New anti-money laundering regulations have been adopted in the Cayman Islands which, from May 31, 2018, will apply to unregulated investment entities as well as regulated funds and more traditional financial services providers. The obligations and penalties imposed by the new Regulations have been expanded. The Cayman Islands is committed to meeting global anti-money laundering and counter-terrorist financing standards.
The Anti-Money Laundering Regulations, 2017, came into force in the Cayman Islands on Oct. 2, 2017, replacing the Money Laundering Regulations (2015 Revision). The adoption of the Regulations is the latest step in a program of enhancement of Cayman’s anti-money laundering (AML) and countering the financing of terrorism (CFT) legislative framework, aimed at aligning the AML/CFT regime with the revised Financial Action Task Force (FATF) Recommendations.
Main changes introduced by the regulations
The revisions introduced by the Regulations represent an extension and enhancement of the previous AML regime, as set out in the money laundering regulations, rather than an overhaul. The main changes are summarized below:
The Regulations apply to persons carrying out “relevant financial business” (RFB). RFB was previously defined by the MLRs but is now defined by the Proceeds of Crime Law (2017 Revision) (the PCL) and the definition has been extended with the result that the Cayman AML regime now applies to a broader range of Cayman Islands entities. The definition of RFB continues to encompass traditional financial services providers (FSPs) which were covered by the MLRs; including banking business, trusts business and the business of a regulated mutual fund. However, RFB now includes the business activities of:
otherwise investing, administering or managing funds or money on behalf of other persons; and
underwriting and placement of life insurance and other investment related insurance.
As a result, unregulated investment entities, specifically private equity funds whose investment activities did not fall within the previous definition of RFB under the MLRs, will now clearly be in-scope of the Regulations and Cayman’s AML regime.
It should be noted, however, that as a consequence of an amendment to the Regulations, entities which fall within scope of the Regulations under one of the two new categories of RFB activities listed above are not required to comply with the AML obligations imposed by the Regulations until May 31, 2018.
The mandatory AML procedures relating to client identification and verification (KYC), record keeping, internal and external reporting, internal control and communication procedures and employee training and awareness remain, but are supplemented by the following additional procedures:
application of a risk-based approach (see below) to monitor financial activities, together with adequate systems to identify risk (including checks against all applicable sanctions lists) and the adoption of risk management procedures;
observance with the list of countries which are non-compliant, or which do not sufficiently comply with the recommendations of the FATF;
procedures to screen employees to ensure high standards when hiring; and
designating a Deputy Money Laundering Reporting Officer, in addition to the Money Laundering Reporting Officer and Compliance Officer (now titled the Anti-Money Laundering Compliance Officer).
The Regulations require persons conducting RFB to adopt a risk-based approach to AML. This means that FSPs must identify, assess and understand the money laundering and terrorist financing risks applicable to them in relation to their customers, the countries or geographic areas from which the customers operate or reside in and the products, services, transactions and delivery channels involved. Risk assessments must be documented, monitored and kept current and must also incorporate policies and procedures approved by senior management which enable that person to manage and mitigate any risks identified.
The risk-based approach then leads to simplified or enhanced customer due diligence procedures being applicable depending on whether lower or higher risks, respectively, are identified. However, a finding that there is a low level of risk cannot be made unilaterally by the relevant FSP. Instead, a determination as to the level of risk is only valid if it is consistent with the most recently issued findings of the Cayman Islands Monetary Authority (CIMA), or any national risk assessment report of the Anti-Money Laundering Steering Group.
Customer due diligence
The requirements relating to customer identification procedures, or CDD, have been generally extended and clarified as compared to the assistance previously provided by the Guidance Notes on the Prevention and Detection of Money Laundering and Terrorist Financing in the Cayman Islands, issued in August 2015 (the Guidance Notes). In particular:
- a new definition of “beneficial owner” has been adopted, aligning more closely with that used in the FATF Recommendations and corresponding Guidance;
- a new Part VI of the Regulations provides details as to the circumstances in which enhanced due diligence must be carried out;
- a new Part VII sets out additional requirements relating to politically exposed persons and their family members;
- a new Part V provides for simplified customer due diligence (SDD) measures where lower risks have been identified.
Simplified due diligence
The CDD procedures relating to verification of identity are not applicable to certain types of customer, including:
- Cayman Islands entities that are FSPs and, accordingly, subject to the Regulations themselves;
- government agencies, government organizations and statutory bodies of recognized foreign countries;
- entities which are regulated in a recognized foreign country; and – companies listed on a recognized stock exchange.
The exemption to CDD which was applicable to electronic payments under Regulation 8 of the MLRs, where a transaction is to be funded by payment from an account in the name of the customer at a bank regulated in the Cayman Islands or in a recognized foreign country, is still available with some changes. Under the Regulations:
- the customer must still be identified; and
- whilst verification of identity is not required at the time of receipt of the payment, such verification will generally be required before any further onward payment is made.
The ‘eligible introducer’ route to SDD remains available under the Regulations, though a more detailed written assurance must be provided by the introducer whose AML procedures are to be relied upon.
Any contravention of the Regulations constitutes an offence punishable, on summary conviction, to a fine of CI$500,000 (approximately US$600,000) and, on conviction on indictment, to a fine and to imprisonment for two years. This represents a significant increase in the circumstances which constitute an offence and the amount of the fine which may be imposed. In addition, where an offence is committed by an unincorporated entity, body corporate or partnership, the members, directors, partners, managers, secretary or other similar officer of that entity will also commit that offence and be liable accordingly if it is proven that the offence was committed with their consent or connivance, or is attributable to their neglect.
In the future, CIMA will have the power to impose administrative fines in relation to breaches of the Regulations pursuant to the Monetary Authority (Amendment) Law, 2016 and regulations to be made thereunder, neither of which are yet in force. Those administrative fines will be levied according to the categorization of the breach, as minor, serious or very serious, and may be imposed in addition to any fines resulting from a prosecution under the Regulations. We will issue a further update relating to the administrative fines in due course.
Following on from the updated revisions of the PCL and the Regulations recently brought into force, the Guidance Notes are currently in the process of being revised and will be updated in due course. It is anticipated that the replacement Guidance Notes will contain sector specific guidance detailing how the Regulations will apply in practice to those investment entities who find themselves in-scope for the first time.