Cayman Islands

Important Aspects

Details about Cayman Islands

Specific rules for asset issuance

The Cayman Islands provides specific rules for asset issuance on a digital ledger, governed by the Virtual Asset (Service Providers) Act (VASPA). Under VASPA, any entity involved in the issuance of virtual assets (including asset-backed, debt-backed, utility tokens, and payment tokens like stablecoins) must register with the Cayman Islands Monetary Authority (CIMA). Issuers of virtual assets need to comply with anti-money laundering regulations, ensure proper risk management policies, and have adequate cybersecurity measures.

Clarity over resale of digital assets

For asset-backed, debt-backed, utility tokens, and payment tokens, entities engaging in resale must be registered under VASPA. They must adhere to anti-money laundering (AML) regulations, conduct customer due diligence, and maintain thorough record-keeping. Compliance with beneficial ownership transparency requirements is also essential. VASPA mandates that entities maintain proper policies and procedures for resale activities to ensure compliance. The resale process includes reporting any material changes to CIMA within 15 days, ensuring transparent transactions.

Clarity over trading of digital assets

Entities operating trading platforms for asset-backed tokens, debt-backed tokens, utility tokens, and payment tokens must register with CIMA and, when the licensing regime commences, obtain a license. Restrictions include implementing robust governance frameworks, cybersecurity measures, risk management policies, and AML procedures. Trading platforms must demonstrate the ability to securely facilitate exchanges and transfers, provide relevant originator/beneficiary information, and comply with all applicable laws. Exemptions apply to peer-to-peer trading platforms where the entity does not hold or control virtual assets.

Clarity about custody of digital assets

The custody of digital assets is specifically regulated under VASPA. Entities providing custody services for any type of digital asset (including asset-backed, debt-backed, utility, and payment tokens) must register and obtain a license from CIMA. Requirements include compliance with AML regulations, strong internal controls, risk management policies, cybersecurity protocols, and business continuity plans. Custodians must ensure that they can transfer or maintain originator/beneficiary information securely and demonstrate their ability to protect client assets. Additionally, they must report any significant changes to CIMA within 15 days.

Dispute resolution for digital assets

Digital asset service providers are required to have clear terms and conditions outlining the mechanisms for dispute resolution, particularly for custody, trading, and issuance of digital assets. In the case of disputes, entities must comply with internal policies and regulatory guidelines, including customer complaint procedures and resolution frameworks. If disputes escalate, they may be resolved through the courts. Compliance with AML regulations and data privacy standards also plays a crucial role in mitigating potential disputes.

Restrictions on promoting digital assets

Asset issuers and virtual asset service providers must register with CIMA before engaging in any promotional activities. Promotions must be conducted transparently, providing clear information about the nature and risks of the digital assets. Entities must adhere to AML regulations in promotional activities and disclose any material changes to CIMA. Marketing to a selected audience privately is permissible under certain conditions.

Process for filing issuance of digital assets

To issue digital assets, entities must register with CIMA under VASPA. The process involves submitting an application form along with a detailed business plan, which includes information on corporate governance, products/services offered, AML/CTF policies, risk management strategies, cybersecurity measures, and compliance frameworks. A legal opinion may be required to support the application. Upon successful registration, entities must comply with ongoing obligations, including annual audits, reporting material changes to CIMA within 15 days, and maintaining transparent records.

Important takeaways for VASP-dealer/ATS/transfer agent

1. VASPs, dealers, ATS, and transfer agents must register with CIMA under VASPA and adhere to the regulatory requirements for their operations. Custodial service providers and trading platforms need to obtain a license once the licensing regime commences.

2. Implement comprehensive AML policies, appoint an AMLCO, MLRO, and DMLRO, and comply with AML Travel Rules. Regular audits and risk assessments are mandatory.

3. Establish a robust governance framework, including independent directors, risk management systems, and cybersecurity protocols.

4. Maintain internal controls, risk assessment policies, and a detailed cybersecurity plan.

5. Keep CIMA updated on material changes, maintain data privacy, and ensure record-keeping for compliance and audits.

Important takeaways for digital asset issuer

1. All asset issuers (including those issuing asset-backed, debt-backed, utility tokens, and stablecoins) must register under VASPA and comply with CIMA’s regulatory framework. Issuers must ensure clear documentation of the relationship between entities (e.g., issuer and platform developer) to avoid unnecessary regulatory overlap.

2. Implement AML policies, appoint compliance officers, and ensure sound corporate governance proportional to business size and risk.

3. Develop risk management and internal control policies, adhering to CIMA’s rules.

4. File annual audits, maintain accurate records, and notify CIMA of any material changes within the stipulated timeframe.