AML actions for Cayman financial services providers

Recent amendments to the Cayman Islands Proceeds of Crime Law (2018 Revision) ("POCL") and the Cayman Islands Anti-Money Laundering Regulations (2018 Revision) ("AML Regulations"), have expanded the scope of the existing Cayman Islands' anti-money laundering ("AML") and counter terrorist financing ("CFT") regime. The POCL, AML Regulations and Guidance Notes on the Prevention and Detection of Money Laundering and Terrorist Financing in the Cayman Islands issued on 13 December 2017 (the “Guidance Notes”), together comprise the suite of legislation and guidance which makes up the Cayman Islands anti-money laundering regime (the "Cayman AML Regime").

Broadly, the AML Regulations have introduced a more comprehensive risk-based approach to AML/CFT processes and procedures, including the requirement to appoint designated compliance officers, and have expanded the scope of entities falling within the remit of the Cayman AML Regime.

These changes to the Cayman AML Regime, have been made to enhance the Cayman AML Regime and to ensure that it remains compliant with international best practice including the revised recommendations of the Financial Action Task Force, the international inter-governmental body tasked with setting standards and promoting effective implementation of legal, regulatory and operational measures for combating money laundering, terrorist financing and other related threats to the integrity of the international financial system.

1. Key Updates to the AML Regime

(a) In-scope Entities

One of the most significant developments stemming from these amendments is the broadened scope of entities deemed to be conducting "relevant financial business" and which, accordingly, now fall under the remit of the AML Regulations. The definition of "relevant financial business" has been expanded to include entities which conduct the business of "investing, administering or managing funds or money on behalf or other persons" and "underwriting and placement of life insurance and other investment related insurance in the Cayman Islands". Such in-scope entities are broadly termed "financial service providers" ("FSPs") and are subject to the provisions of the AML Regulations.

Please click here to read our previous note on the AML Regime updates.

Broadly, unregulated (i.e. not regulated by the Cayman Islands Monetary Authority ("CIMA")) investment entities (including potentially private equity, closed ended funds and structured finance vehicles) are likely to also now be considered FSPs.

Regulated FSPs, which continue to be subject to the Cayman anti-money laundering regime and the now in-scope unregulated FSPs, should review existing policies and procedures for compliance in light of the new risk-based approach to anti-money laundering set out in the revised AML Regulations.

Regulated and otherwise CIMA registered FSPs may also notice an increase in the demands by CIMA under their enforcement and monitoring powers. For example, Excluded Persons under Schedule 4 of the Securities Investment Business Law ("SIBL") (a "SIBL Excluded Person"), may have received letters requesting that they provide to CIMA an auditor's report ("Report") on the FSP's anti-money laundering systems and procedures, for compliance with the AML Regulations.

(b) Compliance Officers

i. Appointments

All FSPs must now designate a natural person to act as its Anti-Money Laundering Compliance Officer (AMLCO), Money Laundering Reporting Officer (MLRO) and Deputy Money Laundering Reporting Officer (DMLRO).

These roles must be filled by natural persons, of managerial level, who report to the board of directors (or equivalent) of the FSP; however it is not necessary for these roles to be filled by persons resident in the Cayman Islands.

The roles of MLRO and AMLCO may be performed by the same individual. However, the roles of MLRO and DMLRO may not be performed by the same individual as the DMLRO is intended to substitute for the MLRO during periods of absence.

The Guidance Notes are clear that the roles are intended to be substantive, and that individuals performing these roles must have sufficient independence, seniority, authority and access to the FSP's business information and records.

The qualifications and capacity of an individual to perform their officer duties must also be considered carefully when making these appointments.

Funds should disclose names and contact details of the MLRO, DMLRO and AMLCO within their offering documents.

ii. Filing of Appointments

CIMA has recently announced, by notice dated 24 September 2018, that existing regulated funds must make these appointments by 30 September 2018 but now have until 31 December 2018 to notify CIMA of these appointments.

All new regulated FSPs (i.e. registered or licensed after 1 June 2018) must make such appointments and filings at the time of application for licence/registration.

Unregulated FSPs are not required to file these appointments with CIMA but (other than unregulated funds) must make these appointments by 30 September 2018.

Existing unregulated funds are required to confirm and document their appointments by 31 December 2018, and all new unregulated funds will be required to confirm and document their appointments at the time of launch.

There is currently no charge levied by CIMA to make these filings.

Any changes to appointed MLROs, DMLROs and AMLCOs with respect to regulated FSPs will need to be notified to CIMA via REEFS portal as and when made.

2. Actions for FSPs

i. Classification

An entity which provide financial services should make a determination as to whether it is an FSP including whether it falls within the new classification of carrying on "relevant financial business" for the purposes of the AML Regime, on the basis that its activities include "investing, administering or managing funds or money on behalf of other persons"

Existing entities should have made a determination of their classification and documented such determination by 31 May 2018.

A newly formed entity (i.e. formed after 1 June 2018) should document such classification, if relevant, at the time of its formation.

It is common for such determination to be documented in resolutions, written consents or meeting minutes. The relevant documentation should be provided to the entity's registered office for placement on the minute book.

ii. Compliance Systems, Policies and Procedures

New FSPs should seek to implement, and existing FSPs should review and update their existing AML and CFT compliance systems, policies and procedures.

These systems, policies and procedures should include:

a) Client due diligence requirements and procedures, including identification and verification procedures, enhanced client due diligence requirements and due diligence ongoing monitoring procedures;

b) Adopting a risk-based approach to business acceptance;

c) Policies and procedures to adopt a risk-based approach to combat money laundering/terrorist financing activities including appropriate compliance management arrangements;

d) Conducting sanctions checks as against clients, geographic locations and activities;

e) Internal record keeping and internal, as well as external, reporting procedures;

f) Implementing appropriate employee training and pre-employment screening;

g) Internal controls and independent audit functions to test AML/CTF systems; and

h) Group-wide AML/CFT programmes, if applicable.

iii. Compliance Officer Appointments

As highlighted above, every FSP is required to appoint a natural person to the role of AMLCO, MLRO and DMLRO.

3. Method of Compliance

FSPs should have already chosen one of the two methods available in relation to adopting and maintaining AML/CTF polices and procedures: in-house adoption and maintenance or delegation of the obligations to a suitable service provider.

If in-house adoption and maintenance has been elected, the entity is responsible for implementing and documenting the adoption of the policies, procedures and requirements in compliance with the AML Regime.

If the FSP elects to delegate its obligations under the AML Regime to a service provider, it should carefully consider the proposed outsourcing arrangements, including clear delineation of functions and responsibilities, as well as assess any risks which such delegation may pose.

Where the associated risks cannot be effectively managed and mitigated, the FSP should not enter into the outsourcing arrangement. The FSP should conduct appropriate due diligence on the proposed delegate to ensure that it is fit and proper to perform the delegated function.

It is possible for a FSP to delegate its obligations to a service provider not located in the Cayman Islands. In such case, the standards to which the delegated functions are to be provided must be at least as stringent as those required under the AML Regime, meaning that where the outsourcing arrangement is being operated in a country other than the Cayman Islands where standards are lower, the delegate must adopt the Cayman Islands standards.

It is important to note that despite delegation of its obligations under the AML Regime, the FSP remains ultimately responsible for its compliance with the AML Regime.

4. AML/CFT Audit

An FSP should on a regular basis, and commensurate with the size, nature and complexity of the FSP, conduct an AML/CFT audit.

The purpose of the audit is to assess the FSP's AML/CFT systems, policies and procedures against the AML Regulations and Guidance Notes to monitor compliance with the AML Regime as well as to:

a) measure and review overall integrity and effectiveness of AML/CFT systems and controls;

b) measure and review adequacy of internal policies and procedures with respect to:

i. client due diligence measures;

ii. record keeping and retention;

iii. transaction monitoring; and

iv. third party relationships

c) assess compliance with relevant laws and regulations; and

d) test transactions with emphasis on high-risk areas, products and services.

CIMA's expectation is that such audit will be obtained from an accredited institution in the Cayman Islands or a jurisdiction of equivalent compatibility, as revised from time to time by the Cayman Island Anti-Money Laundering Steering Committee ( An "accredited institution" can be interpreted fairly broadly to include audit firms, law firms and compliance administrators.

5. Further Information

The above is an overview of the new AML Regime applicable to Cayman Islands FSPs. It is not intended to be legal advice.

Collas Crill is able to advise Cayman Islands FSPs as to their Cayman Islands AML/CFT obligations and the steps necessary for compliance with the new AML Regime.

Collas Crill Corporate Services Limited ("CCCS") is a licensed company manager in the Cayman Islands, and is able to provide registered office services to Cayman Islands companies and partnerships. CCCS may assist FSPs, to which it provides registered office services, with their compliance with the new AML Regime.

For assistance with or questions on any of the above matters, please liaise with your usual contact at CCCS or any of the attorneys at Collas Crill.