DLT Provider Guidance Notes

The purpose of this guidance note is to provide a DLT Provider, as defined in the Financial Services (Distributed Ledger Technology Providers) Regulations 2017 (the DLT Regulations), with guidance as to the operational, technical and organisational standards expected and in some circumstances required by the GFSC.

3. Financial and Non-Financial Resources

This guidance note is specifically in respect of the regulatory principle under paragraph 3 of Schedule 2 of the DLT Regulations (the Regulatory Principle).

The Regulatory Principle states that “A DLT provider must maintain adequate financial and non-financial resources”.

This document should be read as interpretative guidance for a DLT Provider and the examples contained in this document should be noted as indicative of good practice by a DLT Provider in connection with the Regulatory Principle.

A DLT Provider should note that the GFSC will take this document into account when reviewing a DLT Provider’s practices. The operational standards expected and required by the GFSC of a DLT Provider will vary depending on the size, particular nature, scale or complexity of the DLT Provider’s business.

Regulatory Capital Requirements Calculation

A DLT Provider will be expected to maintain sufficient financial resources to ensure that the business can be run in a sound and safe manner.

The GFSC does not propose a ‘one-size-fits-all’ regulatory capital requirement calculation, rather the GFSC expects firms to consider the inherent risks associated with their business in order to arrive at an adequate regulatory capital requirement.

As a minimum, a DLT Provider will be expected to hold sufficient regulatory capital to ensure an orderly, solvent wind-down of its business. This should take account of realistic costs of winding down the business such as:

  • redundancy costs;
  • notice periods for staff;
  • lease commitments; and
  • other fixed costs required until the business is wound-down.

Consideration should also be given to the amount of time it would take for the firm to be wound down including the time it would take its customers to find an alternative service provider where relevant.

A DLT Provider should have processes and controls in place which will inform them of the need to trigger the winding down of the business operations.

All material risks should be assessed and taken into consideration when considering the regulatory capital needs. Types of risks to consider include:

  • credit risk;
  • market risk (including fiat-currency and virtual currency risk);
  • operational risk;
  • liquidity risk;
  • insurance risk;
  • concentration risk;
  • securitisation risk;
  • business risk;
  • interest rate risk;
  • IT risk;
  • legal and compliance risk;
  • reputational risk;
  • settlement risk;
  • strategic risk; and
  • any other risks identified.

In calculating its regulatory capital requirements, a DLT Provider will be expected to take account of:

  • the historical context of the business;
  • the firm’s current and future business strategy;
  • stress-testing scenarios and conditions as well as determine triggers to identify such situations; and
  • key risks and where relevant, assign adequate capital to cover potential financial losses.

The regulatory capital requirement calculation should be challenged and approved by the DLT Provider’s board and senior management. Some firms may find it useful to have external parties challenge the calculation prior to finalisation. A copy of any report obtained from an external reviewer or internal auditor should be provided to the GFSC.

A DLT Provider will need to notify the GFSC of the ongoing regulatory capital it proposes to hold, and include any considerations and calculations. The GFSC will consider and ultimately approve a DLT Provider’s regulatory capital requirement. Firms will be required to monitor and reassess regulatory capital levels on an ongoing basis and as a minimum, on an annual basis. Any material changes to a firm’s business model or adverse changes in a firm’s operating environment will also trigger a requirement to reassess its regulatory capital adequacy and notify the GFSC. Any reduction to a DLT Provider’s ongoing regulatory capital requirement will need to be approved by the GFSC in advance.

Using Virtual Currencies as Regulatory Capital

The GFSC will expect DLT Providers to consider their ongoing regulatory capital requirement from both a fiat currency position as well as from a virtual currency position.

Should a DLT Provider wish to hold virtual currencies as part of its regulatory capital, it will need to satisfy the GFSC that there is sufficient liquidity in the virtual currencies held, that the proportion of virtual currencies held relative to the total regulatory capital is reasonable, that there is sufficient margin to allow for historic volatility of the virtual currencies held, and that risks associated with holding virtual currencies are adequately managed. This may include controls such as:

  • real-time monitoring of the value of the virtual currencies and the overall regulatory capital position; and
  • use of triggers and or margin calls at which point the regulatory capital position will be strengthened if necessary.

There will be an expectation that the firm holds sufficient capital to cover future commitments whethe in fiat or virtual currencies.

Amounts Allowed and Disallowed

The GFSC will consider to what extent certain assets are allowable in the calculation of a DLT Provider’s regulatory capital.

Unless approved by the GFSC, the following should be excluded from the calculation:

  • intangible assets (for these purposes, subject to guidance on the use of virtual currencies as regulatory capital, virtual currencies are not considered intangible assets);
  • tangible fixed assets;
  • capitalised costs with respect to software platform development;
  • related party receivables; and
  • unaudited profits.
  • A DLT Provider will need to assess the above items, and any other items they deem to be applicable, and arrive at suitable deductions from regulatory capital that are proportionate, reasonable and relevant to the firm’s business model and inherent risks.

    Ongoing Monitoring

    A DLT Provider should implement adequate processes and controls to ensure that capital exposures and risks are monitored on a real-time basis.

    Should firms hold significant exposures to virtual currencies, this monitoring should be accelerated and monitored on a regular basis to ensure that any adverse fluctuations are identified, managed and acted upon promptly.

    The GFSC will require businesses to report on its regulatory capital position. The frequency of the reporting will be determined based on the nature, size and complexity of the DLT Provider’s operations but at a minimum, on an annual basis. An independent auditor will need to sign off on the regulatory capital position of the DLT Provider at least annually as part of their audit procedures.

    Other Considerations

    A DLT Provider will be expected to maintain adequate non-financial resources to allow them to run the business operations smoothly without undue cause for concern to the business, the directors and the customers. Non-financial resources should be commensurate to the size and nature of the firm and the underlying products and/or services being offered. Staff numbers and composition should be proportionate to the size and activities of the DLT Provider and should take account of any future plansfor growth/expansion of the business.

    Professional Indemnity Insurance

    A DLT Provider will be required to be covered by adequate professional indemnity insurance, insofar as such insurance is reasonably available, or by some other arrangement, agreed in writing by the GFSC, which has a similar effect.

    The level of cover should be determined by the DLT Provider taking into account its business, products and services. This should be communicated to and agreed by the GFSC.

    The policy should cover the following areas:

    • breach of duty in respect of any negligent act, error or omission or dishonest or fraudulent act or omission;
    • libel or slander;
    • loss of customers’ assets arising from fraud or dishonesty by any employee, former employee, director or former director; and
    • legal liability resulting from the loss of data and or information.

    The excess or deductible under such an insurance policy should not be greater than can be reasonably borne by the financial resources of the licensee.

    Audit Requirements

    The GFSC will require a DLT Provider to conduct an external audit at least annually.