8 February 2021
The Bangko Sentral ng Pilipinas (“BSP”), in BSP Circular No. 1108 series of 2021 (“New Guidelines”), promulgated new rules regulating Virtual Asset Services Providers (“VASPs”) that offer their services or engage in VASP activities in the Philippines. The New Guidelines defines VASPs as entities that offer services or engage in activities that provide facility for the transfer or exchange of a virtual asset. A virtual asset (“VA”) refers to any type of digital unit that can be digitally traded, or transferred, and can be used for payment or investment purposes [1].
Patterned after leading standards such as the Financial Action Task Force (“FATF”) Recommendations on anti-money laundering and countering of financing of terrorism (“AML/CFT”), the New Guidelines sets out the regulatory framework for VASPs. The adoption of the New Guidelines is also in line with BSP’s thrust to promote financial innovation and inclusion while safeguarding the integrity and stability of the financial system. The New Guidelines, which amended the regulations on virtual currency exchanges (“VCE”) issued in 2017, broadened the scope of BSP’s licensing and regulatory powers to cover new business models and activities. VCEs as previously defined in BSP Circular No. 944 series of 2017 will now be referred to as VASPs.
Among the notable changes introduced by the New Guidelines are the new minimum capital requirement for VASPs with custodian services, the adoption of the Travel Rule, and the requirement to transact with licensed entities only.
Salient provisions of the Guidelines
-
Expanded scope – Previously, BSP regulates VCEs only with respect to activities that provide facility for the conversion or exchange of fiat currency to virtual currency or vice versa. The New Guidelines, on the other hand, broadly covers the transfer or exchange of VAs. It regulates not only the exchange between VAs and fiat currencies but also the following activities:
-
exchange between one or more forms of VAs;
-
transfer of VAs; and
-
safekeeping and/or administration of VAs or instruments enabling control over VAs.
-
-
Capital requirement – Under the New Guidelines, a VASP may be classified as either a VA custodian (i.e., with safekeeping and/or administration services for VAs) or a non-VA custodian. A VA custodian VASP must have a minimum capital of PHP50 million (approximately USD1 million) [2] while a non-VA custodian VASP requires PHP10 million (approximately USD200,000) capitalisation only. In addition, a VASP that maintains fiat wallets is required to maintain sufficient unencumbered liquid assets for purposes of meeting future VA redemption needs.
-
Travel rule – The New Guidelines requires that for VA transfers amounting to PHP50,000.00 (approximately USD1,000) or more, the originating institution must obtain and hold the required originator information as well as the required beneficiary information, and transmit said information to the beneficiary institution[3]. The information gathered may be examined upon request of competent authorities.
-
Requirement to engage with duly licensed financial institutions and/or remittance companies only – To ensure that VASP activities are executed within an unbroken chain of regulated entities, the New Guidelines requires VASP to engage only with other VASPs, financial institutions, and/or remittance and transfer companies that are duly authorised and licensed by the appropriate regulatory authorities. Accordingly, all clearing and settlement transactions must only be undertaken with regulated VASPs and platforms. Furthermore, all VA transfers shall be considered as cross-border wire transfers and hence must comply with the rules on wire transfers under the AML regulations of BSP’s Manual of Regulations for Non-Bank Financial Institutions.
Implications for businesses
The imposition of the Travel Rule, otherwise known as the funds transfer recordkeeping rule, could pose a serious challenge to most VASPs, whose existing platforms do not permit collection and transmittal of the required information. The Travel Rule would also tear down the wall of anonymity that distinguishes cryptocurrency transactions from the traditional banking system. One of the main characteristics of the latter is the identification of parties to a transaction based on names. In contrast, traditional cryptocurrency transactions are identified based on a wallet account, which in turn is identified through a unique alphanumeric code. In this light, the Travel Rule could be a deterrent to cryptocurrency users.
Implementation of the Travel Rule also poses data security threats especially since the required information includes personal data of both the originator and the recipient. As such, the New Guidelines reiterated the requirement for VASPs to implement sound risk management and internal control systems to safeguard the confidentiality and integrity of all information collected. In addition, it must be ensured that the provisions of the Data Privacy Act (Republic Act No. 10173) are complied with.
Viewed from a different perspective, the Travel Rule could facilitate the public’s acceptance of VA services as it ensures transparency and provides a certain degree of legitimacy to the underlying transaction. Consequently, with the New Guidelines, it may become easier for VASPs and entities associated with VASPs to open bank accounts.
Existing BSP-registered VCEs and VASPs currently operating without a license are mandated to secure a Certificate of Authority from the BSP within three months from the effectivity of the New Guidelines. Meanwhile, all VASPs are given six months to comply with the other requirements of the New Guidelines. Monetary penalties, sanctions and other enforcement action/s may be enforced against a non-compliant VASP and its directors and officers.
For more information, please contact:
Felix T Sy, Partner, Insights Abodago Philippines (a member of ZICO Law)
felix.sy@insights-law.com