Virtual assets including cryptocurrencies, and virtual asset activities, continue to gain in prominence, as confidence in the underlying technology increases, supported by a growing distrust in traditional systems. Trinidad and Tobago (‘T&T’) has recently formalised its attempt to begin regulation of the virtual asset sector, with the recent passage of the Virtual Assets and Virtual Asset Service Providers Act, Act No. 12 of 2025 (the ‘VASP Act’), which was assented to on 23 December 2025.
The VASP Act regulates the conduct of business concerning virtual assets and virtual asset service providers in T&T. It introduces a number of amendments to the regulatory framework that was previously proposed by the Virtual Assets and Virtual Assets Service Providers Bill, 2025 (the ‘Bill’).
Virtual assets are defined in the VASP Act as a digital representation of value which may be digitally traded, transferred or used for payment or investment purposes, but does not include the digital representation of fiat currencies, securities or other financial assets that are covered under any other written law.
Unlike fiat currency or electronic money, virtual assets are neither issued nor guaranteed by any jurisdiction. They operate using blockchain technology or distributed ledger technology which facilitate peer-to-peer transactions. While virtual assets encourage financial inclusion and reduce transaction costs, its anonymity and borderless nature create enhanced risks and render them as being quite susceptible to money laundering, fraud and the financing of terrorist activities.
The VASP Act maintains the regulation of the business of “virtual asset activities”. In particular, under the VASP Act, the conducting, on behalf of another person, of “virtual asset activities” as a business in or from within T&T, is prohibited, unless one of the following two conditions are satisfied:
• The T&T Securities and Exchange Commission (the ‘TTSEC’) grants authorisation to such a business under the VASP Act; or
• The person conducting the business of virtual asset activities on behalf of another person, holds a licence referred to as a Certificate of Acceptance, to operate in a regulatory sandbox.
The business of virtual asset activities is defined in the VASP Act as including the conduct of one or more of the following activities, for or on behalf of another person:
—The exchange between virtual assets and fiat currencies;
—The exchange between one or more forms of virtual assets;
—The transfer of virtual assets;
—The safekeeping or administration of virtual assets or instruments enabling control over virtual assets;
—The participation in and provision of financial services related to an offer of an issuer or sale of a virtual asset; and
—Such other activity as may be prescribed.
What is critical to note is that the VASP Act prohibits the TTSEC from granting authorisation to any person in respect of operating a business in virtual asset activities, until the end of 2026 ( December 31, 2026). This represents a shift away from the initially proposed December 31, 2027 date.
Further to note is that any licence or certificate of registration that was previously issued under any written law prior to the VASP Act would not be valid to permit the regulated virtual asset activities outlined above.
This is particularly important to note as, although T&T has not previously passed legislation aimed at regulated virtual assets and virtual asset providers, T&T attempted to exert some form of supervisory control over virtual technologies by adopting a generous interpretation to general legislative provisions under the Financial Institutions Act, the Securities Act, and the Central Bank Act.
The VASP Act expressly clarifies that persons who merely hold virtual assets may transact for their own account, provided such activity is not conducted as a business or on behalf of another person. The VASP Act states that nothing shall prevent a person who owns a virtual asset from purchasing goods or services using the virtual asset, or from buying a virtual asset from another person or selling a virtual asset which they own, to another person. However, such activity must not be conducted as a business or on behalf of another person.
Any person who, prior to the commencement of the VASP Act, carried on the business of a virtual asset provider, is required to notify the TTSEC, within one month of the VASP Act’s commencement, that it carries on such business.
Within three months of the commencement of the VASP Act, the person is required to cease the virtual asset activity. After the three month period ends, the person will be required to notify the TTSEC within 14 days that the virtual asset activity has ceased. This is subject, of course, to any authorisation under the VASP Act to conduct any permitted activities.
A person who fails to comply, or who knowingly or recklessly makes a false or misleading statement in relation to any document to be submitted to the TTSEC, commits an offence and will be liable to a fine and to imprisonment.
Notifications must be submitted in the form and manner to be prescribed by the TTSEC.
A significant development in the VASP Act, when compared to the Bill, is the creation of a regulatory sandbox. The sandbox will be administered by the TTSEC and authorises virtual asset service providers that were operating prior to the commencement of the VASP Act, to be conducted under certain conditions, and for the duration of the period before the TTSEC grants full authorisation after the end of 2026, subject to receipt of a Certificate of Acceptance. One activity in particular, would not be authorised to be conducted in the regulatory sandbox; that of the safekeeping or administration of virtual assets or instruments enabling control over virtual assets.
Eligible virtual asset service providers that were operating prior to the commencement of the VASP Act may apply for a Certificate of Acceptance to use the Regulatory Sandbox, but certain legislative criteria must be satisfied in order to do so.
This “sandbox licence” approach reflects the approach taken by both the Bahamas and the Cayman Islands, both of which possess regimes that prioritise regulation, but not at the expense of innovation and development of the industry.
The VASP Act requires regulated persons to demonstrate a readiness to comply with AML/CFT/CPF measures, including targeted financial sanction obligations under the Economic Sanctions Act or other related law supervised by the TTSEC, as well as ongoing AML/CFT/CPF compliance.
Under the VASP Act, unless authorised by the TTSEC, there is now a statutory prohibition on advertising, inviting the public to participate in any virtual asset activities with that person or any other person.
The Virtual Assets and Virtual Asset Service Providers (Forms and Fees) Regulations 2025 (the ‘VASP Regulations’), which provides the procedural framework for compliance with the VASP Act, were also recently passed.
The VASP Regulations contain the official forms that entities and individuals must complete and submit to the TTSEC. Schedule 1 of the regulations provides forms for the requisite statutory notices namely:
• A declaration of an existing virtual asset service provider business;
• A notice of cessation of an existing virtual asset service provider business;
• The application form for a Certificate of Acceptance to operate within a Regulatory Sandbox; and
• The form of the Certificate of Acceptance itself.
Schedule 2 sets out the statutory fees payable. Applicants must pay $10,000 upon submission of an application to participate in the Regulatory Sandbox and $20,000 upon approval and issuance of a Certificate of Acceptance.
As a consequence of the VASP Act, amendments to related legislation, namely the Proceeds of Crime Act, Chap. 11:27, the Anti-Terrorism Act, Chap. 12:07, the Counter-Proliferation Financing Act, No. 8 of 2025, the Financial Intelligence Unit of Trinidad and Tobago Act, Chap. 72:01, and the Securities Act, Chap. 83:02 were required to be made, and were so made.
T&T has proceeded with its incorporation of a virtual asset and virtual asset service provider regulatory framework due to increased concern of criminal exploitation. In the Financial Action Task Force (the FATF)’s most recent targeted update on the global implementation of AML/CFT measures to virtual assets and virtual asset service providers, it noted that stronger action was needed to safeguard the integrity of the international financial system, as regulatory failures in one jurisdiction could have global consequences.
The report notes that the use of stablecoins a form of cryptocurrency, by various illicit actors, terrorist financiers, and drug traffickers, has continued to increase. Indeed, during 2025, the largest single virtual asset theft in history occurred, with US$1.46 billion being stolen from the virtual asset service provider ByBit.
With only 3.8 per cent of the stolen funds being recovered, there is also a need to address asset recovery challenges and improve international co-operation. The FATF also noted that there has been a significant uptick in the use of virtual assets in fraud and scams, with one industry participant estimating that there was approximately US$51 billion in illicit onchain activity relating to fraud and scams in 2024.
Notwithstanding the significant level of risk in virtual assets and its related business, it facilitates easier, faster and more economical payment, provide alternative methods for payment in circumstances where persons do not have access to regular financial products, and act as a potential hedge against economic volatility.
Disclaimer: This column contains general information on legal topics and does not constitute legal advice.
