As of 1st January 2018, Gibraltar will implement a new set of rules intended to regulate firms operating through the use of ‘Distributed Ledger Technology’ (DLT) for storing or transmitting value to others. Any firm fitting this description must apply and seek authorisation from the Gibraltar Financial Services Commission (GFSC) in order to act as a DLT provider. Generally speaking, ICOs are not considered to fall under these rules.

The introduction of this regulatory framework makes Gibraltar the first jurisdiction to officially regulate technological advances. The proposed regulations are expected to apply only to those firms that operate in an unregulated field by using DLT to store or transmit values. Firms that are already regulated under another framework will continue to be so regulated, unless DLT is used in the course of business.

A new set of principles will thus replace the current set of rigid rules. Since the sector is fast-evolving and continuously changing, it was considered that the rules would most probably end up outdated and inadequate.

The framework sets out the following 9 principles which a DLT provider is expected to adhere to:

  1. Carry out business with integrity and honesty.
  2. Put the needs and interests of consumers as a top priority, and act in a fair, clear, and understandable manner. For every transaction being carried out, the provider must disclose to the consumer the risks being taken along with the terms and conditions. Any information disclosed to the consumer must not hide, disguise or diminish any important data, and it must also be presented in a manner which the consumer can understand. Furthermore, the provider must ensure that advertising and marketing follows ethical standards.
  3. Maintain adequate financial and non-financial resources for the business to be run effectively and in a safe manner. For this to be effective, capital levels will be monitored by the GFSC.
  4. Carry out its business effectively with due care and diligence whilst also having proper regard to risks both to its business and consumers.
  5. Have proper arrangements in place to protect and care for consumers’ assets and money when it is the providers’ responsibility. Accurate and well-kept records of transactions must be kept.
  6. Have an effective corporate governance arrangement in place. Providers must have an open and cooperative relationship with the GFSC.
  7. Have a well-kept and updated security protocol. Security access is to be given only to authorised personnel and the system must be constantly updated in order to protect it from new threats and vulnerabilities.
  8. Have in place a system which detects and prevents financial crimes such as money laundering or terrorist funding.
  9. Develop contingency plans for the orderly and solvent winding down of its business should this be required.

The GFSC is expected to publish additional guidance towards the end of 2017.

No such rules are currently in place in Malta but with the Maltese Government’s intention to establish Malta at the forefront of fintech and disruptive technology, it is hoped that the relevant authorities will soon issue some form of guidance or regulation on Blockchain and DLT.

For more information on Blockchain and related areas please contact Dr Ian Gauci on

Disclaimer: This article is not intended to impart advice and readers are asked to seek verification of statements made before acting on them.

Disclaimer This article is not intended to impart legal advice and readers are asked to seek verification of statements made before acting on them.
Skip to content