Bermuda Insights: Regulatory and Risk Consulting – Financial Services

To print this article, all you need to do is be registered or log in to


Investment Firms Act 2003 Regulatory Updates

The BMA has released a number of consultation papers proposing improvements to the investment business regime in Bermuda. These changes will result in significant changes to legislation, codes of conduct, rules and statement of principles and are expected to come into effect in the second half of 2022. At a high level, the changes will require entities to either register as a Class A, Class B or unregistered person and will require that any entity incorporated or formed in Bermuda which engages in investment business is licensed by the BMA, whether or not the entity is engaged in investment business in from a place of business, where it employs staff and pays salaries. There is also a proposed new sandbox license for innovation related to investment firms, which will be introduced in the form of Class T and Class F license categories. Some license categories will also have to appoint a principal representative.

Ongoing updates to the digital asset regulatory framework

As a leading jurisdiction in the fintech and digital asset sector, Bermuda continues to improve its regulatory framework with respect to digital assets. The BMA continues to ensure that the digital asset legislative framework is fit for purpose and keeps pace with the digital asset business environment, which continues to rapidly evolve. Proposed amendments to the Digital Asset Business Act 2018 aim to provide more clarity to applicants and facilitate more efficient administration of the legislative framework.

Personal Information Protection Act 2016

Bermuda’s Privacy Commissioner has appointed an Operations Support Commissioner, as well as an Assistant Policy and Engagement Commissioner and has been actively involved in the development of policy briefs and platforms training to help Bermuda organizations meet their obligations under the Privacy Act 2016 (“PIPA”). There is still no confirmed date for the entry into force of the substantive provisions of PIPA, however, we expect PIPA to be introduced by the end of 2022 with a phased approach for entities to be compliant. . We recommend that organizations in Bermuda review their current handling of personal information now and ensure that they are prepared to meet the obligations of PIPA when it comes into effect.

Bermuda AML Regime Regulatory Trends

The BMA has published a series of consultation papers on proposed improvements to general guidance notes and sectoral guidance notes for anti-money laundering and countering the financing of terrorism purposes (the ‘AML orientation’). The proposed amendments to the AML guidance notes do not propose any material changes that would affect the operations of a regulated financial institution, but there are improvements of which regulated financial institutions should be aware, such as who the BMA will consider to be “fit and clean”. ‘ carry out the independent statutory audit of the accounts.

Following a change to the definition of “occasional transaction”, digital asset businesses are now required to perform customer due diligence on single transactions or a series of linked transactions where the threshold for those transactions reached $1,000. This allows Bermuda to fully comply with FATF requirements and maintain Bermuda’s reputation as a reputable jurisdiction.

The BMA continues to conduct regulated financial institutions on the spot and take enforcement action, which has resulted in a significant increase in independent audit instruction as well as legal and regulatory advice, to ensure that on an ongoing basis , regulated financial institutions operate within the laws and regulations of Bermuda.

Introduction of cyber reporting requirements

All financial sectors licensed, registered and supervised by the BMA are required to comply with the Operational Cyber ​​Risk Management Code of Conduct, which was first implemented for registered insurers and insurance intermediaries. There is also a requirement to report to the BMA any “Cyber ​​Reporting Event” experienced by a regulated entity in Bermuda or where a Bermuda entity is involved in a “Cyber ​​Reporting Event” of its global operations. Due to these new requirements, there has been a significant increase in guidance regarding legal and regulatory reviews of cybersecurity and information security policies and procedures, as well as assisting entities to report to the BMA, if necessary.

This article is taken from the white paper Bermuda Insights: Trends and Opportunities 2022, available here:

Bermuda Trends 2022

The content of this article is intended to provide a general guide on the subject. Specialist advice should be sought regarding your particular situation.

POPULAR ARTICLES ON: Bermuda Finance and Banking

Cayman Islands Update: SIBA Enrollees

Maple group

Recent Anti-Money Laundering (“AML”) investigations conducted by the Cayman Islands Monetary Authority (“CIMA”) have once again highlighted that CIMA-regulated entities…

Martin E. Berry