The BVI Financial Services Commission (FSC) now supervises Virtual Asset Service Providers (VASPs) under the Virtual Assets Service Providers Act, 2022. Due to the unique risks VASPs face, such as money laundering, terrorist and proliferation financing, sanctions evasion, and other financial crimes, these Guidelines aim to raise awareness and support compliance with the Anti-Money Laundering Terrorist Financing Code of Practice (AMLTFCOP), AML Regulations, Regulatory Code, and the FSC Act.
The BVI has also incorporated guidance from the FATF on applying a risk-based approach to virtual assets. VASPs and other relevant entities operating in or from the Virgin Islands must stay informed of FATF updates and maintain robust AML/CFT compliance, which includes reporting and cooperation with the FSC and other competent authorities, including law enforcement agencies.
What is the scope of the Travel Rule in the BVI?
The BVI Travel Rule applies to all individuals and entities operating as VASPs in or from within the Virgin Islands. Any entity offering or intending to offer virtual asset services in or from within the Virgin Islands must be registered with the FSC. VASPs may be registered under the following categories:
Operation of a virtual asset exchange
Provision of virtual asset custody services
Provision of other virtual asset services
According to the BVI, a VASP is defined as “a business, a virtual assets service and is registered under this Act to conduct one or more of the following activities or operations for or on behalf of another person
(a) exchange between virtual assets and fiat currencies;
(b) exchange between one or more forms of virtual assets;
(c) transfer of virtual assets, where the transfer relates to conducting a transaction on behalf of another person that moves a virtual asset from one virtual asset address or account to another;
(d) safekeeping or administration of virtual assets or instruments enabling control over virtual assets;
(e) participation in, and provision of, financial services related to an issuer’s offer or sale of a virtual asset; or
(f) perform such other activity or operation as may be specified in this Act or as may be prescribed by regulations made under section 47.”
With virtual assets services defined as:
The business of engaging, on behalf of another person, in any VASP activity or operation (as outlined in the definition of “VASP”), and includes
(a) hosting wallets or maintaining custody or control over another person’s virtual asset, wallet or private key;
(b) providing financial services relating to the issuance, offer or sale of a virtual asset;
(c) providing kiosks (such as automatic teller machines, bitcoin teller machines or vending machines) for the purpose of facilitating virtual assets activities through electronic terminals to enable the owner or operator of the kiosk to actively facilitate the exchange of virtual assets for fiat currency or other virtual assets; or
(d) engaging in any other activity that, under guidelines issued pursuant to section 41A of the FSCA, constitutes the carrying on of the business of providing virtual asset service or issuing virtual assets or being involved in virtual asset activity.
Source: VASP Travel Rule Guidance
Who is the supervisory body for VASPs in the BVI?
The British Virgin Islands Financial Services Commission (BVI FSC)
British Virgin Islands Financial Investigation Agency (FIA)
What is the Travel Rule threshold in the BVI?
USD 0 - The Travel Rule applies to all transactions.
Both the originator and beneficiary VASPs must
Include complete originator and beneficiary information with each transfer to ensure compliance with the Travel Rule when sending or receiving virtual assets.
Continuously monitor the implementation of the Travel Rule in other jurisdictions as part of the ongoing assessment of counterparty risk associated with VASPs they engage with.
Travel Rule data must be exchanged before a transaction is completed: a transaction is considered complete when the assets have been made available to the beneficiary.
Obligations of originator virtual asset service providers
When sending virtual assets to a region where the Travel Rule is not in effect, originator VASPs must take all reasonable steps to determine whether the recipient VASP can properly receive the required information.
If the recipient VASP cannot receive this information, the originator VASP must collect and retain all relevant transaction details and make them available immediately to the Commission, competent authorities, and law enforcement agencies upon request.
Additionally, VASPs must assess whether a transfer meets or exceeds USD 1000 based on its value at the time of execution by the originator. Transfers below this threshold should still be reviewed using a risk-based approach to identify potential links to money laundering, terrorist financing, or attempts to avoid detection.
Linked transactions, such as multiple transfers from the same or related originators to the same or associated beneficiaries over a short period, must be identified through appropriate policies and controls. A longer window (e.g. 3–6 months) may be acceptable for identifying linked transactions in lower-risk cases.
Finally, originator VASPs must ensure that all transfers are accompanied by sufficient information to identify all relevant parties, including both the originator and the beneficiary.
This includes:
originator’s name*,
originator’s residential address,
originator’s date and place of birth, or customer identification number, or national ID number,
originator’s crypto asset account number where the account is used to process the transaction, or unique transaction reference number,
beneficiary’s crypto asset account number, or unique transaction reference number,
* The originator’s registered or trading name is required if the originator is a legal structure.
Source: VASP Travel Rule Guidance.
Obligations of beneficiary virtual asset service providers
When receiving from a region where the Travel Rule is not in effect, and the transaction is missing Travel Rule data or the information provided is incomplete, beneficiary VASPs should assess the jurisdiction of the originator VASP for relevant risks before releasing the funds to the beneficiary.
Obligations of intermediary virtual asset service providers
An intermediary VASP is responsible for verifying that all required information has been received before completing the transfer. If information is missing or incomplete, the intermediary VASP should assess whether to delay the transfer based on a risk-based approach and document the reasoning clearly for review by Competent Authorities.
If any required information is received after the transfer has been completed, the intermediary VASP is expected to forward it to the receiving VASP as soon as practicable.
Self-hosted wallets are in scope
VASPs in the Virgin Islands should apply a risk-based approach when handling transfers involving self-hosted (unhosted wallets). To assess the risk level of such transfers, VASPs may consider the following factors:
a) The purpose and nature of the business relationship with the owner or beneficial owner of the self-hosted wallet.
b) The jurisdiction associated with the self-hosted wallet.
c) The value and/or frequency of the transfers (including linked transactions) to or from the self-hosted wallet.
d) Blockchain analytics reports indicating any links between the self-hosted wallet and illicit activities.
e) Information gathered during the customer onboarding process and throughout the business relationship.
In higher-risk situations, VASPs should take additional steps to verify ownership and control of the self-hosted wallet. This may include using enhanced verification methods, such as:
The Satoshi Test, or
Via Address Ownership Proof Protocol (AOPP)
Source: VASP Travel Rule Guidance.
If a VASP cannot obtain sufficient assurance regarding the ownership or control of the self-hosted wallet, it must not release the virtual assets to the intended recipient. Furthermore, if the activity appears suspicious or indicates money laundering, terrorist financing, proliferation financing, or other criminal conduct, the VASP must promptly submit a suspicious transaction report to the FIA.
How to comply with the BVI’s Travel Rule and meet AML requirements
VASPs must maintain a compliance framework that supports continuous customer due diligence (CDD), transaction monitoring, and immediate sanctions screening. They should be able to screen their clients within 24 hours, identify designated persons, and take necessary actions such as freezing assets and reporting.
VASPs must stay updated on sanctions by subscribing to the UK OFSI website and monitoring the BVI sanctions regime. They must also act swiftly if a sanctioned individual or their assets are identified, including immediately notifying the relevant BVI authorities.
Additionally, VASPs must implement robust internal controls, policies, and procedures to promptly detect and report suspicious activities. This includes logging and reporting completed and attempted suspicious transactions or relationships to the FIA. A designated and qualified MLRO must be appointed to handle Suspicious Activity Reports (SARs), which must comply with legal requirements under the AMLTFCOP.
Employees must be trained on how and to whom to report suspicions, and VASPs must maintain an internal SAR log. Once a SAR is filed, VASPs should act swiftly to mitigate associated risks, possibly reassessing the business relationship. They must also avoid tipping off suspects, as disclosing or interfering with investigations is a criminal offence.
When do you need to comply with the Travel Rule in the BVI?
Now. The Travel Rule is in effect.
Which regulations are applicable to the Travel Rule in the BVI?
The Virtual Assets Services Providers Act, 2022
The Anti-Money Laundering Code of Practice (AMLTFCOP)
