← Back to Insights

Bermuda regulatory update Q1 2024

09 April 2024

Our latest report on Bermuda will bring you up to speed on relevant updates and regulatory developments that took place during the first quarter of the year.

BMA - Financial sanctions updates (International Sanctions - BMA)

  • Financial sanctions updates have been published by the BMA for: Democratic People’s Republic of Korea; ISIL (Da’esh); Al-Qaida; Bosnia and Herzegovina; Belarus; Russia; Counter-Terrorism International; Iran; Myanmar; Global Human Rights; Democratic Republic of the Congo; Central African Republic; Yemen; Counter-terrorism (domestic); Cyber sanctions

BMA – Digital asset business updates

  • The following content has been added to the BMA’s website for Digital Asset Business (Digital Asset Business - BMA):
    • Digital Asset Business - Operational Cyber Risk Management - Code of Practice
    • Digital Asset Business - Code of Practice (February 2024)
    • Digital Asset Custody - Code of Practice (2024)
    • Cyber Risk Annual Return
  • The BMA has invited stakeholders to contribute their views on the proposals for the draft Digital Asset Business (Custody of Client Assets) Rules 2024 (see Digital Asset - Discussion/Consultation Papers - BMA).
  • Stakeholders should send comments to the BMA via the survey link below no later than the close of business on April 30 2024 (https://www.surveymonkey.com/r/3JJGRWK).

The Registrar of Companies (Annual Corporate Regulatory Fees) Act 2024 and The Registrar of Companies (Annual Corporate Regulatory Fees) (No. 2) Act 2024 (https://www.bermudalaws.bm)

  • All entities, including exempted, local, and overseas entities, must pay annual corporate regulatory fees to the Registrar of Companies, effective from February 9 2024.
  • The corporate regulatory fee for local companies will be $150, and the fee for exempted and permit companies will be $500.
  • These fees are required to offset costs associated with the need to expand the role of the Registrar of Companies to include regulatory, supervisory, and compliance oversight duties to meet the demand for greater scrutiny of these entities from international regulatory bodies, including the European Union (“EU”), the Organisation for Economic Co-operation and Development (“OECD”), the Financial Action Task Force (“FATF”), the Caribbean Financial Action Task Force (“CFATF”), and the International Monetary Fund (“IMF”), in relation to entities registered in Bermuda .
  • The Registrar of Companies (Annual Corporate Regulatory Fees) (No. 2) Act 2024 provides details on where these new fees will be referred to in the Companies Act 1981, the Limited Liability Company Act 2016, the Government Fees Regulations 1976, the Limited Partnership Act 1883, the Exempted Partnerships Act 1992, and the Overseas Partnerships Act 1995.

Personal Information Protection Act (“PIPA”)

  • The “Guide to PIPA” was recently published on the Office of the Privacy Commissioner’s website (see Guide to PIPA | PrivComBermuda (privacy.bm)
  • During a seminar  held by the Office of the Privacy Commissioner on March 8  2024, it was strongly suggested that entities read and follow the “Road to PIPA” on their website, which includes checklists, tools, guidelines, training videos, etc. (see  Road to PIPA 2024 | PrivComBermuda (privacy.bm))
  • If entities follow the steps and guidance provided on the website, they should not have any issues with implementing PIPA for their organisations by January 1 2025.
  • Some other key points from the seminar include the following:
    • PIPA applies to every organisation that uses personal information in Bermuda and includes information on individuals, regardless of where they live (i.e., it includes individuals who do not live in Bermuda).
    • A Privacy Committee will need to be implemented for each organisation that uses personal information in Bermuda.
    • If personal information is being used or held by third party intermediaries, the organisation that has the contract or agreement with the client/customer is still ultimately responsible for compliance with the Act, as well as any issues with personal data and keeping that data safe.
    • The Privacy Commission has tried to ensure that the requirements of the Act are in line with international standards, so there shouldn’t be any issues with third party engagement with international organisations.
    • Requirements for personal information to be provided should be proportionate to the purpose of the collection, use, and storage of the information.
    • Entities must have appropriate controls for the security of the information, which should be proportionate to the level of possible harm, if this information were to be leaked, for example.
    • Entities are limited to the original purpose of the use of the personal information, unless there is a rationale for another use (e.g., if it is required by law), or consent is received from the individual for another use of their personal information.
    • Consent for use of personal information can legally be withdrawn by an individual in many circumstances.
    • Individuals also have the right to block the use of their personal information (e.g., to avoid seeing certain ads on websites) and request entities to erase their personal information, with some exceptions (e.g. criminal records cannot be erased).
    • The role of The Office of the Privacy Commissioner, as a regulator, is to assist organisations with any issues that they encounter; to provide constructive feedback and advice, including for remediation (e.g., for data breaches) and to investigate any complaints from the public regarding their personal information.
    • The Office of the Privacy Commissioner will hold a total of 4 major events this year, as well as a few smaller online sessions.

National Anti-Money Laundering Committee (“NAMLC”) Bermuda updates 

(Office of the National Anti-Money Laundering Committee | Government of Bermuda (www.gov.bm) 

  • In 2023, the NAMLC commenced an ML and TF risk assessment in relation to the digital asset business as well as in relation to legal persons. 
  • The results of this assessment will hopefully be issued in early 2024.

Deadlines for Q2 2024: 

  • BMA: April 30 2024 - Statement of Compliance for all Apex regulated entities in Bermuda (AFSL, AIFSL and ACSL) 
  • BMA: April 30 2024 - Filing of Audited Financials (for AFSL)
  • BMA: April 30 2024 - Management Accounts Filings (Unaudited Financials) for AIFSL and ACSL
  • BMA: Date TBD - AML/ATF Data Call (for AFSL, AIFSL and ACSL) 
  • Bermuda Stock Exchange (BSX): April 30 2024 - Filing of Audited Financials (for AFSL)
  • Ministry of Finance: May 31 2024 - CRS Filings
  • BMA: June 30 2024 - Statement of Compliance for Designated Funds, Registered Funds, Standard, Institutional Funds, Administered Funds and Specified Jurisdiction Funds (for funds whose year-end is December 31t
  • Registrar of Companies (“RoC”): June 30 2024 - Economic Substance Declarations (for funds whose year-end is December 31)
  • Ministry of Finance: June 30 2024 - Annual filing regarding the plan to train and hire Bermudians



Get in touch with our team

Contact Us