Starting from 31 October 2020, all New Market Entrants, Pre-Existing Service Providers, and Other Authorized Entities must submit the VASP Application Form through the Authority’s REEFS platform. These entities are also required to complete an AML/CFT form, available on REEFS. For those without REEFS access, inquiries can be directed to [email protected].

REEFS is the Authority’s online portal for submitting financial services information and payments to the Authority. It allows users to communicate electronically with the Authority, submit financial return filings, apply for new licenses or registrations, request changes to existing license/registration details, and view payment information related to outstanding fees and payment history. Local service providers (e.g., registered offices, law firms, auditors) and licensees are granted REEFS accounts.

During phase one, all New Market Entrants and Pre-Existing Service Providers wishing to offer virtual asset services must register. This includes entities involved in virtual asset custodial services or operating virtual asset trading platforms. In a subsequent phase, a licensing regime will begin, requiring these entities to apply for licenses. The initial registration will not impose additional requirements on virtual asset custodians or trading platforms, but the full regulatory requirements will be phased in during phase two.

In phase one, Other Authorized Entities are not required to register; however, they must notify the Authority of their current or planned virtual asset services by completing the VASP Application Form on the REEFS platform. This form is identical to the one for registration applicants, but existing information already provided to the Authority will not need to be resubmitted. Additionally, Other Authorized Entities must complete an AML/CFT form available on REEFS.

The VASP Law comes into effect on 31 October 2020, and the VASP Application Form will be available on REEFS from that date. Entities providing virtual asset services on or after 1 February 2021 without registration or notification will face penalties and enforcement actions. The VASP Application Form submission period starts on 31 October 2020. To ensure registrations are processed before 1 February 2021, the Authority recommends submitting applications by 12 December 2020.

Entities providing virtual asset services on or after 1 February 2021 without registration or notification to the Authority will be in violation of the VASP Law. Such entities may face penalties and enforcement actions, including being ordered to cease and desist from providing virtual asset services.

Yes, entities currently providing virtual asset services may continue to do so if they submit the VASP Application Form and are registered or have notified the Authority by 31 January 2021. Failure to register or notify the Authority by that date will require them to cease providing virtual asset services.

Entities that were not providing virtual asset services as of 31 October 2020 cannot start doing so until their registration application is approved or the required notification has been made.

A KYD 1,000.00 assessment fee must accompany all registration applications. This fee can be paid through the REEFS portal during application submission. Additionally, an assessment fee will be required upon approval of the registration application. Further details regarding the application fee will be provided by the Authority during the application process. SIX,Cricket Square Elgin Avenue Grand Cayman Tel +13459 431-144

In phase one, all entities providing virtual asset services must comply with the VASP Law and meet AML/CFT/CPF and Sanctions obligations, as outlined in the Anti-Money Laundering Regulations (2020 Revision) and the Authority’s Guidance Notes (Amendment) (No. 5): Virtual Asset Service Providers, February 2020. Additionally, the Authority will issue a Statement of Principles for virtual asset service providers, which will establish standards for conducting business and serve as a benchmark for AML/CFT and prudential compliance. These standards will apply to all VASPs while the complete VASP framework is developed and consulted on by the Authority.

Some VASPs may engage in multiple business activities, which may also require licensing or registration under other regulatory laws, consistent with current practices.

In the coming months, the Authority will continue to develop its framework for virtual asset service providers. This will include new rules, procedures, and guidance tailored to different types of entities. The Authority will conduct a comprehensive consultation process, inviting public feedback as part of this development.

• A detailed organizational chart covering the entire group of companies, including ultimate beneficial owners
• Information on the regulated status of entities within the group, specifying the relevant regulated services and jurisdictions
• Details of any services provided by related entities to the VASP

• Certified copies of academic and professional qualifications
• Police clearance certificate or affidavit confirming no criminal convictions
• Two character references
• One financial reference
• An up-to-date and detailed CV
• A notarized or similarly certified color copy of a government-issued photo ID

To avoid delays in the due diligence process, VASPs should adhere to the Regulatory Procedure on Assessing Fitness and Propriety.

• Completed REEFS Application Forms (APP-101-84 and AIR-157-84)
• List of the applicant’s blockchain addresses (for each cryptocurrency)
• Information on shareholders holding more than 10% of shares, along with a completed personal questionnaire from Cmrai
• Details of the Chief Information Officer/Chief Information Security Officer, including their CV
• Copies of cybersecurity policies, following Cmrai guidelines
• Copies of AML/CFT policies in compliance with the Anti-Money Laundering Regulations
• A detailed Business Plan
• Transaction flow charts
• Details of outsourced arrangements and associated agreements
• An application fee of CI$1,000 (US$1,219.50) plus an assessment fee determined at approval

For an application to be processed by Cmrai, all required documentation and the application fee must be submitted. The necessary documents for registering/licensing a VASP are listed in the applicable REEFS forms, along with a comprehensive business plan and transaction flow charts.

A thorough business plan should, at a minimum, cover the following aspects:

• An overview of the business operations, current or planned
• Descriptions of the products and services offered, or to be offered, including how these services are delivered
• Standalone financial statements for the past two years and financial projections
• Physical location of business operations
• Details on the customer base (e.g., number of customers, geographical/jurisdictional distribution)
• Information on delivery channels and marketing strategy
• Corporate governance structure, including the board of directors, senior management, and any committees
• Staffing details and an organizational chart illustrating reporting lines
• Details on contracts with affiliates and outsourcing arrangements, including information on their regulation in other jurisdictions, if applicable

The Financial Action Task Force (FATF) Recommendation 16 mandates that originating VASPs must collect and maintain necessary and accurate information about the originator and beneficiary involved in virtual asset transfers. These requirements are applicable to VASPs when their transactions (whether in fiat currency or virtual assets) include:

1. A traditional wire transfer
2. A virtual asset transfer between a VASP and another regulated entity
3. A virtual asset transfer between a VASP and an unregulated entity

This application of FATF’s wire transfer requirements in the virtual asset space is referred to as the “Travel Rule”.

Part XA of the Anti-Money Laundering Regulations outlines the definitions, requirements for identification and verification, record-keeping, and other obligations related to virtual assets, including compliance with the Travel Rule for VASPs.

Part XA of the Anti-Money Laundering Regulations will take effect from 1 July 2022.

All VASPs that are either registered or in the process of registering with Cmrai were required to submit details on how they would meet the Travel Rule requirements, as outlined in the Anti-Money Laundering Regulations. These details, including relevant policies, procedures, and resources (such as technological tools), needed to be submitted to [email protected] by 31 March 2022.

New applicants for VASP registrations/licenses must also demonstrate how they will comply with the Travel Rule requirements as part of their overall compliance framework. This information should be attached when submitting their anti-money laundering and counter-terrorist financing policies via the REEFs application, APP 101-84 (Schedule E).