Gibraltar regulates firms operating in the crypto space

Gibraltar is an established crypto-friendly jurisdiction that regulates firms carrying on, by way of business, in or from Gibraltar, the use of distributed ledger technology (“DLT”) for storage or transmission of value belonging to another.

The Gibraltar DLT Framework has been effective since January 2018, offering legal and regulatory certainty to firms and their customers. Firms authorised by the GFSC to operate as a DLT Provider in Gibraltar (“crypto firms”) are able to operate within clear parameters and under effective regulatory oversight, thus enhancing customer protection.

The focus of this piece is the protection of customer assets and money in the custody or control of crypto firms.

Whilst it is true that firms may fail in any market economy, with effective regulation and regulatory oversight, customer assets can be protected so that in the event that the business fails, it is able to wind-down in an orderly manner with minimum impact to customers.

In Gibraltar, crypto firms are obliged to segregate custodial assets and monies, including crypto, belonging to customers from their own assets and monies. The purpose of keeping customer’s assets separate from the assets of a crypto firm is to safeguard the customer’s assets, for example, against any wrong use by such a firm.

In addition, customer asset records are expected to be stored securely, be comprehensive and up to date and must include any customer instructions regarding the management of the customer’s assets. Clear audit trails are crucial for transparency, security and accuracy.

Crypto firms must also reconcile customer virtual assets and its own assets as well as a customer's fiat assets. Frequent reconciliation helps detect any mistakes or discrepancies which could impact the firm and its customers. It also ensures the accuracy of the firm’s financial position. The DLT Framework in Gibraltar ensures that any differences are fully reconciled and investigated by the firm. What’s more is that any unidentified differences leading to a lower amount of crypto asset balances on the ledger in comparison with a firm’s internal records must be covered by the crypto firm until the differences have been cleared.

Furthermore, crypto firms must store private keys relating to the value stored on behalf of its customers in a secure manner that minimises the risk of loss or theft. Secure management of private keys also helps protect a customer from unauthorised access to their assets.

These rules pertain to Regulatory Principle 5 which states that “a DLT Provider must have effective arrangements in place for the protection of client assets and money when it is responsible for them”. This principle is just one of the ten regulatory principles which Gibraltar firms must adhere to. If you would like to discuss this further, please feel free to contact me on hannah.lopez@hassans.gi.

This piece does not constitute legal advice, it is not intended to be a substitute for legal advice and should not be relied upon as such.