Marshall Islands

Define "digital assets" and "virtual asset service providers" (VASPs).

Establish a licensing regime for VASPs.

Impose Anti-Money Laundering (AML) and Counter-Financing of Terrorism (CFT) obligations on VASPs.

Empower the MIIFSA to regulate and supervise the virtual asset sector.

**Exchanges (Virtual Asset Trading Platforms):** Providing services for the exchange between virtual assets and fiat currencies, or between one or more forms of virtual assets.

**Custody Providers (Virtual Asset Custody Wallets):** Safekeeping or administration of virtual assets or instruments enabling control over virtual assets on behalf of others.

**Payment Processors (Virtual Asset Transfers):** Performing services that involve the transfer of virtual assets, whether for value, or facilitating the transfer for others. This covers activities such as:

Participation in and provision of financial services related to an issuer's offer or sale of a virtual asset.

**Legal Entity:** The applicant must be a properly incorporated legal entity in the Marshall Islands (e.g., an International Business Company or similar).

The Digital Assets Act generally requires VASPs to maintain **adequate capital** commensurate with the nature, scale, and complexity of their operations and the risks they undertake.

Specific minimum capital thresholds are typically set out in subsidiary regulations issued by the MIIFSA. These are designed to ensure financial stability and protect consumers. You would need to consult the latest MIIFSA guidance for exact figures.

This is a cornerstone requirement. VASPs must implement robust **Anti-Money Laundering (AML)** and **Know Your Customer (KYC)** policies and procedures.

These must align with the **Marshall Islands Anti-Money Laundering and Counter-Financing of Terrorism Act** and international FATF standards.

Customer due diligence (CDD) and enhanced CDD (EDD) for higher-risk clients.

Reporting of suspicious transactions (STRs) to the Financial Intelligence Unit (FIU).

Appointment of a qualified Compliance Officer and a Money Laundering Reporting Officer (MLRO).

While MI companies can be administered by a registered agent, a licensed VASP will likely require more substantial local presence. This can include:

A **registered office** in the Marshall Islands.

A **registered agent** who is authorized to act on behalf of the company.

Potentially, a requirement for **local management or key personnel**, or at least clear lines of communication and control demonstrable to MIIFSA. The degree of local operational presence can depend on the scale and nature of the proposed activities.

**Fit and Proper Persons:** All directors, senior management, shareholders, and beneficial owners must undergo a "fit and proper" assessment. This includes background checks for criminal records, financial solvency, and professional competence.

**Technology & Security:** Robust cybersecurity frameworks, data protection measures, and secure operational procedures are essential to protect virtual assets and customer data. This includes audit trails, disaster recovery plans, and business continuity plans.

**Risk Management:** Comprehensive risk management frameworks addressing operational, financial, and reputational risks associated with virtual asset activities.

**Pre-Application Consultation (Optional but Recommended):** Engage with MIIFSA to discuss the proposed business model and clarify regulatory expectations.

**Company Incorporation:** Establish a legal entity in the Marshall Islands (e.g., IBC) if not already done.

**Preparation of Application Documents:** This is a comprehensive stage and typically includes:

A detailed business plan outlining services, target markets, operational procedures, and financial projections.

Comprehensive AML/KYC policies and procedures manual.

IT security policy and technological infrastructure details.

Organizational chart and governance structure.

CVs and "fit and proper" questionnaires for all directors, senior management, significant shareholders, and beneficial owners.

Proof of capital (e.g., bank statements, audited financials).

**Submission of Application:** Lodge the completed application form and all supporting documentation with the MIIFSA, along with the prescribed application fees.

**MIIFSA Review & Due Diligence:** MIIFSA will review the application for completeness and compliance. They may request additional information, conduct interviews, or perform on-site visits. This process can be thorough and lengthy.

**Provisional Approval (if applicable):** In some cases, a provisional approval may be granted subject to fulfilling certain conditions.

**Final Approval & License Issuance:** Upon satisfactory completion of all requirements, MIIFSA will issue the VASP license.

**Ongoing Compliance:** Licensees must continuously comply with all regulatory requirements, including reporting obligations, and are subject to MIIFSA's ongoing supervision and potential audits.

**Marshall Islands International Financial Services Authority (MIIFSA) Official Website:**

This is the primary resource for official legislation, guidance, and application forms.

*Note: While the Digital Assets Act 2023 has been enacted, detailed regulations and specific application guidance often appear on the MIIFSA website over time. Businesses should regularly check the "Legislation" or "Guidance" sections.*

The full official text of this Act would typically be available through MIIFSA or the official RMI government gazette. As specific URLs for new legislation can be dynamic or require subscription services, the MIIFSA website remains the most reliable public portal for official pronouncements and links.

*You would search the MIIFSA site for "Digital Assets Act" or "Virtual Asset Service Providers (VASP) Regulations".*

**Anti-Money Laundering and Counter-Financing of Terrorism Act:**

This is the overarching AML/CFT legislation that VASPs must comply with.

URL: Relevant sections may be found under the "Legislation" section of the MIIFSA website.

**Anti-Money Laundering and Counter-Terrorism Financing Act 2018 (AML/CTF Act 2018):** This Act forms the cornerstone of the RMI's regulatory regime. It mandates financial institutions, including VASPs, to implement robust AML/CTF programs, which explicitly cover sanctions compliance.

**Financial Intelligence Unit Act 2006 (as amended):** Establishes the RMI Financial Intelligence Unit (FIU), which is the primary body responsible for receiving, analyzing, and disseminating financial intelligence related to money laundering, terrorism financing, and other serious offenses, including sanctions violations.

**Digital Asset Secured Transaction Act 2023 (DASTA 2023):** While primarily focused on property rights and the legal framework for digital assets as collateral, DASTA acknowledges and interacts with the broader regulatory environment for digital assets, implying that entities dealing with digital assets must comply with existing AML/CTF and sanctions laws.

*Reference:* Republic of the Marshall Islands Digital Asset Secured Transaction Act 2023. Available via International Registry of the Marshall Islands (IRI) or similar legal resource providers. Example of IRI link to DASTA related info.

As a member state of the United Nations, the RMI is obligated to implement sanctions resolutions passed by the UN Security Council (UNSC).

The AML/CTF Act 2018 explicitly mandates compliance with UN sanctions. This means VASPs must screen against the **UNSC Consolidated List**, which includes individuals and entities designated under various UN sanctions regimes (e.g., related to terrorism, proliferation, specific countries like North Korea, Iran, etc.).

VASPs must freeze assets of sanctioned individuals/entities and report such findings to the FIU.

Due to the **Compact of Free Association (COFA)** with the United States, the RMI's financial sector is heavily influenced by US regulations. While OFAC sanctions are primarily US law, their practical effect and the RMI's alignment with international best practices mean that compliance with OFAC (Office of Foreign Assets Control) sanctions is a critical requirement for VASPs.

**Practical Necessity:** Any VASP transacting in USD, dealing with US persons or entities, or having any nexus to the US financial system (e.g., through correspondent banking relationships, cloud providers, software vendors) *must* comply with OFAC sanctions to avoid secondary sanctions or blocking by US financial institutions.

The RMI's AML/CTF framework implicitly and explicitly supports the need for compliance with international sanctions, which for practical purposes, includes OFAC.

Similar to OFAC, EU sanctions directly apply to EU persons and entities. However, any VASP in the RMI that deals with EU customers, transacts in EUR, or otherwise engages with the EU financial system will be expected to comply with **EU Consolidated Sanctions Lists**.

This is a matter of mitigating risk and ensuring interoperability with international financial partners.

**Develop and implement a risk-based sanctions screening program.** This involves screening all customers (at onboarding and ongoing), beneficial owners, and transactions against relevant sanctions lists.

**Screen against the following lists at a minimum:**

**UN Security Council Consolidated List:** This list includes individuals and entities subject to asset freezes, travel bans, and arms embargoes imposed by the UN.

*Reference:* UN Security Council Consolidated List

**OFAC Specially Designated Nationals and Blocked Persons (SDN) List:** This is the primary list for US sanctions. VASPs should also be aware of other OFAC lists (e.g., Sectoral Sanctions Identifications List, Foreign Sanctions Evaders List).

**EU Consolidated List of persons, groups and entities subject to EU financial sanctions:**

**Establish policies and procedures** for identifying, reporting, and freezing assets related to sanctioned individuals or entities, and for rejecting or blocking prohibited transactions.

**Conduct ongoing monitoring** to ensure that new customers or existing customer activities do not involve sanctioned parties or jurisdictions.

**Individuals, entities, or governments designated on the above-mentioned sanctions lists, regardless of their location.**

**Persons or entities located in, or closely associated with, comprehensively sanctioned jurisdictions.** While the RMI does not issue its own list of prohibited countries, compliance with UN, OFAC, and EU sanctions means that transactions with countries like **North Korea, Iran, Cuba, Syria, and regions or entities subject to targeted sanctions (e.g., certain entities in Russia, Venezuela)** are either prohibited or extremely high-risk and require enhanced due diligence.

The **AML/CTF Act 2018** and related guidance from the RMI FIU will emphasize a risk-based approach, where transactions originating from or destined for high-risk jurisdictions are subject to enhanced scrutiny.

**Administrative Penalties:** The FIU or other supervisory authorities can impose fines, directives, and other administrative measures on financial institutions and their employees for failures in AML/CTF and sanctions compliance. These can include:

Orders to cease and desist from specific activities.

Suspension or revocation of licenses for VASPs.

**Criminal Penalties:** Individuals found guilty of offenses under the Act, including aiding or abetting money laundering or terrorism financing (which includes violations of sanctions aimed at preventing these crimes), can face:

Imprisonment for substantial terms (e.g., up to 20 years for serious offenses).

For VASPs, corporate liability can also lead to substantial fines and operational restrictions.

*Reference:* Specific penalty provisions would be found in the "Offences" and "Penalties" sections of the AML/CTF Act 2018.

**Limited Public Enforcement Record:** The Marshall Islands is a smaller jurisdiction. While it has laws related to financial activities and anti-money laundering (AML) / combating the financing of terrorism (CFT), and has even explored innovative digital asset legislation (like the controversial Digital Assets Act of 2018 to create a sovereign digital currency, the SOV, which has largely stalled due to international pressure), its financial regulatory bodies do not have a robust public record of enforcement actions, particularly for complex and high-profile cryptocurrency cases, in the same way major financial hubs (like the US, UK, or EU) do.

**Role as a Corporate Registry:** Many cryptocurrency companies choose to incorporate in the Marshall Islands due to its flexible corporate registry (the Marshall Islands Trust Company Complex, or RMI-TCC). However, their *primary operations* and therefore *primary regulatory oversight and enforcement actions* often come from the jurisdictions where they primarily conduct business or where their customers are located, rather than from the RMI itself. For example, a company registered in RMI might face enforcement from the U.S. SEC or DOJ for activities impacting U.S. persons.

**Relevant Regulatory Bodies (without specific public crypto enforcement actions):**

**Office of the Banking Commissioner (OBC):** Responsible for regulating financial institutions.

**Financial Intelligence Unit (FIU):** Deals with AML/CFT matters and suspicious transaction reports. They would investigate financial crimes, but their enforcement actions are typically less public than those of a securities regulator.

**Marshall Islands Trust Company Complex (RMI-TCC):** While not a financial regulator in the traditional sense, it manages the corporate registry and could delist companies for non-compliance with corporate laws.

**Office of the Banking Commissioner (OBC):** There isn't a dedicated, robust public website for the OBC with enforcement logs like in larger jurisdictions. Information is often found within government reports or legal frameworks.

**Marshall Islands Financial Intelligence Unit (FIU):**

RMI FIU Website (Primarily focuses on AML/CFT guidance and national risk assessments, not individual enforcement case details.)

RMI Registry Website (This is for corporate registration, not financial regulation or enforcement actions.)