Gibraltar Crypto Assets & DLT Law and Regulation

Gibraltar is a world-leading hub for crypto asset and distributed ledger innovation and entrepreneurs.
 
It was one of the first countries in the world to regulate DLT custodians and remitters and it has an efficient VASP registration regime to enable crypto asset operators to meet their AML obligations. 
 
Gibraltar is the second largest jurisdiction in the world for crypto-funds and has been a pioneer in the space for a wide range of crypto custodians, exchanges and digital payment services business.

Why Gibraltar is a leader in DLT and crypto-assets

"By pursuing a proactive policy agenda, a robust regulatory environment, and promoting a competitive landscape, Gibraltar has carved itself out as a global hub for distributed ledger technology (DLT) and cryptocurrency innovation. In doing so, Gibraltar is one of the first jurisdictions to recognise the potential of blockchain-based solutions in enhancing the international financial system."
Albert Isola (CBE)
Former Minister for Financial Services

Introduction

Gibraltar has been one of the most notable early adopters and supporters of virtual currencies, ensuring that appropriate, proportionate and practical regulatory regimes arein place to manage the risks involved in such activities.

The sector has a wide range of operators, including:

  • exchanges and custodians;
  • over-the-counter providers;
  • token sale issuers; and
  • crypto funds.

Gibraltar is one the most popular crypto fund jurisdictions in the world: ‘The most common jurisdictions cited by digital asset hedge funds for domiciling their funds were the Cayman Islands (63%), Gibraltar (19%), and the US (16%)”

In addition to a funds regime that makes establishing and operating a crypto fund relatively easy to do, Gibraltar has two primary legislative frameworks that specifically apply to crypto-assets.

DLT Provider Regime 

One is the Distributed Ledger Technology (DLT) Provider regime (see below) that requires full authorisation for certain custodians and remitters of crypto-assets.

VASP Registration Regime

The other is a requirement for all ‘virtual asset service providers’ to register and comply with the Proceeds of Crime Act 2015 and various anti-money laundering (AML) and counter-terrorist financing (CTF) obligations (this, inter alia, implements Financial Action Task Force (FATF) guidance in respect of Virtual Asset Service Provider (VASPs)).

Gibraltar Law & Regulation

Gibraltar Regulatory Frameworks for crypto-assets

DLT Provider

The DLT Provider regime is the primary regulatory framework for crypto-asset service providers contained within the Financial Services Act 2019 (FSA).

Section 139 provides that certain DLT provider activities are regulated activities requiring authorisation by the Gibraltar Financial Services Commission (GFSC). Regulated activity is considered as any firm using DLT for storing or transmitting value belonging to others, in or from Gibraltar.

Under Section 138, DLT and value are respectively defined as:

A database system in which information is recorded and consensually shared and synchronised across a network of multiple nodes; and all copies of the database are regarded as equally authentic;

value includes assets, holdings and other forms of ownership, rights or interests, with or without related information, such as agreements or transactions for the transfer of value or its payment, clearing or settlement.

The DLT regime is intended to capture persons who are not otherwise authorised to conduct a regulated DLT provider activity.

Persons who are authorised to conduct a range of financial services activities and who use DLT to perform that regulated activity do so within the scope of their primary authorisation (e.g., banking, insurance) and not as a separately authorised DLT provider (see Section 141 of the FSA) unless the DLT activities that they undertake are not directly related to their regulated supplies of the separately authorised financial services.

It requires persons who engage in business activities involving storage (custody) and remittance (transfer) of cryptoassets on behalf of clients with authority to do so. In some cases, commercial operators will be involved in dealing with DLT assets but not as custodian or remitter on behalf of others (in those cases the wider AML regime –specified below – will, however, often be applicable).

The general expectation in respect of custodians and remitters of a requirement for authorisation is understandable, given that such activities could give rise to significant loss of value to clients if there are any issues with the provider of those services.

The GFSC also takes the view that most crypto-asset exchange service providers will inevitably be storing crypto-assets on behalf of others (even if for only a limited time) and so are likely to also be within scope of the DLT Provider regime.

Applications for authorisation are expected to take between nine and 18 months.

The initial pre-application fee is £2,100 and the full application fee is between £8,400 and £29,400 (depending on the expected complexity of regulating the DLT provider).

Annual authorisation fees vary and are constituted as follows:

Fee = base fee + trade activity fee + additional fee

  1. Base fee = £11,897
  2. Trade activity fee = a fee equal to 0.1 per cent of the value of the DLT provider’s reported volume of trade, up to a maximum fee of £75,000.
  3. Additional fee = not greater than £23,793 (amount depends upon the complexity of regulating the DLT provider).

DLT providers are required to undertake the new multi-staged authorisation process and demonstrate how they will comply with the 10 regulatory principles.

Pre-application engagement

The process starts with an initial introductory meeting, followed by the submission of an abridged business plan and then concludes with a second meeting where the GFSC provide feedback and answer any subsequent questions or concerns.

Stage 1 – business model, capital and key individuals

The following are submitted for Stage 1:

  1. Application fee (in full);
  2. Application form;
  3. Stage 1 of the General Comprehensive Business Plan (not including Stages 2 and 3); and
  4. Controller form (for each controller i.e. UBO and directors).

On receipt of the application fee and Stage 1 documents, the GFSC will confirm the supervisor who has been assigned to assess the application for authorisation. Any missing or additional sector-specific documents or information required by the GFSC to complete Stage 1 will be communicated to the applicant during Stage 1.

Stage 1 is expected to last the following maximum periods for each sector, subject to the quality of Stage 1 information submitted and timely responses from the applicant:

  • banking, insurance, e-money, investments class 2 and DLT sectors – five months; and
  • all other sectors – three months.

Stage 2 – business model, capital and key individuals

Stage 2 of the authorisation process involves consideration of the business model, suitability of capital and the key individuals.

This stage covers all sectors (including banking, insurance, e-money, investments class 2 and DLT) and is expected to last a maximum of two months, subject to the quality of the Stage 2 information or documentation submitted and the timeliness of responses from the applicant.

At this point, the GFSC will then be willing to consider issuing a minded to authorise letter to the applicant, where required. This is designed to aid applicants with the raising of capital and recruitment discussions with individual candidates and outsourcing providers.

Stage 3 – conduct of business, non-financial resources, policies and procedures

Stage 3 of the authorisation process is expected to last the following maximum periods for each sector, subject to the quality of the Stage 3 information and documentation submitted and timeliness of responses from the applicant:

  • banking, insurance, e-money, investments class 2 and DLT sectors – two months;
  • all other sectors – one month.

When the GFSC is satisfied with the Stage 3 responses and information, the application will move to a GFSC decision for authorisation.

For those sectors where a mobilisation stage is required, authorisation will be subject to the requirement to complete the mobilisation stage to the satisfaction of the GFSC.

Prior to entering the mobilisation stage below, an applicant would submit (during Stage 3) a Mobilisation Plan setting out the actions and time frames the applicant is working towards to become fully operational.

Stage 4 – mobilisation (systems testing)

Mobilisation is a stage entered into by applicants in e-money, banking, investments class 2 and DLT sectors for the purpose of enabling the GFSC to test the firm’s systems and controls. This route allows an applicant to obtain a permission and operate within a controlled environment, allowing it time to develop its operational capability.

The time frame for the mobilisation stage will vary on a case-by-case basis; however, it is expected that this will normally range from three to six months.

The following are examples of areas that firms will usually be focused on actioning during mobilisation:

  1. building and testing products, services and IT systems;
  2. building out their infrastructure – building-out, testing and implementing systems and IT infrastructure; and finalising material outsourcing arrangements (as indicated during the application process);
  3. recruitment – finalising senior management appointments and other staff recruitment and training;
  4. risk and controls – completing the build-out of control functions such as risk, internal audit and compliance;
  5. operationalising policies and procedures – finalising  customer journey, including details of products, pricing and on-boarding arrangements; and completing policies and procedures;
  6. business continuity – finalising the recovery plan, continuity plan and solvent wind-down plan; and
  7. funding – fully capitalising the firm for post-mobilisation.

Gibraltar Financial Services Commission (GFSC) Guidance Note: Scope of the DLT Framework

This newly published GFSC Guidance Note clarifies the scope of Gibraltar’s Distributed Ledger Technology (DLT) Framework, which consists of the Financial Services Act 2019 and the Financial Services (Distributed Ledger Technology Providers) Regulations 2020 which provides a regulatory framework for businesses using DLT for storing or transmitting value belonging to others, known as DLT Providers.

Summary

The Guidance Note seeks to provide further clarity on activities that are likely to be in-scope or out of scope of the DLT Provider Regime and notes that many activities that may be out of scope will still fall within the POCA AML/CTF regime requiring registration with the GFSC. The key issue is whether a firm takes control of crypto-assets belonging to others at any point in the service provision. Where they do not an assessment should still be made as to whether the service falls within the AML/CTF regime (e.g. for arranging/intermediating deals in crypto-assets).

Overview to the Gibraltar Regime

  1. Outcomes-focused, principles-based: Gibraltar’s regulatory approach is flexible and adaptive to the rapidly evolving DLT landscape. It focuses on achieving regulatory outcomes through core principles rather than a rules based system.
  2. Regulatory Objectives: The GFSC’s objectives include promoting market confidence, reducing systemic risk, protecting consumers and Gibraltar’s reputation, and combating financial crime.
  3. International Developments: The GFSC monitors international regulatory developments, particularly those from the Financial Action Task Force (FATF), to ensure its framework aligns with global standards.
  4. Gibraltar’s Legislation: In Gibraltar, providing DLT services is a regulated activity. Firms conducting such activities must be authorised by the GFSC as DLT Providers.
  5. Carrying on Activities: To be authorised, firms must be registered and have an office in Gibraltar, with the business’s mind and management conducted from there.
  6. Definition of DLT: DLT is defined as a database system where information is recorded, shared, and synchronized across a network of nodes, with all database copies considered equally authentic.
  7. Definition of Value: Value includes assets, holdings, rights, and interests, aligning with the FATF’s definition of virtual assets but is even broader in scope.
  8. Storage and Transmission: DLT Providers may engage in storing (holding private keys) or transmitting (transferring) value on behalf of clients.
  9. Control: The GFSC assesses the level of control or influence exerted by the firm to determine if their activities fall within the scope of the DLT Framework.

In-Scope Activities

Examples include:

  • custodial virtual asset wallet providers
  • virtual asset exchanges
  • virtual asset derivatives exchanges
  • OTC/brokerage desks
  • escrow service providers
  • virtual asset lending platforms
  • virtual asset managed investment services, and
  • operators of smart contracts
  • DApps, DEXs, and stablecoins that are not sufficiently decentralised

On the issue of decentralisation the GFSC note:

“DApps may not be fully decentralised, and may retain elements of centralisation by virtue of which they fall in scope of the DLT Framework, so it remains for the GFSC to determine whether any identifiable owners/ operators/ administrators exert control or sufficient influence to bring them within scope of the DLT Framework. “

 

Out-of-Scope Activities

Activities that are likely to fall outside of the scope include:

  • proprietary trading
  • non-custodial wallet services
  • peer-to-peer platforms
  • investment advice
  • non-custodial arrangers or brokers
  • research and development
  • validating transactions
  • virtual asset account signatories (under specific circumstances where they do not have sufficient control)

 

The primary areas of financial services laws (other than in respect of crypto-assets) are similar to those within the United Kingdom and the European Union (notwithstanding that the United Kingdom and Gibraltar exited the European Union in 2020).

Over time we may see more regulatory divergence between, on the one hand, the European Union and, on the other hand, the United Kingdom and Gibraltar. Gibraltar is also able to diverge from the United Kingdom to some extent; however, the ability to continue to passport financial services from Gibraltar to the United Kingdom makes significant divergences unlikely in key areas of regulation and supervision.

Similarly to the United Kingdom, the Gibraltar financial services regime operates with a general prohibition against undertaking specified regulated financial service activities unless authorised or exempt (Section 4 of the FSA). The list of specified activities is contained in Schedule 2 of the FSA and includes various activities such as banking, e-money and payment services, as well as insurance. The more specific securities-related laws are as follows.

MiFID II

The EU Markets in Financial Instruments Directive (MiFID) covers much of the regulated investment activities related to ‘financial instruments’ and is still largely applicable in Gibraltar pursuant to the FSA and associated legislation.

This area of law is the closest equivalent to the US concept of a ‘security’ and includes transferable securities (tradable on capital markets), money market instruments, units in collective investment undertakings and other specified regulated instruments (including a range of derivatives products). Activities related to such financial instruments include:

  • brokerage;
  • investment advice; dealing for others; and
  • provision of derivatives and operating organised trading facility or multilateral trading facility platforms.

Most funds (including crypto-related funds) are primarily covered by the local implementing regulations of the Alternative Investment Fund Manager Directive (AIFMD), which applies to fund managers (other than in respect of Undertakings for Collective Investment in Transferable Securities (UCITS) or publicly tradable closed-ended collective investment schemes; these are also within the prospectus regime for public or listed offerings of transferable securities).

Gibraltar recently implemented a dual funds regime that enables fund managers to opt out of some of the requirements of AIFMD if they are not soliciting an EU investor base rather than an EU one. This is particularly helpful for crypto fund managers where many of the requirements of AIFMD are not fit for purpose in the crypto-asset space (such as the depositary obligations).

Prospectus Regime

A prospectus regime (as implemented by local regulation) covers listed or publicly offered transferable securities.

Currently in Gibraltar, in most cases, the provision of virtual currency services is being carried out by businesses that are not already regulated for financial services and securities-related activities. In addition, the current e-money and payment regulations could conceivably be applicable for very specific virtual currency offerings (such as, for example, a GBP stablecoin offering backed by funds) but, as yet, this has not been taken up by local e-money issuers.

To the extent that a token represents a financial instrument, including a transferable security (such as shares or debt instruments negotiable on capital markets), a unit in a UCITS or a collective investment scheme, a deposit, an insurance contract or electronic money, then the same laws that apply to activities by any commercial operators in those fields apply to that activity mediated with a token. Notably, in some cases, the laws applicable to such activities (including wider laws such as companies’ laws) are drafted in a manner that does not envisage a cryptographic token as the medium of contract, exchange, value or ownership and this can give rise to issues requiring workarounds in meeting the applicable obligations for these activities.

Given the close legal and regulatory relationship between the United Kingdom and Gibraltar, guidance from UK regulators and decisions of UK courts are very influential when considering whether a crypto-asset falls within the definition of e-money or of a financial instrument.

The most significant and difficult question to answer about the application of financial services laws to crypto-asset products often arises with respect to the regulation of derivatives. The definition of derivatives within the EU MiFID regime (which is still largely implemented in the United Kingdom and Gibraltar) is conceivably wide enough to definitely cover some cash-settled crypto-asset derivative products; however, in practice, most crypto-asset derivative products are not cash-settled (being settled in crypto-assets).

The MiFID II regime wording taken from the EU directive is now hopelessly out of date as well as being notoriously difficult to interpret and apply to crypto-asset products. If the Gibraltar regulator considers a crypto derivative product to be structured in a way that is within its scope, then the issuer and various other intermediaries could be subject to authorisation and compliance requirements.

Proceeds of Crime (Relevant Financial Business) (Registration) Regulations 2021 (AML Business Registration)

The AML Business Registration regulations requires the registration of all businesses (that are not subject to supervision by a relevant supervisory authority) for the following:

4.(1) (c) undertakings that receive, whether on their own account or on behalf of another person, proceeds in any form from the sale of tokenised digital assets involving the use of DLT or a similar means of recording a digital representation of an asset; or

(d) persons that, by way of business, exchange, or arrange to make arrangements with a view to the exchange of

(i) virtual assets for money;

(ii) money for virtual assets; or

(iii) one virtual asset for another.

Registrants must ensure that they can meet the legal obligations in Proceeds of Crime Act 2015 (POCA) and any other applicable legislation and that they can provide confidence to the GFSC that they have adequate policies and procedures to fulfil local anti-money laundering and counter terrorist financing obligations, including, inter alia, appointing a locally resident Money Laundering Reporting Officer (MLRO), meeting the local requirements including know your customer/know your business, source of wealth, sanctions checks, adverse publicity monitoring of clients and suspicious activity monitoring and reporting.

Controllers of applicants and the MLRO must be approved by the GFSC as being fit and proper persons to carry out their functions and obligations.

This regime applies to token issuers, other VASPs and any other person who is undertaking crypto-asset sale or exchange activities that are not authorised under Gibraltar financial services laws (including the DLT provider regime) pursuant to the FSA and associated legislation or otherwise regulated by a specified regulator.

The Gibraltar AML regime represents a high standard of compliance while reflecting the jurisdiction’s significant experience in the practical application of AML and CTF principles and obligations to the crypto-asset sector. The use of automated electronic onboarding, monitoring and reporting tools are a recognised and accepted part of the various procedures that are needed to protect operators and the jurisdiction from financial crime, terrorist financing and money laundering.

In October 2022, the GFSC issued a Scope Guidance Note on the VASP Registration Framework. The VASP Guidance Note confirmed that in order for a firm to be registered, it must:

  1. Carry on the activity by way of business (i.e. providing products and/or services to clients in return for remuneration);
  2. Have a registered office in Gibraltar; and
  3. Appoint a locally based MLRO.

As with all other regulated sectors in Gibraltar, the MLRO must be a permanent, full-time employee of the firm seeking registration. The exception to this is in the case of firms that are solely carrying on activities under Regulation 4(c) (token sales, discussed below), where some flexibility can be afforded in respect of individuals who are in other full-time employment.

In respect of OTC operators, the Guidance Note confirms that they do not need to be authorised as a DLT provider as they do not act as custodians:

The primary business model that falls within scope of Regulation 4(d) is an over-the-counter (OTC) exchange or brokerage desk. Firms carrying out this activity will typically arrange for the buying and selling of virtual assets for other virtual assets or fiat, between clients or between clients and the firm itself or third party liquidity providers. It is important to note that in order for a firm undertaking this activity to fall within the definition of a VASP, rather than that of a DLT Provider, and therefore be subject to the VASP Registration Framework, rather than the DLT Framework, it must not at any point take custody of, or otherwise store or transmit virtual assets belonging to other transacting parties.

The Guidance Note also makes clear that the GFSC will refuse to register the following businesses on the basis of the higher AML and CTF risk involved with them:

  • Privacy-enhancing assets or protocols – These assets or protocols allow for the concealment of information typically present in a transaction which facilitates the non-disclosure of user identity. This allows for the obfuscation of the identity of the sender, recipient, holder and/or beneficial owner of the virtual assets in question.
  • Mixing/tumbling services – These services are used to pool together various transactions in order to obfuscate the origin of particular virtual assets, allowing for increased anonymity. These techniques are typically associated with obscuring the identification of “tainted” assets associated with illicit flows or services.

Gibraltar has also implemented the ‘travel rules’ in the Proceeds of Crime Act 2015 (Transfer of Virtual Assets) Regulations 2021 that require VASPs to obtain additional specific information on their customers transactions when there is a transaction value equal or in excess of €1,000. 

Notably, the generally applicable AML and CTF obligations in Gibraltar are substantially the same as in the United Kingdom and the European Union. Note: Presently the laws in the United Kingdom and the European Union still derive from the various EU AML Directives notwithstanding that both jurisdictions (and other EU jurisdictions) do not always transpose directives in an identical manner.

It is also however notable that Gibraltar decided to implement the travel rules for VASPs and, in some respects, for all  ‘relevant financial business[es]” which goes much further than other regimes (including the UK).

Sending VASP/Obliged Entity

Under s.4 of POCA Regs where an obliged entity sends a virtual asset transfer to another VASP/obliged entity, the sending obliged entity must obtain the following information and submit it immediately and by secure means :

  • The payee’s name and account number 
  • The payer’s name and account number 
    • Where the payee or the payer does not have a virtual asset account number, a unique transaction identifier (e.g tx hash); and
  • One of the following-
    • payer’s address (for a company this would be its registered address);
    • payer’s national identity number (for a company this would usually be its company registration number or tax identification number);
    • payer’s customer identification number; or
    • payer’s date and place of birth (for a company this would be its country and date of registration)

Receiving (Payee) Obligations

Under s.5 of POCA Regs, where an obliged entity receives a virtual asset transfer, the obliged entity must ensure that it has received the same information as is required under s.4 above and it also must ensure that the information is consistent with its own records in respect of the payee’s name, and where applicable, the payee’s account number.

Self-hosted Wallets 

Under section 5 of the POCA Regs where an obliged person receives a virtual asset transfer from a person that is not a VASP it must ensure that it obtains from the payee:

  • The payer’s name; and
  • One of the following-
    • payer’s address (for a company this would be its registered address);
    • payer’s national identity number (for a company this would usually be its company registration number or tax identification number);
    • payer’s customer identification number; or
    • payer’s date and place of birth (for a company this would be its country and date of registration)

Before an obliged person executes a virtual asset transfer received from any person, it must ensure it has effective risk based policies and procedures in place to determine whether any info is missing or incomplete or inconsistent with its own records and where default is identified determine whether to execute, reject or suspend the virtual asset transfer and determine the follow up actions.

Sources

 

The VASP AML Registration requirememnts make reference to non-fungible tokens (NFTs) and whether they are in scope as ‘virtual assets’, where a case-by-case approach will be taken by the GFSC and legal advice should be sought:

“Virtual assets may have a variety of utilities and functionalities, but as long as they are captured by the above definition, they will fall within scope of the Regulations. It should also be noted that, in line with the FATF Guidance, non-fungible tokens (NFTs) are likely to be considered virtual assets for the purposes of the Regulations if they are used for payment or investment purposes. This extends to any form of NFT which may be used for these purposes, including those tokens which represent digital art or collectibles. The GFSC will consider sales of NFTs on a case-by-case basis.”

In the event of a breach of regulatory principles, the GFSC has various information-gathering and investigatory powers (Part 10, FSA) as well as sanctioning powers (Part 11, FSA), including administrative penalties.

Under Part 10, the GFSC can, in respect of persons carrying out authorised activities:

  1. require them to provide the GFSC with certain information, produce particular documents and answer questions before the GFSC. The GFSC also has the power to carry out onsite inspections, where they can not only inspect any part of the premises but also question any person and request any document therein;
  2. seek a warrant from the magistrate to enter premises. A magistrate may only issue such a warrant if satisfied that there are reasonable grounds for believing particular conditions (set out at Section 135 of the FSA) are satisfied. If a warrant is issued, the Royal Gibraltar Police together with a person acting under the authority of the GFSC may enter and search the premises and take possession of documents or information for which the warrant was issued or take steps to preserve or prevent interference with the same;
  3. appoint a person to prepare a skilled person’s report on any matter about which the GFSC may reasonably require information in connection with the exercise of its functions as a regulator; and
  4. appoint an inspector to investigate the affairs of any person in Gibraltar who carries on (or is suspected of carrying on) a regulated activity in or from Gibraltar. Inspectors have the power to, inter alia, examine on oath the person under investigation, any of its employees, officers, agents, auditors, bankers, barristers or solicitors (subject to the provisions of the FSA).

An offence will also be committed if a person:

  1. without reasonable excuse fails or refuses to comply with a requirement imposed under Part 10;
  2. omits to disclose material that should have been disclosed;
  3. gives information or makes false or misleading statements or recklessly gives information; and
  4. suspects that an investigation is or is likely to be conducted and falsifies, conceals, destroys or disposes of a document that is suspected to be relevant to the investigation or if they cause or permit the same to take place.

FSA Sanctioning Powers

Under Part 11 of the FSA, the GFSC can exercise sanctioning powers against a person if the person contravened a regulatory requirement and, at the relevant time, was an authorised or regulated individual. Sanctioning powers include:

  1. administrative penalties;
  2. public statements;
  3. a cease and desist order;
  4. a temporary suspension of permission order; or
  5. a prohibition order, prohibiting the individual from exercising regulated functions.

Ultimately the GFSC can also vary a firm’s authorised permissions or entirely remove the firm’s authorisation in extreme cases.

Additionally, further to Part 13 of the FSA, the GFSC can apply to the Supreme Court and seek:

  1. an injunction restraining a contravention or the disposal of or the dealing with particular assets; and
  2. an order for restitution.

With respect to collective investment schemes (which may involve crypto-assets), the GFSC has further powers under Part 18 of the FSA if certain grounds apply. These powers include:

  1. the power to revoke or suspend a scheme’s authorisation or recognition;
  2. applying to the Supreme Court for a protection order;
  3. issuing directions to or with respect to a scheme;
  4. appointing an examiner to conduct an investigation into the affairs of a scheme or persons connected with it; and
  5. publishing statements about steps taken in connection with a scheme in exercise of a power listed above or the operation or promotion of a scheme in contravention of the FSA.

Enforcement by Settlement or Decision Notices

In practice, the GFSC tends to reach Regulatory Settlement Agreements with authorised firms that are in breach of the Financial Services Act or the AML/CTF obligations of POCA and issue Decision Notices for firms that are only registered for AML/CTF but that are not conducting authorised activities (pursuant to the powers granted to the GFSC in the Supervisory Bodies (Powers etc.) Regulations 2017).

News & Insights

Flag Map of the EU
November 10, 2025

MiCAR Implementation Update

Latest updates on the latest implementation status of the Markets in Crypto-Assets Regulation (MiCAR).

AI Legal & Compliance Support Assistant
September 15, 2025

Powering the AI Future with Ramparts’ Funds Team

We are seeing an artificial intelligence (AI) revolution, a transformative period marked by unprecedented technological advancement and immense investment opportunities. The strategic decisions made today will define tomorrow’s market leaders. For fund managers looking to capitalise on the AI boom, choosing the right jurisdiction is key. Gibraltar offers not just a stable and predictable legal framework, but a platform of strategic service providers that are crucial for your success.

More >>

Our Crypto Asset & DLT Team

Peter Howitt

Peter Howitt

Managing Director

peterhowitt@ramparts.gi
accounting, fund administration, tax filing and company set up

Heather Adamson

Head of Fiduciary

heatheradamson@ramparts.gi
employment law, payments law, payroll, e-money and crypto assets

David Borge

Practice Director

davidborge@ramparts.gi
Nicholas Borge

Nicholas Borge

Director

nicholasborge@ramparts.gi
company administration, fund administration, outsourced compliance

Tyrene Edwards

Trainee Lawyer

tyreneedwards@ramparts.gi