) provide for additional technology measures to be adopted in
relation to the provision of a virtual assets service;
(c) make provision for additional disclosure requirements in relation
to virtual assets;
(d) specify such measures as may be considered necessary to ensure a
proper and efficient keeping of records required under this Act,
including the management and safeguarding of client assets;
(e) prescribe the form, manner and place in which the records specified
in section 22(1) are to be maintained, and other records required to
be maintained by a VASP and the form, manner and place in which
such records are to be maintained;
(f) provide for the Register of VASPs kept and maintained pursuant to
section 37(1) to contain additional information;
(g) provide the nature and extent of insurance arrangements required
in relation to virtual assets with a view to ensuring the adequate
protection of the assets of persons who subscribe for, or purchase,
virtual assets; and
(h) specify such other measures as may be necessary to ensure
compliance with the requirements of this Act.
(3) Regulations made under subsection (1) may provide for the
Commission to impose administrative penalties not exceeding $75,000 for a
contravention of, or non-compliance with, a provision of the Regulations.

Application of Regulatory Code

48. (1) Subject to the other provisions of this Act, the Preliminary Part and
Parts I, II and VII of the Regulatory Code, Revised Edition 2020, shall apply to a
VASP and, for that purpose, the Commission may
(a) apply the provisions of those Parts of the Code to such extent and
with such modification as it considers appropriate; and
(b) provide for new matters in the Code in relation to VASPs to ensure
full compliance with the objectives and requirements of this Act.
(2) Without prejudice to subsection (1), the Regulatory Code, Revised
Edition 2020, may
(a) prohibit the issue of advertisements, brochures or similar
documents relating to virtual assets activities of a particular type or
description, whether as to the contents of the advertisement,
brochure or other document or the persons for whom they are
intended;
(b) provide for
(i) the issue, form and content of advertisements, brochures or
similar documents; and

35
 (ii) the making of statements, promises and forecasts, relating to
virtual assets business;
(c) provide for the form and content of group financial statements to
be submitted under section 19; and
(d) provide for the holding, control and handling of, and the accounting
for, client assets by a VASP and, in particular, it may provide for
(i) the manner in which client assets are to be identified, or made
identifiable, segregated, accounted for and protected;
(ii) the opening and maintenance of client accounts and the
payment of monies into client accounts;
(iii) the audit of client accounts and record keeping requirements
concerning client assets;
(iv) how interest and other monies earned with respect to client
assets is to be dealt with;
(v) circumstances in which client assets held by a VASP are
deemed to be held on trust for the client; and
(vi) such other matters relating to the custody and control of client
assets by a VASP as the Commission considers appropriate.

Amendment of Schedule
49. The Cabinet may, on the advice of the Commission, by Order amend the
Schedule in such manner and to such extent as it considers necessary.

36
 SCHEDULE
[Section 46]
OFFENCES AND PENALTIES

COLUMN 1 COLUMN 2 COLUMN 3 COLUMN 4

Section Description of offence Penalty (body Penalty

contravened corporate/unincorporate (individual)
body)
5(1) Carrying on virtual assets $100,000 or 5 years $75,000 or 5
service without being imprisonment or both years
registered imprisonment
or both

5(2) Individual carrying on or $75,000 or 5

holding out as carrying years
on virtual assets service imprisonment
or both

8(1) & (2) Failure to notify $75,000 or 3 years $50,000 or 3

Commission of material imprisonment or both years
change imprisonment
or both

8(3) Failure to comply with a $50,000 $30,000

directive

9(1) Changing name without $20,000 $10,000

approval

9(3) Failure to comply with a $50,000 $30,000

directive

10(2) Failure to notify of non- $75,000 or 3 years $50,000 or 3

compliance under imprisonment or both years
subsection (1) imprisonment

11(1), (2) Failure to maintain 2 $25,000 $15,000

individual directors; or, if
required, not having one
director physically
resident in the Virgin
Islands

37
11(3) Appointing director or $25,000 $15,000
senior officer without
approval
12(1) Failure to appoint and $25,000 $15,000
have an authorised
representative

12(7) Failure to appoint a $25,000 $15,000

replacement authorised
representative within the
prescribed period

12(9) Acting or holding oneself $50,000 or 3 years $30,000 or 3

to act as authorised imprisonment years
representative without imprisonment
approval or appointment

14(1) Failure to appoint and $25,000 $20,000

have an auditor

14(6) Failure to submit notice $15,000 $10,000

of appointment of auditor

14(7) Failure to make $40,000 $40,000

arrangement for auditor
to audit financial
statements

14(8) Failure to appoint a $25,000 $20,000

replacement auditor
within the prescribed
period

15(2) Failure of VASP to $20,000 $15,000

provide auditor with
copy of notice revocation

16(1) Failure of auditor to $25,000 $20,000

make a report

16(2) Failure of auditor to $25,000 $25,000

inform Commission of
termination or
resignation, or report
information

38
16(3) Failure of auditor to $25,000 $20,000
discuss audit or provide
additional information
required by the
Commission

17(2) Failure of auditor to $50,000 $40,000

provide audit report to
VASP

17(3) Failure of VASP to $50,000 $40,000

supply Commission with
a report
18(1) Failure of VASP to $75,000 $50,000
submit copy of auditor’s
report to the Commission

20(1) Failure of VASP to $50,000 $40,000

report information

20(2) Failure to report $50,000 $40,000

amended or additional
information
21(1) Selling, transferring, etc. $60,000 $50,000
of interest or part thereof
in VASP without
approval

21(2) Acquiring significant $60,000 $50,000

interest in VASP without
approval

21(3) Causing, permitting, etc. $60,000 $50,000

in disposal or
reorganisation of share
capital without approval
22(1) Failure to keep sufficient $75,000 or 5 years $50,000 or 3
records imprisonment or both years
imprisonment

22(2) Failure to maintain $75,000 or 5 years $50,000 or 3

customer due diligence imprisonment or both years
information imprisonment

39
22(4) Failure to maintain $75,000 or 5 years $50,000 or 3
records for the prescribed imprisonment years
period imprisonment

23(1) Failure to comply with $75,000 $50,000

requirements in relation
to client assets

24(1) Failure to comply with $100,000 or 5 years $75,000 or 5

any of the prohibitions imprisonment or both years
identified in subsection imprisonment
(1)

24(2) Failure to comply with a $100,000 or 5 years $75,000 or 5

directive not to issue imprisonment or both years
document or make imprisonment
statement, promise or
forecast
25(1) Failure to take $100,000 or 5 years $75,000 or 5
appropriate steps to imprisonment or both years
comply with AML/CFT imprisonment
requirements or to put
systems and procedures
in place

25(2) Failure to adopt measures $100,000 or 5 years $75,000 or 5

to trace and collect imprisonment or both years
information identified in imprisonment
subsection (2)

26(1) Failure to cooperate with $50,000 $40,000

the Commission

26(2) Failure to provide $50,000 $50,000

Commission with
required documents and
information or notify the
Commission, in
accordance with
subsection (2)

26(3) Failure to comply with $30,000 $20,000

notice to provide
amended or additional

40
 information or verify
such information
29(1) Failure to take steps to $100,000 or 5 years $75,000 or 5
safeguard virtual assets imprisonment or both years
and related instruments imprisonment

29(2) Failure to undertake any $50,000 $30,000

of the functions outlined
in subsection (2) in
relation to virtual assets

29(3) Encumbering or causing $100,000 or 5 years $75,000 or 5

to be encumbered virtual imprisonment or both years
assets deposits on behalf imprisonment
of clients without
agreement of beneficial
owners of the virtual
assets
32(2) Providing, engaging or $100,000 or 5 years $75,000 or 5
permitting any of the imprisonment or both years
activities outlined in imprisonment
subsection (2) contrary to
the restrictions contained
in the subsection

34(1) VASP providing $100,000 or 5 years $75,000 or 5

innovative FinTech imprisonment or both years
without approval imprisonment

34(4)(d) Failure to comply with $100,000 or 5 years $75,000 or 5

requirements and imprisonment or both years
restrictions in relation to imprisonment
transactions involving
virtual assets

40(5) Failure to cease $100,000 or 5 years $75,000 or 5

providing virtual assets imprisonment or both years
service after receipt of imprisonment
notification in that regard
41(1) Failure to establish and $50,000 $40,000
maintain adequate
systems and controls to
ensure compliance with

41
 requirements and
obligations under the Act

43(3) Failure to provide report $25,000 $20,000

in the manner, and within
the period, prescribed

Passed by the House of Assembly this 24th day of November, 2022.

Corine N. George-Massicote,
Speaker.

Phyllis Evans,
Clerk of the House of Assembly.

42