ARTICLE
26 September 2025

FATF Fifth Round Mutual Evaluation – Are You Ready?

W
Walkers

Contributor

Walkers logo
Walkers is a leading international law firm which advises on the laws of Bermuda, the British Virgin Islands, the Cayman Islands, Guernsey, Ireland and Jersey. From our 10 offices, we provide legal, corporate and fiduciary services to global corporations, financial institutions, capital markets participants and investment fund managers.
Explore Firm Details
The Caribbean FATF will conduct its onsite assessment in 2027, focusing on the effectiveness of the Cayman Islands implementation of laws, regulations and other measures...
Cayman Islands Finance and Banking
Lucy Frew and Juliana Tang
Your Author LinkedIn Connections

Key takeaways

  • All financial service providers are encouraged by the Cayman Islands Monetary Authority (CIMA) to prepare for the Fifth Round Mutual Evaluation (Evaluation) of the Cayman Islands by the Financial Action Task Force (FATF).
  • Financial service providers (FSPs) should review the adequacy and effectiveness of their policies, procedures and controls to ensure they are compliant with their legal and regulatory obligations.
  • Areas of focus for the Evaluation are anti-money laundering (AML), countering the financing of terrorism (CFT), countering proliferation financing (CPF) and targeted financial sanctions. In particular, FSPs should make sure their controls include audits, risk assessments with reference to proliferation financing (PF) risks, training and record keeping.

Fifth Round Mutual Evaluation

The Caribbean FATF will conduct its onsite assessment in 2027, focusing on the effectiveness of the Cayman Islands implementation of laws, regulations and other measures, notably those relating to AML/CFT/CFP/sanctions. The Cayman Islands government's newly established Office for Strategic Action on Illicit Finance (OSAIF), will strengthen the jurisdiction's coordinated approach to effectiveness and alignment with FATF and other international standards.

Accordingly, CIMA is encouraging FSPs to prepare, with some suggestions on its blog. In summary, CIMA suggests:

  • being able to demonstrate the effectiveness of documented AML, CFT, CPF and targeted sanctions policies, procedures and controls
  • governing bodies should demonstrate awareness of the upcoming FATF inspection and participate in national pre-evaluation initiatives and risk assessments
  • keeping demonstrably accurate records, cases studies and information for at least 5 years before the FATF inspection that validate practices in place.
  • conduct and evidence entity-wide risk assessment, incorporating PF risks where necessary. Risk assessment must remain up to date considering current and evolving threats and sanction requirements
  • ensure the beneficial ownership information of the FSP's customers is accurate, up-to-date and accessible when requested by CIMA or other authorities
  • ensure all staff have good understanding of the AML, CFT, CPF and sanctions obligations and requirements and are trained appropriately
  • take a proactive approach in the upcoming national risk assessment (NRA) of financial crime risks that will be conducted prior to the onsite assessment, as the findings of the NRA will assist FSPs in conducting their own entity-wide risk assessments

Are you ready?

FSPs should review and assess their own policies, procedures, systems and controls ahead of this evaluation. Keeping in mind CIMA's suggestions, we suggest FSPs focus on the following areas:

AML/CFT/CFP/sanctions audits

An independent audit of a FSP's AML/CFT/CPF/sanctions policies, procedures, systems and controls will demonstrate to CIMA and the FATF the effectiveness of its measures (an Audit). It is mandatory under the Anti-Money Laundering Regulations of the Cayman Islands (AML Regulations) for FSPs to have a risk-based AML/CFT/CPF/sanctions audit function, independent of operational involvement, to test the efficacy of such controls.

Some questions FSPs should be asking are:

  • When was the last time an Audit was conducted?
  • Is the timing of Audits in line with the latest AML/CFT/CPF/sanctions risk assessment?
  • Have any deficiencies identified from previous Audits been rectified and reported to the governing body?
  • Have the Audits, as well as any subsequent remediations implemented on identified deficiencies, been documented?
  • Are the Audits sufficiently independent? Has an external provider, or a person largely independent of operational involvement, conducted these audits?

Independent audits have been an area of focus for CIMA following its recent on-site inspection findings. In particular, CIMA reported a lack of improvement in this area for the period of January 2022 to March 2024, based on its findings of inspections of registered persons under the Securities Investment Business Act.

Further details on independent audit requirements can be found in our advisory, 'Obligation for independent AML Audits under the Anti Money Laundering Regulations – What you need to know'.

Record keeping

Maintaining appropriate records is vital to ensure FSPs can demonstrate both:

  • their compliance with their legal and regulatory obligations; and
  • their ongoing monitoring and review of its systems and controls for effectiveness and relevance

CIMA is reminding FSPs to maintain these relevant records for 5 years leading up to the onsite evaluation in 2027. FSPs should be mindful of possibly maintaining key records even if this extends beyond technical record retention obligations.

This builds on CIMA's record keeping requirements under its Statement of Guidance on Nature, Accessibility and Retention of Records ("SOG"), which includes a need to ensure all records are easily accessible to CIMA upon request. There are similar but different record keeping requirements for FSPs conducting business of company management. More information on these requirements and how they differ to the SOG is in our advisory, 'Rule and Statement of Guidance on Nature, Accessibility and Retention of Records for Licensees Conducting the Business of Company Management in the Cayman Islands'.

AML/CFT/CFP/sanctions risk assessments

The Cayman Islands has launched its 2025-2026 NRA of financial crime risks, which will be a two-year review coordinated by the OSAIF with input from regulators, law enforcement, and private-sector stakeholders. CIMA is encouraging FSPs to participate in this NRA. Even if FSPs are not actively participating in the NRA, FSPs should be vigilant in monitoring the NRA process and results to ensure their risk assessments are updated accordingly.

CIMA has also recently highlighted (here) new expectations for FSPs in assessing terrorist financing (TF) risks based on FATF's July 2025 report on Comprehensive Update on TF Risks. The report highlights that TF operations are increasingly decentralized and are applying hybrid financing methods combining traditional methods with digital technologies, with humanitarian aid channels and non-profit organisations remaining vulnerable to abuse. FSPs are encouraged to read the report, and of particular interest might be the list of TF risk indicators to consider when ensuring appropriate systems and processes are in place to mitigate these TF risks.

The NRA and FATF's recent report on TF risks might prompt a review and update to AML/CFT/CFP/sanctions risk assessments. Risk assessments should be reviewed if there have been changes in FSP's circumstances that impact the risks identified and assessed at inception or when customers were onboarded.

Some relevant factors will be whether there are any new risks not accounted for, any changes in customer risk profiles, or any changes in the FSP's business including products or services and distribution channels. An FSP's risk assessment is an evolving document and needs to be periodically reviewed to ensure it is up to date and relevant.

AML/CFT/CFP/sanctions training

As international standards on financial crime continue to evolve and sanctions designations and measures are increasing, it is important FSPs have a good understanding of the requirements.

FSPs are required under the AML Regulations to ensure appropriate staff (if any) receive training on AML/CFT/CFP/sanctions obligations on a regular basis and, according to CIMA guidance, at least annually.

All staff should be aware not only of the FSP's legal and regulatory obligations, but the FSP's AML/CFT/CFP/sanctions policies and procedures and controls, including the results of the FSP's risk assessments. Directors and senior management may receive a level of training suitable to their management role, while AML officers should receive in-depth training on all such aspects to ensure FSP's compliance with the requirements.

Each FSP can tailor its training to suit its own needs, depending on its size, resources and the type of business it undertakes. Training can be conducted in-house or provided by third parties such as firms of attorneys, consultants or specialist training providers.

How Walkers can help

AML/CFP/CFT/sanctions compliance will be a core focus for the jurisdiction and CIMA over the next two years in preparation for the Evaluation. CIMA is therefore looking to remind FSPs to review and re-evaluate the effectiveness of their AML/CFP/CFT/sanctions compliance programs.

Walkers is at the forefront of advising and assisting clients on all aspects of AML/CFP/CFT/sanctions compliance, including the effectiveness of such programs. Walkers regularly:

  • conducts audits
  • reviews and advises on risk assessments
  • delivers bespoke training to FSP's staff, AML officers and directors
  • advises on customer due diligence and record retention requirements

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Lucy Frew
Lucy Frew
Photo of Juliana Tang
Juliana Tang
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More