Barbados

**Regulatory Body:** The **Financial Services Commission (FSC) Barbados** is the primary regulator responsible for licensing, supervision, and enforcement under the Digital Assets Act.

Financial Services Commission (FSC) Barbados Official Website

Under Hong Kong’s current AMLO/SFC framework, a “virtual asset” (VA) is defined as a digital representation of value that functions as a medium of exchange, unit of account, or store of value and can be transferred, stored, or traded electronically. The statutory definition expressly excludes (i) digital representations of fiat currencies (e.g., CBDCs), (ii) financial assets already regulated under existing securities/futures laws, (iii) stored value facilities, and (iv) certain closed‑loop, limited‑purpose or non‑transferable items. FATF, by contrast, defines a virtual asset more broadly as any digital representation of value that can be digitally traded, transferred, or used for payment or investment purposes, excluding only digital representations of fiat currencies.

A virtual asset business (or Virtual Asset Service Provider, VASP) is generally understood under FATF‑aligned frameworks as any person or entity that, AS A BUSINESS, conducts one or more covered virtual‑asset activities (such as exchange, transfer, safekeeping, or related financial services); many jurisdictions extend this to persons carrying on such activities in or from their territory, and it does not necessarily hinge on acting only ‘for or on behalf of another person.’

Exchange between virtual assets and fiat currencies.

Exchange between one or more forms of virtual assets.

Brazil (BB) continues to regulate the transfer of virtual assets through licensing/authorization of virtual asset service providers, but such transfers are now subject to stricter conditions and include specific prohibitions, such as the Central Bank’s ban on using virtual assets in eFX cross-border payment settlement.

Safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets (**custody providers**).

Participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.

Virtual asset exchanges that convert virtual assets to fiat or to other virtual assets continue to be regulated as Virtual Asset Service Providers (or equivalent) for AML/CFT purposes under FATF standards, but in major jurisdictions they are now also subject to more differentiated sectoral regimes (e.g., securities, commodities, and payments laws), so a simple binary description as just "exchanges (virtual asset to fiat, or virtual asset to virtual asset)" is no longer sufficient to describe their licensing and regulatory treatment.

**Required License:** A Virtual Asset Business License.

This falls directly under definitions (1) and (2) of "Virtual Asset Business."

**Custody Providers (Safekeeping and/or Administration of Virtual Assets):**

This falls under the expanded definition of 'Virtual Asset Business' under the DARE Act, 2024, in The Bahamas.

U.S. payment processors that deal with virtual assets are generally subject to evolving federal and state regulatory oversight, including AML/BSA obligations and, depending on the activity, additional registration or licensing requirements under FinCEN and other regulators; stablecoin payment activities may also be covered by newer federal rules.

Transfer of virtual assets is a regulated 'value transfer' activity under updated FATF standards and related AML/CTF reforms, and regulatory obligations can apply to a broad range of virtual asset transfers, not only when an intermediary facilitates transfers between distinct parties. However, obligations are generally imposed on obliged entities (e.g., VASPs, financial institutions) rather than on every transfer by any person in all circumstances.

(1) or (2) **Exchange** (if they facilitate conversions between VA and fiat, or different VAs as part of the payment process).

If a payment processor *only* deals with fiat currency and processes payments *for* VASP clients (but doesn't handle VAs themselves), they might not directly need a Digital Assets Act license, but would likely be subject to general payment services or money transmission regulations and enhanced AML/CFT scrutiny due to their clients' activities.

**Legal Entity and Local Presence:**

The applicant must typically be a Barbadian incorporated company or a foreign company registered in Barbados.

A registered office in Barbados.

Under the Revised Corporation Code of the Philippines there is generally no statutory minimum paid‑up capital for corporations, and companies may be formed with very low capital (e.g., as low as one US dollar), except where special laws or sector‑specific regulations prescribe higher minimum capital or net‑worth thresholds for particular license classes or regulated activities. In those regulated sectors, applicants must still demonstrate sufficient capital to meet the prescribed minima, cover operational risks, and support business continuity.

**Anti-Money Laundering (AML) / Counter-Financing of Terrorism (CFT):**

This is a cornerstone of the Barbadian framework, directly aligning with FATF Recommendations.

**Robust AML/CFT Framework:** Applicants must submit comprehensive AML/CFT policies, procedures, and controls.

**KYC (Know Your Customer) Procedures:** Detailed procedures for verifying the identity of customers (individuals and entities), including ongoing monitoring.

Risk-Based Approach: A documented and continuously updated risk assessment methodology, supported by ongoing monitoring and data‑driven controls, for identifying, assessing, and mitigating money laundering, terrorist financing and proliferation financing risks relevant to the firm’s virtual asset activities, with the intensity of measures applied on a risk‑sensitive basis.

**Designated Compliance Officer:** Appointment of a qualified and experienced AML/CFT Compliance Officer, often with reporting duties to the FSC and to the Financial Intelligence Unit (FIU) Barbados.

**Reporting Obligations:** Mechanisms for filing Suspicious Transaction Reports (STRs) and other relevant reports to the FIU.

**Sanctions Compliance:** Procedures for screening against international sanctions lists.

**Fit and Proper Test:** All directors, senior management, and significant shareholders (typically 10% or more) must undergo a rigorous "fit and proper" assessment by the FSC, evaluating their integrity, competence, and financial soundness.

**Organizational Structure:** A clear and effective corporate governance structure with defined roles and responsibilities.

**Internal Controls:** Implementation of strong internal controls, risk management systems (operational, financial, IT, legal, reputational risks), and internal audit functions.

**Business Continuity and Disaster Recovery:** Plans to ensure continued operations in the event of unforeseen disruptions.

Technology and security requirements in the U.S. have recently tightened and evolved, including new statutory mandates like the 2026 BIOSECURE Act and updated federal guidance and industry expectations on secure communications and cybersecurity, so any prior static description of these obligations must be revised to reflect these expanded regulatory duties and emerging threat assessments.

**Cybersecurity Framework:** Robust cybersecurity measures to protect virtual assets, customer data, and operational systems from unauthorized access, attacks, and breaches.

**Data Protection:** Compliance with data protection principles and regulations.

**System Integrity:** Proof of the integrity, reliability, and security of the technology infrastructure used to provide virtual asset services.

**Third-Party Risk Management:** Procedures for managing risks associated with outsourcing critical functions to third-party providers.

A comprehensive business plan outlining the proposed activities, target market, operational model, technology stack, marketing strategies, and financial projections.

**Pre-Application Consultation:** It is highly recommended to engage in preliminary discussions with the FSC to clarify requirements, seek guidance, and present the proposed business model.

Completion of the official application forms.

Regulatory biologics licensing submissions must provide comprehensive, well‑structured electronic dossiers in specified formats (such as eCTD), including clearly defined administrative, quality/CMC, nonclinical, and clinical modules and supporting datasets, rather than just generic ‘detailed documentation.’

Organizational chart and corporate structure.

AML/CFT Manual, Compliance Manual, Operational Manuals.

Bangladesh Bank now anchors its requirements in a formal, mandatory Cybersecurity Framework (v1.0, 2026) for banks and other regulated entities, which supersedes and expands earlier IT security policy guidance; compliance with this framework, rather than a standalone ‘IT Security Policy and Cybersecurity Framework’ label, is the operative regulatory requirement.

Bangladesh Bank has a risk management framework for banks, but its supervisory approach has shifted to Risk-Based Supervision (RBS) effective January 1, 2026.

Legal opinions may be required in some transactions, but they are not a current requirement under Regulation B/ECOA licensing rules.

Audited financial statements (if an existing entity).

**Submission of Application and Fees:** Formal submission of the complete application package along with the prescribed application fees.

FSC requires operators and certificate holders to establish and maintain their own due diligence systems—covering information collection, risk assessment, and risk mitigation—in line with FSC standards and the EUDR; FSC itself does not routinely conduct thorough due diligence on each individual application, but rather sets requirements, conducts oversight through certification bodies, and may carry out its own due diligence only in specific procedures (e.g. Policy for Association evaluations).

Reviews of all submitted documents in Barbados may involve additional, lengthy review causing significant delays, and are not necessarily routine or quick.

Requests for additional information or clarification.

**Approval in Principle:** If the FSC is satisfied, it may grant an "approval in principle," often subject to certain conditions that must be met before final licensing.

**Final Licensing:** Upon fulfillment of all conditions and payment of final licensing fees, the FSC will issue the Virtual Asset Business License.

Money Laundering and Financing of Terrorism (Prevention and Control) Act, 2011-23 (as amended) is Barbados's overarching AML/CFT legislation. Other sectoral statutes, including the Virtual Asset Service Providers regime (VABA), require covered entities to comply with the AML/CFT obligations set out in this Act for financial institutions and designated non‑financial businesses and professions (DNFBPs).

**Proliferation Financing (Prevention) Act, 2019:** Addresses financing for weapons of mass destruction, further strengthening the CFT regime.

The Financial Services Commission (FSC) is currently undertaking a major regulatory overhaul of its financial services legislation, which is superseding or replacing previous guidelines, directives, and prudential statements related to VASPs under the VABA and PMLFTA.

VASPs must be licensed or registered by the FSC to operate legally in Barbados. This process involves demonstrating robust internal controls, governance structures, and adequate financial resources, including a sound AML/CFT compliance program.

**Identity Verification:** Obtaining and verifying the identity of the customer (individual or legal entity) using reliable, independent source documents, data, or information.

**For Individuals:** Name, residential address, date of birth, nationality, unique identification number (e.g., passport, national ID).

**For Legal Entities:** Name, legal form, proof of existence, registered address, principal place of business, board of directors, and verification of individuals authorized to act on behalf of the entity.

**Beneficial Ownership Identification:** Identifying and taking reasonable measures to verify the identity of the beneficial owner(s) of the customer, especially for legal persons and arrangements. This includes understanding the ownership and control structure.

**Purpose and Intended Nature of Business Relationship:** Understanding the purpose and intended nature of the business relationship or occasional transaction.

**Ongoing Monitoring:** Conducting ongoing due diligence on the business relationship and scrutiny of transactions undertaken throughout the course of the relationship to ensure that the transactions are consistent with the VASP's knowledge of the customer, their business, and risk profile, including, where necessary, the source of funds or virtual assets.

**Enhanced Due Diligence (EDD):** Applying enhanced measures for higher-risk situations, including:

Customers from high-risk jurisdictions (as identified by FATF or national assessments)

Transactions involving high value or specific types of virtual assets deemed higher risk.

VASPs must determine the source of funds and source of wealth for high-risk customers.

Simplified Due Diligence (SDD) may be applied only where a documented, demonstrably low risk of money laundering or terrorist financing exists, in line with FATF and similar risk-based frameworks; it is not a blanket permission defined solely by the FSC and must follow proportionate, dynamic risk assessment criteria set by applicable AML regulators.

**Obligation to Report:** VASPs are legally obligated to report any suspicious transactions, including attempted transactions, to the **Financial Intelligence Unit (FIU) of Barbados**.

**Grounds for Suspicion:** This includes suspicion of money laundering, terrorist financing, proliferation financing, or any other criminal activity, regardless of the amount or value involved.

**No Tipping-Off:** VASPs and their employees are prohibited from disclosing to the customer or any third party that a report has been made or that a money laundering/terrorist financing investigation is being conducted.

Copies of identification documents, verification data, beneficial ownership information, and records of analysis performed.

**Transaction Records:** All transaction data, including dates, amounts, types of virtual assets, sender and recipient information, and any associated messages or instructions.

**STRs:** Copies of all suspicious transaction reports submitted to the FIU and any internal inquiries or decisions related to those reports.

**Risk Assessments:** Records of institutional and customer risk assessments.

**Risk Assessment:** Conducting regular institutional risk assessments to identify, assess, and understand their ML/TF risks.

**Internal Policies, Procedures, and Controls:** Developing and implementing written policies, procedures, and internal controls to mitigate identified risks and ensure compliance with AML/CFT obligations.

**Designated Compliance Officer:** Appointing a qualified AML/CFT Compliance Officer at the management level, responsible for overseeing the AML/CFT program.

**Employee Training:** Providing ongoing training to all relevant employees on AML/CFT laws, regulations, internal policies, and methods of identifying suspicious activities.

**Independent Audit:** Establishing an independent audit function to test the effectiveness of the AML/CFT program.

**Sanctions Compliance:** Screening customers and transactions against relevant international (e.g., UN) and national sanctions lists.

**Originating VASP:** Must obtain and hold required originator and beneficiary information.

**Beneficiary VASP:** Must obtain and hold required originator information.

**Information Sharing:** This information must be submitted to the beneficiary VASP during or before the transaction.

Barbados has enacted the Virtual Asset Business Act to address modern AML/CTF risks, while the Anti-Money Laundering and Counter-Terrorism Financing Act, 2011 remains part of the broader legal framework but is not the sole or current regulatory focus.

Anti-Money Laundering and Counter-Terrorism Financing Act, 2011 (FIU Barbados website)

In The Bahamas, digital asset businesses are now governed by the Digital Assets and Registered Exchanges Act, 2024 (which repealed and replaced the earlier Digital Assets and Registered Exchanges Act, 2020/2019 framework).

Digital Assets and Registered Exchanges Act, 2019 (CBB website)

Barbados's Financial Intelligence Unit Act (2000) has been amended or replaced as part of a major overhaul of financial services legislation in 2026

Financial Intelligence Unit Act, 2000 (FIU Barbados website)

**Anti-Terrorism Act (Chapter 169):** This Act criminalizes terrorist financing and related activities, providing the legal basis for implementing UN Security Council resolutions related to terrorism and terrorism financing.

While a direct URL for the consolidated act is not readily available through official government portals, it forms part of the Laws of Barbados.

Primary regulator for non‑bank financial institutions (including securities, insurance, pensions, credit unions and other non‑bank custody activities) in Barbados: Financial Services Commission (FSC); primary regulator for banks and other deposit‑taking institutions: Central Bank of Barbados.

Key legislation for Bermuda’s digital asset business regime is the Digital Asset Business Act 2018, as amended (including the Digital Asset Business Amendment Act 2019), not a “Digital Asset Business Act 2019 (DABA)”.

Searching for "Barbados Digital Asset Business Act 2019 PDF" does not reliably return a direct PDF of the Act and may fail to produce the document at all, so this is not a dependable general search hint for locating the text of the Barbados Digital Asset Business Act 2019.

**Requirement:** Any person wishing to operate a digital asset business that provides custodial wallet services in Barbados must obtain a license from the Financial Services Commission (FSC).

**Definition of Digital Asset Business (DABA Section 2):** Includes "providing custodial wallet services" (defined as "the safekeeping or control of a client's digital assets or the means to access a client's digital assets").

**Application Process (DABA Part II):**

Applicants must submit a detailed application to the FSC, including information on their corporate structure, financial resources, business plan, risk management framework, and the fit and proper status of directors and senior management.

The FSC assesses the applicant's ability to comply with the Act and its regulations, including adequate capital, robust internal controls, and competent personnel.

**DABA Section 13(1)(a):** "A licensee who receives client digital assets for safekeeping or for any other purpose shall keep client digital assets separate from the licensee’s assets."

**DABA Section 13(1)(b):** "A licensee shall hold client digital assets in an account or a wallet designated as a client digital assets account or wallet."

**Implication:** This mandates that client digital assets cannot be commingled with the firm's operational funds or assets, providing a layer of protection in case of insolvency or other financial distress of the custodian.

**DABA Section 13(2):** "A licensee shall maintain adequate insurance cover or other indemnity arrangements to protect clients against the loss of digital assets held by the licensee arising from fraud, negligence or other risks."

**FSC Discretion:** The specific nature and amount of insurance or indemnity may be subject to further guidance or requirements issued by the FSC based on the scale and nature of the licensee's operations.

**DABA Section 13(1)(c):** "A licensee shall implement appropriate measures to safeguard client digital assets, including measures for the prevention of theft, loss or manipulation."

**Interpretation:** Given the inherent risks associated with hot wallets (online, internet-connected), "appropriate measures" for safeguarding significant amounts of client digital assets would, in practice, involve the use of offline (cold) storage solutions for the majority of funds, combined with multi-signature access, robust key management, and secure operational protocols. The FSC would expect licensees to demonstrate such advanced security measures as part of their risk management framework.

**A "qualified custodian" in Barbados, under DABA, is essentially a licensee (an entity licensed under DABA to provide custodial wallet services) that adheres to all the obligations outlined in the Act, particularly those in Section 13.** These obligations include asset segregation, insurance, and robust security measures.

Amendments to DABA now include significant substantive and structural changes to existing provisions, not merely technical updates or minor refinements.

**Subsidiary legislation or regulations:** Providing more detailed rules under the umbrella of DABA.

Guidance notes or circulars: Non‑binding publications the FSC uses both to clarify its interpretation and compliance expectations and to signal or shape upcoming regulatory standards and transparency practices, which may later be embedded in enforceable rules or standards.

**Compliance Requirement:** As a member of the United Nations, Barbados is legally obligated to implement sanctions resolutions issued by the UN Security Council. These resolutions target individuals, entities, and countries involved in terrorism, proliferation of weapons of mass destruction, and other threats to international peace and security.

**Mechanism:** These UN sanctions are typically incorporated into Barbadian domestic law through regulations or ministerial orders under the Anti-Terrorism Act or other relevant legislation, making them legally binding for all persons and entities in Barbados, including VASPs.

**VASP Obligations:** VASPs must screen their customers, beneficial owners, and transactions against the UN Consolidated Sanctions List.

UN Security Council Consolidated Sanctions List

**Compliance Requirement:** While OFAC sanctions are not directly legislated as Barbadian law, compliance is a **de facto requirement** for VASPs and other financial institutions in Barbados. This is due to:

**Correspondent Banking Relationships:** Barbadian financial institutions rely heavily on correspondent banking relationships with U.S. banks. Non-compliance with OFAC sanctions can lead to U.S. banks de-risking or terminating these relationships, severely impacting a VASP's ability to conduct international transactions.

**Reputational Risk:** Ignoring OFAC sanctions can lead to significant reputational damage and hinder access to international markets.

**U.S. Nexus:** Any VASP that processes transactions with a U.S. nexus (e.g., U.S. customers, U.S. dollar transactions, U.S. servers) falls directly under OFAC's jurisdiction.

**VASP Obligations:** VASPs are expected to screen their customers, beneficial owners, and transactions against OFAC's Specially Designated Nationals (SDN) and Blocked Persons List, as well as other OFAC sanctions lists.

OFAC Sanctions Lists (U.S. Department of the Treasury)

**Compliance Requirement:** Similar to OFAC, EU sanctions are not directly Barbadian law, but compliance is a **strong expectation and practical necessity** for VASPs engaged in international business, particularly with European counterparties or using Euro-denominated services. Reasons include correspondent banking, market access, and reputational considerations.

**VASP Obligations:** VASPs should consider screening against the EU consolidated list of persons, groups and entities subject to EU financial sanctions.

EU Sanctions Map (European Commission)

**Regulator:** Barbados Financial Services Commission (FSC)

**Entity Targeted:** Implicitly, any Virtual Asset Service Provider (VASP) operating or attempting to operate in Barbados without a license, or failing to comply with the Digital Assets Act, 2019 and associated regulations. The FSC also targets the general public with warnings about the risks of unregulated entities.

**Violation Type:** Operating an unlicensed VASP, failure to meet AML/CFT requirements, consumer protection breaches by unregulated entities.

Penalty amounts for operating without a license under Barbados’s digital assets regime have been increased by later amendment; the 2019 figures cited in the claim are no longer current.

**Date:** Ongoing, since the proclamation of the Digital Assets Act, 2019 (proclaimed October 2019), and its subsequent amendments and guidelines.

FATF and related regulators have continued to strengthen VASP rules and guidance, but significant implementation gaps remain for offshore VASPs, Travel Rule compliance, and broader supervision, so the situation is better described as ongoing regulatory tightening with persistent enforcement challenges rather than completed regulatory clarity.

**Digital Assets Act, 2019:** This is the foundational legislation for regulating digital assets and VASPs in Barbados. It outlines licensing requirements, supervisory powers of the FSC, and penalties for non-compliance.

**Source URL:** https://www.fsc.gov.bb/DigitalAssets/Digital-Assets-Act-2019.pdf (This is the Act itself, outlining potential penalties and the regulatory framework.)

**FSC Website - Digital Assets Section:** The FSC regularly updates its website with information regarding licensing, guidance, and warnings related to digital assets. This is where any significant enforcement actions *would* likely be announced. While it doesn't list specific enforcement actions against named entities, it details the regulatory requirements.

**Source URL (FSC Digital Assets Section):** https://www.fsc.gov.bb/DigitalAssets/Pages/Digital-Assets.aspx

**FSC Public Warnings:** The FSC frequently issues general warnings to the public about dealing with unregulated entities and the risks associated with various financial products, including those related to cryptocurrencies. While these aren't enforcement actions *against* a specific entity with a fine, they are a form of regulatory action aimed at consumer protection and highlight the FSC's vigilance. For specific warnings, you would need to browse their 'News & Updates' or 'Public Notices' sections, but these usually warn against *types* of scams or the dangers of *unlicensed activity* rather than sanctioning a named, operating entity with a fine.

**Source URL (FSC News & Updates - check for notices regarding digital assets):** https://www.fsc.gov.bb/NewsUpdates/Pages/News-and-Updates.aspx

**Relatively New Framework:** Enforcement actions often take time to materialize after a regulatory framework is put in place.

**Focus on Compliance:** The FSC might be prioritizing encouraging compliance and licensing rather than immediately resorting to public penalties, especially if entities are making efforts to regularize.

**Jurisdiction Size:** Smaller jurisdictions sometimes have different approaches to public disclosure compared to larger financial centers.

Major violations by federal agencies like EPA, FDA, and OSHA are often publicly disclosed with specific fines and enforcement actions against named entities, though some resolutions (e.g., certain FAR violations or NERC cases) may be administrative or aggregated.