Seychelles

**Issuing Public Warnings:** Against entities operating without a license or misrepresenting their licensing status in Seychelles, often encompassing investment schemes, forex, and implicitly, crypto-related activities.

**Cease and Desist Orders:** Mandating unauthorized entities to stop operations.

**License Revocations/Suspensions:** For non-compliance within the broader financial services sector, which can indirectly affect entities dealing with virtual assets.

**Enforcement Type: Public Warning & Cease and Desist (against Unlicensed Operation)**

**Regulator Name:** Financial Services Authority (FSA) Seychelles

**Entity Targeted:** Numerous entities falsely claiming to be licensed or operating without proper authorization. While not always explicitly "crypto," many involve fraudulent investment schemes, forex trading, or brokerage services that often interact with digital assets.

**Violation Type:** Operating without a license, misrepresentation of licensing status, unauthorized financial services activities, potential fraud.

**Penalty Amount:** N/A (no monetary fine typically disclosed for these warnings, but the entity is ordered to cease operations and public is warned).

**Date:** Ongoing (multiple such notices issued frequently within the last 3 years).

**Example from 2023:** On March 17, 2023, the FSA issued a Public Warning regarding "Vortex Investment," stating it is not licensed or regulated by the FSA to provide investment services. While not explicitly "crypto," these warnings often cover the broader spectrum of financial services where crypto can be involved.

**Outcome:** Public awareness, cessation of unauthorized activities (if complied), potential further legal action if non-compliant.

FSA Public Notices Page (where such warnings are published): https://www.fsaseychelles.sc/public-notices/

*Specific Example:* A specific public warning from 2023 can be found by navigating the archives. For instance, see notices from March 2023 on the FSA website. (Direct link to one specific, archived warning can be dynamic and change).

**Enforcement Type: License Revocation/Cessation of Activity (for broader financial services that may intersect with virtual assets)**

**Entity Targeted:** Various financial services providers (e.g., International Business Companies, Payment Service Providers, Capital Market Services licensees) that either failed to comply with regulatory requirements or voluntarily surrendered their licenses due to inability to meet new standards (including AML/CFT). While not always explicitly "crypto-VASP" licenses, non-compliance in the broader financial sector can affect entities that provided related services.

**Violation Type:** Non-compliance with regulatory requirements (including AML/CFT), failure to maintain minimum capital, failure to provide required documentation, voluntary surrender of license.

**Penalty Amount:** N/A (the primary "penalty" is the loss of operating license).

**Date:** Ongoing (various revocations and surrenders occur regularly).

**Example from late 2021 (close to 3-year window):** The FSA issued a notice regarding the revocation of the financial services license of **IBANERA Ltd.** in December 2021. While IBANERA was a payment solutions provider, such companies often interact with digital assets. The revocation indicated failure to comply with certain regulatory requirements.

**Outcome:** Entity can no longer operate in Seychelles under that license, removal from public registers, potential liquidation.

FSA Revocations & Cancellations Page: https://www.fsaseychelles.sc/revocations-cancellations/

*Specific Example (IBANERA Ltd):* https://www.fsaseychelles.sc/news-media/news-releases/revocation-of-financial-services-license-ibanera-ltd/ (Dated December 17, 2021)

**An investment of money (or other assets):** A person provides value (e.g., fiat currency, other cryptocurrencies) to an issuer.

**In a common enterprise:** The funds are pooled, and investors' fortunes are linked to the success or failure of the enterprise.

**With an expectation of profit:** The investor anticipates financial gain from their investment.

**Deriving solely or substantially from the efforts of others:** The profit is generated predominantly through the managerial or entrepreneurial efforts of the issuer or a third party, rather than the investor's own efforts.

**Security Tokens:** These are tokens designed from the outset to represent traditional securities such as:

**Shares:** Representing equity ownership in a company (e.g., with voting rights, dividend entitlement).

**Debentures/Bonds:** Representing a debt owed by the issuer (e.g., with interest payments).

**Units in a Collective Investment Scheme:** Representing an interest in a fund or pool of assets managed by others.

**Other Investment Contracts:** Any token structure that meets the four criteria of the Howey-like test, implying an investment with an expectation of profit based on the efforts of others. This includes tokens offering profit-sharing, revenue rights, or other economic benefits linked to the issuer's performance.

**Utility Tokens (that morph into securities):** While initially marketed as providing access to a product or service, a token can be reclassified as a security if:

It is bought with an expectation of future profit from resale.

Its functionality is undeveloped, making it primarily an investment at the point of sale.

Its value is speculative and tied to the success of the issuer's efforts to develop the underlying product/service.

**Payment/Exchange Tokens:** Generally, tokens like Bitcoin (BTC) or Ethereum (ETH) (in their native form, without additional rights or structures) are not considered securities. However, stablecoins or other payment tokens could fall under securities regulation if they embed investment features or represent a claim on underlying assets in a way that constitutes a collective investment scheme.

**Prospectus Requirements:** Issuers must register a prospectus with the FSA before offering securities to the public, providing comprehensive disclosure to potential investors.

**Licensing Requirements:** Persons involved in advising on, dealing in, or arranging deals in securities must be licensed by the FSA (e.g., as securities dealers, investment advisers).

**Ongoing Compliance:** Requirements related to financial reporting, corporate governance, and anti-money laundering (AML) / counter-terrorist financing (CTF) obligations.

**Private placements:** Offerings to a limited number of persons.

**Offerings to sophisticated investors:** Investors meeting specific criteria for financial knowledge and assets.

**Small offerings:** Offerings below a certain monetary threshold.

**Exchange Licensing:** A platform operating as a secondary market for security tokens would likely need to be licensed as a "securities exchange" by the FSA.

**Market Conduct Rules:** Adherence to rules designed to ensure fair, orderly, and transparent markets, including rules on market abuse, insider trading, and price manipulation.

**AML/CTF Compliance:** All regulated financial institutions, including exchanges, are subject to stringent AML/CTF obligations under the Anti-Money Laundering and Countering the Financing of Terrorism Act, 2020. This includes Know Your Customer (KYC) procedures, transaction monitoring, and suspicious activity reporting.

**Issuing Public Warnings/Alerts:** Notifying the public about unregulated entities or scams.

**Cease and Desist Orders:** Directing unauthorized entities to stop their activities.

**Imposing Fines and Penalties:** For breaches of regulatory requirements.

**Revoking/Suspending Licenses:** For licensed entities that fail to comply.

**Prohibiting Individuals:** Barring individuals from working in regulated financial services.

**Referring Cases for Criminal Prosecution:** For serious offenses like fraud or money laundering.

**Financial Services Authority (FSA) Website:**

Available on the FSA's website under "Legislation" or "Acts." You may need to navigate the site. A direct public link for the consolidated act isn't always stable, but it's the core legislation. *Search within FSA site for "Securities Act 2007".*

*Example Search result link (check for latest version):* https://www.fsaseychelles.sc/sites/default/files/2019-10/Securities_Act_2007.pdf (Note: Always verify on the official FSA site for the most current version).

**FSA Guidance on Regulation of Virtual Assets in Seychelles (May 2021):**

**Financial Services Authority Act, 2013:** (Governs the powers and functions of the FSA)

*Search within FSA site for "Financial Services Authority Act 2013".*

Information about the STROMA framework is typically found in FSA press releases, annual reports, or dedicated consultation papers. A specific, consolidated legal document isn't public yet as it's a proposed framework.

**Virtual Asset Service Providers Act, 2022 (VASP Act 2022):** This is the cornerstone legislation specifically regulating VASPs. It mandates licensing, registration, and compliance with AML/CFT obligations for entities engaged in virtual asset services.

**Anti-Money Laundering and Countering the Financing of Terrorism Act, 2020 (AML/CFT Act 2020):** This is the overarching AML/CFT legislation in Seychelles, applying to all designated non-financial businesses and professions (DNFBPs) and financial institutions, which now explicitly includes VASPs. The VASP Act builds upon and references the requirements of this broader AML/CFT Act.

**Financial Intelligence Unit Act, 2006 (as amended):** This Act establishes the Financial Intelligence Unit (FIU) and outlines its powers and responsibilities, including receiving and analyzing suspicious transaction reports.

**Anti-Terrorism Act, 2004 (as amended):** Addresses the financing of terrorism and related offenses.

Exchange between virtual assets and fiat currencies.

Exchange between one or more forms of virtual assets.

Safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets.

Participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.

**Identification and Verification of Customers:**

**Natural Persons:** Obtain and verify identity through reliable, independent source documents, such as name, residential address, date of birth, nationality, and official identification numbers.

**Legal Persons/Arrangements:** Obtain and verify identity information such as name, legal form, proof of existence, powers that regulate the legal person, names of directors/partners, and the address of the registered office or place of business.

**Beneficial Ownership Identification:** Identify and verify the identity of the beneficial owner(s) of the customer. For legal persons, this typically involves identifying individuals who ultimately own or control more than 25% of the entity.

**Purpose and Nature of Business Relationship:** Understand the purpose and intended nature of the business relationship or occasional transaction.

**Ongoing Monitoring:** Continuously monitor the business relationship, including scrutiny of transactions undertaken throughout the course of the relationship, to ensure that the transactions are consistent with the VASP’s knowledge of the customer, their business, and risk profile, including, where necessary, the source of funds.

**Enhanced Due Diligence (EDD):** Apply EDD for higher-risk scenarios, including:

Transactions with Politically Exposed Persons (PEPs).

Business relationships or transactions with persons from high-risk jurisdictions identified by FATF or the domestic AML/CFT framework.

Complex, unusually large transactions, and all unusual patterns of transactions that have no apparent economic or lawful purpose.

Specific virtual asset activities deemed higher risk.

Identifying the source of funds and source of wealth when dealing with higher-risk customers or transactions.

**Reporting Obligation:** A VASP must immediately report to the FIU when it knows, suspects, or has reasonable grounds to suspect that funds or other assets are proceeds of a criminal activity, or are related to terrorist financing, or other money laundering activities.

**No Tipping-Off:** VASPs and their employees are prohibited from disclosing to the customer or third parties that a suspicious transaction report has been or will be made.

**CDD Records:** All records obtained through CDD procedures (e.g., copies of identification documents, account files, business correspondence).

**Transaction Records:** Records of all domestic and international transactions, including the amount, currency, and type of virtual asset, transaction dates, and parties involved.

**STRs:** Copies of all suspicious transaction reports submitted.

**Duration:** Records must generally be kept for a period of **at least five (5) years** after the business relationship has ended or after the date of an occasional transaction.

**Financial Services Authority (FSA) Seychelles:**

**Role:** The FSA is responsible for licensing, supervising, and regulating non-bank financial services providers in Seychelles, including VASPs under the VASP Act 2022. It sets out the regulatory framework, conducts inspections, and enforces compliance with the VASP Act and the broader AML/CFT Act.

**Adopted:** Yes, Seychelles has adopted the FATF standards for VASPs, including the principles of the Travel Rule, through its comprehensive AML/CFT legislative framework.

**Effective Date:** The primary legislation governing this came into force with:

**Threshold:** For transfers of funds (including virtual assets) **equal to or exceeding EUR 1,000 (or its equivalent in other currencies/virtual assets)**, the VASP must obtain and transmit full originator and beneficiary information.

**Below Threshold:** For transfers **below EUR 1,000**, simplified due diligence may apply, but the VASP is still required to obtain and transmit *some* information (e.g., originator's name and account number, beneficiary's name and account number), and monitor for linked transactions that exceed the threshold.

**Originator:** Name, residential address or registered address, official personal document number or customer identification number, date and place of birth (for natural persons), or customer identification number (for legal persons).

**Beneficiary:** Name and account number or unique transaction identifier.

**Transmit Information:** The originator VASP must transmit this information securely, reliably, and on an immediate basis to the beneficiary VASP during or before the transaction.

**Record-Keeping:** Both originator and beneficiary VASPs must retain all required information for a period of **seven years** (as per Regulation 46 of the AML/CFT Regulations 2021) for potential disclosure to authorities like the Financial Intelligence Unit (FIU) or supervisory bodies.

**Risk-Based Approach:** VASPs are expected to implement a risk-based approach to identify and mitigate ML/FT risks, which includes screening transactions and parties for sanctions and suspicious activity.

**Administrative Sanctions:** Imposed by supervisory authorities (e.g., the Financial Services Authority (FSA) for VASPs it licenses/regulates, or the FIU generally). These can range from warnings and directives to impose specific remedial measures, to monetary penalties.

For **corporate bodies (VASPs)**, fines can be substantial, reaching **SCR 10 million (approximately USD 750,000)** or more for serious breaches.

For **individuals (directors, officers, employees)**, fines can also be imposed.

**Imprisonment:** Individuals found guilty of certain AML/CFT offences (e.g., tipping-off, failure to report suspicious transactions, or obstructing investigations) can face terms of imprisonment, potentially up to **15 years**.

**Revocation of License/Registration:** Persistent or severe non-compliance could lead to the revocation of a VASP's license or registration, effectively forcing them to cease operations.

Often available on the Seychelles National Assembly website or the Attorney General's Office portal.

[Example link (may require searching for the latest official version): seychelles.gov.sc (search for "AML CFT Act 2020") or via legal databases.]

[Example link: seychelles.gov.sc (search for "AML CFT Regulations 2021") or via legal databases.]

**Financial Intelligence Unit (FIU) Seychelles:** The central agency for receiving and analyzing Suspicious Transaction Reports (STRs) and for enforcing AML/CFT.

**Requirement for License:** Any person providing "custody or administration of virtual assets or instruments enabling control over virtual assets" as a business in or from Seychelles must obtain a VASP license from the FSA.

**Regulatory Reference:** Virtual Assets Service Providers Act, 2022, Section 5(1).

**Application Requirements:** To obtain a VASP license for custodial services, applicants must satisfy stringent criteria, including:

**Fit and Proper Test:** The applicant, its directors, and senior management must meet "fit and proper" criteria.

**Business Plan:** Submission of a comprehensive business plan detailing operations, strategies, and internal controls.

**Internal Controls:** Adequate internal control systems, accounting systems, and systems for safeguarding virtual assets.

**AML/CFT Compliance:** Robust anti-money laundering (AML) and combating the financing of terrorism (CFT) policies and procedures, in compliance with Seychelles' AML/CFT framework and international standards.

**Risk Management:** Adequate risk management frameworks and internal audit functions.

**Cybersecurity:** Strong cybersecurity and data protection measures.

**Minimum Capital:** Meeting prescribed minimum capital requirements (details usually in subsidiary regulations or FSA directives).

**Local Presence:** Generally, there's a requirement for a physical presence or designated local resident.

**Application Process:** The application process is detailed in the Virtual Assets Service Providers (Application) Regulations, 2023.

**Fees:** Fees for application and annual licensing are prescribed in the Virtual Assets Service Providers (Fees) Regulations, 2023.

**Mandatory Segregation:** A licensed VASP offering custodial services is explicitly required to maintain a clear segregation between the virtual assets of its clients and its own virtual assets. This is a fundamental principle to protect client funds in case of insolvency or operational issues of the VASP.

**Record Keeping:** VASPs must keep proper records for all clients' virtual assets held by them.

The **Virtual Assets Service Providers Act, 2022** does not explicitly mandate specific insurance or bonding requirements for custodians in a standalone section.

However, the Act does require VASPs to have "adequate risk management frameworks and internal audit functions" (Section 7(g)). The FSA, as part of its supervisory powers, may require a VASP to hold professional indemnity insurance or other forms of financial guarantees as part of its ongoing assessment of risk management or "fit and proper" criteria. It is common practice for financial service providers, including custodians, to carry robust insurance coverage to protect against operational risks, cyber risks, and potential losses. The absence of an explicit mandate in the primary Act does not preclude such requirements from being imposed through FSA directives, guidelines, or as part of the licensing conditions based on the nature and scale of operations.

Similar to insurance, the Act focuses on broader principles, requiring VASPs to have:

"appropriate cybersecurity and data protection measures" (Section 7(g)).

"adequate internal control systems, accounting systems and systems for safeguarding virtual assets" (Section 7(d)).

While not explicitly named, the best practice for safeguarding virtual assets, especially large amounts, typically involves a combination of hot and cold storage solutions. The FSA would expect a VASP to implement industry-standard security measures, which would likely include cold storage for a significant portion of client assets, as part of its compliance with the general cybersecurity and asset safeguarding requirements.

The Seychelles VASP Act does not define a separate category of "qualified custodian" distinct from a general VASP that offers custody services.

Instead, any entity that provides "custody or administration of virtual assets or instruments enabling control over virtual assets" as a business is considered a **Virtual Asset Service Provider (VASP)** and must be licensed as such by the FSA. Therefore, a "qualified custodian" in Seychelles' context is effectively a VASP that holds the necessary license and complies with all the requirements of the VASP Act for providing custody services.

While the core legislation is in force, financial regulators typically issue **guidelines, directives, circulars, or additional prudential regulations** over time to provide more detailed instructions, clarify interpretations, or address emerging risks and market developments. It is always possible that the FSA may introduce further specific requirements related to custody (e.g., explicit cold storage percentages, specific insurance types, or more granular capital requirements based on custody volume) through such subsidiary instruments in the future.

However, there isn't any major "pending custody legislation" that would overhaul the existing VASP Act framework currently publicized. The framework itself is quite comprehensive for a relatively new area of regulation.

**Virtual Assets Service Providers Act, 2022:**

**Virtual Assets Service Providers (Application) Regulations, 2023:**

**Virtual Assets Service Providers (Fees) Regulations, 2023:**

**FSA Seychelles Official Website (for general regulatory information):**

**Virtual Asset and Service Providers Act, 2022 (VASPA 2022):** This is the core legislation regulating VASPs in Seychelles, placing explicit obligations on them regarding AML/CFT and sanctions compliance.

**Legal Reference:** Virtual Asset and Service Providers Act, 2022

**Anti-Money Laundering and Countering the Financing of Terrorism Act, 2020 (AML/CFT Act 2020):** This general AML/CFT legislation applies to all designated non-financial businesses and professions (DNFBPs) and financial institutions, including VASPs, requiring them to comply with international standards.

**Legal Reference:** Anti-Money Laundering and Countering the Financing of Terrorism Act, 2020

**United Nations (Anti-Terrorism) Act, 2001 (and related legislation):** This Act provides the legal basis for implementing UN Security Council Resolutions, particularly those related to terrorism financing and proliferation. Seychelles has mechanisms to domestically implement all binding UN sanctions.

**Legal Reference:** United Nations (Anti-Terrorism) Act, 2001

**Financial Services Authority (FSA) and Financial Intelligence Unit (FIU) Guidance:** The FSA, as the primary regulator for VASPs, issues guidelines and directives to ensure compliance. The FIU Seychelles also plays a crucial role in receiving and analyzing suspicious transaction reports.

**Legal Reference:** FSA AML/CFT Framework

**UN Sanctions Compliance (Legally Binding):**

Seychelles is a UN member state and is legally obliged to implement all UN Security Council Resolutions (UNSCRs) imposing sanctions. These resolutions target individuals, entities, and states involved in terrorism, proliferation of weapons of mass destruction (WMD), and other threats to international peace and security (e.g., DPRK, Iran, Libya, Somalia, Sudan, Afghanistan, Yemen, Mali, DRC, Central African Republic, etc.).

VASPs must screen all customers, beneficial owners, and transactions against the **UN Sanctions List** (also known as the Consolidated List) and immediately freeze assets and report any matches to the FIU.

**Legal Reference:** UN Security Council Sanctions Committees website

**OFAC/EU Sanctions Compliance (De Facto Requirement):**

While OFAC (U.S. Department of the Treasury's Office of Foreign Assets Control) and EU sanctions are not directly implemented as Seychelles domestic law, compliance is **critical** for Seychelles VASPs.

**Risk of Secondary Sanctions:** Engaging in transactions with entities or individuals sanctioned by OFAC or the EU can expose the VASP itself, its management, and its partners to significant risks, including secondary sanctions, loss of correspondent banking relationships, de-risking by international financial institutions, and reputational damage.

**International Interoperability:** To operate effectively in the global crypto ecosystem and interface with fiat banking systems, VASPs *must* comply with the robust sanctions regimes of major economic blocs.

VASPs are expected to screen against the **OFAC Specially Designated Nationals (SDN) and Blocked Persons List**, other OFAC sanctions lists, and the **EU Consolidated List of Persons, Groups and Entities Subject to EU Financial Sanctions**.

OFAC Sanctions Programs and Information