A digital asset business wishing to obtain a licence under the Digital Asset Business Act 2018 will become acquainted with three magic words: nature, scale and complexity.

In various forms these terms are used throughout Bermuda’s legislative framework with regard to digital assets, including in the Act — and in the Code of Practice and the Digital Asset Custody Code of Practice, which were made pursuant to the Act.

This column focuses on the concept of the “proportionality principle” described in the above codes, together referred to as the “Codes”.

As the island’s financial regulator, the Bermuda Monetary Authority supervises, regulates and inspects financial institutions operating in the jurisdiction.

The BMA has developed a risk-based financial regulation that it applies to the supervision of the island’s banks, trust companies, investment businesses, investment funds, fund administrators, digital asset businesses, money service businesses, corporate service providers and insurance companies.

Part of the regulator’s role in this regard is the publication of codes of practice that provide guidance on how licence applications will be evaluated, and the standards and practices expected of a licensed institution.

The Code of Practice outlines the requirements, procedures and standards to be observed by persons carrying on digital asset business while the Digital Asset Custody Code of Practice outlines the standards that the BMA considers to be the acceptable level of care when safeguarding clients’ digital assets.

The codes both apply the proportionality principle when considering the appropriate level of regulation to place on digital asset businesses.

The principle considers the impact of the nature, scale and complexity of an organisation’s business activities on its risk profile, which informs its compliance with each provision of the codes.

For example, a digital asset business that is part of an interdependent group of companies across multiple jurisdictions, offering leverage trading and custody services to millions of individuals in dozens of jurisdictions will have a higher risk profile.

Conversely, a business offering a spot trading exchange that is restricted to Bitcoin, and that is only offered to institutional clients in a single jurisdiction, should have a significantly lower risk profile.

Accordingly, when assessing compliance with the codes, the BMA would not expect the above businesses to have identical governance procedures and risk management frameworks.

The requirement to conduct business in a prudent manner is fundamental to the regulatory regime established by the Act, and the codes state that the BMA will, in assessing the existence of sound and prudent business conduct, have regard for both its prudential objectives and the appropriateness of each provision of the codes for the digital asset business, taking into account that organisation’s nature, scale and complexity.

Although the Act does not define “nature, scale and complexity”, the description of the proportionality principle in the codes describes the terms as follows:

• Nature includes the relationship between clients and the digital asset business or characteristics of the service provided

• Scale includes size aspects such as volume of the business conducted or the size of the balance sheet in conjunction with materiality considerations

• Complexity includes items such as organisational structures and product design

To understand how the terms are applied in practice, it is helpful to look at an example from the codes.

With respect to the protection of clients’ assets, the Code of Practice states that the digital asset business may place client assets in a trust with a qualified custodian, have a surety bond or indemnity insurance, or implement other arrangements to ensure that clients’ assets can be returned to them.

It is clear that this requirement is not intended to apply uniformly to all digital asset businesses and that the nature, scale and complexity of the business in question will inform its application.

For instance, the nature of an organisation’s business may mean that obtaining third-party insurance to cover the value of the assets that it holds in custody is challenging or unaffordable.

However, the same organisation may be able to rely on the scale of its business and its position within a larger group organisation to obtain a surety bond that satisfies the requirement.

As you can see, understanding the nature, scale and complexity of its business in order to comply appropriately with the codes will prove valuable to the regulatory success of a digital asset business.

Associates Carl Meyer and Karim Creary are members of the technology and innovation group in the corporate department at Appleby. A copy of this column can be obtained on the Appleby website at www.applebyglobal.com. This column should not be used as a substitute for professional legal advice. Before proceeding with any matters discussed here, persons are advised to consult a lawyer.