Dennis Li 李景顺
Partner | Legal
Hong Kong
Dennis Li 李景顺
Partner
Hong Kong
Ogier recently secured for its clients the fifth successful British Virgin Islands virtual asset service provider registration, further highlighting the BVI's continuing role as a sophisticated and credible jurisdiction for digital asset businesses.
The BVI’s virtual asset service provider (VASP) regime is now well established. A person carrying on virtual asset services in or from within the BVI is required to be registered with the BVI Financial Services Commission (FSC) under the Virtual Assets Service Providers Act, 2022. The FSC's current guidance identifies three broad categories of registrable activity: operating a virtual assets exchange, providing virtual assets custody services and carrying on other virtual assets services.
This briefing looks at some of the key criteria for registering a VASP in the BVI, including updated practical requirements and regulatory expectations.
The FSC's approach remains substance focused. Whether a business is in scope depends on the nature of the virtual asset activity, the services provided, whether the activity is conducted as a business for or on behalf of another person and whether it is analogous to a regulated financial services activity.
In practice, businesses should assess whether they are:
Not every activity involving virtual assets will necessarily amount to registrable VASP activity. For example, pure software development, infrastructure or technology provision, the provision of unhosted wallet technology or the issuance of a person's own token may not constitute a virtual asset service, but the analysis will always depend on the specific facts, functionality and role performed by the BVI entity.
A VASP application must be submitted with a complete application form, supporting documents and the relevant application fee. The FSC guidance states that the initial application fees are US$10,000 for custody services, US$10,000 for operating a virtual assets exchange and US$5,000 for other VASP activities.
The key application materials typically include:
Based on recent approvals and FSC guidance, the following areas are likely to receive particular scrutiny.
The FSC expects the applicant to demonstrate effective corporate governance, with a board comprising individuals with appropriate skills, knowledge and experience. Corporate directors are not permitted for VASPs. Directors and senior officers must satisfy fit and proper requirements, understand the applicant's VASP business and assume ongoing responsibility for compliance with the VASP regime.
The FSC expects applicants to maintain capital and liquidity commensurate with the nature, size, complexity and risk profile of the business. For higher-risk models, including exchanges, custodians or businesses with leverage, lending, margin or significant client asset exposure, the FSC may expect higher capital and liquidity resources. In some recent cases, registration conditions have included specific minimum capital requirements (such as US$1,000,000) and restrictions on the use of customer assets for proprietary purposes.
Applicants must provide a robust technology and cybersecurity framework including details of software, infrastructure, open-source code reliance, bespoke systems and security controls. The FSC may require testing of the cybersecurity framework before or after registration.
Recent approval conditions also indicate that, depending on the nature and scale of the platform, the FSC may require an independent systems audit by a third party acceptable to the FSC, with the report submitted annually. The scope may include system testing methodology, compliance and risk controls, platform capacity, stress testing, continuity planning, customer complaints, transaction integrity and the ability to generate customer-level reporting.
Applicants should ensure that customer-facing disclosures are clear, fair, accurate and not misleading. Recent approval conditions required disclosure of factors that may materially affect system performance, contact methods during outages or slowdowns, as well as all material conflicts of interest, at onboarding.
Where custody or safekeeping is involved, the FSC expects full details of custody arrangements, segregation of client assets, recordkeeping systems, wallet controls and the ability to identify assets attributable to each customer, including where assets are pooled.
The FSC and the Financial Investigation Agency continue to focus heavily on AML / CFT / CPF controls, sanctions monitoring, suspicious activity reporting and Travel Rule implementation. Recent FIA outreach materials continue to emphasise the importance of SAR quality, complete subject and transaction information, clear explanations of suspicion, corporate control information and effective MLRO escalation and reporting chains.
The Travel Rule is an anti-money laundering (AML) requirement that obliges VASPs to collect, verify, retain and transmit certain information about the parties involved in a virtual asset transfer.
It is important to note where a VASP relies on a third-party Travel Rule solution, it should still be able to demonstrate appropriate due diligence, risk assessment, implementation testing and ongoing oversight of that provider.
The FSC guidance states that, upon receipt of a completed application, the FSC will aim to provide initial comments within six weeks, with the service standard requiring the application process to be concluded within six months from initial submission. In practice, timing depends heavily on the completeness and quality of the application and the applicant's ability to respond promptly and substantively to FSC follow-up questions.
The FSC may request clarification or additional information, which must generally be provided within 30 days or any extended period granted. Failure to respond may result in the application being treated as withdrawn.
Registration is not the end of the process. Registered VASPs must maintain the basis on which registration was granted, including adequate human, technology, financial and compliance resources. Prior FSC approval may be required for changes in ownership, control, directors and senior officers, and the FSC must be notified of specific events that may affect the registration.
Ongoing obligations include annual returns, annual financial statements and annual compliance officer reports. Failure to file may result in enforcement action and fines.
Recent approval conditions also show that the FSC may impose bespoke ongoing reporting obligations, including semi-annual reports covering customer numbers by product or service type, customer geography, assets under management by asset class, loan book details, forced liquidations, margin calls, suspicious activity reports, institutional risk assessment, significant business changes, complaints and system failures.
The BVI remains open to high-quality digital asset businesses, but the FSC's expectations are now more developed and evidence-driven. A credible VASP application should not be treated as a form-filling exercise. It requires a complete, coherent and operationally tested package covering governance, technology, AML / CFT / CPF, risk management, customer protection, capital, liquidity, custody, outsourcing and business continuity.
Applicants should be ready to demonstrate not only that policies exist, but that they can be implemented in practice. In particular, the FSC's current supervisory focus suggests that transaction monitoring, sanctions screening, SAR escalation, customer risk assessment, Travel Rule compliance, cybersecurity and board-level oversight will remain key areas of regulatory attention.
Ogier's multi-disciplinary Technology and Web3 team has significant experience advising on VASP applications, digital asset structuring, tokenisation projects, exchange and custody models, and ongoing regulatory compliance. Our recent approval marks our fifth successful BVI VASP registration, reinforcing our market-leading experience in guiding clients through the BVI's digital asset regulatory framework.
Learn more about our Technology and Web3 expertise.
Ogier is a professional services firm with the knowledge and expertise to handle the most demanding and complex transactions and provide expert, efficient and cost-effective services to all our clients. We regularly win awards for the quality of our client service, our work and our people.
This client briefing has been prepared for clients and professional associates of Ogier. The information and expressions of opinion which it contains are not intended to be a comprehensive study or to provide legal advice and should not be treated as a substitute for specific advice concerning individual situations.
Regulatory information can be found under Legal Notice
Sign up to receive updates and newsletters from us.
Sign up