iStock.com / a taiga
Cayman’s anti-money laundering regime has been updated to take into account the recommendations of the Financial Action Task Force. Sailaja Alla at Appleby explains the implications of the changes.
In keeping with the high standards and robust reputation of the Cayman Islands financial services industry, the regulatory framework has been updated to close the gaps that remained between Cayman’s existing anti-money laundering (AML) regime and the recommendations of the Financial Action Task Force (FATF) on the prevention of money laundering and the countering of terrorist financing (CTF).
At first glance, the updated AML/CTF regime looks to be a comprehensive overhaul of the entire regime, but thankfully this is not the case. Many of the changes, although now codified in the Cayman Islands, are not really new per se. The market trend in recent years has been to adopt a risk-based approach, apply enhanced customer due diligence (CDD) when appropriate, apply AML/CTF procedures to unregulated funds (even though they were out of scope) and conduct CDD on beneficial owners.
In addition, a regulated investment fund continues to be able to comply with its AML/CTF obligations by delegation to and reliance on a suitable party (including the roles of AML compliance officer, money laundering reporting officer and deputy money laundering reporting officer). Therefore, many entities conducting relevant financial business will already be compliant with the new Anti-Money Laundering Regulations, 2017.
There are several key changes under the new AML Regulations.
Relevant financial business
The scope of the AML/CTF regime is defined by reference to “relevant financial business”. This continues to be the case, but the term is now defined by reference to the Proceeds of Crime Law (2017 Revision) (POCL) instead of the AML Regulations, with the definition of “relevant financial business” now including: (i) “Otherwise investing, administering or managing funds or money on behalf of other persons”; and (ii) “Underwriting and placement of life insurance and other investment related insurance”.
While the expanded definition continues to cover the traditional financial service providers such as regulated mutual funds, trusts business and banking business, it now brings unregulated investment entities (specifically, private equity funds), insurance entities and finance vehicles such as collateralised loan obligations within the scope of the AML Regulations.
The requirements relating to maintaining client identification and verification procedures, reporting of suspicious activity, internal control procedures, staff training, appointing a money laundering reporting officer and AML compliance officer remain.
The AML Regulations introduce the following additional requirements:
- Designating a deputy money laundering reporting officer;
- Screening employees when hiring to ensure high standards;
- Adopting a risk-based approach (see below); and
- Checking against all applicable sanctions lists and observing the list of countries, published by any competent authority, which are non-compliant, or do not sufficiently comply with the FATF recommendations.
The AML Regulations introduce a risk-based approach, including the requirement that a person carrying out relevant financial business must conduct a business risk assessment of products, services, transactions, delivery channels or new or developing technology risks to identify, assess, and understand its AML/CTF risks in relation to its customers and the country or geographic area in which the customer resides or operates. Risk assessments must be documented, monitored and kept current and must also incorporate policies and procedures approved by senior management which enable such persons to manage and mitigate any risks identified.
The risk-based approach leads to simplified or enhanced CDD procedures being applicable depending on whether lower or higher risks, respectively, are identified.
Simplified due diligence
On the application of a business risk assessment, where a customer relationship has been assessed as lower risk, persons conducting relevant financial business are permitted to apply simplified CDD procedures. Lower risk customers are required to be identified, but verification documents are not necessary.
Any assessment of lower risk by a financial services provider has to be consistent with the findings of the AML Steering Committee (a body created under the POCL) or any other supervisory authority.
Customers to which simplified CDD may be applied include the following:
- Cayman Islands entities that are financial services providers and subject to the AML Regulations;
- Government organisations, statutory bodies or government agencies of foreign countries and territories which are recognised by the Cayman Islands as having an equivalent AML/CTF regime (Approved Countries);
- Entities which are regulated in an Approved Country;
- Companies listed on a recognised stock exchange; and
- Customers introduced through an intermediary (eligible introducer), when such eligible introducer provides detailed written assurances with respect to CDD on the customers.
The commonly used exemption to CDD applicable to electronic payments (where a transaction is funded from a bank account in the name of the customer in an Approved Country) survives only partially under the AML Regulations. The AML Regulations now require basic customer details to be obtained upon receipt of payment, but verification of CDD to be obtained before onward payment.
Enhanced due diligence
On the application of a business risk assessment, where a customer relationship has been assessed as higher risk, persons conducting relevant financial business are required to apply enhanced CDD procedures (ie, beyond standard CDD).
Enhanced CDD must also be applied to politically exposed persons (PEPs) and their family members and close associates, or where a customer or an applicant for business is from a foreign country that has been identified by credible sources as having serious deficiencies in its AML/CTF regime or a prevalence of corruption.
Examples of enhanced CDD measures include, among other things, obtaining additional information on the customer, the intended nature of the business relationship and the source of funds and also updating such information more frequently.
The AML Regulations contain specific requirements to identify beneficial owners and legal arrangements and to apply a risk-based approach to conducting CDD on existing relationships.
The list of Approved Countries is no longer maintained as a schedule to the AML Regulations (previously referred to as schedule 3), but is now approved by the AML Steering Committee and can therefore be amended without the need to pass formal legislation.
Increase in penalties
Any person who breaches the AML Regulations commits an offence and is liable on summary conviction to a fine of up to CI$500,000 (a substantial increase from CI$5,000 under the previous regulations) or on conviction on indictment to a fine (which is unlimited) and imprisonment for two years.
In addition, the Cayman Islands Monetary Authority (CIMA) has the power to impose administrative fines for non-compliance.The fines range from CI$5,000 for minor breaches to CI$100,000 (for individuals) and CI$1,000,000 (for entities) for very serious breaches. Fines for ongoing minor breaches can be applied on a continuous basis up to a maximum of CI$20,000. CIMA will have six months from becoming aware of a minor breach to impose a fine. The time limit is two years for breaches described as serious or very serious.
Existing AML/CTF policies and procedures or any delegation/reliance arrangements should be reviewed to ensure that they are consistent with the new requirements. Entities that are now subject to the AML Regulations for the first time will need to implement appropriate procedures or adopt a delegation/reliance arrangement.
Sailaja Alla is a partner within the corporate department of Appleby in Cayman.
She can be contacted at: email@example.com
Cayman, money laundering, Appleby, regulation, Financial Action Task Force