(1) A licensee shall place in escrow, with a registered trust company or with an entity or person whose business is the provision of trust or custodial services, assets to discharge financial obligations to clients of the licensee and such assets must be equivalent to a minimum of 15% of the total value of client funds held by a licensee.
(2) A licensee shall, on the approval of the Authority and subject to terms and conditions satisfactory to the Authority, lodge any software source code and associated materials supporting the virtual asset business with a software escrow agent.
(3) Subject to the requirements of section 5, a licensee shall write to the Authority for approval of any changes in the business of the licensee, including the —
(a) name of any director, officer, principal representative or significant shareholder;
(b) nature and scope of the virtual asset business; and
(c) address and contact information of the registered office and any other place of business in and outside Saint Lucia.
(4) A licensee who fails to comply with a requirement imposed under subsection (2) or (3) is liable to a penalty of $5,000.
(5) A licensee shall submit to the Authority quarterly reports providing —
(a) the number of accounts held by the licensee;
(b) the value of the accounts held by the licensee; and
(c) a statement of the assets held in escrow.
(6) A licensee shall —
(a) maintain adequate accounting records and prepare financial statements in respect of each financial year in accordance with the International Financial Reporting Standards;
(b) keep a copy of accounting records and financial statements at its place of business in Saint Lucia.
(7) A licensee shall implement and maintain policies for the virtual asset business —
(a) to comply with the Data Protection Act and to ensure that the collection, storage, use and disclosure of personal information of a client is —
(i) legitimate and for purposes related to the business of the licensee,
(ii) protected from unauthorized access, and
(iii) kept confidential;
(b) to protect the operations of the licensee and personal information collected and stored by the licensee from cyber threats.
(8) A licensee shall —
(a) communicate information on its website or in any publication made available to the public regarding the virtual asset business in a complete and comprehensible manner, so a client can evaluate the features, costs and risks of the virtual asset business that the licensee offers or operates; and
(b) where there are any changes to the information communicated under paragraph (a), reflect the change or issue a notice of the change within 7 days using the same medium used to communicate the information under paragraph (a).
(9) A licensee shall not, directly or indirectly, make a false or misleading declaration or omit to disclose a material fact for the purpose of gaining or retaining a client.
(10) A licensee who contravenes subsection (9) is liable on summary conviction to a fine not exceeding $10,000 and imprisonment for a term not exceeding 2 years.