Belize

**International Financial Services Commission (IFSC):** The primary regulator for financial services in Belize, including the licensing and oversight of investment businesses, securities dealing, and collective investment schemes.

**Financial Intelligence Unit (FIU):** Responsible for anti-money laundering (AML) and countering the financing of terrorism (CFT) supervision, including for entities dealing with virtual assets.

**Shares or debentures of a body corporate or an unincorporated body.**

**Units in a collective investment scheme.**

Belize offers conditional investment pathways, such as a $500,000 investment residency program, but does not grant a universal right to participate in any investment; foreign investors face restrictions including no private land ownership and mandatory registration with exchange controls.

**An instrument conferring a right to acquire or dispose of securities.**

**An investment contract:** This is the most crucial category for many crypto tokens. While not explicitly defined further in the context of crypto, an investment contract generally implies:

An investment of money (or value).

Derived solely or substantially from the efforts of others.

**Investment Tokens (Security Tokens):** Tokens explicitly designed to represent a share in a company, a right to dividends, a portion of profits, or an interest in a collective investment scheme or fund. This includes asset-backed tokens (e.g., representing real estate, commodities, or revenue streams).

**Hybrid/Utility Tokens with Investment Characteristics:** If a "utility token" is sold primarily as an investment vehicle, with purchasers having an expectation of profit from the token's appreciation based on the efforts of the issuer or a third party (e.g., during an ICO where the token is not yet functional or is primarily marketed as an investment), it will likely be deemed a security. The initial sale and marketing materials are critical here.

**Debt Tokens:** Tokens that represent a loan or debt instrument, entitling the holder to principal repayment and/or interest payments from the issuer.

**Payment Tokens (Pure Cryptocurrencies):** Like Bitcoin or Ether, when used purely as a medium of exchange or store of value, are generally not considered securities themselves.

**Pure Utility Tokens:** Tokens that provide access to a specific product or service on a blockchain network, and whose value is directly tied to the consumption or use of that product/service, rather than an expectation of profit from the efforts of others.

**Stablecoins:** Often regulated under e-money or payment service regulations rather than securities laws, unless they represent a share in a reserve or an interest-bearing debt instrument.

**Registration of Securities:** The issuer would typically be required to register the securities with the IFSC, which involves filing a prospectus or offering memorandum that provides detailed disclosure about the issuer, the token, the project, and the risks involved.

**Exemptions:** Certain exemptions from registration may apply, such as:

**Private Placements:** Offerings made to a limited number of sophisticated or institutional investors.

**Offerings to Accredited Investors:** Sales exclusively to individuals or entities meeting specific financial criteria.

**Small Offerings:** Offerings below a certain monetary threshold.

**Listing on a Recognized Exchange:** If the securities are listed on a recognized domestic or foreign stock exchange.

The specific conditions for these exemptions would be detailed in the SIA 2021 or its accompanying regulations.

**Licensing for Intermediaries:** Any entity involved in issuing, dealing in, advising on, or managing collective investment schemes related to these security tokens would need to be licensed by the IFSC under the **International Financial Services Commission Act** or the **Securities Industry Act, 2021**. This includes token exchanges, brokers, and fund managers.

**Regulated Exchanges:** Trading should occur on a recognized and licensed exchange that complies with the Securities Industry Act, 2021, and its regulations.

**Licensed Dealers:** Individuals or entities dealing in security tokens on behalf of others must be licensed by the IFSC.

**Transparency and Disclosure:** Secondary market transactions may be subject to reporting requirements to ensure market transparency and integrity.

**AML/CFT Compliance:** All trading platforms and licensed dealers must implement robust AML/CFT measures, including Know Your Customer (KYC) procedures for participants, transaction monitoring, and suspicious activity reporting to the FIU.

**Cease and Desist Orders:** Ordering the entity to halt its activities.

**Fines and Penalties:** Imposing monetary penalties for non-compliance.

**License Revocation:** For licensed entities that violate the terms of their license or regulations.

**Public Warnings:** Issuing warnings to the public about unregulated activities.

**Criminal Prosecution:** In cases of severe breaches, fraudulent activity, or operating entirely illegally, the authorities could initiate criminal proceedings.

**The Securities Industry Act, 2021:**

*Note: Direct public access to the latest consolidated version of Belizean Acts can sometimes be challenging. The Attorney General's Ministry often hosts them. Searching "Belize Securities Industry Act 2021" on sites like www.belizelaw.org or the Attorney General's website (attorneygeneral.gov.bz) is the best approach.*

A good reference for the 2021 Act would typically be found within the legal gazettes or official publications of Belize.

**International Financial Services Commission Act (Chapter 272 of the Laws of Belize, Revised Edition 2020):**

The Act itself can often be found on the Belize Laws website or the IFSC's own publications.

**Financial Intelligence Unit Act (Chapter 105 of the Laws of Belize, Revised Edition 2020):**

The Act is usually available on the FIU's website or the Belize Laws website.

**Money Laundering and Terrorism (Prevention) Act (Chapter 104 of the Laws of Belize, Revised Edition 2020):**

Also typically found on the FIU's website or the Belize Laws website.

The IFSC occasionally issues public warnings or notices regarding unregulated activities. While there isn't a specific comprehensive "Virtual Assets and Securities Classification" guidance document akin to those from larger jurisdictions, any communication from the IFSC should be monitored on their official website: www.ifsc.gov.bz under "Notices" or "News."

**International Financial Services Commission (IFSC) Belize:** This is the primary regulator for VASPs. Their website often contains guidance and information on regulated entities.

**Role:** The IFSC is responsible for issuing licenses, setting regulatory standards, and overseeing compliance for entities offering international financial services, including virtual asset services.

**Financial Intelligence Unit (FIU) of Belize**

**Role:** The FIU is the central national agency responsible for receiving, analyzing, and disseminating suspicious transaction reports (STRs) to law enforcement agencies.

**Virtual Asset Services Act, 2023 (VASA)**

This is the specific legislation that regulates virtual asset services in Belize. It defines VASPs and establishes the licensing and regulatory requirements, including the application of AML/CFT measures.

**Money Laundering and Terrorism (Prevention) Act (MLTPA) [Revised Edition 2011 & subsequent amendments]:**

This is Belize's overarching AML/CFT legislation. VASPs are designated as "reporting entities" under this Act, making them subject to its full range of obligations, including customer due diligence, record-keeping, and suspicious transaction reporting.

This Act establishes the FIU and outlines its functions and powers, including the process for reporting suspicious transactions.

Various statutory instruments and regulations issued under the MLTPA and VASA provide more detailed guidance on specific AML/CFT obligations.

Obtain and verify the customer's full name, date of birth, nationality, physical address, and government-issued identification number (e.g., passport, national ID card, driver's license).

Verify identity using reliable, independent source documents, data, or information (e.g., copies of ID, proof of address utility bills).

**Legal Persons/Arrangements (e.g., companies, trusts):**

Obtain and verify the legal entity's name, legal form, proof of existence (e.g., certificate of incorporation), physical address, and details of its directors/partners.

Understand the ownership and control structure of the legal person/arrangement.

Identify and verify the identity of the **beneficial owner(s)** – any natural person(s) who ultimately owns or controls the customer, directly or indirectly, through more than 25% of the shares or voting rights, or otherwise exercises control over the entity.

**Purpose and Intended Nature of Business Relationship:** Understand the purpose and intended nature of the business relationship (e.g., why the customer wants to use the VASP's services, expected transaction volumes and types).

**Source of Funds/Wealth:** For higher-risk customers or transactions, VASPs must take reasonable measures to establish the source of funds or source of wealth.

Continuously monitor the business relationship and transactions to ensure they are consistent with the VASP's knowledge of the customer, their business, and risk profile.

Regularly update customer information, especially for high-risk customers.

**Risk-Based Approach:** VASPs must apply a risk-based approach to CDD, meaning that the intensity and nature of CDD measures should be commensurate with the money laundering and terrorism financing risks identified. This involves:

**Simplified CDD (SCDD):** For lower-risk situations, if permitted by regulations.

**Enhanced CDD (ECDD):** For higher-risk situations, such as customers from high-risk jurisdictions, Politically Exposed Persons (PEPs), or complex transactions. This includes obtaining additional information, increased frequency of monitoring, and requiring senior management approval for establishing or continuing relationships.

**Sanctions Screening:** Screen customers and transactions against relevant international sanctions lists (e.g., UN, OFAC).

Belize has committed to adopting the FATF Travel Rule for virtual asset transfers by July 2026, but it is not yet implemented or in effect.

**Obligation to Report:** If a VASP knows, suspects, or has reasonable grounds to suspect that funds are the proceeds of a criminal activity, or are related to terrorism financing, it must promptly file an STR with the FIU.

**Timeliness:** Reports must be filed without delay, typically within a few business days of forming the suspicion.

**"No Tipping Off":** VASPs and their employees are prohibited from disclosing to the customer or any third party that an STR has been or will be filed.

**Internal Reporting:** VASPs must establish internal procedures for employees to report suspicious activities to a designated Money Laundering Reporting Officer (MLRO) within the VASP.

**CDD Records:** All documents and information obtained during the CDD process (e.g., identity documents, beneficial ownership information, risk assessments).

**Transaction Records:** Records of all transactions, including amounts, dates, types of virtual assets, sender and receiver information, and transaction hashes.

**Business Correspondence:** Records of communications with customers regarding their transactions and accounts.

**Internal Policies and Procedures:** Documentation of the VASP's AML/CFT policies, procedures, and internal controls.

**STRs:** Copies of all STRs filed and any related internal documentation.

**Duration:** Records must typically be retained for at least **five (5) years** from the date of the transaction or from the end of the business relationship, whichever is later.

**Designated Non-Financial Businesses and Professions Act, 2021:** https://www.fsc.gov.bz/wp-content/uploads/2021/04/Designated-Non-Financial-Businesses-and-Professions-Act-2021.pdf

**Anti-Money Laundering and Countering the Financing of Terrorism Regulations, 2022:** https://www.fsc.gov.bz/wp-content/uploads/2022/10/Anti-Money-Laundering-and-Countering-the-Financing-of-Terrorism-Regulations-2022.pdf

Exchange between virtual assets and fiat currencies is regulated under the Belize Digital Asset Services Licensing Regulations, 2025, which establishes a licensing regime for digital asset service providers, including such exchanges.

Exchange between one or more forms of virtual assets is a regulated activity in Belize, subject to licensing under the Digital Asset Services Licensing Regulations, 2025, which currently includes a licensing freeze.

**Custody** and/or administration of virtual assets or instruments enabling control over virtual assets.

**Participation in and provision of financial services related to an issuer's offer and/or sale of a virtual asset.**

**Exchanges:** Firms operating virtual asset exchanges (fiat-to-crypto, crypto-to-crypto) explicitly fall under points 1 and 2 and **require registration** as a VASP.

**Custody Providers:** Entities providing services for the custody or administration of virtual assets (e.g., wallet providers holding private keys for clients) explicitly fall under point 4 and **require registration** as a VASP.

**Payment Processors:** If a payment processor facilitates payments using virtual assets (e.g., processing payments in stablecoins or converting crypto to fiat for merchants), they would fall under "transfer of virtual assets" (point 3) or "exchange" (points 1 & 2) and therefore **require registration** as a VASP. If they only process fiat payments *for* crypto services without touching virtual assets themselves, they might not be a VASP, but general payment services might have separate regulations. For any involvement with VAs, VASP registration is necessary.

The VASP must be incorporated as a legal entity in Belize (e.g., an International Business Company - IBC).

The DNFBP Act **does not specify a fixed minimum capital requirement** for VASPs in the same way a banking license would.

However, applicants must demonstrate **sufficient financial resources** to operate effectively, maintain robust AML/CFT systems, meet operational expenses, and ensure the continuity of services. The FSC will assess the financial soundness, business plan, and projected expenditures to ensure the VASP can sustain its operations and comply with regulatory obligations.

**AML/CFT Program:** Implementation of a comprehensive AML/CFT program tailored to the VASP's specific risks, including policies, procedures, and internal controls.

**Money Laundering Reporting Officer (MLRO):** Appointment of a qualified and experienced MLRO based in Belize, responsible for overseeing AML/CFT compliance and reporting suspicious activities.

**Risk Assessment:** Conducting a comprehensive risk assessment of the VASP's business, customers, products/services, and geographic areas of operation.

**Customer Due Diligence (CDD):** Implementing robust CDD procedures for all customers, including:

Verification of identity (individuals and legal entities).

Understanding the nature and purpose of the business relationship.

Ongoing monitoring of business relationships.

**Enhanced Due Diligence (EDD):** Applying EDD measures for higher-risk customers, politically exposed persons (PEPs), and complex transactions.

**Record-Keeping:** Maintaining records of all transactions, CDD information, and other relevant data for a specified period (typically at least 5 years).

**Suspicious Transaction Reporting (STR):** Procedures for identifying and reporting suspicious transactions to the Financial Intelligence Unit (FIU) of Belize.

**Employee Training:** Regular AML/CFT training for all relevant employees.

**Internal Audit/Review:** Independent review of the AML/CFT program's effectiveness.

**Registered Office:** A physical registered office address in Belize is mandatory.

While not always strictly requiring local directors for all VASPs, having local management, compliance officers, and an MLRO with a demonstrable understanding of Belizean law is often expected and facilitates effective oversight.

**Robust Governance:** Clear organizational structure, lines of responsibility, and management oversight.

**Risk Management:** Comprehensive risk management framework addressing operational, technological, financial, and reputational risks.

**Technology and Security:** Secure and reliable IT systems, robust cybersecurity measures, data protection protocols, and business continuity plans appropriate for managing virtual assets.

**Audited Financials:** Submission of audited financial statements.

**Preliminary Consultation (Optional but Recommended):** Engaging with the FSC to discuss the proposed business model and clarify regulatory expectations.

Detailed business plan (including services offered, target market, operational procedures, technology infrastructure).

Comprehensive AML/CFT Policy and Procedures Manual.

Corporate governance documents (e.g., Memorandum and Articles of Association).

Due diligence documents for all directors, beneficial owners, and key management personnel (e.g., passports, utility bills, résumés, police certificates, professional references).

Any other information requested by the FSC.

**Submission of Application:** Formal submission of the complete application package to the FSC.

**FSC Review and Due Diligence:** The FSC will conduct a thorough review of the application, including background checks on all relevant individuals and an assessment of the proposed operations and AML/CFT framework.

**Information Requests/Interviews:** The FSC may request additional information or conduct interviews with key personnel.

**Approval or Refusal:** Upon satisfactory review, the FSC will issue a Certificate of Registration. If the application is deemed insufficient or non-compliant, it may be refused.

**Ongoing Compliance:** Once registered, VASPs are subject to ongoing reporting obligations, periodic audits, and continuous compliance with the DNFBP Act, AML/CFT Regulations, and any other directives issued by the FSC.

**Virtual Assets and Initial Token Offerings Act, 2021 (VAITO Act):**

**URL:** While the specific official government gazette link can be hard to find directly, the Act is published by the Belize National Assembly and is available through legal databases or via the IFSC. A key source for the intent and implementation is usually the regulator's pronouncements.

**Section 3:** Defines "virtual asset" and "virtual asset service provider" (VASP), bringing crypto entities under regulation.

**Section 19:** Mandates that a VASP (and applicants) must comply with the requirements of the Money Laundering and Terrorism (Prevention) Act (MLTPA).

**Section 20:** Requires VASPs to establish and maintain adequate internal controls, risk management systems, and other procedures for compliance with AML/CTF obligations, including sanctions.

**Section 21:** Grants the IFSC powers to issue directives, guidelines, and codes of practice to VASPs regarding AML/CTF compliance.

**URL:** A consolidated version can be hard to link directly, but the Act is foundational.

**Overall:** This is Belize's principal AML/CTF legislation. It establishes the framework for identifying, reporting, and preventing money laundering and terrorist financing.

**Terrorism Financing:** Crucially, it criminalizes terrorism financing and provides the legal basis for implementing UN Security Council Resolutions (UNSCRs) related to the freezing of assets of designated persons and entities.

**Obliged Entities:** While VASPs are specifically brought under its ambit by the VAITO Act, the MLTPA outlines the general duties for all financial institutions regarding suspicious transaction reporting, customer due diligence, and record-keeping.

**Financial Intelligence Unit (FIU) Belize:**

The FIU is the central agency responsible for receiving, analyzing, and disseminating suspicious transaction reports (STRs) and other financial information to combat ML/TF. It also provides guidance and oversight for reporting entities.

**Direct Obligation:** Belize, as a UN member state, is legally bound to implement UNSCRs, particularly those related to terrorism financing (e.g., UNSCRs 1267, 1373, 1988) and other proliferation financing.

**Mechanism:** The MLTPA and related regulations provide the legal mechanism for giving effect to these resolutions in Belizean law, including the freezing of assets of individuals and entities designated by the UN Security Council.

**VASP Requirement:** VASPs in Belize are legally required to screen their customers and transactions against the **UN Security Council Consolidated List** (individuals and entities associated with ISIL (Da'esh) and Al-Qaida) and the **1988 Sanctions List** (Taliban), as well as any other persons or entities designated by the FIU or competent authority under the MLTPA in line with UNSCRs.

**OFAC/EU Sanctions Compliance (Indirect but Critical):**

**Extraterritorial Reach:** While Belizean law does not *directly* enforce OFAC (U.S. Department of the Treasury's Office of Foreign Assets Control) or EU sanctions lists as its own, compliance is a practical necessity for any VASP operating globally.

**Correspondent Banking/Interoperability:** Most fiat on/off-ramps for crypto, and many global blockchain service providers, are subject to U.S. or EU jurisdiction. Failure to comply with OFAC or EU sanctions by a Belizean VASP could lead to:

Loss of correspondent banking relationships.

Inability to access global crypto exchanges or liquidity providers.

Reputational damage and blacklisting by international partners.

Potential secondary sanctions if dealing with U.S. or EU designated persons/entities.

**VASP Best Practice:** Therefore, reputable Belizean VASPs adopt a best practice approach of screening against the **OFAC Specially Designated Nationals (SDN) and Blocked Persons List** and the **EU Consolidated List of Persons, Groups and Entities Subject to EU Financial Sanctions** in addition to the UN lists.

**Implement a Risk-Based Approach:** Develop and maintain a comprehensive AML/CTF program, including sanctions screening, proportional to their identified risks.

**Customer Due Diligence (CDD) / Enhanced Due Diligence (EDD):** Conduct thorough CDD on all customers, identifying beneficial owners. EDD is required for higher-risk customers and transactions.

**Mandatory:** Screen all customers (new and existing) and relevant parties to transactions against the **UN Security Council Consolidated List**.

**Highly Recommended (Industry Best Practice/Practical Necessity):** Screen against the **OFAC SDN List** and the **EU Consolidated List**, given the global nature of virtual asset transactions and the international financial system.

**Ongoing Monitoring:** Continuously monitor customer accounts and transactions for red flags, including potential links to sanctioned entities or high-risk jurisdictions.

**Freezing of Assets:** Immediately freeze any virtual assets (or fiat currency held by the VASP) belonging to a sanctioned person or entity identified on a UN sanctions list (or any other list as directed by the FIU/IFSC) and report the freeze to the FIU without delay.

**Risk Assessment:** Conduct thorough jurisdictional risk assessments.

**FATF High-Risk Jurisdictions:** Pay particular attention to countries identified by the FATF as "High-Risk Jurisdictions subject to a Call for Action" (e.g., North Korea, Iran) or "Jurisdictions under Increased Monitoring" (FATF grey list). Transactions involving these countries should trigger enhanced due diligence.

**OFAC/EU Sanctioned Countries:** Avoid facilitating transactions with, or offering services to, individuals or entities in comprehensively sanctioned jurisdictions (e.g., Cuba, Iran, North Korea, Syria, regions of Ukraine controlled by Russia, by OFAC standards) to prevent exposure to secondary sanctions.

**Internal Policies:** Implement internal policies to restrict or prohibit services to certain high-risk jurisdictions based on their own risk appetite and international obligations.

**Section 36:** Imposes administrative fines on VASPs for non-compliance with the Act or conditions of their license.

**Section 37:** Criminalizes operating as a VASP without a license, with penalties including fines (e.g., up to BZ$100,000 for an individual, BZ$500,000 for a body corporate) and/or imprisonment (up to 5 years).

**Section 38:** Specifies penalties for providing false information to the IFSC (fines up to BZ$50,000 or imprisonment up to 2 years).

**License Revocation:** The IFSC also has the power to suspend or revoke a VASP's license for serious or persistent non-compliance.

**Money Laundering and Terrorism (Prevention) Act:**

**Fines and Imprisonment:** Provides for substantial fines and terms of imprisonment for offenses related to money laundering, terrorist financing, and non-compliance with reporting or due diligence obligations. These can range from tens of thousands to hundreds of thousands of Belize dollars and several years of imprisonment, particularly for senior management and beneficial owners.

**Asset Forfeiture:** Assets involved in or derived from criminal activities, including ML/TF, are subject to forfeiture.

**UN Security Council Resolutions:** Belize domestically implements sanctions imposed by the UN Security Council (e.g., against individuals and entities linked to terrorism or proliferation). These lists are generally published and updated by the UN and then reflected in domestic directives or legislation.

**No Belizean Crypto-Specific List:** There is no separate Belizean list that specifically targets crypto addresses or individuals solely for crypto-related offenses. Sanctioned individuals or entities, regardless of how they transact, would fall under the general sanctions regime.

The IFSC was replaced by the Financial Services Commission (FSC) of Belize in 2011; the official regulatory authority for Belize's financial sector is now the FSC.

**Financial Intelligence Unit (FIU) Belize:** Provides AML/CTF guidance and handles STRs.

**URL:** FIU Belize Official Website

**UN Security Council Consolidated List:**

**URL:** UN Sanctions Committee Website

**OFAC Specially Designated Nationals (SDN) List:**

**EU Consolidated List of Persons, Groups and Entities Subject to EU Financial Sanctions:**

**URL:** EU Sanctions Map (Consolidated List)

**FATF Recommendations:** The global standard for AML/CTF, including for virtual assets.

**Yes, in principle, VASPs are covered by AML/CFT laws.** Belize has amended its primary AML/CFT legislation to include VASPs as reporting entities.

**International Financial Services Commission Act (IFSC Act) and relevant Regulations:** Amended to bring VASPs under the scope of licensing and supervision by the International Financial Services Commission (IFSC).

**However, specific Travel Rule implementation guidance is *not yet adopted*.** The FATF MER explicitly states that Belize has *not yet* issued specific guidance or regulations detailing how the Travel Rule should be implemented by VASPs.

The amendments to the MLTPA and IFSC Act to cover VASPs were put in place *prior* to the assessment period of the May 2023 FATF MER (i.e., before late 2022).

**There is no effective date for specific Travel Rule implementation guidance** because such guidance has not yet been issued.

**No specific threshold amounts for the Travel Rule have been established** in Belize.

Since detailed regulations or guidance for the Travel Rule's implementation are absent, there are no prescribed values (like the FATF's recommended €1,000 equivalent) for when VASP-to-VASP data sharing is required for virtual asset transfers.

General AML reporting thresholds for suspicious transactions would apply, but these are distinct from the Travel Rule.

VASPs, as broadly defined by the FATF (and presumably adopted into Belizean law via the MLTPA and IFSC Act), are covered as reporting entities. This typically includes entities that:

Exchange between virtual assets and fiat currencies.

Exchange between one or more forms of virtual assets.

Safeguard virtual assets or instruments enabling control over virtual assets.

Participate in and provide financial services related to an issuer's offer and/or sale of a virtual asset.

These entities are subject to licensing and supervision by the IFSC.

**None specifically issued for the Travel Rule.** The FATF MER highlights this as a major deficiency.

VASPs are generally expected to comply with standard AML/CFT requirements such as customer due diligence (CDD), record-keeping, and suspicious transaction reporting (STR). However, the specific technical requirements for collecting, storing, and transmitting originator and beneficiary information for virtual asset transfers (as per the Travel Rule) have not been detailed.

VASPs, as reporting entities, are subject to the general penalty provisions under the MLTPA and the IFSC Act for non-compliance with AML/CFT obligations.

Suspension or revocation of licenses issued by the IFSC.

Potential criminal prosecution for severe breaches, especially those related to money laundering or terrorism financing offenses.

**FATF Concern:** The MER noted that while the legal framework for penalties exists, the overall effectiveness of sanctions applied to reporting entities (including VASPs) for AML/CFT breaches has historically been low.

Since the Travel Rule's specific implementation is not yet regulated, there are no penalties directly tied to its non-adherence, but failure to adhere to general AML/CFT requirements (e.g., inadequate CDD for a transaction that would fall under Travel Rule if implemented) would be subject to existing penalties.

**FATF Rating:** Belize was rated **Partially Compliant** for Recommendation 15 (Virtual Assets and VASPs), indicating significant deficiencies.

**Major Deficiency:** The FATF specifically pointed out that "Belize has not yet issued specific guidance or regulations detailing the implementation of the Travel Rule for VASPs, including how to collect, store, and transmit required information."

**Recommendation:** The FATF urged Belize to "issue guidance for VASPs on the implementation of the Travel Rule."

**FATF Website - Belize Country Page:**

Navigate to the "Mutual Evaluation Report (May 2023)" for the full details.

**Financial Intelligence Unit (FIU) Belize:** (While not directly detailing Travel Rule, the FIU is the primary AML/CFT authority and would issue such guidance).

**Virtual Assets Services Act, 2024 (VASA 2024)**

**International Financial Services Commission (Virtual Assets) Regulations, 2024**

Application Process: Submission of a detailed application to the Financial Services Commission (FSC), formerly the IFSC.

**Fit and Proper Test:** Directors, senior management, and significant shareholders must undergo a "fit and proper" assessment, considering their competence, integrity, and financial soundness.

**Minimum Capital Requirements:** VASPs must meet prescribed minimum paid-up capital requirements, which are stipulated in the Regulations and vary depending on the services offered.

**Business Plan:** Submission of a comprehensive business plan detailing operations, organizational structure, internal controls, risk management framework, technology infrastructure, and security measures.

**AML/CFT Compliance:** Robust Anti-Money Laundering (AML) and Counter-Financing of Terrorism (CFT) policies and procedures must be in place, compliant with Belizean laws (e.g., Money Laundering and Terrorism (Prevention) Act) and international FATF standards. This includes customer due diligence (CDD), record-keeping, suspicious transaction reporting, and internal controls.

**Risk Management Framework:** Detailed policies for identifying, assessing, monitoring, and mitigating risks associated with virtual asset services, including technological, operational, cybersecurity, and market risks.

**Corporate Governance:** Establishment of sound corporate governance arrangements, including clear lines of responsibility, oversight by the board, and internal audit functions.

**Information Technology (IT) & Cybersecurity:** Implementation of robust IT systems and cybersecurity measures to protect virtual assets, client data, and operational integrity.

**Virtual Assets Services Act, 2024:**

Part II: Licensing of Virtual Asset Service Providers (e.g., Section 7: Requirement for licence; Section 8: Application for licence).

Part II: Licensing Requirements and Procedures.

**IFSC Website:** The IFSC website will typically host the latest versions of these acts and regulations, along with application forms and guidance notes.

*Current Public Information Page (check for updated links to the specific acts):* IFSC Belize – Virtual Asset Services

**Separate Accounts:** A licensed VASP providing custody services must hold client virtual assets in accounts separate from its own assets.

**No Commingling:** Client assets must not be commingled with the VASP's proprietary assets.

**Trustee Capacity:** The VASP must hold client virtual assets in trust or a similar fiduciary capacity, ensuring they are protected in the event of the VASP's insolvency or bankruptcy.

**Record-Keeping:** Detailed and accurate records of all client virtual assets must be maintained, clearly identifying ownership.

**Virtual Assets Services Act, 2024:** Look for sections related to client asset protection or client funds (e.g., Part V: Conduct of Business and Client Protection, or specific sections within it addressing segregation).

**Financial Resources:** VASPs are expected to maintain adequate financial resources, including sufficient capital, to cover operational risks and potential liabilities.

**Risk Management:** The comprehensive risk management framework required will likely necessitate considerations for covering potential losses due to cyber-attacks, operational failures, or misconduct. This often implies the need for appropriate insurance coverage (e.g., cybersecurity insurance, professional indemnity insurance), even if not explicitly mandated for a specific amount in the law.

**IFSC Discretion:** The IFSC may, at its discretion, impose specific insurance or bonding requirements on individual licensees based on their business model, scale of operations, and risk profile.

**Virtual Assets Services Act, 2024:** Sections pertaining to capital requirements, financial soundness, and risk management framework.

**Robust Security Measures:** Licensed VASPs must implement stringent security measures to protect virtual assets from theft, loss, or unauthorized access. This includes cybersecurity protocols, cryptographic security, access controls, and data integrity.

**Risk Assessment:** Custodians are required to conduct thorough risk assessments of their storage solutions (both hot and cold) and implement controls commensurate with the identified risks.

**Operational Resilience:** Requirements for business continuity plans and disaster recovery protocols to ensure the continuous availability of services and protection of assets.

**Technology Framework:** The VASP's technology infrastructure, including its storage solutions, must be audited, robust, and resilient.

**Virtual Assets Services Act, 2024:** Sections related to security, operational resilience, and risk management.

"(c) custody or administration of virtual assets or instruments enabling control over virtual assets."

Section 2: Interpretation (defining "virtual asset service" and "custody").