On 29 August 2025, the Bermuda Monetary Authority (BMA) issued a Consultation Paper (CP) regarding a new proposed Payment Services Act (PSA). The PSA is proposed to replace the Money Service Business Act 2016 and will introduce a tiered, risk-based licensing framework and three distinct activity categories: Digital Facility Providers (DFPs), Payment-Handling Providers (PHPs) and Payment Technology Providers (PTPs).
Our Bermuda office participated in the consultation. On 19 November 2025, the BMA published a Dear Stakeholder Letter, summarising the feedback received on the consultation paper and the BMA's responses. This advisory summarises the 19 November paper, our views and the next steps.
Scope
In the CP, a DFP was proposed to be defined as:
'any undertaking that issues, maintains and administers a payment facility to end users by receiving funds (stored electronically or on a physical device) used for making payments, transferring funds or withdrawing stored funds at a future point in time, including:
- Issuing or redeeming stablecoins
- Custodial wallet services solely related to a stablecoin issuer’s own stablecoin: in this context, any undertaking that would like to provide custody to third-party stablecoins, or any other digital asset, should seek a digital asset business licence
- Issuing of payment instruments
- Cashing cheques made payable to customers and guaranteeing cheques
- Issuing, selling or redeeming drafts, money orders or traveller’s cheques for funds
- Operatig a bureau de change'
In our feedback we raised concerns about stablecoin issuance and custody falling under two licensing regimes, being the PSA and the Digital Asset Business Act 2018 (DABA). The BMA has responded to such feedback noting:
'One stakeholder queried whether consolidating permissions under DABA might provide a more streamlined approach, noting potential inefficiencies in having similar activities regulated under different frameworks. Stakeholders observed that operating across both regimes could involve some complexity in compliance. Some respondents noted that additional guidance may help distinguish between various stablecoin purposes. Industry feedback also emphasised the importance of international alignment, particularly with emerging global standards for stablecoin regulation being developed by the Financial Stability Board and other international bodies.'
In the response to feedback, the BMA has confirmed that it will maintain a functional perimeter designed to ensure clarity and coherence between the PASA and DABA frameworks, while minimising unnecessary overlap. Additionally stablecoin issuers will be able to choose the appropriate licensing pathway either under the PSA or DABA, depending on the nature of their business model and activities. For entities already licensed under DABA, the issuance of stablecoins for which they are presently licensed will not require an additional PSA licence.
With respect to custody activities, the Authority clarifies the custody permitted under the Digital Facility Provider (DFP) category will be limited to the custody of the DFP's own stablecoins and will not extend to other stablecoins or unrelated digital assets.
The BMA 's view is that fiat redeemable stablecoins present a distinct risk profile that aligns closely with traditional payment instruments, particularly in terms of redemption guarantees, reserve management and integration with conventional payment systems. According to the BMA, this distinction reflects stablecoin's functional role within payment systems and supports international regulatory practices. The BMA has determined that separating fiat-backed stablecoin activities from other token-issuance models more accurately accounts for their payment-centric characteristics and specific risks.
The BMA is proposing a pathway for already licensed entities to issue stablecoins under DABA without the need to obtain a separate licence under the PSA, which is welcomed. The BMA has confirmed that custody of third-party assets will remain regulated under DABA. So, for any stablecoin issuer also proposing custody of third party assets, the appropriate licensing pathway for such business models will remain under DABA. From a DABA perspective, the definition of what constitutes 'custody' is set out in the Digital Assets Custody Code of Practice and, in the context of stablecoin issuers, its expectations around the safeguarding of stablecoin reserve assets is set out in the BMA's Guidance on Single-Currency Pegged Stablecoins.
AI Payments Hub
An AI Payments Hub will be introduced as a pre-licensing collaborative environment to test AI-driven and programmable payment models, including DeFi-adjacent use cases. The AI Payments Hub mandate is proposed to include testing protocols for AI and programmable payments, conducting supervised pilots, and sharing information with participants. In the spirit of continuous and responsible innovation, the Hub is also expected to explore dispute resolution and redressal models for on-chain payments.
Payment Handling Providers
The BMA has confirmed that the definition of PHP will be further refined to ensure that the regime remains risk-based, proportionate and clearly delineated from activities already regulated under the DABA or other frameworks. The current proposed definition is as follows: 'Payment Handling Provider" means a person or undertaking that receives or manages funds for the purpose of effecting payment transactions, including activities such as the transfer, execution or settlement of payments on behalf of users.'
Payment Technology Providers
The Dear Stakeholder Letter acknowledged feedback from us (and potentially others) that AML obligations might not be necessary for PTPs. However, the BMA's stakeholder letter does not confirm whether PTPs will be carved out of the definition of "Regulated Financial Institution" under Section 42A of the Proceeds of Crime Act 1997. If this is not carved out, our view is that technology providers would need to implement full AML/ATF policies and procedures, despite being a technology provider in the chain only which we assume is not the intention.
The BMA has updated the definition previously included such that PTP will mean 'an undertaking who provides technological services which exercise direct or indirect control over the initiation, authorisation or routing of a payment transaction, other than the sole provision of communication or messaging infrastructure.'
Class F-PG licence
The BMA will introduce a distinct Class PG licence, which will be expressly restricted from conducting retail activity. This decision reflects the BMA's recognition that wholesale payment services present different risk profiles and therefore requires a tailored regulatory approach that is distinct from retail-focused operations.
Class F-R licence
The BMA intends to establish Class R as a separate licence class, to facilitate cross-border operations where home-state standards are equivalent.
Next steps
The BMA intends to proceed with the next steps of introducing the PSA. If your business is likely to be impacted, reach out to Bermuda's only dedicated Regulatory & Risk practice. Key contacts are listed below.
