Financial Services (Regulatory Sandbox) Regulations, 2020

1 VIRGIN ISLANDS FINANCIAL SERVICES (REGULATORY SANDBOX) REGULATIONS, 2020 ARRANGEMENT OF REGULATIONS Regulation Preliminary 1… Short title and commencement. 2… Definition. 3… Application. Application and Approval 4… Application for approval as a Sandbox participant. 5… Approval by the Commission. 6… Duty to notify refusal of application. 7… Effect of approval by Commission. 8… Duty not to modify business proposal without approval. 9… Duration of participation in Regulatory Sandbox. Ongoing Obligations of a Sandbox Participant 10.. Ongoing obligations. 11.. Duty to identify and manage risks. 12.. Filing reports and maintaining records. 13.. Disclosure obligations. General 14.. Fees. 15.. Register of Sandbox Participants. 16.. Revocation of approval of Sandbox participant. 17.. Guidelines.

2 VIRGIN ISLANDS STATUTORY INSTRUMENT 2020 NO. 67 FINANCIAL SERVICES COMMISSION ACT, 2001 (No. 12 of 2001) Financial Services (Regulatory Sandbox) Regulations, 2020 [Gazetted 10th June, 2020] The Cabinet, acting on the advice of the Financial Services Commission and in exercise of the powers conferred by section 62 of the Financial Services Commission Act, 2001 (No. 12 of 2001), makes these Regulations. Preliminary

1. (1) These Regulations may be cited as the Financial Services (Regulatory Sandbox) Regulations, 2020. (2) These Regulations shall come into force on such date as the Minister may, by an Order published in the Gazette, determine.
2. In these Regulations, unless the context otherwise requires “Act” means the Financial Services Commission Act, 2001; “applicant” means a person applying under regulation 4 to be approved as a Sandbox participant; “approved form” means a form approved by the Commission for the purposes of these Regulations; “BVI business company” means a company within the meaning of section 3 (1) of the BVI Business Companies Act, 2004; “Commission” means the Financial Services Commission established under section 3 (1) of the Act; Short title and commencement. Definition. No. 12 of 2001 No. 16 of 2004

3 “financial services business” means a business or activity for which a licence is required under a regulatory legislation, and such other activity that the Commission determines in the guidelines to constitute financial services business; “FinTech” means technology that is used in providing or supporting financial services business; “foreign company” means a body corporate incorporated, registered or formed outside the Virgin Islands and registered under the BVI Business Companies Act, 2004; “guidelines” means guidelines issued by the Commission in accordance with regulation 17 for the purposes of these Regulations; “innovative FinTech” means the development or implementation of a new system, mechanism, idea, method, or other arrangement through the use of technology to create, enhance or promote a product or service with respect to the conduct or provision of a financial services business; “limited partnership” has the meaning specified in section 2 of the Limited Partnership Act, 2017; “micro business company” has the definition specified in section 2 (1) of the Micro Business Companies Act; “regulatory legislation” means any legislation listed in Part 1 of Schedule 2 of the Act, but excludes the Proceeds of Criminal Conduct Act, 1997; “Regulatory Sandbox” means the mechanism established within the Commission where matters concerning a Sandbox participant are considered and processed, and includes a live and contained environment in which Sandbox participants may test their products or services in relation to the provision of financial services business; and “Sandbox participant” means a person approved by the Commission pursuant to these Regulations to participate in the Regulatory Sandbox. 3. (1) These Regulations apply to (a) a BVI business company, (b) a foreign company, (c) a limited partnership, No. 16 of 2004 No. 24 of 2017 No. 26 of 2017 No. 5 of 1997 Application.

4 (d) a micro business company, (e) a licensee, and (f) any other person that the Commission has otherwise approved to participate in a Regulatory Sandbox, that is proposing to engage or is engaged in innovative FinTech. (2) The provisions of the regulatory legislation shall not apply to a Sandbox participant in so far as the Sandbox participant is using innovative FinTech to test a product or service within the Regulatory Sandbox. Application and Approval 4. (1) A person who wishes to be approved as a Sandbox participant under these Regulations shall submit an application to the Commission in the approved form. (2) An application under sub-regulation (1) shall be accompanied by the following: (a) a written indication that the applicant is utilising or intends to utilise innovative FinTech whereby the product or service is innovative and has the potential to (i) improve accessibility, efficiency, effectiveness, security and quality in the provision of financial services business; (ii) enhance the efficacy, efficiency and effectiveness of the management of risk by persons licensed, authorized or otherwise approved by the Commission to engage in financial services business; or (iii) address shortcomings in, open up new opportunities in, or promote, the conduct or provision of financial services business; (b) a detailed and comprehensive business proposal, which includes the matters specified in the guidelines; (c) a written indication of the test scenarios the applicant has carried out based on the applicant’s business model to Application for approval as a Sandbox participant.

5 demonstrate the usefulness, functionality and potential of the product or service that uses innovative FinTech, including the projected outcomes of the test scenarios and the appropriate indicators to be used in measuring such outcomes; (d) a stipulation regarding the maximum number of clients the applicant wishes to have or engage during the period of the Regulatory Sandbox; (e) a written description of the risks that may be associated with the applicant’s business model and the framework established or to be established to ensure an adequate management of the risks; (f) a written indication of the resources (financial, technological, human and otherwise) at the disposal of the applicant which the applicant intends to use to support participation in and testing within the Regulatory Sandbox, including ensuring the appropriate control and mitigation of potential risks and losses arising from offering the product or service that is the subject of innovative FinTech; (g) written strategies for exiting the Regulatory Sandbox (i) without seeking a licence under a regulatory legislation; and (ii) transitioning into a licensed entity to carry out financial services business under a regulatory legislation, including an indication of the potential to realistically deploy the innovative FinTech with respect to financial services business after the applicant has ceased to participate in the Regulatory Sandbox ; and (h) the fee payable in respect of the application. (3) The Commission may, in addition to the matters outlined in sub￾regulation (2), require an applicant to provide such further information as the Commission considers necessary to facilitate the Commission’s decision with regard to the applicant’s application. (4) Where, after submitting an application for approval as a Sandbox participant, a change occurs in any of the information required under sub-

6 regulation (2) (a) – (h), the applicant shall immediately notify the Commission in writing of that change. 5. (1) The Commission may approve an applicant as a Sandbox participant, with such conditions as it may consider fit if, after receipt and review of the application for approval as a Sandbox participant, the Commission is satisfied that (a) the requirements outlined in regulation 4 (2) have been materially complied with; (b) any additional information the Commission required of the applicant under regulation 4 (3) has been provided and is materially compliant with the Commission’s requirement; (c) the applicant is fit and proper in accordance with Schedule 1A of the Regulatory Code, 2009; and (d) the granting of approval is not against the public interest. (2) Where the Commission approves an applicant as a Sandbox participant under sub-regulation (1), it shall (a) register the applicant in the Register of Sandbox participants established under regulation 15; and (b) communicate to the applicant of his or her approval as a Sandbox participant, in such manner and with such terms and conditions as the Commission considers fit. (3) The reference in sub-regulation (1) (c) to the applicant’s fitness and propriety includes the fitness and propriety of the applicant’s directors and senior officers or partners, as the case may be. 6. (1) The Commission may refuse an application for approval as a Sandbox participant if, after receipt and review of the application, it forms the view that (a) the requirements outlined in regulation 4 (2) have not been materially complied with; (b) any additional information the Commission required of the applicant under regulation 4 (3) has not been provided or is not materially compliant with the Commission’s requirement; Approval by the Commission. S.I. No. 60 of 2009 Duty to notify refusal of application.

7 (c) the applicant is not fit and proper in accordance with Schedule 1A of the Regulatory Code, 2009; or

(d) it will not be in the public interest to approve the application. (2) Where the Commission refuses an application under sub-regulation (1), it shall notify the applicant, in writing, of the refusal, stating the reason for the refusal. 7. (1) Where the Commission approves an applicant as a Sandbox participant under regulation 5 (1), the approval shall entitle the Sandbox participant to (a) test within the Regulatory Sandbox; and (b) the Commission shall, subject to sub-regulation (2) and regulation 9 (1), specify the date when the Sandbox participant’s testing within the Regulatory Sandbox shall commence and end. (2) The specification by the Commission of a date when a Sandbox participant’s testing within the Regulatory Sandbox shall commence and end is without prejudice to the Commission’s exercise of its power to revoke the approval of the Sandbox participant in accordance with regulation 16. 8. (1) A Sandbox participant shall not, during the period of testing within the Regulatory Sandbox, modify his or her business proposal without first applying for and obtaining the approval of the Commission. (2) An application under sub-regulation (1) to modify a business proposal shall identify the matters sought to be modified and the reasons for the proposed modification. (3) Where the Commission, upon reviewing an application received under sub-regulation (1), is satisfied that (a) there is good reason for the modification sought by the Sandbox participant in his or her business proposal, (b) the modification does not substantially alter the original business proposal, and (c) it is not against the public interest to grant the modification, S.I. No. 60 of 2009 Effect of approval by Commission. Duty not to modify business proposal with￾out approval.

8 it may grant approval for the Sandbox participant to modify his or her business proposal in such manner and to such extent as the Commission considers fit. 9. (1) Subject to sub-regulation (2), a Sandbox participant shall participate in and test within the Regulatory Sandbox for a period not exceeding 18 months from the date specified by the Commission pursuant to regulation 7 (1) (b). (2) A Sandbox participant may, at least 30 days before the end of the period specified for testing within the Regulatory Sandbox, submit a written application to the Commission seeking an extension to remain in the Regulatory Sandbox. (3) A Sandbox participant seeking an extension of time under sub￾regulation (2) shall (a) provide the reason or reasons for the application for extension of time; and (b) state the additional time required to remain in the Regulatory Sandbox. (4) Where the Commission, after reviewing an application received under sub-regulation (1), is satisfied that (a) the initial testing by the Sandbox participant has been generally positive, and (b) an extension is necessary to enable the Sandbox participant to respond to specific issues or risks identified during the initial testing in the Regulatory Sandbox, it may grant the Sandbox participant an extension to continue testing within the Regulatory Sandbox for an additional period not exceeding 6 months. (5) A Sandbox participant may at any time cease to participate in and test within the Regulatory Sandbox, but shall at the end of the period specified in accordance with sub-regulation (1) or, in the case of an extension under sub￾regulation (4), at the end of the period of extension, cease to participate in and test within the Regulatory Sandbox. (6) Where a Sandbox participant that is not the holder of a licence under a regulatory legislation wishes to carry out financial services business before or at the end of the period specified in accordance with sub-regulation (1) or sub-regulation (4), as the case may be, he or she may apply to be licensed Duration of participation in Regulatory Sandbox.

9 under any regulatory legislation and the provisions of that regulatory legislation shall apply accordingly. (7) For the purpose of sub-regulation (6), the Sandbox participant shall, at least 60 days before exiting the Regulatory Sandbox, give written notice to the Commission indicating its wish to apply to be licensed under a specific regulatory legislation. Ongoing Obligations of a Sandbox Participant 10. (1) A Sandbox participant shall, at all times (a) in the case of a BVI business company, have at least 2 individual directors; (b) in the case of a limited partnership, have at least 2 individual partners; (c) in any other case, have at least one individual at a senior level who manages the business of the Sandbox participant; (d) have no more than the maximum number of clients approved by the Commission; and (e) notify the Commission immediately of any matter or change in circumstances relating to the Sandbox participant which is unforeseen and not initiated by the Sandbox participant. (2) The reference in sub-regulation (1) (e) to “any matter or change in circumstances” relates to any development or change to the conduct of the business or change in the environment in which the Sandbox participant operates that has or is likely to have a material impact on the Sandbox participant’s risk profile or obligations under these Regulations. 11. (1) A Sandbox participant shall, during his or her testing period within the Regulatory Sandbox, take adequate measures to identify potential risks to financial services business and consumers of financial services business that may arise from the testing of products or services that are the subject of innovative FinTech. (2) In relation to any potential risks identified pursuant to sub￾regulation (1), the Sandbox participant shall adopt appropriate measures to address the potential risks, including the prevention of money laundering, terrorist financing and proliferation financing. Ongoing obligations. Duty to identify and manage risks.

10 12. (1) A Sandbox participant shall, at such intervals as the Commission may determine, file interim reports regarding the tests he or she is carrying out in the Regulatory Sandbox. (2) The interim reports to be filed under sub-regulation (1) shall (a) indicate the level of compliance with the requirements of these Regulations; (b) state the number and classification of the Sandbox participant’s clients; (c) state the aggregate monetary exposure of the Sandbox participant’s clients; (d) provide a summary of the Sandbox participant’s clients by geographical location; (e) outline the financial positon of the Sandbox participant; (f) indicate risks that have been encountered and how they have been resolved or are being resolved, including whether there has been any financial or other loss; (g) outline key performance indicators, achievements and any relevant statistical information; (h) any significant complaints (if any) by clients and how such complaints have been resolved; (i) where a significant complaint by a client has not been resolved, the plan put in place by the Sandbox participant to resolve the client’s complaint; and (j) include such other information as the Commission may require the Sandbox participant to provide. (3) At the end of the period within which the Sandbox participant has been allowed to test within the Regulatory Sandbox, the Sandbox participant shall, within 30 days after the end of that period, prepare and submit to the Commission a final report outlining (a) key outcomes, key performance indicators against the Sandbox participant’s business proposal and the successes Filing reports and maintaining records.

11 and failures relating to the test within the Regulatory Sandbox; (b) any significant complaints (if any) by clients and how such complaints have been resolved; (c) where a significant complaint by a client has not been resolved, the plan put in place by the Sandbox participant to resolve the client’s complaint; (d) where the test in the Sandbox has failed, the lessons learnt by the Sandbox participant; (e) where the test in the Sandbox has been successful, the Sandbox participant’s plan after exiting the Regulatory Sandbox; and (f) such other information as the Commission may require the Sandbox participant to provide. (4) The Sandbox participant shall at all times maintain proper and clear records during the period of testing within the Regulatory Sandbox in order to assist the Commission in reviewing the interim and final reports prepared and submitted in accordance with this regulation. (5) The interim and final reports shall be confirmed by the chief executive officer (however styled) of the Sandbox participant by appending his or her signature on the reports. (6) Where two or more Sandbox participants engage in joint testing within the Regulatory Sandbox, the interim and final reports relating to the testing shall be confirmed by each of the chief executive officers (however styled) of the Sandbox participants concerned. (7) For the purpose of sub-regulation (3) (b) and (c), “significant complaint” has the meaning specified in section 69B of the Regulatory Code, 2009. 13. (1) A Sandbox participant shall, at the time of making offers to or soliciting clients or potential clients, disclose to the clients or potential clients (a) the potential risks to participating in the Regulatory Sandbox; (b) that the Sandbox participant does not hold a licence issued by the Commission, where such is the case, to provide the Disclosure obligations. No. 60 of 2009

12 business activity being tested within the Regulatory Sandbox; (c) that the business activities of the Sandbox participant will be conducted pursuant to and in accordance with the Sandbox participant’s business proposal; (d) that the Sandbox participant’s FinTech or FinTech-related product or service is being tested within the Regulatory Sandbox; (e) the period approved by the Commission within which the Sandbox participant may test within the Regulatory Sandbox; and (f) such other information as the Commission considers appropriate to be disclosed. General 14. The fees outlined in the Financial Services (Fees) Regulations, 2010 in respect of the matters specified in these Regulations are payable. 15. (1) There is established a register to be known as the Register of Sandbox Participants in which the Commission shall record all Sandbox participants that have been approved by the Commission. (2) The Register of Sandbox Participants shall be in such form as the Commission may determine. 16. (1) Where at any time the Commission is satisfied that (a) a Sandbox participant (i) has contravened a provision of these Regulations, (ii) has submitted a false, misleading or inaccurate report or information to the Commission, (iii) has concealed or failed to disclose any material fact in its application for approval or in its report to the Commission, (iv) is undergoing or has undergone liquidation, Fees. S.I. No. 60 of 2010 Register of Sandbox Participants. Revocation of approval of a Sandbox participant.

13 (v) has breached any data security, whether in relation to testing within the Regulatory Sandbox or otherwise, (vi) is carrying on business in a manner that is or may be detrimental to his or her clients or to the public generally, or (vii) is no longer fit and proper, or (b) it is not in the public interest that the Sandbox participant should continue to be approved, the Commission may revoke the approval of the Sandbox participant to participate in and test within the Regulatory Sandbox. (2) Where the approval of a Sandbox participant is revoked under sub￾regulation (1), the Sandbox participant shall (a) immediately cease taking on any new client; (b) invoke his or her exit strategy to cease participation in and testing within the Regulatory Sandbox; and (c) notify his or her clients of the revocation of his or her approval by the Commission. (3) Subject to sub-regulation (4), the period within which the Sandbox participant shall invoke his or her exit strategy under sub-regulation (2) (a) and cease participation and testing within the Regulatory Sandbox shall not exceed 30 days from the date of revocation of his or her approval by the Commission. (4) The Commission may, in any particular case where it considers it appropriate and justified (a) upon receipt of a written application from a Sandbox participant whose approval has been revoked under sub￾regulation (1), and (b) having regard to the nature, size and complexity of the Sandbox participant, grant an extension of 30 days to the Sandbox participant to exit the Regulatory Sandbox and cease testing.

14 17. For the purposes of facilitating compliance with the requirements of these Regulations, an applicant and a Sandbox participant shall, in addition to complying with these Regulations, comply with such guidelines as the Commission may issue in relation to these Regulations. Made by the Cabinet this 10th day of June, 2020. (Sgd.) Sandra Ward, Cabinet Secretary. Guidelines.