Head of Ogier Regulatory Consulting Lisa Bowyer and Senior Regulatory Consultant Georgia Scott provide advice on compliance for Securities Investment Business registered persons.

What is the legal source for the regulation of entities carrying on Securities Investment Business (SIB) in the Cayman Islands?

Entities which have been registered or incorporated in the Cayman Islands which provide securities investment business are subject to the Securities Investment Business Act (SIBA) (2020 Revision) and are to be licensed or registered with the Cayman Islands Monetary Authority (CIMA).

What are the regulated activities covered by the SIBA?

  • Dealing in securities
  • Arranging deals in securities
  • Managing securities
  • Advising on securities

What are the reporting obligations of SIB entities?

All SIBA licensees and registered persons (RPs) are required to file an annual declaration, and pay a prescribed annual fee to CIMA by 15 January each year. They must also complete surveys issued by CIMA within that survey's prescribed timeframe.

What are the other regulatory obligations?

All SIBA licensees and registered persons are required to appoint an AML Officer and Money Laundering Reporting Officer. Additionally, each SIB entity must have applicable policies and procedures in place which address various aspects of the business, including but not limited to risk assessments, corporate governance and an internal audit framework.

All SIBA licensees and registered persons may be subject to regulatory inspections conducted by CIMA. CIMA has powers, under the Monetary Authority Act (Revised) (MAA), to impose administrative fines for breaches of certain prescribed provisions under the MAA (Administrative Fines Regime). That includes failure to file the annual declaration.

Why an AML Audit?

Since 2019, CIMA has stated they expect Registered Persons (such as investment managers and advisors) pursuant to Section 5 (5) of the Securities Investment Business Act (revised) undertake regular internal audits of their controls to ensure that they are suitably robust in consideration of the nature, size and complexity of their operations. Internal audits must be performed by suitably qualified persons.

What is an AML Audit?

An AML audit tests the AML controls against the AML Regulations and other relevant regulatory requirements and the risks presented to identify any deficiencies or indications of ineffectiveness. The AML Audit scope and frequency should be set to be commensurate with the entity's nature, size, and complexity and any specific risks identified during the risk assessment process. The AML Audit is designed to strengthen the AML system where necessary.

What is the legal and regulatory source for the AML audit requirement of SIB RPs?

As per Part II 5(a)(ix) of the Anti Money Laundering Regulations (as revised from time to time): "an appropriate effective risk-based independent audit function and communication as may be appropriate for the ongoing monitoring of business relationships or one-off transactions for the purpose of forestalling and preventing money laundering, terrorist financing and proliferation financing"

As per Part II, Sec. 2(C)(6.2) of the Guidance Notes on the Prevention and detection of Money Laundering. Terrorist Financing and Proliferation Financing in the Cayman Islands, the ALMCO "ensures regular audits of the AML/CFT programme"

What are the penalties for non-compliance with the audit requirement?

Where there is non-compliance with the Regulation 5(a) which is considered a serious breach, the penalties and administrative fines are as noted in Sec (55R)-(55Z) of the AML regulations.

How frequently are SIB RPs required to complete an AML audit?

The frequency of the audit must be commensurate with the entity's nature, size, and complexity, and risks identified during the risk assessments. The frequency should then be documented along with scope and details of auditor in an internal audit plan.

Is there a legal requirement for the AML Audit to be independent from the role of the AML officers?

Per Regulation 5(a)(ix), the internal audit needs to be independent of the underlying business and activities of the relevant SIBA registered person, and the persons conducting the AML audit for a SIB registered person should not be the same persons, or part of the same team as, such SIB registered person's AML Compliance Officer or MLRO/DMLRO.

What is the estimated fee quote for a SIB RP AML Audit?

The fee varies depending on the number of funds managed and the regulatory status of the funds and the manager. If the SIBA RP has more than six funds, a sample is taken during the audit rather than test all the client files.

What documentation is required for a SIB RP?

The following documents are included in the SIB RP Compliance pack:

Required by AML Regulations or known focus of CIMA supervision

  • Risk Management, Governance and Internal Controls Framework including Internal Audit Plan
  • Business ML TF PF Risk Assessment
  • AML Controls/Policies and Procedures (Manual)
  • Customer Risk Assessment template
  • Staff Training Log
  • Outsourcing Policy with Outsourcing Risk Assessment template
  • CyberSecurity Framework
  • Record Retention Policy

Recommended as regularly requested by CIMA during inspection

  • Business and Strategic Plan
  • Business Continuity Plan
  • Remuneration Policy
  • Conflicts Policy
  • Conflicts declaration template and register
  • Succession Plan
  • Complaints Policy

What is the cost for the SIBA Compliance pack?

The cost will depend on the specific needs of the SIB RP including its structure, ownership, group arrangements, and what is already in place. For further information, contact the Ogier Regulatory Consulting team.

How can Ogier Regulatory Consulting help?

Ogier Regulatory Consulting provides regulatory consulting services which can offer AML Audit services and a compliance pack consisting of the relevant policies and procedures that Registered Persons should have in place. This team is separate from the OGL AML Officer Services team to ensure that such independence requirements are met. Further details can be found via our Ogier Regulatory Consulting page should have you any questions.

Creating Compliance Packs for SIB RPs:

Step 1: Engagement with client - Agree to terms of engagement including relevant timeframes and expectations. Client provides information and relevant existing documentation in order to initiate drafting of the SIB RP Compliance Pack.

Step 2: Document review - Ogier Regulatory Consulting team reviews existing documentation provided.

Step 3: Questions to client - Ogier Regulatory Consulting will contact you if we need more information to ensure that we have an accurate understanding of the client and its operations.

Step 4: Drafting - Ogier Regulatory Consulting completes the drafting of the Compliance Pack based on documentation provided and information shared during meeting with client (if necessary).

Step 5: Provide first draft - Ogier Regulatory Consulting provides client with the Compliance Pack Draft for an accuracy check.

Step 6: Final draft - Ogier Regulatory Consulting addresses feedback provided by client and provides final version.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.