Virgin Islands Regulatory Code (Revised 2020)

LAW OF VIRGIN ISLANDS Regulatory Code 129 Revision Date: 1 Jan 2020 [Statutory Instrument] REGULATORY CODE ARRANGEMENT OF SECTIONS PRELIMINARY PROVISIONS SECTION

1. Short title
2. Definitions
3. Commission may determine undertaking to be parent
4. Definition of “senior officer”, “senior manager” and “senior management”
5. General interpretative provisions
6. Application of the Code PART I PRINCIPLES FOR BUSINESS
7. Application of this Part
8. High level principles PART II PROVISIONS OF GENERAL APPLICATION Preliminary
9. Scope of this Part Division 1 Licensing
10. Application for a licence
11. Business plan to be submitted with application
12. Form and contents of business plan
13. Business plan, insurance licence
14. Display of licence 14A. Staff training and development Division 2 Fit and Proper Criteria
15. Fit and proper assessment
16. Responsibility of licensee, fit and proper assessment

130 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS Division 3 Management and Control Preliminary 17. Purpose of this Division Corporate governance framework 18. Corporate governance framework 18A. Terms of business 18B. Advertising and communication practices 19. Directors of BVI licensee 20. Responsibilities of board 21. Responsibilities of senior management 22. Span of control 23. BVI licensee with overseas subsidiaries 24. Foreign licensee to appoint BVI manager Strategies, policies, systems and controls 25. Establishment of policies, systems and controls 26. Risk management 27. Business continuity plans 28. Foreign licensees Internal controls 29. Establishment and maintenance of internal controls 30. Responsibilities of board and senior management 31. Information systems 32. Monitoring of internal control systems and correcting deficiencies 33. Foreign licensees Internal audit 34. Appointment of internal audit function 35. Internal audit function 36. Internal audit reports to be submitted to Commission at its request Audit committee 37. Audit committee Record keeping

LAW OF VIRGIN ISLANDS Regulatory Code 131 Revision Date: 1 Jan 2020 [Statutory Instrument] 38. Licensee to maintain records 39. Retention of records Division 4 Compliance 40. Purpose of this Division 41. Compliance policies, systems and controls 42. Appointment of compliance officer 43. Obligations of licensee with respect to compliance officer 44. Temporary absence of compliance officer 45. Duties and responsibilities of compliance officer 46. Compliance manual 47. Compliance officer report 48. Contents of report 49. Group compliance Division 5 Outsourcing 50. Outsourcing 51. Prohibitions with respect to outsourcing 52. Outsourcing policy 53. Outsourcing risk management 54. Outsourcing arrangements Division 6 Financial Statements, Audit 55. Application of this Division 56. Qualifications for auditor 57. Auditor to be independent 58. Auditor to provide information when at request of Commission 59. Accounting and audit standards 60. Signing of auditor’s report 61. Professional indemnity insurance Division 7 Customer Assets 62. Interpretation for, and scope of, this Division 63. General obligations with respect to customer assets 64. Customer bank accounts

132 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS 65. Customer money to be paid into bank account 66. Use of customer money 67. Records relating to customer money 68. Interest on customer money Division 8 Other Obligations and Restrictions The abuse of financial services and customer due diligence 69. Policies, systems and controls, abuse of financial services 69A. Complaints policy and procedure 69B. Significant complains Relationship with, and Reporting to, the Commission 70. Significant regulatory impact disclosure 71. Required standard of disclosure 72. Certain events and changes to be notified to Commission PART III BANKING Preliminary 73. Interpretation for this Part Division 1 Capital Adequacy Requirements Over-riding capital resource requirement 74. Over-riding capital resource requirement 75. Prudential and Statistical Returns Order Specific capital resource requirements 76. Minimum tier 1 capital requirement 77. Meaning of “tier 1 capital” 78. Meaning of “contributed capital” 79. Meaning of “perpetual non-cumulative preference shares” 80. Meaning of “unappropriated retained earnings” 81. Meaning of “minority interest” 82. Other approved capital items 83. Minimum risk weighted capital adequacy ratio 84. Meaning of “capital base” 85. Meaning of “tier 2 capital”

LAW OF VIRGIN ISLANDS Regulatory Code 133 Revision Date: 1 Jan 2020 [Statutory Instrument] 86. General loan-loss reserves 87. Hybrid debt/equity instruments 88. Unsecured subordinated debt 89. Other approved capital items 90. Risk-weighted asset exposure 91. Off-balance sheet exposure Regulatory deposits 92. Regulatory deposit to be made by licensed banks 93. Regulatory deposits, supplementary provisions Division 2 Exposures 94. Interpretation 95. Meaning of “exposure” 96. Exposure limits BVI banks 97. Exemption for exposures secured by cash 98. Other exemptions 99. Policies, systems and controls 100. Reports with respect to large exposures Division 3 Risk Management Preliminary 101. Purpose of Division 102. Meaning of “connected party” and “connected counterparty” Credit risk 103. Credit risk strategy, policies, systems and controls 104. Criteria for granting credit 105. Systems for credit administration, measurement and monitoring 106. Controls over credit risk 107. Loan-loss reserves Country and transfer risk 108. Country and transfer risk systems and controls Liquidity risk 109. Framework for managing liquidity

134 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS 110. Responsibilities of board and senior management 111. Submission of liquidity management strategy to Commission 112. Liquidity limits 113. Systems and controls for liquidity management 114. Foreign currency liquidity management Interest Rate Risk 115. Interest rate risk strategy, policies, systems and controls 116. Responsibilities of board and senior management 117. Measurement of interest rate risk Operational Risk 118. Operational risk strategy, policies, systems and controls 119. Responsibilities of board and senior management Division 4 Obligations of, and Restrictions on, Banks Investments, acquisitions and distributions 120. Investment strategy, policies, systems and controls 121. Responsibilities of board 122. Restrictions on investments and acquisitions 123. Investment limits 124. Exemptions from investment limits 125. Distributions Compliance 126. Additional requirements with respect to compliance Consolidated supervision 127. Branches, offices and subsidiaries etc. PART IV INSURANCE Preliminary 128. Interpretation for this Part

LAW OF VIRGIN ISLANDS Regulatory Code 135 Revision Date: 1 Jan 2020 [Statutory Instrument] Division 1 Financial Resource Requirements, Licensed Insurers Capital and solvency margin 129. Over-riding capital resource requirement 130. Contributed capital 131. Minimum solvency margin requirement Liabilities and assets 132. Calculation and valuation of liabilities 133. Valuation of assets Investments 134. Investment strategy, policies, systems and controls 135. Responsibilities of board 136. Risk management and internal controls 137. Further provisions concerning investments Reinsurance arrangements 138. Approved reinsurers 139. Submission of reinsurance arrangements to Commission Division 2 Corporate Governance and Policies, Systems and Controls 140. Remuneration policies 141. Risk management 142. Underwriting and pricing strategy, policies, systems and controls Division 3 Actuaries 143. Application of this Division 144. Qualifications for actuary 145. Actuary to provide information when at request of Commission 146. Duties of actuary 147. Prescribed actuarial standards

136 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS Division 4 Insurance Managers and Intermediaries Contributed capital 148. Over-riding contributed capital requirement 149. Contributed capital Professional indemnity insurance 150. Professional indemnity insurance 151. Variation and exemption re insurance requirements PART V TRUST COMPANIES AND COMPANY MANAGEMENT COMPANIES Preliminary 152. Interpretation for this Part Division 1 Financial Resource Requirements Over-riding capital resource requirement 153. Over-riding capital resource requirement Requirements applicable to licensed trust companies 154. Meaning of “contributed capital” 155. Minimum capital resource requirement, licensed trust companies 156. Regulatory deposits, scope and interpretation 157. Regulatory deposit requirements Capital requirements, licensed company managers 158. Minimum capital resource, company managers 159. Criteria for letter of credit or guarantee Professional indemnity and other insurance 160. Insurance requirements 161. Minimum levels of cover 162. Commission may vary insurance requirements

LAW OF VIRGIN ISLANDS Regulatory Code 137 Revision Date: 1 Jan 2020 [Statutory Instrument] Division 2 Managed Trust Companies 163. Obligations on managed trust companies 164. Management agreements and outsourcing 165. Books and records 166. Corporate governance and resource requirements PART VI MONEY SERVICES BUSINESS 167. Interpretation for, and purpose of, this Part Capital resource requirements 168. Over-riding capital resource requirement 169. Minimum capital resources 170. Criteria for letter of credit or guarantee 171. Regulatory deposit to be made by foreign money services business 172. Regulatory deposits, supplementary provisions Management and control 173. Corporate governance framework 174. Foreign licensee to appoint BVI manager 175. Internal controls 176. Licensed money services business to maintain records 177. Customer assets and money PART VII INSURANCE BUSINESS Preliminary 178. Interpretation for this Part 179. Scope for this Part 180. Records Division 1 Capital and Insurance Requirements Over-riding capital resource requirement 181. Over-riding capital resource requirement

138 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS Professional indemnity and other insurance 182. Insurance requirements Division 2 Conduct of Business General Requirements 183. General conduct of business standards 184. Fund functionaries 185. Valuation and pricing of fund property 186. Client agreement: retail customer 187. Client agreement: non-retail customer 188. Disclosure 189. Suitability 190. Charges Dealing and Managing 191. Customer 192. Timely execution 193. Allocation of orders 194. Aggregation of orders 195. Best execution 196. Churning and switching 197. Front running Conflicts of Interest 198. Requirements concerning conflicts of interest 199. Policies and procedures Division 3 Customer Assets 200. Scope of, and interpretation for, this Part 201. Safekeeping of customer investments 202. Use of customer investments SCHEDULE 1: Licences SCHEDULE 1A: BVI Financial Services Commission Guidance Notes of Fit and Proper Test SCHEDULE 2: Key Outsourcing Risks SCHEDULE 3: Events and Changes to be Notified to Commission SCHEDULE 4: Calculation of Risk Weighted Capital Adequacy Ratio SCHEDULE 5: Allowable Assets SCHEDULE 6: Transitional Provisions

LAW OF VIRGIN ISLANDS Regulatory Code 139 Revision Date: 1 Jan 2020 [Statutory Instrument] REGULATORY CODE – SECTION 41 (S.I.s 60/2009, 91/2010 and 69/2019) PRELIMINARY PROVISIONS Commencement [1 February 2010] Short title

1. (1) This Code may be cited as the Regulatory Code. Schedule 6 (2) The transitional provisions specified in Schedule 6 shall have effect.

---

EXPLANATORY NOTES What is the Regulatory Code? (i) The Financial Services Commission Act [the “FSC Act”] and the regulatory legislation for which the Commission has responsibility together establish a general legal framework for the regulation and supervision by the Commission of financial services business carried on in and from within the Virgin Islands [referred to in the Explanatory Notes as “the BVI”]. The regulatory legislation, which is specified in Part 1 of Schedule 2 to the FSC Act, comprise the— (a) Banks and Trust Companies Act; (b) Company Management Act; (c) (Repealed by S.I. 91/2010) (d) Proceeds of Criminal Conduct Act; (e) Insolvency Act; (f) Insurance Act; (Inserted by S.I. 91/2010) (g) Financing and Money Services Act; and (Inserted by S.I. 91/2010) (h) Securities and Investment Business Act (Inserted by S.I. 91/2010). However, the Regulatory Code has no application with respect to the Insolvency Act limited application with respect to the Financing and Money Services Act, 2009 and the Securities and Investment Business Act (as funds are not subject to the Code) and only incidental application with respect to the Proceeds of Criminal Conduct Act. (Amended by S.I. 91/2010) (ii) The regulation and supervision of financial services is both complex and technical. It is not practicable for the details to be contained in primary legislation. Furthermore, it is important that the regulatory framework is able to readily evolve as international standards change and the financial services sector in the BVI develops and matures. It is impracticable and undesirable for

140 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS primary legislation to be changed frequently and, for these reasons, the FSC Act enables the Commission, as the BVI’s financial services regulator, to issue a Regulatory Code [“the Code”] containing more detailed requirements that support the general framework established by the primary legislation. (iii) Licensees should ensure that they read and understand the FSC Act, the regulatory legislation [which includes any regulations made under such legislation] and the Code, to the extent applicable to them. Status of the Code (iv) As the Code is made by the Commission under powers given to it under the FSC Act, it has the status of delegated or subsidiary legislation. A number of international standards require matters to be included in “law”. As subsidiary legislation, the Code has the status of “law” in the BVI. A requirement in the Code— (a) must therefore be complied with by every person to whom it applies; (b) has effect as law and therefore has the same legal force as if it had been contained in the FSC Act or in other financial services legislation; and (c) is enforceable by the Commission [see “Enforcement of the Code” below]. (v) The FSC Act [s. 41(1)] states that the Code may be issued with respect to— (a) the conduct required of licensees and of officers and agents of licensees; and (b) any other matter that the FSC Act, or any other financial services legislation, requires or permits to be in the Code. The financial services legislation makes numerous references to matters that must or may be included in the Code. The Commission has taken reasonable care to satisfy itself that it has the authority to make provision for all the matters included in the Code. However, in order to avoid the Code becoming cumbersome to read, reference is not made to the specific provisions in the primary legislation that authorise specific requirements of the Code unless it is otherwise helpful to do so. (vi) As far as possible, the Code is to be interpreted purposively. The purposive approach to interpretation requires legislation to be interpreted in accordance with the purpose or objectives of the legislation. Licensees should be prepared, therefore, to look beyond the literal meaning of the text, especially if this seems to be contrary to the intended purpose. Enforcement of the Code (vii) The Commission has the power to take enforcement action against a licensee if the licensee has contravened, or is in contravention of, the Code [FSC Act s. 37(1)(a)(i)]. Where the Commission is entitled to take enforcement action against a licensee, the FSC Act provides the Commission with a range of enforcement powers. These include issuing a directive, requiring a licensee to appoint a qualified person to advise it, undertaking an investigation into a licensee’s business and imposing administrative penalties. Any contravention of the Code will also be taken into account by the Commission in assessing whether a licensee is “fit and proper” to continue to hold a licence or whether its directors and senior managers are fit and proper to be concerned with the management of the licensee. In appropriate cases, the Commission may issue a

LAW OF VIRGIN ISLANDS Regulatory Code 141 Revision Date: 1 Jan 2020 [Statutory Instrument] public statement concerning the licensee [FSC Act s. 37A]. The Commission will, through its off- and on-site monitoring programme, assess the compliance of licensees with the Code. Structure of the Code (viii) There are certain fundamental principles of business that apply to all licensees. These are set out in Part I. Many of the requirements in the Code are of general application, that is they apply to every licensee, regardless of the type of licence held, unless and to the extent that the Code provides otherwise. These requirements are set out in Part II. The Code imposes additional requirements on specific types or categories of licensee. These are set out as follows— (a) requirements applicable to banks in Part III; (b) requirements applicable to insurers in Part IV; (c) requirements applicable to trust companies and company managers in Part V; (d) requirements applicable to money service providers in Part VI; and (e) requirements applicable to investment business licensees in Part VII. (Inserted by S.I. 91/2010) Status of the Explanatory Notes (ix) With the objective of making the Code as user friendly as possible, the Code is supplemented by Explanatory Notes which are set out immediately following the paragraphs of the Code to which they apply. As specified in section 5(1) of the Code, the Explanatory Notes are not part of the Code and do not, therefore, have the force of law. Nevertheless, the Explanatory Notes should be read together with the Code as they are used, for example, to set out— (a) important background or explanatory information; (b) the factors that the Commission will take into account in considering whether or not a requirement in the Code, the FSC Act or a regulatory enactment has been complied with; and (c) guidance on how the Commission expects licensees and others to comply with the Code. (x) To distinguish them from the Code, the Explanatory Notes are indented and printed in italics. Amendment of Code (xi) The Commission may, after consultation with the Minister of Finance and with the approval of the Board of Commissioners, amend the Code at any time [FSC Act, s. 41(2)]. Where the Code is amended, licensees to whom the additional or modified requirements apply will usually be given a reasonable period of time within which to comply with the new or modified requirements.

142 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS Prevention of Money Laundering and Terrorist Financing (xii) The Code does not cover the obligations of a licensee with respect to the prevention of money laundering or terrorist financing. These are covered in the Anti-money Laundering Regulations and the Anti-Money Laundering and Terrorist Financing Code of Practice issued by the Commission under the Proceeds of Criminal Conduct Act. Transitional Provisions (xiii) Although much of the Code formalises current procedures, the Commission recognises that a number of the requirements are new and will impose burdens on existing licensees. In the circumstances, Schedule 6 contains transitional provisions that have the effect of giving existing licensees (i.e. persons who are licensees immediately prior to the commencement date) additional time to comply with certain provisions of the Code. The Code has full effect with respect to new licensees (i.e. persons who were not licensees) with effect from the commencement date.

---

Definitions 2. (1) The following definitions apply for the purposes of this Code— “affiliate”, with respect to an undertaking, means another undertaking that is in the same group as that undertaking; “AML/CFT Code” means the Anti-Money Laundering and Terrorist Financing Code of Practice issued by the Commission under section 27 of the Proceeds of Criminal Conduct Act; “AML/CFT obligation”, with respect to a licensee, means an obligation of the licensee under, or imposed by, the Proceeds of Criminal Conduct Act, the AML Regulations or the AML/CFT Code; “AML Regulations” means the Anti-money Laundering Regulations; “Basel Core Principles” means the Core Principles for Effective Banking Supervision issued by the Basel Committee in October 2006, or such document as may be issued in its place; “banking licence” means a banking licence issued under the Banks and Trust Companies Act; “Basel Committee” means the international body responsible for setting standards for the regulation and supervision of banking, known as the “Basel Committee on Banking Supervision”, or such body as may succeed it, by whatever name called, and includes any present or future subcommittee of the Basel Committee; “board”, in relation to an undertaking, means— (a) the board of directors, committee of management, council or other governing authority of the undertaking; or (b) if the undertaking has only one director, that director; “BVI bank” means a BVI business company that holds a banking licence;

LAW OF VIRGIN ISLANDS Regulatory Code 143 Revision Date: 1 Jan 2020 [Statutory Instrument] “BVI business company” means a company that is on the Register of Companies maintained under the BVI Business Companies Act; “BVI insurer” means a BVI business company that holds an insurer’s licence; “BVI licensee” means a licensee that is a BVI business company; “BVI manager” means the person appointed as the manager of a licensee that is a foreign company in accordance with section 24; “BVI undertaking” means an undertaking that, in the case of— (a) a company, is a BVI business company; (b) a limited partnership, is registered under Part VI of the Partnership Act; (c) a partnership that is not a limited partnership, has its principal office in the Virgin Islands; and (d) an unincorporated association, is an undertaking that has its principal office in the Virgin Islands; (Inserted by S.I. 91/2010) “calendar quarter” has the meaning specified in subsection (4); “Code” means the Regulatory Code; “commencement date” means the date that this Code comes into effect; “company” means a body corporate, wherever incorporated, formed or registered, and includes a BVI business company; “company management licence” means a licence issued under the Company Management Act; “complaint”, in relation to a licensee, means any oral or written expression of dissatisfaction, whether justified or not, from or on behalf of a person about the provision of a service which constitutes licensed business and which— (a) alleges that the complainant has suffered, or may suffer, financial loss, material distress or material inconvenience; and (b) relates to the provision of the service by or on behalf of the licensee; (Inserted by S.I. 91/2010) “compliance function” means the function of having responsibility for ensuring compliance by the licensee with its regulatory obligations; “compliance manual” means the compliance procedures manual that a licensee is required to establish and maintain under section 34(2) of the FSC Act; “compliance officer” means the person appointed as the compliance officer of a licensee in accordance with section 34(3) of the FSC Act; “connected”, in relation to the relationship between 2 persons, has the meaning specified in subsection (3) or section 102, as appropriate; “country” includes a territory; “customer”, in relation to a licensee, means a person, whether resident in or outside the Virgin Islands, to whom the licensee provides, agrees to provide or has provided a service that constitutes licensed business; “derivative” means an option, a future or a contract for differences;

144 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS “director”, in relation to an undertaking, means a person appointed to direct the affairs of the undertaking and includes— (a) a person who is a member of the governing body of the undertaking; and (b) a person who, in relation to the undertaking, occupies the position of director, by whatever name called; “dollar” or “$” means the lawful currency for the time being of the United States of America; “eligible insurer” means— (a) an insurer having a financial strength rating of A++, A+, A or A￾assigned to it by the A. M. Best Company or an equivalent financial strength rating assigned by an equivalent rating company; (Amended by S.I. 91/2010) (b) a Lloyd’s syndicate; or (c) an insurer specified by the Commission, on a case-by-case basis as an eligible insurer; “executive director” means a director of an undertaking who is also employed under a contract of service by the undertaking; “financial conglomerate” means a group of companies under common control the exclusive or predominant activities of which consist of providing significant services in at least 2 different types of financial services business; “financial services enactment” means an Act that is listed as financial services legislation in Schedule 2 of the FSC Act, together with all regulations made under the Act concerned; “foreign company” means a company that is incorporated, formed or registered outside the Virgin Islands, but excludes a BVI business company; “foreign licensee” means a licensee that is a foreign undertaking; “foreign undertaking” means— (a) a foreign company; or (b) an undertaking other than a foreign company that has its principal office outside the Virgin Islands; “FSC Act” means the Financial Services Commission Act; “fund administration licence” means a category 6, sub-category B investment business licence; (Inserted by S.I. 91/2010) “fund custodian’s licence” means a category 5, sub-category B investment business licence; (Inserted by S.I. 91/2010) “fund investment advisor’s licence” means a category 4, sub-category B investment business licence; (Inserted by S.I. 91/2010) “fund investment business licence” means— (a) a fund administration licence; (b) a fund custodian’s licence;

LAW OF VIRGIN ISLANDS Regulatory Code 145 Revision Date: 1 Jan 2020 [Statutory Instrument] (c) a fund investment advisor’s licence; or (d) a fund management licence; (Inserted by S.I. 91/2010) “fund management licence” means a category 3, sub-category B investment business licence; (Inserted by S.I. 91/2010) “group”, in relation to an undertaking (the “first undertaking”), means the first undertaking and any other undertaking that is— (a) a parent of the first undertaking; (b) a subsidiary of the first undertaking; (c) a subsidiary of a parent of the first undertaking; (d) a parent of a subsidiary of the first undertaking; (e) an undertaking in which the first undertaking, or an undertaking specified in paragraph (a) to (d) has a significant interest; “IAIS” means the international body responsible for setting standards for the regulation and supervision of insurance, known as the “International Association of Insurance Supervisors” or such body as may succeed it, by whatever name called; “Insurance Core Principles” means the Insurance Core Principles issued by the IAIS in October 2003, or such document as may be issued in its place; “insurance group” means a group of companies which contains more than one insurer; “insurance intermediary’s licence” means an insurance intermediary’s licence issued under the Insurance Act; “insurance manager’s licence” means an insurance manager’s licence issued under the Insurance Act; “insurer’s licence” means an insurer’s licence issued under the Insurance Act; “internal audit function” has the meaning specified in section 34; “investment business licence” means a licence issued under section 6 of the Securities and Investment Business Act; (Inserted by S.I. 91/2010) “IOSCO” means the international body responsible for setting standards for the regulation and supervision of securities, known as the “International Organization of Securities Commissions” or such body as may succeed it, by whatever name called; “IOSCO Objectives and Principles” means the Objectives and Principles of Securities Regulation issued by IOSCO in May 2003, or such document as may be issued in its place; “key functionary” means— (a) the auditor or actuary of a licensee; or (b) the compliance officer of a licensee where, as permitted by or in accordance with the Financial Services (Exemptions) Regulations, the compliance officer is not an individual employed by the licensee under a contract of service;

146 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS “licence” means a licence specified in Schedule 1; “licensed bank” means a person that holds a banking licence; “licensed company manager” means a person that holds a company management licence; “licensed foreign bank” means a foreign company that holds a banking licence; “licensed fund administrator” means a person having a fund administration licence; (Inserted by S.I. 91/2010) “licensed fund manager” means a person having a fund management licence; (Inserted by S.I. 91/2010) “licensed trust company” means a company that holds a trust licence; “licensee” means a person who holds a licence; “Lloyd’s syndicate” has the meaning specified in the Insurance Regulations; “managed trust company” means a licensed trust company whose trust licence is subject to the condition that its business is carried on and managed by another licensed trust company; “managing trust company” means the trust company that manages a managed trust company; “MLRO” means the Money Laundering Reporting Officer appointed by a licensee in accordance with Regulation 13 of the AML Regulations; “money” includes— (a) notes and coins; (b) postal orders; (c) cheques of any kind, including travellers’ cheques, bankers’ drafts and other payable orders; and (d) money deposited in an account, in each case, in any currency; “money laundering compliance function” means the function of having responsibility for ensuring compliance by the licensee with its AML/CFT obligations; “money services licence” means a licence issued under section 9(2) of the Financing and Money Services Act, 2009; (Amended by S.I. 91/2010) “non-executive director” means a director of an undertaking who is not employed under a contract of service by the undertaking; “non-fund investment business licence” means an investment business licence that is not a fund investment business licence; (Inserted by S.I. 91/2010) “outsourcing arrangement” means an arrangement between a licensee and a service provider whereby the service provider, or another person acting for the service provider, undertakes an activity on a continuing basis that would normally be undertaken by the licensee, and “outsource” shall be construed accordingly; “parent”, in relation to an undertaking (the “first undertaking”), means another undertaking that—

LAW OF VIRGIN ISLANDS Regulatory Code 147 Revision Date: 1 Jan 2020 [Statutory Instrument] (a) is a member of the first undertaking and whether alone, or under an agreement with other members, is entitled to exercise a majority of the voting rights in the first undertaking; (b) is a member of the first undertaking and has the right to appoint or remove the majority of the directors of the first undertaking; (c) has the right to exercise a dominant influence over the management and control of the first undertaking pursuant to a provision in the constitutional documents of the first undertaking; (d) is a parent of a parent of the first undertaking; or (e) is an undertaking that the Commission, by a notice issued under section 3, as directed shall be regarded as a parent of the first undertaking; “Principles” means the high level Principles for Business set out in Part I; “recognised credit rating agency” means— (a) Standard & Poor’s; (b) Fitch Ratings; or (c) Moody’s Investor Services; “recognised exchange” means, subject to subsection (5), an exchange that is a member of the World Federation of Exchanges or an exchange that is recognised by the Commission by notice published in the Gazette; (Amended by S.I. 91/2010) “regulated activity” means an activity that is required to be licensed under a regulatory enactment; “regulatory enactment” means an Act that is listed as regulatory legislation in Part 1 of Schedule 2 of the FSC Act, together with all regulations made under the Act concerned; “regulatory obligation”, with respect to a licensee, means an obligation of the licensee, other than an AML/CFT obligation, imposed by— (a) the FSC Act; (b) any regulatory enactment that applies to the licensee; (c) the Code; (d) a directive or practice direction issued by the Commission that applies to the licensee; or (e) a condition attached to the licence of the licensee; “regulatory regime” means the arrangements for the time being in place for the regulation of financial services business in or from within the Virgin Islands as provided for in— (a) the FSC Act; (b) the regulatory enactments; (c) the Code; and (d) any practice directions, guidance, policies or standards issued by the Commission;

148 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS “retention period” means the period specified in section 39(2) and (3); (Inserted by S.I. 91/2010) “senior manager” and “senior management” have the meaning specified in section 4; “senior officer” has the meaning specified in section 4; “service provider”, in relation to an outsourcing arrangement, means any person other than— (a) a director of the licensee acting in his capacity as a director; or (b) an employee of the licensee acting in his capacity as an employee; “significant interest”, in relation to an undertaking, has the meaning specified in the relevant regulatory enactment, with the proviso that the word “undertaking” is substituted for “company” in each place that it occurs within the definition; “significant owner” with respect to an undertaking, means a person having a significant interest in the undertaking; “solvency margin”, in relation to an insurer, means the surplus of the value of the insurer’s allowable assets over the value of its liabilities where the value of the insurer’s allowable assets and liabilities is determined in accordance with the requirements of this Code; “subsidiary”, in relation to an undertaking [the “first undertaking”], means an undertaking of which the first undertaking is a parent, including by reason of a notice issued by the Commission under section 3; “trust licence” means a Class I, Class II, restricted Class II, Class III or restricted Class III trust licence issued under the Banks and Trust Companies Act; “undertaking” means— (a) a company; (b) a partnership, including a limited partnership; or (c) an unincorporated association; “Zone A bank” means a bank incorporated, licensed and supervised in a Zone A country; “Zone A country” means a country specified in Schedule 4, Part B as a Zone A country; and “Zone B country” means any country that is not a Zone A country. (2) A reference in this Code to a Zone A or Zone B central government, central bank, government or public sector entity is a reference to a central government, central bank, other government body or public sector entity in a Zone A or Zone B country, as the case may be. (3) Subject to section 102, one person (the first person) is connected to another person (the second person) in the following circumstances— (a) where both persons are undertakings that are affiliates of each other; (b) if the second person is an undertaking, where— (i) the first person has a significant interest in the second person; or

LAW OF VIRGIN ISLANDS Regulatory Code 149 Revision Date: 1 Jan 2020 [Statutory Instrument] (ii) the first person is a director or senior manager of the second person. (4) For the purposes of this Code, a year is divided into the following four calendar quarters— (a) 1 January to 31 March; (b) 1 April to 30 June; (c) 1 July to 30 September; and (d) 1 October to 31 December. (5) An exchange that is a member of the World Federation of Exchanges shall not be regarded as a recognised exchange if the Commission publishes a notice to that effect in the Gazette. (Inserted by S.I. 91/2010) (6) A notice under subsection (5) may provide that an exchange shall not be regarded as a recognised exchange for certain specified purposes. (Inserted by S.I. 91/2010) Commission may determine undertaking to be parent 3. (1) In the circumstances specified in subsection (2), the Commission may, by notice issued to a licensee, direct that, for the purposes of this Code, or for certain specified purposes of this code, an undertaking specified in the notice shall be regarded as a parent of the licensee. (2) The Commission may issue a notice under subsection (1) where it is of the opinion that— (a) the undertaking specified in the notice has the right or power to control, or exercise a dominant influence over, the licensee, whether through provisions in memorandum or articles of the licensee, through a contract or otherwise; or (b) the licensee and that undertaking are managed on a unified basis. Definition of “senior officer”, “senior manager” and “senior management” 4. (1) Subject to subsection (4) and unless otherwise specified in a regulatory enactment, “senior officer”, with respect to a licensee, means a person appointed to undertake, or have responsibility for, one or more of the following supervisory or managerial functions with respect to the licensee— (a) the internal audit function; or (b) a senior management function within the meaning of subsection (3). (2) Subject to subsection (4), for the purposes of this Code, “senior manager”, with respect to a licensee, means an individual employed under a contract of service who is appointed to undertake, or have responsibility for, one or more of the following supervisory or managerial functions— (a) the compliance function; (b) the money laundering compliance function; (c) the internal audit function; or (d) a senior management function.

150 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (3) Without limiting subsection (2), an employee has a senior management function if he or she— (a) acts as chief executive officer of the licensee or occupies an equivalent position under a different name; (b) holds a position that requires him or her to be answerable to the board of the licensee; or (c) has responsibilities that include direct involvement in the licensee’s management or decision-making process at a senior level. (4) The terms “senior officer” and “senior manager” do not include a non￾executive director of the licensee or an executive director, when acting as a director. (5) The term “senior management”, when used with respect to a licensee, means— (a) the senior managers of the licensee, collectively; or (b) where the context requires, those senior managers having responsibility for particular functions. General interpretative provisions 5. (1) The Explanatory Notes provided under any sections of this Code do not represent legal interpretations of the sections concerned, but are provided merely to serve as a guide and to afford clarity in better understanding the sections and the overall requirements of or obligations under the Financial Services Commission Act and the relevant regulatory legislation. (2) Notwithstanding subsection (1), a court or the Commission may, in dealing with any matter under or in relation to this Code, have regard to the Explanatory Notes provided in this Code. (3) Where, in a regulatory enactment or the Code, a sum is specified in dollars or $ but the enactment or Code permits an equivalent sum in a different currency to be used, the equivalent sum shall be calculated in respect of any particular day at the mid￾exchange rate prevailing at the close of that day. (4) For the purposes of subsection (3), the mid-exchange rate used shall be— (a) the exchange rate published— (i) by a Central Bank in a Zone A country; (ii) in the Financial Times newspaper, as published in the United Kingdom; or (iii) in the New York Times, as published in New York, USA; or (b) the exchange rate published by such person or body, or in such publication as the Commission may approve for a particular licensee or purpose. (5) Where an exchange rate is used by a licensee in accordance with subsection (3), the source of the exchange rate used shall be specified.

LAW OF VIRGIN ISLANDS Regulatory Code 151 Revision Date: 1 Jan 2020 [Statutory Instrument] EXPLANATORY NOTES Definitions (i) As the Code has the status of subsidiary legislation made under the FSC Act, any terms defined in the FSC Act have the same meaning in the Code, unless the Code expressly provides otherwise. The definitions in the FSC Act are not generally repeated in the Code although, where it is considered helpful, the definitions are referred to in the Explanatory Notes. AML/CFT Obligations and Regulatory Obligations (ii) Section 2 defines the terms “AML/CFT obligation” and “regulatory obligation” with respect to a licensee. Every licensee is subject both to regulatory obligations and AML/CFT obligations. However, the compliance function with respect to regulatory obligations is overseen by the licensee’s compliance officer whereas the compliance function with respect to AML/CFT obligations is overseen by the licensee’s MLRO, as provided in the AML Regulations. However, where appropriate given the size and nature of a licensee’s business and if approved by the Commission in accordance with section 34 of the FSC Act, these functions may be performed by the same person. Directors (iii) The definition of “director” in the Code is wider than the definition of “director” in the BVI Business Companies Act. This is necessary as not all licensees are companies. Furthermore, unlike the definition in the BVI Business Companies Act, the definition reflects the primary function of a director, i.e. to direct the affairs of the company or other undertaking. Any person who undertakes that function with respect to a licensee should consider himself, and will be considered by the Commission, as being a director of the licensee, regardless of the title that he holds. The definition makes it clear that any person who is a member of the governing body of the undertaking (which includes the board) is a director. (iv) The provisions of the BVI Business Companies Act with respect to directors [see in particular Part VI of that Act] apply to every BVI licensee. These provisions cover, in particular— (a) the role of directors in the management of a company; (b) the duties of directors and conflicts of interest; and (c) procedural matters such as the appointment, removal and resignation of directors and proceedings of directors. Board (v) The definition in the Code of the “board” of a company is substantively the same as the definition in the BVI Business Companies Act, although it applies to all types of undertaking, not just companies. In effect, the board is the directors of the company acting together. Paragraph (b) of the definition provides that where a company only has one director, that director is the board. However, it should be appreciated that licensees are required to have at least 2 directors. This definition should not, therefore, be taken as an indication that a licensee only requires one director.

152 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS Senior officer and senior manager (vi) Certain regulatory enactments provide that the term “senior officer” means a person appointed to perform such supervisory or managerial functions with respect to a licensee as may be prescribed in the Regulatory Code. Section 4(1) prescribes supervisory and managerial functions for the purposes of these regulatory enactments. The effect of section 4(1) is that “senior officer” means anybody who is a senior manager within the meaning of the Code, except the compliance officer and the money laundering compliance officer. Section 4(1) does not apply where a regulatory enactment includes a complete definition of “senior officer”. (vii) The term “senior officer” is used to determine the persons who, in addition to the directors and compliance officer of a licensee, require the approval of the Commission before their appointment under the regulatory legislation specified in section 4(2). Although the term is not used in the Code, it is central to the Approved Person’s Regime which first came into force in March 2009. (viii) The term “senior management”, as used in the Code has a wider meaning than “senior officer” as the term includes those employees appointed to undertake, or have responsibility for, the compliance function and the money laundering compliance function. Basel Committee, IAIS and IOSCO (ix) The Basel Committee on Banking Supervision [“the Basel Committee”], the International Association of Insurance Supervisors [“the IAIS”] and the International Organization of Securities Commissions [“IOSCO”] are the international bodies responsible for setting international standards with respect to banking, insurance business [including insurance intermediaries] and investment business and securities. The BVI Government and the Commission are committed to implementing the standards set by all three bodies, as far as relevant and applicable to the financial services industry in the BVI. Recognised credit rating agency (x) The credit rating agencies recognised by the Commission are each internationally recognised and subject to the Code of Conduct Fundamentals for Credit Rating Agencies issued by IOSCO, the essential purpose of which is to promote investor protection by safeguarding the integrity of the rating process. Recognised exchange (xi) For the purposes of this Code, the Commission recognises all exchanges that are members of the World Federation of Exchanges. In order for a stock exchange to be admitted as a member of the World Federation of Exchanges, it must meet certain criteria. For instance member exchanges should have available an adequate organisational infrastructure which has in place a risk management system and specific rules and regulations that serve to protect investors. These rules and regulations must promote transparency, efficiency, accountability and adequate supervision of participants and member exchanges must also have adequate operational resources to enable them to offer the proper tools for trading in securities. A list of member exchanges is available on the website of the World Federation of Exchanges (www.world-exchanges.org).

LAW OF VIRGIN ISLANDS Regulatory Code 153 Revision Date: 1 Jan 2020 [Statutory Instrument] (xii) The Commission may also recognise other exchanges that are not members of the WFE by notice published in the Gazette. Financial conglomerate (xiii) A financial conglomerate is defined as a group of companies the predominant activities of which include more than 2 types of financial services business. The term “financial services business” is defined in the FSC Act as a business or activity for which a licence is required or a business or activity that is specified by the regulations as financial services business. In order to understand the definition of financial conglomerate, it is necessary to consider what constitutes different “types” of financial business. It is not possible to provide a precise definition, but the following guidance may be helpful— (a) If one activity falls to be regulated under one regulatory enactment and a second activity falls to be regulated under a different regulatory enactment, the Commission considers that these should usually be regarded as different types of financial services business. (b) Where 2 activities fall to be regulated under the same regulatory enactment, they should be regarded as 2 different types of financial services business if there are material differences between the businesses and their regulation. For example, banking and trust services business fall under the same regulatory enactment, but they are materially different. The Commission therefore regards them as different types of financial services businesses.

---

Application of the Code 6. (1) Subject to subsection (2), this Code applies to— (a) a licensee; and (b) such other persons as the Code may, in respect of any particular provisions, expressly provide. (2) This Code does not apply to a licensee— (a) to the extent that the Code expressly provides otherwise; (b) in respect of any provisions where, from the context, it is clearly intended that the provisions are not intended to apply to the licensee concerned or are intended to apply to licensees of a different category or type than that of the licensee concerned; or (c) to the extent specified in any notice issued by the Commission with respect to the licensee under section 40C of the FSC Act. (3) If the application of the Code to a licensee or any other person results in conflict with a provision in a regulatory enactment, the provision in the regulatory enactment prevails.

154 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS EXPLANATORY NOTES Application of Code (i) The Code applies to all persons holding a “licence”, as defined in section 2(1). The Code does not apply to the following persons as they do not fall within the definition of “licensee”, even though they hold a licence under a regulatory enactment2— (a) licensed insolvency practitioners; (b) licensed loss adjusters; (c) mutual funds that are registered as public funds, or recognized as private or professional funds, under the Securities and Investment Business Act; (Substituted by S.I. 91/2010) (d) holders of a financing licence issued under the Financing and Money Services Act, 2009. (ii) Licensed insolvency practitioners are excluded because they are subject to a separate Code of Practice issued under the Insolvency Act. (iii) The Code is largely inappropriate for, and therefore does not apply to, loss adjusters, to holders of a financing licence or to funds (which are essentially investment vehicles). (iv) It should be noted that the Code does not apply only to licensees. Certain provisions apply to other persons, such as the directors and senior managers of a licensee. Money Services Licensees (v) The following provisions of the Code apply to holders of a money services licence— (a) the Preliminary Provisions; (b) Part I; (c) Part II, except for Divisions 3 and 5; and (d) Part VI. Direction to Disapply the Code (vi) The Commission may, on the application of, or with the consent of, a licensee direct that specified provisions in the Code do not apply to the licensee or that specific provisions apply to the licensee subject to specified modifications [FSC Act s. 40C(2)]. (vii) The Commission is unlikely to direct that the Code should be disapplied or modified with respect to a licensee unless the licensee can demonstrate that a strict application of the Code would produce an anomalous result. Captive Insurers (viii) Although the Code applies fully to licensed insurers that are captive insurers, the Commission accepts that it must be appropriately applied given the particular circumstances of captive insurers. In October 2008, the IAIS issued a Guidance Paper on the Regulation and Supervision of Captive Insurers (the Captives Guidance Paper). The Captives Guidance Paper is intended to provide

LAW OF VIRGIN ISLANDS Regulatory Code 155 Revision Date: 1 Jan 2020 [Statutory Instrument] guidance to insurance supervisors on the aspects of regulation and supervision that are specifically relevant to captive insurers. Drawing on the Captives Paper, the Commission provides guidance in the Explanatory Notes for Part IV with respect to the application of the Code to captive insurers. Captive insurers and insurance managers may take this guidance into account in applying not just the provisions in Part IV [Insurance], but also some of the more general provisions in Part II [Provisions of General Application.(Amended by S.I. 91/2010)

---

PART I PRINCIPLES FOR BUSINESS Application of this Part 7. This Part applies to all licensees. High level principles 8. A licensee shall at all times conduct its licensed business in accordance with the following 6 Principles—

1. Integrity A licensee shall conduct its business with integrity.
2. Management and Control A licensee shall take reasonable care to organise and control its affairs effectively and have adequate risk management systems in place.
3. Financial Resources A licensee shall maintain adequate financial resources, including capital resources as appropriate, taking into account the nature, scale, complexity and diversity of its business and the risks it faces.
4. Customers’ Interests A licensee shall have due regard for the interests of its customers and treat them fairly. A licensee shall make adequate arrangements to protect its customers’ assets when it has responsibility for them and shall manage conflicts of interest fairly.
5. Transparency A licensee shall be transparent in its business arrangements.
6. Relationship with Commission A licensee shall deal with the Commission in an open and cooperative manner.

---

EXPLANATORY NOTES Objective (i) The objective of this Part is to establish a set of high level Principles for the conduct by licensees of their licensed businesses.

156 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS Responsibility of Licensee with Respect to Principles (ii) The specific requirements of the Code contained in Parts III to VII are designed to give practical effect to the Principles. However, it is not possible for the Code to be exhaustive. In areas where the Code is not specific or where it does not cover a particular situation, licensees should apply the Principles appropriately. Furthermore, it remains the responsibility of a licensee to ensure that it carries on its business in accordance with the Principles. Depending upon the nature, scale, complexity and diversity of a licensee’s business and the risks to which it is exposed, it may be necessary for licensees to adopt higher standards than provided for in the Code in order to ensure compliance with the Principles. In such a case, a licensee that is in compliance with all the detailed requirements of the Code may nevertheless be in breach of the Principles and therefore liable to enforcement action. (Amended by S.I. 91/2010) (iii) As far as possible, the Code is organised so that requirements relating to a particular Principle are grouped together. However, given the volume of material that must be included in the Code and the fact that the Code covers all sectors of the financial services sector, it has not been possible to achieve this in all cases. Furthermore, some of the provisions of the Code, such as licensing, include issues that fall under many of the Principles. The financial resource requirements applicable to licensees are contained in the sector specific Parts of the Code, e.g. the financial resource requirements applicable to banks are contained in Part III. (iv) There are no specific provisions in the Code relating to Principle 1 (Integrity). The Commission considers this Principle to be fundamental to all activities of a licensee and any failure to comply with the Principle would be regarded by the Commission as an extremely serious breach of the Code. (v) Principle 2 (Management and Control) requires a licensee to take reasonable care to organise and control its affairs effectively and have adequate risk management systems in place. It should be appreciated that the inclusion of a reasonableness test is not intended to import a lower standard. However it is intended to ensure that where, for example, a licensee fails to prevent an unforeseen risk, it will not be in breach of the Principle. (vi) Principle 3 requires a licensee to maintain adequate financial resources, including capital resources as appropriate, taking into account the nature, scale, complexity and diversity of its business and the risks it faces. Specific capital resource requirements are imposed on most licensees in the specific Part of the Code that applies to them. In addition, the specific Parts of the Code impose over￾riding capital resource requirements on the licensees to which they are subject. (Inserted by S.I. 91/2010) Principle 3, by requiring the maintenance of adequate financial resources, imposes a broader obligation on licensees. Compliance with the specific capital resource requirements imposed by the Code does not necessarily mean that the licensee has sufficient financial resources as required by this Principle. (Inserted by S.I. 91/2010) (vii) A licensee should, therefore, monitor its total financial resources, in addition to its capital resources, and take appropriate action to increase its financial resources if they are insufficient, given its particular circumstances. (Inserted by S.I. 91/2010)

LAW OF VIRGIN ISLANDS Regulatory Code 157 Revision Date: 1 Jan 2020 [Statutory Instrument] PART II PROVISIONS OF GENERAL APPLICATION Preliminary Scope of this Part 9. (1) In Divisions 1, 2, 4, 6 and 7 of this Part, “licence” includes a money services licence and “licensee” includes a person holding a money services licence. (2) In Divisions 3 and 5, “licence” excludes a money services licence and “licensee” excludes a person holding a money services licence. Division 1 Licensing Application for a licence 10. (1) An application to the Commission for a licence shall be made using the appropriate approved form and shall include the information specified in the approved form. (2) A licence will not be granted to an applicant unless the applicant is able to satisfy the Commission that it complies with— (a) all applicable statutory criteria; (b) the Commission’s general licensing criteria; and (c) any additional licensing criteria applicable to the applicant.

---

EXPLANATORY NOTES Introduction (i) The regulatory enactments contain provisions concerning licensing. The purpose of this Division is not to re-iterate these provisions, but to specify additional licensing requirements. The Explanatory Notes to this Division are designed to provide an explanation of the Commission’s general licensing criteria and the additional licensing criteria applicable to applicants for certain types and categories of licence. General Licensing Criteria (ii) The Commission has a general discretion as to whether or not to grant a licence. Licensing decisions are made by the Commission’s Licensing and Supervisory Committee on a case-by-case basis. However, to provide transparency and to assist applicants in the preparation of their applications, paragraphs (iv) to (xvii) of these Explanatory Notes describe the Commission’s general licensing criteria. In part, these criteria are derived from specific requirements in the regulatory enactments but, where appropriate, those criteria have been supplemented.

158 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS Legal Status (iii) Some types of licence will only be granted to a BVI business company or (in certain circumstances) to a foreign company (for example, a banking licence, a trust licence, an insurer’s licence, an insurance manager’s licence and an insurance intermediary’s licence.) This requirement may be specified in the regulatory enactment concerned. In cases where the Commission is not prevented by a regulatory enactment from doing so, it may consider granting a licence to a limited partnership or some other form of undertaking that is not a company. Suitability of Directors, Senior Management, Significant Owners and Certain Functionaries (iv) An applicant will have to satisfy the Commission that its directors, its senior management [individually and collectively] and its significant owners satisfy the Commission’s fit and proper criteria. In determining whether a person is a “significant owner”, the Commission is required to look behind legal ownership to ultimate beneficial ownership. The Commission’s fit and proper criteria are set out in, Division 2 of this Part of the Code. (v) A licensee is also required to obtain the Commission’s consent for the appointment of certain persons who undertake functions for the licensee, for example a licensee’s auditor and, in the case of a licensed insurer, its actuary. Where a licensee is required to appoint an auditor or other functionary, the applicant will usually have to provide details of the person that it proposes to appoint on making the application, and the Commission will need to be satisfied that the person concerned also satisfies its fit and proper criteria. Ownership Structure (vi) An applicant will have to satisfy the Commission that its ownership structure will not impede the Commission’s effective supervision of the applicant if it is granted a licence. Where the applicant is part of a group, the Commission will consider the ownership structure of the group and its members in addition to the ownership structure of the applicant. As part of this process, the Commission will need to be satisfied that the ownership structure is transparent. The Commission will not grant a licence to any BVI business company that is authorised to issue bearer shares. Financial Resources (vii) An applicant will have to satisfy the Commission that it has, or before the grant of the licence will have, sufficient financial resources, including capital resources, to support the licensed business that it will carry on taking into account the nature, scale, complexity and diversity of the business and the risks to which the applicant is likely to be exposed. An applicant will have to demonstrate that, before the licence is issued, it will be able to satisfy the applicable minimum capital resource requirements set out in the relevant regulatory enactments, any applicable regulations and the Code. However, the Commission may decide, on a case-by-case basis, to impose higher capital resource requirements or to impose other financial resource requirements, which may include the lodging of a regulatory deposit. In assessing an applicant’s financial resources, the Commission will consider not only the amount of the resources available to the applicant, but also the quality of the resources and their availability to the applicant.

LAW OF VIRGIN ISLANDS Regulatory Code 159 Revision Date: 1 Jan 2020 [Statutory Instrument] (viii) In considering whether the proposed capital resources are adequate for an applicant, the Commission will consider the applicant’s capital resource requirements throughout the period of the business plan and initial financial projections. The capital should be adequate on the basis that the financial projections are subjected to stresses and shocks. The Commission will not consider capital adequacy against “best case” projections. (ix) Where the applicant is part of a group, the Commission may also consider the financial resources of the group and relevant group members and whether the group structure could impact on the financial resources available to the applicant. (x) Adequate financial resourcing is also part of the fit and proper criteria and reference should also be made to Division 2 of the Code. Management and Operational Structure [Including Internal Controls] (xi) An applicant will have to satisfy the Commission that its management and operational structure is adequate for the licensed business that it proposes to carry on. Where the applicant is part of a group, the Commission may also consider the management and operational structure of the group. In particular, the Commission will need to be satisfied that the management and operational structure of the group, or relevant group members, will not impede the Commission’s effective supervision of the applicant if it is granted a licence. (xii) As part of its assessment of compliance with this criterion, the Commission will consider a number of factors, including the internal controls and compliance procedures that the applicant has in place, or proposes to put in place before the licence is granted, and in particular that it has, or will establish, appropriate risk management policies, systems and controls. Nexus to the BVI (xiii) In determining whether to grant a licence to an applicant, the Commission will consider whether the applicant has a sufficient nexus to the BVI. This is important as the Commission cannot adequately supervise a licensee that has no, or an insufficient, nexus with the BVI. The Commission will refuse an application where the applicant is unable to demonstrate a sufficient nexus to the BVI. (xiv) One of the key indicators of nexus is jurisdiction of incorporation. Where a company is incorporated in the BVI, the Commission will be better able to supervise the company, to take enforcement action against it and, if necessary, to take proceedings against the company in court, including for the appointment of a liquidator. Nevertheless, incorporation in the BVI will not necessarily provide sufficient nexus. For example, in the case of market intermediaries, such as insurance brokers, whose business is or will be carried on outside the BVI, the Commission may need to be satisfied that the broker has a closer nexus to the BVI. In such cases, the Commission will look for the same type of nexus indicators as it would for an applicant that is a foreign company (see further below). (xv) Where an applicant is not, or will not be, incorporated as a BVI business company, the applicant will need to demonstrate some other form of nexus to the BVI. Indicators of nexus include, but are not limited to—

160 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (a) carrying on business from a principal place of business in the BVI, particularly if mind and management is located in the BVI; (b) maintaining a physical presence in the BVI or appointing an appropriately qualified representative in the BVI; (c) maintaining books and records in the BVI that will enable the applicant, if granted a licence, to demonstrate compliance with its regulatory and AML/CFT obligations and that will enable the Commission to properly supervise the licensed business; (d) carrying on business with BVI business companies or with persons resident in the BVI or companies . (xvi) The Commission will determine whether sufficient nexus to the BVI has been demonstrated on a case-by-case basis taking into account all relevant circumstances. Therefore, the fact that an applicant can show that one or more of the above indicators is applicable to it, will not necessarily be enough to demonstrate sufficient nexus to the BVI. Compliance with Regulatory and AML/CFT Obligations (xvii) Before granting a licence, the Commission will need to be satisfied that, on the granting of a licence, the applicant will be able to comply with its regulatory and AML/CFT obligations. Where the applicant is subject to the supervision of a financial services regulator in another jurisdiction, the Commission will also need to be satisfied that the applicant is in compliance with its regulatory and other relevant obligations in that jurisdiction. The Commission will usually require the directors to make a declaration to this effect. Additional Licensing Criteria [Banks] (xviii) Paragraphs (xix) to (xxvi) set out the Commission’s licensing policy with respect to banks, other than to a bank that is— (a) a BVI business company; (b) predominantly locally owned; and (c) primarily doing business within the BVI. (xix) A general banking licence will only be granted to a branch or subsidiary of an international bank with a well-established and proven track record which is subject to effective consolidated supervision by its home supervisory authority. (xx) A restricted Class I or Class II banking licence will only be granted to— (a) a branch or subsidiary of a bank with a well-established and proven track record which is subject to effective consolidated supervision by its home supervisory authority; (b) a bank which, although not a subsidiary, is closely associated with an overseas bank, and which, by agreement, will be included within the consolidated supervision exercised by the overseas bank’s home supervisory authority; or (c) a wholly-owned subsidiary of a non-bank corporation whose shares are quoted on a recognised exchange, where the objective of the subsidiary is to undertake in-house treasury operations only, and where the operations

LAW OF VIRGIN ISLANDS Regulatory Code 161 Revision Date: 1 Jan 2020 [Statutory Instrument] are fully consolidated within the published financial statements of the parent company. (xxi) A licence will only be granted to a bank if its place of incorporation and mind and management are within the same jurisdiction, or, in the case of a subsidiary, if the mind and management are located in the jurisdiction in which consolidated supervision is being exercised. (xxii) The Commission will expect an applicant to demonstrate that its management has proven experience in a relevant field of banking. (xxiii) A banking licence will not be granted unless direct confirmation has been received from the supervisory authority in the jurisdiction in which the applicant or its parent is incorporated, that the authority— (a) consents to the establishment of the subsidiary or branch in the BVI; (b) will exercise consolidated supervision over the applicants business, including within the BVI; and (c) will cooperate in the sharing of regulatory information with the Commission, and that the authority confirms that the applicant, or its parent, is in full compliance with its regulatory and other relevant obligations. (xxiv) The Commission will consider the adequacy of the consolidated supervision exercised by the applicant’s home supervisor taking account of— (a) the legal and administrative powers of the home supervisor; (b) the supervisory methods employed by, and the resources available to, the home supervisor; and (c) any previous dealings that the Commission has had with the home supervisor. (xxv) The licensing criteria for banks outlined above require that in all cases, except where the bank is undertaking in-house treasury functions in the circumstances specified in paragraph (xx)(c) of this Explanatory Note, the bank must be subject to the consolidated supervision of either the Commission or its home supervisory authority. The Commission considers this to be extremely important and the Commission will not, therefore, grant a banking licence to a parallel bank. A parallel bank [which is a bank licensed in a jurisdiction other than the BVI that, while not being part of the same financial group for regulatory consolidation purposes, has the same beneficial owner(s)] presents a significantly higher supervisory risk to the BVI. For further information see the Basel Paper, Parallel-owned Banking Structures, published in January 2003. (xxvi) For the same reasons, the Commission will not under any circumstances grant a banking licence to a shell bank, i.e. a bank incorporated in the BVI that— (a) has no meaningful mind and management in the BVI; and (b) is not affiliated to a financial services group that is subject to consolidated supervision in another jurisdiction.

162 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (xxvii) Shell banks are to be distinguished from booking branches or booking subsidiaries. (xxviii) A booking branch is a branch of a foreign bank that has no mind and management in the jurisdiction in which the branch is situated and licensed. However, to be classified as a booking branch, the branch must be part of a bank that is subject to consolidated supervision in its home jurisdiction. A booking branch would not usually carry on any local business in the jurisdiction in which it is licensed. The Commission will consider applications to establish a booking branch in the BVI provided that the licensing criteria specified in the paragraphs above are met. However, the Commission will adopt a very cautious approach where the booking branch will be managed and controlled from a jurisdiction other than that in which the bank is licensed, i.e. its home jurisdiction. In such circumstances, the Commission would not grant a licence unless satisfied that all parts of the banking structure would be subject to effective banking supervision. In addition to the usual criteria, the Commission will— (a) require the parent bank to formally specify how the branch is to be managed, controlled and audited, where the records are to be kept and the identity of the management; (b) need to be satisfied that the head office accepts responsibility for risk management on a global basis, including the BVI booking branch; (c) need to be satisfied that it can carry out its supervisory obligations as host supervisor, including by carrying out effective on-site and off-site inspections; and (d) require confirmation that the home supervisor accepts primary responsibility for the consolidated supervision of the bank, including the BVI booking branch. The Commission will never licence a BVI booking branch if the mind and management of the branch is to be exercised by an unregulated entity in a third jurisdiction. (xxix) A booking subsidiary is a subsidiary of a foreign bank that has no mind and management in the jurisdiction in which the subsidiary is situated and licensed. As with a booking branch, the subsidiary must be part of a bank that is subject to consolidated supervision in its home jurisdiction. The Commission will not licence a booking subsidiary unless the mind and management is situated in the home jurisdiction of the parent and where the Commission is satisfied that the subsidiary will be subject to the effective consolidated supervision of the home country supervisor. Additional Licensing Criteria [Managed Trust Companies] (xxx) The Commission has, for many years, permitted applicants that satisfy its licensing criteria to operate as a managed trust company. The Regulatory Code establishes a formal regime for the licensing of managed trust companies. Section 2 defines a managed trust company as a licensed trust company whose trust licence is subject to the condition that its business is carried on and managed by a trust company approved by the Commission. A managed trust company may apply for a Class I, a Class II or a Class III trust licence.

LAW OF VIRGIN ISLANDS Regulatory Code 163 Revision Date: 1 Jan 2020 [Statutory Instrument] Managed trust companies are covered in detail in Part V of the Code. These Explanatory Notes are limited to the additional licensing criteria for managed trust companies. (xxxi) In addition to complying with the other requirements for an application for a trust licence, an applicant for a licence to carry on trust company business as a managed trust company will be required to submit with its application— (a) details of the trust company that will manage its business, together with the written consent of the proposed managing trust company to act in that capacity; and (b) a statement setting out the grounds upon which it seeks a licence as a managed trust company. In addition, the Commission may require the applicant to provide the Commission with a copy of the proposed management agreement. (xxxii) The Commission will only grant an applicant a licence to operate as a managed trust company if it is satisfied that there are good reasons for the applicant establishing as a managed trust company as opposed to a non￾managed trust company and that the licensed business will be carried on substantially in the BVI. However, the Commission understands that client￾facing work would usually be undertaken outside the BVI. Although every application will be considered on a case-by-case basis, the Commission would usually require the applicant to satisfy it that— (a) the applicant is considering establishing as a non- managed trust company in the BVI but that it needs a period of time to determine the feasibility of so establishing; or (b) the applicant is part of a reputable international banking or financial services group with a well-established track record and that it would not be reasonable, whether due to anticipated volume of business or for some other good reason, to expect the applicant to establish as a non- managed trust company. The Commission may also consider applications for a licence as a managed trust company submitted by applicants that are owned by international legal, accounting or professional services firms. The Commission will not usually grant a managed trust company licence to a trust company that has previously operated as a non- managed trust company, although applications will be considered on a case-by-case basis. (xxxiii) The Commission will normally expect to be responsible for the supervision of managed trust companies. However, there may be circumstances in which the Commission will agree to a foreign regulatory authority supervising the activities of a managed trust company as part of that regulatory authority’s consolidated supervision of a banking or financial services group. In such a case, the managed trust company would be granted appropriate exemptions from the requirements of the Code so as to ensure that it is not subject to overlapping and possibly conflicting regulatory requirements. (xxxiv) The Commission will also need to approve the appointment of the proposed managing trust company. The Commission would normally only approve a trust company with a Class I trust licence for this role. It should be noted that

164 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS that approval is on a case-by-case basis and that the approval of a trust company to act as managing trust company for one managed trust company does not take effect as a general approval to operate as a managing trust company. (xxxv) In determining whether to approve the appointment of a trust company as managing trust company, the Commission will take into account the adequacy of the proposed managing trust company’s resources and its systems and controls. The Commission will be particularly concerned to satisfy itself that sufficient resources will be dedicated to the managed trust company, including human resources (number of personnel and their skills, experience and training) and physical resources (including premises and IT capabilities). The need to have dedicated resources is an on-going requirement. (xxxvi) The Commission will keep the status of a trust company as a managed trust company under review and may, at any time, require a managed trust company to establish as a non-managed trust company where it considers that, whether by reason of volume of business or otherwise, it is no longer appropriate for the company to operate as a managed trust company. The Commission would give a managed trust company a reasonable period of notice of such a decision. A managed trust company may, of course, at any time apply to establish in the BVI as a non-managed trust company. Additional Licensing Criteria [Insurance Companies] (xxxvii) Attention is drawn to section 8(4) of the Insurance Act which requires the Commission to consider certain additional criteria before issuing a category B licence to a foreign insurance company. In addition to these statutory requirements, the Commission will also need to be satisfied that an applicant for a category B licence is solvent, it meets all applicable regulatory requirements in its home jurisdiction and that its home supervisor does not object to the insurer carrying on business in the BVI. The Commission will seek the necessary confirmations from the insurer’s home supervisor. These do not need to be provided by the applicant. Approved Application Forms (xxxviii) It should be noted that the approved application forms issued by the Commission may contain additional requirements which must be complied with before an application is considered for approval. Therefore, the fact that certain criteria are not specified in the Code or in these Explanatory Notes for the approval of an application does not negate any requirement to comply with any additional criteria outlined in any application form for approval or any guidelines issued by the Commission in that regard.

---

Business plan to be submitted with application 11. (1) Subject to subsections (2) and (2A), an applicant for a licence shall submit a detailed business plan with the application. (Amended by S.I. 91/2010) (2) Unless the Commission, by written notice otherwise directs, applicants for the following licences are not required to submit a business plan with their application—

LAW OF VIRGIN ISLANDS Regulatory Code 165 Revision Date: 1 Jan 2020 [Statutory Instrument] (a) a restricted Class II or a restricted Class III trust licence; and (b) a fund management, a fund administration or a fund investment advisor’s licence. (Substituted by S.I. 91/2010) (2A) The Commission may, on the application of an applicant for investment business licence, exempt the applicant from the requirement to submit a business plan. (Inserted by S.I. 91/2010) (3) The business plan submitted by an applicant shall cover— (a) in the case of an application for an insurer’s licence, the first 5 years of operation; and (b) in any other case, the first 3 years of operation or such other period as the Commission may, on the application of the applicant or on the Commission’s own volition, otherwise direct. (Amended by S.I. 91/2010) (4) Except to the extent that the Commission otherwise permits, a business plan shall, as far as relevant to the applicant and the proposed business— (a) include a general description of the business proposed to be carried on, stating the types of business for which a licence is required, the applicant’s short, medium and long term objectives, how the applicant’s objectives will be achieved and why the applicant wishes to be licensed in the Virgin Islands; (b) describe, in general terms, how it is proposed that the licensed business will be marketed and the expected sources of business; (c) specify the human resources, including employees and outsourced expertise, and other non-financial resources, including premises and systems, that the applicant considers that it will require to carry on its licensed business and indicate how it is anticipated that these will be obtained; (d) specify any outsourcing arrangements that it proposes to put in place, and in respect of such outsourcing arrangement, the oversight arrangements that will be put in place; (e) contain financial projections for the period required under subsection (3) to be covered by the business plan, including projected set-up costs; (f) specify whether any other business or businesses are being carried, or are intended to be carried on, by the applicant (where permitted); (g) describe the governance structure, the risk management procedures, the internal controls, including with respect to the detection and prevention of criminal activities, the reporting arrangements, both internally and to the Commission, that are in place, or will be put in place and, where appropriate, how liquidity will be managed; and (h) contain information on any contracts, or proposed contracts, with connected persons. (5) Any assumptions made in the business plan should be identified and justified.

166 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (6) The financial projections should clearly specify the capital and other financial resources that the applicant expects will be required over the period covered by the business plan and how these will be provided. (7) Unless the Commission otherwise consents, the business plan of an applicant for a banking licence or an insurer’s licence should include financial projections that have been subjected to appropriate stress testing and demonstrate that the capital and other financial resources will be adequate for the stress tested scenarios. Form and contents of business plan 12. A business plan shall, as far as is practicable and relevant to the applicant and the proposed business, follow the approved format and contain such information and be accompanied by such documentation as may be specified in the Commission’s approved application form for a licence, as far as is applicable to the applicant. (Amended by S.I. 91/2010) Business plan, insurance licence 13. (1) A business plan submitted in support of an application for an insurer’s licence shall reflect the risk profile of the proposed business and, in addition to complying with section 11, specify— (a) the classes and types of policy to be written, indicating whether liability policies will be written on a claims made basis, an occurrence basis, or both; (b) the proposed underwriting policies or guidelines together with a comparison of proposed premiums with those charged by existing insurers if the risk is currently insured in the conventional insurance market or, if risks have previously been self insured, the business plan should set out details of previous loss experience and the assumptions behind the premium setting process; (c) the proposed claims handling and accounting techniques; (d) the proposed deductibles, excesses and retentions; (e) projected solvency margins over the period of the business plan; (f) the proposed reinsurance programme, if any, identifying reinsurers and indicating the proposed limits and premiums and providing accounts, if appropriate; (g) any stop loss or excess protection; (h) any insurance business currently and previously carried on by the applicant; (i) the proportion of unrelated business to be carried on; (j) the proposed commission structure; (k) the proposed dividend policies; and (l) the proposed investment strategy and policies, including— (i) the proposed type and diversity of investments and counterparties; (ii) any limits to be established;

LAW OF VIRGIN ISLANDS Regulatory Code 167 Revision Date: 1 Jan 2020 [Statutory Instrument] (iii) any loans that it is proposed will be made; (iv) the arrangements proposed to be made for the custody of assets; (v) the proposed policies for matching assets and liabilities; and (vi) any plans that the applicant has to purchase or sell derivatives. (2) An insurer’s business plan shall also contain an outline of the source of future capital in the event that existing capital and premium income prove insufficient to meet liabilities during the projected plan period— (a) making reference to— (i) the provider of the capital; (ii) the form in which the capital will be provided; and (iii) the source of the finance for such capital; and (b) providing an explanation of any other contingency plans to mitigate future capital needs, such as through the use of reinsurance.

---

EXPLANATORY NOTES (i) The Commission understands that an applicant’s business plan will be dependent on the nature, size and complexity of the applicant’s business, or proposed business. An applicant with a small and uncomplicated business will probably not require a detailed business plan as contemplated under sections 11, 12 and 13 compared to an applicant with a larger business. It is in this context that it is considered essential that the Commission may on a case-by-case basis find it necessary and prudent to grant exemptions which may fall short of requiring a full business plan. Indeed, in appropriate cases the Commission may exempt an applicant from the requirement to submit any business plan. (ii) It should be noted further that section 11(4) provides that an applicant’s business plan shall cover the matters listed in paragraphs (a) to (h) “as far as relevant to the applicant and the proposed business”. Therefore the requirement to include the matters specified in those paragraphs must be viewed in the context of their relevance to the applicant and the applicant’s business. (Inserted by S.I. 91/2010)

---

Display of licence 14. (1) This section applies to a licensee that holds one of the following licences— (a) a banking licence; (b) a Class I, Class II or Class III trust licence, except a restricted Class II or a restricted Class III trust licence; (c) a company management licence; (d) a Category A insurer’s licence; (e) a Category B insurer’s licence, where the insurer has a branch in the Virgin Islands; (f) an insurance manager’s or an insurance intermediary’s licence;

168 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (g) a money services licence; (h) a financing business licence; and (Inserted by S.I. 91/2010) (i) an investment business licence, where the licensee is resident in the Virgin Islands. (Inserted by S.I. 91/2010) (2) Subject to subsection (3), a licensee to which this section applies shall display its licence, or a copy of its licence, prominently— (a) at its principal office in the Virgin Islands; (b) at each place in the Virgin Islands, where its licensed business is carried on; and (c) at such other places as the Commission may, by written notice, direct. (3) The Commission may, whether on the application of the licensee or of its own accord, direct that the licence of a licensee to which this section applies, or the information contained in the licence, is brought to the attention of members of the public and persons that the licensee carries on its licensed business in some manner other than its display in accordance with subsection (2). (4) A direction under subsection (3) may be made instead of, or in addition to, subsection (2). Staff training and development 14A. A licensee shall establish and implement policies and procedures that require its employees to be adequately trained, or to undertake sufficient professional development, to perform their duties within the licensee. (Inserted by S.I. 69/2019) Division 2 Fit and Proper Criteria Fit and proper assessment Schedule 1A 15. The following persons are required to satisfy the Commission’s fit and proper criteria set out in Schedule 1A— (a) an applicant for a licence; (b) a licensee, on an on-going basis; (c) the directors, senior managers and significant owners of an applicant or licensee, as the case may be; (d) where a licensee is required to appoint an auditor, the auditor appointed; (e) where a licensed insurer is required to appoint an actuary, the actuary appointed; and

LAW OF VIRGIN ISLANDS Regulatory Code 169 Revision Date: 1 Jan 2020 [Statutory Instrument] (f) where by virtue of the FSC Act or any financial services legislation any other independent officer (by whatever name called) is required to be approved by the Commission, that independent officer. (Amended by S.I. 91/2010) Responsibility of licensee, fit and proper assessment 16. (1) A licensee shall take reasonable care to satisfy itself, prior to appointment and on an on-going basis, that— (a) its directors and senior managers are fit and proper for the role to which they are appointed; and (b) where the licensee is required to appoint an auditor, actuary or other independent officer, the auditor, actuary or other independent officer appointed is fit and proper. (Substituted by S.I. 91/2010) (2) If, whether before or after the Commission has approved the appointment of a person specified in subsection (1), or has approved a significant owner, the licensee becomes aware of any information that is reasonably material to the Commission’s fit and proper assessment of the person, it shall notify the Commission of the information as soon as reasonably practicable.

---

EXPLANATORY NOTES Introduction (i) The maintenance of a “fit and proper” environment is essential to ensure that those who use financial services offered by persons licensed in the BVI can be confident that licensees are competent and that they conduct their businesses with integrity. The regulatory enactments therefore require the Commission to be satisfied that an applicant for a licence (“an applicant”), together with its directors, senior managers and significant owners meet the Commission’s “fit and proper criteria”. The regulatory enactments also require the Commission’s approval to be obtained for the appointment of the auditor and actuary of a licensee. Auditors and actuaries are considered further in Part II, Division 6 [Financial Statements and Audit] and Part IV [Insurance], respectively. In addition, where in the FSC Act or any regulatory legislation the approval of the Commission is required in relation to an independent officer of a regulated person, the same fit and proper criteria would equally apply. It is therefore essential that in submitting applications with respect to any of the persons referred to in section 15, the fit and proper requirements outlined in Schedule 1A are fully observed. (Inserted by S.I. 91/2010) (ii) However, the primary responsibility for ensuring that a licensee is soundly and prudently managed rests with the licensee itself. For this reason, section 16(1) obligates a licensee to satisfy itself that its directors, senior managers and, if appropriate auditor, actuary and independent officer, are fit and proper. The Commission therefore expects all licensees— (a) to carry out reasonable due diligence before applying to the Commission for approval to appoint a director, senior manager, auditor, actuary or independent officer; and

170 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (b) subsequent to such an appointment, to monitor the person’s fit and properness on an on-going basis. Licensees should be guided by the Commission’s fit and proper criteria in determining the criteria that they use to make their own fit and proper assessment. (Amended by S.I. 91/2010) (iii) The Code also requires a licensee to notify the Commission if, whether before or after the Commission’s approval, it becomes aware of information reasonably material to the Commission’s fit and proper assessment. In general, if information would, or should, have been notified to the Commission on an application for approval, the information is material and should be notified to the Commission under section 16. Provision of Information to the Commission (iv) To enable the Commission to conduct its fit and proper assessment, it must be provided with appropriate information when an application is made and, where relevant, subsequent to the Commission granting a licence or approval. Where an applicant or a licensee withholds information which is relevant to the fit and proper assessment, this will reflect negatively on it. It should be noted that providing false, inaccurate or misleading information when applying for a licence, or subsequently, is also an offence under the FSC Act. When conducting its fit and proper assessment, the Commission will consider the information provided to it but will make such additional enquiries as it considers appropriate. It will take account of key relationships that the applicant or licensee has, or proposes to establish, with accountants, lawyers, actuaries and other functionaries. (v) If the Commission becomes aware of information which suggests that a licensee or any of its functionaries (as referred to in section 15) may not be fit and proper, the Commission will take account of the relevance and materiality of the information and in determining whether the person concerned continues to satisfy its fit and proper criteria. A series of matters taken into account to make a fit and proper assessment may be significant when taken together, even if each matter in isolation might not be significant. The cumulative effect of such matters might determine whether the person concerned satisfies the Commission’s fit and proper criteria. (Amended by S.I. 91/2010) (vi) The fit and proper assessment of a senior manager of a licensee is conducted for the functions that he or she will undertake in the position to which the licensee, or applicant, advises the Commission that he or she will be appointed. The Commission’s approval of a senior manager is with respect to that position and does not extend to other positions. For this reason it is a requirement of the Code that a licensee obtain the approval of the Commission before appointing a senior manager to a different position or otherwise making material changes to the functions or duties of a senior manager. Furthermore, the fact that a person has satisfied the Commission’s fit and proper criteria for a position in one licensee does not necessarily mean that the person concerned would be assessed as fit and proper for a similar position in a different licensee. The Commission’s Fit and Proper Criteria (vii) In making an assessment as to whether an applicant or licensee satisfies the Commission’s fit and proper criteria, the Commission will take into account the nature, scale, complexity and diversity of the business being conducted, or

LAW OF VIRGIN ISLANDS Regulatory Code 171 Revision Date: 1 Jan 2020 [Statutory Instrument] proposed to be conducted, its financial soundness, and the strategies, policies, systems and controls that it has, or will, establish. The Commission will determine whether the applicant or licensee has adequate resources in relation to the regulated activities that it conducts, or seeks to conduct. In this context, it is essential that the persons referred to in section 15 are cognizant of and seek to fully satisfy the fit and proper criteria outlined in Schedule 1A. (Substituted by S.I. 91/2010)

---

DIVISION 3 Management and Control Preliminary Purpose of this Division 17. (1) The principal purpose of this Division is to set out specific requirements applicable to the second of the high level Principles of Business set out in section 8 (management and control). (2) This Division does not limit the generality of the Principles of Business referred to in subsection (1). Corporate governance framework Corporate governance framework 18. (1) A BVI licensee shall— (a) take reasonable care to maintain a clear and appropriate apportionment of significant responsibilities among its directors, senior managers and key functionaries so that— (i) it is clear who has which of those responsibilities; (Amended by S.I. 69/2019) (ii) the business and affairs of the licensee can be adequately monitored and controlled by the directors and its relevant senior managers; and (iii) the employees of the licensee are appropriately supervised; and (Inserted by S.I. 69/2019) (b) establish and maintain such systems and controls as are appropriate for the nature, size, complexity, structure and diversity of its business. (2) A BVI licensee shall— (a) ensure that its systems and controls are regularly reviewed and updated as required; and (b) make and retain for the retention period, a record of how it has complied with this section. (3) The systems and controls established and maintained under subsection (1) shall take into account—

172 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (a) the nature, scale, complexity and diversity of the licensee’s business; and (b) the degree of risk associated with each area of its business. (4) A BVI licensee shall take all reasonable steps to ensure that it obtains sufficient information about its customers in order to— (a) exercise a relevant discretion or other power in a proper manner; and (b) ensure that such discretion or power is only exercised for a proper purpose. (Inserted by S.I. 69/2019) Terms of business 18A. (1) A BVI licensee shall— (a) inform its customer, in writing, of the agreed terms of business between the licensee and the customer, including the instructions received and the capacity and scope of discretion, if any, within which the licensee will act for the customer; and (b) ensure that the agreed terms of business include— (i) a description of the products and services to be provided; (ii) the fees to be charged and the basis of the calculation of those fees; (iii) where applicable, the terms upon which customers’ monies are to be held; (iv) any exit fee and the basis upon which the fee is calculated; and (v) the means by which complaints about the licensee’s services can be made. (2) A written terms of business made in accordance with subsection (1) shall make provision that the relationship between the licensee and its customer shall be terminated upon giving reasonable notice, unless there are good reasons for not doing so. (Inserted by S.I. 69/2019) Advertising and communication practices 18B. A BVI licensee shall adopt advertising and communication practices that promote advertisement that is clear and fair, and is free of false or misleading statements. (Inserted by S.I. 69/2019) Directors of BVI licensee 19. (1) A BVI licensee shall have an adequate number of directors who— (a) are capable of exercising independent judgment; (b) have sufficient knowledge, skills, experience and understanding of the business of the licensee, and the risks to which the licensee is exposed, to ensure that the board is able to fulfil its responsibilities; and

LAW OF VIRGIN ISLANDS Regulatory Code 173 Revision Date: 1 Jan 2020 [Statutory Instrument] (c) have sufficient time and commitment to undertake their duties diligently. (2) Without limiting subsection (1)— (a) a BVI licensee shall, at all times, have at least two directors; and (b) at least one of the licensee’s directors shall be resident in the Virgin Islands if it holds one of the following licences— (i) a banking licence; (ii) a category A or a category D insurer’s licence; (iii) an insurance manager’s licence; (iv) an insurance intermediary’s licence; (v) a Class I, Class II or Class IV trust licence, or a Class III or Class V licence, including a restricted Class II trust licence or a restricted Class III licence; or (Substituted by S.I. 69/2019) (vi) a company management licence. (2A) The Commission may, where it considers it necessary, require a licensee that is not specified in paragraphs (i) to (vi) of subsection (2)(b), to have at least one of its directors resident in the Virgin Islands. (Inserted by S.I. 91/2010) (3) A BVI licensee required by this Code to have an audit committee shall have sufficient non-executive directors to ensure that more than half the members of the audit committee are non-executive directors. (4) Without limiting subsection (3), a licensee shall, at all times, have at least one non-executive director if it holds one of the following licences— (a) a category A or a category D insurer’s licence; or (b) a Class I trust licence. (5) Subject to subsection (6), only an individual shall be appointed as the director of a BVI licensee. (6) Subsection (5) does not apply to— (a) a subsidiary of the holder of a Class I or Class II trust licence that is listed on the licence under section 10(2) of the Banks and Trust Companies Act; or (b) a licensed fund manager, a licensed fund administrator or a licensed fund investment advisor, provided that the licensed fund manager, fund administrator or fund investment advisor has at least one director who is an individual. (Substituted by S.I. 91/2010) (7) Where a licensee, after being granted a licence, has less than 2 directors contrary to subsection (1), it shall— (a) immediately notify the Commission of that fact in writing; and (b) within a period not exceeding 21 days from the date the licensee failed to comply with subsection (1), submit to the Commission an

174 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS application for approval to appoint a director, to ensure compliance with subsection (2). Responsibilities of board 20. (1) The board of a BVI licensee has ultimate responsibility for the business and affairs of the licensee and for ensuring its effective organisation. (2) Without limiting subsection (1), the board of a BVI licensee has the following responsibilities— (a) ensuring that a corporate governance framework complying with this Code is established and maintained by the licensee; (b) ensuring that it has effective oversight of the management of the licensee, including approving, periodically reviewing and overseeing— (i) the licensee’s overall business strategy and its corporate values; (ii) the licensee’s risk management strategy required by section 26; and (iii) such other strategies as are required by this Code or that the board considers to be necessary or appropriate; (c) approving and periodically reviewing the significant policies of the licensee; (d) ensuring that— (i) the licensee has adequate and sufficiently qualified and experienced senior managers and other employees whose competence it shall periodically review, having regard to the nature, size and complexity of the licensee; (Amended by S.I. 69/2019) (ii) appropriate and effective systems and controls are established, maintained and implemented for giving effect to the strategies and policies of the licensee, which shall include internal controls and systems and controls with respect to risk management; and (iii) the licensee complies with its regulatory obligations and its AML/CFT obligations; (e) establishing standards of conduct for business conduct and ethical behaviour for directors, senior management and other employees, including policies on private transactions, self-dealing, preferential treatment of other entities, covering trading losses and other inordinate trade practices of a non-arm’s length nature; (f) monitoring, and ensuring, the financial soundness of the licensee; (Amended by S.I. 69/2019) (g) delegating such functions of the board as the board considers appropriate; (Inserted by S.I. 69/2019) (h) establishing a policy on conflicts of interest to address standards of behaviour within the licensee, including the consequence for non￾compliance with the policy; and (Inserted by S.I. 69/2019)

LAW OF VIRGIN ISLANDS Regulatory Code 175 Revision Date: 1 Jan 2020 [Statutory Instrument] (i) such other responsibilities as are specified in this Code. (Amended by S.I. 69/2019) (2A) Where the board of a BVI licensee delegates a function under subsection (2)(g), it shall— (a) record or cause to be recorded the function that is delegated; and (b) have ultimate responsibility for the performance of the function that has been delegated. (Inserted by S.I. 69/2019) (3) Subsections (1) and (2) apply, notwithstanding that the regulatory enactments or this Code may require the appointment of a senior manager to undertake, or oversee, particular functions. Responsibilities of senior management 21. Subject to the strategy and policies established by the board, the senior management of a BVI licensee is responsible for— (a) overseeing the operations of the licensee and providing direction to it on a day-to-day basis; (b) providing the board with recommendations, for its review and approval on the licensee’s strategy, business plans and significant policies; and (c) providing the board with timely and accurate information, including financial information, that is adequate to enable the board to fulfil its responsibilities, including holding senior management to account. Span of control 22. (1) A BVI licensee shall ensure that it has a span of control that is adequate for the nature, size, complexity, structure and diversity of its business. (2) Without limiting subsection (1), a licensee shall ensure that its management is undertaken by at least 2 individuals each of whom is either an executive director or a senior manager and is fit and proper for the purpose. (3) The relationship between the directors or senior managers who undertake the management of the licensee for the purposes of this section shall be such so as to ensure that they can each exercise independent judgment and that none of them is able to exercise duress or undue influence over the other or others. BVI Licensee with overseas subsidiaries 23. Where a licensee carries on business through one or more subsidiaries incorporated outside the Virgin Islands, an appropriate and effective corporate governance framework must be established, maintained and implemented in each subsidiary. Foreign Licensee to appoint BVI manager 24. (1) Subject to subsection (3), a foreign licensee shall— (a) appoint an employee resident in the Virgin Islands, approved by the Commission, as its BVI manager to have responsibility for managing the business and affairs of the licensee in the Virgin Islands; and

176 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (b) designate a senior manager in the licensee’s home jurisdiction to whom the BVI manager is responsible. (2) Sections 18 and 22 apply to a foreign licensee with respect to its business in the Virgin Islands. (3) Subsection (1) does not apply to an insurer holding a category B insurance licence if the insurer does not establish a branch in the Virgin Islands.

---

EXPLANATORY NOTES Purpose of Division (i) The second high level Principle of Business provides that “a licensee shall organise and control its affairs effectively and have adequate risk management systems in place”. The purpose of this Division is to amplify that Principle by setting out specific management and control requirements applicable to licensees. However, section 17(2) makes it clear that this Division does not limit the generality of the second Principle of Business. This means that it remains the responsibility of a licensee to ensure that it complies with that Principle of Business. The nature, size, complexity, structure and diversity of the business carried on by a licensee, and the risks to which it is exposed, may require it to implement management and control policies, procedures, systems and controls that exceed the specific requirements contained in this Division. In that case, compliance with this Division will not necessarily result in compliance with the second Principle of Business. (ii) Note that policies, systems and controls are covered in more detail in section 25 of the Code. Corporate Governance (iii) Corporate governance is considered to be the relationship between a company’s board of directors, its management and its shareholders and other stakeholders, including customers and employees [see for example the OECD Principles of Corporate Governance]. However, in common with many other jurisdictions, shareholders’ interests, as the owners of a company, are covered primarily in BVI’s corporate legislation, i.e. the BVI Business Companies Act which provides shareholders with certain protections. Beyond that, the protection of shareholders’ interests [as the owners of a licensee] is not covered to a significant extent in the regulatory enactments or the Code, unless owning shares is the method by which, as customers, they invest in the products of the licensee. However, in that case, it is essentially their interests as investors that are being protected. The Commission will, of course, be concerned to ensure that ownership structures, or dominant shareholders, do not impede the proper management and supervision of a licensee. (iv) As indicated in the Explanatory Note to section 2, the BVI Business Companies Act is also relevant with respect to the duties of directors. This Act sets out the principal function of the directors of all BVI companies, including those that are licensees, and the core duties of directors. It is not the role of this Explanatory Note to consider the details of the BVI’s corporate legislation. For further information, reference may be made to the “User Guide on Directors

LAW OF VIRGIN ISLANDS Regulatory Code 177 Revision Date: 1 Jan 2020 [Statutory Instrument] and their Responsibilities” published by the Commission and available from the Registry of Corporate Affairs or on the Commission’s website. (v) With respect to licensees, therefore, corporate governance primarily involves the manner in which their business and affairs are governed by their directors and their senior management. This feeds into issues such as ensuring an appropriate span of control, the proper apportionment of responsibilities between the directors and senior management, the policies, systems and controls that are established and maintained and how the directors and senior management are to be held accountable. The Commission is concerned to ensure that all licensees operate in accordance with sound principles of corporate governance, as poor corporate governance is a significant regulatory risk both to a licensee and to the jurisdiction. (vi) Section 18 imposes a general obligation on licensees with respect to the systems and controls that they must establish and maintain. Subsections (1) and (2) mirror requirements already contained in the Insurance Act with respect to licensed insurers. Licensed insurers that contravene these subsections therefore also contravene the Insurance Act. In assessing whether the corporate governance framework of a licensee is adequate, the Commission will pay particular attention, where appropriate, to accountability, corporate discipline, checks and balances, applying the “four eyes principle”, transparency and disclosure arrangements and whether potential conflicts are avoided or properly managed. Directors of a Licensee (vii) Subject to specific requirements applicable where a licensee is required to appoint an audit committee, there is no requirement for a BVI licensee to appoint non-executive directors or to appoint specialist committees, such as a risk management committee. However, a licensee should consider whether, given its particular circumstances, it would be appropriate for non-executive directors to be appointed or for specialist committees to be established. For example, the Commission would expect non-executive directors to be appointed where the licensee holds customer assets. Where non-executive directors are appointed, they should be in a position to exercise some influence. The number of non-executive directors should therefore be increased to reflect any increase in the number of executive directors. (viii) The Code does not seek to prevent a person serving as the director of more than one licensee or specify a maximum number of licensees for which a person may serve as a director. The Commission considers that this would be inappropriate as licensees have different businesses and circumstances and individual directors have different responsibilities. Instead, the Code imposes, as a principles based requirement, that the directors of a BVI licensee must have “sufficient time and commitment to undertake their duties diligently” [section 19(1)(c)]. (ix) It is the primary responsibility of both the licensee and the director, or proposed director, to satisfy themselves that this requirement will be met. Furthermore, it should be noted that this requirement does not apply only on appointment. It is an on-going requirement and if, at any time, it becomes apparent that a director no longer has sufficient time and/or commitment, it is important that appropriate action is taken either by the director to remedy the situation or by the licensee to remove the director.

178 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (x) This is also a matter that the Commission will take into account when considering whether to approve the appointment of a person as the director of a BVI licensee. Where a person proposed as the director of a BVI licensee serves as the director of other BVI licensees, or acts as the director of other companies that are not licensees, the applicant should be able to demonstrate that the time and commitment requirement will be met. Responsibilities of Board (xi) Section 20 of the Code makes it clear that the board of directors of a BVI licensee is ultimately responsible for all aspects of the business, organisation, policies, systems and controls and financial soundness of the licensee. So, for example, even though the FSC Act provides for the appointment of a compliance officer to oversee the compliance function, the board retains ultimate responsibility for compliance. See further Part II, Division 4 of the Code [Compliance]. In order to comply with section 20, the individual directors must fully understand and accept their roles and responsibilities and a licensee should be able to demonstrate this. The board must ensure that appropriate and sufficient senior managers are appointed. (xii) The board of a licensee is also responsible for ensuring the effective organisation of the licensee. The Commission considers that in order to comply with this requirement, the board should be able to demonstrate that the organisation promotes the effective and prudent management of the licensee and the board’s oversight of that management. (xiii) The board of a licensee has responsibility for ensuring that a corporate governance framework complying with the Code is established. The board is therefore responsible for compliance with section 18. The Commission considers that this requires the board, amongst other things, to ensure that— (a) decision making is appropriately apportioned between the board, senior managers, such as the chairman and chief executive officer, and other members of senior management; and (b) the decision making process ensures an appropriate balance of responsibilities and decision making authority. (xiv) The board also has other responsibilities as provided for in specific sections of the Code. See for example— (a) section 26 [risk management]; (b) section 30 [internal controls]; (c) section 41 [compliance]; (d) section 52 [outsourcing]; and (e) the responsibilities of the board of particular licensees, as specified in Parts III to VI of the Code. (xv) Where section 20 requires the board to periodically review any matter, the Commission expects a review to be undertaken at least annually. However, the board should assess whether in any particular case, an annual review is sufficient. If it considers that the matter concerned should be reviewed more frequently, it shall determine the appropriate frequency of the review and ensure that the matter is reviewed more frequently.

LAW OF VIRGIN ISLANDS Regulatory Code 179 Revision Date: 1 Jan 2020 [Statutory Instrument] Span of Control (xvi) Section 22 of the Code requires a BVI licensee to ensure that it has an adequate span of control and, in particular, that its management is undertaken by at least 2 directors or senior managers. Although not a specific requirement, the Commission would normally expect the persons relied upon to provide the necessary minimum span of control to be executive directors. However, it is acceptable for the persons to be senior managers, provided that they both have executive powers and report directly to the board. Of course, the span of control may be provided by a larger number of persons than the required minimum. (xviA) The Commission notes that corporate directors who may be under the ultimate control of one individual may not provide an adequate span of control. For this reason, the Code provides that only an individual may be appointed as the director of a licensee. Provided that they have at least one individual director, the Code exempts investment business licensees and listed subsidiaries of the holder of a Class I or Class II trust licence from this requirement. However, this does not in any way lessen the need to have an adequate span of control. It is therefore essential that, where a corporate director is relied upon to provide adequate span of control, it is not controlled by the individual director. (Inserted by S.I. 91/2010) (xvii) The purpose of this requirement is to ensure that every licensee is subject to what is often referred to as “four eyes” control. Note that section 22 is a general corporate governance requirement and it does not replace the specific provisions of the Code on the handling of customer assets. (xviii) In order to demonstrate an adequate span of control, the Commission expects that where the minimum number of directors or senior managers are relied upon to satisfy the span of control requirements, each must be actively involved in the day to day management of the business and be able to exercise executive powers on behalf of the licensee. It is not sufficient for one to be actively involved in the management of just some aspects of the licensee’s business. Active involvement in day-to-day management does not need to extend to day￾to-day execution and implementation of policy, but it does require that both are actively involved in the decision making process with respect to all significant decisions. (xix) Where more directors and senior managers are relied upon to satisfy the span of control requirement, it is not necessary for all of them to be actively involved in all aspects of the licensee’s business. However, at least 2 individuals must be involved in all significant decisions. (xx) The Code requires that the individuals are all “fit and proper”. In this context, the Commission considers that a director or senior manager should have sufficient experience and knowledge of the licensee’s business and should also have the personal qualities and skills necessary to detect and resist any imprudence, dishonesty or other irregularities by the other individual or individuals. (xxi) Section 22(3) provides that each of the directors or senior managers providing the required span of control must be able to exercise independent judgment and must not be able to exercise duress or undue influence over the others. The Commission does not consider that individuals with close family relationships

180 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS will be able to comply with this requirement as it is not reasonable to assume that that close family (i.e. spouses, children, parents, brothers, sisters etc.) can exercise properly independent management. Therefore, only one family member should normally be included in a determination of whether the licensee complies with the span of control requirements and where more than one family member is a director and/or senior manager, a licensee will need to be able to demonstrate that their combined influence does not impair the ability of the non-family director or senior manager. This is not a requirement, however, as the Commission recognises that for certain types of licensee, for example single parent captive insurance companies, the board may be comprised of family members. BVI Licensee with Overseas Subsidiaries (xxii) Section 23 of the Code requires a BVI licensee that has overseas subsidiaries to ensure that an effective and appropriate corporate governance structure is put in place with respect to those subsidiaries. Specific reference is not made to overseas branches because the branch is part of the licensee’s business and the licensee is therefore subject to all the corporate governance requirements of the Code with respect to business carried on in, and outside, the Virgin Islands.

LAW OF VIRGIN ISLANDS Regulatory Code 181 Revision Date: 1 Jan 2020 [Statutory Instrument] Foreign Insurer (xxiii) The Insurance Core Principles require that a foreign insurer operating in the Virgin Islands on a services only basis, i.e. without establishing a branch or a subsidiary, must appoint a local agent. The Commission will, therefore, require a foreign insurer holding a Category B licence that does not establish a branch to appoint a licensed insurance agent in the Virgin Islands.

---

Strategies, policies, systems and controls Establishment of policies, systems and controls 25. (1) A licensee shall— (a) establish such strategies, policies, systems and controls as are appropriate given the nature, size, complexity, structure and diversity of the licensee’s business and the degree of risk associated with each area of its business; and (b) ensure that the strategies, policies, systems and controls are fully and clearly documented and are communicated, as appropriate, to members of staff and other functionaries. (2) The strategies, policies, systems and controls of a licensee shall specify the duties and responsibilities of the board and senior management, including such responsibilities and duties as are imposed on the board and senior management by this Code. (3) The senior management of a licensee is responsible for ensuring that, insofar as it is necessary for them to perform their duties, all staff of the licensee— (a) are made aware of and understand the strategies, policies, systems and controls established and maintained by the licensee; and (b) are provided with information concerning the licensee and its business. Risk management 26. (1) A licensee shall establish and maintain— (a) a clearly defined strategy, and if the board considers it appropriate, policies, for the effective management of all significant risks that the licensee is or may be exposed to; and (b) systems and controls that are sufficient to ensure that the risk management strategy and policies are effectively implemented. (2) The risk management strategy and policies shall— (a) be appropriate for the nature, size, complexity, structure and diversity of the licensee’s business; (b) specify how risks are to be identified, measured, assessed, monitored, controlled and reported; (c) where appropriate, set the level of risk that the licensee is prepared to accept and authority levels for members of staff; and

182 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (d) be approved, and reviewed on at least an annual basis, by the board. (3) The risk management strategy, policies, systems and controls shall be fully and clearly documented and effectively communicated and readily available to the directors and to those senior managers, staff and other functionaries of the licensee who have responsibility for implementing them. (4) The board and senior management are responsible for— (a) ensuring that they understand all the risks to which the licensee is exposed in its business; (b) assessing the resources required for an appropriate risk management system, including accurate and reliable management information and reporting systems, and for ensuring that the required resources are available; and (c) overseeing the implementation of the licensee’s risk management strategy, policies, systems and controls. (5) Without limiting this section, the risk management systems and controls of a licensee shall— (a) enable the licensee to monitor the adequacy and effectiveness of— (i) its risk management strategy and policies and their implementation; and (ii) measures taken to address any deficiencies identified in the risk management strategy, policies, systems and controls; and (b) ensure that any exceptions to the licensee’s risk management strategy and policies are reviewed and authorised by senior management and, where appropriate, the board. Business continuity plans 27. (1) A licensee shall establish a business continuity policy, and put business continuity arrangements in place, aimed at ensuring that, in the event of an unforeseen interruption or disruption— (a) the licensee is able to continue to carry on its regulated business and to meet its regulatory and AML/CFT obligations; (b) losses to its functions, systems and data are limited and any losses may be recovered in a timely manner; and (c) where the severity of the interruption or disruption results in the licensee ceasing its regulated business, or any part of it, it is able to resume its business in a timely manner. (2) The business continuity policy and arrangements shall be— (a) appropriate for the nature, size, complexity, structure and diversity of the licensee’s business and the types and degree of risk to which it is exposed; and (b) regularly reviewed and tested, and updated as required. (3) Without limiting subsection (1) or (2), the interruptions and disruptions covered by the business continuity plan and arrangements shall include—

LAW OF VIRGIN ISLANDS Regulatory Code 183 Revision Date: 1 Jan 2020 [Statutory Instrument] (a) the loss or failure of internal and external resources, including human resources, systems and other assets; (b) the loss or corruption of data and other information; and (c) external events, such as criminal acts and hurricanes and other natural disasters. Foreign Licensees 28. Sections 25 and 26 apply to a foreign licensee with respect to the business of the licensee carried on in the Virgin Islands.

---

EXPLANATORY NOTES Risk Management (i) The risks to which a licensee is or may be exposed extend not just to the risks associated with its business and activities but also to the risks associated with its procedures and systems. These risks should therefore be included in a licensee’s risk management strategy and policies. The types of risk to which licensees are usually exposed are covered in more detail in the Code. However, key risk areas for most licensees include— (a) operational risk; (b) credit risk; and (c) legal risk. (ii) Section 26(2)(c) requires that the risk management strategy and policies must, “where appropriate, set the level of risk that the licensee is prepared to accept”. Although this section indicates that this is not a requirement in all cases, the Commission considers that certain types of licensee, for example banks and insurers, should always set risk limits with respect to material risks to which they are exposed. (iii) Section 26(3) requires the risk management strategy, policies, systems and controls to be fully documented. The Commission would usually expect to see these provided for in a licensee’s procedures manual. (iv) The Code does not require a licensee to have a separate risk management function or a risk management committee. However, this may be appropriate for licensees with a substantial or complex business. The board of a licensee should consider whether a separate risk management function and committee is appropriate, given the nature, size, complexity, structure and diversity of the licensee’s business and the risks that it faces. Where the Commission considers that it is appropriate for a licensee to have a separate risk management function, it will require the licensee to establish a separate risk management function, and a risk management committee if appropriate, if the licensee does not already have one. The Commission expects the risk management function of a licensee to be independent from those senior management and other staff who have a risk-taking function. (v) Effective risk management is critical for all licensees. If the Commission considers that a licensee’s risk management strategy, policies, systems and controls are not adequate to effectively manage the risks to which the licensee is

184 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS exposed, it has the power to take enforcement action against the licensee under the FSC Act. Enforcement action could include the issuance of a directive requiring the licensee to strengthen its risk management process. (vi) Given their key role in the risk management process, it is critical that the board and senior management understand the nature and level of risk to which the licensee is, or may be, exposed and, where appropriate, how this risk relates to adequate levels of capital. In order to understand the risks to which a licensee is exposed, the board will need to consider a number of matters, including the market environment in which the licensee operates. (vii) When conducting an on-site examination of a licensee, the Commission will look for evidence that demonstrates that the board and senior management have this level of understanding. The Commission will also look for evidence that the board and senior management have considered the appropriateness of the risk management strategy and policies in the light of the licensee’s risk profile and its business plan. Business Continuity (viii) Section 27 requires a licensee to put in place an appropriate business continuity policy and business continuity arrangements. Given the different types of financial services business carried on by licensees, it is difficult to provide detailed guidance on the preparation of a business continuity plan and the precise arrangements that should be in place. This Explanatory Note therefore provides high level guidance that should be adapted to suit the circumstances of individual licensees. (ix) Before a business continuity policy and arrangements can be developed, a licensee needs to understand the risks that it faces. This requires an assessment to be undertaken that should focus on— (a) the types of disruptions that may occur, including short-term, medium-term and long-term; (b) the probability of each type of disruption occurring (taking into account any particular vulnerabilities or susceptibilities of the licensee and its business); (c) the probable impact of each type of disruption, and the worst case scenario; and (d) the likely timescale of the various types of disruption. (x) The range of possible disruptions is large and the assessment should include at least those set out in section 27(3) of the Code. (xi) This assessment can be used to determine reasonable measures that can be taken to reduce the likelihood of a disruption and the impact of a disruption, should it take place. For example— (a) the probability of a disruption through data loss can be reduced by regular backup, offshore storage and systems resilience; and (b) the probability of a disruption through loss of human resources can be reduced by appropriate succession planning. (xii) The impact of a disruption, should it take place, can be reduced by contingency arrangements, for example by ensuring that replacement human and other

LAW OF VIRGIN ISLANDS Regulatory Code 185 Revision Date: 1 Jan 2020 [Statutory Instrument] resources are available if required (whether through outsourcing or otherwise) and by insurance. (xiii) The business continuity policy and arrangements of a licensee should be documented, and available for the Commission to review, if required. The policy should include— (a) a formal business continuity plan that sets out the arrangements made to reduce the impact of disruptions, including resource requirements and the arrangements for obtaining these resources, the recovery priorities for the licensee’s business and operations and arrangements for communicating internally and externally, including to the Commission and customers; (b) escalation and invocation plans that outline the processes for implementing the business continuity plans, with relevant contact information; (c) procedures for validating the integrity of data and other information affected by the disruption; and (d) the arrangements put in place to review, test and update the contingency plan and arrangements, as required by section 27(2). (xiv) It is particularly important that the business continuity plan and arrangements are reviewed following any significant change to a licensee’s risk profile.

---

Internal controls Establishment and maintenance of internal controls 29. (1) A licensee shall establish and maintain an adequate and effective system of internal controls appropriate for the nature, size, complexity, structure and diversity of its business. (2) The internal controls established under subsection (1) shall, as appropriate, operate at all levels of the licensee and shall ensure that— (a) the business of the licensee is planned and conducted properly, adequately and in an orderly manner and in accordance with the strategies and policies established by the board and the policies established by senior management; (b) transactions and commitments are entered into in accordance with documented general or specific authorities and any appropriate limits and that compliance with such authorities and limits is reviewed; (c) the assets of the licensee are appropriately safeguarded and the liabilities controlled through measures designed to minimise the risk of loss from irregularities, error, fraud and physical damage, and to identify such occurrences promptly should they occur; (d) there are appropriate arrangements in place for the delegation of authority and responsibility and for the segregation of duties; (e) the accounting and other records of the licensee are complete, accurate and timely and can be used to compile financial statements as required by the regulatory enactments, management information and returns to the Commission in line with the licensee’s regulatory and AML/CFT obligations;

186 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (f) where relevant, the board and senior management is able to assess and monitor the adequacy of capital and, in the case of a licensed insurer, the adequacy of its solvency margin, in relation to the business of the licensee, including risk profiles and the quality of its assets; (g) the board and senior management is able to identify and regularly assess all relevant risks in the conduct of the licensee’s business, so that— (i) identified risks can be measured, monitored and controlled appropriately; (ii) any losses can be monitored and controlled on a regular and timely basis; and (iii) appropriate provisions can be made for bad and doubtful debts and for any other exposures, both on-and off-balance sheet; (h) the board and senior management are able to properly guard against involvement in financial crime and ensure that the licensee is complying with all its regulatory and AML/CFT obligations; (i) relevant staff of the licensee are able to perform sufficient due diligence on the licensee’s customers and prospective customers to adequately assess all relevant risks, including the risks of money laundering and terrorist financing; (j) adequate business resumption, disaster recovery and other contingency arrangements are in place and tested at appropriate intervals; and (k) adequate controls are in place, including controls— (i) relating to changes to systems and records to ensure that only valid changes are made to them; (ii) relating to access to protect the confidentiality and integrity of electronic assets; and (iii) to ensure that appropriate cross checking and reconciliations, including of accounts, is undertaken. (3) A licensee shall ensure that its internal controls extend to any outsourced functions. (4) Where a licensee also operates through subsidiaries and branches, its internal control systems must extend to those operations and enable effective oversight by the licensee. Responsibilities of board and senior management 30. (1) The board of a licensee has ultimate responsibility for ensuring that an adequate and effective system of internal controls is established and maintained by the licensee. (2) Without limiting subsection (1), the board of a licensee shall— (a) approve and periodically review the overall business strategies and significant policies of the licensee; (b) where appropriate, set acceptable levels for the licensee’s significant risks;

LAW OF VIRGIN ISLANDS Regulatory Code 187 Revision Date: 1 Jan 2020 [Statutory Instrument] (c) ensure that senior management implements the internal controls strategy and policies established by the board; (d) approve an appropriate organisational structure for the licensee; (e) approve new products and major risk management initiatives; (f) ensure that senior management is monitoring the effectiveness of the licensee’s internal control system; (Amended by S.I. 69/2019) (g) monitor the licensee’s market conduct activities; (Amended by S.I. 69/2019) (h) undertake a self-assessment of its effectiveness with respect to the matters required of it under this Code; and (Inserted by S.I. 69/2019) (i) ensure that, where applicable, the licensee has appropriate policies and procedures in place that enable a full understanding of the duties arising under the laws relevant to the administration and affairs of its customers for which the licensee is acting in other countries— (i) in which it is carrying on business; and (ii) in which the assets are being managed or held. (Inserted by S.I. 69/2019) (3) The senior management of a licensee has responsibility for— (a) implementing the strategy and policies of the board with respect to internal controls; (b) ensuring that— (i) the internal controls required under section 29 are established and maintained; (ii) the information systems required under section 31 are put in place; and (iii) the internal controls are monitored and deficiencies corrected as required by section 32; and (c) reviewing the licensee’s internal controls, at least annually, and reporting on the results of their review to the board. Information systems 31. (1) A licensee shall have in place reliable and secure information systems that cover all the significant activities carried on by the licensee and, where appropriate, that enable the licensee to measure, assess and report on the size, composition and quality of its exposures. (2) A licensee’s information systems shall be monitored independently and supported by adequate contingency arrangements. Monitoring of internal control systems and correcting deficiencies 32. (1) A licensee shall ensure that— (a) the effectiveness of the internal control system is monitored on an on￾going basis;

188 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (b) regular reports on the effectiveness of the internal control system are made to the board; and (c) any deficiencies identified in the internal control system are corrected as soon as reasonably practicable. (2) A licensee’s internal control policies shall require any deficiencies identified in the internal control system to be reported in a timely manner to senior management and for material internal control deficiencies identified to be reported to the board, notwithstanding that they may have been corrected. Foreign licensees 33. Sections 29 to 32 apply to a foreign licensee with respect to the business of the licensee carried on in the Virgin Islands.

---

EXPLANATORY NOTES Introduction (i) In the case of licensed banks and insurers and investment business licensees, the Code makes detailed provision elsewhere for the management of the most significant risks to which banks, insurers and investment businesses are typically exposed in carrying out their business. Many of those provisions cover the internal controls that a licensed bank or insurer or investment business licensee is required to put in place to monitor and control those specific risks. Sections 29 to 32 cover internal controls more generally and set out the internal control requirements with respect to a licensee’s business including, as appropriate, all its on-and off-balance sheet activities. (Substituted by S.I. 91/2010) (ii) The provisions of the Code relating to internal controls are intended to give effect in the BVI— (a) in the case of banks, to the Basel Committee Paper “Framework for Internal Control Systems in Banking Organisations” issued in September 1998; (b) in the case of licensed insurers, to Core Principle 10 of the Insurance Core Principles; and (c) in the case of investment business licensees, to the IOSCO Objectives and Principles and the supporting Methodology. (Inserted by S.I. 91/2010) (iii) Sections 29 to 32 apply to all licensees. However, sections 29 to 32 provide that a licensee’s internal controls must be appropriate for the nature, size, complexity, structure and diversity of its business. The Commission will expect certain types of licensee, particularly those such as banks and insurers that are exposed to a significant range of risks, to have more sophisticated internal controls in place than other licensees. The Internal Control Framework (iv) Internal control is a process undertaken by the board, senior management and all levels of staff. It is not a procedure or policy that is performed at a certain point in time, but rather it should be continually operating at all levels within the licensee. The board and senior management are responsible for establishing

LAW OF VIRGIN ISLANDS Regulatory Code 189 Revision Date: 1 Jan 2020 [Statutory Instrument] the appropriate culture to facilitate an effective internal control process and for monitoring its effectiveness on an on-going basis. However, each individual within a licensee must participate in the process. A sound internal control framework is critical to a licensee’s ability to meet its objectives and to maintain its financial viability. (v) The main objectives of the internal control framework are— (a) to ensure that the licensee is using its assets and other resources efficiently and effectively and that the licensee is being adequately protected from loss (performance objectives); (b) to ensure that timely, reliable, complete and relevant financial and management information needed for decision making is being prepared (information objectives); and (c) to ensure that the licensee complies with all its regulatory and AML/CFT obligations (compliance objectives). (vi) To fulfil the performance objective, the licensee should, through its internal controls, ensure that all its personnel are working to achieve its goals with efficiency and integrity, without unintended or excessive cost and that they are not placing other interests (such as an employee’s, vendor’s or customer’s interest) before those of the licensee. However, it may in some circumstances be appropriate to place customers’ interests before those of the licensee, for example if there is a conflict between treating them fairly and the licensee’s financial goals. (vii) To fulfil the information objective, the internal controls will need to include the accounting procedures and also the appropriate dissemination of information to shareholders, the Commission and other external parties. (viii) Section 29(2) specifies the elements that must be covered by the internal controls. These requirements apply whether operations are undertaken manually or electronically. Where computer systems are employed by a licensee, its internal controls must address those risks that are specific to computer systems. (ix) The Commission understands that the businesses and circumstances of each licensee are different. In seeking to ensure that the internal controls comply with section 29, the board and senior management will need to exercise their judgment in determining the scope and nature of the controls that are necessary, taking into account their cost effectiveness. (x) The Commission considers that, for this to be achieved, it is necessary to establish a corporate culture that encapsulates the principles involved and employee compensation and incentive arrangements that support these. Supervisory assessment of licensees will include consideration of these aspects. Responsibilities of Directors (xi) The board clearly cannot fulfil its obligations under section 30 unless it understands the significant risks faced by the licensee. The Commission expects a licensee, if requested, to be able to produce documentary evidence that clearly demonstrates that the board has acquired a sufficient understanding of the significant risks faced by the licensee. (xii) The Commission expects the board of a licensee to—

190 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (a) conduct periodic discussions with management concerning the effectiveness of the internal control system; (b) undertake a timely review of evaluations of internal controls made by management and the licensee’s external auditors, and internal auditors if it has them; (c) make periodic efforts to ensure that management has promptly followed up on recommendations and concerns expressed by auditors and the Commission on internal control weaknesses; and (d) if appropriate, undertake a periodic review of the appropriateness of the licensee’s risk strategy and limits. (xiii) Section 30(2)(d) requires the board to approve an appropriate organisational structure for the licensee. In approving the organisational structure, the board should take account of the general requirements with respect to the corporate governance framework set out in section 18(1)(a) of the Code. (xiv) In determining whether the organisational structure of a licensee is appropriate, the Commission will need to be satisfied that it— (i) enables appropriate delegation of authority and responsibility and segregation of duties; and (ii) promotes the effective and prudent management of the licensee and the board’s oversight of that management. Senior Management (xv) The Code provides that the senior management of a licensee have responsibility for implementing the strategies and policies approved by the board and for ensuring that the required internal controls are established and maintained. The Commission understands that, where appropriate, senior management will delegate specific responsibilities to other suitably qualified or experienced staff. However, senior management should retain an oversight role. Control Culture (xvi) In order to ensure that the internal controls are effective, it is important for the board and senior management to promote a culture within the licensee that emphasises and demonstrates to all levels of personnel the importance of internal controls. All members of staff must need to understand their role in the internal controls process and be fully engaged in the process. The board and senior management should also promote high ethical and integrity standards within the licensee. Risk Assessment (xvii) Section 29(2)(g) of the Code provides that the internal controls must ensure that the board and senior management is able to identify and regularly assess all relevant risks in the conduct of the licensee’s business (a risk assessment). The Commission expects a risk assessment to— (a) identify and evaluate both the internal and external factors that could adversely affect the achievement of the licensee’s performance, information and compliance objective;

LAW OF VIRGIN ISLANDS Regulatory Code 191 Revision Date: 1 Jan 2020 [Statutory Instrument] (b) address both measurable and non-measurable aspects of risks and weigh the costs of controls against the benefits risks provide; and (c) evaluate the risks to determine which are controllable by the licensee and which are not. (xviii) Internal factors include the complexity of the licensee’s structure, the nature of the licensee’s activities, the quality of staff, organisational changes and employee turnover. External factors include fluctuating economic conditions, industry changes and technological advances and any other factors external to the licensee that could adversely affect the achievement of its goals. (xix) Where identified risks are controllable, the licensee must assess whether to accept those risks or the extent to which it wishes to mitigate the risks through control procedures. For those risks that cannot be controlled, the licensee must decide whether to accept these risks or to withdraw from or reduce the level of business activity concerned. Segregation of Duties (xx) In order for the internal control system to be effective, it is important that there is an appropriate segregation of duties and that staff are not assigned conflicting responsibilities. The Code requires the internal controls of a licensee to ensure that this is the case [section 29(2)(d)]. (xxi) In order to demonstrate compliance with this requirement, the Commission expects a licensee to identify and minimise areas of potential conflict of interest and subject them to careful, independent monitoring. See further “controls” below. (xxii) Appropriate controls are essential where one individual has responsibility for— (a) the approval of the disbursement of funds and the actual disbursement; (b) customer and proprietary accounts; (c) in the case of a bank— (A) transactions in both the "banking" and "trading" books; (B) informally providing information to customers about their positions while marketing to the same customers; or (C) assessing the adequacy of loan documentation and monitoring the borrower after loan origination. Control Activities (xxiii) Once risks are assessed, they must be controlled through control activities. In order for a licensee to demonstrate that its internal controls are adequate and effective, the Commission expects the licensee to be able to demonstrate not only that the appropriate controls are in place, but also that steps are being taken to verify that the internal controls are being complied with. The Commission would usually expect to see evidence of a number of control activities, including— (a) top level reviews by the board and senior management;

192 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (b) activity controls whereby middle management receives and reviews standard performance and exception reports on a regular basis [daily, weekly or monthly, as appropriate], which reviews would normally be more detailed than top level reviews; (c) physical control, for example restricting access to certain assets, such as cash and securities, including dual control of assets; (d) verification of compliance with exposure limits; (e) the establishment and implementation of appropriate approvals for transactions over a certain limit; (f) appropriate cross checks and other verifications and reconciliations; and (g) double signatures, where appropriate. Information Systems (xxiv) Adequate information and effective communication are essential to the proper functioning of a system of internal controls. For this reason, section 31 requires a licensee to have reliable and secure information systems that cover all the significant activities carried on by the licensee. In order to demonstrate compliance with this requirement, a licensee will need to show that its information systems provide data in all internal areas, including operations and compliance as well as covering relevant external market information concerning events and conditions that are relevant to decision making. The information should be reliable, timely, accessible, and provided in a consistent format. (Amended by S.I. 91/2010) Monitoring of Internal Control System (xxv) Section 32 requires a licensee to ensure that the effectiveness of the internal control systems is monitored on an on-going basis. It should be understood that this obligation is separate to the role played by internal audit [see section 35 of the Code]. Section 32(2)of the Code provides that material internal control deficiencies must be reported to the board, even though they may have been corrected. It should be appreciated that whether such deficiencies should be considered material in the case of any licensee depends, in part, upon the nature, size, complexity, structure and diversity of the licensee’s business. The internal control policies of a licensee should indicate the factors to be considered in determining whether internal control deficiencies are material.

---

Internal audit Appointment of internal audit function 34. (1) For the purposes of this Code, “internal audit function”, in relation to a licensee, means the person or persons appointed by the licensee to have responsibility for the internal audit obligations imposed on the licensee by this Code. (2) A BVI licensee shall appoint one or more persons as its internal audit function if— (a) it holds a licence specified in subsection (3); or (b) not holding such a licence, it is directed by the Commission to do so.

LAW OF VIRGIN ISLANDS Regulatory Code 193 Revision Date: 1 Jan 2020 [Statutory Instrument] (3) The following licences are specified for the purposes of subsection (2)— (a) a general banking licence; (b) a category A and a category D insurer’s licence; (Amended by S.I. 69/2019) (c) a category 5 investment business licence; and (Inserted by S.I. 91/2010 and amended by S.I. 69/2019) (d) subject to subsection (3A), a Class I and Class II trust licence. (Inserted by S.I. 69/2019) (3A) Subsection (3)(d) does not apply in relation to the requirement of subsection (2), to a Class I or Class II trust licence if the licensee does not hold customer monies or, having regard to the nature, size and complexity of the licensee, the licensee determines that it does not require an internal audit function. (Inserted by S.I. 69/2019) (3B) Where a licensee determines that it does not require an internal audit function under subsection (3A), it shall, within 14 days of making that determination, notify the Commission in writing of that fact, stating its reasons. (Inserted by S.I. 69/2019) (4) Section 35 does not apply to a licensee that is not required to appoint an internal audit function under subsection (2), but a licensee to which section 35 does not apply shall undertake such reviews of its internal controls as are appropriate for the nature, size, complexity, structure and diversity of the licensee’s business. Internal audit function 35. (1) The internal audit function shall— (a) possess sufficient independence to carry out the licensee’s internal audit obligations objectively; (b) report directly to the board or, if the licensee has one, to the audit committee and shall be given sufficient status within the licensee to ensure that senior management and the board react to, and act on, its recommendations; (c) have unrestricted access to— (i) the staff of the licensee, in order to carry out the licensee’s internal audit obligations; and (ii) documents any information relating to the business of the licensee and its customers; (d) have sufficient human resources with adequate professional qualifications, relevant auditing experience and training to understand and evaluate the business they audit; and (e) employ a methodology that identifies all significant risks run by a licensee and allocate resources accordingly. (2) The principal responsibilities of the internal audit function are— (a) assessing whether the licensee’s existing risk management strategy, policies, systems and controls and its internal controls remain sufficient, effective and appropriate for the licensee’s business;

194 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (b) assessing whether the licensee’s risk management strategy, policies, systems and controls and its internal controls, are being implemented and complied with; (c) where relevant, assessing whether the systems and controls for monitoring and assessing the on-going capital requirements of the licensee are effective and are being implemented; (d) where the licensee has a separate risk management function, periodically reviewing that function; and (e) periodically reviewing the licensee’s compliance function. (3) The responsibilities specified in subsection (2) shall extend to all the activities of the licensee, including outsourced activities, and where the licensee has established branches or subsidiaries, to those branches and subsidiaries. (4) The internal audit function should be subject to independent review by the audit committee or the licensee’s external auditor. Internal audit reports to be submitted to Commission as its request 36. A BVI licensee that is required to appoint an internal audit function shall— (a) within 10 days of the last day of each calendar quarter, provide the Commission with a list of reports that have been prepared by the internal audit function during that calendar quarter, with a summary of the areas covered by each report; and (b) on the written request of the Commission, submit to the Commission copies of such internal reports as are specified in the Commission’s request, within the time period specified in the request.

---

EXPLANATORY NOTES Introduction (i) The internal audit function is an important part of the on-going monitoring of the system of internal controls of a licensee because it provides an independent assessment of the adequacy of, and compliance with, the established strategy, policies systems and controls. It is critical that the internal audit function is independent from the day-to-day functioning of the licensee, including the day￾to-day operation of its internal controls, and that it has access to all activities conducted by the licensee, including at its branches and subsidiaries. (ii) Although the Commission would normally expect a large licensee to have an in￾house audit function, a licensee may outsource the internal audit activities. However, whether internal audit is undertaken in-house or outsourced, it is important that the internal audit function operates on a permanent and continuous basis. Responsibilities of Internal Audit Function (iii) The principal responsibilities of the internal audit function are set out in section 35. In order that these responsibilities are effectively fulfilled, the scope of an internal audit will usually need to include— (a) a review of the management and financial information systems, including the licensee’s electronic systems;

LAW OF VIRGIN ISLANDS Regulatory Code 195 Revision Date: 1 Jan 2020 [Statutory Instrument] (b) a review of the accuracy and reliability of the accounting records and financial reports; (c) a review of the means whereby assets are safeguarded; (d) where appropriate, for example in the case of a bank, the system of assessing the licensee’s capital in relation to its estimate of risk; (e) an appraisal of the economy and efficiency of the licensee’s operations; (f) testing transactions and the functioning of specific internal control procedures; (g) a review of the systems established to ensure compliance with the licensee’s regulatory obligations; and (h) testing the reliability and timeliness of the regulatory reporting. (iv) Internal audit will usually carry out special investigations, as appropriate. Independence (v) Section 35(1)(a) of the Code provides that the internal audit function must possess sufficient independence to carry out the licensee’s internal audit obligations objectively. In practice, this means that the internal audit function should not be involved in the day-to-day implementation of the licensee’s internal controls. The internal audit function should be able to act on its own initiative with respect to all activities and of the licensee and should not be subject to any conflicts of interest with the licensee. (vi) In order to demonstrate compliance with the requirement that the internal audit function is independent, the Commission would normally expect to see a document approved by either the audit committee or the board that sets out the objectives and scope of the internal audit function, establishes its position in the licensee, and its independence. Functioning of Internal Audit (vii) It is beyond the scope of the Code to specify how internal audit should properly function. With respect to banks, further information may be obtained from the Basel document “Internal Audit in Bank’s and the Supervisor’s Relationship with Auditors”. However, the Commission will, as part of its on-site examination process, wish to be satisfied that the internal audit function is working effectively. To demonstrate this, the Commission would usually expect to see that a realistic and effective audit plan has been prepared and is being implemented and that written internal audit reports are being produced. Relationship with External Auditors (viii) Whilst the internal audit function and the licensee’s external auditors have different roles, it will be useful for the 2 to coordinate to ensure that both are operating as efficiently and effectively as possible and that the internal audit function is providing maximum value.

---

196 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS Audit committee Audit committee 37. (1) A licensee shall at all times have an audit committee if— (a) it holds a general banking licence; or (b) although not holding a general banking licence, it is directed by the Commission to have an audit committee. (2) A licensee not required by subsection (1) to have an audit committee shall— (a) determine whether, given the nature, size, complexity, structure and diversity of its business, it is appropriate to have an audit committee; and (b) if it so determines, have an audit committee. (3) The audit committee of a licensee— (a) is a committee of the board; and (b) shall be comprised solely of directors, the majority of whom shall be non-executive directors. EXPLANATORY NOTES Audit Committee (i) The Code does not set out the functions of the audit committee as these will depend upon the business and circumstances of a particular licensee. However, an audit committee typically has the following functions— (a) oversight of the licensee’s financial reporting process and its internal control systems; (b) oversight of, and primary contact for, the licensee’s internal audit function; and (c) acting as the primary contact for the licensee’s external auditors and monitoring the audit process. (ii) Where a licensee has an audit committee, the Commission expects its functions to include those specified above unless there are compelling reasons to justify an exception. Where a licensee considers that an exception is justified, this should be fully and clearly documented, together with the reasons for the exception. (iii) The Commission would normally expect to see a document approved by the board that specifies the composition of the audit committee, its authorities and duties and how and when it must report to the board. (iv) The Code requires that a majority of the members of the audit committee should be non-executive directors. This ensures that the audit committee acts independently of the senior management of the licensee.

LAW OF VIRGIN ISLANDS Regulatory Code 197 Revision Date: 1 Jan 2020 [Statutory Instrument] Liaison with External Auditors (v) As stated above, the audit committee acts as the primary contact point for the licensee’s external auditor and is also responsible for monitoring the external audit. As such, the Commission would normally expect the audit committee to— (a) make recommendations to the board on the appointment, reappointment and removal of the auditor, including as to whether the auditor is fit and proper; (b) approve, or advise the board on, the auditor’s terms of engagement, including the auditor’s remuneration; (c) review and approve the audit plan; (d) review, consider and make recommendations to the board on the auditor’s findings; and (e) monitor and evaluate the audit process.

---

Record keeping Licensee to maintain records 38. (1) A licensee shall keep adequate and orderly records which must include— (a) the records that it is required to maintain under the BVI Business Companies Act; and (b) records of its business, including all services provided to, and transactions undertaken for, customers, and of its internal organisation. (2) The records kept by a licensee shall be sufficient to enable the Commission to monitor the compliance of the licensee with its regulatory obligations and its AML/CFT obligations. (3) A licensee shall— (a) maintain its records so that they can be readily retrieved in the Virgin Islands and, if kept otherwise than in legible form, so that they can be accessed and read at a computer terminal in the Virgin Islands and produced in the Virgin Islands in legible form and in the English language without delay; and (b) ensure that its records are kept up to date and that a full audit trail is maintained of all changes to its records. (4) A licensee shall not keep any records that it is required to maintain under the BVI Business Companies Act, a regulatory enactment or this Code outside the Virgin Islands if access to those records will or is likely to be impeded by confidentiality or data protection restrictions. Retention of records 39. (1) A licensee shall establish a record retention policy which shall include— (a) the period of time for which various types of record will be retained, which shall be no less than the minimum period specified in subsection (2); (b) how records are to be securely and safely stored; and

198 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (c) the process by which stored records can be readily accessed when required by the licensee, the Commission, law enforcement agencies or other persons entitled to access them. (2) Subject to the BVI Business Companies Act, the AML/CFT Code or any other enactment requiring a licensee to retain records for a longer period, a licensee shall retain all records that it is required to maintain under this Code for a period of at least 5 years. (3) In the case of records relating to transactions with a customer, the 5 year period shall commence on the termination of the licensee’s relationship with the customer. (4) A licensee shall not, without the written consent of the Commission and whether before or after the expiration of the retention period, alter, destroy or erase any record which is, or may be, relevant to any— (a) enforcement action being taken by the Commission; (b) matter which is being investigated by the Commission or any law enforcement authority in the Virgin Islands; or (c) matter which is the subject of, or relates to, a request from a foreign regulatory authority or law enforcement authority. (Inserted by S.I. 91/2010) EXPLANATORY NOTES Introduction (i) This Division sets out general record keeping requirements that are applicable to all licensees. Most licensees are also subject to record-keeping requirements imposed under regulatory enactments that apply to them. (ii) The Code also includes specific record keeping requirements with respect to certain matters and with respect to certain types of licensee. These are included together with the requirements concerning the particular matter or licensee, as it is considered more helpful for these to be included in context. (iii) The AML Regulations, the AML/CFT Code and the BVI Business Companies Act include certain requirements with respect to records, which are not repeated in the Code with respect to BVI companies [see for example sections 96 to 102 of the BVI Business Companies Act]. The requirements of the Code with respect to record keeping are additional to those requirements. Audit Trail (iv) Ensuring a proper audit trail when a licensee’s records are updated or otherwise changed is clearly an important element of a well-designed internal control framework. However, an audit trail is also critical as the Commission, or law enforcement agencies, may at some future time, need to reconstitute the key stages of a transaction. The audit trail should therefore cover not just substantive changes to records, but also corrections or other minor amendments. When updates or other changes or corrections are made to the records, the date of the update, change or correction should be recorded. The Commission would not normally regard the audit trail as in compliance with the Code unless this paragraph is fully complied with. Confidentiality/Data Protection

LAW OF VIRGIN ISLANDS Regulatory Code 199 Revision Date: 1 Jan 2020 [Statutory Instrument] (v) Section 38(4) of the Code provides that a licensee should not keep records, that it is required to maintain, outside the Virgin Islands if access to those records will or is likely to be impeded by confidentiality or data protection restrictions. It should be noted that this applies to records kept outside the BVI whether kept at an overseas office of the licensee or its parent or whether kept outside the BVI by a service provider pursuant to an outsourcing agreement.

---

Division 4 Compliance Purpose of this Division 40. (1) The purpose of this Division is to set out the compliance regime applicable to a licensee and to the compliance officer appointed by a licensee in accordance with section 34(3) of the FSC Act. (2) This Division is subject to any exemption specified in an enactment made pursuant to section 40C (1) of the FSC Act or in a regulatory legislation with respect to compliance by a licensee or a compliance officer referred to in subsection (1). (Substituted by S.I. 91/2010) EXPLANATORY NOTES Introduction (i) Section 34 of the FSC Act imposes a number of obligations on licensees with respect to compliance. The principal obligations are that a licensee must— (a) establish and maintain adequate compliance systems and controls; (b) establish and maintain a compliance procedures manual [“compliance manual”]; and (c) appoint an individual approved by the Commission as its compliance officer. (ii) Although the FSC Act outlines the basic requirements with respect to compliance, it delegates the establishment of a compliance regime to the Code, which is the purpose of this Division. (iii) The overall objective of the compliance function is to ensure that the licensee complies with its “regulatory obligations” [which are defined in section 2 of the Code]. It should be noted that compliance with a licensee’s AML/CFT obligations is covered in the AML/CFT Code, not the Code. (iv) Compliance is the responsibility of the licensee and, within the licensee, ultimate responsibility for compliance lies with the board of directors [see section 41(4)]. Although licensees may use external sources, for example, to undertake a regulatory risk assessment or assist in the development of a compliance manual, compliance remains the sole responsibility of the licensee and cannot be contracted out. See the provisions in the Code relating to outsourcing. (v) The FSC Act provides a mechanism for exempting certain licensees from specified obligations under the FSC Act or a regulatory legislation and the circumstances in which the Commission may grant exemptions to licensees. For example, the Financial Services (Exemptions) Regulations and Financial Services

200 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (Miscellaneous Exemptions) Regulations (Exemption Regulations) exempt certain licensees from the requirement to appoint compliance officers and the circumstances in which the Commission will grant specified exemptions. This Division applies to such licensees and with respect to compliance officers to the extent specified in any Exemption Regulations or other applicable legislation. Consequently, this Division must be read subject to any applicable exemptions contained in the Exemption Regulations or other applicable legislation. (Substituted by S.I. 91/2010) (vi) The purpose of an exemption under the Exemption Regulations is not to permit the licensee concerned to conduct its business to a lower regulatory standard but to recognise that, by virtue of the way in which the business of certain licensees is conducted, it is more appropriate for them to achieve compliance with the Code in a manner not provided for by the FSC Act and the Code.

---

Compliance policies, systems and controls 41. (1) A licensee shall establish, maintain and implement a compliance policy and compliance systems and controls. (2) The compliance policy shall be appropriate for the nature, scale, complexity and diversity of the business carried on by a licensee. (3) The compliance systems and controls shall be— (a) sufficient to ensure compliance— (i) by the licensee with its compliance policies and its regulatory obligations; (ii) by the licensee’s board, senior management and employees with its compliance policies and any obligations that may be imposed on them by the FSC Act, a regulatory enactment or the Code; and (iii) with the licensee’s internal controls; (b) adequate to identify compliance breaches; and (c) effectively implemented by the licensee. (4) The board of a licensee shall— (a) approve the licensee’s compliance policy; and (b) on at least an annual basis— (i) review the compliance policy; and (ii) assess the effectiveness of the compliance policy, systems and controls in managing the licensee’s compliance risk. (5) The compliance policy, systems and controls of a licensee shall be— (a) documented in the compliance manual that the licensee is required to maintain under section 34(2) of the FSC Act; and (b) communicated, and readily available, to the directors and to those senior managers and staff who have responsibility for implementing them.

LAW OF VIRGIN ISLANDS Regulatory Code 201 Revision Date: 1 Jan 2020 [Statutory Instrument] Appointment of compliance officer 42. The person appointed as the compliance officer of a licensee shall be an individual who has the appropriate skills and experience and is otherwise fit and proper to act as the licensee’s compliance officer. Obligations of licensee with respect to compliance officer 43. (1) Except as permitted by or in accordance with an exemption provided under section 40C(1) of the FSC Act or a regulatory legislation, the compliance officer of a licensee shall be an employee of the licensee. (Amended by S.I. 91 of 2010) (2) The compliance officer shall— (a) possess sufficient independence to perform his or her role objectively and, without limiting this section, the compliance officer shall not be— (i) involved in the performance of services or activities that he or she is responsible for monitoring; (ii) placed in a position where he or she is expected to perform functions that conflict with his or her role as compliance officer; or (iii) subjected to any undue influence or pressure with respect to the carrying out of the compliance function; (b) have sufficient seniority in the organizational structure of the licensee to— (i) effectively undertake the compliance function; (ii) communicate freely with the Commission concerning compliance matters on his or her own initiative; and (iii) ensure that his or her requests, where appropriate, are acted upon by the licensee and its staff and his or her recommendations properly considered by the board and by senior management; and (c) have sufficient resources to perform the compliance function effectively. (3) Without limiting section (2)(b), for the purposes of undertaking the compliance function, the compliance officer of a licensee shall have unrestricted access to— (a) the directors, senior management and auditor of the licensee; (b) the staff of the licensee, in order to seek information and explanations concerning compliance matters; and (c) documents any information relating to the business of the licensee and its customers. Temporary absence of compliance officer 44. (1) Subject to subsection (2), a licensee shall ensure that arrangements are made for some other person approved by the Commission to undertake the compliance function during the temporary absence of the compliance officer. (2) A licensee is not required to appoint a person approved by the Commission during the temporary absence of the compliance officer where an exemption provided

202 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS pursuant to section 40C (1) of the FSC Act or under a regulatory legislation is in effect. (Substituted by S.I. 91/2010) (3) Where the period of absence of a compliance officer is anticipated to be longer than 5 days, the licensee shall appoint a competent individual from within the licensee to perform the duties of the compliance officer during the latter’s temporary absence. (Inserted by S.I. 91/2010)

---

EXPLANATORY NOTES Responsibility of Board for Compliance (i) Notwithstanding the requirement to appoint a compliance officer, the board of a licensee has ultimate responsibility for compliance. The Code therefore requires the board to approve and regularly review compliance and to regularly assess its effectiveness. Compliance Systems and Controls (ii) The objective of the compliance policies, systems and controls is to ensure that it can manage its compliance risk, i.e. the risk of legal and regulatory sanctions, material financial loss or reputational damage that a licensee may suffer as a result of failing to comply with its regulatory and its AML/CFT obligations. (iii) It is not sufficient for a licensee to just establish and maintain compliance systems and controls, these must also be effectively implemented by the licensee. When conducting an on-site assessment, the Commission will therefore be concerned to examine both the adequacy of the systems and controls and whether they are being effectively implemented. Appointment of Compliance Officer (iv) Section 34(3) of the FSC Act requires every licensee to appoint an individual approved by the Commission as its compliance officer, although the Exemption Regulations permit certain exemptions to this requirement. The approvals process for a compliance officer is covered generally in Division 2 of this Part of the Code. (v) Section 34(4) of the FSC Act provides that the Commission shall not approve an individual as a licensee’s compliance officer unless it is satisfied that he satisfies the Commission’s fit and proper criteria. Section 42 of the Code goes further than this by requiring the licensee to be satisfied as to the fitness and propriety of the individual to be appointed. The Commission will therefore expect a licensee to be able to demonstrate that it has carried out a fit and proper assessment of its proposed compliance officer and that the results of this assessment have been recorded. (vi) The Commission’s general fit and proper criteria are set out in Division 2 of this Part of the Code. When considering an application for the approval of a compliance officer, the Commission will assess the proposed appointee against these general criteria. (vii) In determining whether the competence and capability criterion has been met, the Commission will consider, in particular— (a) the academic qualifications of the proposed compliance officer and whether the business of the licensee concerned requires a person with a formal compliance qualification and/or other formal qualifications;

LAW OF VIRGIN ISLANDS Regulatory Code 203 Revision Date: 1 Jan 2020 [Statutory Instrument] (b) the relevant experience of the proposed compliance officer; and (c) whether the licensee has demonstrated that the proposed compliance officer has the ability to fully understand the regulatory regime as it applies to the licensee. (viii) The Commission considers that relevant experience is experience that is gained from acting either in a compliance role or at a senior level in the licensee or another organisation connected with financial services business. Although the minimum amount of experience will be considered on a case-by-case basis, as a guide, the Commission would usually expect a proposed compliance officer to have at least 3 year’s relevant experience. Generally, the Commission will expect a person who does not have relevant academic or professional qualifications to have more relevant experience than a person who has such qualifications. However, academic qualifications will never be sufficient on their own. It is not necessary for the experience to have been gained in the Virgin Islands, although where this is not the case, the Commission would need to be satisfied that the proposed compliance officer will be able to very quickly acquire a good understanding of the regulatory regime. (ix) An individual will not be approved as the compliance officer of a licensee if he is not fluent in the English language. Given the role of the compliance officer as the link between the licensee and the Commission with respect to compliance issues, the Commission will also want to be satisfied that the individual proposed has good written and verbal communication skills. Obligations of Licensee with Respect to Compliance Officer (x) Section 43 of the Code imposes obligations on a licensee with respect to the independence, seniority and resources that a compliance officer must be provided with in order for him to undertake the compliance function independently, objectively and effectively and to interact with the Commission on compliance matters without having to seek the approval of senior management. It is the responsibility of the directors to ensure that this paragraph is complied with. Independence (xi) To avoid possible conflicts of interest, the terms of reference of a compliance officer should clearly state that, in respect of compliance matters, his duties should not be subordinated to the interests, or perceived interests, of the licensee. The Commission would consider a failure to include a provision to this effect in the terms of reference as evidence of a breach of section 43(a). (xii) It should be noted that the compliance officer’s first priority is to his compliance functions, which he must give priority to at all times. It is therefore not acceptable for a licensee to give a compliance officer multiple tasks which may hamper the compliance officer in the effective performance of his compliance duties. (xiii) A compliance officer that functions independently and objectively should be viewed as an asset to the licensee, not as a threat. The compliance officer should not, therefore, be subject to undue influence concerning the way in which he carries out the compliance function. In particular, it is unacceptable for a licensee to improperly—

204 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (a) threaten a compliance officer with regard to his tenure, remuneration or other benefit; or (b) interfere with the performance by the compliance officer of the compliance function, for example, by attempting to influence what is, or is not, contained in a compliance report. The Commission would view the above actions as a clear breach of section 43(a). Access to Documents (xiv) It should be noted that the FSC Act contains a very wide definition of “documents”. For the purposes of section 43(3)(c), ”documents” therefore includes customer due diligence files and related correspondence and all other files of the licensee or relating to its customers that are relevant to the compliance function. Resources (xv) Section 43(c) requires a licensee to provide its compliance officer with sufficient resources to perform the compliance function effectively. It should be understood that “resources” includes human resources. Where a licensee has a substantial business, it may be necessary for the licensee to appoint other staff to assist the compliance officer in the performance of the compliance function. Temporary Absence of Compliance Officer (xvi) It is essential that the compliance function is fulfilled during the temporary absence of the compliance officer. This will require a licensee to develop contingency plans for that event, particularly where the compliance office does not have staff to support him. (xvii) Where the temporary absence is very short, it may not be necessary to identify another individual to undertake the compliance functions in the absence of the compliance officer. However, in order to avoid a situation where the length of the period of absence from office of the compliance officer would compromise the compliance functions, a licensee is required to identify and appoint another individual to perform the compliance functions during the period of temporary absence of the compliance officer. That other individual does not require any approval from the Commission in order to be appointed to perform the functions of the compliance officer. As provided in section 44(3), the stipulated period that would trigger an appointment of this type is 5 days where the licensee contemplates that the temporary absence of the compliance officer from office would exceed that period. The Commission expects the licensee to know in advance whether or not the absence of the compliance officer from office would exceed the stipulated period and therefore make necessary arrangements for a suitable individual to perform the compliance functions. In circumstances where the absence of a compliance officer beyond the stipulated period is occasioned by ill-health or other un-contemplated or unavoidable cause, the licensee is nevertheless expected to appoint another competent individual to perform the compliance functions. (Substituted by S.I. 91/2010) (xviii) Where an individual is appointed to perform the compliance function of a licensee, the Commission would consider him to be the licensee’s compliance

LAW OF VIRGIN ISLANDS Regulatory Code 205 Revision Date: 1 Jan 2020 [Statutory Instrument] officer within the meaning of the FSC Act. While the appointment itself does not require any approval of the Commission before it is effected (as already noted in paragraph (xvii) above), the individual is obligated to perform all the requisite compliance functions as if he were the approved compliance officer. It should be noted that paragraph 3 of Schedule 1 of the Financial Services (Miscellaneous Exemptions) Regulations is instructive as regards the duration of temporary absence - the cumulative period not exceeding 8 weeks (taken consecutively or otherwise) or 15% of compliance officer’s time in a consecutive 12 month period – and accordingly reference must be made thereto. (Substituted by S.I. 91/2010) Removal of Compliance Officer (xix) Section 40D of the FSC Act enables the Commission to direct a licensee to remove its compliance officer where the Commission considers that he does not satisfy the Commission’s fit and proper criteria. Where the Commission exercises this power, it is the responsibility of the licensee to identify another suitable individual for appointment and to submit an application for approval to the Commission.

---

Duties and responsibilities of compliance officer 45. (1) The compliance officer of a licensee, in addition to the responsibilities specified in section 34(3)(a) and (b) of the FSC Act— (a) has functional responsibility for— (i) ensuring that the licensee complies with its obligations with respect to the establishment and maintenance of compliance systems and controls as specified in section 34(1) of the FSC Act and section 41 of this Code; (ii) identifying, measuring and assessing the compliance risks associated with the licensee’s business, including the compliance risks associated with the material changes in, or the development of new products, types of business or customer relationships; (iii) keeping the regulatory obligations of the licensee and the compliance systems and controls under review, identifying any deficiencies, making regular assessment reports to the board and senior management and making recommendations for any updates or revisions; (iv) establishing and maintaining a compliance manual, as required by section 34(2) of the FSC Act, that complies with section 46 and keeping the compliance manual under regular review and current; (v) maintaining a register of compliance breaches containing information on the date, nature and extent of each compliance breach, the remedial action taken to address the breach and within what timeframe and whether the breach has been reported to the Commission under paragraph (b); (Amended by S.I. 69/2019) (vi) ensuring that the staff of the licensee are aware of the need for and the objectives of compliance and that they are familiar with, and

206 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS understand, to the extent necessary to undertake their responsibilities— (A) the regulatory regime, and any changes to it; and (B) the licensee’s compliance manual; (vii) ensuring that the licensee complies with its reporting obligations to the Commission, including that returns submitted to the Commission are accurate, complete and filed within the relevant time period; and (viii) establishing and maintaining procedures for the monitoring and handling of complaints, and keeping the complaints procedures under review; and (b) has responsibility for— (i) immediately reporting to the Commission any serious compliance breach that he or she becomes aware of; (ii) preparing and submitting to the Commission, on behalf of the licensee, an annual compliance report in the approved form; and (iii) preparing and submitting to the board of directors an annual compliance report. (1A) The annual compliance reports required under subsection (1)(b)(ii) and (iii) shall be prepared and submitted to the Commission within 3 months after the end of the year to which the report relates. (Inserted by S.I. 69/2019) (2) Nothing in subsection (1) removes or limits the responsibility of the board of a licensee for any failure of the licensee to comply with its regulatory obligations, including its compliance obligations. (3) With the approval of the Commission, the compliance officer of a licensee may also be appointed to act as its MLRO.

---

EXPLANATORY NOTES Duties and Responsibilities of Compliance Officer (i) Section 34(3)(a) and (b) of the FSC Act provide that the compliance officer has responsibility for overseeing the licensee’s compliance function, for reporting to the Commission as required by the Code and to the directors and for acting as the liaison between the licensee and the Commission with respect to the licensee’s compliance function. The responsibilities set out in section 45 of the Code are additional to those contained in the FSC Act. (ii) The directors of a licensee have ultimate responsibility for ensuring that the licensee complies with its regulatory obligations and that it has effective compliance systems and controls in place. However, the compliance officer has functional responsibility for compliance. If the compliance officer is not fulfilling his responsibilities properly, such that the licensee is not complying with its regulatory obligations, including its compliance obligations, the directors are responsible for taking remedial action. This may require additional compliance resources to be provided or even the replacement of the compliance officer. It is for this important reason that the FSC Act gives the compliance officer an oversight role. For this reason, section 45 distinguishes

LAW OF VIRGIN ISLANDS Regulatory Code 207 Revision Date: 1 Jan 2020 [Statutory Instrument] between those matters for which the compliance officer has functional responsibility and those for which he is fully responsible. (iii) The compliance officer does, however, have his own responsibilities that are additional to the responsibilities of the licensee. For example, a licensee is obliged to report a serious compliance breach to the Commission [see section 45(1)(b) of the Code]. However, given the role of the compliance officer, he also has a responsibility for reporting any serious compliance breach that he becomes aware of to the Commission. The reporting of a serious compliance breach to the Commission by the compliance officer will result in the licensee complying with its obligation. There is no need for the licensee to also file a separate report. However, the failure of the compliance officer to make such a report will not excuse the licensee for a breach of its obligation. (iv) In order to undertake the compliance function, the compliance officer must have a comprehensive knowledge and excellent understanding of the regulatory regime in the Virgin Islands, as it applies to the licensee. The compliance officer must, therefore, keep himself up to date with developments and changes in the regulatory regime. (v) As indicated above, section 45(1)(b) requires the compliance officer to report a serious compliance breach to the Commission immediately. There is no definition of what constitutes a serious compliance breach as this will depend, in part, on the business and circumstances of the licensee. However, if the breach has any of the following characteristics it should be considered as a serious compliance breach— (a) the breach may have a significant impact on the reputation of the licensee or the Virgin Islands; (b) the breach may have a significant impact on the customers of the licensee; or (c) the breach may have a significant impact on one or more other licensees. (vi) The compliance officer of a licensee is required by section 45(1)(b)(ii) to submit an annual compliance report to the Commission on behalf of the licensee. However, the Commission may determine that a particular licensee must submit a compliance report on a more frequent basis. (vii) The performance by compliance officers of their responsibilities will be monitored by the Commission, particularly through its on-site inspection programme. Compliance Officer as MLRO (viii) Regulation 13(1) of the AML Regulations requires every licensee to appoint an MLRO. Regulation 13(3) specifies that the MLRO has responsibility for the compliance function relating to AML/CFT obligations. (ix) Provided that the size and nature of the business carried on by a licensee do not make it impracticable for one individual to fulfil both roles, there is no reason, in principle, why the compliance officer of the licensee cannot also act as its MLRO. Where the business of a licensee is not large or complex, the Commission understands that the appointment of separate persons may not be justified and, furthermore, there may be significant advantages in vesting the regulatory and AML/CFT compliance roles in the same person. However,

208 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS section 45(3) requires the Commission’s approval if the same person is to act as both the licensee’s compliance officer and its MLRO.

---

Compliance manual 46. (1) The compliance manual of a licensee shall provide sufficient detail and structure to ensure that employees of the licensee understand the compliance function and their individual roles in the compliance framework. (2) The general areas covered by the compliance manual shall include the following— (a) the purpose and importance of the compliance function; (b) the role of the compliance officer and any compliance committee that may be established and how the compliance function is to be monitored and reviewed; (c) a description of the business undertaken by the licensee, including risks associated with the business and the risk management systems in place; (d) an organisational chart clearly indicating who is responsible for various procedures and tasks within the licensee and a description of those tasks and the compliance reporting structure; (e) a description of the regulatory framework insofar as it is relevant to the licensee and of the regulatory obligations of the licensee; and (f) the procedures that will be used to test compliance and how breaches in compliance will be reported and rectified. EXPLANATORY NOTES (i) Section 46 is intended to specify, in general terms, areas that must be included in the compliance manual. However, the general areas listed are not intended to be definitive or exhaustive. The contents of the compliance manual will depend on the nature, size and complexity of the licensed business of the licensee. (ii) The compliance manual should provide information concerning the applicable regulatory framework and be sufficiently practical so as to enable employees to apply general principles to specific situations that may be outside the precise scope of the manual. (iii) Although the compliance manual should cover specific tasks in detail, it should not be considered as simply a “tick box” checklist of procedures.

---

Compliance officer report 47. Section 34(7)(d) of the FSC Act and section 45(1)(b) of this Code make provision for the Commission to require a compliance officer to prepare and submit to the Commission a report detailing the level of the regulated person’s compliance with— (a) the provisions of the Code and any other law or directive relating to money laundering;

LAW OF VIRGIN ISLANDS Regulatory Code 209 Revision Date: 1 Jan 2020 [Statutory Instrument] (b) the provisions of the FSC Act; and (c) the Code, any directive or practice direction issued by the Commission and any other financial services legislation. Contents of report 48. The report submitted by the compliance officer shall, at a minimum, contain the following— (a) the number of employees within the regulated person, the names and positions of the employees that underwent training, including training in AML/CFT obligation, the content of material covered, the dates of the training, and a copy of the regulated person’s training register; (b) a list of any Virgin Islands laws that may have been breached by the regulated person, in compliance with the requirements of section 45(1)(a)(v), the remedial action taken and within what time frame, and a copy of the regulated person’s register of compliance breaches; (c) the number of suspicious activity reports made during the year of the report; (d) a list of significant complaints made by the customers of the regulated person, indicating the dates of the complaints, the nature of the complaints, and how the complaints were dealt with; (e) an indication of whether there has been a significant breakdown in the internal control structure of the regulated person, including any compliance risks that may be associated with the licensee’s business relative to— (i) its existing risk management strategy, policies, systems and controls, and whether the internal controls remain sufficient and appropriate for the licensee’s business; and (ii) whether the strategy, policies, systems and internal controls are being implemented and complied with in an effective manner; (f) confirmation of whether or not the licensee remains properly resourced, structured and organised to enable it to effectively undertake its business activities, including serving the number and types of its customers; and (g) confirmation of the level of compliance by the licensee with its reporting, filing and other obligations to the Commission under financial services legislation, the FSC Act and this Code. (Substituted by S.I. 69/2019)

---

The following Explanatory Notes are inserted immediately after section 48 EXPLANATORY NOTES (i) The Compliance Officer Report is an essential part of supervision of regulated persons. The Report is designed to assist both the licensee to which it relates and the Commission which supervises the licensee for compliance. The licensee benefits from the honest and impartial opinions of the Compliance Officer by having the opportunity to reflect on its compliance obligations to carry out

210 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS necessary reforms and ensure appropriate compliance; the Commission is able to monitor the overall behaviour of the licensee to risk-assess it to ensure the good reputation of the jurisdiction. (ii) The reporting obligations outlined in section 48 must be read together with the relevant sections in the FSC Act (34 and 35) and sections 45 to 47 of this Code in order to have a better appreciation of the obligations thrust on the Compliance Officer. Section 48 outlines the minimum obligations; the Compliance Officer is expected to act professionally and include in the Report all essential obligations under the FSC Act, this Code and financial services legislation even if those matters are not specified in the section but are considered essential to regulatory compliance. (iii) The inclusion of the training measures undertaken by a licensee will enable the Commission to make an assessment of whether a licensee has the requisite staff numbers to effectively carry out its duties; this includes an assessment of the level of competence of the staff to appropriately carry out the duties of the licensee, especially in relation to the licensee’s customers. It is therefore important that the Report contains all the information set out in section 48(a). That information must, in addition, include an indication of whether the licensee has carried out any testing, following the training, in order to properly evaluate the trained staff’s level of understanding and knowledge. The testing must outline the nature and form of the testing method employed in evaluating the staff’s understanding and knowledge. In this respect and overall in relation to the training of staff, there is no need to submit (whether together or otherwise with the Report) the training material used and/or any certificates issued; it suffices to provide just a summary of the content of the material. However, the material and all other relevant documentation must be retained in the licensee’s office to be viewed and assessed by the Commission during an onsite inspection.. (iv) With respect to any breaches of law by a licensee, the Compliance Officer has a legal obligation to report on the nature and extent of breaches, the number of breaches (in order to assess frequency and make an objective determination on compliance), the remedial action that has been taken and the time frame within which the remedial action was taken. (v) While the Commission will not inquire into any detail of a suspicious activity report that has been filed with the FIA, it is considered important that the Report contains information on the frequency of such filing; excessive filing may point to a significant issue or issues that may require immediate resolution. It is best that such information is contained in the Report and shared with the Commission. (vi) Sections 69A and 69B of the Code provide detailed mechanisms with respect to the receipt and handling of significant customer complaints. Compliance Officers should pay careful attention to those provisions and ensure appropriate inclusion in their Report. (vii) One of the methods of determining competence and capability during the licensing process is (among other things) dependent on whether, if granted a licence, a licensee will ensure “that its business is, or will be, soundly and prudently run”. This requires that a licensee is properly resourced, structured and organised. The Commission does not treat this requirement as a one-off obligation (that is, only at the licensing stage); it is an ongoing obligation and

LAW OF VIRGIN ISLANDS Regulatory Code 211 Revision Date: 1 Jan 2020 [Statutory Instrument] is designed to ensure that policies, procedures and controls, staff capabilities and the numbers and types of appointment to the licensee and to vehicles managed by the licensee remain in place and continue to be relevant and appropriate for the type or types of business undertaken and administered by the licensee. This requirement is irrespective of whether staff are appointed to business vehicles in their own name or through corporate directors or other indirect appointments. It is a requirement, therefore, that this information is reflected in the annual Report submitted to the Commission by Compliance Officers. (viii) While the reporting obligations of Compliance Officers is generally pegged on an annual basis, the Commission is always mindful about compliance risks that may negatively impact the Territory. It is, therefore, important that significant compliance risks are immediately brought to the attention of the Commission (see section 45(1)(b) of the Code). (Inserted by S.I. 69/2019) Group compliance 49. Where a BVI licensee has one or more branches or subsidiaries in a jurisdiction outside the Virgin Islands, the licensee shall ensure that the activities carried on through the branch or subsidiary are in compliance with the legal and regulatory requirements of that jurisdiction. EXPLANATORY NOTES (i) In cases where the compliance function is performed by another person, that person must also meet these reporting obligations. (ii) This note provides guidance to the compliance officer as to the structure and contents of such a report. The report will vary depending on the type of business that the licensee undertakes. (iii) The Commission may specify further details as to the manner and frequency of reporting by a compliance officer. (iv) A licensee that has a branch or subsidiary in another jurisdiction must ensure that its business is conducted in accordance with the laws and regulatory requirements of that jurisdiction. However, where those legal and regulatory requirements do not match those of the BVI, the licensee should consider carrying on its business in accordance with the higher standards applicable in the BVI. Where this is impracticable, the licensee should consider whether it is appropriate for it to continue operating through that branch or subsidiary. In cases of doubt, the licensee should consult with the Commission.

---

Division 5 Outsourcing Outsourcing 50. A licensee shall not outsource an activity otherwise than in accordance with this Division.

---

212 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS EXPLANATORY NOTES Introduction (i) BVI licensees, in common with financial services businesses elsewhere, are increasingly outsourcing both regulated and unregulated activities that they would normally have undertaken themselves. Whilst outsourcing clearly has benefits, for example it may enable a licensee to have the activity undertaken more efficiently or to utilise resources not available in-house, there are dangers as outsourcing has the potential to transfer risk, management and compliance to third parties who may not be regulated and who may not even be situated within the BVI. (ii) The Commission is concerned that if a licensee relies too heavily on the persons to whom it has outsourced activities and functions, this may impact on its ability to manage its risk or on its control and oversight of the functions that it has outsourced. This Division therefore specifies the requirements applicable to all licensees with respect to the outsourcing of activities. This Division gives effect in the BVI to the Joint Forum Paper “Outsourcing in Financial Services” published in February 2005 to which all licensees are referred. The Joint Forum comprises representatives of the Basel Committee on Banking Supervision, the International Association of Insurance Supervisors and the International Organization of Securities Commissions. However, it should be noted that this Division is not intended to cover the outsourcing of a licensee’s AML/CFT obligations. (iii) Managed trust companies represent a special type of outsourcing arrangement which presents its own problems. The Commission’s requirements, guidance and policy concerning managed trust companies are set out in Part V of the Code. Definitions (iv) The definitions of “outsourcing arrangement” and “service provider” are included in section 2(1) of the Code. The definitions are deliberately widely drawn. It should be noted that an activity is considered to be outsourced whether the service provider is an independent third party, another company in the same group as the licensee or any person otherwise connected to the licensee. However, directors and employees of the licensees are not, when acting in that capacity, considered to be service providers. (v) Furthermore, outsourcing covers all activities that a licensee would otherwise normally have undertaken itself, not just those activities that are regulated activities. This is important as the performance of some activities, even though not regulated, may have a significant impact on the regulatory obligations of a licensee. However, the extent to which the activities are “material” is something that the licensee can take into account [see section 52(2)(b) and the associated Explanatory Notes]. (vi) As activities are outsourced only if they are activities that the licensee would normally have undertaken itself, the purchase of goods [for example stationery and office equipment], services [such as telephone or water services and, in some cases, professional services] and facilities [such as the rent of an office], do not fall within the definition of an outsourcing arrangement. It is not possible to define, with respect to types of activity, which activities would be

LAW OF VIRGIN ISLANDS Regulatory Code 213 Revision Date: 1 Jan 2020 [Statutory Instrument] considered to be “normally” undertaken by a licensee. However, an arrangement is unlikely to fall within the definition of an outsourcing arrangement if it does not involve the transfer of the licensee’s non-public proprietary information— (a) concerning its customers; or (b) otherwise connected with its business. (vii) Where a licensee undertakes functions itself, but in different locations, even in countries outside the BVI, this is not considered to be outsourcing. However, operating different functions in different locations will often increase the licensee’s operational risk, and this increased operational risk must be taken into account in the design of the licensee’s risk management strategies, policies, systems and controls. Key Outsourcing Risks (viii) The Joint Forum, in the paper referred to above, identify certain key outsourcing risks. These should be borne in mind by the directors and senior management of a licensee when developing and implementing its outsourcing policy and its outsourcing systems and controls. These are as listed in Schedule 2 to the Code. Prohibitions with respect to outsourcing 51. (1) A licensee shall not outsource— (a) the compliance function or a core management function; or (b) an activity if the outsourcing of that activity would— (i) impair the Commission’s ability to supervise the licensee; or (ii) affect the rights of a customer against the licensee, including the right to obtain legal redress. (2) Without limiting subsection (1), the following are core management functions— (a) the setting and approval of the licensee’s risk management and other strategies; (b) the oversight of the licensee’s policies, systems and controls; and (c) the responsibility for the delivery of services to the licensee’s customers. Outsourcing policy 52. (1) A licensee shall not outsource activities to a service provider unless it has established a comprehensive outsourcing policy with respect to the activities to be outsourced (“the relevant activities”). (2) The outsourcing policy— (a) shall— (i) consider the potential effects of outsourcing on the compliance function;

214 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (ii) include an evaluation of whether, and the extent to which, the relevant activities are appropriate for outsourcing; (iii) specify criteria for making outsourcing decisions, including how, and to whom, particular types of relevant activities should be outsourced; and (iv) provide for outsourcing only as permitted by, and in accordance with, this Code; (b) may, on a risk-based basis, take into account the extent to which the activity to be outsourced is material to its regulated business. (3) The board of a licensee shall— (a) approve the licensee’s outsourcing policy and keep it under review; and (b) be responsible for ensuring that— (i) outsourcing decisions are taken; and (ii) outsourced activities are undertaken, in accordance with the licensee’s outsourcing policy.

LAW OF VIRGIN ISLANDS Regulatory Code 215 Revision Date: 1 Jan 2020 [Statutory Instrument] EXPLANATORY NOTES Prohibitions (i) Section 51(1)(b)(i) of the Code prohibits a licensee from outsourcing an activity if the outsourcing of that activity would impair the Commission’s ability to supervise the licensee. By way of example, the Commission considers that its ability to supervise a licensee would be impaired if the licensee was to outsource an activity that the Commission would wish to inspect on an on-site inspection to an overseas service provider in circumstances where the performance of the activity cannot be fully assessed by the Commission in the Virgin Islands. Outsourcing Policy (ii) The Code requires the outsourcing policy to be comprehensive. The Commission would usually expect the outsourcing policy to include appropriate limits on the overall level of outsourced activities and the risks associated with the outsourcing of multiple activities to the same service provider. In order to ensure that the outsourcing policy is appropriate, directors and senior management must develop an understanding of the benefits and costs of outsourcing the relevant activities. (iii) Section 52(2)(b) provides that the outsourcing policy may, on a risk-based basis, take into account the extent to which the activity to be outsourced is material to its regulated business. The Code does not specify when an activity is material to a licensee’s regulated business as this will depend upon the individual circumstances of the licensee and its licence. However, the following factors should be taken into account— (a) whether the activity is of such importance that any weakness or failure in the provision of the activity could have a significant effect on the licensee’s ability to meet its regulatory obligations or to continue in business; (b) whether the activities are important to the delivery by the licensee of services to its customer; (c) whether the activity is a regulated activity; and (d) whether the activity has a significant impact on the licensee’s risk management.

---

Outsourcing risk management 53. (1) A licensee that outsources any activities shall establish and maintain appropriate and adequate systems and controls to manage its outsourcing risk. (2) Without limiting subsection (1), the outsourcing management risk systems and controls shall— (a) provide for the monitoring and controlling of the licensee’s outsourcing arrangements; and (b) take full account of the key outsourcing risks specified in Schedule 2. Outsourcing arrangements 54. (1) A licensee shall, before entering into any outsourcing arrangement, undertake appropriate due diligence with respect to the service provider to whom the activities will be outsourced to enable it to assess—

216 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (a) the service provider’s capacity and ability to undertake the outsourced activities; and (b) the risks associated with outsourcing the proposed activities to the service provider. (2) The outsourcing of an activity shall be governed by a written contract with the service provider that— (a) clearly specifies all material aspects of the outsourcing arrangement, including— (i) the activities to be outsourced; (ii) the rights and responsibilities of the parties; and (iii) the protection by the service provider of confidential information relating to the licensee or its customers; and (b) gives the licensee and, if relevant, its auditor and actuary, access to all documents and information relevant to the outsourced activity, at all times. (3) A licensee shall establish and maintain a contingency plan for each outsourcing agreement that it enters into.

---

EXPLANATORY NOTES Due Diligence (i) In undertaking due diligence on a potential service provider, the factors that a licensee should consider include— (a) whether the service provider is adequately qualified and whether he has adequate financial and other resources to undertake the relevant activities; and (b) whether the service provider understands and can meet the objectives of the licensee. (ii) A licensee should consider carefully the extra risks associated with outsourcing to a service provider situated outside the BVI. (iii) Of course, a licensee should not outsource activities to a service provider unless it is satisfied with the results of its due diligence. Outsourcing Contract (iv) The Code provides that the outsourcing contract must clearly set out all material aspects of the outsourcing arrangements. What is material will depend, in part, to the circumstances of the licensee and the activities to be outsourced. However, the Commission would usually expect the following to be “material” to the outsourcing arrangement— (a) appropriate service and performance levels; (b) arrangements for the continuous monitoring and assessment by the licensee of the service provider;

LAW OF VIRGIN ISLANDS Regulatory Code 217 Revision Date: 1 Jan 2020 [Statutory Instrument] (c) a termination clause, minimum periods to execute a termination provision and terms providing for the consequences of termination including, for example— (A) the ownership of intellectual property after termination; (B) the transfer of documents and information back to the licensee after termination; (C) other duties and provisions intended to have effect after termination; (d) provisions providing for the possible insolvency of the service provider; (e) if the service provider is located outside the Virgin Islands, choice of law provisions and provisions specifying how disputes are to be dealt with, e.g. arbitration and mediation clauses; (f) whether the service provider can subcontract any of his responsibilities and, if so, the extent to which he may do so and the conditions applicable to sub￾contracting arrangements. (v) Where the service provider is entitled to subcontract its responsibilities, it is important that the licensee’s risk management systems and controls are not compromised. The licensee should therefore be aware of any subcontracting arrangements and the service provider should normally be required to seek the consent of the licensee before entering into a subcontract arrangement with respect to the outsourced activities. (vi) The Code requires the outsourcing contract to provide for the protection of confidential information relating to the licensee and its customers. This protection should extend to any subcontractor of the service provider. A licensee should consider whether it is appropriate for it to advise affected customers that confidential data may be transmitted to the service provider under an outsourcing arrangement.

---

Division 6 Financial Statements, Auditors and Audits Application of this Division 55. (1) This Division applies to— (a) a licensee that is required by a regulatory enactment to appoint an auditor; and (b) an auditor appointed by a licensee in accordance with a regulatory enactment. (Amended by S.I. 91/ 2010) (2) For the purposes of section 67(1) of the Securities and Investment Business Act, “relevant licensee” means a licensee that— (a) is a BVI undertaking; and (b) holds an investment business licence. (Inserted by S.I. 91/ 2010)

218 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS Qualifications for auditor 56. (1) The following are recognised professional bodies for the purposes of this section— (a) the Institute of Chartered Accountants in England and Wales; (b) the Association of Chartered Certified Accountants; (c) the Institute of Chartered Accountants of Scotland; (d) the Institute of Chartered Accountants in Ireland; (e) the Canadian Institute of Chartered Accountants; (f) the American Institute of Certified Public Accountants; and (g) such other professional body as may be recognised by the Commission for the purposes of this section on a case-by-case basis. (2) An individual is qualified to act as the auditor of a licensee if— (a) he is a member of a recognised professional body; and (b) he is eligible to be appointed as an auditor under the rules of his professional body. (3) A partnership is qualified to act as the auditor of a licensee if a majority of the partners are individuals qualified to act as the auditor of a licensee under subsection (2). (4) A body corporate is qualified to act as the auditor of a licensee if the body corporate is controlled by individuals qualified to act as the auditor of a licensee or partnership qualified to act as the auditor of a licensee under subsection (3). (5) A person who is qualified to act as the auditor of a licensee under this section shall not be appointed as the auditor of a particular licensee unless, in accordance with the applicable regulatory enactment— (a) he has consented to act as the auditor of the licensee; and (b) subject to subsection (6), the Commission has approved his appointment as auditor of the licensee. (Amended by S.I. 91/2010) (6) Subsection (5)(b) and section 75(2)(c) of the Securities and Investment Business Act do not apply to a licensed fund manager, a licensed fund administrator or a licensed fund investment advisor if— (a) the licensed fund manager, licensed fund administrator or licensed fund investment advisor has provided the Commission with not less than 14 days written notice of its intention to appoint the person concerned as auditor; and (b) the Commission has not, prior to the person’s appointment as auditor, provided the licensed fund manager, licensed fund administrator or licensed fund investment advisor notice that it objects to the appointment. (Inserted by S.I. 91/2010) (7) For the purposes of subsection (6)(a), the 14 day period shall be computed from the date of receipt by the Commission of the notice referred to in that subsection. (Inserted by S.I. 91/2010)

LAW OF VIRGIN ISLANDS Regulatory Code 219 Revision Date: 1 Jan 2020 [Statutory Instrument] (8) Where, prior to the coming into force of this Code, an auditor had been approved by the Commission under a regulatory legislation or as part of the licensing of the licensee and the auditor is not a member of any of the professional bodies outlined in subsection (1)(a) to (f), the professional body of which the auditor is a member shall be deemed to be recognised by the Commission by virtue of subsection (1)(g) in respect of that auditor only. (Inserted by S.I. 91/2010) Auditor to be independent 57. (1) A licensee shall take reasonable steps to ensure that the person it appoints as auditor is independent of the licensee and shall not appoint as its auditor a person who it knows, or ought to have known, has a conflict of interest with respect to the licensee. (2) The auditor of a licensee shall take reasonable steps to satisfy himself that he is independent of the licensee and that he has no conflicts of interest with respect to the licensee. (3) A licensee shall notify the Commission in writing if, at any time, it forms the opinion that its auditor is not independent of it. Auditor to provide information when at request of Commission 58. (1) An auditor, or a person that a licensee proposes for appointment as its auditor, shall, at the request of the Commission, provide the Commission with such information or documentation regarding his experience, skills and resources as the Commission reasonably requires to determine whether he is fit and proper to audit the licensees. (2) A request under subsection (1) may be made as part of the approval basis or at any subsequent time. Accounting and audit standards 59. (1) A licensee shall ensure that its financial statements, and any group accounts required to be submitted to the Commission, are prepared in accordance with— (a) one of the following international standards— (i) the International Financial Reporting Standards, promulgated by the International Accounting Standards Board; (ii) UK GAAP; (iii) US GAAP; or (iv) Canadian GAAP; or (b) such other recognised international accounting standards as may be approved by the Commission on a case-by-case basis. (2) The auditor of a licensee shall— (a) audit the licensee’s financial statements and report to the licensee in accordance with— (i) the auditing standards specified or endorsed by the recognised professional body of which he is a member; or (ii) such other recognised international auditing standards as may be approved by the Commission on a case-by-case basis;

220 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (b) certify the licensee’s compliance with such obligations and matters as may be specified in the regulatory enactments and this Code; (c) provide such certifications or confirmations as may be specified by the Commission in a written notice sent to the licensee and the auditor; and (d) carry out such other duties as may be required of the auditor by the regulatory enactments or this Code. (3) Where an auditor has issued a management report with respect to an audit of a licensee, the licensee shall submit to the Commission a copy of the auditor’s management report and the management’s response to the report within 6 months after the end of the licensee’s financial year or, where an extension has been granted, within the period of the extension. (Inserted by S.I. 69/2019) Signing of auditor’s report 60. (1) Where the auditor of a licensee is an individual, he shall sign the audit report. (2) Where the auditor is a partnership or a corporate body, the audit report shall be signed by an individual who is— (a) qualified to act as the auditor of a licensee under section 56(2); and (b) authorised to sign the audit report on behalf of the partnership or corporate body. Professional indemnity insurance 61. (1) A licensee shall only engage an auditor that carries on business in the Virgin Islands if the auditor maintains at all times professional indemnity insurance with an eligible insurer that provide a minimum cover of $500,000 for any one claim and $5,000,000 in aggregate. (2) Where an auditor that carries on business in the Virgin Islands is part of a group that provides professional indemnity insurance for its members with an eligible insurer for a minimum cover equivalent to or exceeding the cover prescribed in subsection (1), the professional indemnity insurance of the group shall be accepted as satisfying the requirement of subsection (1). (Substituted by S.I. 91/2010)

---

EXPLANATORY NOTES Introduction (i) The regulatory enactments all provide for the appointment of an auditor, although this requirement does not apply to all licensees. This Division of the Code only applies where a licensee is required by a regulatory enactment to appoint an auditor. References in this Division to “auditor” are to a licensee’s external auditor. (iA) “Sections 68 to 80 of the Securities and Investment Business Act (the provisions governing financial statements and audit) only apply to “relevant licensees”. Section 67(1) of that Act requires the Code to designate licensees as “relevant licensees” for this purpose. Section 55(1) of the Code provides, in effect, that all investment business licensees that are BVI undertakings are relevant licensees, except for investment advisers. (Inserted by S.I. 91/2010)

LAW OF VIRGIN ISLANDS Regulatory Code 221 Revision Date: 1 Jan 2020 [Statutory Instrument] (ii) The auditor fulfils certain important functions, including— (a) auditing the financial statements of a licensee to ensure that they have been prepared in accordance with the applicable international accounting standards, that they are free from material misstatement and that they show a true and fair view of the licensee’s financial position at the financial year end, the licensees financial performance during the financial year and of other matters covered by the financial statements; (b) in the case of certain licensees, that the licensee has complied with the provisions of the Code with respect to the holding of customer assets; (c) reporting on any matters that may materially affect the ability of the licensee to continue trading; and (d) as required by the regulatory enactments, notifying the Commission if certain matters come to his attention during the course of the audit relating to solvency, the commission of offences, contraventions by the licensee of certain prudential requirements, significant internal control weaknesses and serious breaches of the regulatory enactments, the Code or of the licensee’s AML/CFT obligations. (iii) The auditor’s independent and objective assessment should assist the board and senior management in fulfilling their obligations. The board should regard the auditor as an essential part of the internal control framework. (iv) However, the auditor is also important to the Commission because the annual audit of the financial statements gives the Commission a reasonable level of comfort that the financial statements, which are an essential part of the off-site monitoring process, are accurate and can be relied upon. The Commission therefore has an interest in the appointment of the auditor and the conduct of the audit. Appointment of Auditor (v) The regulatory enactments all provide that a person cannot be appointed as the auditor of a licensee unless that person— (a) is qualified to act as the auditor of a licensee under the Code; (b) has consented to act as the auditor of the licensee; and (c) the Commission has given its prior written approval to his appointment. Approval is given with respect to an individual licensee on a case-by-case basis. Section 56(5) of the Code clearly states that all 3 conditions must be satisfied before a person can be appointed to act as the auditor of a licensee. (vA) Section 56 of the Code outlines the relevant professional bodies that are recognised for purposes of assessing the qualification of an auditor. It is noted that prior to the coming into effect of the Code, some auditors were considered and approved by the Commission either pursuant to a specific regulatory legislation or as part of the licensing process. Those that fall under section 56 (1)(a) – (f) meet the first test outlined in subsection (2)(a). There will be those whose professional bodies are not specifically listed in section 56 and would therefore fall to be considered under subsection (1)(g) and thus require specific recognition by the Commission on a case by case basis. By virtue of subsection (8), the Commission considers auditors whose professional bodies are not

222 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS specifically listed in subsection (1) but who were approved by the Commission prior to the coming into force of the Code to continue to be approved and their respective professional bodies therefore recognised under subsection (1)(g). This recognition, however, is only in relation to such auditors and new auditors requiring approval will be treated as provided in section 56. The Commission does not therefore require the submission of any new applications for approval in respect of those auditors that were approved prior to the coming into force of the Code and this would include auditors that were so appointed by fund managers, fund administrators and fund investment advisors. (Inserted by S.I. 91/2010) (vA1) Section 67(2) of the Securities and Investment Business Act provides that sections 68 to 80 of that Act apply to relevant licensees except to the extent that they may be disapplied or modified by the Regulatory Code with respect to particular categories, types or descriptions of licensee. Pursuant to this power, section 56(6) of the Code disapplies section 75(2)(c) of that Act to substitute a “no objection” procedure for the appointment of an auditor by a licensed fund manager or a licensed fund administrator for the usual approval process. (Inserted by S.I. 91/2010) (vi) The auditor is required by section 15 of the Code to satisfy the Commission’s fit and proper criteria. The Commission will therefore undertake a fit and proper assessment of the proposed auditor as part of the approval process. In essence, the Commission will consider whether the proposed auditor has sufficient knowledge, experience and resources to carry out an effective audit of the licensee’s financial statements and to properly fulfil the other duties of an auditor as set out in the relevant regulatory enactments and the Code. In making a fit and proper assessment of an auditor or proposed auditor, the Commission will consider, in particular— (a) whether the auditor has— (A) knowledge of the sector of the financial services industry within which the licensee operates; and (B) knowledge of the regulatory framework and other BVI enactments, as relevant to the licensee and its business; (b) the auditor’s experience in auditing licensees of similar type and with a comparable size and complexity of business; (c) the human resources available to the auditor, and in particular whether he has staff with appropriate specialized skills; (d) whether the auditor can demonstrate that he, and his staff, keep up-to-date with developments in international accounting and auditing standards; and (e) whether the auditor is independent of the licensee. (vii) It is essential that the auditor is independent of the licensee to ensure that the audit is conducted objectively. The Code therefore requires a licensee to take reasonable steps to ensure that its auditor is independent. However, independence is also a matter that the Commission will take into account when undertaking a fit and proper assessment.

LAW OF VIRGIN ISLANDS Regulatory Code 223 Revision Date: 1 Jan 2020 [Statutory Instrument] (viii) The auditor’s professional body, or in the case of a partnership or company, the professional bodies to which its professional staff belong, will have rules or guidance with respect to independence and the Commission expects that these will be followed. An auditor’s independence may be compromised, not just by any relationship that it may have with licensee, for example as a member of the same group of companies, but also through the provision of non-audit services, for example consultancy or internal audit services. The Commission expects the auditor of a BVI licensee to have policies and procedures in place governing independence with respect both to the acceptance of new audit engagements and the on-going conduct of an audit. (ix) The Commission expects the auditor to continue to meet its fit and proper criteria on an on-going basis. The Commission expects all auditors approved to audit the financial statements of licensees to ensure that its audit staff undertake relevant continuing professional education. All audit staff must retain their eligibility under the rules of their professional body to act as auditor. (x) Section 16(1) of the Code requires a licensee to satisfy itself that its auditor is fit and proper. The Commission therefore expects a licensee to conduct due diligence on its proposed auditor prior to applying for the Commission’s approval of his appointment. Auditor Failing to Comply with Obligations (xi) Auditors are not regulated by the Commission and the Commission therefore has no power to take enforcement action against an auditor who contravenes a requirement of a regulatory enactment or the Code. However, each of the regulatory enactments creates a number of offences that may be committed by an auditor if he breaches certain provisions of the enactment. Furthermore, the Commission will take any contraventions of a regulatory enactment or the Code into account when determining whether an auditor is fit and proper to audit, not just the licensee concerned, but other licensees. The regulatory enactments also give the Commission the power to revoke the approval of an auditor if it determines that he is no longer fit and proper. Professional Indemnity Insurance (xii) The requirement to maintain professional indemnity insurance applies only to an auditor that carries on business in the Virgin Islands. This requirement is intended to cover auditors that have a nexus with the BVI that goes beyond the fact that the auditor is carrying out an audit of a BVI entity and the phrase “carrying on business in the Virgin Islands” should be construed accordingly. In the circumstances, the fact that an auditor based outside the BVI visits the BVI for the purposes of carrying out an audit would not, on its own, constitute “carrying on business in the BVI” for the purposes of section 61. (xiiA) However, in order not to place BVI auditors that belong to a group at a disadvantage, section 61(2) introduces a necessary flexibility whereby BVI auditors can benefit from a group professional indemnity insurance. The only caveat is that the group professional indemnity insurance must not be in relation to a cover that goes below the minimum sums outlined in subsection (1); it would therefore be possible for a BVI auditor within an insured group to benefit from any higher insurance cover taken by the group, irrespective of the jurisdiction in which the insurance cover is placed. (Inserted by S.I. 91/2010)

224 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (xiii) The Commission expects that external auditors will also have satisfactory professional indemnity insurance cover and this would form part of the fit and proper assessment. (xiv) The requirement to maintain professional indemnity insurance is satisfied where a group professional insurance policy is extended to cover the auditor, provided that the group policy is permitted under the Insurance Act [see below]. (xv) An auditor must ensure that it complies with the requirements of section 5(2)(b) of the Insurance Act. This provides that a person shall not knowingly enter into an insurance contract with an unlicensed insurer to insure a risk of a type specified in the regulations. The Insurance Regulations 2009 specify liability insurance for the purpose of section 5 and professional indemnity insurance therefore falls within that section. (xvi) In the Commission’s view, the effect of these provisions is that an auditor that is subject to the Insurance Act which would certainly include an auditor based in the BVI, must not effect liability insurance with any person other than an eligible insurer that is— (a) an insurer holding a category A or B insurance licence; (b) a Lloyd’s syndicate; or (c) an insurer that has the benefit of an appropriate exemption by virtue of regulations made under the Financial Services (Exemption) Regulations or granted by the Commission under section 6 of the Insurance Act on the grounds of lack of insurance availability.

---

Division 7 Customer Assets Interpretation for, and scope of, this Division 62. (1) For the purposes of this Division— “approved bank” means— (a) a person holding a general banking licence; or (b) a person holding a licence equivalent to a general banking licence in a jurisdiction recognised by the Commission; “customer account” means a general customer account or a specific customer account; “customer assets” means assets that, in the course of its licensed business, a licensee holds, has custody or control of or responsibility for, that— (a) belong to a customer or potential customer of the licensee; or (b) the licensee holds, has custody or control of or is responsible for, on behalf of a customer or a prospective customer; “customer money” means customer assets that consist of money; (Amended by S.I. 91/2010)

LAW OF VIRGIN ISLANDS Regulatory Code 225 Revision Date: 1 Jan 2020 [Statutory Instrument] “general customer account” means a bank account maintained by a licensee in its name that holds, or is intended to hold, customer money in respect of 2 or more customers of the licensee; and “specific customer account” means a bank account maintained by a licensee in the name of a specific customer of the licensee or, with the agreement of the customer in the licensee’s name, that holds, or is intended to hold, customer money in respect of that customer only. (2) This Division applies to every licensee except a licensed money services business. General obligations with respect to customer assets 63. (1) A licensee shall ensure that— (a) customer assets are identified, or identifiable, and appropriately segregated and accounted for; (b) (Repealed by S.I. 91/2010) (c) it makes arrangements for the safekeeping and proper protection of customer assets and any documents of title relating to customer assets; (d) the location of a customer’s assets and documents of title relating to a customer’s assets are recorded in the customer’s records; and (e) where any customer asset is required to be registered, the asset is properly registered either in the customer’s name or, where agreed with the customer, in the name of a nominee. (Amended by S.I. 91/2010) (2) Where the holder of a Class I or Class II trust licence (“the licensee”) registers customer assets in the name of a subsidiary listed on its licence under section 10(2) of the Banks and Trust Companies Act as nominee, the licensee shall accept responsibility for the acts or omissions of the subsidiary. (Inserted by S.I. 91/2010) (3) This section does not apply to a person who has an investment business licence in relation to customer assets that are investments within the meaning of Schedule 1 of the Securities and Investment Business Act. (Inserted by S.I. 91/2010) Customer bank accounts 64. (1) A licensee shall ensure that any customer account that it maintains is— (a) held with an approved bank; (b) separate from any of the licensee’s own bank accounts; (c) clearly designated as a customer account; and (d) under at least dual signatory control, where the signatories are sufficiently senior to provide an appropriate span of control. (2) A licensee who opens a customer bank account with a bank shall— (a) give written notice to the bank that the account is to be a customer account, specifying whether the account is a general client account or a specific customer account; and

226 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (b) request the bank in writing to provide an undertaking to the effect that the bank— (i) acknowledges that the account is a client account and that money standing to the credit of the account at any time is held by the licensee as a trustee; (ii) agrees not to combine the customer bank account with any other account, whether held by the licensee or by any other person; and (iii) agrees that it has no right of set off, counterclaim or any security interest against money in the customer account with respect to any debt or other obligation of the licensee. (3) A licensee shall not— (a) pay any customer money into a customer account unless it has received an undertaking from the bank in the terms specified in subsection (2)(b); (b) except as provided in section 65(2) and 65(3), pay money that is not customer money into a customer account or pay customer money received in respect of one customer into a specific customer account held in respect of another customer; or (c) knowingly permit a customer account to become overdrawn. Customer money to be paid into bank account 65. (1) A licensee shall, as soon as reasonably practicable, pay all customer money that it receives into a customer account that complies with the requirements of section 64. (2) Where a licensee receives a postal order, cheque, bankers’ draft or other payable order which includes customer money and money payable to the licensee, the licensee shall— (a) ensure that both the customer money and the other money are paid into a customer account; and (b) once the postal order, cheque, bankers’ draft or other payable order has been received into the account and, where appropriate, fully cleared, withdraw the money that does not represent customer money for payment into the licensee’s own account. (3) A licensee may pay into, or permit to be paid into or credited to, a customer account money that is not customer money if the money— (a) is required to open the account; (b) is required to restore an amount withdrawn in error from the account; or (c) represents interest earned on the money in the account. Use of customer money 66. (1) A licensee shall ensure that— (a) customer money is not mixed with other money; and

LAW OF VIRGIN ISLANDS Regulatory Code 227 Revision Date: 1 Jan 2020 [Statutory Instrument] (b) customer money held with respect to a customer is not used for another customer, without proper authority. (Substituted by S.I. 91/2010) (2) A licensee shall ensure that— (a) customer money is not disbursed, whether by payment out of a customer account or otherwise, unless the money is properly required for payment to, on behalf of or with respect to a customer; (b) money is not withdrawn from a customer account, otherwise than in accordance with paragraph (a), unless it is not customer money. (3) Without limiting subsection (2)(a), customer money is properly required for payment on behalf of, or with respect to, a customer if— (a) it is required for the payment of fees, commissions or disbursements due and payable to the licensee by the customer in accordance with the terms of the agreement between the licensee and the customer; (b) it is withdrawn or paid on a customer’s authority or otherwise in conformity with any contract between the licensee and the customer. Records relating to customer money 67. (1) A licensee shall maintain records of customer money— (a) that enable the licensee, at any time, to identify the balance due to, or standing to the credit of, each customer; (b) that show each transaction in respect of customer money in a manner that allows each transaction to be identified and traced; and (c) in a form that enables the records to be reconciled on a timely basis as required by subsection (2). (Amended by S.I. 91/2010) (2) A licensee shall, on a regular basis, carry out reconciliations between its records of customer money and statements of each client account produced by the bank with which it is held. Interest on customer money 68. Unless any written agreement between the licensee and a customer provides otherwise, the licensee shall account to the customer for any interest received by the licensee with respect to customer money of that customer.

---

EXPLANATORY NOTES (i) Section 200 of the Code applies to a person that has an investment business licence, in place of section 63, in relation to customer assets that are investments. (ii) Section 63(1)(c) requires a licensee to ensure that it makes proper arrangements for the safekeeping and proper protection of customer assets and any documents of title relating to customer assets, and section 63(1)(e) requires a licensee to ensure that a customer asset is properly registered, either in the customer’s name or, where agreed with the customer, in the name of a nominee. (iii) Licensees should note that any person providing custodial services with respect to investments in or from within the BVI is required to be licensed under the Securities and Investment Business Act. Where arrangements are made for the

228 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS proper safeguarding of assets by another person, or assets are registered in the name of a nominee in circumstances where the other person would be carrying on investment business within the meaning of that Act, the Commission would not consider section 63(1)(c) or (e) to be complied with unless the person concerned has the appropriate licence. (Inserted by S.I. 91/2010)

---

LAW OF VIRGIN ISLANDS Regulatory Code 229 Revision Date: 1 Jan 2020 [Statutory Instrument] DIVISION 8 Other Obligations And Restrictions The abuse of financial services and customer due diligence Policies, systems and controls, abuse of financial services 69. (1) A licensee shall establish and maintain policies, systems and controls that— (a) promote high ethical and professional standards; (b) prevent the licensee being used intentionally, or unintentionally, for fraud or other criminal activities; and (c) enable the licensee to detect and remedy fraud or other criminal activities. (2) The policies established and maintained under subsection (1) shall include— (a) a clear formal customer acceptance policy that— (i) takes into account all the risks to which the licensee is exposed through the acceptance of customers; (ii) includes a description of the types of customer that are likely to pose a higher than average risk to the licensee; and (iii) requires the approval of a senior manager for the establishment of a business relationship with a high risk customer; (b) customer identification policies, systems and controls that do not permit the establishment of a relationship until the identity of the new customer is satisfactorily identified; (c) requirements for the on-going monitoring of customers that present a higher risk to the licensee; and (d) a requirement that abuses of the licensee’s services that are not otherwise reportable as suspicious activity reports, are reported to a specified senior manager. (3) The policies, systems and controls established under subsection (1) shall be integrated into the licensee’s risk management framework. (4) A licensee shall ensure that adequate resources (including senior management and staff resources) are allocated to the prevention, detection and remedying of fraud and other criminal activities.

---

EXPLANATORY NOTES (i) Customer due diligence [CDD] is primarily associated with the prevention of money laundering and the financing of terrorism and is covered extensively in the AML Regulations and the AML/CFT Code which apply to every licensee and with which every licensee must comply. (ii) However, CDD is also essential from a wider prudential perspective as sound CDD is a key element in the effective management of a licensee’s risks.

230 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS Inadequate CDD can expose a licensee to customer and counterparty risks, including reputational, operational, legal and (in the case of a bank) concentration risks. Effective CDD should therefore be regarded as an integral part of a licensee’s internal controls and its risk management systems and controls and the customer acceptance policies should therefore take into account all the risks to which a licensee is exposed through the acceptance of customers. (iii) Sound CDD policies are also important to ensure that licensees understand the needs of their customers and therefore the products most suitable for them. (iv) Policies alone are not sufficient. The Code therefore requires a licensee to allocate adequate resources, including senior management and staff resources, to the prevention, detection and remedying of fraud and other criminal activities. This should include appropriate training. (v) There is no purpose in duplicating the CDD requirements contained in the AML Regulations and the AML/CFT Code in the Code. The purpose of the CDD provisions in the Code are intended to ensure that banks take full account of the prudential risks in establishing their CDD policies, systems and controls, as well as complying with their AML/CFT obligations. (vi) The Commission has responsibility for enforcing the compliance of all licensees with their AML/CFT obligations. The Commission, through its off-and on-site monitoring process will assess the CDD procedures of a licensee from both the prudential and AML/CFT perspectives. (vii) The CDD provisions in the Code, together the AML Regulations and the AML/CFT Code, are intended to implement in the BVI— (a) in the case of banks, Basel Committee papers “Customer Due Diligence for Banks”, issued in October 2001 and Consolidated KYC Risk Management, issued in October 2004; and (b) in the case of licensed insurers, insurance intermediaries and managers, Principle 27 of the ICP.

---

Complaints policy and procedure 69A. (1) A licensee shall— (a) establish and maintain a complaints policy which provides for the effective consideration and proper handling of any complaints made to the licensee and for appropriate remedial action to be taken, where appropriate; and (b) maintain a complaints register in which the licensee shall record any complaints received together with details of how the complaint has been, or is being, dealt with. (Inserted by S.I. 91/2010) (2) The licensee shall— (a) ensure that the complaints handling mechanism established under subsection (1) is fair and timely; and

LAW OF VIRGIN ISLANDS Regulatory Code 231 Revision Date: 1 Jan 2020 [Statutory Instrument] (b) advise its customers about the licensee’s complaints handling mechanism, including providing the customers with copies of the complaints handling mechanism. (Inserted by S.I. 69/2019) Significant complaints 69B. (1) Subject to subsection (2), for the purposes of this section, “significant complaint” means a complaint that alleges— (a) a breach of a regulatory enactment; (b) bad faith, malpractice or impropriety on the part of the license or one of its directors, employees or agents; (c) the repetition or recurrence of a matter previously complained of (whether significant or otherwise); or (d) that the complainant has suffered, or may suffer, financial loss that is material in relation to his or her financial circumstances. (2) A complaint shall not be treated as significant if it relates to a minor clerical error. (3) A significant complaint shall be considered by a senior manager of the licensee who is independent of the circumstances that gave rise to the complaint or, if this is not practicable, by a director of the licensee. (4) If a significant complaint remains unsettled for longer than 3 months, the licensee shall immediately inform the Commission of the complaint and shall also advise the complainant that he may inform the Commission directly of his complaint. (5) Where a licensee has given a substantive response in relation to a significant complaint, unless and until the licensee has received an indication from the complainant that the response is unsatisfactory, the licensee is entitled to treat the complaint as settled after the expiry of 4 weeks from the date of delivery of its response or, if the response is delivered by post, from the date of postage. (Inserted by S.I. 91/2010) Relationship with, and Reporting to, the Commission Significant regulatory impact disclosure 70. (1) A licensee shall disclose to the Commission any matter that might reasonably be expected to have a significant regulatory impact. (2) Without limiting subsection (1), the following shall be regarded as matters that might reasonably be expected to have a significant regulatory impact— (a) any matter that could impact on the ability of the licensee to continue to carry on business substantially in accordance with its most recent business plan; (b) any matter that could result in significant financial consequences to other licensees; or

232 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (c) any incidence of fraud or other criminal activity that is connected with, or may affect, the licensee’s business if the fraud or criminal activity is material to the safety, soundness or reputation of the licensee. (3) In determining whether a disclosure should be made under this section, a licensee shall consider— (a) its business and activities that are not subject to supervision by the Commission; and (b) the business and activities of its affiliates. (4) Disclosure under subsection (1) shall be made immediately after the licensee— (a) becomes aware of the matter concerned; or (b) has reasonable grounds for believing that the matter concerned has occurred or that it may occur in the foreseeable future. Required standard of disclosure 71. (1) A licensee shall use its best endeavours to ensure that all information and documents that it provides to the Commission are accurate and complete. (2) If a licensee becomes aware that any information or documentation that it has provided to the Commission is not accurate or complete, the licensee shall— (a) immediately on becoming so aware, notify the Commission that it has provided inaccurate or incomplete information; and (b) within 7 days, or such shorter period as the Commission may require, provide the Commission with such information or documentation as is required to ensure that subsection (1) is complied with. Event and change-triggered disclosures Certain events and changes to be notified to Commission 72. (1) Without limiting section 70, a licensee shall notify the Commission in writing of any event specified in Schedule 3, within the time limit specified against the event. (2) Where the time limit specified in Schedule 3 is “immediate”, the licensee shall notify the Commission— (a) immediately after there are reasonable grounds for the licensee believing that the event is likely to occur in the foreseeable future; and (b) whether or not paragraph (a) applies, immediately after the licensee knows, or has reasonable grounds for believing, that the event has occurred. (3) A licensee shall not, without giving the Commission reasonable prior written notice— (a) cause or permit a change in— (i) its name or any business name under which it carries on regulated business;

LAW OF VIRGIN ISLANDS Regulatory Code 233 Revision Date: 1 Jan 2020 [Statutory Instrument] (ii) the address of its principal office or place of business, whether in or outside the Virgin Islands; or (iii) the address of its registered office; or (b) carry on business in a manner materially different to its most recent business plan.

---

EXPLANATORY NOTES Purpose of Division (i) The principal purpose of this Division of the Code is to specify the requirements applicable to the sixth of the high level Principles of Business set out in section 8 (Relationship with Commission). Summary of Requirements (ii) The sixth principle for business requires a licensee to deal with the Commission in an open and cooperative manner. The regulatory enactments and the Code set out a number of requirements relevant to this principle. These may be classified as follows— (a) all licensees are required to submit documents and returns to the Commission on a regular basis (for example the annual and quarterly prudential returns required to be submitted by licensed banks); (b) the regulatory enactments and the Code specify certain events and changes that trigger a requirement to provide information to the Commission (specific event triggered disclosures);and (c) section 70(1) of the Code contains an over-riding requirement to disclose to the Commission any matter that might reasonably be expected to materially affect the Commission’s regulation and supervision of the licensee (significant regulatory impact disclosure). (iii) It follows that compliance with the sixth principle requires a licensee not just to respond to specific requirements in the Code, but also to be proactive in supplying the Commission with information. (iv) Section 71 of the Code provides that a licensee shall use its best endeavours to ensure that all information and documents that it provides to the Commission are accurate and complete. This regulatory requirement is in addition to specific offence provisions created by the FSC Act and other regulatory enactments. See, for example, section 53(1) of the FSC Act which provides that a person commits an offence if, with intent to deceive or injure another, or for any purpose of the Act, the person makes any representation or submits any information which he or she knows to be false or does not believe to be true. Significant Regulatory Impact Disclosure (v) A disclosure under section 70 is triggered by any matter that might reasonably be expected to have a significant regulatory impact. It follows that this does not require disclosure of every difficulty experienced by a licensee or even of all contraventions of a regulatory enactment or the Code. Underlying this principle is an expectation that matters will be disclosed if there is a reasonable prospect that—

234 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (a) a potential outcome will have a significant regulatory impact, if it occurs; and (b) the outcome will occur. (vi) Given the above, the Commission expects every licensee to exercise proper judgment and not to disclose matters that are clearly not of a serious nature. A plethora of disclosures of a minor nature would not assist the Commission in exercising its objectives. In determining whether to make a significant regulatory impact disclosure, a licensee should, therefore, consider both the probability of an outcome occurring and the potential severity of the outcome. (vii) Where a disclosure has been considered, but not made, the Commission will expect a licensee to be able to demonstrate from its written records that appropriately senior personnel have fully considered all relevant information and matters and that there are reasonable grounds for the decision not to make a disclosure. The reasons for each decision should, therefore, be properly recorded. (viii) It is important to appreciate that, in determining whether a disclosure should be made, a licensee should consider not just its regulated business but also its unregulated business and activities and the business and activities of its affiliates, if any. Event-triggered Disclosures (ix) Section 72 and Schedule 3 together set out requirements for the notification of certain specific events and changes to the Commission. These notifications must always be in writing. However, in cases of urgency, notification may be made to the appropriate member of the Commission’s regulatory staff by telephone, or even by a director or senior manager of the licensee in person, provided that this is followed as soon as possible with a written notification. (x) The regulatory enactments and this Code contain specific requirements for notifying events and changes to the Commission, usually in writing. For example— (a) section 8 of the Banks and Trust Companies Act requires a licensee to inform the Commission within 14 days of any change in the particulars of a licensee as set out in the application for the licence; (b) section 9(2) of the Insurance Act and section 7(2)of the Securities and Investment Business Act require a licensed insurer and a licensed investment business, respectively to notify the Commission if it forms the opinion that it does not comply with the requirement to maintain its business in a financially sound condition; and (Amended by S.I. 91/2010) (c) section 57(3)of the Code requires a licensee to notify the Commission if, at any time, it forms the opinion that its auditor is not independent of it. In many cases, failure to comply with a notification requirement in a regulatory enactment is an offence. (xi) As the various regulatory enactments contain different requirements, there is some overlap between the matters specified in Schedule 3 and the regulatory enactments. The fact that a matter specified as notifiable to the Commission in the Code does not alter, remove or reduce any requirement in a regulatory

LAW OF VIRGIN ISLANDS Regulatory Code 235 Revision Date: 1 Jan 2020 [Statutory Instrument] enactment. Indeed, as the regulatory enactments are a higher level of legislation than the Code, it is imperative that any requirement in the regulatory legislation is fully complied with. If, for example, the same or a similar notification obligation is imposed on a particular type of licensee under a regulatory enactment and the Code, but the regulatory enactment specifies a lesser time limit, the time limit in the regulatory enactment must be complied with. (xii) Furthermore, where a regulatory enactment provides that the Commission’s prior written approval is required before a licensee can take some action that is a notifiable event, the Code cannot remove, reduce or in any way affect that requirement. For example, a number of regulatory enactments require licensees to obtain the prior written approval of the Commission for a change of name. Section 72(3), which requires prior written notification, does not affect any requirement for prior written approval. Obviously, where the approval of the Commission is obtained, the application for approval would be regarded as prior written notice of the change and a separate notice would not be required. (xiii) Where a notification requirement under a regulatory enactment and the Code are substantively the same, the Commission does not expect a licensee to submit 2 separate notices to it. PART III BANKING Preliminary Interpretation for this Part 73. For the purposes of this Part— “capital adequacy ratio” has the meaning specified in section 83; “capital base” has the meaning specified in section 84; “capital resources” in relation to a bank, means its tier 1 capital and tier 2 capital; (Inserted by S.I. 91/2010) “CD” means a certificate of deposit; “consolidated supervision” means the supervision by the home regulator of a bank or, where the bank is part of a group, that group, in its totality, including the monitoring of all of the risks of the bank, or group, wherever booked, and the assessing of capital adequacy on the basis of the totality of the business of the bank or group; “contributed capital” has the meaning specified in section 78; “foreign bank” means a bank that is incorporated, registered or formed outside the Virgin Islands and which is subject to consolidated supervision in its home jurisdiction; “minority interest” has the meaning specified in section 81; “tier 1 capital” has the meaning specified in section 77; “tier 2 capital” has the meaning specified in section 85; “treasury share” has the meaning specified in the BVI Business Companies Act; and

236 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS “unappropriated retained earnings” has the meaning specified in section 80; Division 1 Capital Adequacy Requirements Over-riding capital resource requirement Over-riding capital resource requirement 74. (1) A BVI bank shall— (a) ensure that, at all times, it maintains its capital resources at a level that is adequate to support its banking business, taking into account the nature, size, complexity, structure and diversity of that business and the bank’s risk profile; and (b) maintain adequate systems and controls to monitor and assess its capital adequacy requirements on an on-going basis. (2) The requirement in subsection (1)(a) applies in addition to the specific capital resource requirements specified in this Part of the Code. (3) The board and senior management of a BVI bank shall make their own determination of the capital resources that are reasonably required to support the bank’s business, taking into account its risk profile, and shall ensure that the bank’s capital resources are increased beyond the minimum required by this Code where appropriate. (4) On at least an annual basis— (a) senior management of a BVI bank shall report to the board on the scope and performance of the systems and controls established to monitor and assess the bank’s capital adequacy requirements; and (b) the board shall review those systems and controls taking into consideration the report by senior management. Prudential and Statistical Returns Order 75. In applying this Division, a licensed bank shall, where appropriate, utilise the calculations contained in Schedule 2 of the Financial Services (Prudential and Statistical Returns) Order.

---

EXPLANATORY NOTES Purpose of this Part (i) Section 12 of the Banks and Trust Companies Act specifies the capital resource requirements applicable to banks. In summary, the Act, requires a licensed bank to maintain— (a) capital resources equal to or greater than the minimum prescribed in the Code unless, in the case of a particular bank, the Commission imposes higher capital resource requirements; and

LAW OF VIRGIN ISLANDS Regulatory Code 237 Revision Date: 1 Jan 2020 [Statutory Instrument] (b) a risk weighted capital adequacy ratio as prescribed in, and calculated in accordance with, the Code and Schedule 2 to the Financial Services (Prudential and Statistical Returns) Order. (ii) The purpose of this Division is to specify the detailed capital resource requirements, including the risk weighted capital adequacy ratio, applicable to BVI banks, to specify acceptable forms of capital, to specify how the capital resources of a BVI bank are defined and measured and to provide some guidance on the factors that the Commission will take into account in determining, on a case-by-case basis, whether to impose higher capital resource requirements on a particular bank. (iii) The Commission’s objective in setting detailed capital adequacy requirements is to ensure that banks maintain a level of capital that is consistent with the risks to which they are exposed from carrying on their business. (iv) This Division is intended to give effect to the International Convergence of Capital Measurement and Capital Standards [known as “the Basel Capital Accord” or “Basel I”]. (v) The Basel Capital Accord is primarily focused on ensuring that the capital resources of a bank are adequate to cover the credit risk associated with the bank’s on- and off-balance sheet exposures. The term “adequate” covers the amount, form and quality of the bank’s capital resources. The Code is drafted with the same focus. Over-riding Capital Resource Requirement (vi) Section 74 of the Code is intended to ensure that all BVI banks have sufficient capital resources to support their business. Although the Code specifies minimum capital resource requirements applicable to all BVI banks, the minimum requirements may not provide all banks with adequate capital resources to support their businesses. Section 74(3) of the Code therefore requires the directors and senior management of a bank to make their own determination of the capital resources that are reasonably required to support the bank’s business, taking into account its risk profile, and it is the responsibility of the board and senior management to ensure that the bank’s capital resources are increased beyond the minimum requirements of the Code where appropriate. It follows that compliance with the specific minimum capital resource requirements of the Code is not, in itself, sufficient to demonstrate compliance with the over-riding capital resource requirement specified in section 74. (viA) “Section 12(5) of the Banks and Trust Companies Act provides that the definition of “capital resources” may be prescribed by the Code. Section 73 defines the “capital resources” of a bank as its tier 1 capital and tier 2 capital. This definition has effect for the purposes of the over-riding capital resources requirement in section 74. (Inserted by S.I. 91/2010) (vii) In order to comply with their responsibilities under section 74(3), the board of a bank must ensure that risk management systems and controls are established and maintained and that a strategy is developed for monitoring and managing the bank’s capital resources. (viii) Section 74 of the Code does not require a BVI bank to calculate the precise amount of its capital resources and its capital adequacy requirement on a daily basis. However, a bank should be able to demonstrate the adequacy of its

238 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS capital resources at any particular time, if required to do so by the Commission and, when undertaking on-site compliance inspections, the Commission will expect to see evidence that determinations of a BVI bank’s capital resource requirements and capital resources are made at appropriate intervals. (ix) Furthermore, the Commission may, as part of its on-site and off-site monitoring programme, review the bank’s own assessment of its capital resource requirement and the procedures and controls in place to monitor capital adequacy on an on-going basis. (x) Failure to comply with section 74 of the Code may result in the Commission taking enforcement action against a BVI bank, even though the bank may be in compliance with the specific capital resource requirements applicable to it as specified in the Code.

LAW OF VIRGIN ISLANDS Regulatory Code 239 Revision Date: 1 Jan 2020 [Statutory Instrument] Licensed Foreign Banks (xi) The Basel Core Principles requires banks to be supervised on a consolidated basis. Establishing the capital requirements for a foreign bank licensed in the BVI is, therefore, primarily, the responsibility of the bank’s home supervisor. In the circumstances, the capital resource requirements that apply to BVI banks are not appropriate for licensed foreign banks. Specific capital resource requirements Minimum tier 1 capital requirement 76. (1) A BVI bank shall ensure that at all times its tier 1 capital is maintained in an amount equal to or greater than— (a) where it holds a general banking licence, $2,000,000; or (b) where it holds a restricted Class I or restricted Class II banking licence, $1,000,000. (2) The minimum tier 1 capital requirement may be an equivalent amount in a foreign currency acceptable to the Commission. Meaning of “tier 1 capital” 77. (1) The “tier 1 capital” of a BVI bank is— (a) the sum of the capital items specified in subsection (2); (b) less the sum of the deductible items specified in subsection (3), in each case insofar as the items are applicable to the bank. (2) The following capital items are specified as constituents of tier 1 capital for the purposes of subsection (1)(a)— (a) contributed capital, as defined in section 78; (b) perpetual non-cumulative issued and fully paid up preference shares, as defined in section 79; (c) disclosed reserves, as defined in section 80; (d) published and unpublished interim retained profit, if verified by the bank’s auditors; (e) minority interests, as defined in section 81; and (f) such other capital items as the Commission may approve with respect to the bank under section 82. (3) The following items are specified as items to be deducted from the tier 1 capital of a bank for the purposes of subsection (1)(b)— (a) treasury shares held by the bank; (b) goodwill and other intangible assets; (c) if the bank has a current year loss, that loss; and (d) such other deductions as the Commission may require with respect to the bank.

240 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS Meaning of “contributed capital” 78. (1) Subject to subsection (2), the “contributed capital” of a BVI bank is the total of— (a) monies paid; and (b) where approved by the Commission on a case-by-case basis, the value of other consideration provided, for ordinary shares that have been issued by the bank. (2) The following shall be excluded from any calculation of contributed capital— (a) where shares are partly paid, any monies or other consideration due in respect of those shares, whether or not called; (b) shares which give the holder the right to a distribution, or to redeem the shares, in any circumstances. (3) Where a shareholder agrees to pay, or provide consideration, for shares in whole or in part at a future time, the shares are partly paid with respect to the amount still to be paid or the consideration still to be provided, and the amount outstanding shall not be included in contributed capital. Meaning of “perpetual non- cumulative preference shares” 79. (1) “Perpetual non-cumulative preference shares” are preference shares— (a) that do not have a stated maturity date; (b) for which, where distributions are not paid in any year, they cannot be deferred and cannot be accumulated; and (c) that are not redeemable or are redeemable only at the option of the bank. (2) The value of a BVI bank’s perpetual non-cumulative preference shares, for the purposes of calculating the bank’s tier 1 capital, is the total of— (a) monies paid; and (b) where approved by the Commission on a case-by-case basis, the value of other consideration provided, for perpetual non-cumulative preference shares that are fully paid up. Meaning of “unappropriated retained earnings” 80. The “unappropriated retained earnings” of a BVI bank are the accumulated retained earnings of the bank that— (a) represent retained earnings; (b) are available for distribution; and (c) are free, unimpaired and unencumbered.

LAW OF VIRGIN ISLANDS Regulatory Code 241 Revision Date: 1 Jan 2020 [Statutory Instrument] Meaning of “minority interest” 81. A “minority interest”, with respect to a BVI bank, is an interest in the equity of a subsidiary of the bank which is not a wholly owned subsidiary but which is included in the consolidated financial statements of the bank. Other approved capital items 82. (1) A BVI bank may make application to the Commission for approval to include other capital items in the calculation of its tier 1 capital. (2) The Commission will not approve other capital items for inclusion in tier 1 capital unless it is satisfied that the capital item meets its tier 1 capital criteria. EXPLANATORY NOTES Types of Capital (i) The Commission recognises 2 types of capital— (a) tier 1 capital [core capital]; and (b) tier 2 capital [supplementary capital]. (ii) Subject to certain restrictions set out in the Code, the sum of a bank’s tier 1 and tier 2 capital constitute its capital base. The tier 1 capital of a BVI bank must be maintained at or above the minimum tier 1 capital requirement specified in section 76 of the Code. There is no specified minimum requirement with respect to tier 2 capital, but it is used to calculate the bank’s risk-weighted capital adequacy ratio, which must never fall below 12% [see section 83 of the Code]. (iii) Paragraphs (i) to (xi) of this Explanatory Note cover tier 1 capital. Sections 83 to 89 of the Code and the associated Explanatory Notes provide for tier 2 capital. Tier 1 Capital (iv) Tier 1 capital comprises a bank’s highest quality capital items. To qualify as tier 1 capital, a capital item must have each of the following characteristics— (a) it must be permanent; (b) it must be able to absorb losses; (c) on a liquidation, administration or other insolvency proceeding, it must rank after all other debts and liabilities; and (d) it must not be subject to any binding obligations, for example to pay dividends or make other types of distribution. The above characteristics are possessed only by equity capital and certain types of disclosed reserves, i.e. reserves that are visible in a bank’s annual audited accounts. (v) Where application is made to the Commission under section 82 of the Code for it to approve other capital items as tier 1 capital, it will not grant its approval unless it is satisfied that the capital item meets all of the above criteria.

242 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS Determination of contributed capital (vi) In determining the banks’ contributed capital for the purposes of calculating its tier 1 capital, where the financial statements of the bank distinguish between nominal paid up value and share premium, contributed capital includes both. (vii) As indicated in section 78(3), where a shareholder agrees to pay, or provide consideration, for shares in whole or in part at a future time, the shares are partly paid with respect to the amount still to be paid or the consideration still to be provided. Shares issued for a promissory note or other written obligation as permitted by section 47(1) of the BVI BCA should be treated as unpaid with respect to the amount, or value of consideration, that remains due under the note or obligation. Unappropriated retained earnings (viii) It is important to note that unappropriated retained earnings do not include reserves arising from the revaluation of fixed assets. These reserves do not satisfy the criteria for tier 1 capital [but may form part of tier 2 capital as provided in section 85(2) of the Code]. Current year’s net income or loss (ix) The current year’s net income may only be included in tier 1 capital if it has been verified by the bank’s external auditors. If a bank has a current year loss, its tier 1 capital must be reduced by that amount, even if at the stage at which the determination is made, the loss has not been verified by the bank’s external auditors. Specified minimum tier 1 capital (x) The minimum tier 1 capital requirement specified in section 76 of the Code is an absolute minimum requirement applicable to BVI banks irrespective of the nature and extent of their banking business. It applies to a newly licensed bank that has not yet commenced business as well as an established bank. However, in most cases a BVI bank will have to maintain a higher amount of tier 1 capital in order to ensure that it meets its over-riding capital resource requirement specified in section 74 of the Code and to enable it to meet the minimum risk weighted capital adequacy ratio. (xi) Furthermore, as already indicated, section 12 of the Banks and Trust Companies Act provides that the Commission may, in the case of a particular bank, require it to maintain capital resources greater than the minimum capital resource requirement specified in the Code. Where the Commission imposes such a requirement on a BVI bank, the bank must maintain its tier 1 capital in an amount equal to or greater than such amount as specified by the Commission.

---

Minimum risk-weighted capital adequacy ratio 83. (1) A BVI bank shall, at all times, maintain a minimum risk-weighted capital adequacy ratio of 12%, calculated in accordance with subsection (2) and Schedule 4. (2) The risk-weighted capital adequacy ratio of a BVI bank shall be calculated, on a consolidated basis, in accordance with the following formula:

LAW OF VIRGIN ISLANDS Regulatory Code 243 Revision Date: 1 Jan 2020 [Statutory Instrument] CAR = CB x 100 RWA + OBS (3) For the purposes of subsection (2)— (a) “CAR” represents the bank’s capital adequacy ratio; (b) “CB” represents the bank’s capital base, as defined in section 84; (c) “RWA” represents the bank’s total risk weighted on-balance sheet asset exposure, calculated in accordance with section 90 and Schedule 2 of the Financial Services (Prudential and Statistical Returns) Order; and (d) “OBS” represents the bank’s total off-balance sheet exposure, calculated in accordance with section 91 and Schedule 2 of the Financial Services (Prudential and Statistical Returns) Order. (4) A BVI bank shall ensure that it calculates its risk-weighted capital adequacy ratio at least once each month. Meaning of “capital base” 84. (1) The capital base of a BVI bank is— (a) the sum of its— (i) tier 1 capital; and (ii) eligible tier 2 capital, as defined in section 85(3). (b) less the sum of the deductions specified in subsection (2), to the extent applicable to the bank. (2) The following capital deductions are specified for the purposes of subsection (1)(b)— (a) securities held by the bank or a subsidiary in affiliated financial institutions, unless the affiliated financial institution is wholly owned or fully controlled by the bank or its subsidiary and has been consolidated with the bank for capital adequacy purposes; (b) equity and other capital investments in licensed non-operating bank or financial holding companies; (c) such deductions as the Commission may specify with respect to exposures to connected counterparties, within the meaning of section 102; (d) any other deductions specified in Schedule 2 of the Financial Services (Prudential and Statistical Returns) Order; and (e) such other deductions as may be specified by the Commission with respect to that bank. Meaning of “tier 2 capital”. 85. (1) The “tier 2 capital” of a BVI bank is— (a) the sum of the capital items specified in subsection (2), insofar as the items are applicable to the bank;

244 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (b) less such deductions as the Commission may require with respect to the bank. (2) The following capital items are specified as constituents of tier 2 capital for the purposes of subsection (1)(a)— (a) fixed asset revaluation reserves; (b) eligible general loan-loss reserves, as specified in section 86; (c) hybrid debt/equity instruments, as provided in section 87; (d) eligible unsecured subordinated debt, as provided in section 88; (e) such other capital items as the Commission may approve with respect to the bank under section 89. (3) Tier 2 capital is “eligible” for the purposes of determining the bank’s capital base only to the extent that it does not exceed the bank’s tier 1 capital. General loan-loss reserves 86. (1) General loan-loss reserves are reserves created for possible unidentified losses that may be suffered by a bank as a result of loan defaults. (2) In determining general loan-loss reserves, the following shall be excluded— (a) any reserves created for specific loans; and (b) any general loan-loss reserves appropriated to identified losses or possible losses, other than provisions held specifically against lower valuations of particular claims or classes. (3) General loan-loss reserves are eligible for the purposes of section 85(2)(b) up to a maximum of 1.25% of the bank’s risk weighted assets and off-balance sheet items. Hybrid debt/equity instruments 87. (1) An instrument is a hybrid debt/equity instrument within the meaning of section 85(2)(c) only if it satisfies all of the following criteria— (a) the instrument is unsecured and fully paid up; (b) the claim of the holder of the instrument, both as to capital and interest, ranks after the claims of all unsubordinated creditors; (c) the instrument is not redeemable at the option of the holder or without the prior written approval of the Commission; (d) the instrument is available to participate in losses without the bank being obliged to cease trading; and (e) the instrument allows the bank to defer debt servicing payments where the profitability or liquidity of the bank would not support payment, even though the instrument may carry an obligation to pay interest that cannot be permanently reduced or waived.

LAW OF VIRGIN ISLANDS Regulatory Code 245 Revision Date: 1 Jan 2020 [Statutory Instrument] Unsecured subordinated debt 88. (1) An instrument is unsecured subordinated debt within the meaning of section 85(2)(d) only if it satisfies all of the following criteria— (a) the instrument has an original fixed term to maturity exceeding 5 years; (b) the debt is unsecured; (c) the claim of the holder of the instrument, both as to capital and interest, ranks after the claims of all unsubordinated creditors; and (d) the remedy for default in the event of non-payment of principal or interest is limited to making application to court for the liquidation of the company or claiming as a subordinated creditor in the liquidation or administration of the bank. (2) During the last 5 years to maturity of an unsecured subordinated debt instrument, a cumulative discount of 20% per annum must be applied to the instrument in determining its value for inclusion in tier 2 capital. (3) Unsecured subordinated debt instruments are eligible for the purposes of section 85(2)(d) up to a maximum of 50% of the bank’s tier 1 capital. Other approved capital items 89. (1) A BVI bank may make application to the Commission for approval to include other capital items in the calculation of its tier 2 capital. (2) The Commission will not approve other capital items for inclusion in tier 2 capital unless it is satisfied that the capital item meets its tier 2 capital criteria. Risk-weighted asset exposure 90. (1) The total of a bank’s risk-weighted asset exposure is calculated using the following steps— (a) the current book value of each asset that is included on the balance sheet of the bank, other than excluded assets, is multiplied by the appropriate risk weighting specified in Schedule 4, Part A; (b) the resulting risk-weighted value of each asset calculated under paragraph (a) is summed; (c) the total of all items deducted from the capital base is deducted from the figure produced under paragraph (b) to produce the total risk￾weighted asset exposure. (2) For the purposes of subsection (1)— (a) any asset which is required to be deducted from the bank’s tier 1 capital or from its capital base is an excluded asset; and (b) the current book value, at any time, is the amount outstanding, including accrued interest or revaluations, if appropriate, but net of any specific provision or depreciation.

246 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS Off-balance sheet exposure 91. (1) For the purposes of this section, a bank’s off-balance sheet business means all of its off-balance sheet business, including all market related and non- market related transactions. (2) The total of a bank’s off-balance sheet exposure is calculated using the following steps— (a) the principal amount (or face value) of each transaction constituting off-balance sheet business is converted into an on-balance sheet equivalent by multiplying it by the appropriate credit conversion factor specified in Schedule 4, Part C; (b) the resulting on-balance sheet equivalent produced under paragraph (a) is multiplied by the appropriate risk weighting specified in Schedule 4, Part A; (c) the resulting risk-weighted value of each on-balance sheet equivalent calculated under paragraph (b) is summed producing the bank’s total off-balance sheet exposure. EXPLANATORY NOTES Risk-weighted Capital Adequacy Ratio (i) The risk-weighted capital adequacy is described as “the risk asset ratio” in the quarterly prudential return in Schedule 2 of the Financial Services (Prudential and Statistical Returns) Order. The 2 terms should be regarded as synonymous. (ii) The minimum tier 1 capital requirement is an absolute figure that bears no relationship to the size of the bank’s business or the risks to which the bank is exposed. Compliance with the minimum tier 1 capital requirement does not, therefore, in itself mean that a bank is adequately capitalised. The requirement to maintain a risk-weighted capital adequacy ratio provides a much greater assurance that the bank’s capital is adequate, taking into account the risks to which the bank is exposed. In effect it requires a BVI bank to maintain capital resources, acceptable to the Commission, that equal or exceed 12% of its total risk-weighted exposures. As already indicated, the requirements are designed to implement the Basel Capital Accord which address a bank’s credit risk. These requirements are not designed to address market risk, which will be addressed through an amendment to the Code in due course. Consistent with the Capital Accord, the risk-weighted capital adequacy is calculated on a consolidated basis. Unless the Commission directs otherwise, a bank should, therefore, prepare consolidated financial statements that consolidate the financial statements of its subsidiaries. (iii) The risk-weighted capital adequacy ratio is calculated by dividing its capital base by its total risk-weighted exposure [comprised of its risk-weighted assets and its off-balance sheet exposure]. Determining whether a BVI bank satisfies the risk-weighted capital adequacy requirement therefore involves the following sequential stages— (a) First, the bank’s capital base must be calculated. This determines the amount of capital, acceptable to the Commission, that the bank has available to it. (b) Second, the bank’s total risk-weighted exposure must be calculated.

LAW OF VIRGIN ISLANDS Regulatory Code 247 Revision Date: 1 Jan 2020 [Statutory Instrument] (c) Finally, bank’s capital base is expressed as a proportion of its total risk￾weighted exposure to arrive at the risk asset ratio. Section 83(1) of the Code provides that this must exceed 12%. It should be noted that this a continuous obligation, not just an obligation that applies on a reporting date. (iv) Section 83(4)of the Code requires a BVI bank to calculate its risk-weighted capital adequacy ratio at least once each calendar month. It should be understood that this represents an absolute minimum. Section 83(1) imposes an overriding requirement on a BVI bank to maintain a minimum risk-weighted capital adequacy ratio of 12% at all times. The Commission expects a bank to calculate its risk-weighted capital adequacy ratio as often as reasonably required to ensure that it is able to ascertain any non-compliance with section 83(1) as soon as possible. The Commission will, therefore, expect a BVI bank to calculate its risk-weighted capital adequacy ratio more frequently if the bank has any reason to suspect that it is not well in excess of 12%. Capital Base (v) The capital base comprises the total of a BVI bank’s tier 1 capital and its eligible tier 2 capital less certain specified deductions. These are more fully described below. Tier 2 Capital (vi) Tier 2 capital, also known as supplementary capital, includes forms of capital that do not fully meet the requirements for tier 1 capital on the grounds that the capital is not permanent or is subject to binding obligations. Although tier 2 capital is of a lower quality than tier 1 capital, it comprises capital items that contribute to the overall strength of the bank as a going concern. As specified in section 85(3), tier 2 capital is only eligible to the extent that it does not exceed tier 1 capital. It therefore follows that at least 50% of the capital base of a BVI bank must be comprised of tier 1 capital. General loan-loss reserves (vii) General loan-loss reserves are intended to cover the possibility of losses that have not yet been identified. The Basel Capital Accord permits them to be included in tier 2 capital provided that they do not reflect a known deterioration in the value of particular assets. The rationale for this is that reserves that have been created for, or assigned to, identified losses or in respect of an identified deterioration in the value of assets are not freely available to meet unidentified losses which may subsequently arise in the loan portfolio. For further provisions and guidance concerning loan-loss provisioning, see section 107 of the Code. Hybrid debt/equity instruments (viii) Hybrid debt/equity instruments combine characteristics of equity capital and debt. The following are examples of hybrid debt/equity instruments— (a) perpetual cumulative preference shares; and (b) perpetual subordinated debt including debt which is convertible into equity.

248 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS Unsecured subordinated term debt (ix) The essential characteristics of unsecured subordinated term debt are set out in section 88 of the Code. Redeemable cumulative preference shares are an example of unsecured subordinated debt.

---

Regulatory deposits Regulatory deposit to be made by licensed banks 92. (1) This section and section 93— (a) prescribe the amount of the deposit required to be made by a BVI bank under section 12(1)(b) or 12(2)(b) of the Banks and Trust Companies Act and the manner in which regulatory deposits are to be made and retained by the Commission; and (b) specify the purposes for which a regulatory deposit may be utilised by the Commission. (2) For the purpose of section 12(1)(b) and 12(2)(b) of the Banks and Trust Companies Act the prescribed deposit for a BVI bank is $500,000 (“the required regulatory deposit”). (3) A licensed bank shall ensure that, at all times, it has paid monies to the Commission equal to the required regulatory deposit. Regulatory deposits, supplementary provisions 93. (1) The regulatory deposit made by a BVI bank may be used by the Commission for any one or more of the following purposes— (a) to satisfy outstanding fees or penalties payable by the bank to the Commission; and (b) to satisfy the costs of, or associated with— (i) any enforcement action taken by the Commission against the bank; and (ii) the running off and winding up of the licensed business of the bank. (2) If a BVI bank ceases to hold a banking licence, the bank is entitled to be paid such part of the deposit that the Commission is satisfied is not required for the purposes specified in subsection (1). (3) The Commission may pay interest to BVI banks at such rate and in such manner as it considers appropriate.

---

EXPLANATORY NOTES Regulatory Deposits (i) Section 12(1)(b) and 12(2)(b) of the Banks and Trust Companies Act together require a bank to keep deposited or invested such sum as may be prescribed in such manner as may be prescribed (in a Regulatory Code). The purpose of sections 92 and 93 of the Code is to set out the prescribed requirements with

LAW OF VIRGIN ISLANDS Regulatory Code 249 Revision Date: 1 Jan 2020 [Statutory Instrument] respect to deposits. As these are required for regulatory purposes, they are termed “regulatory deposits”. Applicant for a Bank Licence (ii) Section 4(4)(a) of the Banks and Trust Companies Act provides that the Commission may only grant a licence issued under the Act to an applicant if it is satisfied that the applicant will, upon issuance of the licence, be in compliance with the Act and the Regulatory Code. Where the Commission has decided, in principle, to grant an application, the licence will not be issued until the applicant has made the required deposit. (iii) The purposes for which a regulatory deposit may be used are set out in section 93 of the Code. These are principally to satisfy fees and penalties owing to the Commission, to pay for any enforcement action taken and to pay the costs of running off and winding-up the licensed business of the licensee. It should be noted that this is not intended to cover the costs of any liquidation under the Insolvency Act, except to the extent that these costs cover the running off and the winding up of the licensed business. (iv) Of course, the Commission would not look to the regulatory deposit unless the BVI bank was unwilling or unable to pay the fees, penalties or costs concerned.

---

Division 2 Exposures Interpretation 94. The following definitions apply to the interpretation of the provisions of this Code relating to exposures— “counterparty” means a person, body or association with whom a bank has an exposure, including a natural or legal person, a government or public entity or body, a partnership, a trust and an unincorporated body or association of persons; “exposure” has the meaning specified in section 95; “group of related counterparties” means two or more counterparties that are, with respect to each other, related counterparties; “large exposure” means an exposure to a counterparty or group of related counterparties which is greater than or equal to 10% of a bank’s capital base; and “related counterparty” means a counterparty that is one of a number of counterparties that, together, pose a common risk to a bank. Meaning of “exposure” 95. (1) An “exposure” is the maximum gross loss that a bank may suffer— (a) if a counterparty or a group of related counterparties fail to meet its obligations; or (b) as a result of the bank realising assets or off-balance sheet positions. (2) In determining “gross loss” for the purposes of subsection (1)—

250 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (a) the value of any security or set-off that a bank may hold, shall be excluded; and (b) any applicable risk-weightings or credit conversion is ignored. (3) Subject to subsection (4) and (5), a bank’s exposure includes the gross amounts at risk arising from— (a) claims on a counterparty or group of related counterparties, including actual claims, and potential claims which would arise from the drawing down in full of undrawn advised facilities (whether revocable or irrevocable, conditional or unconditional) which the bank has committed itself to provide, and claims which the bank has committed itself to purchase or underwrite, including— (i) all loans and advances, including overdrafts, however denominated; (ii) the net book value of finance leases; (iii) discounted bills held outright; (iv) bonds, acceptances, promissory notes, loan stocks and other paper held outright; (v) margin held with investment exchanges, clearing houses or other counterparties; (vi) OTC futures, including forwards, options, swaps and similar contracts on interest rates, foreign currencies, equities, securities and commodities; (vii) claims arising in the course of settlement of securities or other transactions; (viii) claims arising in the case of forward sales and purchases of instruments in both the trading and banking books that either settle on a date beyond the market norm for that instrument or where the payment due is deferred until some future date; (ix) any commitment with a certain or uncertain drawdown entered into by the bank, including amounts outstanding under— (A) sale and repurchase agreements; (B) forward asset purchase agreements; (C) buy back agreements; (D) forward deposits placed; and (E) the unpaid part of partly-paid shares; and (x) any other claims arising from similar transactions entered into by the bank; (b) contingent liabilities arising in the normal course of business, and those contingent liabilities which would arise from the drawing down in full of undrawn advised facilities (whether revocable or irrevocable, conditional or unconditional) which the bank has committed itself to provide, including—

LAW OF VIRGIN ISLANDS Regulatory Code 251 Revision Date: 1 Jan 2020 [Statutory Instrument] (i) direct credit substitutes, including guarantees, standby letters of credit serving as financial guarantees, bills accepted but not held by the bank and other similar or equivalent arrangements; (ii) claims sold with recourse, where the credit remains with the bank; (iii) transaction-related contingent items not having the character of direct credit substitutes, including tender and performance bonds, bid bonds, warranties, standby letters of credit relating to particular transactions and retention money guarantees; (iv) undrawn documentary letters of credit issued or confirmed; and (v) those arising from similar transactions entered into by the bank; (c) assets, and assets which the bank has committed itself to purchase or underwrite, whose value depends wholly or mainly on a counterparty performing its obligations, or whose value otherwise depends on that counterparty’s financial soundness but which do not represent a claim on the counterparty, including equities, equity warrants and options which do not represent a claim on the issuer but whose value depends, principally, on the issuer’s financial soundness; and (d) accrued interest with respect to any claim. (4) The following shall not be regarded as falling within the definition of an exposure for the purposes of subsection (3)(a)— (a) claims and other assets deducted from the bank’s capital base for capital adequacy and large exposures purposes; (b) claims on subsidiary companies of the bank where the investment in it has been deducted from capital for regulatory reporting purposes; (c) claims where the bank has paid its side of a foreign exchange transaction and the counter value is not received from the counterparty until up to 2 working days following payment; (d) where an asset is traded, claims on a counterparty arising during settlement where both the bank and the counterparty are up to 5 working days overdue in settling; and (e) counterparty risk on futures and options where the contracts are traded on an exchange and are subject to daily margining requirements, except that where contracts relate to a broadly based cash settled index, issuer risk on any underlying bonds or equities shall be included. (5) The following shall not be regarded as falling within the definition of an exposure for the purposes of subsection (3)(b)— (a) indemnities for lost share certificates and export/import carnets; (b) bill endorsements on bills already endorsed by another bank; and (c) contingent liabilities resulting from injuries, damage or loss suffered by third parties and caused by the goods where the bank acts as lessor, mortgagee or owner of goods under a hire-purchase agreement.

252 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS Exposure limits BVI banks 96. (1) Subject to section 98, a BVI bank shall not, without the Commission’s prior written approval, incur— (a) an aggregate exposure to a counterparty, or a group of related counterparties, that exceeds 25% of its capital base; or (b) large exposures that, in aggregate, exceed 800% of the bank’s capital base. (2) A BVI bank may apply to the Commission to approve an exposure exceeding 25% of its capital base or that will result in the bank’s large exposures exceeding 800% of the bank’s capital base where— (a) the exposure is or will be guaranteed in its entirety by a foreign bank (“the guarantor bank”) and— (i) the guarantor bank is supervised by its home supervisor in accordance with the Basel Core Principles; (ii) the guaranteed exposure is or will be consolidated with the guarantor bank and does not breach any statutory or regulatory requirement in the guarantor bank’s home jurisdiction; (b) the exposure is secured by securities issued by a Zone A central government or central bank and— (i) the exposure does not exceed 100% of the bank’s capital base; (ii) the bank has a legal opinion confirming the right of set-off between the securities and the exposure; (iii) the marked to market value of the securities exceeds the amount of the exposure; or (c) the exposure is to, or secured by securities issued by, the Government of the Virgin Islands. Exemption for exposures secured by cash 97. Exposures secured by cash held by a BVI bank, including CDs issued by the bank, or back-to-back exposures, are exempt from 96(1)(a) up to a maximum of 100% of the bank’s capital base, provided that— (a) the exposure and the deposit used as security or collateral have the same maturity; (b) the exposure and the deposit are made in the same country and denominated in the same currency; and (c) the bank has a legal opinion confirming the right of set-off between the deposit and the exposure. Other exemptions 98. (1) The following exposures are not required to be included in calculating whether an aggregate exposure to a counterparty, or a group of related counterparties, exceeds 25% of the capital base of a BVI bank— (a) an exposure to a Zone A bank (with a maturity of one year or less);

LAW OF VIRGIN ISLANDS Regulatory Code 253 Revision Date: 1 Jan 2020 [Statutory Instrument] (b) an interbank loan or placement, certificate of deposit or similar instrument issued by another bank or foreign bank with a maturity of one year or less; (c) an exposure to, or one that is guaranteed by, a Zone A central government or central bank; and (d) an exposure to, or one that is guaranteed by, a Zone B central government if it is denominated in the currency of that government’s country and funded by liabilities in the same currency. (2) An exposure specified in subsection (1) must be reported to the Commission as an exempt exposure under section 100 if, ignoring subsection (1), it would be a large exposure. Policies, systems and controls 99. (1) The directors of a BVI bank shall establish and maintain written policies concerning large exposures and credit risk concentrations to counterparties and groups of related counterparties, connected counterparties (within the meaning of section 102), countries and geographic areas and economic sectors. (2) The internal polices established and maintained under subsection (1) shall include policies that— (a) require senior management to set individual exposure limits appropriate to the type, nature and volume of business undertaken; and (b) require senior management, when considering the incurring by the bank of particular exposures, to take account of— (i) the creditworthiness of the counterparty; (ii) the nature of the bank’s relationship with the counterparty; (iii) the nature and extent of the security that the bank has against the exposure; (iv) the maturity of the exposure; (v) the banks experience and expertise with respect to the transaction that will cause the exposure; (vi) the market conditions and other relevant factors in the economic sector concerned; and (vii) the economic and political developments in countries relevant to the exposure. (3) A BVI bank is required to establish such systems and controls as are necessary to— (a) implement and ensure compliance with the policies established under subsection (1); and (b) to ensure compliance with the requirements of this Code with respect to exposures. (4) Without limiting subsection (3), a BVI bank shall have information systems that— (a) enable it to—

254 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (i) identify all related counterparties and related party loans; (ii) identify and measure large exposures and aggregate related counterparty exposures; (iii) identify any breaches of the policies established under subsection (1) or of the provisions of this Code relating to large exposures; and (iv) monitor concentrations in particular countries, regions and sectors; and (b) provide for the recording of individual exposure limits set by senior management together with details of the factors considered, the analysis undertaken and the authorisation or rejection by senior management in respect of all credit exposures. (5) Any breach of the Code with respect to large exposures shall immediately be reported to the directors. (6) A BVI bank shall submit its large exposures policies to the Commission on or before 31st March each year. Reports with respect to large exposures 100. A BVI bank must report to the Commission— (a) on a quarterly basis— (i) all large exposures at the reporting date; (ii) any other exposures which, at any time during the reporting period, were large exposures; and (iii) any exempt exposures required to be reported under section 98(2) at the reporting date or during the reporting period; and (b) immediately, if it contravenes the Code with respect to large exposures.

---

EXPLANATORY NOTES Objective (i) The objective of the provisions in the Code concerning large exposures is to minimise the credit risk exposure of banks licensed in the BVI arising out of the concentration of credit risk. (ii) The concentration of credit risk in a single person or group of associated persons is of particular concern, because if the person or group of related persons default, the financial condition of the bank, or even its viability, could be seriously affected. International standards therefore require limits to be imposed on large exposures. This Division is intended to implement the Basel paper “Measuring and Controlling Large Credit Exposures” published in January 1991. (iii) The Code seeks to protect against risk concentration in BVI banks by— (a) setting limits on large exposures to a single person or a group of related persons;

LAW OF VIRGIN ISLANDS Regulatory Code 255 Revision Date: 1 Jan 2020 [Statutory Instrument] (b) requiring BVI banks to establish and implement policies on large exposures; and (c) requiring BVI banks to report to the Commission on large exposures, both as part of their regular reporting obligations and if certain large exposure thresholds are exceeded. (iv) However, credit risk concentrations may also arise from exposure to persons connected to the bank [see Division 3] and excessive exposure to particular geographical regions or sectors of the economy. It is not possible to place specific limits on these types of risk concentration, but a BVI bank should design its risk management systems to protect it from these types of risk concentration. (v) The provisions of the Code relating to exposure limits have no application to a bank that is authorised to conduct transactions only with third party entities that are related to the bank, as such banks are prohibited under the terms of their licences from conducting third party transactions. (vi) The large exposure limits in the Code do not apply to licensed foreign banks, as this is an area that is properly the responsibility of the bank’s home regulator. However, the Commission expects a licensed foreign bank to comply with the limits imposed by its home regulator. Definitions Counterparty (vii) Section 94 of the Code provides that a counterparty includes any person, body or association with whom the bank has an exposure. Given the wide definition of “exposure”, the range of the potential counterparties of a bank is large. It would include a borrower, a person whose obligations the bank is guaranteeing, another bank with which funds are being placed, the issuer of a security held by the bank and the party with whom a derivatives contract is made. Related Counterparties (viii) Given the objectives set out above, it is clear that any group of counterparties that pose a common risk to the bank should be considered as related. The concept of “related counterparty” therefore goes well beyond a group of companies in the generally understood sense. Although the companies in a group will always be considered “related counterparties”, the relationship could be brought about by other factors, such as— (a) common ownership; (b) common control or management, for example, common directors; (c) cross guarantees; (d) direct commercial interdependency which cannot be substituted in the short-term; and (e) family ties. (ix) The term is to be distinguished from “connected party” and “connected counterparty” which are defined in Division 3.

256 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS Exposures (x) It should be noted that the gross amount at risk is used to determine the exposure of a bank. The risks are not weighted as they are for the purposes of determining the risk-weighted capital adequacy ratio. Maximum Exposure Limits (xi) The maximum exposures limits specified in section 96 of the Code should be regarded as absolute maximums. The Commission expects BVI banks to establish significantly lower limits unless there are exceptional reasons to the contrary. Exemptions Guaranteed exposure (xii) The Commission will not approve an application under section 96(2)(a) unless it is— (a) of the opinion that the guarantor bank would, at any time, be able to assume the exposure itself without exceeding its own large exposure limits; (b) the Commission receives written confirmation from the home supervisory authority of the guarantor bank as to the matters specified in section 96(2)(a)(ii) Internal Controls (xiii) Given that related counterparties may attempt to conceal their relationship, it is important that a bank has strong systems and controls in place that are designed to identify related exposures and that the bank exercises due diligence in implementing these systems and controls. A bank should also ensure that its internal controls are designed to identify junior management who may be concealing the relationship between counterparties.

---

Division 3 Risk Management Preliminary Purpose of Division 101. (1) The purpose of this Division is to specify the risk management strategies, policies, systems and controls that must be established, with particular regard to— (a) credit risk, including counterparty risk; (b) country and transfer risk; (c) market risk; (d) liquidity risk; (e) interest rate risk; and (f) operational risk. (2) This Division does not limit the general requirements with respect to risk management specified in section 26.

LAW OF VIRGIN ISLANDS Regulatory Code 257 Revision Date: 1 Jan 2020 [Statutory Instrument] Meaning of “connected party” and “connected counterparty” 102. For the purposes of this Division— “close family member”, in relation to a person, means the person’s— (a) spouse; (b) children, including adopted children; (c) parents, including step parents; (d) brothers or sisters, including step brothers or sisters; or (e) grandchildren; and “connected counterparty” or “connected party”, in relation to a licensed bank, means a counterparty or party that, or who, is— (a) an affiliate of the bank; (b) a person having a significant interest in the bank; (c) a company in which the bank has a significant interest; (d) a director or senior manager of the bank; (e) a business associate or close family member of— (i) a person referred to in paragraph (d); or (ii) a person referred to in paragraph (b) or (c), where that person is an individual; or (f) a company of which a person referred to in paragraph (b), (c), (d) or (e) is a director or senior manager or in which such a person has a significant interest.

---

EXPLANATORY NOTES Objective of Division (i) This Division is not intended to provide an exhaustive list of the strategies, policies, systems and controls required. Rather it is designed to set minimum, principles-based requirements common to most banks that should be implemented by all banks. The method of implementation by a particular bank will be dependent upon that bank’s business. (ii) It is important to stress that the requirements in this Division are minimum requirements. Every bank must develop its own risk management strategy, policies, systems and controls which must be appropriate for the nature, size, complexity, structure and diversity of the bank’s business. The circumstances of a particular bank may require a risk management strategy and risk management policies, systems and controls that exceed the requirements of this Division. (iii) Section 101(2) makes it clear that the specific risk management requirements specified in this Division do not limit the general risk management requirements of the Code that are applicable to all licensees. This Division is therefore intended to supplement the general risk management requirements in section 26 of the Code for BVI banks. The general risk management requirements specified in section 26 therefore apply fully to the management of the specific risks specified in section 101 in addition to the more detailed requirements of this Division.

258 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (iv) Furthermore, in order to comply with section 26, a BVI bank will need to establish and maintain a risk management strategy, and if appropriate policies, and risk management systems and controls to manage risks to which it is exposed other than those specified in section 101. Such risks would include reputational and strategic risks. Connected Parties and Counterparties (v) The term “connected party” or “connected counterparty” is used to mean a party or counterparty that is closely connected to the bank itself. Note that for the purpose of this Division, the definition is considerably wider than the general definition of “connected person” in section 2(2) of the Code. These terms are equivalent to the term “related party” that is used in Principle 11 of the Basel Core Principles.

---

Credit risk Credit risk strategy, policies, systems and controls 103. (1) A bank shall establish and maintain— (a) a strategy, and if the board considers it appropriate, policies, for the management of its credit risk, including counterparty risk, appropriate for the nature, size, complexity, structure and diversity of the bank’s business and for the credit risk to which it is exposed; and (b) systems and controls that are sufficient to ensure that the credit risk management strategy and policies are effectively implemented. (2) Without limiting subsection (1), the credit risk management strategy, policies, systems and controls of a bank shall— (a) address credit risk in all of the bank’s products and activities and at both the individual credit and the portfolio levels; (b) enable the establishment of an appropriate credit risk environment; (c) facilitate a sound credit-granting process; (d) require that the credit risk of new products is assessed and adequate risk management systems and controls established before they are introduced or undertaken; and (e) provide for the identification, measurement, monitoring and control of the bank’s credit risk, including counterparty credit risk exposure. (3) The credit risk management strategy and the significant credit risk management policies established under subsection (1), including the bank’s credit￾granting criteria, shall be approved, and reviewed on at least an annual basis, by the board. (4) The credit risk management strategies, policies, systems and controls shall be fully and clearly documented and communicated and readily available to the directors and to those senior managers and staff who have responsibility for implementing them.

LAW OF VIRGIN ISLANDS Regulatory Code 259 Revision Date: 1 Jan 2020 [Statutory Instrument] Criteria for granting credit 104. The credit risk management strategy or polices of a bank shall include a statement of the bank’s credit-granting criteria which shall— (a) include a clear indication of the bank’s target market; (b) require a full understanding of— (i) the borrower or counterparty and his risk profile; (ii) the purpose and structure of the credit; and (iii) the source of repayment; (c) establish overall credit limits at the level of individual borrowers and counterparties, and groups of related counterparties; (d) require that large credit risk exposures, defined with respect to amount of credit or percentage of capital base, high credit risk exposures and credit risk exposures that are outside the bank’s normal activities are referred to the board or senior management for decision; (e) require the establishment of clear procedures for the approval of new credits in addition to the amendment, renewal and re-financing of existing credits; and (f) cover the provision of credit to employees and other persons connected to the bank and, in particular, require that— (i) all decisions are made on an “arms-length” basis; (ii) credits to connected borrowers or counterparties, and the write-off of such credits, are authorised at a senior level (or when they exceed certain amounts specified in the criteria, by the board) and on an exception basis; (iii) any senior manager, director or other person with a conflict of interest is excluded from the approval process and from managing the credit once granted; and (iv) the terms under which credits are granted to connected borrowers or counterparties are adequately and appropriately assessed and such credits are closely monitored on an on-going basis. Systems for credit administration, measurement and monitoring 105. The systems established by a bank shall provide for— (a) the on-going administration of its credit risk-bearing portfolios; (b) the monitoring of— (i) individual exposures to connected persons and the total of such exposures; (ii) the condition of individual credits; and (iii) the overall composition and quality of the credit portfolio, including concentrations of risk; (c) the measurement of credit risk inherent in all on-and off-balance sheet activities; and

260 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (d) the assessment of the value of guarantees and collateral and other instruments held by the bank to mitigate risk. Controls over credit risk 106. (1) A bank shall establish systems and controls that provide for the on-going review and assessment of the bank’s credit risk management systems, including reviews and assessments of the lending process. (2) The results of any review and assessment undertaken under subsection (1) shall be provided directly to the board, or to an appropriate board committee, or to a senior manager who has no connection with the granting or approval of credit. (3) The systems and controls of a BVI bank shall provide for the identification and management of deteriorating and problem loans and credits and the making of timely and appropriate reports to the board and senior management on the condition of the bank’s portfolio, including classification of credits, the level of provisioning and major problem assets. (4) Without limiting subsection (3), the systems and controls of a BVI bank shall— (a) enable the bank to reliably classify loans on the basis of credit risk; (b) provide for the periodic review by a bank of its problem loans and credits at an individual level, or at a portfolio level where loans and credits have homogenous characteristics. Loan-loss reserves 107. (1) The board and senior management of a BVI bank shall ensure that the bank has appropriate credit risk assessment systems and controls, commensurate with the size, nature and complexity of its lending operations, to consistently determine appropriate provisions for loan-losses in accordance with the bank’s strategy and policies and the international accounting standards applicable to the bank. (2) The loan-loss provisions of a BVI bank shall be adequate to absorb estimated credit losses in the loan portfolio.

---

EXPLANATORY NOTES Credit Risk – Introduction (i) The purpose of the provisions in the Code relating to credit risk is to specify the credit risk management procedures that a licensed bank is required to put in place. These provisions are intended to implement the Basel Committee’s “Principles for the Management of Credit Risk” issued in September 2000 and “Sound Credit Risk Assessment and Valuation for Loans” issued in June 2006. (ii) Credit risk is the risk that a borrower or other counterparty will fail to meet its obligations to a bank in accordance with the agreed terms. Credit risk is not restricted to a bank’s lending. Most of a bank’s activities are a source of credit risk, including its trading activities and the financial instruments that it transacts, in both cases whether on or off-balance sheet. The management of credit risk is a critical element of a comprehensive approach to risk management and is an important factor in the long-term success of any bank. The objective of credit risk management is to maximise the bank’s risk-adjusted

LAW OF VIRGIN ISLANDS Regulatory Code 261 Revision Date: 1 Jan 2020 [Statutory Instrument] rate of return by maintaining credit risk within acceptable parameters. Credit risk should be managed both with respect to individual transactions undertaken by the bank and with respect to its entire portfolio. (iii) A BVI bank’s credit risk strategy and policies should include the granting of loans, the making of investments, the evaluation of the quality of loans and investments and the on-going management of the bank’s loan and investment portfolios. Credit Risk Management Strategy (iv) The risk management strategy of a licensed bank should reflect the bank’s tolerance for risks and the level of profitability that the bank expects to achieve for incurring various credit risks. This will usually require the strategy to include a statement of the extent to which the bank is prepared to grant credit, based on exposure type, economic sector, geographical location, currency, maturity and anticipated profitability. The Commission expects the strategy or policies of a BVI bank to address topics such as target markets, portfolio mix [with the objective of achieving adequate diversification], price and non-price terms, the structure of limits, approval authorities, exception processing/reporting. In order to implement a sound credit risk management strategy, the systems of a bank will need to be able to aggregate different types of exposures [on-and off-balance sheet] in a comparable and meaningful manner. Approval by Board (v) Section 103(3) requires the board to approve, and periodically review the risk management strategy and significant policies. In undertaking this review, the directors should take into account the financial results of the bank and whether the bank is adequately capitalised. Criteria for Granting Credit (vi) It is important that a bank obtains sufficient information for relevant employees to make a decision on whether to grant credit based on the bank’s credit￾granting criteria. Although the information needed will depend upon the type of credit exposure, a bank will certainly need to obtain sufficient information to understand the customer’s risk profile. This would include information on his previous repayment history and his capacity to repay and, where applicable, his business expertise, and the sector in which he carries on business. The bank will also usually need to consider the proposed terms and conditions of the credit and, where applicable, the adequacy and enforceability of securities or guarantees. (vii) Where a bank carries on personal banking business with retail customers, specific credit-granting criteria should be established. These would cover matters such as maximum salary multiples and loan to value ratios. (viii) The Commission considers that a sound credit-granting process requires the allocation of specific limits to members of staff with credit-granting authority, which should be based on their level of seniority. The employees concerned should be required to acknowledge their limits in writing. (ix) A bank should, in its credit-granting criteria, also detail sectors, countries and geographical regions where it is not prepared to grant credit, for which an enhanced authorisation process is required or for which specific limits apply.

262 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS Granting of Credit to Connected Persons (x) Particular care should be taken in the granting, or renewing, of credit to persons connected to the bank to ensure that inappropriate lending decisions are not influenced by conflicting interests. Section 104(f) of the Code therefore sets out specific requirements with respect to the credit-granting criteria applicable to connected lending. (xi) In particular, section 104(f)(i) of the Code requires that all decisions are made on an “arms length” basis. The Commission considers that, with limited exceptions, this means that a bank must apply a commercial approach to the granting of credit to connected persons. Where credit is granted, therefore, it should not be granted on more favourable terms (e.g., as to credit assessment, interest rates etc.) than credit would be granted to non-connected persons in the same circumstances. The Commission accepts, however, that it may be appropriate and permissible for a BVI bank to grant credit to employees on favourable terms, for example as to interest rate, where this is part of the employee’s overall remuneration package. (xii) The Commission may, if it considers it appropriate, set limits on exposures to connected parties, or require security to be obtained for such exposures, on a case-by-case basis. This would be done either through the issuance of a directive, if appropriate, or through the imposition of a condition on the bank’s licence. Credit Administration, Measurement and Monitoring (xiii) Once a credit is granted, it is essential that the credit is properly maintained. This will require keeping the credit file up to date, obtaining current financial information and sending out notices and other documents, when required. In developing systems for on-going credit administration, banks should seek to ensure, in particular, that— (a) the on-going administration procedures are efficient and effective; (b) the information obtained is timely and accurate; (c) there is adequate segregation of duties; and (d) the controls over “back office” procedures are adequate. (xiv) One of the principal objectives of monitoring the condition of individual credits is to identify possible problem credits so that they can be dealt with accordingly, for example, by increased monitoring, corrective action or provisioning. (xv) Section 106(4)(a) requires the systems and controls of a BVI bank to enable the bank to reliably classify loans on the basis of credit risk. In order to comply with this requirement, the Commission considers that BVI banks will need to develop and utilise an internal risk rating system to manage credit risk. A risk rating system usually categorises credits into various classes to take account of gradations in risk. Such ratings are useful for tracking the deterioration of individual credits, but also for tracking the characteristics of the bank’s credit portfolio. (xvi) Although monitoring individual credits is important, it is also essential that a bank monitors the overall composition and quality of its credit portfolio and

LAW OF VIRGIN ISLANDS Regulatory Code 263 Revision Date: 1 Jan 2020 [Statutory Instrument] promptly identifies concentrations of risk [see further, Division 2 on exposures]. (xvii) The Commission expects all banks to commence the development of stress testing processes to test their credit exposures, both on an individual and a portfolio basis. Although not a requirement at this stage, stress testing will be required once the Commission adopts the Basel II approach to capital adequacy. At that stage, stress testing will become compulsory. Stress testing involves the identification of possible events or future changes in economic conditions that could have an unfavourable effect on a bank’s credit exposures and assessing the bank’s ability to withstand such changes. Areas in which banks should, in particular, consider stress testing are— (a) economic or industry downturns; (b) market-risk events; and (c) liquidity conditions. Stress testing techniques range from relatively simple alterations in assumptions about one or more financial, structural or economic variables to the use of sophisticated financial models. A BVI bank will need to consider what types of stress testing techniques to develop and introduce on the basis of its loan portfolio. (xviii) BVI banks should also use stress testing techniques to test and validate the internal credit risk assessment assumptions and models that they employ. Controls (xix) The on-going monitoring reviews and assessments should be designed to enable the board and senior management to verify whether the credit granting function is operating in compliance with the bank’s credit risk management strategy and policies and whether the bank’s credit-granting criteria are being observed. This requires an evaluation of the performance of the staff responsible for lending. In order to ensure that the reviews and assessments required under section 106 are objective, the Commission expects them to be carried out by persons who are independent of the credit-granting function. Furthermore, in order to preserve the independence of the review process, section 106 provides that the results of any review and assessment must be provided directly to the board, an appropriate committee of the board [usually the audit committee] or a senior manager not concerned with lending or the granting of credit. (xx) Section 106(3) requires the systems of a bank to provide for the management of deteriorating and problem loans and other assets. In order to comply with this requirement, the Commission considers that the systems of the bank should— (a) include a system for early remedial action on deteriorating credits; (b) include a system for classifying loans into discrete categories when payments are contractually a minimum number of days in arrears; and (c) require loans to be treated as impaired when there is reason to believe that principal or interest will not be collected in accordance with the contractual terms of the loan agreement.

264 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS Loan-loss Provisioning (xxi) Section 107 of the Code provides that the loan-loss provisions of a BVI bank shall be adequate to absorb estimated credit losses in the loan portfolio. The Commission places an extremely high level of importance on full compliance with this requirement. Critical to compliance is whether the methodology used to determine an appropriate level of loan-loss provisioning is sound. (xxii) International Accounting Standards (IAS 39) provides, amongst other things, for the impairment and uncollectability of financial assets. The Commission considers that, although not mandated as an international standard, IAS 39 is widely accepted as setting out best international practice for loan-loss provisioning. The effect of section 59 of the Code is to provide BVI banks with a choice of possible accounting standards. In the circumstances, it is not currently a requirement that BVI banks prepare their financial statements in accordance with International Accounting Standards. It follows that loan-loss provisioning is not currently required to be determined using IAS 39. However, given that IAS 39 represents best international practice, where a the financial statements of a BVI bank are not prepared in accordance with International Accounting Standards, the Commission nevertheless expects the principles of IAS 39 to be applied. The Commission should be advised to the extent that this is not considered to be appropriate or possible. (xxiii) The auditor of each BVI bank should be familiar with, and understand, IAS 39 and BVI banks should seek advice from their auditors, where needed, on the application of IAS 39 to loan-loss provisioning. In the circumstances, it would is not useful for IAS 39 to be considered in detail in this Explanatory Note. However, in order to assist banks, relevant excerpts of IAS 39 (drawn from the Basel Committee paper: Sound credit risk assessment and valuation for loans, June 2006), are set out below. This should not, however, be relied upon and reference should also be made to the complete standard. (xxiv) The Commission will review and assess the provisioning of a BVI bank, including the bank’s classification of its credits and assets, as part of its off-site and on-site monitoring procedures and, where it considers that the bank’s provisions or its systems for the classification of credits and assets are inadequate, the Commission will require the bank to take remedial action. IAS 39, Financial instruments: recognition and measurement Relevant Excerpts 59. A financial asset or a group of financial assets is impaired and impairment losses are incurred if, and only if, there is objective evidence of impairment as a result of one or more events that occurred after the initial recognition of the asset (a ‘loss event’) and that loss event (or events) has an impact on the estimated future cash flows of the financial asset or group of financial assets that can be reliably estimated. It may not be possible to identify a single, discrete event that caused the impairment. Rather the combined effect of several events may have caused the impairment. Losses expected as a result of future events, no matter how likely, are not recognised. Objective evidence that a financial asset or group of assets is impaired includes observable data that comes to the attention of the holder of the asset about the following loss events— (a) significant financial difficulty of the issuer or obligor;

LAW OF VIRGIN ISLANDS Regulatory Code 265 Revision Date: 1 Jan 2020 [Statutory Instrument] (b) a breach of contract, such as a default or delinquency in interest or principal payments; (c) the lender, for economic or legal reasons relating to the borrower’s financial difficulty, granting to the borrower a concession that the lender would not otherwise consider; (d) it becoming probable that the borrower will enter bankruptcy or other financial reorganisation; (e) the disappearance of an active market for that financial asset because of financial difficulties; or (f) observable data indicating that there is a measurable decrease in the estimated future cash flows from a group of financial assets since the initial recognition of those assets, although the decrease cannot yet be identified with the individual financial assets in the group, including— (i) adverse changes in the payment status of borrowers in the group (e.g. an increased number of delayed payments or an increased number of credit card borrowers who have reached their credit limit and are paying the minimum monthly amount); or (ii) national or local economic conditions that correlate with defaults on the assets in the group (e.g. an increase in the unemployment rate in the geographical area of the borrowers, a decrease in property prices for mortgages in the relevant area, a decrease in oil prices for loan assets to oil producers, or adverse changes in industry conditions that affect the borrowers in the group). 62. In some cases the observable data required to estimate the amount of an impairment loss on a financial asset may be limited or no longer fully relevant to current circumstances. For example, this may be the case when a borrower is in financial difficulties and there are few available historical data relating to similar borrowers. In such cases, an entity uses its experienced judgement to estimate the amount of any impairment loss. Similarly an entity uses its experienced judgement to adjust observable data for a group of financial assets to reflect current circumstances (see paragraph AG89). The use of reasonable estimates is an essential part of the preparation of financial statements and does not undermine their reliability. 64. An entity first assesses whether objective evidence of impairment exists individually for financial assets that are individually significant, and individually or collectively for financial assets that are not individually significant (see paragraph 59). If an entity determines that no objective evidence of impairment exists for an individually assessed financial asset, whether significant or not, it includes the asset in a group of financial assets with similar credit risk characteristics and collectively assesses them for impairment. Assets that are individually assessed for impairment and for which an impairment loss is or continues to be recognised are not included in a collective assessment of impairment.

266 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS Appendix A: Application guidance; measurement Impairment and uncollectibility of financial assets Financial assets carried at amortised cost (paragraphs 63-65 of IAS 39) AG84. Impairment of a financial asset carried at amortised cost is measured using the financial instrument’s original effective interest rate because discounting at the current market rate of interest would, in effect, impose fair value measurement on financial assets that are otherwise measured at amortised cost. If the terms of a loan, receivable or held-to maturity investment are renegotiated or otherwise modified because of financial difficulties of the borrower or issuer, impairment is measured using the original effective interest rate before the modification of terms. Cash flows relating to short-term receivables are not discounted if the effect of discounting is immaterial. If a loan, receivable or held-to-maturity investment has a variable interest rate, the discount rate for measuring any impairment loss under paragraph 63 is the current effective interest rate(s) determined under the contract. As a practical expedient, a creditor may measure impairment of a financial asset carried at amortised cost on the basis of an instrument’s fair value using an observable market price. The calculation of the present value of the estimated future cash flows of a collateralised financial asset reflects the cash flows that may result from foreclosure less costs for obtaining and selling the collateral, whether or not foreclosure is probable. AG85. The process for estimating impairment considers all credit exposures, not only those of low credit quality. For example, if an entity uses an internal credit grading system it considers all credit grades, not only those reflecting a severe credit deterioration. AG86. The process for estimating the amount of an impairment loss may result either in a single amount or in a range of possible amounts. In the latter case, the entity recognises an impairment loss equal to the best estimate within the range [IAS 37, paragraph 39 contains guidance on how to determine the best estimate in a range of possible outcomes], taking into account all relevant information available before the financial statements are issued about conditions existing at the balance sheet date. IAS 37, paragraph 39 contains guidance on how to determine the best estimate in a range of possible outcomes. AG87. For the purpose of a collective evaluation of impairment, financial assets are grouped on the basis of similar credit risk characteristics that are indicative of the debtors’ ability to pay all amounts due according to the contractual terms (for example, on the basis of a credit risk evaluation or grading process that considers asset type, industry, geographical location, collateral type, past-due status and other relevant factors). The characteristics chosen are relevant to the estimation of future cash flows for groups of such assets by being indicative of the debtors’ ability to pay all amounts due according to the contractual terms of the assets being evaluated. However, loss probabilities and other loss statistics differ at a group level between (a) assets that have been individually evaluated for impairment and found not to be impaired and (b) assets that have not been individually evaluated for

LAW OF VIRGIN ISLANDS Regulatory Code 267 Revision Date: 1 Jan 2020 [Statutory Instrument] impairment, with the result that a different amount of impairment may be required. If an entity does not have a group of assets with similar risk characteristics, it does not make the additional assessment. AG88. Impairment losses recognised on a group basis represent an interim step pending the identification of impairment losses on individual assets in the group of financial assets that are collectively assessed for impairment. As soon as information is available that specifically identifies losses on individually impaired assets in a group, those assets are removed from the group. AG89. Future cash flows in a group of financial assets that are collectively evaluated for impairment are estimated on the basis of historical loss experience for assets with credit risk characteristics similar to those in the group. Entities that have no entity-specific loss experience or insufficient experience use peer group experience for comparable groups of financial assets. Historical loss experience is adjusted on the basis of current observable data to reflect the effects of current conditions that did not affect the period on which the historical loss experience is based and to remove the effects of conditions in the historical period that do not exist currently. Estimates of changes in future cash flows reflect and are directionally consistent with changes in related observable data from period to period (such as changes in unemployment rates, property prices, commodity prices, payment status or other factors that are indicative of incurred losses in the group and their magnitude). The methodology and assumptions used for estimating future cash flows are reviewed regularly to reduce any differences between loss estimates and actual loss experience. AG90. As an example of applying paragraph AG89, an entity may determine, on the basis of historical experience that one of the main causes of default on credit card loans is the death of the borrower. The entity may observe that the death rate is unchanged from one year to the next. Nevertheless, some of the borrowers in the entity’s group of credit card loans may have died in that year, indicating that an impairment loss has occurred on those loans, even if, at the year-end, the entity is not yet aware which specific borrowers have died. It would be appropriate for an impairment loss to be recognised for these ‘incurred but not reported’ losses. However, it would not be appropriate to recognise an impairment loss for deaths that are expected to occur in a future period, because the necessary loss event (the death of the borrower) has not yet occurred. AG91. When using historical loss rates in estimating future cash flows, it is important that information about historical loss rates is applied to groups that are defined in a manner consistent with the groups for which the historical loss rates were observed. Therefore, the method used should enable each group to be associated with information about past loss experience in groups of assets with similar credit risk characteristics and relevant observable data that reflect current conditions. AG92. Formula-based approaches or statistical methods may be used to determine impairment losses in a group of financial assets (e.g. for smaller balance loans) as long as they are consistent with the requirements in paragraphs 63-65 and AG87-AG91. Any model used would incorporate the effect of the time value of money, consider the cash flows for all of the remaining life of an asset (not only the next year), consider the age of the loans

268 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS within the portfolio and not give rise to an impairment loss on initial recognition of a financial asset.

---

Country and transfer risk Country and transfer risk systems and controls 108. (1) A BVI bank shall establish and maintain— (a) a strategy and, if the board considers it appropriate, policies, for— (i) managing its country and transfer risk, appropriate for the nature, size, complexity, structure and diversity of its business and the country and transfer risk to which it is exposed; and (ii) maintaining adequate provisions and reserves against its country and transfer risk; and (b) systems and controls that are sufficient to ensure that the country and transfer risk management strategy and policies are effectively implemented. (2) Without limiting subsection (1), the country and transfer risk management strategy, policies, systems and controls of a BVI bank shall— (a) set individual country limits; (b) provide for the communication of, and monitoring adherence to, those individual country limits; (c) provide for the identification, measurement, monitoring and control of country and transfer risk; and (d) monitoring and evaluating developments in country and transfer risk and for applying appropriate countermeasures. (3) The country and transfer risk management strategy and the significant country and transfer risk management policies established under subsection (1) shall be approved, and reviewed on at least an annual basis, by the board or by an appropriate committee of the board. (4) The country and transfer risk management strategy, policies, systems and controls shall be fully and clearly documented and readily available to the directors and to those senior managers and staff who have responsibility for implementing them.

---

EXPLANATORY NOTES Introduction to Country and Transfer Risk (i) The purpose of the provisions of the Code relating to country and transfer risk is to specify the Commission’s requirements with respect to the management by banks of those risks. These provisions are intended to implement the Basel Committee’s paper on the “Management of Banks’ International Lending. Country Risk Analysis and Country Exposure Measurement and Control” issued in March 1982. (ii) Country risk arises when a bank engages in international lending and investment activities. In essence, it is the risk that borrowers or counterparties of the bank in a particular country may be unwilling or unable to fulfil their

LAW OF VIRGIN ISLANDS Regulatory Code 269 Revision Date: 1 Jan 2020 [Statutory Instrument] external obligations for reasons beyond the usual risks which arise in relation to all lending. Country risk may be caused by one or more of a number of factors, including— (a) political changes or official actions, such as government repudiation of external debt, nationalisation or government appropriation of assets, exchange controls or currency devaluation; (b) largely unpredictable events, such as natural disasters or external shocks arising from global phenomena like world depression or the consequences of an oil price rise; or (c) deteriorating economic conditions within the country of the borrower or counterparty. (iii) The above factors are usually classified as separate components of country risk. The most important are— (a) transfer risk, which is the risk that private borrowers and counterparties will not be able to fulfil their obligations due to government actions, for example the imposition of foreign exchange controls; (b) sovereign risk, which is the risk of default of a sovereign loan, that is a loan to, or guaranteed by, a foreign government; (c) contagion risk, which arises when adverse developments in one country lead to a downgrading of rating or a credit squeeze not only for that country, but also for other countries; and (d) collective debtor risk, which is the risk that arises from national political and/or economic events which negatively impact the quality of a bank’s overall portfolio in a country. (iv) A bank cannot usually exercise any direct influence over country risk, of any type, and it is therefore vital that, if a bank incurs cross-border exposures, it has strategies, policies, systems and controls in place to manage its country risk, including transfer risk. The banks systems and controls should enable it to measure, monitor and control country and transfer risk and to apply appropriate countermeasures. (v) In order to guard against undue concentration of risk, section 108(2) requires a bank to set individual country limits. Assessing Compliance (vi) When assessing a bank’s compliance with section 108, the Commission will consider, in particular, whether— (a) the bank’s strategy, policies, systems and controls with respect to the management of country and transfer risk are appropriate for the nature, size, complexity, structure and diversity of its business; (b) the bank devotes sufficient resources to managing country risk; and (c) the bank maintains adequate reserves and provisions for country and transfer risk. (vii) Countries can exercise some choice in how they comply with the Basel Committee’s requirements with respect to the setting of appropriate provisions against country and transfer risk. The option chosen by the Commission is to

270 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS permit banks to set their own percentages or guidelines with respect to provisioning, either generally or at an individual loan level. The adequacy of a bank’s provisioning will be assessed by the Commission during its off- and on￾site examination process. (viii) Section 108(2)(b) requires a BVI bank to monitor adherence to the individual country limits that have been set. In order to comply with this requirement, it will be necessary for a bank to identify and monitor all exposures on an individual country basis. Licensed Foreign Banks (ix) The Commission understands that, in the case of a licensed foreign bank, the country and transfer risk management policies, systems and controls will usually be established by the head office of the bank and will be compliant with the requirements of banks home supervisor. However, as with respect to all matters that are subject to home country supervision, the Commission will assess their adequacy with respect to business undertaken in the Virgin Islands.

---

Liquidity risk Framework for managing liquidity 109. (1) A BVI bank shall establish and maintain— (a) a strategy and, if the bank considers it appropriate, policies, for the day-to-day management of its liquidity appropriate for the nature, size, complexity, structure and diversity of the bank’s business and the liquidity risk to which it is exposed; and (b) systems, including information systems, and controls that are sufficient to ensure that the liquidity management strategy and policies are effectively implemented. (2) The objective of the liquidity management strategy, policies, systems and controls shall be to ensure that a bank is able to fund increases in assets and meet obligations as they come due. (3) Without limiting subsections (1) and (2), the liquidity management strategy and policies of a BVI bank shall— (a) set out the general approach of the bank to liquidity; (b) take into account all the bank’s significant operations, whether on- or off-balance sheet; (c) cover all liquidity management issues relevant to the bank, including— (i) the composition of assets and liabilities; (ii) the approach to managing liquidity in different currencies and from one country to another; (iii) the relative reliance on the use of certain financial instruments; (iv) the liquidity and marketability of assets; (v) how the bank will deal with the potential for temporary and long￾term disruptions in liquidity; and

LAW OF VIRGIN ISLANDS Regulatory Code 271 Revision Date: 1 Jan 2020 [Statutory Instrument] (vi) the bank’s market access; (d) include both qualitative and quantitative targets appropriate to the bank’s business; and (e) include contingency plans that set out the bank’s strategy for handling liquidity crises. (4) The liquidity management strategies, policies, systems and controls shall be fully and clearly documented and communicated and readily available to the directors, senior management and to all other staff of the bank who conduct activities that have an impact on liquidity. Responsibilities of board and senior management 110. (1) The board of a BVI bank shall— (a) approve the liquidity management strategy and the significant liquidity management policies, and any subsequent changes to the strategy or significant policies, and review them on at least an annual basis; (b) ensure that a management structure is put in place to effectively execute the liquidity management strategy and policies; and (c) oversee the monitoring and control of liquidity risk by senior management. (2) The senior management of a BVI bank shall ensure that the board is— (a) regularly informed as to the liquidity position of the bank; and (b) immediately informed of any material changes in the bank’s current or prospective liquidity position. Submission of liquidity management strategy to Commission 111. (1) A BVI bank shall, within the specified period, submit to the Commission— (a) a copy of its liquidity management strategy, as approved by the board; (b) if the board approves any amendments to the liquidity management strategy, a copy of the liquidity management strategy incorporating those amendments. (2) The specified period for the submission by a bank of a copy of its liquidity management strategy is— (a) in the case of a bank that is a licensed bank on the commencement date, 3 months from the commencement date; or (b) in the case of a bank that is granted a bank licence after the commencement date, one month from the date of its licence. (3) The specified period for the submission by a bank of a copy of its amended liquidity management strategy is 7 days from the date of the board’s approval of the amendments to the liquidity management strategy. Liquidity limits 112. A BVI bank, through its senior management, shall set liquidity limits to ensure adequate liquidity.

272 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS Systems and controls for liquidity management 113. (1) The liquidity management systems established by a BVI bank shall provide for the measuring, monitoring, controlling and reporting of liquidity risk. (2) Without limiting subsection (1), the systems and controls shall provide for— (a) the undertaking of regular liquidity reviews; and (b) the on-going measurement and monitoring of net funding requirements. (3) A BVI bank shall have effective internal controls with respect to liquidity and liquidity risk management. (4) A BVI bank shall report to the Commission in writing as soon as reasonably practical after discovering any failure to adhere to its liquidity limits. Foreign currency liquidity management 114. (1) A BVI bank shall establish and maintain systems and controls that provide for the measurement, monitoring and control of its liquidity positions in the major currencies in which it is active, including the assessment of its aggregate foreign currency liquidity needs and its needs for each currency individually. (2) A BVI bank shall, where appropriate, set and review, at least on an annual basis, limits on the size of its cash flow mismatches for foreign currencies in aggregate and for each significant individual currency in which the bank operates. EXPLANATORY NOTES Liquidity Risk – Introduction (i) The purpose of the provisions in the Code relating to liquidity is to specify the Commission’s requirements with respect to the management of liquidity and liquidity risk. These provisions are intended to give effect in the BVI to the Basel Committee’s “Sound Practices for Managing Liquidity in Banking Organisations” issued in February 2000. (ii) Liquidity risk is the risk that a bank is not able to fund increases in assets and meet obligations as they come due. One of a bank’s key business activities is the creation of liquidity which it provides to its customers through the granting of credit. Liquidity is therefore crucial to the on-going viability of any bank. Given the nature of their business, banks are particularly vulnerable to liquidity problems, both institution-specific and those which affect markets as a whole and managing liquidity is therefore a vital activity. However, the importance of liquidity transcends the individual bank, as liquidity problems at one bank can have system-wide repercussions. A bank needs to be aware of this when developing its liquidity management framework. Establishment and Maintenance of Liquidity Management Strategy (iii) Given the importance of liquidity to a bank and the range of business functions that can impact on liquidity, directors and senior management and other relevant employees should have a thorough understanding of liquidity management and, in particular, how other risks, including credit, market and operational risk can impact on liquidity. If necessary, appropriate training should be provided.

LAW OF VIRGIN ISLANDS Regulatory Code 273 Revision Date: 1 Jan 2020 [Statutory Instrument] (iv) The foundation of the liquidity management framework is the liquidity management strategy. Although this may be supported by policies, the liquidity management strategy should be a reasonably comprehensive and detailed plan for the management of the banks’ liquidity that, as required by section 109(3)(b), takes into account all of the bank’s significant operations. Oversight by Board (v) Section 110(1)(b) requires the board to ensure that a management structure is put in place to effectively execute the liquidity management strategy and policies. Given its importance, responsibility for liquidity management should be placed with a specific, identified group of persons within the bank [perhaps an Asset/Liability Committee] that includes members of senior management and the treasury function or the risk management function. Systems and Controls (vi) Section 113(1) requires that the liquidity management systems established by a BVI bank must provide for the measuring, monitoring, controlling and reporting of liquidity risk. A key part of the bank’s systems and controls is its management information system, which should be designed to provide the board, senior management and other appropriate employees with timely information on the liquidity position of the bank. The system should be flexible enough to deal with various contingencies that may arise and should have the ability to calculate liquidity positions in all of the major currencies in which the bank deals, both individually and on an aggregate basis. A bank should have the ability to calculate its liquidity positions, on a day to day basis for the shorter time horizons (e.g. out to 5 days) and over a series of specified time periods thereafter, including for more distant periods. The management information system should be used to check for compliance with the bank’s strategy, policies, controls and limits. Reporting of risk measures should be done on a timely basis and compare current liquidity exposures with any set limits. (vii) Section 113(2) requires the liquidity management systems and controls of a BVI bank to provide for the undertaking of regular liquidity reviews. The Commission expects a bank to undertake both frequent routine liquidity reviews and less frequent, but more in-depth reviews. These reviews should be used to re-examine and refine the bank’s liquidity management framework in the light of its liquidity experience and developments in its business. Limits (viii) The Basel liquidity management standards require either that the supervisory authority should set liquidity limits for banks or that banks should be required to set their own liquidity limits. The Commission has determined that licensed banks should be permitted to set their own liquidity limits. However, these will be reviewed by the Commission which may decide to set liquidity limits on a case-by-case basis. (ix) The liquidity limits set by a BVI bank must be designed to ensure that the bank has adequate liquidity. The Commission does not intend to prescribe the limits required, but these could, for example, include—

274 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (a) cumulative cash flow mismatches (i.e. the cumulative net funding requirement as a percentage of total liabilities) over particular periods, such as next day, next 5 days, next month, etc.; (b) liquid assets as a percentage of short term liabilities. (x) Cumulative cash flow mismatches should be calculated by taking a conservative view of the marketability of liquid assets, with a discount to cover price volatility and any drop in price in the event of a forced sale, and should include likely outflows as a result of drawdown of commitments, etc. (xi) The liquid assets/short term liabilities ratio should include a discount to reflect price volatility. The assets included in this category should only be those which are highly liquid – i.e. only those in which there is judged to be a ready market even in periods of stress. When considering which assets should be regarded as liquid assets for the purposes of this ratio, a bank should consider not just credit quality and marketability, but also the existence of any encumbrances that would prevent a quick sale to meet unexpected net cash flow requirements. Assets charged to secure specific obligations should not, therefore, be considered as liquid assets. The Commission may require a BVI bank to hold a specified amount of high quality liquid assets. Unless the Commission otherwise specifies, only cash items and marketable securities [as reported on the quarterly banking return] are to be considered “high quality” liquid assets. (xii) A BVI bank should analyse the likely impact of different stress scenarios on their liquidity position and set their limits accordingly. Limits should be appropriate to the size, complexity and financial condition of the bank. Net Funding Requirements (xiii) At a very basic level, liquidity measurement involves assessing all of a bank’s cash inflows against its outflows to identify the potential for any net shortfalls going forward. This includes funding requirements for off-balance sheet commitments. A number of techniques can be used for measuring liquidity risk, ranging from simple calculations and static simulations based on current holdings to highly sophisticated modelling techniques. The Commission expects that a bank will use techniques that are appropriate for its business. (xiv) An important aspect of managing liquidity is making assumptions about future funding needs. While certain cash inflows and outflows can be easily calculated or predicted, a bank must also make assumptions about future liquidity needs, both in the very short-term and for longer time periods. Gap report (xv) The Commission requires banks to use a “gap report” or “maturity ladder” to compare cash inflows and outflows over a series of specified time periods [Schedule B of the Quarterly Banking Return]. The gap report serves as a basic tool for monitoring interest rate exposure and liquidity arising out of repricing and maturity imbalances. However, depending upon the circumstances of a particular bank, this may not be sufficient in itself.

LAW OF VIRGIN ISLANDS Regulatory Code 275 Revision Date: 1 Jan 2020 [Statutory Instrument] “What if” scenarios (xvi) Evaluating whether a bank is sufficiently liquid is highly dependent on the behaviour of cash flows under different conditions. Analysing liquidity therefore requires a bank to test against a variety of “what if” scenarios. Under each scenario, a bank should try to account for any significant positive or negative liquidity swings that could occur. These scenarios should take into account factors that are both internal (bank- specific) and external (market￾related). While liquidity will typically be managed under “normal” circumstances, the bank must be prepared to manage liquidity under abnormal conditions. (xvii) A bank will need to assign the timing of cash flows for each type of asset and liability by assessing the probability of the behaviour of those cash flows under the scenario being examined. These decisions about the specific timing and the size of cash flows are an integral part of the construction of the maturity ladder under each scenario. For each funding source, for example, a bank would have to decide whether the liability would be: (1) repaid in full at maturity; (2) gradually run off over the next few weeks; or (3) virtually certain to be rolled over or available if tapped. (xviii) Since a bank’s future liquidity position will be affected by factors that cannot always be forecast with precision, assumptions need to be reviewed frequently to determine their continuing validity. The major assumptions to be made should include assumptions concerning assets, liabilities, off-balance sheet activities together with certain other assumptions considered below. Assets (xix) Assumptions about a bank’s future stock of assets include their potential marketability and use as collateral which could increase cash inflows, the extent to which assets will be originated and sold through asset securitisation programmes, and the extent to which maturing assets will be renewed, and new assets acquired. (xx) Determining the level of a bank’s potential assets involves answering three questions— (a) What proportion of maturing assets will a bank be able and willing to roll over or renew? (b) What is the expected level of new loan requests that will be approved? (c) What is the expected level of draw-downs of commitments to lend that a bank will need to fund? (xxi) For the purposes of determining their marketability, assets can be segregated into 4 categories according to the degree of their relative liquidity— (a) the most liquid category includes components such as cash and government securities which are eligible as collateral in central banks’ routine open market operations; (b) a second category is other marketable securities, for example equities, and inter-bank loans which may be saleable but which may lose liquidity under adverse conditions; (c) a third less liquid category comprises a bank's saleable loan portfolio;

276 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (d) the least liquid category includes essentially unmarketable assets such as loans not capable of being readily sold, bank premises and investments in subsidiaries, as well as, possibly, severely troubled credits; Assets charged to third parties should be excluded from each category. Liabilities (xxii) Analysing the liability side of the balance sheet for sources of funding requires a bank to understand the characteristics of its fund providers and funding instruments. To evaluate the cash flows arising from a bank’s liabilities, a bank would have to examine the behaviour of its liabilities under normal business conditions. This would include establishing— (a) the normal level of roll-overs of deposits and other liabilities; (b) the effective maturity of deposits with non-contractual maturities, such as demand deposits and many types of savings accounts; and (c) the normal growth in new deposit accounts. (xxiii) In examining the cash flows arising from a bank’s liabilities under abnormal circumstances (bank-specific or general market problems), a bank would examine 4 basic questions— (a) Which sources of funding are likely to stay with the bank under any circumstance, and can these be increased? (b) Which sources of funding can be expected to run off gradually if problems arise, and at what rate? Is deposit pricing a means of controlling the rate of runoff? (c) Which maturing liabilities or liabilities with non- contractual maturities can be expected to run off immediately at the first sign of problems? Are there liabilities with early withdrawal options that are likely to be exercised? (d) Does the bank have back-up facilities that it can draw down and under what circumstances? Off-balance sheet activities (xxiv) A bank should also examine the potential for substantial cash flows from its off￾balance-sheet activities (other than the loan commitments already considered). The contingent nature of most off-balance-sheet instruments adds to the complexity of managing off-balance-sheet cash flows. In particular, during stressful situations, off-balance-sheet commitments can have a significant drain on liquidity. (xxv) Looking solely at instruments may ignore some factors that could significantly impact a bank’s cash flows. Besides the liquidity needs arising from their own business activities, banks also require funds to support other operations. For example, many large banks provide correspondent banking services for foreign banks or provide access to payment systems for smaller domestic banks and other financial institutions.

LAW OF VIRGIN ISLANDS Regulatory Code 277 Revision Date: 1 Jan 2020 [Statutory Instrument] Other assumptions (xxvi) In addition, net overhead expenses, such as rent, salary and tax payments, although generally not significant enough to be considered in banks’ liquidity analyses, can in some cases also be sources of cash outflows. Market Access (xxvii) A sound liquidity management strategy requires a bank, through its senior management, to periodically review its efforts to establish and maintain relationships with liability holders to maintain the diversification of liabilities and to ensure its capacity to sell assets. This will enable a bank to understand how much funding it can expect to receive from the market in both normal and adverse circumstances. Contingency Planning (xxviii) The contingency plan of a bank should be designed to ensure that adequate liquidity is achieved during a liquidity crisis. A major element in the plan should be a strategy for taking certain actions to alter asset and liability behaviours. Other components of the contingency plan involve maintaining customer relationships with liability-holders, borrowers, and trading and off￾balance-sheet counter-parties. (xxix) A bank’s contingency plan should— (a) include procedures for making up cash flow shortfalls in adverse situations, specifying as clearly as possible the amount of funds a bank has available from its various sources of funds, and under what scenarios a bank could use them; (b) specify in what circumstances and for what purposes it would establish committed lines of funding, for which it pays a fee, which would be available to it under abnormal circumstances if uncommitted facilities fail; (c) fully incorporate the potential risk posed by its secondary market credit activities, if any; and (d) take into consideration the need to obtain replacement funding, and specify the possible alternative funding sources, in the event of the early amortisation of outstanding asset-backed securities. Foreign Currency Liquidity Management (xxx) When it uses foreign currency to fund a portion of domestic currency assets, a bank needs to analyse the market conditions that could affect access to the foreign currency and understand that foreign currency depositors and lenders may seek to withdraw their funding more quickly than domestic counterparties. A bank should also assess its access to alternative sources of funding to repay foreign currency liabilities. When lending in a currency other than their domestic currency, a bank needs to consider carefully the various risks. This will require senior management to make a thorough and conservative assessment of the likely access to the foreign exchange markets and the likely convertibility of the currencies in which the bank carries out its activities, under the various scenarios in which it might need to switch funding from one currency to another.

278 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS Senior management also needs to consider a range of possible scenarios for exchange rates, even where currencies are currently pegged or fixed. In many cases, an effective yet simple strategy for dealing with these issues would be for an institution to hold foreign currency assets in an amount equal to its foreign currency liabilities. Internal Controls for Liquidity Risk Management (xxxi) Section 113(3) requires a bank to have effective internal controls with respect to liquidity and liquidity risk management. The Commission considers that, in order for internal controls to be effective, they must provide for regular independent reviews and evaluations of the effectiveness of the system and, where necessary, ensure that appropriate revisions or enhancements are made. (xxxii) Effective internal control for liquidity risk include— (a) a strong control environment; (b an adequate process for identifying and evaluating liquidity risk; (c) the establishment of control activities such as policies and procedures; (d) adequate information systems; and, (e) continual review of adherence to established policies and procedures. (xxxiii) The internal controls should, in particular, consider appropriate approval processes, limits, reviews and other mechanisms designed to provide a reasonable assurance that the institution’s liquidity risk management objectives are achieved. Many attributes of a sound risk management process, including risk measurement, monitoring and control functions, are key aspects of an effective system of internal control. A bank should ensure that all aspects of the internal control system are effective, including those aspects that are not directly part of the risk management process. In addition, an important element of a bank’s internal control system over its liquidity risk management process is regular evaluation and review. This includes ensuring that employees are following established policies and procedures, as well as ensuring that the procedures that were established actually accomplish the intended objectives. Such reviews and evaluations should also address any significant change that may impact on the effectiveness of controls. Management should ensure that all such reviews and evaluations are conducted regularly by individuals, who are independent of the function being reviewed. When revisions or enhancements to internal controls are warranted, there should be a mechanism in place to ensure that these are implemented in a timely manner. From the periodic review management should determine whether the organisation complies with its liquidity risk policies and procedures. Positions that exceed established limits should receive the prompt attention of appropriate management and should be resolved according to the process described in approved policies. Periodic reviews of the liquidity management process should also address any significant changes in the nature of instruments acquired, limits, and internal controls that have occurred since the last review.

LAW OF VIRGIN ISLANDS Regulatory Code 279 Revision Date: 1 Jan 2020 [Statutory Instrument] (xxxiv) The internal audit function should also periodically review the liquidity management process in order to identify any weaknesses or problems. In turn, these should be addressed by management in a timely and effective manner. Assessing Compliance (xxxv) When assessing a bank’s compliance with the requirements with respect to liquidity and liquidity risk management, the Commission will take into account, in particular— (a) the nature, size, complexity, structure and diversity of the bank’s business; (b) the bank’s standing in the market; (c) the diversification and volatility of the bank’s liabilities; (d) the bank’s asset profile and quality; (e) the availability to the bank, and the reliability of, stand-by facilities and intra-group funding; (f) the bank’s activities across currencies; (g) the qualities of a bank’s strategy, policies, systems and controls for managing liquidity and liquidity risk; and (h) the experience and expertise of the bank’s directors and senior management.

---

Interest Rate Risk Interest rate risk strategy, policies, systems and controls 115. (1) A BVI bank shall establish and maintain— (a) a strategy, and if the board considers it appropriate, policies, for the management of its interest rate risk appropriate for the nature, size, complexity, structure and diversity of the bank’s business and the interest rate risk to which it is exposed; and (b) systems and controls that are sufficient to ensure that the interest rate risk management strategy and policies are effectively implemented. (2) Without limiting subsection (1)— (a) the interest rate risk management strategy and policies of a BVI bank shall set out the objectives of the bank with respect to interest rate risk and should provide clear guidance regarding the level of interest rate risk acceptable to the bank; (b) the strategy, policies, systems and controls shall provide for the identification, measurement, monitoring and control of interest rate risk and shall include— (i) appropriate operating limits that maintain the bank’s exposures within levels consistent with their internal policies concerning interest rate risk; (ii) standards for valuing positions and measuring performance;

280 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (iii) a comprehensive interest rate risk reporting and interest rate management review process; (iv) effective internal controls with respect to interest rate risk; (v) a requirement that the interest rate risk of new products, and any major hedging or risk management initiatives, is assessed and adequate risk management systems and controls established before they are introduced or undertaken; and (vi) a requirement that any exceptions to the strategy, policies, systems and controls shall be approved by senior management or, where appropriate, the board. (3) The interest rate risk management strategies, policies, systems and controls shall be fully and clearly documented and communicated and readily available to the directors and to those senior managers and staff who have responsibility for implementing them. Responsibilities of board and senior management 116. (1) The board of a BVI bank shall— (a) approve the interest rate risk management strategy and policies, and any subsequent changes to the strategy or policies, and review them on at least an annual basis; (b) approve any major hedging or risk management initiatives before they are introduced; (c) ensure that a management structure is put in place to effectively execute the interest rate risk management strategy and policies; and (d) oversee the monitoring and control of interest rate risk by senior management. (2) The senior management of a BVI bank— (a) have responsibility for the establishment and maintenance of the interest rate risk systems and controls required by 115(1)(b); (b) shall keep the bank’s interest rate risk management strategy, policies, systems and controls under review, taking into account the results of stress testing undertaken by the bank; and (c) shall ensure that— (i) analysis and risk management activities related to interest rate risk are undertaken by competent staff with technical knowledge and experience consistent with the nature and scope of the bank’s activities and that staff resources are sufficient to manage these activities and to accommodate the temporary absence of key staff members; and (ii) the board is regularly informed as to the interest rate risk exposure of the bank. Measurement of interest rate risk 117. (1) A BVI bank’s systems for measuring interest rate risk shall—

LAW OF VIRGIN ISLANDS Regulatory Code 281 Revision Date: 1 Jan 2020 [Statutory Instrument] (a) capture all material sources of interest rate risk; and (b) assess the effect of interest rate changes in ways that are consistent with the nature, size, complexity, structure and diversity of the bank’s activities. (2) A BVI bank shall ensure that the assumptions and models, if any, underlying its systems for measuring interest rate risk are tested and validated on a regular basis.

---

EXPLANATORY NOTES Introduction to Interest Rate Risk (i) The purpose of the provisions of the Code relating to interest rate risk is to specify the Commission’s requirements with respect to the management by banks of that risk. These provisions are intended to implement the Basel Committee’s paper on the “Principles for the Management and Supervision of Interest Rate Risk” issued in July 2004. Banks should refer to this paper for further information on the management of interest rate risk. (ii) Interest rate risk is the exposure of a bank’s financial condition to adverse movements in interest rates. Accepting this risk is a normal part of banking and can be an important source of profitability and shareholder value. However, excessive interest rate risk can pose a significant threat to a bank’s earnings and capital base. Changes in interest rates affect a bank’s earnings by changing its net interest income and the level of other interest sensitive income and operating expenses. Changes in interest rates also affect the underlying value of the bank’s assets, liabilities, and off-balance-sheet instruments because the present value of future cash flows (and in some cases, the cash flows themselves) change when interest rates change. Accordingly, an effective risk management process that maintains interest rate risk within prudent levels is essential to a bank’s safety and soundness. Sources of Interest Rate Risk (iii) There are a number of possible sources of interest rate risk, the most common being the following— (a) Repricing risk: This is the primary form of interest rate risk and it arises from timing differences in the maturity (for fixed-rate) and repricing (for floating-rate) of bank assets, liabilities, and off-balance-sheet positions. (b) Yield curve risk: This form of interest rate risk arises when unanticipated shifts of the yield curve have adverse effects on a bank’s income or underlying economic value. (c) Basis risk: This form of interest rate risk arises from imperfect correlation in the adjustment of the rates earned and paid on different instruments with otherwise similar repricing characteristics. When interest rates change, these differences can give rise to unexpected changes in the cash flows and earnings spread between assets, liabilities and off-balance-sheet instruments of similar maturities or repricing frequencies. (d) Optionality: This form of interest rate risk arises from the options embedded in many bank assets, liabilities, and off-balance sheet portfolios. An option provides the holder with the right, but not the obligation, to buy,

282 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS sell, or in some manner alter the cash flow of an instrument or financial contract. If not adequately managed, the asymmetrical payoff characteristics of instruments with optionality features can pose significant risk particularly to those who sell them, since the options held, both explicit and embedded, are generally exercised to the advantage of the holder and the disadvantage of the seller. Moreover, an increasing array of options can involve significant leverage which can magnify the influences (both negative and positive) of option positions on the financial condition of the bank. Effects of Interest Rate Risk (iv) Changes in interest rates can have adverse consequences both on a bank’s earnings and on its economic value. The Commission intends to introduce a market risk capital requirement for banks in the near future. The measurement of interest rate risk will be considered in more detail at that time. For the purposes of the provisions of the Code relating to credit risk, this Explanatory Note therefore provides only a brief outline of the 2 separate, but complimentary, perspectives for assessing a bank’s interest rate exposure. (v) However, section 12 of the Banks and Trust Companies Act and section 74 of the Code impose an over-riding capital resource requirement on BVI banks. Regardless of the specific capital requirements in the Code, if the business of a bank exposes it to interest rate risk, the bank should take this into account in assessing the amount of capital that it requires. The directors and senior management of a bank that has a significant exposure to interest rate risk should, therefore, ensure that they fully understand how it should be assessed. Earnings perspective (vi) In the earnings perspective, the focus of analysis is the impact of changes in interest rates on accrual or reported earnings. This is the traditional approach to interest rate risk assessment taken by many banks. Variation in earnings is an important focal point for interest rate risk analysis because reduced earnings or outright losses can threaten the financial stability of an institution by undermining its capital adequacy and by reducing market confidence. Economic value perspective (vii) Variation in market interest rates can also affect the economic value of a bank’s assets, liabilities, and off-balance-sheet positions. The sensitivity of a bank’s economic value to fluctuations in interest rates is, therefore, a particularly important consideration of shareholders, management, and supervisors. The economic value of a bank can be viewed as the present value of the bank’s expected net cash flows, defined as the expected cash flows on assets minus the expected cash flows on liabilities plus the expected net cash flows on off￾balance sheet positions. In this sense, the economic value perspective reflects one view of the sensitivity of the net worth of the bank to fluctuations in interest rates. Embedded losses (viii) The earnings and economic value perspectives focus on how future changes in interest rates may affect a bank’s financial performance. When evaluating the level of interest rate risk it is willing and able to assume, a bank should also consider the impact that past interest rates may have on future performance. In particular, instruments that are not marked to market may already contain

LAW OF VIRGIN ISLANDS Regulatory Code 283 Revision Date: 1 Jan 2020 [Statutory Instrument] embedded gains or losses due to past rate movements. These gains or losses may be reflected over time in the bank’s earnings. For example, a long-term, fixed-rate loan entered into when interest rates were low and refunded more recently with liabilities bearing a higher rate of interest will, over its remaining life, represent a drain on the bank’s resources. Responsibilities of the Board (ix) In order to effectively oversee the monitoring and control of interest rate risk by senior management, the board should periodically review information that is sufficiently detailed and timely to enable it to understand and assess the performance of senior management in monitoring and controlling these risks in compliance with the strategy and policies that it has approved. As the reviews should be undertaken on a risk-based basis, they should be carried out more frequently where the bank holds significant positions in complex instruments. (x) The Commission does not expect directors to have detailed technical knowledge of complex financial instruments, legal issues or sophisticated risk management techniques. However, they are responsible for ensuring that, where the bank holds such instruments, senior management has a full understanding of the risks incurred by the bank and the bank has employees with sufficient technical skills to evaluate and control these risks. Role of Senior Management (xi) Senior management responsible for interest rate risk should receive interest rate risk reports that provide aggregate information as well as sufficient supporting detail to enable senior management to assess the sensitivity of the institution to changes in market conditions and other important risk factors. Senior management should also review periodically the bank’s interest rate risk management policies, systems and controls to ensure that they remain appropriate and sound. Lines of Responsibility (xii) Section 18(1)(a) of the Code provides that a bank must take reasonable care to maintain a clear and appropriate apportionment of significant responsibilities among its directors, senior managers and key functionaries so that it is clear who has which of those responsibilities. The Commission considers that interest rate risk management is a significant responsibility for this purpose. (xiii) The Commission expects that, in order to ensure compliance with section 18(1)(a), a bank should— (a) give responsibility to specific employees for managing interest rate risk and reporting risk exposures to senior management; and (b) ensure that there is adequate separation of duties in key elements of the interest rate risk management process so that conflicts of interest are avoided. In particular, those employees who are responsible for the measurement, management and control of interest rate risk should not have responsibility for, and should be independent of those who undertake position-taking functions. (xiv) In order to demonstrate compliance with section 18(1)(a) of the Code, the Commission expects a bank with a significant or complex business to establish

284 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS a designated independent unit responsible for the design and administration of the bank’s interest rate measurement, monitoring and control functions. Strategy, Policies, Systems and Controls (xv) The interest rate risk management strategy or policies should provide clear guidance on the acceptable level of interest rate risk acceptable to the bank. In order to supplement this, either the policies or the systems and controls should specify authorised instruments, hedging strategies and position taking opportunities. A bank’s interest rate risk management policies should also identify quantitative parameters that define the acceptable level of interest rate risk for the bank. (xvi) The interest rate risk measurement systems established and maintained under section 115(2) should capture all material sources of interest rate risk and should assess interest rate changes in ways that are consistent with the nature, extent, complexity and diversity of the bank’s business. It is essential that risk managers and the senior management of the bank clearly understand the assumptions underlying the interest rate risk measurement system. (xvii) Section 115(2)(b)(v) of the Code requires that the interest rate risk of new product, or major hedging or risk management initiative, is assessed and adequate risk management systems and controls established before it is introduced or undertaken. The Commission considers that the following should be included in any proposal for a new product or major hedging or risk management initiative— (a) a description of the relevant product or initiative; (b) identification of the resources required to establish sound and effective interest rate risk management of the product or initiative; (c) an analysis of the reasonableness of the proposed product or initiative; (d) the procedures to be used to measure, monitor and control the risks of the proposed product or initiative. Stress Testing (xviii) The Commission expects BVI banks to periodically perform appropriate stress tests to assess their vulnerability to loss under adverse interest rate movements. The results of the stress tests should be taken into account when establishing and reviewing the bank’s interest rate management strategy and policies, including limits. The stress tests should be based on reasonable worst case scenarios and should capture all material sources of interest rate risk, including a breakdown of critical assumptions. Reporting (xix) Section 115(2)(b)(iii) provides that the systems and controls must include a comprehensive interest rate risk reporting and interest rate management review process. In order to demonstrate compliance with this requirement, the Commission expects a BVI bank to be able to demonstrate that reports on interest rate exposures are provided on a timely basis to the board, senior management and, where appropriate, individual business line managers. (xx) Reports to the board should normally include— (a) summaries of the bank’s aggregate exposures;

LAW OF VIRGIN ISLANDS Regulatory Code 285 Revision Date: 1 Jan 2020 [Statutory Instrument] (b) reports demonstrating the bank’s compliance with policies and limits; (c) key assumptions, for example, non-maturity deposit behaviour and prepayment information; (d) results of stress tests, including those assessing breakdowns in key assumptions and parameters; and (e) summaries of the findings of reviews of interest rate policies, procedures and the adequacy of interest rate measurement systems, including any findings on internal and external auditors and retained consultants.

---

Operational Risk Operational risk strategy, policies, systems and controls 118. (1) A BVI bank shall— (a) establish and maintain a strategy, and if the board considers it appropriate, policies, for the management of its operational risk appropriate for the nature, size, complexity, structure and diversity of the bank’s business and the operational risk to which it is exposed; (b) identify and assess the operational risk inherent in all material products, activities, processes and systems; (c) establish and maintain systems and controls that are sufficient to ensure that the operational risk management strategy and policies are effectively implemented; (d) ensure that the operational risk inherent in new products, activities, processes and systems is subject to adequate assessment procedures before they are introduced or undertaken; and (e) ensure that operational risk profiles and material exposures to losses are regularly monitored. (2) Without limiting subsection (1), the operational risk strategy and policies of a BVI bank shall— (a) specify a definition of “operational risk”, which should be appropriate for the business undertaken by the bank, but which shall include legal risk; (b) provide for the identification, assessment, monitoring, control and mitigation of operational risk, including the regular monitoring of operational risk profiles and material exposures to losses; (c) include guidance regarding the systems and controls to be put in place to manage operational risk; (d) include contingency and business continuity plans to ensure the ability of the bank to operate on an on-going basis, and limit losses, in the event of a severe business interruption; and (e) include remuneration polices that do not include incentives that are likely to cause imprudent, unnecessary or excessive risk-taking.

286 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (3) The operational risk management strategies, policies, systems and controls shall be fully and clearly documented and communicated and readily available to the directors and to those senior managers and staff who have responsibility for implementing them. Responsibilities of board and senior management 119. (1) The board of a BVI bank shall— (a) approve the operational risk management strategy and policies, and any subsequent changes to the strategy or policies, and review them on at least an annual basis; (b) ensure that a management structure is put in place to effectively implement the operational risk management strategy and policies; (c) oversee the monitoring and control of operational risk by senior management; and (d) ensure that the bank’s operational risk management framework is subject to effective and comprehensive internal audit by operationally independent, appropriately trained and competent staff. (2) Senior management— (a) has primary responsibility for developing the bank’s operational risk management and controls and for ensuring that they cover all the bank’s material products, activities, processes and systems; and (b) shall ensure that they receive regular reports of information material to operational risk management and shall ensure that regular operational risk management reports are provided to the board. (3) A BVI bank shall submit to the Commission any operational risk management report provided to the board that indicates a material change in the operational risk faced by the bank.

---

EXPLANATORY NOTES Introduction to Operational Risk (i) The risks covered by the Code to this point arise directly from and directly affect a bank’s transactions, e.g. credit, interest rate, market and country risk. However, a bank also faces other risks, and these can be substantial. Most of these other risks can be grouped together and described as “operational risk”. (ii) The Code deliberately does not define “operational risk” because, given the differing circumstances of individual banks, the Commission considers that a strict legal definition would be too limiting. Instead of defining operational risk, the Code requires a bank’s operational risk strategy or policies to include a definition of operational risk that will apply throughout the bank. (iii) However, in general terms, operational risk includes most risks that result from inadequate or failed internal processes, people and systems or from external events. Legal risk should be regarded as operational risk, but not strategic or reputational risk. The following are examples of operational risks— (a) internal and external fraud;

LAW OF VIRGIN ISLANDS Regulatory Code 287 Revision Date: 1 Jan 2020 [Statutory Instrument] (b) employment practices and workplace safety, including workers compensation claims and breach of employee health and safety rules; (c) customers, products and business practices, including fiduciary breaches, misuse of confidential customer information, improper trading activities on the bank’s account, money laundering, and the sale of unauthorised products; (d) damage to physical assets; (e) business disruption and system failures; (f) execution, delivery and process management, including data entry errors, collateral management failures, incomplete legal documentation, unapproved access given to customer accounts, non-customer counterparty misperformance and vendor disputes. (iv) It is important that a bank manages its operational risk and the purpose of the provisions of the Code relating to operational risk is to specify the Commission’s requirements with respect to the management by banks of that risk. These provisions are intended to implement the Basel Committee’s paper “Sound Practices for the Management and Supervision of Operational Risk” issued in February 2003. Identification, Assessment and Monitoring of Operational Risk (v) Risk identification is critical for the development of a viable operational risk monitoring and control system. Effective risk identification considers both internal and external factors (examples of which are given in paragraph (iii) above). (vi) A number of tools or processes are usually used to identify and assess operational risk. These include— (a) Self- or Risk Assessment: A bank assesses its operations and activities against a menu of potential operational risk vulnerabilities. This process is internally driven and often incorporates checklists and/or workshops to identify the strengths and weaknesses of the operational risk environment. Scorecards, for example, provide a means of translating qualitative assessments into quantitative metrics that give a relative ranking of different types of operational risk exposures. Some scores may relate to risks unique to a specific business line while others may rank risks that cut across business lines. Scores may address inherent risks, as well as the controls to mitigate them. In addition, scorecards may be used by banks to allocate economic capital to business lines in relation to performance in managing and controlling various aspects of operational risk. (b) Risk Mapping: In this process, various business units, organisational functions or process flows are mapped by risk type. This exercise can reveal areas of weakness and help prioritise subsequent management action. (c) Risk Indicators: Risk indicators are statistics and/or metrics, often financial, which can provide insight into a bank’s risk position. These indicators tend to be reviewed on a periodic basis (such as monthly or quarterly) to alert banks to changes that may be indicative of risk concerns. Such indicators may include the number of failed trades, staff turnover rates and the frequency and severity of errors and omissions.

288 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (d) Measurement: Some banks have begun to quantify their exposure to operational risk using a variety of approaches. For example, data on a bank’s historical loss experience could provide meaningful information for assessing the bank’s exposure to operational risk and developing a policy to mitigate/control the risk. An effective way of making good use of this information is to establish a framework for systematically tracking and recording the frequency, severity and other relevant information on individual loss events. Some firms have also combined internal loss data with external loss data, scenario analyses, and risk assessment factors. (vii) It is also essential that banks have an effective operational risk monitoring process. Regular monitoring enables deficiencies in the operational risk strategy, policies, systems and controls to be quickly detected and corrected, reducing the potential frequency and severity of losses due to operational risk. The frequency of monitoring should reflect the risks involved and the frequency and nature of changes in the operating environment. Control of Operational Risk (viii) Section 118(2)(b) provides that a bank’s operational risk management strategy, policies, systems and controls must provide for the control and mitigation of operational risk. The Commission expects every bank to periodically review its risk control and mitigation strategy policies, systems and controls and to adjust its operational risk profile accordingly, in the light of its overall risk appetite and profile. (ix) Operational risk control is designed to address the operational risks that a bank has identified. For all material operational risks identified, a bank should decide whether to use appropriate procedures to control and/or mitigate the risks, or whether to bear the risks itself. For those risks that cannot be controlled, the bank should decide whether to accept these risks, reduce the level of business activity involved, or withdraw from the activity completely. Important elements of an operational risk control framework include— (a) the strategy, policies, systems and controls; (b) a strong operational risk control culture; (c) appropriate segregation of duties, in particular to avoid conflicts of interest; and (d) strong risk control procedures, such as— close monitoring of adherence to assigned risk limits or thresholds; maintaining safeguards for access to, and the use of, bank assets and records; ensuring that staff have appropriate expertise and training; identifying areas of business where returns appear to be out of line with reasonable expectations; regular verification and reconciliation of transactions and accounts. Responsibilities of the Board and Senior Management (x) In order to be able to oversee operational risk management, the board of a bank must be aware of the major operational risks that the bank faces and

LAW OF VIRGIN ISLANDS Regulatory Code 289 Revision Date: 1 Jan 2020 [Statutory Instrument] understand the importance of treating operational risk as a separate risk category to be managed. (xi) The board is required to undertake periodic assessments of the operational risk management strategy and policies. In doing so, it should take full account of industry best practice. (xii) The board is required to ensure that the operational risk management framework is subject to independent internal audit. This means that the staff undertaking the internal audit must not have any responsibility for operational risk management, although they may have had initial responsibility for the establishment of the operational risk management systems and controls. (xiii) The Commission expects the board, or the audit committee, to ensure that the scope and frequency of the internal audit programme is appropriate given the operational risks to which the bank is exposed. (xiv) As with respect to all areas of risk, senior management has responsibility for implementing the bank’s operational risk management strategy, policies, systems and controls. It is important that senior management ensure that all staff understand their responsibilities with respect to operational risk management. (xv) Senior management is also responsible for ensuring that— (a) the bank’s activities are conducted by qualified staff with the necessary experience, technical capabilities and access to resources; (b) remuneration policies are consistent with the bank’s appetite for risk [staff should not be rewarded for deviating from the bank’s risk management policies, for example by exceeding established limits]; (c) they receive on a regular basis the results of a bank’s monitoring activities; (d) the board receives sufficient higher-level information to enable directors to understand the bank’s overall operational risk profile and focus on the material and strategic implications for the business.

---

Division 4 Obligations of, and Restrictions on, Banks Investments, acquisitions and distributions Investment strategy, policies, systems and controls 120. (1) A BVI bank shall establish and maintain— (a) an investment strategy and such investment policies as the board considers appropriate for the nature, size, complexity, structure and diversity of the bank’s business; and (b) systems and controls that are sufficient to ensure that the investment strategy and policies are effectively implemented. (2) The investment strategy and policies shall include criteria for decisions on the making of investments and acquisitions by the bank and portfolio limits appropriate for the bank.

290 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS Responsibilities of board 121. The board of a BVI bank shall— (a) approve the investment strategy and the significant investment policies, and any subsequent changes to the strategy or significant policies, and review them on at least an annual basis; (b) ensure that a management structure, including appropriate systems and controls, is put in place to effectively execute and monitor the investment strategy and policies. Restrictions on investments and acquisitions 122. (1) Subject to section 124, a BVI bank shall not, without the prior written approval of the Commission— (a) incorporate, form or acquire a subsidiary; (b) acquire a significant interest in a company, other than a subsidiary; (c) make an investment or acquisition that is equal to or exceeds 10%, in value, of the bank’s capital base; (d) purchase, or acquire an interest in, any property if the purchase or acquisition would result in the bank exceeding the aggregate investment limit specified for that type of property in section 123; or (e) purchase, or acquire an interest in, any immovable property, or in a property owning company, unless the immovable property concerned is reasonably required by the bank for the purposes of carrying on its licensed business or for any activity ancillary to its licensed business. (2) For the purposes of subsection (1)(e), a “property owning company” is a company— (a) the principal purpose of which is to own immovable property, or an interest or interests in, immovable property; (b) that owns immovable property, or an interest or interests in, immovable property the aggregate value of which exceed 50% of the company’s total assets; or (c) any subsidiary of which falls within paragraph (a) or (b). (3) The Commission will not grant its approval to an investment or acquisition under subsection (1) unless it is satisfied that— (a) the investment or acquisition does not expose the bank to undue risks or hinder the Commission’s effective supervision of the bank; and (b) the capital, financial and other resources of the bank are adequate to enable it to support the investment or acquisition. (4) Unless section 124(1) applies, a BVI bank shall, within the time period specified in subsection (5), notify the Commission in writing of any investment or acquisition that it makes that, in value, exceeds 5% and is less than 10% of its capital base. (5) Written notification under subsection (4) shall be made to the Commission within 21 days of the investment or acquisition being made.

LAW OF VIRGIN ISLANDS Regulatory Code 291 Revision Date: 1 Jan 2020 [Statutory Instrument] (6) This section applies with respect to a purchase or acquisition made by a subsidiary of a BVI bank as if the purchase or acquisition had been made by the bank itself. Investment limits 123. (1) Subject to section 124, a bank shall ensure that at all times the aggregate value of its investments in any class of property specified in the table below does not exceed the stated percentage of its capital base. Class of Asset Maximum percentage of capital base Immovable property 25% Equipment and other personal property 5% Shares or interests in a company or unincorporated body that is not a subsidiary 25% (2) The Commission may, in respect of a particular BVI bank, by written notice, increase or reduce the percentage specified in the second column of the table in subsection (1) for any class or classes of asset. Exemptions from investment limits 124. (1) A BVI bank is deemed not to contravene section 122 or 123 where the breach is caused by the acquisition of an asset, or an interest in an asset, acquired— (a) through the realisation of a security held by the bank or a subsidiary of the bank; or (b) as a result of an event not within the control of the bank. (2) Where a BVI bank acquires an asset, or an interest in an asset, in the circumstances specified in subsection (1), it shall dispose of the asset or interest, or such part of the asset or interest as is necessary to ensure its compliance with section 122 and 123, within one year of the date of acquisition of the assets or such longer period as the Commission may allow. Distributions 125. (1) For the purposes of this section, “distribution” has the meaning specified in section 56(b) of the BVI Business Companies Act. (2) For the purposes of Division 4 of Part III of the BVI Business Companies Act and this section, a BVI bank satisfies the solvency test only if all of the following conditions are satisfied— (a) the value of its assets exceeds its liabilities; (b) it is able to pay its debts as they fall due; and (c) its risk-weighted capital adequacy ratio is equal to or greater than 12%.

292 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (3) A BVI bank shall not make a distribution unless, immediately after the distribution, the bank satisfies the solvency test. (4) Subject to subsection (5), on granting a banking licence to a BVI bank, the Commission may, by written notice, prohibit the bank from making a distribution, without the prior written consent of the Commission, at any time in such period after the date on which the licence is granted as is specified in the notice. (5) The period specified in a notice issued under subsection (4)— (a) shall not exceed 7 years; and (b) may, on the application of the bank, be reduced by the Commission.

---

EXPLANATORY NOTES Investment Strategy, Policies, Systems and Controls (i) The investment strategy, policies, systems and controls of a BVI bank should include— (a) an appropriate investment management, measurement and monitoring process; (b) adequate controls over the investment portfolio; and (c) operating limits and other practices that maintain exposures within levels consistent with the banks’ internal policies. (ii) The investment strategy and policies of a BVI bank should be consistent with the bank’s business strategies, capital resources, human resources and its appetite for risk. Investments and Acquisitions (iii) Sections 121 and 122 are intended to give the Commission the ability to review and, where appropriate approve, major investments and acquisitions by a BVI bank. In the case of a foreign bank, this is a matter that is properly the responsibility of the bank’s home supervisor rather than the Commission as the bank’s host supervisor. (iv) In determining whether to grant approval for an investment or acquisition that exceeds the 10% threshold, the Commission will take into account all factors that it considers to be relevant on a case-by-case basis. However, section 122 sets out minimum criteria that will always apply. If a BVI bank cannot satisfy the Commission that these criteria will be met, the proposed investment or acquisition will not be approved. (v) Where a proposed investment or acquisition relates to a holding in a financial institution in a jurisdiction outside the Virgin Islands, the Commission will not grant its approval unless it is satisfied that— (a) it will be able to effectively supervise the bank and the financial institution outside the Virgin Islands on a consolidated basis; and (b) the regulatory authority in the jurisdiction concerned is able and willing to effectively undertake host supervisor responsibilities. (vi) It should be noted that section 127 applies regardless of the value of the investment or acquisition in relation to the capital base of a BVI bank. In the

LAW OF VIRGIN ISLANDS Regulatory Code 293 Revision Date: 1 Jan 2020 [Statutory Instrument] circumstances, prior approval for any cross border operations falling within section 127(1) or for the incorporation, forming or acquisition of a subsidiary is always required even if it does not constitute an investment or acquisition that equals or exceeds 10% in value of the bank’s capital base. (vii) In determining whether to grant approval under section 122, the Commission will take into account the risks posed to a bank by the carrying on of non￾banking activities.

---

Compliance Additional requirements with respect to compliance 126. (1) The provisions of this section apply to a bank in addition to the provisions of Part III, Division 4, and do not limit those requirements. (2) The compliance policy of a bank shall specify that senior management has responsibility for the effective management of the bank’s compliance risk and, in particular, for— (a) establishing and, when approved by the board, communicating the compliance policy; (b) ensuring that the compliance policy is implemented; and (c) reporting to the board on the management of the bank’s compliance risk. (3) The compliance officer of a bank shall— (a) test the compliance systems and controls by performing sufficient and representative compliance testing; and (b) report the results of the compliance testing to senior management or the board. Consolidated Supervision Branches, offices and subsidiaries etc. 127. (1) A BVI bank shall not, without the prior written approval of the Commission, open, maintain or carry on business through a branch or a representative or contact office within or outside the Virgin Islands. (2) Where a BVI bank has one or more branches or subsidiaries operating outside the Virgin Islands, the bank shall ensure that it has effective oversight of the operations of those branches and subsidiaries. (3) Without limiting subsection (2), a BVI bank with one or more branches or subsidiaries shall ensure that— (a) the persons managing the foreign operations have sufficient experience and expertise; and (b) the bank establishes and implements appropriate polices, systems and controls with respect to its foreign operations,

294 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS to ensure that the overseas operations are operated in a safe and sound manner and in compliance with all relevant legal and regulatory requirements in the foreign jurisdiction in which the branch or subsidiary operates. (4) A BVI bank shall provide the Commission with such information with respect to its branches and subsidiaries as the Commission reasonably requires to undertake consolidated supervision of the bank and its group.

---

EXPLANATORY NOTES Consolidated Supervision of BVI Bank (i) Where a BVI bank carries on business, whether in or outside the BVI, through a branch or subsidiary, the Commission supervises the bank on a consolidated basis. It is therefore important that the Commission has all the information that it reasonably requires to carry out consolidated supervision effectively. (ii) It should be noted that the Commission’s consolidated supervision extends not just to the bank and the group’s banking activities, but also to any non-banking activities carried on by the bank or other companies in the same group. Non￾banking activities can also pose a risk to a bank. The Commission expects a bank to assess that risk and the Commission will carry out its own risk evaluation as part of its consolidated supervision of the bank. (iii) A BVI bank is required by the Code to ensure that it has effective oversight of its foreign operations. In order to comply with this requirement, the Commission expects the bank to establish information systems that ensure that the bank has adequate information on its foreign operations to be able to— (a) assess and manage the risks to which the bank is exposed through its foreign operations; (b) assess compliance with, and the effectiveness of the internal controls established with respect to the foreign operations; (c) ensure effective local oversight of the foreign operations. (iv) If the Commission forms the view that it cannot, for whatever reason, undertake effective consolidated supervision with respect to a BVI bank’s foreign operations or that the bank is not in compliance with the requirements of section 127, the Commission may use its enforcement powers to issue a directive to the bank to close one or more of its foreign branches or subsidiaries or to place limitations on their activities. Consolidated Supervision of Foreign Bank (v) Where the Commission is the host supervisor of a foreign bank, it will wish to be satisfied that the bank is subject to effective consolidated supervision by the home supervisor. In assessing whether consolidated supervision is effective, the Commission will take into account whether the home supervisor supervises the bank in accordance with the Basel Core Principles.

LAW OF VIRGIN ISLANDS Regulatory Code 295 Revision Date: 1 Jan 2020 [Statutory Instrument] PART IV INSURANCE Preliminary Interpretation for this Part 128. For the purposes of this Part— “allowable asset” is an asset specified in Schedule 5 as an allowable asset to the extent specified in the Schedule; and “licensed foreign insurer” means a foreign company holding a category B insurer’s licence.

---

EXPLANATORY NOTES Captive Insurance Companies – Introduction (i) As indicated in the Explanatory Notes to section 6 of the Code [Application of the Code], although the Code applies fully to licensed captive insurers, the Commission accepts that the Code must be appropriately applied to captive insurers* , given their particular circumstances. In order to assist insurance managers and directors of captive insurers, a number of the Explanatory Notes in this Part are designed to indicate factors that should be taken into account when applying the Code to captive insurers. In preparing this Guidance, the Commission has drawn on the Captives Issues Paper published by the IAIS in October 2008. (ii) The Code requires licensees to adopt a risk-based approach where possible, particularly with respect to the requirements relating to corporate governance, policies, systems and controls and internal controls. There are no exemptions from the Code with respect to captive insurers, but where the Code is not prescriptive in its requirements, the Commission accepts that the risks faced by a captive insurer should be taken into account when applying the requirements of the Code. (iii) Furthermore, the Commission recognises that licensed insurance managers play a critical role in the management of captive insurers and, in certain circumstances, the obligations imposed by the Code on senior management may be performed by the licensed insurance manager responsible for the captive. (iv) Given that there are no specific exemptions in the Code applicable to captive insurers, it is not necessary for the term “captive insurer” to be defined. In any event, the Commission considers that a definition may not be helpful. (v) Although the IAIS Captives Paper does not recommend a particular definition of “captive insurer”, it does adopt a working definition, i.e. that a captive insurer is “an insurance or reinsurance entity created and owned, directly or indirectly, by one or more industrial, commercial or financial entities, other than an insurance or reinsurance group entity, the purpose of which is to provide insurance or reinsurance cover for risks of the entity or entities to which it belongs, or for * In these Explanatory Notes, the term “captive insurer” is used to signify a licensed insurer that has the characteristics of a captive insurer, as considered later in the Explanatory Note. The Commission considers that an insurer holding a category A or B insurers licence will never be a captive insurer.

296 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS entities connected to those entities and only a small part if any of its risk exposure is related to providing insurance or reinsurance to other parties.” (vi) The Captives Paper recognises that the range of captives commonly used includes— (a) pure captives, i.e. single parent companies writing only the risks of their owner and/or affiliates; (b) group and/or association captives, i.e. multi-owned insurance companies writing only the risks of their owners and/or affiliates, usually within a specific trade or activity; (c) rental captives, i.e. insurers specifically formed to provide captive facilities to unrelated bodies for a fee where entities prefer not to form their own dedicated captive; and (d) diversified captives, i.e. captives writing a limited proportion of unrelated business in addition to the risks of their owner and/or affiliates. The IAIS Paper also makes reference to producer owned reinsurance companies, although these are not a significant part of the BVI’s industry. (vii) It should be understood that, given the many different types of captive structure, the insurance manager and directives the application of the Code must be considered on a case-by-case basis taking. The Commission considers that a pure captive represents the lowest regulatory risk as there are no unrelated party policyholders or potential third party beneficiaries. However, captives that write unrelated party business or that write third party liability risks should be considered as much closer to full service insurers. The Commission, when undertaking its on-site inspections, will expect to see evidence that the insurance manager and directors have fully considered the risk profile of a captive in determining how to comply with the Code.

---

Division 1 Financial Resource Requirements, Licensed Insurers Capital and solvency margin Over-riding capital resource requirement 129. (1) A BVI insurer shall— (a) ensure that, at all times, it maintains its capital resources at a level that is adequate to support its insurance business, taking into account the nature, size, complexity, structure and diversity of that business and its risk profile; and (b) maintain adequate systems and controls to monitor and assess its capital adequacy requirements on an on-going basis. (2) The requirement in subsection (1)(a) applies in addition to the specific contributed capital and solvency margin requirements specified in the Insurance Act and this Part of the Code. (3) The board and senior management of a BVI insurer shall make their own determination of the capital resources that are reasonably required to support the

LAW OF VIRGIN ISLANDS Regulatory Code 297 Revision Date: 1 Jan 2020 [Statutory Instrument] insurer’s business, taking into account its risk profile, and shall ensure that the insurer’s capital resources are increased where appropriate. (4) On at least an annual basis— (a) senior management of a BVI insurer shall report to the board on the scope and performance of the systems and controls established to monitor and assess the insurer’s solvency margin and its capital resource requirements; and (b) the board shall review those systems and controls taking into consideration the report by senior management. Contributed capital 130. For the purposes of section 10 of the Insurance Act the minimum contributed capital applicable to a BVI insurer is— (a) where the insurer is authorised to carry on any class of long-term business, $200,000; (b) in any other case, $100,000. Minimum solvency margin requirement 131. (1) For the purpose of section 12 of the Insurance Act a BVI insurer shall ensure that, at all times, it maintains a minimum solvency margin as follows— (a) in the case of a general insurer— (i) if the insurer’s annual net written premium is less than $500,000, the prescribed minimum solvency margin is $100,000; (ii) if the insurer’s annual net written premium is greater than $500,000, but less than $5,000,000, the prescribed minimum solvency margin is 20% of the net annual written premium; (iii) if the insurer’s annual net written premium is greater than $5,000,000, the prescribed minimum solvency margin is $1,000,000 plus 10% of the difference between the annual net written premium and $5,000,000; and (b) in the case of a long-term insurer, the prescribed minimum solvency margin is $250,000. (2) Notwithstanding section 12 of the Insurance Act and subsection (1), a BVI insurer shall ensure that it maintains a solvency margin that is adequate to enable the insurer to meet its liabilities at all times, taking into account the nature, size, complexity, structure and diversity of that business and its risk profile. (3) Subject to subsection (4), for the purposes of this section, “annual net written premium”, in any year, means the gross premium income written by the insurer in that year, reduced by any premiums ceded to approved reinsurers, in accordance with the Insurance Act and this Code. (4) During the first financial year of a BVI insurer, the “annual net written premium” shall be calculated in accordance with subsection (3), except that the amounts shall be those projected in the business plan submitted to the Commission.

298 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS Explanatory Notes Introduction (i) Section 9 of the Insurance Act imposes a general requirement on a licensed insurer to maintain its business in a financially sound condition. Sections 10 to 15 of the Act impose additional financial resource requirements on BVI insurers. In particular, a BVI insurer is required to— (a) maintain its contributed capital in an amount equal to or greater than the minimum prescribed in the Code; and (b) maintain a solvency margin calculated in accordance with the Code, unless, in each case, the Commission imposes higher capital resource requirements. (ii) The purpose of this Division is to specify the detailed contributed capital, solvency margin and other financial resource requirements applicable to licensed [BVI] insurers. Over-riding Capital Resources Requirement (iii) Section 129 of the Code is intended to ensure that a BVI insurer has sufficient capital resources to support its business. Although the Code specifies minimum contributed capital and solvency margin requirements applicable to all BVI insurers, the minimum requirements may not provide all insurers with adequate capital resources to support their businesses. Section 129(3) of the Code therefore requires the directors and senior management of a BVI insurer to make their own determination of the capital resources that are reasonably required to support the insurer’s business, taking into account its risk profile, and it is the responsibility of the board and senior management to ensure that the insurer’s capital resources are increased beyond the minimum requirements set out in the Code where appropriate. It follows that compliance with the specific contributed capital and solvency margin requirements of the Code is not, in itself, sufficient to demonstrate compliance with the over-riding capital resource requirement specified in section 129. (iv) In order to comply with their responsibilities under section 129(3), the board of a BVI insurer must ensure that risk management systems and controls are established and maintained and that a strategy is developed for monitoring and managing the insurer’s capital resources. (v) In order to comply with section 129, the Commission expects a BVI insurer to be able to demonstrate the adequacy of its capital resources at any particular time, if required to do so by the Commission and, when undertaking on-site compliance inspections, the Commission will expect to see evidence that determinations of the insurer’s capital resource requirements and capital resources are made at appropriate intervals. (vi) Furthermore, the Commission may, as part of its on-site and off- site monitoring programme, review an insurer’s own assessment of its capital resource requirements and the procedures and controls in place to monitor capital adequacy on an on-going basis. (vii) Failure to comply with section 129 of the Code may result in the Commission taking enforcement action against a BVI insurer, even though the insurer may

LAW OF VIRGIN ISLANDS Regulatory Code 299 Revision Date: 1 Jan 2020 [Statutory Instrument] be in compliance with the specific contributed capital and solvency margin requirements applicable to it as specified in the Insurance Act and the Code. Licensed Foreign Insurers (viii) Responsibility for the prudential regulation and supervision of a licensed foreign insurer lies with its home supervisor. In the circumstances, the capital resource, contributed capital and solvency margin requirements that apply to BVI insurers are not appropriate for licensed foreign insurers. Contributed Capital (ix) Contributed capital is defined in the Insurance Act as the total of— (a) monies paid; and (b) the value of other consideration provided, for shares issued by the insurance company. Solvency Margin (x) The prescribed minimum solvency margin is an absolute minimum beneath which the solvency margin should never fall. However, depending upon its circumstances, the minimum solvency margin may well be insufficient for a particular insurer. The board of a BVI insurer is responsible for assessing the solvency margin required to support the insurer’s business and for ensuring that the appropriate solvency margin is maintained. (xi) If the assets and liabilities of an insurer include segregated assets and segregated liabilities, the insurer may reduce the value of its segregated liabilities for the purposes of calculating its solvency margin to the extent that these liabilities are matched by segregated assets that are not allowable assets.

---

Liabilities and assets Calculation and valuation of liabilities 132. A BVI insurer shall ensure that its liabilities— (a) are calculated and valued on the basis required by the accounting standards in accordance with which the insurer’s financial statements are prepared; (b) are monitored and calculated on a continuous basis; and (c) include all liabilities arising out of its insurance contracts. Valuation of assets 133. (1) Subject to subsection (2), a BVI insurer shall ensure that the value of its assets is determined in accordance with the accounting standards in accordance with which the insurer’s financial statements are prepared. (2) Notwithstanding subsection (1), the assets of an insurer shall not be taken to be more than the market value of those assets.

300 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS EXPLANATORY NOTES Liabilities (i) The liabilities of an insurer arising out of its insurance contracts are also known as its technical provisions. The IAIS defines “technical provisions” as: “the amount set aside on the balance sheet to meet liabilities arising out of insurance contracts, including claims provision (whether reported or not), provision for unearned premiums, provision for unexpired risks, life assurance provision and other liabilities related to life insurance contracts (e.g. premium deposits, savings accumulated over the term of with-profit policies)”. (ii) The Commission has not specified detailed rules for calculating and valuing liabilities as these will be provided for in the accounting standards used for the preparation of the insurer’s financial statements. However, the Commission expects every BVI insurer to include the provisions specified by the IAIS in its definition in the insurer’s calculation of its liabilities, i.e.— (a) claims provisions, whether reported or not; (b) provisions for unearned premium; (c) provisions for unexpired risks; (d) in the case of a long-term insurer, life assurance provision and other liabilities related to life insurance contracts. (iii) The board of a BVI insurer should consider whether the nature, size, complexity, structure and diversity of the insurer’s business and its risk profile are such that stress testing is appropriate to assess the adequacy of its capital resources and solvency margin in case technical provisions have to be increased. Where the board considers that stress testing is appropriate, the insurer should undertake regular stress testing against a range of adverse scenarios. (iv) The Commission may require a BVI insurer to make its liability calculations and valuations available to the Commission for review at any time. A BVI insurer should therefore ensure that it is in a position to provide these at short notice. (v) As provided for elsewhere in the Code, in the case of a long-term insurer, the technical provisions must be calculated and certified as correct by the insurer’s actuary.

---

Investments Investment strategy, policies, systems and controls 134. (1) A BVI insurer shall establish and maintain— (a) an investment strategy and such investment policies as the board considers appropriate for the nature, size, complexity, structure and diversity of the insurer’s business; and (b) systems and controls that are sufficient to ensure that the investment strategy and policies are effectively implemented. (2) Without limiting subsection (1), the investment strategy and policies of a BVI insurer shall address—

LAW OF VIRGIN ISLANDS Regulatory Code 301 Revision Date: 1 Jan 2020 [Statutory Instrument] (a) the risk profile of the insurer; (b) mixture and diversification of investment by type, including the long￾term asset mix over the main investment categories; (c) the establishment of limits for the allocation of assets by geographical area, markets, sectors, counterparties and currency; (d) the extent to which the holding of some types of assets is restricted or disallowed, for example illiquid or volatile assets; (e) the conditions under which the insurer can pledge or lend assets; and (f) clear accountability for all asset transactions and associated risks. Responsibilities of board 135. The board of a BVI insurer shall— (a) approve the investment strategy and the significant investment policies, and any subsequent changes to the strategy or significant policies, and review them on at least an annual basis; and (b) ensure that a management structure, including appropriate systems and controls, is put in place to effectively execute and monitor the investment strategy and policies. Risk management and internal controls 136. (1) The risk management strategy, policies, systems and controls of a BVI insurer shall cover the risks associated with investment activities that may affect the insurer’s liabilities or solvency margin. (2) The Internal controls established and maintained by a BVI insurer shall cover the insurer’s investment strategy and, policies and shall ensure that the investment strategy, policies, systems and controls are properly documented and subject to adequate oversight. Further provisions concerning investments 137. (1) The board of a BVI insurer shall ensure that— (a) effective policies, systems and controls are established and maintained to enable the monitoring and managing of the insurer’s asset/liability position to ensure that the insurer’s investment activities and assets positions are appropriate for its risk profile; and (b) contingency plans are put in place to mitigate the effect of a deterioration in investments.

---

EXPLANATORY NOTES Introduction (i) A key element of any insurance business is its investment portfolio. An investment portfolio carries with it a range of investment-related risks that might affect the financial strength of an insurer and, consequently, require sound management. In order for a BVI insurer to ensure that it manages its investment business in a sound and prudent manner, the Code requires BVI

302 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS insurers to establish and maintain a written investment strategy, policies, systems and controls. These should enable the insurer to identify, measure, report and control the main investment-related risks that they face. (ii) Investment management policies, systems and controls must take into consideration the nature of the insurer’s liabilities, the size and the complexity of the insurer’s asset portfolio, the ability of the insurer to absorb potential losses and the overall strategic business objectives of the company. At a minimum insurers should conduct a detailed analysis of the management of their assets and liabilities and ensure that safe custodial arrangements exist, that assets appropriately match liabilities and that their asset portfolios are adequately diversified and liquid to enable them to meet their claims and other obligations as they fall due. Investment Strategy and Policies (iii) In formulating the investment strategy and policies, the board must analyse— (a) the asset/liability relationship, which requires it to verify that the insurer will have sufficient liquid assets to meet liabilities as they fall due; (b) the insurer’s overall risk tolerance and its long-term risk and return requirements; and (c) the insurer’s solvency position. (iv) The board must also ensure that adequate reporting and internal control systems for the insurer are in place to provide evidence that assets are being managed in accordance with the investment policy and legal and regulatory requirements. (v) The formulation of the operational policies and procedures for implementing and reviewing the investment policy is the responsibility of senior management. In the case of a captive, this activity could be undertaken by its BVI resident Insurance Manager. In any event the Insurance Manager of the insurer should be well versed in and understand the insurer’s investment strategy and how its investments are managed. This should include ensuring that the original business plan of the insurer when it applies for an insurance licence includes appropriate reference to the company’s proposed investment policy and that the policy is in compliance with regulatory requirements. (vi) Senior management or, in the case of a BVI captive, the BVI insurance manager, should ensure that all individuals conducting, monitoring and controlling investment activities are suitably qualified and have appropriate levels of knowledge and experience. (vii) At least annually, the senior management should review the adequacy of its written operational procedures and allocated resources in the light of the insurer’s activities and market conditions. (viii) The Code requires an insurer to have a written investment strategy and policies in place, which has been approved by the board. The complexity of the policy will depend upon the nature of the business undertaken. The policy should be flexible and adjustable to changes in internal and external market conditions and other risk factors. It should contain contingency plans to mitigate the effects of deteriorating conditions.

LAW OF VIRGIN ISLANDS Regulatory Code 303 Revision Date: 1 Jan 2020 [Statutory Instrument] (ix) The Code also sets out the matters that, at a minimum, the investment strategy and policies should address. These, and some additional matters that should be taken into account, are considered more fully below. Risk profile (x) The risk profile of the insurer should set out the risks faced by the insurer as well as the extent to which the insurer is willing to assume various types of risk. Typically risks would fall under the headings insurance underwriting, investment, liquidity and credit risks. Scenario analysis can be used to test the investment portfolio’s ability to withstand varying risk levels. The risk profile of the insurer should also indicate how these risks will be mitigated. For example risks are reduced through the diversification of the investment portfolio and investing in different asset categories, markets, sectors and geographical areas. Asset mix (xi) The insurer should identify how it intends to allocate its resources over broad investment categories such as equities, bonds, cash and property. The insurer should also indicate what individual assets will make up each asset category and the percentages. Selection criteria (xii) The insurer should indicate what criteria are to be used in the selection of broad investment categories and the individual securities or assets that form the investment portfolio. The investment policy should indicate the minimum acceptable credit or investment rating for securities investments or issuers of securities and provide for the use of financial derivatives. The insurer should also maintain a list of investment activities or investment practitioners that they are authorised or not permitted to engage in or with, taking account of the assets that are allowable assets for the purposes of calculating the solvency margin. Concentration limits (xiii) The insurer should have clearly defined and documented securities portfolio concentration limits. This will ensure that the nature and level of an insurer’s exposure to various risks such as credit risk, interest rate risk, currency risk and price risk are monitored when making investment and credit decisions. All limits need to be established in the context of the insurer’s aggregate investment and credit exposure and not in isolation. Portfolio Performance Criteria (xiv) Risk and return are generally directly related. Consequently, the insurer should have an idea of the level of return acceptable based on the risk level of the investment portfolio. The insurer should also have an indication of the time frame over which the acceptable rate of return is expected to be received, along with the expected volatility of that rate. Selection of investment personnel (xv) The investment policy should identify the criteria used for the selection of internal and external investment managers. This should include security dealers and other related counterparties. These key personnel must have the appropriate level of skills, experience and integrity to perform their duties adequately.

304 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS Asset/Liability Management strategy (xvi) The investment policy of an insurer should anticipate the insurer’s short-term and long-term cash needs and address how these needs will be provided. The insurer’s investment portfolio should be constituted in such a way as to reflect the cash needs of the insurer and any anticipated changes in them. Investment activities should take into consideration the asset/liability position of the insurer since it is important to ensure that liabilities can be settled as they fall due. Liquidity of investments (xvii) The investment policy should make provisions so that assets are not liquidated unexpectedly and potentially at unfavourable prices and that the portfolio does not contain excess amounts of cash or low yielding liquid assets. Related party transactions (xviii) The investment policy should set out the criteria for assessing the extent and significance of related or connected party transactions. Accountability requirements (xix) The investment policy should contain a framework of accountability for all asset transactions. Each insurer needs to implement accounting policies and information systems to monitor the transactions that take place in its investment portfolio. Valuation policies (xx) The investment policy should indicate the methodologies used in the valuation of assets and calculation of liabilities. Solvency requirements (xxi) In developing the investment policy the board must take into consideration the solvency margin (the amount by which the total value of an insurer’s allowable assets must exceed the total amount of liabilities) requirements of the insurer. Insurers are required to meet a minimum level of solvency whether they are conducting general or long-term business. Internal Control and Internal Audit (xxii) The investment activities of the insurer must be governed by sound internal control and internal audit procedures. An internal control system in this context should ensure that investment activities are conducted in accordance with the approved policies and procedures of the insurer and this Code. Internal audit procedures should be objective, transparent and clearly defined and the internal audit process should be conducted independently of those managing the assets. (xxiii) Internal control systems should at a minimum include— (a) systems and controls to ensure that investment transactions are properly documented and authorised and that the formal documentation is completed promptly and accurately; (b) systems to measure, record and monitor security positions and market conditions;

LAW OF VIRGIN ISLANDS Regulatory Code 305 Revision Date: 1 Jan 2020 [Statutory Instrument] (c) systems and controls to ensure that guidelines outlined in the investment policy are adhered to such as, ensuring that restrictions on certain assets are observed and ensuring that the insurer’s diversification policy is observed, ensuring that any asset transaction limits are not exceeded; (d) systems and controls to ensure that any breaches or inaccuracies in investment activity are reported on a timely basis and remedial action is taken; (e) systems and controls to ensure that there are timely reports on investment activity; and (f) systems and controls to ensure reconciliation of security positions and that these positions are promptly settled and reported. (xxiv) The internal audit function is important with respect to the investment strategy and policies because it provides an objective assessment of investment performance and the integrity of the management of the investment activity. The internal audit process is also vital in the detection of problems or potential problems. The internal audit should test to determine whether certain policies are in place to ensure that— (a) the insurer’s asset portfolio and written investment management policies and procedures are in compliance with the insurer’s regulatory obligations, including BVI laws and regulations; (b) investment transactions are duly authorised and accurately and completely recorded; (c) recorded securities exist and are valued based on the relevant laws and regulations; and (d) internal control weaknesses and operating and accounting system deficiencies are identified and reported. Captive Insurers (xxv) The Commission recognises that many captive insurers have very straightforward investment strategies and that this will be reflected in its investment policies, systems and controls. Very often, the formulation and review of a captive insurer’s investment policy is the responsibility of the insurance manager, who should fully understand the captive’s investment strategy.

---

Reinsurance arrangements Approved reinsurers 138. For the purposes of section 2(1) of the Insurance Act the prescribed criteria for an approved reinsurer are that the insurer has a financial strength rating of A++, A+, A or A- assigned to it by the A. M. Best Company or an equivalent financial strength rating assigned by an equivalent rating company. (Amended by S.I. 91/2010)

306 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS Submission of reinsurance arrangements to Commission 139. (1) A BVI insurer holding a category A licence shall submit to the Commission on an annual basis a summary of its reinsurance arrangements together with copies of all reinsurance treaties entered into. (2) A foreign insurer holding a category B licence shall submit to the Commission on an annual basis a summary of its reinsurance arrangements with respect to insurance business carried on in the Virgin Islands, together with copies of all reinsurance treaties entered into relating to that business. (3) The summary and reinsurance treaties required to be submitted under subsection (1) or (2) shall be submitted together with its audited financial statements. Division 2 Corporate Governance and Policies, Systems and Controls Remuneration policies 140. (1) The board of a licensed insurer shall establish a remuneration policy and ensure that the remuneration is periodically reviewed. (2) The remuneration policy shall not include incentives that are likely to cause imprudent, unnecessary and excessive risk-taking. Risk management 141. (1) This section applies to a BVI insurer in addition to the provisions of section 26. (2) The board of a BVI insurer shall consider whether the following risks are material risks for the insurer and, if it determines that they are, the board shall ensure that they are covered by the insurer’s risk management strategy and policies— (a) market risk; (b) insurance risk; (c) investment risk; (d) underwriting risk; (e) pricing and product design risk; (f) liquidity risk; (g) credit risk; (h) operational risk; (i) reinsurance risk; and (j) custodial risk. Underwriting and pricing strategy, policies, systems and controls 142. (1) A BVI insurer shall establish and maintain— (a) an underwriting and pricing strategy and policies; and

LAW OF VIRGIN ISLANDS Regulatory Code 307 Revision Date: 1 Jan 2020 [Statutory Instrument] (b) systems and controls that are sufficient to ensure that the underwriting and pricing strategy and policies are effectively implemented. (2) Without limiting subsection (1)(a), the underwriting and pricing policies shall provide for— (a) the evaluation of risks underwritten or to be underwritten; (b) the establishment of adequate premium levels; (c) the mitigation and diversification of risks by— (i) defining limits on the amount of risk retained; and (ii) providing for the transfer of appropriate levels of risk away from the insurer through adequate and appropriate reinsurance or other risk transfer arrangements. (3) Without limiting subsection (1)(b), the systems and controls shall include controls of expenses related to premiums and claims. (4) The underwriting and pricing strategy and the significant underwriting and pricing policies established under subsection (1), shall be approved, and reviewed on at least an annual basis, by the board. (5) Senior management shall monitor the systems and controls established in accordance with subsection (1)(b) on an on-going basis. (6) This section applies to a foreign licensed insurer with respect to insurance business carried on in the Virgin Islands.

---

EXPLANATORY NOTES Corporate Governance – Remuneration Policies (i) The principle obligations concerning the corporate governance framework are contained in Part II (sections 18 to 24). However, section 140 also requires a licensed insurer to establish and regularly review a remuneration policy. It is important that the remuneration policy does not provide directors and senior management with incentives to take unacceptable risks. Risk Management (ii) Section 141 supplements the general requirements with respect to risk management for BVI insurers by providing that the risk management strategy, policies, systems and controls must cover certain types of risk. These are described more fully below. Insurance risk (iii) Insurance risk is the risk that the true value of an insurer’s liabilities is greater than their estimated value. Given that accepting risk is the core activity of an insurer, this is a significant risk to an insurer. It is therefore important that an insurer periodically reviews its liability valuation processes. Investment risk (iv) Investment risk is the risk of an adverse movement in the value of an insurer’s balance sheet and off-balance sheet assets. In order to minimize investment risk, the risk management strategy and policies should clearly document the investment decision making framework including asset allocations, liability

308 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS portfolio matching criteria, and performance analysis. It should also include information on the process for monitoring, controlling and reporting investment activity and exposures. Underwriting risk (v) Underwriting risk is the risk that premiums will not be sufficient to cover future incurred losses and that losses and loss adjustment expenses are not fully covered by the insurer’s technical provisions. See further section 142. Pricing and product design risk (vi) Pricing and product design risk is the risk that claims, costs or investment returns arising from the sale of a product are inaccurately calculated. In order to minimize product and design risk, the risk management strategy and policies of a BVI insurer should include policies for determining what product lines the insurer is prepared to engage in, the pricing of such products based on the cost of and risks associated with the product and prices of competing products. The risk management policies should also cover the insurer’s plans to monitor and ensure compliance with product design and pricing policies and procedures. Liquidity risk (vii) Liquidity risk is the risk that the insurer is not able to fund its obligations as they fall due for payment because it does not have sufficient liquid assets, i.e. cash or assets that easily turned into cash. The obligations may be to policyholders or other creditors. This is extremely serious, not least because an insurer that cannot pay its obligations as they fall due for payment is insolvent within the meaning of the Insolvency Act even though the value of its total assets may exceed the value of its total liabilities. (viii) Given the importance of liquidity to an insurer, and the range of business functions that can impact on liquidity, directors and senior management and other relevant employees should have a thorough understanding of liquidity risk management and, in particular, how other risks, including credit and operational risk can impact on liquidity. (ix) It is therefore crucial that a BVI insurer’s risk management strategy, policies, systems and controls should cover liquidity risk. The Commission would usually expect them to cover, at a minimum— (a) the level of mismatch between expected asset and liability cash flows; under normal and abnormal operating conditions (scenario analysis); (b) the liquidity of assets and the level of liquid assets held by the insurer; (c) policyholder claims and other liability commitments; (d) the uncertainty of incidence, timing and magnitude of insurance liabilities; and (e) other sources of funding available to the insurer including reinsurance, borrowing and lines of credit. Credit risk (x) Credit risk is the risk that a borrower or other counterparty will fail to meet its obligations to an insurer in accordance with the agreed terms. This may include, for example, a failure to repay the principal sum borrowed or to pay interest when it falls due for payment or to pay on a guarantee that has

LAW OF VIRGIN ISLANDS Regulatory Code 309 Revision Date: 1 Jan 2020 [Statutory Instrument] crystallized. The management of credit risk is an important element of a comprehensive approach to risk management and is an important factor in the long-term success of an insurer. It is therefore important that the risk management system is capable of monitoring and assessing credit exposures. (xi) In order to effectively assess its credit exposures, an insurer’s credit risk management strategy and polices should— (a) establish limits for credit and asset exposures to counterparties and related parties; (b) evaluate and monitor credit exposures against pre-approved limits and report to the board or senior management any breaches of these limits; and (c) provide for the reduction or cancellation of limits to a particular counterparty where the counterparty is known to be experiencing problems. (xii) It should be noted with respect to subparagraph (x)(a) above that the list of allowable assets allows insurers to engage in certain connected party or related party transactions but limitations have been placed on the extent of these exposures for the purposes of calculating solvency. Operational risk (xiii) Whereas the risks considered above are effectively transactional risks, i.e. they arise directly from and affect an insurer’s transactions, operational risk represents a grouping of non- transactional risks. It is difficult to provide a precise definition of operational risk as it can encompass many facets. Given the differing circumstances of different BVI insurers, a definition maybe misleading. However, as the name suggests, operational risk arises out of the way that an insurer is run and includes most risks that result from inadequate or failed internal processes, people and systems or from external events. Legal risk should be regarded as operational risk, but not strategic or reputational risk. The following are examples of operational risks— (a) internal and external fraud; (b) employment practices and workplace safety, including workers compensation claims and breach of employee health and safety rules; (c) customers, products and business practices, including fiduciary breaches, misuse of confidential customer information, money laundering, and the sale of unauthorised products; (d) damage to physical assets; (e) business disruption and system failures; (f) execution, delivery and process management, including data entry errors, collateral management failures, incomplete legal documentation, unapproved access given to customer accounts, non-customer counterparty misperformance and vendor disputes. (xiv) Operational risk may be mitigated by the adoption of a business continuity plan. This is covered generally in the Code at section 27.

310 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS Reinsurance Risk (xv) Reinsurance Risk is the risk arising from reinsurance arrangements where some part or individual or aggregate insurance risks are ceded to other insurers. It is the risk that reinsurance arrangements will be insufficient to meet the obligations of the policyholder, when those arrangements have been relied on by the insurer to do so. Reinsurance is covered more specifically in the Insurance Act and in other sections of the Code. Underwriting and Pricing (xvi) Section 142(2) provides that the pricing strategy and policies must provide for the establishment of adequate premium levels. The Commission considers that in order to comply with this requirement, an insurer must put in place a rating methodology that determines premiums on the basis of reasonable assumptions. Although it is not the Commission’s role to approve the rating methodology used by an insurer, the Commission may at any time require an insurer to demonstrate that it is using an appropriate rating methodology. (xvii) The reinsurance arrangements established in accordance with an insurer’s underwriting strategy and policies should be appropriate given the level of capital of the insurer, taking into account the real transfer of risk, and the profile of risks that it underwrites. Captive Insurers Corporate governance (xviii) The corporate governance provisions in Part II of the Code apply to captive insurers. However, the Code takes both a principles-based and a risk-based approach to corporate governance. Few detailed obligations are set out and the theme underlying the corporate governance requirements is that the corporate governance framework and the systems and controls required must take into account the nature, scale, complexity and diversity of the licensee’s business. (xix) All captive insurers are required to appoint an insurance manager. The directors of a captive insurer should understand that, although the insurance manager is part of the corporate governance framework of a captive insurer, it does not take the place of the board which retains ultimate responsibility for the corporate governance framework, and the other obligations imposed on boards of licensees under the Code. (xx) The Commission recognises the differences between many captive insurers and full service insurers and that these have a bearing on the corporate governance framework. In particular, the Commission recognises that— (a) many more of the functions of a captive insurer may be outsourced, either to the insurance manager or other specialists (e.g. claims administrators); and (b) in many cases, captive insurers are small and have a relatively simple risk profile. (xxi) In the circumstances, the Commission does not expect all captive insurers to establish a corporate framework that is equivalent to the corporate governance framework required to be established by a category A licensed insurer. Indeed, the Commission recognises that an unnecessarily burdensome corporate

LAW OF VIRGIN ISLANDS Regulatory Code 311 Revision Date: 1 Jan 2020 [Statutory Instrument] governance framework would hinder the efficient operation of captive insurers. The principles-based nature of the Code enables the directors of a captive insurer to establish a corporate governance framework that is appropriate for the business undertaken by the insurer and the risks that it takes. (xxii) For example, the Code provides in paragraph 20(2)(d)(i) that the board of a licensee has responsibility for ensuring that the licensee has adequate and sufficiently qualified and experienced senior managers and other employees. This should not be taken to mean that every captive insurer must have employees. (xxiii) The Commission considers that the following key issues are particularly relevant to the design of an appropriate corporate governance framework for a captive insurer— (a) the need to avoid undue influence by the captive insurer’s owner, the insurance manager or other interested parties; (b) the need to identify and effectively manage potential conflicts of interest; (c) the need to ensure that the board is able to manage outsourced operations effectively, including the functions outsourced to the insurance manager; and (d) the need to take full account of interests of possible claimants on the parent policyholder where they rely on the fact that the captive is covering a particular liability. The above list is not exhaustive. (xxiv) With respect to the paragraph (vii)(a), particular care must be taken to ensure that the owner of the captive insurer is not able to access the funds and other assets of the captive insurer where that may financially impair its ability to meet its liabilities. (xxv) The Commission will, on its on-site inspections, look for evidence that the board and the insurance manager have given proper consideration to the appropriateness of the captive insurer’s corporate governance framework. Risk Management (xxvi) Captive insurers are exposed to many of the risks to which a full service insurer is exposed. However, the Commission considers that some of those risks are more important for a captive and some less important. The following are often more significant risks for a captive insurer: (a) operational risk arising out of the greater use of outsourcing; (b) risks arising out of the fact that the captive and the owner are in different locations; (c) asset concentration risk; (d) lack of risk diversification; (e) high claims volatility; (f) high liquid requirements; (g) exposure to related parties; and (h) currency risk.

312 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS Again, these risks are not exhaustive. Policies, Systems and Controls (xxvii) The Commission does not expect captive insurers to have the same policies, systems and controls as a full service insurer. The Commission expects that in many cases the policies, systems and controls of a captive insurer will be very much more straightforward. If the circumstances of a captive insurer justify it, there may be no need for systems and controls in certain areas. (xxviii) The Commission expects the board of a captive and the insurance manager to consider the policies, systems and controls that are appropriate for a captive insurer given the nature of its business. Where it is decided by the board that particular types of policies, systems and controls are not required, the decision must be recorded in writing together with the reasons. The Commission, when undertaking an on-site inspection, will expect to see evidence that the board have considered appropriate policies, systems and controls relating to all areas of its business. (xxix) Given that the insurance manager will usually be holding the assets and handling the transactions of a captive insurer, the adequacy of the internal controls of the insurance manager are usually more important than the internal controls of the insurer itself and the Commission will, as appropriate, focus on these. Insurance managers should therefore ensure that their internal controls meet the requirements of the Code. Nevertheless, ultimate responsibility for the internal controls of a captive remains with the board and the board of a captive insurer should, therefore, consider carefully the extent to which the duties of the board, as set out in the previous paragraph, should apply given the circumstances of the captive insurer concerned.

---

Division 3 Actuaries Application of this Division 143. (1) Subject to section 147, this Division applies to an insurer that is required to appoint an actuary under section 27 of the Insurance Act or, on the direction of the Commission, under section 30 of that Act, and to the actuary appointed. (2) In this Division, “insurer” means an insurer to which this Division applies. Qualifications for actuary 144. (1) The following are recognised professional bodies for the purposes of this section— (a) Institute of Actuaries (England); (b) Faculty of Actuaries (Scotland); (c) Canadian Institute of Actuaries (Canada); (d) Society of Actuaries (United States); (e) Casualty Actuarial Society (United States);

LAW OF VIRGIN ISLANDS Regulatory Code 313 Revision Date: 1 Jan 2020 [Statutory Instrument] (f) American Society of Pension Professionals and Actuaries (United States); (g) Conference of Consulting Actuaries (United States); and (h) such other professional body as may be recognised by the Commission for the purposes of this section on a case-by-case basis. (2) An individual is qualified to act as the actuary of a licensed insurer if— (a) he is a member of a recognised professional body; and (b) he is eligible to be appointed as actuary for the insurer under the rules of his professional body. (3) For the purposes of subsection (2), “member” includes “fellow” or any other term that denotes a full member of the professional body concerned. (4) A person who is qualified to act as the actuary of a licensed insurer under subsection (2) shall not be appointed as the actuary of a particular licensed insurer unless— (a) he has consented to act as the actuary of the insurer; and (b) the Commission has approved his appointment as actuary of the insurer. Actuary to provide information when at request of Commission 145. (1) An actuary, or a person that an insurer proposes for appointment as its actuary, shall, at the request of the Commission, provide the Commission with such information or documentation regarding the actuary’s experience, skills and resources as the Commission reasonably requires to determine whether he is fit and proper to act as the insurer’s actuary. (2) A request under subsection (1) may be made as part of the approval basis or at any subsequent time. Duties of actuary 146. (1) The actuary of a long-term insurer appointed under section 27 of the Insurance Act shall— (a) on an annual basis, or more frequently if he considers it necessary to monitor the solvency of the insurer— (i) prepare a valuation of the liabilities of the insurer arising out of its long-term business, setting out the basis for the valuation; (ii) assess the adequacy of the funds and other assets of the insurer to meet its long-term liabilities and, in particular the adequacy of its solvency margin; (iii) test the adherence of the insurer to relevant internal controls; and (iv) prepare a written report covering the matters specified in subparagraphs (i), (ii) and (iii), together with a certification in the approved form of the liabilities of the insurer, its assets and its solvency position; and (b) carry out such further work and investigations as may be—

314 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (i) required by the actuarial standards applicable to the actuary; or (ii) agreed between the insurer and the actuary. (2) An actuary appointed pursuant to a direction of the Commission issued under section 30 of the Insurance Act shall carry out such investigations and make such reports as the Commission may specify in the direction to appoint him or her. (3) The actuary of an insurer shall ensure that his or her reports are provided to the board and, as appropriate, senior management. Prescribed actuarial standards 147. (1) The actuary of a licensed insurer shall carry out his or her functions and duties as an actuary in accordance with— (a) the actuarial standards specified by the recognised professional body of which he or she is a member; or (b) such other recognised international actuarial standards as may be approved by the Commission on a case-by-case basis. (2) This section applies to an actuary of a licensed insurer, whether appointed pursuant to section 27 or section 30 of the Insurance Act or otherwise.

---

EXPLANATORY NOTES Introduction (i) The Insurance Act requires a long-term insurer to appoint and at all times have an actuary (section 27). Section 30 of the Act gives the Commission the power to direct a licensed insurer, whether long-term or general, to cause an actuary to investigate such aspects of the insurer’s financial condition as the Commission may specify. This Division applies to a long-term insurer and its actuary and to an insurer required by the Commission to appoint an actuary, for whatever purpose, and to the actuary appointed. (ii) Section 147 also applies to an actuary appointed by an insurer, where general or long-term, otherwise than in accordance with a statutory requirement. (iii) The actuary’s report should assist the board and senior management in fulfilling their obligations and the board should therefore regard the actuary as an essential part of the internal control framework. (iv) However, the actuary is also important to the Commission not least because his report gives the Commission a reasonable level of comfort that the insurer’s liabilities have been properly valued and is one factor that the Commission relies upon in determining the adequacy of an insurer’s solvency margin. The Commission therefore has an interest in the appointment of the actuary and the conduct of his work. Appointment of Actuary (v) The Insurance Act provides that a person cannot be appointed as the actuary of a long-term insurer under section 27 unless that person— (a) is qualified to act as the actuary of a licensed insurer under the Code; and (b) the Commission has given its prior written approval to his appointment.

LAW OF VIRGIN ISLANDS Regulatory Code 315 Revision Date: 1 Jan 2020 [Statutory Instrument] Approval is given with respect to an individual long-term insurer on a case-by￾case basis. Section 144(4) of the Code also provides that an actuary cannot be appointed unless he has consented to his appointment. All 3 conditions must therefore be satisfied before a person can be appointed to act as the actuary of a long-term insurer. (vi) The actuary is required by section 15 of the Code to satisfy the Commission’s fit and proper criteria. The Commission will therefore undertake a fit and proper assessment of the proposed actuary as part of the approval process. In essence, the Commission will consider whether the proposed actuary has sufficient knowledge, experience and resources to carry out an effective actuarial investigation and report. In making a fit and proper assessment of an actuary or proposed actuary, the Commission will consider, in particular— (a) whether the actuary has— (A) knowledge of the classes of insurance business carried on by the insurer; and (B) knowledge of the regulatory framework, as relevant to the insurer and its business; (b) the actuary’s experience in carrying out actuarial investigations for insurers of a similar type and with a comparable size and complexity of business; (c) the resources available to the actuary; and (d) whether the actuary can demonstrate that he keeps up-to- date with developments in international actuarial standards. (vii) The Commission expects the actuary to continue to meet its fit and proper criteria on an on-going basis. (viii) Section 16(1) of the Code requires an insurer to satisfy itself that its actuary is fit and proper. The Commission therefore expects an insurer to conduct due diligence on its proposed actuary prior to applying for the Commission’s approval of his appointment. Actuary Failing to Comply With Obligations (ix) Actuaries are not regulated by the Commission and the Commission therefore has no power to take enforcement action against an actuary who contravenes a requirement of the Insurance Act or the Code. However, it should be noted that the Insurance Act does create certain offences that may be committed by an actuary. Furthermore, the Commission will take any contraventions of the Insurance Act or the Code into account when determining whether an actuary is fit and proper to act as the actuary, not just the insurer concerned, but other insurers. Section 31 of the Insurance Act also gives the Commission the power to revoke the approval of an actuary if it determines that he is no longer fit and proper. Non-statutory Appointment of Actuary (x) Although section 27 of the Insurance Act only applies to a long-term insurer, an actuary can fulfil an important role for general insurers. The Commission therefore expects general insurers to consider whether it would be appropriate

316 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS to appoint an actuary on a non-statutory basis, given the business undertaken by the insurer and its risk profile.

---

Division 4 Insurance Managers and Intermediaries Contributed capital Over-riding contributed capital requirement 148. (1) A licensed insurance manager and a licensed insurance intermediary shall— (a) ensure that, at all times, it maintains its contributed capital at a level that is adequate to support its licensed business, taking into account the nature, size, complexity, structure and diversity of that business and its risk profile; and (b) maintain adequate systems and controls to monitor and assess its capital adequacy requirements on an on-going basis. (2) The requirement in subsection (1)(a) applies in addition to the specific contributed capital requirements specified in the Insurance Act and this Part of the Code. (3) The board and senior management of a licensed insurance manager and a licensed insurance intermediary shall make their own determination of the contributed capital that is reasonably required to support the business of the manager or insurance intermediary and shall ensure that contributed capital is increased where appropriate. Contributed capital 149. For the purposes of section 42 of the Insurance Act, the minimum contributed capital applicable to a licensed insurance manager and a licensed insurance intermediary is $25,000. Professional indemnity insurance Professional indemnity insurance 150. (1) A licensed insurance manager and a licensed insurance intermediary shall ensure that, at all times, it maintains such professional indemnity, fidelity and other insurance as is appropriate taking into account the nature, size, complexity, structure and diversity of its licensed business. (2) Without limiting subsection (1), the insurance required to be maintained under subsection (1) shall, except to the extent that the Commission otherwise permits in writing— (a) cover the negligence of, and errors and omissions by, the licensee, the dishonesty of its employees and the loss and theft of documents (extending to liability, the costs of replacement, the reinstatement of data and the increased costs of working); (b) include costs and expenses;

LAW OF VIRGIN ISLANDS Regulatory Code 317 Revision Date: 1 Jan 2020 [Statutory Instrument] (c) be for a minimum amount of cover of $500,000 for any one claim and $2,500,000 in aggregate. (3) A licensed insurance manager and a licensed insurance intermediary shall notify the Commission in writing of any limitations in cover that may apply to its licensed business. (4) In the event that the aggregate level of cover provided under an insurance policy required under subsection (1) is depleted as a result of a claim on the policy, the licensed insurance manager or insurance intermediary shall obtain re-instated cover that meets the requirements set out in this Code. (5) A licensed insurance manager and a licensed insurance intermediary shall establish systems and controls to ensure compliance with the terms and conditions set out in an insurance policy required under subsection (1), including in relation to the timely notification of events that may lead to a claim on the policy. Variation and exemption re insurance requirements 151. (1) The Commission may, on the written application of a licensed insurance manager or licensed insurance intermediary, vary the requirements specified in section 150. (2) A licensed insurance manager or a licensed insurance intermediary that is part of a group that provides professional indemnity insurance for its members is not required to comply with section 150 so long as the licensed insurance manager and licensed insurance intermediary is fully covered under the group professional indemnity insurance. (Substituted by S.I. 91/2010) PART V TRUST COMPANIES AND COMPANY MANAGEMENT COMPANIES Preliminary Interpretation for this Part 152. In this Part— “licensed business” means— (a) in the case of a licensed trust company, trust business as defined in the Banks and Trust Companies Act; (b) in the case of a licensed company manager, company management business as defined in the Company Management Act; and “licensee” means a licensed trust company or a licensed company manager.

318 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS Division 1 Financial Resource Requirements Over-riding capital resource requirement Over-riding capital resource requirement 153. (1) A licensed trust company and a licensed company manager shall— (a) ensure that, at all times, it maintains its capital resources at a level that is adequate to support its licensed business, taking into account the nature, size, complexity, structure and diversity of that business and its risk profile; and (b) maintain adequate systems and controls to monitor and assess its capital adequacy requirements on an on-going basis. (2) The requirement in subsection (1)(a) applies in addition to the specific capital resource requirements specified in this Part of the Code. (3) For the purposes of this section, “capital resources”, in relation to a licensed trust company, means its unencumbered contributed capital. (Inserted by S.I. 91/2010) Requirements applicable to licensed trust companies Meaning of “contributed capital” 154. (1) Subject to subsection (2), the “contributed capital” of a licensed trust company is the total of— (a) monies paid, and (b) where approved by the Commission on a case-by-case basis, the value of other consideration provided, for ordinary shares that have been issued by the trust company. (2) The following shall be excluded from any calculation of contributed capital— (a) where shares are partly paid, any monies or other consideration due in respect of those shares, whether or not called; (b) bonus shares; (c) treasury shares held by the licensed trust company; and (d) shares which give the holder the right to a distribution in any circumstances. (3) Where a shareholder agrees to pay, or provide consideration, for shares in whole or in part at a future time, the shares are partly paid with respect to the amount still to be paid or the consideration still to be provided, and the amount outstanding shall not be included in contributed capital.

LAW OF VIRGIN ISLANDS Regulatory Code 319 Revision Date: 1 Jan 2020 [Statutory Instrument] Minimum capital resource requirement, licensed trust companies 155. For the purposes of section 12(4) of the Banks and Trust Companies Act, a licensed trust company that holds a Class I, a Class II or a Class III trust licence, that is not a restricted licence, satisfies the prescribed minimum capital resource requirement if— (a) its contributed capital is maintained in the sum of $250,000, or its equivalent in a foreign currency acceptable to the Commission; and (b) its contributed capital is unencumbered. Regulatory deposits, scope and interpretation 156. (1) This section and section 157— (a) prescribe the deposits required to be made under section 12(4)(b) of the Banks and Trust Companies Act and the manner in which regulatory deposits are to be made and retained by the Commission; and (b) specify the purposes for which a regulatory deposit may be utilised by the Commission. (2) For the purposes of section 157— “additional regulatory deposit” is the additional deposit, if any that a specified trust company is required by the Commission to make under subsection (3) or (4); “minimum regulatory deposit” means, subject to subsection (5)— (a) in the case of a specified trust company that holds a Class I or a Class III trust licence— (i) where the specified trust company provides registered agent services for no more than 10,000 BVI business companies, $30,000; (ii) where the specified trust company provides registered agent services for more than 10,000 but no more than 30,000 BVI business companies, $40,000; (iii) where the specified trust company provides registered agent services for more than 30,000 BVI business companies but no more than 60,000 BVI business companies, $60,000; (iv) where the specified trust company provides registered agent services for more than 60,000 BVI business companies, $80,000; and (c) in the case of a specified trust company that holds a Class II trust licence, $20,000; “required regulatory deposit” means the minimum deposit plus any additional deposit applicable to the specified trust company; “specified licence” means a Class I, a Class II or a Class III trust licence; and “specified trust company” means a trust company that holds a specified licence. (3) Subject to subsection (4), the Commission may, whether on the granting of the licence or at any subsequent time, require a specified trust company to make an additional regulatory deposit comprising any or all of the following—

320 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (a) $5,000 for each subsidiary listed on the schedule attached to its licence that does not provide registered agent services to BVI business companies; (b) $10,000 for each subsidiary listed on the schedule attached to its licence that provides registered agent services to BVI business companies; (c) such additional sum as the Commission considers appropriate taking into account the nature and scale of the business of the specified trust company, including the number of trusts and the size of the trust assets administered by the trust company. (4) The maximum regulatory deposit that will be required to be made by a specified trust company is $100,000. (5) In the case of a company that is a specified trust company immediately prior to the commencement date, the minimum regulatory deposit is the greater of— (a) the minimum regulatory deposit applicable to it in accordance with subsections (2) and (3); or (b) the regulatory deposit held by the Commission with respect to the specified trust company immediately prior to the commencement date. (6) (Spent) (7) Nothing contained in this section shall be construed as requiring the Commission to effect a refund of all or any part of any regulatory deposit paid pursuant to the Banks and Trust Companies Act or the Company Management Act. (Inserted by S.I. 91/2010) Regulatory deposit requirements 157. (1) A specified trust company shall— (a) ensure that, at all times, it has paid monies to the Commission equal to the required regulatory deposit; (b) establish systems and controls to monitor whether the monies that it has paid to the Commission are sufficient to cover its required deposit. (2) The regulatory deposit made by a specified trust company may be used by the Commission for any one or more of the following purposes— (a) to satisfy outstanding fees or penalties payable by the specified trust company to the Commission; and (b) to satisfy the costs of, or associated with— (i) any enforcement action taken by the Commission against the trust company; and (ii) the running off and winding up of the licensed business of the trust company. (3) If a specified trust company ceases to hold a specified licence, the trust company is entitled to be paid such part of the deposit that the Commission is satisfied is not required for the purposes specified in subsection (1).

LAW OF VIRGIN ISLANDS Regulatory Code 321 Revision Date: 1 Jan 2020 [Statutory Instrument] (4) The Commission may pay interest to specified trust companies at such rate and in such manner as it considers appropriate. Capital requirements, licensed company managers Minimum capital resource, company managers 158. (1) For the purposes of section 10 of the Company Management Act the minimum capital resource requirement applicable to a licensed company manager is— (a) cash in hand or cash on deposit in the amount of $25,000 with a licensed bank approved by the Commission; or (b) cash in hand or cash on deposit in the amount of $10,000 with a licensed bank approved by the Commission and security or interest held or issued in the amount of $15,000 made up in any of the following ways— (i) a standby letter of credit or other guarantee that satisfies the criteria specified in section 159; or (ii) an interest in real property located in the Virgin Islands that the Commission approves as a suitable and adequate capital resource. (2) Where the capital resources of a licensed company manager include an interest in real property and the real property in question is leased property— (a) the leased property shall not be considered adequate as a minimum capital resource unless— (i) the period remaining on the lease as of the date of its presentation for approval by the Commission is 5 or more years; (ii) subject to subsection (3), the period remaining on the lease, at any given time whilst it is relied upon as a capital resource, is one year or more; (iii) where the leased property is encumbered, the Commission is satisfied that the encumbrance is not of such a nature so as to adversely affect its adequacy as a minimum capital resource for the purposes of subsection (1); and (b) the licensed company manager shall, at least 2 years prior to the expiration of the lease, provide the Commission with written notice of the expiry of the lease. (3) The Commission may disapply subsection (2)(a)(ii) where the licensed company manager has provided evidence satisfactory to the Commission that the lease will be renewed on its expiry for a term of not less than 5 years. (4) Where the capital resources of a licensed company manager includes an interest in real property and the real property in question is freehold property, the freehold property shall not be considered adequate as a minimum capital resource unless, where such property is encumbered, the Commission is satisfied that the encumbrance is not of such a nature as to adversely affect its adequacy as a minimum capital resource for the purposes of subsection (1).

322 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS Criteria for letter of credit or guarantee 159. A standby letter of credit or guarantee is acceptable as a capital resource of a licensed company manager for the purpose of section 158(1)(b)(i) if it satisfies the following criteria— (a) it is issued by a licensed bank or a licensed insurer approved by the Commission; (b) it is issued in favour of the Commission to secure the costs of, or associated with any or all of enforcement action taken by the Commission against the licensee, the running off of the licensed business of the licensee and the winding up of the licensee, whether by the Commission or any other person; (c) it has a term, on issue, of not less than one year; (d) it is irrevocable and is not subject to any condition or qualification not provided for in the Code or approved by the Commission; (e) it contains a condition that provides for its automatic extension, without amendment, for one year from its expiry date, unless no less than 90 days prior to its expiry date, written notice of the issuer’s intention not to extend is provided to the Commission; and (f) it is approved by the Commission in writing. Professional indemnity and other insurance Insurance requirements 160. (1) A licensed trust company and a licensed company manager shall ensure that, at all times, it maintains such professional indemnity, fidelity and other insurance as is appropriate taking into account the nature, size, complexity, structure and diversity of its licensed business. (2) Without limiting subsection (1), the insurance required to be maintained under subsection (1) shall, except to the extent that the Commission otherwise permits in writing— (a) cover the negligence of, and errors and omissions by, the licensed trust company or licensed company manager, the dishonesty of its employees, the loss and theft of documents (extending to liability, the costs of replacement, the reinstatement of data and the increased costs of working); (b) be arranged on the basis of any one claim and the aggregate; (c) include costs and expenses; (d) extend to every jurisdiction in, or from which, it carries on trust business or company management business, as the case may be; and (e) be for an amount of cover not less than that specified in section 161(1) and satisfy the criteria specified in section 161(3) . (3) A licensed trust company and a licensed company manager shall notify the Commission in writing of any limitations in cover that may apply to its licensed

LAW OF VIRGIN ISLANDS Regulatory Code 323 Revision Date: 1 Jan 2020 [Statutory Instrument] business whether carried on in, or from within, the Virgin Islands or any other jurisdiction in which the business is or may be carried on. (4) A person that ceases to hold a trust company or company management licence shall maintain such “run off” professional indemnity, fidelity and other insurance cover in respect of claims arising from past acts or omissions as may be required by the Commission. (5) In the event that the aggregate level of cover provided under an insurance policy required under subsection (1) is depleted as a result of a claim on the policy, the licensed trust company or licensed company manager shall obtain re-instated cover that meets the requirements set out in this Code. (6) A licensed trust company and a licensed company manager shall establish systems and controls to ensure compliance with the terms and conditions set out in an insurance policy required under subsection (1), including in relation to the timely notification of events that may lead to a claim on the policy. (7) A licensed trust company and a licensed company manager shall notify the Commission and the licensee’s insurer of any claim or potential claim on its professional indemnity insurance. (Inserted by S.I. 69/2019) Minimum levels of cover 161. (1) Subject to subsections (2) and (4), the minimum level of cover for any one claim and in the aggregate for the purposes of section 160(2)(e) shall be the greater of (a) 3 times relevant fees and commissions; (b) 30 times relevant fees and commissions from the single largest customer of the licensed trust company or company manager, including all related customers; or (c) in the case of a licensed trust company, $5,000,000 and in the case of a licensed company manager, $1,000,000. (2) Notwithstanding subsection (1)— (a) a licensed trust company is not required to maintain a level of insurance cover exceeding $10,000,000; and (b) a licensed company manager is not required to maintain a level of insurance cover exceeding $2,000,000. (3) For the purposes of section 160(2)(e), the excess that may be deducted from any claim under the policy shall not exceed $20,000 or 3% of the annual relevant fees and commissions of the licensed trust company or company manager, whichever is greater. Variation and exemption re-insurance requirements 162. (1) The Commission may, on the written application of a licensed trust company or a licensed company manager, vary the requirements specified in sections 160 and 161.

324 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (2) A licensed trust company or a licensed company manager that is part of a group that provides professional indemnity insurance for its members is not required to comply with sections 160 and 161 so long as the licensed trust company or licensed company manager is fully covered under the group professional indemnity insurance. (Substituted by S.I. 91/2010)

LAW OF VIRGIN ISLANDS Regulatory Code 325 Revision Date: 1 Jan 2020 [Statutory Instrument] EXPLANATORY NOTES Introduction (i) The Banks and Trust Companies Act requires a licensed trust company holding a Class I or a Class II licence to maintain capital resources of not less than the minimum prescribed by the Code or such greater capital resources as the Commission may require. The Company Management Act imposes an identical requirement on a licensed company manger. (ii) The purpose of this Division is to specify the detailed capital resource requirement applicable to licensed Class I and Class II trust companies and to licensed company managers. Over-riding Capital Resources Requirement (iii) Section 153 of the Code is intended to ensure that a licensed trust company, including a Class III licensee, and a licensed company manager has sufficient capital resources to support its business. Although, as indicated in paragraph (i), the Code specifies minimum capital resource requirements with respect to licensed trust companies (except Class III) and licensed company managers, these may not necessarily provide every licensee with adequate capital resources to support its business. It is important that the board and senior management of every licensee makes their own determination of the capital resources that are reasonably required to support the licensee’s business, taking into account its risk profile, and it is the responsibility of the board and senior management to ensure that the capital resources of the licensee are increased beyond the minimum requirements set out in the Code where appropriate. (iv) The Commission may, as part of its on-site and off-site monitoring programme, review a licensee’s own assessment of its capital resource requirements. (v) Failure to comply with section 153 of the Code may result in the Commission taking enforcement action against a licensee, even though the licensee may be in compliance with the specific contributed capital requirements applicable to it as specified in section 155. Required Regulatory Deposit (vi) Section 12 of the Banks and Trust Companies Act requires licensed trust companies, other than those with a restricted trust licence, (“specified trust companies”) to keep deposited or invested such sum as may be prescribed in such manner as may be prescribed (in a Regulatory Code). The purpose of sections 156 and 157 are to set out the prescribed requirements with respect to deposits. As these are required for regulatory purposes, they are termed “regulatory deposits”. (vii) Section 157(1) of the Code requires a specified trust company to ensure that, at all times, it has paid monies to the Commission equal to the required regulatory deposit. In practice, the Commission will require an applicant for a licence that requires the holder to make a regulatory deposit to pay the Commission its initial regulatory deposit prior to the licence being granted. In the case of a licensed trust company, the sum will usually be an estimate based on the applicant’s business plan. As the business of a licensed trust company develops and grows, its minimum regulatory deposit is likely to increase. It is

326 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS the responsibility of the licensed trust company to monitor this and to pay the increased deposit to the Commission. (viii) The purposes for which a regulatory deposit may be used are set out in section 157(2) of the Code. These are principally to satisfy fees and penalties owing to the Commission, to pay for any enforcement action taken and to pay the costs of running off and winding up the licensed business of the licensee. It should be noted that this is not intended to cover the costs of any liquidation under the Insolvency Act, except to the extent that these cover the running off and winding up of the licensed business. (ix) Of course, the Commission would not look to the regulatory deposit unless the licensed trust company is unwilling or unable to pay the fees, penalties or costs concerned. Capital Resource Requirement, Licensed Company Managers (x) Licensed company managers are required to maintain capital resources of $25,000. This is intended to provide a buffer so that, should the licensed company cease to carry on business it has some resources to enable it to run off its business. However, the Commission understands that many company managers are small and that some are start up businesses. In the circumstances, the Commission does not require the entire capital resource requirement to be met by cash in hand or at the bank. A licensed company manager must, however, meet at least $10,000 of its capital resource requirement with cash in hand or on deposit. The balance can be made up of either a standby letter of credit or other guarantee or an interest in real property located in the Virgin Islands. In both cases, the Commission must approve the alternative capital resource. (xi) The criteria for a standby letter of credit or other guarantee are clearly set out in section 159 of the Code. (xii) Section 158(2)(a) and (b) of the Code sets out certain minimum criteria that must be satisfied if an interest in real property is to be acceptable as a capital resource. However, as indicated, this is also subject to the approval of the Commission and the Commission will not grant its approval unless it is satisfied that the interest in real property is suitable and adequate as a capital resource. (xiii) In the case of a leasehold interest in property, the Commission will not consider a licence to occupy property or a short term tenancy or rental agreement as satisfactory. The lease must grant an ownership interest in the real property concerned. (xiv) It should be noted that, once a lease has less than one year to run, it is not suitable as a capital resource. Section 158(2)(b) requires the licensed company manager to give the Commission at least 2 years written notice of the expiry of the lease. This is to enable the licensed company manager to assess whether the lease will be renewed and, if not, to give the licensed company manager time to provide substitute capital resources. A lease ceases to be eligible as a capital resource once it has less than one year to run, unless the Commission is satisfied that the lease will be renewed for a period of at least 5 years. (xv) Where a lease relied upon as a capital resource has less than 2 years to run, the Commission will require a licensed company manager to provide it with—

LAW OF VIRGIN ISLANDS Regulatory Code 327 Revision Date: 1 Jan 2020 [Statutory Instrument] (a) a written undertaking satisfactory to the Commission that he will, within a period of 18 months seek and obtain a renewal of the lease; and (b) evidence satisfactory to the Commission that the lessor intends to renew the lease. (xvi) If the licensed company manager is not able to provide this, evidence, it will have to provide alternative capital resources, by way of cash in hand or on deposit or an alternative acceptable interest in real property to avoid being in breach of the capital resource requirements of the Code when the lease has less than one year to run. (xvii) Licensed company managers should note that an interest in real property is only acceptable as a capital resource as long as the company manager owns the interest.

---

Division 2 Managed Trust Companies Obligations on managed trust companies 163. (1) A managed trust company— (a) shall, within 5 days of obtaining its trust company licence, enter into a written management agreement with the licensed trust company approved by the Commission as its managing trust company; and (b) shall not commence carrying on business until the written management agreement referred to in paragraph (a) has been entered into and is in force. (2) The written management agreement referred to in subsection (1) shall comply with section 164. (3) A managed trust company shall not change the licensed trust company that carries on and manages its business without the approval of the Commission. Management agreements and outsourcing 164. (1) A management agreement between a managed trust company and the licensed trust company that will manage it shall— (a) specify the responsibilities of the respective parties; (b) state the responsibilities of the directors in the operation of the managed trust company; and (c) include provisions relating to— (i) the nature of the services that will be provided by the managing trust company, and on what basis; (ii) the fees and other costs to be charged by the managing trust company or the basis on which such fees and costs will be calculated and the basis on which costs, including common or joint costs, and revenues;

328 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (iii) the responsibilities of the respective parties for ensuring compliance with the managed trust company’s AML/CFT obligations and its regulatory obligations; (iv) the operational arrangements for the management of the managed trust company, including risk management and contingency plans; (v) the appointment of directors and senior managers; (vi) the duration of the management agreement; and (vii) the transfer of the managed trust company’s books and records on the termination of the management agreement. (2) Notwithstanding section 51, a managed trust company may outsource the compliance function to the managing trust company. Books and records 165. (1) The managing trust company shall keep the books and records of the managed trust company separately from— (a) its own books and records; (b) the books and records of its clients; and (c) the books and records of any other managed trust company for which it acts as managing trust company. (2) The books and records of a managed trust company that are kept in the Virgin Islands, whether pursuant to an AML/CFT obligation or a regulatory obligation, or otherwise, shall be kept at the principal office of the managing trust company in the Virgin Islands. Corporate governance and resource requirements 166. (1) For the purposes of this Division, “senior manager”, in relation to a managed trust company, has the meaning specified in section 4 except that the senior manager of a managed trust company may be an individual employed under a contract of service by the managing trust company who is seconded to the managed trust company to carry out the functions of a senior manager. (2) Subject to subsection (6), a managed trust company shall, at all times, have— (a) at least one director who is resident in the Virgin Islands; (b) at least one senior manager resident in the Virgin Islands; and (c) sufficient resources, including human and physical resources, to undertake those functions that— (i) in accordance with this Code, cannot be outsourced; and (ii) the managing trust company is not responsible for under the management agreement. (3) The senior management of a managed trust company shall have responsibility for the functions specified in subsection (2)(c)(i) and (ii). (4) The managing trust company shall ensure that—

LAW OF VIRGIN ISLANDS Regulatory Code 329 Revision Date: 1 Jan 2020 [Statutory Instrument] (a) the business and activities of the managed trust company are segregated from its own business and activities and from the business and activities of any other managed trust companies that it manages; and (b) it maintains separate financial records and prepares separate financial statements for each managed trust company that it manages. (5) For the purposes of section 22, one of the individuals undertaking the management of the managed trust company may, if the nature, size, complexity, structure and diversity of the business of the managed trust company allows, be an individual employed by the managing trust company under a contract of service who, although not seconded to the managed trust company, is a senior manager of the managing trust company with responsibility for managing the business of the managed trust company. (6) The Commission may, having regard to the nature, scale, complexity and diversity of the business of a managed trust company— (a) require the managed trust company to— (i) increase the number of its senior managers; (ii) increase the number of its directors that are resident in the Virgin Islands; (iii) have one or more senior managers that are employed by the managed trust company under a contract of service; (iv) increase the human, physical and other resources available to it; or (b) disapply subsection (5) with respect to the managed trust company.

---

EXPLANATORY NOTES Introduction (i) This Division establishes a formal regime for the licensing of managed trust companies. A managed trust company is defined in section 2 as a trust company, the licence of which, is subject to the condition that its business is carried out and managed by a BVI trust company (which must be a Class I trust company). (ii) Note should also be taken of the Explanatory Notes to section 10 of the Code which set out additional licensing criteria for managed trust companies. What Are Managed Trust Companies? (iii) Trust companies are expected by the Commission to establish a physical presence in the BVI, with an office and staff. However, by way of exception and where justified, the Commission is prepared to licence trust companies as managed trust companies. The licensed business of a managed trust company must be carried on and managed by a Class I trust company approved by the Commission for the purpose. (iv) Except as provided in the Code, a managed trust company is fully subject to the requirements of the Code, including the financial resource requirements in Part V, Division 1 of the Code. However, the Commission may grant exemptions to a managed trust company where the Commission agrees that it should be subject

330 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS to the consolidated supervision of a foreign regulatory authority so that the managed trust company is not subject to a dual regulatory regime. (v) The main concession made to managed trust companies is with respect to corporate governance requirements and to administration and carrying on of its business. Subject to having a board of directors, a managed trust company can rely on its managing trust company to provide management, including senior management, resources and the other human and infrastructure resources that it requires to carry on its licensed business. However, the Commission expects that its licensed business will be carried on in the BVI to a similar extent as any other trust company, albeit that the work is undertaken by the managing trust company. Whilst the Commission accepts that client-facing work will usually be undertaken outside the BVI, a managed trust company is not a “brass plate” and the Commission would not permit a managed trust company to continue to hold its licence if it became apparent that its licensed business was being carried on largely outside the BVI. Outsourcing and Resources (vi) Section 51 of the Code provides, in effect, that the only specific functions that can never be outsourced are the compliance function and a core management function. The term “core management function”, although not fully defined, includes— (a) setting and approval of the licensee’s risk management and other strategies; (b) oversight of the licensee’s policies, systems and controls; and (c) responsibility for the delivery of services to the licensee’s customers. (vii) Section 164(2) permits a managed trust company to outsource the compliance function to its managing trust company. However, section 51 of the Code otherwise has full application to a managed trust company. The compliance function cannot be outsourced to any service provider other than the managing trust company. (viii) In accordance with section 51 of the Code, all other functions can be outsourced in accordance with the outsourcing provisions of the RC unless the outsourcing would either impair the Commission’s ability to supervise the managed trust company or affect the rights of a customer against the managed trust company. (ix) A managed trust company is still required to apply to the Commission for the approval of its compliance officer. The Commission may, if it considers it appropriate, require a managed trust company to appoint its own compliance officer. (x) The senior managers of the managed trust company do not need to be employed by the managed trust company, although they can of course be directly employed. The Code specifically permits employees of the managing trust company to be seconded to the managed trust company. It is not necessary for a seconded senior manager to work exclusively for the managed trust company, but he must dedicate specific time to managing the business of the managed trust company.

LAW OF VIRGIN ISLANDS Regulatory Code 331 Revision Date: 1 Jan 2020 [Statutory Instrument] Span of Control (xi) Although section 22 of the Code applies to a managed trust company, section 166(5) provides that one of the individuals who makes up the “four eyes control” may be a senior manager of the managing trust company. The individual concerned need not also be a senior manager of the managed trust company, provided that he has responsibility for the management of the business of the managed trust company. Managing trust companies must be careful to ensure that any conflicts are properly managed. Management Agreement (xii) The management agreements entered into between a managed trust company and a managing trust company must comply with section 164(1) of the Code. Paragraph (c) provides that the management agreement must state the responsibilities of the directors in the operation of the managed trust company. The Commission understands that directors have statutory responsibilities and that these apply regardless of the management agreement and cannot be contracted out of. The intention of this provision is to ensure that specific additional responsibilities are clearly set out in the agreement.

---

PART VI MONEY SERVICES BUSINESS Interpretation for, and purpose of, this Part 167. (1) The principal purpose of this Part is to specify the obligations of, and the requirements relating to, licensed money services businesses and their supervision by the Commission. (2) In this Part— “BVI money services business” means a licensed money services business that is a BVI business company; “foreign money services business” means a licensed money services business that is a foreign undertaking; and “licensed money services business” means a person that holds a money services licence.

---

EXPLANATORY NOTES Introduction (i) The Financing and Money Services Act, 2009 (“FSM Act”) has established a new regime for the regulation and supervision of money services businesses. Although money services businesses are subject to the AML/CFT regime, and were subject to the previous AML regime, they have not previously been required to obtain a licence or been subject to supervision by the Commission. (ii) The Commission’s primary focus in supervising money services businesses will be on compliance with their AML/CFT obligations and, in the case of money transmission businesses, the protection of customer monies. The regulatory regime established in the Code for other financial services providers is not fully

332 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS appropriate for money services businesses. In the circumstances, Part 2, Divisions 3 and 5 of the Code (which sets out general requirements for, and obligations on, the financial services sector generally) does not apply to money services businesses. The only Parts of the Code that are applicable to licensed money services businesses are— (a) the Preliminary Provisions, as far as relevant to them, (definitions and interpretative provisions); (b) Part I (Principles for Business) which applies fully to licensed money services businesses; (c) Part II, Division 1 (Licensing), Division 2 (Fit and Proper Criteria), Division 4 (Compliance), Division 6 (Financial Statements, Auditors and Audits) and Division 7(Customer Assets); and (d) Part VI (Money Services Business). (iii) The Regulatory Code does not contain any specific AML/CFT requirements. These are all contained in the Anti-Money Laundering Regulations and the Anti￾Money Laundering and Terrorist Financing Code of Practice which apply fully to licensed money services businesses. What is Money Services Business? (iv) Section 6 of the Financing and Money Services Act provides that a person carries on money services business if the person carries on the business of providing— (a) money transmission services; (b) cheque cashing services; (c) currency exchange services; (d) the issuance, sale or redemption of money orders or traveller’s cheques; or (e) any other services specified in regulations made under the Act. (v) A person who operates as an agent or franchise holder of a person carrying on a business specified above also carries on money services business.

---

Capital resource requirements Over-riding capital resource requirement 168. (1) A BVI money services business shall— (a) ensure that, at all times, it maintains its capital resources at a level that is adequate to support its licensed business, taking into account the nature, size, complexity, structure and diversity of that business and its risk profile; and (b) maintain adequate systems and controls to monitor and assess its capital adequacy requirements on an on-going basis. (2) The requirement in subsection (1)(a) applies in addition to the specific capital resource requirements specified in section 169.

LAW OF VIRGIN ISLANDS Regulatory Code 333 Revision Date: 1 Jan 2020 [Statutory Instrument] Minimum capital resources 169. (1) For the purposes of section 12 of the Financing and Money Services Act, the minimum capital resource requirement applicable to a BVI money services business is— (a) cash in hand or cash on deposit in the amount of $10,000 with a licensed bank approved by the Commission; or (b) cash in hand or cash on deposit in the amount of $5,000 with a licensed bank approved by the Commission and security or interest held or issued in the amount of $5,000 made up in any of the following ways— (i) a standby letter of credit or other guarantee that satisfies the criteria specified in section 159; or (ii) an interest in real property located in the Virgin Islands that the Commission approves as a suitable and adequate capital resource. (2) Where the capital resources of a BVI money services business include an interest in real property and the real property in question is leased property— (a) the leased property shall not be considered adequate as a minimum capital resource unless— (i) the period remaining on the lease as of the date of its presentation for approval by the Commission is 5 or more years; (ii) subject to subsection (3), the period remaining on the lease, at any given time whilst it is relied upon as a capital resource, is one year or more; (iii) where the leased property is encumbered, the Commission is satisfied that the encumbrance is not of such a nature so as to adversely affect its adequacy as a minimum capital resource for the purposes of subsection (1); and (b) the BVI money services business shall, at least 2 years prior to the expiration of the lease, provide the Commission with written notice of the expiry of the lease. (3) The Commission may disapply subsection (2)(a)(ii) where the BVI money services business has provided evidence satisfactory to the Commission that the lease will be renewed on its expiry for a term of not less than 5 years. (4) Where the capital resources of a BVI money services business includes an interest in real property and the real property in question is freehold property, the freehold property shall not be considered adequate as a minimum capital resource unless, where such property is encumbered, the Commission is satisfied that the encumbrance is not of such a nature as to adversely affect its adequacy as a minimum capital resource for the purposes of subsection (1). Criteria for letter of credit or guarantee 170. A standby letter of credit or guarantee is acceptable as a capital resource of a BVI money services business for the purpose of section 169(1)(b)(i) if it satisfies the following criteria—

334 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (a) it is issued by a licensed bank or a licensed insurer approved by the Commission; (b) it is issued in favour of the Commission to secure the costs of, or associated with any or all of enforcement action taken by the Commission against the money services business, the running off of its licensed business and the winding up of the money services business, whether by the Commission or any other person; (c) it has a term, on issue, of not less than one year; (d) it is irrevocable and is not subject to any condition or qualification not provided for in the Code or approved by the Commission; (e) it contains a condition that provides for its automatic extension, without amendment, for one year from its expiry date, unless no less than 90 days prior to its expiry date, written notice of the issuer’s intention not to extend is provided to the Commission; and (f) it is approved by the Commission in writing. Regulatory deposit to be made by foreign money services business 171. (1) This section and section 172— (a) prescribe the amount of the deposit required to be made by a foreign money services business under section 12(3) of the Financing and Money Services Act, 2009 and the manner in which regulatory deposits are to be made and retained by the Commission; and (b) specify the purposes for which a regulatory deposit may be utilised by the Commission. (2) For the purpose of section 12(1)(b) and 12(2)(b) of the Financing and Money Services Act, 2009, the prescribed deposit for a foreign money services business is $10,000 (“the required regulatory deposit”). (3) A foreign money services business shall ensure that, at all times, it has paid monies to the Commission equal to the required regulatory deposit. Regulatory deposits, supplementary provisions 172. (1) The regulatory deposit made by a foreign money services business may be used by the Commission for any one or more of the following purposes— (a) to satisfy outstanding fees or penalties payable by the money services business to the Commission; and (b) to satisfy the costs of, or associated with— (i) any enforcement action taken by the Commission against the money services business; and (ii) the running off and winding up of the licensed business of the money services business. (2) If a foreign money services business ceases to hold a money services business licence, the money services business is entitled to be paid such part of the deposit that the Commission is satisfied is not required for the purposes specified in subsection (1).

LAW OF VIRGIN ISLANDS Regulatory Code 335 Revision Date: 1 Jan 2020 [Statutory Instrument] (3) The Commission may pay interest to foreign money services businesses at such rate and in such manner as it considers appropriate.

---

EXPLANATORY NOTES Introduction (i) The Financing and Money Services Act, 2009 requires licensees under the Act to maintain capital resources of not less than the minimum prescribed by the Code or such greater capital resources as the Commission may require. (ii) The purpose of this Division is to specify the detailed capital resource requirement applicable to licensed money services businesses. Persons who hold a financing licence are not subject to any capital resource requirements. Furthermore, foreign money services businesses are not subject to any capital resource requirements. This is because the Commission would find it extremely difficult to enforce capital resource requirements against a foreign company. However, foreign money services businesses are required to make a regulatory deposit with the Commission in a sum equal to the capital resource requirement imposed on a BVI money services business. Over-riding Capital Resources Requirement (iii) Section 168 of the Code is intended to ensure that a BVI money services business has sufficient capital resources to support its business. Although the Code specifies minimum capital resource requirements with respect to BVI money services businesses, these may not necessarily provide every BVI money services business with adequate capital resources to support its business. (iv) It is important that the board and senior management of every BVI money services business makes their own determination of the capital resources that are reasonably required to support the licensee’s business, taking into account its risk profile, and it is the responsibility of the board and senior management to ensure that the capital resources of the licensee are increased beyond the minimum requirements set out in the Code where appropriate. (v) The Commission may, as part of its on-site and off-site monitoring programme, review a BVI money services business’s own assessment of its capital resource requirements. (vi) Failure to comply with section 168 of the Code may result in the Commission taking enforcement action against a licensee, even though the licensee may be in compliance with the specific contributed capital requirements applicable to it as specified in section 169. Capital Resource Requirement, BVI Money Services Businesses (vii) BVI money services businesses are required to maintain capital resources of $10,000. This is intended to provide a buffer so that, should the money services business cease to carry on business it has some resources to enable it to run off its business. However, the Commission understands that many BVI money services businesses are small and that some are start up businesses. In the circumstances, the Commission does not require the entire capital resource requirement to be met by cash in hand or at the bank. A BVI money services business must, however, meet at least $5,000 of its capital resource requirement with cash in hand or on deposit. The balance can be made up of either a standby letter of credit or other guarantee or an interest in real property

336 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS located in the Virgin Islands. In both cases, the Commission must approve the alternative capital resource. (viii) The criteria for a standby letter of credit or other guarantee are clearly set out in section 170 of the Code. (ix) Section 169(2)(a) and (b) of the Code set out certain minimum criteria that must be satisfied if an interest in real property is to be acceptable as a capital resource. However, as indicated, this also subject to the approval of the Commission and the Commission will not grant its approval unless it is satisfied that the interest in real property is suitable and adequate as a capital resource. (x) In the case of a leasehold interest in property, the Commission will not consider a licence to occupy property or a short term tenancy or rental agreement as satisfactory. The lease must grant an ownership interest in the real property concerned. (xi) It should be noted that, once a lease has less than one year to run, it is not suitable as a capital resource. Section 169(2)(b) requires the BVI money services business to give the Commission at least two years written notice of the expiry of the lease. This is to enable the business to assess whether the lease will be renewed and, if not, to give the business time to provide substitute capital resources. A lease ceases to be eligible as a capital resource once it has less than one year to run, unless the Commission is satisfied that the lease will be renewed for a period of at least 5 years. (xii) Where a lease relied upon as a capital resource has less than 2 years to run, the Commission will require a BVI money services business to provide it with— (a) a written undertaking satisfactory to the Commission that it will, within a period of 18 months seek and obtain a renewal of the lease; and (b) evidence satisfactory to the Commission that the lessor intends to renew the lease. (xiii) If the BVI money services business is not able to provide this evidence, it will have to provide alternative capital resources, by way of cash in hand or on deposit or an alternative acceptable interest in real property to avoid being in breach of the capital resource requirements of the Code when the lease has less than one year to run. (xiv) BVI money services businesses should note that an interest in real property is only acceptable as a capital resource as long as the money services business owns the interest. Regulatory Deposits (xv) Section 12(3) of the Financing and Money Services Act, 2009 requires licensees to keep deposited or invested such sum as may be prescribed in such manner as may be prescribed (in a Regulatory Code). The purpose of sections 171 and 172 are to set out the prescribed requirements with respect to deposits required to be made by foreign money services businesses. As indicated above, this requirement is imposed instead of a capital resource requirement. BVI money services businesses are therefore not required to make a regulatory deposit. The prescribed regulatory deposit for a foreign money services business is $10,000. (xvi) Section 9(2)(b) of the Financing and Money Services Act, 2009 provides that the Commission may only grant a licence issued under the Act to an applicant if it

LAW OF VIRGIN ISLANDS Regulatory Code 337 Revision Date: 1 Jan 2020 [Statutory Instrument] is satisfied that the applicant will, upon issuance of the licence, be in compliance with the Act and the Regulatory Code. Where the Commission has decided, in principle, to grant an application to a person other than a BVI business company, the licence will not be issued until the applicant has made the required deposit. (xvii) The purposes for which a regulatory deposit may be used are set out in section 172 of the Code. These are principally to satisfy fees and penalties owing to the Commission, to pay for any enforcement action taken and to pay the costs of running off and winding up the licensed business of the licensee. It should be noted that this is not intended to cover the costs of any liquidation under the Insolvency Act, except to the extent that these costs cover the running off and the winding up of the licensed business. (xviii) Of course, the Commission would not look to the regulatory deposit unless the foreign money services business was unwilling or unable to pay the fees, penalties or costs concerned.

---

Management and control Corporate governance framework 173. (1) A licensed money services business shall take reasonable care to establish a corporate governance framework appropriate for the nature, size, complexity, structure and diversity of its business. (2) A licensed money services business shall ensure that— (a) the systems and controls established in accordance with section 18(2) of the Financing and Money Services Act, 2009 are regularly reviewed and updated as required; (b) it has adequate risk management systems in place; and (c) it has a span of control that is adequate for the nature, size, complexity, structure and diversity of its business. (3) Without limiting subsection (2), a licensee shall ensure that its management is undertaken by at least two individuals each of whom is either an executive director or a senior manager and is fit and proper for the purpose. (4) The relationship between the directors or senior managers who undertake the management of the licensee for the purposes of this subsection (3) shall be such so as to ensure that they can each exercise independent judgment and that none of them is able to exercise duress or undue influence over the other or others. (5) This section applies to a foreign money services business with respect to its business in the Virgin Islands. Foreign licensee to appoint BVI manager 174. Subject to section 173 , a foreign money services business shall— (a) appoint an employee resident in the Virgin Islands, approved by the Commission, as its BVI manager to have responsibility for managing its business and affairs in the Virgin Islands; and

338 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (b) designate a senior manager in the licensee’s home jurisdiction to whom the BVI manager is responsible. (Amended by S.I. 91/2010) Internal Controls 175. (1) A licenced money services business shall establish and maintain an adequate and effective system of internal controls appropriate for the nature, size, complexity, structure and diversity of its business. (2) The internal controls established under subsection (1) shall, as appropriate, operate at all levels of the money services business and shall ensure that— (a) the business of the licensee is planned and conducted properly, adequately and in an orderly manner and in accordance with management policies; (b) transactions and commitments are entered into in accordance with documented general or specific authorities; (c) the assets of the licensee are appropriately safeguarded and the liabilities controlled through measures designed to minimise the risk of loss from irregularities, error, fraud and physical damage, and to identify such occurrences promptly should they occur; (d) the accounting and other records of the licensee are complete, accurate and timely and can be used to compile financial statements as required by the Financing and Money Services Act, management information and returns to the Commission in line with the licensee’s regulatory and AML/CFT obligations; and (e) the board and senior management is able to properly guard against involvement in financial crime and ensure that the licensee is complying with all its regulatory and AML/CFT obligations. Licensed money services business to maintain records 176. (1) A licensed money services business shall keep adequate and orderly records which must include records of— (a) its financial affairs; (b) all transactions undertaken by the business whether on its own account or for customers; (c) its policies, systems and controls, including its risk management policies; and (d) minutes of all board meetings. (2) The records kept by a licensed money services business shall be sufficient to enable the Commission to monitor the compliance of the licensee with its regulatory obligations and its AML/CFT obligations. (3) A licensee shall— (a) maintain its records so that they can be readily retrieved in the Virgin Islands and, if kept otherwise than in legible form, so that they can be accessed and read at a computer terminal in the Virgin Islands and

LAW OF VIRGIN ISLANDS Regulatory Code 339 Revision Date: 1 Jan 2020 [Statutory Instrument] produced in the Virgin Islands in legible form and in the English language without delay; (b) ensure that its records are kept up to date and that a full audit trail is maintained of all changes to its records; and (c) have a written record retention policy which shall include— (i) the period of time for which various types of record will be retained, which shall be no less than the minimum period specified in section 19(4) of the Financing and Money Services Act; (ii) how records are to be securely and safely stored; and (iii) the process by which stored records can be readily accessed when required by the licensee, the Commission, law enforcement agencies or other persons entitled to access them. Customer assets and money 177. (1) For the purposes of this section— “customer assets” means assets that, in the course of its licensed business, a licensed money services business holds, has custody or control of or responsibility for that (a) belong to a customer or potential customer of the licensee; or (b) the licensee holds, has custody or control of or responsibility for, on behalf of a customer or a prospective customer; “customer money” means, subject to subsection (2), customer assets that consist of money. (2) A licensed money services business shall ensure that— (a) customer assets are identified, or identifiable, and appropriately segregated and accounted for; (b) customer money is not mixed with other money; (c) it makes arrangements for the safekeeping and proper protection of customer assets and any documents of title relating to customer assets; (d) the location of a customer’s assets and documents of title relating to a customer’s assets are recorded in the customer’s records; and (e) where any asset is required to be registered, it shall be properly registered either in the customer’s name or, where agreed with the customer, in the name of a nominee.

---

EXPLANATORY NOTES Introduction (i) Corporate governance is considered to be the relationship between a company’s board of directors, its management and its shareholders and other stakeholders, including customers. The corporate governance framework, in effect, is the system by which a company or other undertaking is directed and controlled.

340 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (ii) Section 18 of the Financing and Money Services Act imposes certain core corporate governance requirements on all licensed money services businesses. In summary, these require a licensed money services business to— (a) appropriately apportion significant responsibilities among its directors, senior officers and key functionaries; and (b) establish and maintain appropriate systems and controls; Section 173 of the Code supplements this requirement. (iii) These requirements are imposed on a foreign money services business only with respect to its business in the BVI. Span of Control (iv) One of the critical requirements for a money services business is that a licensed money services business ensures that it has a span of control that is adequate for its business. This requires a licensed money services business to ensure that at least 2 senior and competent individuals are involved in the decision making and day to day operation of the business. This is known as the “four eyes” principle. The four eyes principle is aimed at minimising the opportunities for fraud, error and bad management. (v) In order to demonstrate an adequate span of control, the Commission expects that where the minimum number of directors or senior managers are relied upon to satisfy the span of control requirements, each must be actively involved in the day to day management of the business and be able to exercise executive powers on behalf of the money services provider. It is not sufficient for one to be actively involved in the management of just some aspects of the licensee’s business. This requires that both are actively involved in the decision making process with respect to all significant decisions. (vi) The Code requires that the individuals are all “fit and proper”. In this context, the Commission considers that a director or senior manager should have sufficient experience and knowledge of the business and should also have the personal qualities and skills necessary to detect and resist any imprudence, dishonesty or other irregularities by the other individual or individuals. (vii) Each of the directors or senior managers providing the required span of control must be able to exercise independent judgment and must not be able to exercise duress or undue influence over the others. The Commission does not consider that individuals with close family relationships will be able to comply with this requirement as it is not reasonable to assume that that close family (i.e. spouses, children, parents, brothers, sisters etc.) can exercise properly independent management. Therefore, only one family member should normally be included in a determination of whether the licensee complies with the span of control requirements and where more than one family member is a director and/or senior manager, a licensee will need to be able to demonstrate that their combined influence does not impair the ability of the non-family director or senior manager.

LAW OF VIRGIN ISLANDS Regulatory Code 341 Revision Date: 1 Jan 2020 [Statutory Instrument] Internal Controls (viii) Internal control is a process undertaken by the board, senior management and all levels of staff. It is not a procedure or policy that is performed at a certain point in time, but rather it is should be continually operating at all levels within the licensee. A sound internal control framework is critical to the ability of a money services business to meet its objectives and to maintain its financial viability. (ix) The main objectives of the internal control framework are— (a) to ensure that the licensee is using its assets and other resources efficiently and effectively and that the licensee is being adequately protected from loss (performance objectives); (b) to ensure that timely, reliable, complete and relevant financial and management information needed for decision making is being prepared (information objectives); and (c) to ensure that the licensee complies with all its regulatory and AML/CFT obligations (compliance objectives). (x) To fulfil the performance objective, the licensee should, through its internal controls, ensure that all its personnel are working to achieve its goals with efficiency and integrity, without unintended or excessive cost and that they are not placing other interests (such as an employee’s, vendor’s or customer’s interest) before those of the licensee. However, it may in some circumstances be appropriate to place customers’ interests before those of the licensee, for example if there is a conflict between treating them fairly and the licensee’s financial goals. (xi) To fulfil the information objective, the internal controls will need to include the accounting procedures and also the appropriate dissemination of information to shareholders, the Commission and other external parties.

---

PART VII INVESTMENT BUSINESS Preliminary Interpretation for this Part 178. (1) For the purposes of this Part— “Act” means the Securities and Investment Business Act; “BVI licensee” means a licensee that is a BVI undertaking; “capital resources” means— (a) in relation to a licensee that is a BVI business company, its unencumbered contributed capital and such other capital resources as the Commission may specify in respect of that licensee; and (b) in relation to any other BVI licensee, such resources as the Commission shall specify in respect of that licensee; “contributed capital” means, in the case of a licensee that is a BVI business company—

342 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (a) monies paid; and (b) the value of other consideration provided, for ordinary shares that have been issued by the licensee; “licence” means an investment business licence; “licensee” means a person that has a licence; “non-domiciled fund administrator” means, subject to subsection (2), a licensed fund administrator the principal office of which is situated outside the Virgin Islands; “non-domiciled fund manager” means, subject to subsection (2), a licensed fund manager the principal office of which is situated outside the Virgin Islands; “professional investor” means an individual who has signed a declaration that he, whether individually or jointly with his spouse, has net worth in excess of $1,000,000 or its equivalent in any other currency and that he consents to being treated as a professional investor for the purposes of this Part; and “retail customer” means an individual who is acting for purposes which are outside his trade, business or profession, but excludes a professional investor. (2) In the circumstances specified in subsection (1), the Commission may, by notice issued to a fund administrator or fund manager, direct that, for the purposes of this Part, the fund administrator or fund manager shall not be regarded as being a non￾domiciled fund administrator or fund manager, as the case may be. (3) The Commission may issue a notice under subsection (2) where it considers that, by virtue of the nature or extent of the activities of the fund administration or fund management carried on in the Virgin Islands, the fund administrator or fund manager should be regarded as being domiciled in the Virgin Islands. Scope of this Part 179. (1) Subject to subsection (2), this Part applies to all licensees. (2) This Part does not apply to a licensee that has a category 7 licence (operating an investment exchange). Records 180. Any matter required under this Part to be recorded shall be recorded in written form and the record shall be retained for the retention period.

---

EXPLANATORY NOTES (i) This Part applies to all investment business licensees, except for a person holding a category 7 licence (operating an investment exchange). The business of operating an investment exchange is very different from all other forms of investment business and many of the provisions in this Part would not be appropriate. If an investment exchange was to be established in the BVI, it would be subject to its own legislation. (ii) Division 2 contains provisions that are applicable only to licensees who act as a functionary in relation to mutual funds.

LAW OF VIRGIN ISLANDS Regulatory Code 343 Revision Date: 1 Jan 2020 [Statutory Instrument] Division 1 Capital and Insurance Requirements Over-riding capital resource requirement Over-riding capital resource requirement 181. (1) A BVI licensee shall— (a) ensure that, at all times, it maintains its capital resources at a level that is adequate to support its investment business, taking into account the nature, size, complexity, structure and diversity of that business and its risk profile; and (b) maintain adequate systems and controls to monitor and assess its capital adequacy requirements on an on-going basis. (2) The requirement in subsection (1)(a) applies in addition to any specific capital resource requirements specified— (a) in this Part of the Code; or (b) by the Commission under section 8(2)(a) or (b) of the Act. (3) The board and senior management of a BVI licensee shall make their own determination of the capital resources that are reasonably required to support the licensee’s business, taking into account its risk profile, and shall ensure that the licensee’s capital resources are increased beyond the minimum required by this Code where appropriate. (4) On at least an annual basis— (a) senior management of a BVI licensee shall report to the board on the scope and performance of the systems and controls established to monitor and assess the licensee’s capital adequacy requirements; and (b) the board shall review those systems and controls taking into consideration the report by senior management. Professional indemnity and other insurance Insurance requirements 182. (1) A BVI licensee shall, subject to subsection (2), ensure that, at all times, it maintains such professional indemnity, fidelity and other insurance as is appropriate taking into account the nature, size, complexity, structure and diversity of its licensed business. (2) Where a BVI licensee determines that, having regard to the nature, size, complexity, structure and diversity of its licensed business, a professional indemnity insurance is not appropriate in its case, subsection (1) shall not apply, but the BVI licensee shall notify the Commission of that fact in writing stating its reasons.

344 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS EXPLANATORY NOTES Introduction (i) Section 8 of the Securities and Investment Business Act enables the Code to specify capital resource requirements for licensees. Given that international standards concerning the capitalisation of investment intermediaries are not yet fully developed, the Commission has determined that it would be premature for generally applicable capital resource requirements to be prescribed at this time. In the circumstances, as permitted by section 8(2)(b) of the Act, the Commission will set capital resource requirements for BVI licensees on a case-by-case basis, taking into account the business of the licensee and the risks that it faces. The Commission will issue separate guidance with regard to this matter. (ii) In determining the appropriate capital resource requirements for a licensee, the Commission will take into account the type of licence held. For example, where a licensee only holds a category 4 licence (investment advisor), the Commission is unlikely to impose anything more than a contributed capital requirement. However, other licensees may be subject to both a minimum contributed capital requirement and a minimum net asset requirement. Over-riding Capital Resources Requirement (iii) Section 181 of the Code is intended to ensure that a BVI licensee has sufficient capital resources to support its business. For most BVI licensees, “capital resources” means unencumbered contributed capital, although the Commission may provide for other types of capital resources on a case-by-case basis; the Commission does not expect to prescribe capital resources that would be a fit-for￾all. It should be noted that the minimum capital resources specified by the Commission may not provide a licensee with adequate capital resources to support its business. It is important therefore that the board and senior management of every BVI licensee make their own determination of the capital resources that are reasonably required to support the licensee’s business, taking into account its risk profile, and it is the responsibility of the board and senior management to ensure that the capital resources of the licensee are increased beyond the minimum requirements set out in the Code where appropriate. (iv) The Commission may, as part of its on-site and off-site monitoring programme, review a licensee’s own assessment of its capital resource requirements. (v) Failure to comply with section 181 of the Code may result in the Commission taking enforcement action against a licensee, even though the licensee may be in compliance with the specific capital resource requirements applicable to it.

---

Division 2 Conduct of Business General Requirements General conduct of business standards 183. A licensee shall, in carrying on its licensed business, act honestly, fairly and with due skill, care and diligence in fulfilling the responsibilities that it has undertaken.

LAW OF VIRGIN ISLANDS Regulatory Code 345 Revision Date: 1 Jan 2020 [Statutory Instrument] Fund functionaries 184. A licensee, when acting as the functionary of a fund shall, subject to any agreement between the licensee acting as functionary and the fund— (a) act in the best interests of the fund; (b) if it acts as functionary for more than one fund, ensure that all the funds for which it acts are, between each other, dealt with fairly and that no fund is given an unfair advantage; (c) in its dealing with investors of the fund, ensure that all investors are treated fairly. Valuation and pricing of fund property 185. (1) If a licensee, when acting as a fund functionary for a public fund, has responsibility for the valuation of the fund’s fund property, subject to subsection (2), it shall, in carrying out those responsibilities, comply with the fund’s valuation policy and procedures and the provisions of the Public Funds Code relating to valuation and pricing. (2) Subsection (1) does not apply if the fund’s valuation policy does not comply with the Public Funds Code. Client agreement: retail customer 186. (1) Where a licensee provides services constituting investment business to a retail customer (“the services”), it shall do so under a written agreement signed by both the licensee and the customer. (2) An agreement entered into under subsection (1) shall set out in adequate detail the basis and terms on which the services are provided, including specifying— (a) whether or not the services are to be provided on an execution only basis; or (b) if discretion is to be exercised by the licensee, the extent of the discretion to be exercised. Client agreement: non-retail customer 187. (1) Subject to subsection (2), where a licensee provides services constituting investment business to a customer who is not a retail customer (“the services”), whether on a discretionary basis or otherwise, it shall provide the customer with the terms on which the licensee is prepared to provide the services. (2) If it is not practicable for a licensee to provide the information required by subsection (1) before commencing business with the customer, the licensee shall provide the information to the customer as soon as reasonably practicable. Disclosure 188. (1) Before providing services that constitute investment business to a customer, a licensee shall disclose to the customer in writing— (a) the basis or amount of the licensee’s charges for the provision of those services; and

346 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (b) in the case of a retail customer, details of the licensee’s professional experience in relation to the services to be provided. (2) A licensee shall not provide advice to a retail customer concerning a transaction or investment strategy or act as a discretionary manager for a retail customer unless the licensee has taken reasonable steps to make the customer aware of the risks involved and of any conflicts of interest. Suitability 189. (1) This section and section 190 apply in relation to retail customers only. (2) Where a licensee is responsible for providing advice to, or exercising discretion for, a customer, it shall obtain, record and maintain any information about the circumstances (both financial and otherwise) and the investment objectives of the customer that are relevant to the advice to be provided or the discretion to be exercised. (3) If a customer declines to provide information concerning his circumstances and investment objectives, a licensee must not provide advice to, or exercise discretion on behalf of, the customer unless it has first disclosed to the customer that the lack of such information may adversely affect the service that it can provide. (4) A licensee shall take reasonable steps to ensure that it does not in the course of its licensed business provide any advice to a customer, or exercise a discretion for a customer, unless the advice, or exercise of discretion, is suitable for the customer having regard to— (a) the facts disclosed by the customer, including facts disclosed in a fund prospectus or offering document (if any); (b) the terms of any agreement with the customer; and (c) any other relevant facts about the customer of which the licensee is, or should reasonably be, aware. (5) A licensee shall take reasonable steps to ensure that the facts about a customer that it is required to take into account are recorded as soon as the licensee becomes aware of them. Charges 190. The fees and charges levied by a licensee for the provision of investment business services shall not be unreasonable in the circumstances. Dealing and Managing Customer 191. A licensee shall deal with customer and own account orders fairly and in due turn. Timely execution 192. (1) Once a licensee has agreed with a customer or decided in its discretion to effect or arrange a customer order, it shall effect or arrange the execution of the order as soon as reasonably practicable in the circumstances, unless postponement of the order is in the best interests of the customer.

LAW OF VIRGIN ISLANDS Regulatory Code 347 Revision Date: 1 Jan 2020 [Statutory Instrument] (2) Where a licensee decides to postpone an order in the best interests of the customer, it shall record the decision together with reasons for the decision. Allocation of orders 193. (1) A licensee shall— (a) ensure that a transaction it executes is promptly allocated; and (b) record the intended basis of allocation when (i) the licensee is dealing for one or more customers, either before or as soon as possible after the transaction is effected; or (ii) the licensee is dealing for one or more customers and itself, before the transaction is effected. (2) If a licensee discovers an error, either in the intended basis of allocation or in the actual allocation, it may recommence the allocation on a different and correct basis provided that a record of the reason for reallocation is made at the time of reallocation. (3) Each allocation made by a licensee shall be made in accordance with standards and procedures which are uniform for all allocations made by the licensee. Aggregation of orders 194. (1) A licensee shall not aggregate an order of a customer with the order of another customer or of the licensee unless— (a) otherwise agreed between the licensee and the customer; (b) it is in the overall best interest of the customer concerned; or (c) any possible disadvantage has been disclosed to the customer concerned. (2) When a licensee has aggregated an order for a customer transaction with an order of its own account transaction, or with another order for a customer transaction, then in the subsequent allocation— (a) it must not give unfair preference to itself or to any of those for whom it dealt; and (b) if all orders cannot be satisfied, it must give priority to satisfying orders for customer transactions unless it believes on reasonable grounds that, without its own participation, it would not have been able to effect those orders either on such favourable terms or at all. Best execution 195. (1) Where a licensee deals with or for a customer, it must seek to provide best execution, unless there is a specific instruction, in writing, from the customer. (2) For the purposes of subsection (1), a licensee provides best execution for a customer if— (a) it takes reasonable care to ascertain the price which is the best available for the customer in the relevant market at the time for transactions of the kind and size concerned; and

348 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (b) unless the circumstances require it to do otherwise in the interests of the customer, it deals at a price which is no less advantageous to the customer. (3) A licensee may rely on another person who executes the transaction to provide best execution, but only if it believes on reasonable grounds that the other person will do so. (4) In applying best execution, a licensee shall— (a) have regard to the best price, the likelihood of execution and settlement at that price, the costs of execution and the nature of the order; and (b) leave out of account any charges disclosed to the client which it or its agent would make. (5) A licensee shall establish and implement a best execution policy. Churning and switching 196. A licensee shall not, unless otherwise agreed with a customer— (a) advise the customer to deal or to switch within or between investments; or (b) in the exercise of the licensee’s discretion, deal or arrange a deal or effect such a switch for the customer, if the dealing or switching would reasonably be regarded as too frequent in the circumstances. Front running 197. (1) Subject to subsection (2), if a licensee or a person connected with the licensee intends to publish to customers a recommendation, or a piece of research or analysis, in relation to a particular investment, it shall not— (a) deal in the investment, or any related investment, on its own account; or (b) deal in the investment, or any related investment on behalf of the connected person, until the customers for whom the publication was principally intended have had, or are likely to have had, a reasonable opportunity to react to it. (2) A licensee is deemed not to have contravened subsection (1) if— (a) the publication could not reasonably be expected to materially affect the price of the investment concerned or any related investment; (b) the licensee is a market maker in the investment concerned and the deal was executed or arranged in good faith in the normal course of market making; (c) the licensee deals in order to fulfil an unsolicited customer order; (d) the licensee believes on reasonable grounds that it needs to deal to fulfil customers’ orders which are likely to result from publication, and that its doing so will not cause the price of the investment which is the

LAW OF VIRGIN ISLANDS Regulatory Code 349 Revision Date: 1 Jan 2020 [Statutory Instrument] subject of the written recommendation, or piece of research or analysis, to move against customers’ interests by a material amount; or (e) the licensee or the person connected with the licensee discloses in the publication that it or, the connected person, has effected, or may effect, an own account transaction in the investment concerned or any related investment. (3) For the purposes of this section “connected person” has the same meaning as “connected party” in section 102 of this Code. Conflicts of Interest Requirements concerning conflicts of interest 198. (1) A licensee shall— (a) either avoid any conflict of interest arising or, where conflicts arise, should ensure fair treatment to all its customers by disclosure, internal rules of confidentiality, declining to act, or otherwise; and (b) not unfairly place its interests above those of its customers. (2) If a licensee has a material interest in a transaction to be entered into with or for a customer, or a relationship which gives rise to a conflict of interest relating to such a transaction, the licensee shall not knowingly either advise, or deal in the exercise of discretion, in relation to that transaction unless it takes reasonable steps to ensure fair treatment for the customer. (3) Where the policies of a licensee to manage conflicts of interest made in accordance with section 197, are not sufficient to ensure, with reasonable confidence, that risks of damage to client interests will be prevented, the licensee shall clearly disclose the general nature and sources of conflicts of interest to the customer before undertaking business on its behalf. (4) A licensee shall, in making disclosure under subsection (3), provide the customer with sufficient detail, taking into account the nature of the customer, to enable the customer to take an informed decision with respect to the investment business in the context of which the conflict of interest arises. Policies and procedures 199. (1) Without limiting section 197, a licensee shall establish, maintain and implement a conflicts of interest policy which shall— (a) identify, with reference to the licensed business carried on by the licensee, the circumstances which constitute or may give rise to a conflict of interest entailing a material risk of damage to the interests of its customers or any of them; (b) set out procedures for ensuring the fair treatment of its customers; and (c) if the licensee is a member of a group, take into account potential conflicts arising from its membership of the group. (2) A licensee shall establish, and maintain systems and controls designed to ensure the effective implementation of its conflicts of interest policy.

350 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (3) A licensee shall keep a record of any significant conflicts that arise in the conduct of its licensed business and the steps that it has taken to avoid or manage those conflicts of interest.

---

EXPLANATORY NOTES Conflicts of Interest (i) Section 198(2) of the Code provides that, where a licensee has a material interest in a transaction, or a relationship, which gives rise to a conflict of interest, it shall not knowingly advise or deal in the exercise of discretion unless it takes reasonable steps to ensure fair treatment for the customer. (ii) In the case of a fund, the Commission considers that the “reasonable steps” to be undertaken by a licensee include satisfying itself that— (a) the transaction is not precluded by law, by the fund prospectus or offering document or the constituting documents; and (b) the constitutional documents of the fund and its prospectus expressly permit the transactions to be effected despite the existence of a material interest or conflict or, either— (A) the licensee has fairly disclosed the potential interest or conflict in the prospectus or offering document, or in its most recent report to investors, not more than 12 months before the date of the transaction; or (B) where such disclosure is impracticable, the licensee, in effecting the transaction, disregards the interest or conflict so that any disadvantage to the customer is avoided, or eliminates the interest or conflict.

---

Division 3 Customer Assets Scope of, and interpretation, for this Part 200. (1) This Division applies to a licensee in relation to customer investments. (2) In this Division— “custodian” means a person providing custodial services with respect to investments within the meaning of paragraph 5 of Part A of Schedule 2 of the Act; “customer investments”, in relation to a licensee, means customer assets that are investments within the meaning of Schedule 1 of the Act; “licensed custodian” means a licensee that has a category 5 investment business licence; “recognised country” means a country or jurisdiction recognised by the Commission pursuant to section 40(4) of the Act; “suitable custodian” means— (a) a licensed bank or a bank that is licensed, as a bank, in a recognised country;

LAW OF VIRGIN ISLANDS Regulatory Code 351 Revision Date: 1 Jan 2020 [Statutory Instrument] (b) a licensed custodian; or (c) a person— (i) who is lawfully carrying on business as a custodian; and (ii) whom the licensee is satisfied, both at the outset and on a continuing basis, is a fit and proper person to act as a custodian. Safekeeping of customer investments 201. (1) A licensee shall— (a) keep safe, or arrange for the safekeeping by a suitable custodian of, documents of title or other ownership rights relating to customer investments; (b) take reasonable steps to ensure that any customer investments that are registrable, are properly registered either in the customer’s name or, where agreed with the customer, in the name of a suitable custodian or a nominee that is— (i) chosen by the customer; or (ii) a corporate nominee, the business of which is limited to the holding of investments and related activities. (2) Where a licensee arranges for customer investments belonging to a customer to be registered in the same name as that in which the licensee’s own investments, or the customer investments of another customer are registered, it shall ensure that— (a) customer investments are separately identifiable from investments of the licensee; and (b) the customer investments of each customer are separately identifiable from each other. (3) Where a licensee registers customer investments in the name of its subsidiary, the licensee shall accept responsibility for the acts and omissions of the subsidiary. (4) Where a licensee holds documents of title to customer investments, title to which passes by delivery, the licensee shall ensure that the documents are stored in such manner as to minimise the risk of their loss due to theft, fire, flood or other physical damage. (5) A licensee shall establish and maintain systems and controls designed to minimise the risk of the loss or diminution of customer investments, through the misuse of the investments, fraud, inadequate administration or record keeping or negligence. Use of customer investments 202. A licensee shall not— (a) use a customer’s investments for its own account unless it has obtained that customer’s prior written consent to do so; or (b) lend, or arrange the lending of customers’ investments to another person unless—

352 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (i) the customer to whom the investment belongs has consented, in writing, and the loan is subject to appropriate documented terms and conditions; (ii) where customers’ investments belonging to more than one customer are registered in the same name, each customer whose investments are so registered has consented, in writing, to the lending of customer investments registered in that name, and each customer’s entitlement is clearly ascertained; (iii) adequate collateral is obtained and maintained for the duration of the loan, in accordance with any written instructions given by the customer; and (iv) the licensee arranges for all income, inclusive of dividends, fees or commissions, earned thereby (other than any fees payable to the licensee for arranging the loan) either to be paid to the customer directly or to be received by the licensee on the customer’s account and treated as customer money, unless instructed otherwise by the customer. EXPLANATORY NOTES (i) Although Division 3 of the Code applies to an investment business licensee in place of section 63 of the Code, the general provisions of the Code relating to client monies [sections 64 to 68] apply fully to such a licensee. (ii) Section 201(2) will typically apply where title to investments is recorded electronically. Although the method by which this section is complied with is left to be determined by the licensee, the Commission considers that it will usually be appropriate for each customer’s investments to be identified by an account designation that is unique to the customer and which is recorded as the account of that customer. (PART VII inserted by S.I. 91/2010)

---

SCHEDULE 1 (Section 2(1)) LICENCES The following licences are specified for the purposes of the definition of “licence” in section 2(1)—

1. A general, restricted Class I and restricted Class II banking licence issued under the Banks and Trust Companies Act.
2. A Category A, Category B, Category C and Category D insurer’s licence issued under the Insurance Act.
3. An insurance intermediary’s licence issued under the Insurance Act.
4. An insurance manager’s licence issued under the Insurance Act.
5. A Class I, Class II and Class III trust licence issued under the Banks and Trust Companies Act (including a restricted Class II or Class III trust licence).
6. A company management licence issued under the Company Management Act.

LAW OF VIRGIN ISLANDS Regulatory Code 353 Revision Date: 1 Jan 2020 [Statutory Instrument] 7. A money services licence issued under the Financing and Money Services Act, 2009. 8. An investment business licence issued under section 6 of the Securities and Investment Business Act. (Inserted by S.I. 91/ 2010)

---

354 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS SCHEDULE 1A (Section 15) BVI FINANCIAL SERVICES COMMISSION GUIDANCE NOTES ON FIT AND PROPER TEST [These Guidance Notes are a revision of the Guidance Notes on fit and proper test issued by the Commission in 1993] Introduction The BVI Financial Services Commission (“the Commission”) believes that the maintenance of a “fit and proper” environment is essential in ensuring that those who use financial services offered in the British Virgin Islands (Virgin Islands) are confident that business activities are conducted in accordance with high standards of market practice and integrity. Under the Financial Services Commission Act (“the FSC Act”) and other financial services legislation, the Commission is responsible for ensuring that regulated persons and approved persons are equipped to conduct business activities in and from within the Virgin Islands. The “fit and proper” assessment is both an initial test undertaken during consideration of an application for licensing, approval or authorisation and also a continuing and cumulative test, which takes account of the on-going conduct of both a regulated person and its senior managers (including other independent officers by virtue of the FSC Act or any regulatory legislation), and their history of compliance with all applicable Virgin Islands laws, regulations and Codes, and the nature of their relationships with the Commission. The primary responsibility for ensuring that regulated persons are soundly and prudently directed rests with the regulated persons themselves. The Commission’s expectations are that regulated persons will take the measures necessary to ensure that they, along with their senior managers and other independent officers, meet the Commission’s “fit and proper” criteria both at the licensing or approval stage and on an on-going basis. The criteria on fit and proper test outlined in this Schedule are of an imperative nature and the Commission will use them in making its regulatory and supervisory assessments with respect to persons that are required to be licensed, approved or authorised by the Commission or, where applicable, to persons that in any way require the consent of the Commission for any activity or matter to be undertaken by them. Furthermore, where in the FSC Act or any financial services legislation provision is made which, in relation to a person, requires an assessment of fitness and propriety, these criteria on the fit and proper test will, unless otherwise excluded, be applied accordingly. General Interpretation

1. For the purposes of these Guidance Notes— “adequate” means sufficient in terms of quantity, quality and availability; “applicant” means a person who submits an application or in relation to whom an application is required to be submitted to the Commission for licensing, approval or authorisation;

LAW OF VIRGIN ISLANDS Regulatory Code 355 Revision Date: 1 Jan 2020 [Statutory Instrument] “approved person” means a person required to be approved under the FSC Act or a financial services legislation; “controller”, with respect to an undertaking, means any person that has an influence over the activities of the undertaking without having a significant interest in the undertaking; (Inserted by S.I. 69/2019) “other independent officer” means any other person who by virtue of the FSC Act or a financial services legislation is required to be approved, licensed or authorised by the Commission; “regulated person” means a person authorised, licensed, registered or recognised or required to be so authorised, licensed, registered or recognised under a financial services legislation; “resources” includes all financial resources, non-financial resources and means of managing resources (for example, capital, provisions against liabilities, holdings of or access to cash and other liquid assets, human resources and effective means by which to manage risks); “senior manager” has the meaning outlined in section 4 of the Regulatory Code; and “significant owner”, with respect to an undertaking, means a person having a significant interest in the undertaking. PART I KEY ELEMENTS OF THE FIT AND PROPER TEST Fundamental principles in the fit and proper test 2. The Commission exercises judgment and discretion in assessing fitness and propriety in relation to an applicant or licensee, a director, senior manager, significant owner, controller or other independent officer. This process takes into account all relevant matters, including the following— (a) Honesty, Integrity and Reputation; (b) Competence and Capability; (c) Financial Soundness. The Commission may consider criteria that fall outside the above categories. Some of the fit and proper criteria detailed in the subsequent paragraphs may be more relevant for a company and some for an individual, but most are relevant to both. Depending upon the person being assessed, greater emphasis may be placed on one or more of the above categories than the others. For example, in the case of a senior manager, significant emphasis would be placed on category (b), whereas this may not be relevant for a significant owner. However, categories (a) and (c) are likely to be extremely important for a significant owner. (Amended by S.I. 69/2010) Factors relevant in assessing fitness and propriety 3. In assessing honesty, integrity and reputation, the Commission will consider among other things, whether the regulated person or other person concerned—

356 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (a) has been convicted, or is connected with a person who has been convicted, of any offence, particularly an offence involving dishonesty, fraud or other financial crime, or has been subject to any pending criminal proceedings that may lead to a conviction by any court in the Virgin Islands or elsewhere or civil proceedings which strongly bring into question its integrity or reputation; (b) has been the subject, or connected to the subject, of any existing or previous investigation or enforcement proceedings by the Commission, or any other regulatory authority, professional body or government body or agency within or outside the Virgin Islands; (c) has contravened, or is connected with a person who has contravened, any provision of any financial services legislation, or any code, directive, policy or guideline issued by the Commission or other relevant industry standards applicable in the Virgin Islands or elsewhere. The Commission will, however, take into account both the status of these instruments and relevant industry standards and the nature of the contravention; (d) has been refused or is connected to a person who has been refused, registration, authorisation, membership or licence to carry out a trade, business or profession or has had that registration, authorisation, membership or licence suspended, revoked, withdrawn or terminated, or has been expelled by a regulatory or government body; (Amended by S.I. 69/2019) (e) has been open and co-operative in all its dealings with the Commission and any other regulatory body and is committed to comply with all relevant legal, regulatory and professional obligations; and (Amended by S.I. 69/2019) (f) has a conflict of interest with the regulated person or applicant and whether there are policies and procedures in place to manage such conflicts. (Inserted by S.I. 69/2019) Additional factors in respect of senior officers 4. In addition, in relation to a director, senior manager or other independent officer, the Commission will, in assessing honesty, integrity and reputation, consider among other things, whether the director, senior manager or other independent officer— (a) has been dismissed or asked to resign from employment, a position of trust or a fiduciary or similar appointment; (b) has been disqualified from acting as a director or in any managerial capacity, is the subject of any proceeding of a disciplinary or criminal nature, or has been notified of any potential proceedings or investigations which might lead to such proceedings; or (c) has been a director, partner, or concerned in the management of a business that has gone into insolvency, liquidation or administration while he has been connected with that business or within one year of the end of such connection. The Commission will consider the above matters only so far as they are relevant to its assessment of whether a director, senior manager or other independent officer satisfies its honesty, integrity and reputation criteria. In the circumstances, whilst the Commission

LAW OF VIRGIN ISLANDS Regulatory Code 357 Revision Date: 1 Jan 2020 [Statutory Instrument] would consider the dismissal of a director on the grounds of his incompetence or misconduct to be highly relevant, it is unlikely that his redundancy would be relevant. Similarly, with respect to paragraph 4(c) above, the Commission would consider an insolvent liquidation to be relevant, but the liquidation of a company under a group restructuring scheme may not be relevant. Competence and capability criterion 5. In order to satisfy the competence and capability criterion, a regulated person or applicant must be able to demonstrate to the Commission that its business is, or will be, soundly and prudently run. In making this assessment, the Commission will consider, among other things, whether— (a) the regulated person or applicant has satisfactory experience or demonstrable expertise in operating a similar business and whether its existing regulated business in other jurisdictions is soundly and prudently operated; (b) the regulated person or applicant has, or will have, adequate human and technical resources with the appropriate range of skills and experience to understand, operate and manage the regulated person’s or applicant’s regulated activities; (c) the regulated person has, or will have, in place appropriate recruitment policies and adequate internal control systems and procedures which, among other things, are sufficient enough to ensure that all persons acting on its behalf or providing services to it meet the “fit and proper” criteria; (d) the regulated person or applicant has, or will have, established clear managerial reporting lines with regard to the operation of its business; and (e) the regulated person or applicant has a compliance history that can be properly and effectively assessed. Application of competence and capability criterion to directors, senior managers, etc. 6. The competence and capability criterion outlined in paragraph 5 above also applies to directors, senior managers and other independent officers. In order for its directors, senior officers and other independent officers to meet this criterion, a regulated person or applicant must be able to demonstrate that they have the requisite qualifications, skills, capabilities and experience adequate to undertake the functions that they perform, or will perform, in relation to the regulated person or applicant. In addition, they must be assessed for proper conduct. Accordingly, in determining the competence and capability of a director, senior manager or other independent officer, the Commission will consider, among other things, whether— (a) the director, senior manager or other independent officer has been dismissed or suspended from employment for drug or alcohol abuse or other abusive acts in the workplace; (b) the director, senior manager or other independent officer has the technical knowledge, skill, ability and experience necessary to perform the duties for which he is to be engaged. In this respect, recognised professional qualifications and membership of professional institutions will be particularly relevant and will be taken into account by the Commission; and

358 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (c) the director, senior manager or other independent officer has, or will have, sufficient time and commitment to properly discharge his duties upon being engaged. Condition of licensing, approval and authorisation 7. It shall always be a condition of every licensing, approval or authorisation granted by the Commission that the person to whom the licensing, approval or authorisation relates must perform to the highest standards of market practice and act in a way that protects the best interests of consumers and investors, and the reputation of the Virgin Islands. The Commission will therefore expect every regulated person, director, senior manager and other independent officer to have a good knowledge and appreciation of the relevant standards of market practice. Assessing financial soundness 8. In assessing the financial soundness of a regulated person or applicant, the Commission will assess whether the regulated person or applicant is solvent or can maintain solvency and has established or will establish prudent financial controls. A regulated person or an applicant must show that its business plan is viable and realistic and that it is in good standing to satisfy the financial soundness criterion and therefore has a good probability of continuance in the future. 8A. In assessing the financial soundness of a regulated person or applicant, the Commission will also assess the source of wealth and source of funds of the significant owner or controller of the regulated person. A regulated person must be able to demonstrate legitimate sources of funds and wealth of the significant owner or controller. (Inserted by S.I. 69/2019) Factors for determining financial soundness 9. In determining the financial soundness of a regulated person or applicant and its directors, senior managers and other independent officers, the Commission will consider matters such as, but not limited to, whether— (a) there are any indications that the regulated person or applicant will not be able to meet its debts as they fall due; (b) relevant prudential requirements (including solvency margins) are met, or will be met, by the regulated person or applicant; (c) the regulated person or applicant or any of its directors, senior managers or other independent officers have been subject to any judgement debt or award that remains outstanding or has not been satisfied within a reasonable period; (d) the regulated person or applicant or any of its directors, senior managers or other independent officers have made an arrangement with creditors, filed for bankruptcy, or been adjudged bankrupt or had a receiver appointed over it; and (e) the regulated person or applicant or any of its directors, senior managers or other independent officers have been able to provide the Commission with financial references that are satisfactory to the Commission.

LAW OF VIRGIN ISLANDS Regulatory Code 359 Revision Date: 1 Jan 2020 [Statutory Instrument] Application of financial soundness to directors, senior managers, etc. 10. Financial soundness is likely to be relevant with respect to significant owners and may be relevant to directors, senior managers and other independent officers. It will be of most significance where there is an expectation that a person having a significant interest in a regulated person or an applicant could be relied on to provide additional capital or other financial support to the regulated person or applicant, if required. Although directors, senior managers and other independent officers would not usually be expected by the Commission to have substantial financial resources, the Commission would consider insolvency and any unsatisfied judgments debts to be relevant. In any case, it should be noted that the criteria outlined in paragraph 9 above are relevant and will be taken into account in assessing the financial soundness of a significant owner, director, senior manager or other independent officer. PART II OTHER MATTERS Relevance of functions to be performed 11. As indicated, the Commission carries out a fit and proper assessment on the basis of the functions that a director, senior manager or key functionary will undertake for the regulated person or applicant. The Commission will not consider a person to be fit and proper with respect to a particular function if that function materially conflicts with any other function that he undertakes, or will undertake. In determining the materiality of a conflict, the Commission will take into account whether any conflicts can be managed and, if so, whether satisfactory arrangements have been, or will be, put in place to manage them. PART III PERSONS NO LONGER FIT AND PROPER Power of Commission to direct removal and replacement of senior officer, including revocation of appointment 12. Where the Commission is of the opinion that, in respect of a regulated person, a director, senior manager, other independent officer or other person undertaking a function specified in any financial services legislation does not satisfy the fit and proper criteria outlined in these Guidance Notes, section 40D of the FSC Act gives the Commission the power to require the regulated person to remove that person and to replace him with another person acceptable to the Commission. The regulatory enactments give the Commission the power to revoke the approval of a licensee’s auditor, and in the case of a licensed insurer its actuary, if it considers that the auditor or actuary has failed to fulfil his obligations or is otherwise not fit and proper. Similar powers, wherever granted in any financial services legislation, with respect to any specified person may also be exercised by the Commission. Treatment of persons with significant interest in a regulated person 13. The Commission does not have the power to direct the removal of a person who has a significant interest in a regulated person. However, section 40B of the FSC Act enables the Commission to attach conditions to a licence at any time. If the Commission considers that a person having a significant interest in a licensee no longer meets its fit and proper

360 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS criteria, it would impose a condition on the regulated person to the effect that the person concerned should not have a significant interest in the regulated person. In order to avoid enforcement action being taken against it, the regulated person would be obliged to ensure that the person concerned ceased to have a significant interest in it. (Inserted by S.I. 91/2010)

---

SCHEDULE 2 (Section 53(2)(b)) KEY OUTSOURCING RISKS Key Outsourcing Risks Strategic Risk: The third party may conduct activities on its own behalf which are inconsistent with the overall strategic goals of the licensee. Failure to implement appropriate oversight of the outsource provider. Inadequate expertise to oversee the service provider. Reputation Risk: Poor service from third party. Customer interaction is not consistent with overall standards of the licensee. Third party practices not in line with stated practices (ethical or otherwise) of licensee. Compliance Risk: Licensee’s regulatory or AML/CFT obligations contravened. Service provider has inadequate compliance systems and controls. Operational Risk: Technology failure. Inadequate financial capacity to fulfil obligations and/or provide remedies. Fraud or error. Risk that firms find it difficult/costly to undertake inspections. Exit Strategy Risk: The risk that appropriate exit strategies are not in place which could arise from over-reliance on one service provider, the loss of relevant skills in the licensee itself preventing it bringing the activity back in-house, and contracts which make a speedy exit prohibitively expensive. Limited ability to return services to home country due to lack of staff or loss of intellectual history. Counterparty Risk: Inappropriate underwriting or credit assessments. Quality of receivables may diminish. Country Risk: Political, social and legal climate may create added risk. Business continuity planning is more complex. Contractual Risk: Ability to enforce contract. Access Risk: Outsourcing arrangement hinders ability of licensee to provide timely data and other information to Commission. Additional layer of difficulty in regulator understanding activities of

LAW OF VIRGIN ISLANDS Regulatory Code 361 Revision Date: 1 Jan 2020 [Statutory Instrument] the service provider. Concentration and Systemic Risk: Overall industry has significant exposure to outsource provider. Concentration risk has a number of facets, including— • Lack of control of individual firms over provider; and • Systemic risk to industry as a whole.

---

SCHEDULE 3 (Section 72(1)) EVENTS AND CHANGES TO BE NOTIFIED TO COMMISSION Event Time Limit for Notification

1. Application being made to the Court for the appointment of a liquidator or administrator of the licensee under the Insolvency Act Immediate
2. A meeting being called to consider the appointment of a liquidator under section 159(2) of the Insolvency Act Immediate
3. A proposal being made for a creditors’ arrangement under the Insolvency Act Immediate
4. The making of, or any proposals for the making of, a composition or arrangement with one or more creditors of the licensee other than a creditors’ arrangement as referred to in event 3. Immediate
5. The striking of the licensee off the register of companies maintained by the Registrar of Corporate Affairs under the BVI Business Companies Act Immediate
6. The appointment of a receiver of the licensee or any of its property, whether by a creditor, the Court or otherwise Immediate
7. Anything equivalent to events 1 to 6 occurring in a jurisdiction outside the Virgin Islands Immediate
8. The bringing of civil proceedings against the licensee where the size of the claim is significant with respect to the licensee’s financial resources or is likely to affect the licensee’s reputation Immediate
9. The commencement of an investigation with respect to the business or affairs of the licensee by any overseas regulatory authority Immediate

362 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS 10. The taking of any enforcement action or the imposition of any disciplinary measures against the licensee by a foreign regulatory authority or a professional body (in or outside the Virgin Islands), including the refusal or revocation of membership by such a professional body Immediate 11. The prosecution or conviction of the licensee, or any of its directors or senior managers, in or outside the Virgin Islands for any offence— Immediate (a) relating to financial services; or (b) involving fraud or dishonesty 12. The granting or refusal of an application for a licence to carry on any financial services business outside the Virgin Islands or the revocation of any such application Immediate 13. The commission by any employee of the licensee of a fraud against a customer of the licensee Immediate 14. The licensee becomes aware of any fraud committed against it. Immediate 15. Any matter that the licensee considers to be material to the fit and properness of the licensee or any person having a significant interest in it or any of its directors or senior managers Immediate 16. Any significant failure in the licensee’s systems or controls Immediate 17. Any proposed significant re-structuring or reorganisation of the licensee or its regulated business or activities Within a reasonable time prior to the proposed restructuring or reorganisation taking effect 18. Any material breach of the capital or financial resource requirements imposed on the licensee by a regulatory enactment or the Code Immediate 19. Any transfer of an interest in a licensee by operation of law or pursuant to an order of the Court, where— Within 14 days of the transfer (a) the person whose interest is transferred holds, or before the transfer held, a significant interest in the licensee; or (b) as a result of the transfer, a person becomes the holder of a significant interest in the licensee. In this paragraph “transfer” includes a sale, acquisition, charge or other disposal. (Amended by S.I. 91/2010)

LAW OF VIRGIN ISLANDS Regulatory Code 363 Revision Date: 1 Jan 2020 [Statutory Instrument] 19A. Any transfer of an interest in a licensee which does not require the approval of the Commission, where— (a) the person whose interest is transferred holds, or before the transfer held, an interest that is not a significant interest in the licensee; or (b) as a result of the transfer, a person becomes the holder of an interest that is not a significant interest in the licensee. In this paragraph “transfer” includes a sale, acquisition, charge or any disposal. (Inserted by S.I. 91/2010) 20. Change of address of principal office, whether within or outside the Virgin Islands, where prior approval of Commission for change in principal office not required Within 14 days of the change

---

SCHEDULE 4 (Section 83(1)) CALCULATION OF RISK WEIGHTED CAPITAL ADEQUACY RATIO PART A – RISK WEIGHTINGS The following weightings apply for the purposes of determining a bank’s total risk weighted on-balance sheet asset exposure— (a) Zero percent (0%) weight— (i) Cash (ii) Gold and silver bullion (iii) Claims on Zone A central governments and central banks (iv) Claims collateralised by cash of a Zone A central government where there is a legal right of set-off (b) Ten percent (10%) weight— (i) Marketable securities of up to 1 year original maturity issued by Zone A central governments and central banks (ii) Investments (over 1 year original maturity for debt instruments) representing claims against Zone A central governments and central banks (iii) Claims guaranteed by, or collateralised by securities of, Zone A central governments and central banks (c) Twenty percent (20%) weight— (i) Claims on multilateral development banks and claims guaranteed by, or collateralised by securities issued by, such banks (ii) Balances with and CDs issued by other BVI banks (iii) Cash items in process of collection

364 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (iv) Marketable securities of up to 1 year original maturity issued by Zone A domestic public sector entities, excluding central governments and central banks (v) Marketable securities of up to 1 year original maturity issued by Zone A banks (vi) Reverse repurchase agreements with BVI banks (vii) Loans made to Zone A public sector entities, excluding central governments (viii) Loans made to Zone A banks (ix) Investments (over 1 year original maturity for debt instruments) representing claims against Zone A domestic public sector entities, excluding central governments and central banks (x) Investments (over 1 year original maturity for debt instruments) representing claims against Zone A banks (xi) Claims guaranteed by, or collateralised by securities issued by, Zone A domestic public sector entities, excluding central governments and central banks (xii) Claims guaranteed by, or collateralised by securities issued by Zone A banks (d) Fifty percent (50%) weight— (i) Loans fully secured by mortgages on residential property that is or will be occupied by the borrower or that is rented. (e) One hundred percent (100%) weight— (i) Marketable securities of up to 1 year original maturity other than those specified in paragraphs (b) or (c) (ii) Reverse repurchase agreements other than with BVI banks (iii) Loans made to Zone B central and local governments, central banks and other public sector entities (iv) Loans made to banks incorporated in Zone B countries (v) Loans made to industrial and commercial corporations (vi) Loans made to individuals (vii) Loans other than those specified elsewhere in this Part of the Schedule (viii) Investments in affiliated non-financial institutions (ix) Securities other than those specified elsewhere in this Schedule (x) Premises (xi) Other real estate owned (xii) Equipment and other fixed assets (xiii) Accrued interest receivable (xiv) All assets not specified elsewhere in this Part of the Schedule

LAW OF VIRGIN ISLANDS Regulatory Code 365 Revision Date: 1 Jan 2020 [Statutory Instrument] PART B – ZONE A AND ZONE B COUNTRIES

1. The following are specified as Zone A countries— Australia Austria Belgium Canada Denmark Finland France Germany Greece Iceland Ireland Italy Japan Luxembourg Netherlands New Zealand Norway Portugal Saudi Arabia Spain Sweden Switzerland Turkey United Kingdom United States
2. Any country that is not a Zone A country is a Zone B country. PART C – CREDIT CONVERSION FACTORS The following credit conversion factors apply for the purposes of converting a bank’s off￾balance sheet items to an on-balance sheet equivalent— (a) One hundred per cent (100%) credit conversion factor— (i) Direct credit substitutes, including general guarantees of indebtedness (backing financial claims), standby letters of credit serving as financial guarantees to third parties, acceptances and endorsements

366 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS (with the character of acceptances). Instruments in this category must relate to the financial requirements of a counterparty, where the risk of loss to the bank on the transaction is equivalent to a direct claim on the counterparty and may arise in connection with loans, commercial paper issues and other debt instruments. (ii) Sale and repurchase agreements and asset sales with recourse, where the credit remains with the bank. Transactions should not be included in this category if they have been included as on-balance sheet assets. (iii) Forward asset purchases, including forward agreements which are contractual obligations to purchase assets with certain drawdown at a specified future date. These obligations include forward purchases of loans and other on-balance sheet items. (iv) Partly paid shares and securities, including any amounts owed on the uncalled portion of partly-paid shares and securities if there is a specific date for the call on the unpaid part of the share or security, that is, if there is certain drawdown. If there is no specific date, the unpaid part should be treated as a long-term commitment and reported under paragraph (b) of this Part. The risk-weight to be used for a transaction in subparagraph (i), (ii) or (iii) shall be determined by the issuer of the security (or borrower in the case of a loan sale) or the type of asset to be purchased, as the case may be, and not according to the counterparty with whom the transaction has been entered into. (b) Fifty per cent (50%) credit conversion factor— (i) Transaction-related contingencies and non-financial guarantees, including all transaction related contingencies which relate to the on￾going trading activities of a counterparty where the risk of loss to the reporting institution depends on the likelihood of a future event which may be independent of the credit worthiness of the counterparty. A transaction should be included in this subparagraph if it has the character of a guarantees which supports particular obligations, rather than supporting customers’ general financial obligations, such as: performance, bid or tender bonds; warranties and indemnities; VAT, customs bond and excise bonds; note issuance facilities (NIFs) and revolving underwriting facilities (RUFs). (ii) The unused/undrawn portion of commitments with an original maturity over one year, including rolling or undated commitments. In cases where the terms of a commitment have been renegotiated and/or the maturity of a commitment extended, the original maturity should be measured from the start of the initial commitment until the expiry date of the renegotiated/extended facility. For purposes of transactions in this subparagraph, the “original maturity” of a commitment should be measured from the date at which the facility becomes available to be drawn down, until its expiry date, after which the facility is no longer available. “Commitments” are defined as any arrangement that obligates a bank to extend credit in the form of loans, or financing of receivables; to purchase loans, securities, or other assets without certain drawdown; or to participate in loans and

LAW OF VIRGIN ISLANDS Regulatory Code 367 Revision Date: 1 Jan 2020 [Statutory Instrument] leases. Commitments also include overdraft facilities, revolving credit, mortgage lines of credit, and other similar transactions. (c) Twenty per cent (20%) credit conversion factor— (i) Short-term self-liquidating trade-related contingencies which arise from the trade of goods. This category includes commercial and other documentary letters of credit issued by the bank which are, or are to be collateralised by the underlying shipment. Letters of credit within this subparagraph should be weighted according to the counterparty on whose behalf the credit is issued. (ii) Letters of credit issued without provision for the bank to retain title to the underlying shipment, or where title has passed from the bank, should be considered as direct credit substitutes which are subject to paragraph (a) of this Part. (d) Zero per cent (0%) credit conversion factor— (i) The undrawn portions of credit commitments and contingencies with an original maturity of one year or less, or which are unconditionally cancellable at any time. Rolling or undated/open- ended commitments, including overdrafts, are included in this paragraph providing that they are unconditionally cancellable at any time without notice. Paragraph (b) applies to other rolling or undated commitments. (ii) Unused credit card lines, if the bank has the unconditional option to cancel the credit line at any time.

---

368 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS SCHEDULE 5 (Section 128) ALLOWABLE ASSETS

1. For the purposes of this Schedule— “high grade rating” has the meaning specified in paragraph 2 of this Schedule; “medium grade rating” has the meaning specified in paragraph 2 of this Schedule; “recognised country” means— (a) the United Kingdom; (b) a country that is a member of the OECD; or (c) a dependent or overseas territory of a country specified in paragraph (a) or (b); “recognised financial institution” means a financial institution that is— (a) regulated and supervised in a recognised country; or (b) approved by the Commission.
2. The ratings set out in the following table are recognised by the Commission as high grade and medium grade ratings, as the case may be: GRADE RATING BY CREDIT RATING AGENCY Moody’s Standard & Poors’s Fitch Ratings High grade Aaa – Aa AAA – AA AAA – AA Medium grade A – Baa A – BBB A – BBB
3. Subject to paragraph 4 of this Schedule, the following are allowable assets for the purpose of determining the solvency margin of an insurer— (a) cash in hand or cash on deposit with a recognised financial institution; (b) an irrevocable letter of credit— (i) not exceeding $1,000,000 issued by a recognised financial institution; or (ii) exceeding $1,000,000 approved by the Commission; (c) a debt security issued or guaranteed by the government of a recognised country or of a country approved by the Commission; (d) debt securities traded on a recognised exchange and issued or guaranteed by— (i) a government other than a recognised government;

LAW OF VIRGIN ISLANDS Regulatory Code 369 Revision Date: 1 Jan 2020 [Statutory Instrument] (ii) a municipal corporation under the authority of a recognised government; or (iii) a corporation other than one specified in subparagraph (ii), that, in each case, is rated by a recognised credit rating agency as having— (A) a current high grade rating, subject to the value of such debt securities and all other assets and securities issued by the counterparty not exceeding 20% of the summation of the insurer’s total liabilities and the minimum margin of solvency for the corporation or government; or (B) a current medium grade rating, subject to the value of such debt securities and all other assets and securities issued by the counterparty not exceeding 15% of the summation of the insurer’s total liabilities and the minimum margin of solvency for the corporation or government; (e) investments in an index that is traded on a recognised exchange, subject to the value of an investment in any single index not exceeding 30% of the summation of the insurer’s total liabilities and minimum margin of solvency; (f) mutual funds traded on a recognised exchange, subject to the value of an investment in any single mutual fund not exceeding 30% of the summation of the insurer’s total liabilities and minimum margin of solvency, provided that the value of the assets contained in the mutual fund shall be based on the assets considered allowable in this Schedule; (g) equity securities quoted on a recognised exchange, subject to the value of such securities and all other assets and securities issued by the counterparty not exceeding 15% of the summation of the insurer’s total liabilities and minimum margin of solvency; (h) premiums receivable not more than 6 months overdue; (i) net reinsurance balances receivable not more than 6 months overdue; (j) accounts receivable net of provision for bad and doubtful debts and not more than 6 months overdue; (k) 75% of the value of secured factored loans with any of the insurer’s affiliates, subject to such allowable value not exceeding 75% of the summation of the insurer’s total liabilities and minimum margin of solvency; (l) 20% of the value of secured advances to and investments in the insurer’s affiliates (other than secured factored loans), subject to such allowable value of the advance or investment and all secured factored loans not exceeding 75% of the summation of the insurer’s total liabilities and minimum margin of solvency; and (m) where the Commission, in the case of a particular BVI insurer, approves, and to the extent of the approval— (i) an investment in, or an advance to, an affiliate of the insurer, that does not fall within paragraph (k) or (l) of this Schedule; (ii) an investment in a non-traded mutual fund.

370 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS 4. Notwithstanding paragraph 3 of this Schedule, a charge or mortgage over immovable property is not an allowable asset.

---

EXPLANATORY NOTES (i) The allowable assets specified in Schedule 5 are, in substance, the same as those that were formerly specified in the Insurance Regulation, 1995, as amended in 2005. The 1995 Regulations have been repealed by the Insurance Regulations 2008. (ii) It should be noted that the terms “recognised credit rating agency” and “recognised exchange” are defined generally for the purposes of the Code in section 2 of the Code. Non-allowable Assets (iii) Paragraph 3 of the Schedule sets out an exhaustive list of allowable assets. If an asset is not included in the list, or capable of inclusion by reason of the Commission’s approval, it is not an allowable asset. Regulation 3 of the Insurance Regulations specified a list of assets that were not allowable assets. This remains the case and, for ease of reference, those that are not referred to directly in the Schedule are set out below— (a) real property; (b) a security which is not quoted on a recognized stock exchange; (c) a financial asset or liability the value of which depends on, or is derived from other assets, liabilities or indices; and (d) a factored loan with an unconnected party.

---

LAW OF VIRGIN ISLANDS Regulatory Code 371 Revision Date: 1 Jan 2020 [Statutory Instrument] SCHEDULE 6 (Section 1(2)) TRANSITIONAL PROVISIONS

1. For the purposes of this Schedule— “column” means a column in the table set out after paragraph 2 of this Schedule; (Amended by S.I. 69/2019) “existing licensee” means a person who, immediately prior to the commencement date, holds a licence, but excludes a person who, immediately prior to the commencement date, holds a banking licence; and (Amended by S.I. 69/2019) “transitioning licensee” means a person who, immediately prior to the coming into force of this Code (“the Regulatory (Amendment) Code, 2019”), was holding a licence. (Inserted by S.I. 69/2019)
2. The provisions of this Code set out in the first column and described in the second column, take effect against an existing licensee (to whom they would otherwise apply on the commencement date) on the date specified in the third column.
3. The provisions of the Regulatory (Amendment) Code, 2019 shall take effect in relation to a transitioning licensee on 1st July 2020. (Inserted by S.I. 69/2019) Provision Description Date that Provision Takes Effect Section 19(3) Majority of non-executive directors required where BVI licensee required to have audit committee 30 June, 2010 Section 19(4) Requirement to have at least one non￾executive director 31 March, 2010 Sections 25 – 28 Strategies, policies, systems and controls 31 March, 2010 Sections 29 – 33 Internal controls 31 March, 2010 Sections 34 – 35 Internal audit 31 March, 2010 Section 36(a) Submission to Commission of list of internal audit reports 30 June, 2010 Section 36(b) Submission of internal audit reports at request of Commission 30 June, 2010 Section 37 Audit committee 30 June, 2010 Section 39(1) Retention of records policy 31 March, 2010 Part II, Division 5 Outsourcing The date specified by the Commission by notice (Substituted by S.I. 91/2010) Section 57 Auditor to be independent On first appointment, or re-appointment, of auditor after commencement date Section 61 Professional indemnity insurance, auditors 31 March, 2010 Section 69 Policies, systems and controls, abuse of financial services 31 March, 2010 Sections 134 – 137 Investment (licensed insurers) 31 March, 2010

372 Regulatory Code [Statutory Instrument] Revision Date: 1 Jan 2020 LAW OF VIRGIN ISLANDS Part IV, Division 2 Corporate Governance and Policies, Systems and Controls (licensed insurers) 31 March, 2010 Part V, Division 2 Managed Trust Companies 31 March, 2010 Part VI Money Services Business 31 March, 2010

---