1 Legal and enforcement framework

1.1 Which legislative and regulatory provisions constitute the anti-money laundering, counter-terrorist financing and general financial crime prevention (collectively, 'AML') regime in your jurisdiction, from a regulatory (preventive/sanctions) and enforcement (civil/criminal penalties) perspective? Are there any legislative and regulatory requirements that apply below the national level (ie, at a state or regional level)?

The primary statutes in the Cayman Islands that directly relate to AML are:

  • the Proceeds of Crime Act (as revised);
  • the Penal Code (as revised);
  • the Criminal Procedure Code (as revised);
  • the Anti-money Laundering Regulations (as revised);
  • the Misuse of Drugs Act (as revised);
  • the Terrorism Act (as revised);
  • the Proliferation Financing (Prohibition) Act (as revised); and
  • the Anti-corruption Act (as revised).

Although guidance notes do not have the same status as legislation, the Guidance Notes on the Prevention and Detection of Money Laundering, Terrorist Financing and Proliferation Financing are another important resource.

Furthermore, the Cayman Islands laws in relation to enforcement are:

  • the Monetary Authority Act (as revised); and
  • the Monetary Authority (Administrative Fines) Regulations (as revised).

The above requirements apply at the national level for all three islands of the Cayman Islands:

  • Grand Cayman;
  • Cayman Brac; and
  • Little Cayman.

1.2 Which bilateral and multilateral instruments on AML have effect in your jurisdiction?

The Cayman Islands extensively uses international instruments and arrangements to facilitate requests for legal assistance in order to assist the international community in fighting money laundering and terrorist financing. The sharing of information is enabled by the Criminal Justice (International Co-operation) Act (as revised). The bilateral and multilateral arrangements in place include the sharing of information in relation to matters such as:

  • financial intelligence;
  • beneficial ownership;
  • banking; and
  • forfeitures.

1.3 Which public sector bodies and authorities are responsible for enforcing the AML laws and regulations? What powers do they have?

Under the Monetary Authority Act (as revised), the Cayman Islands Monetary Authority (CIMA) is mandated with imposing administrative fines on individuals and entities licensed within the Cayman Islands. Furthermore, CIMA has the power to conduct supervisory on-site inspections of regulated entities' business operations in the Cayman Islands. Should CIMA find that an entity's AML framework does not comply with the AML regime, it can suspend or revoke a licence. In addition to enforcement, CIMA has the ability to request information, which must be provided on a prompt basis.

There are also a number of other governmental agencies and authorities with powers relating to offences, such as:

  • the Anti-corruption Commission; and
  • the Tax Information Authority.

1.4 Are there any self-regulatory organisations or professional associations? What powers do they have?

A number of professional associations within the Cayman Islands serve as supervisory bodies for the purposes of AML compliance. For example, the Cayman Islands Institute of Professional Accountants is the AML supervisory body for accounting firms and is mandated with:

  • registering all accounting firms;
  • monitoring for compliance; and
  • issuing industry-specific guidance, directives and procedures.

Another example of a designated professional supervisory body within the Cayman Islands is the Cayman Islands Legal Practitioners Association, which is responsible for AML oversight of firms of attorneys and sole practitioners.

Several not-for-profit organisations – such as the Cayman Islands Compliance Association – also cultivate an open ecosystem for the sharing of information and provide an open forum for discussions surrounding regulatory changes and best practices. These organisations are extremely valuable to the industry; it is therefore beneficial to become a member.

1.5 What is the general approach of the financial services regulators in enforcing the AML laws and regulations?

CIMA treats non-compliance with the AML regime particularly seriously. Its general approach in determining whether an entity is compliant and, if not, whether and how to enforce and/or fine is by undertaking both on-site and off-site inspections, as well as other monitoring processes. CIMA has also started to publish details of entities that have been subjected to administrative fines in an attempt to act as a deterrent to others (see www.cima.ky/administrative-fines).

1.6 What are the statistics regarding past and ongoing AML procedures in your jurisdiction?

CIMA periodically publishes trends and typologies for specific types of regulated entities that provide information on common deficiencies found when conducting on-site inspections. For example, in a recent review of a portfolio of entities conducting securities investment business, CIMA found that:

  • 79% of them had overall weakness in policies and procedure;
  • 50% had weaknesses in due diligence collation; and
  • 33% had weaknesses in their AML training programmes.

These reports are useful tools for industry to further understand:

  • the scope of on-site inspections; and
  • what serves as a trigger for an internal review to ensure that similar deficiencies do not exist.

With regard to suspicious activity reports (SARs), the Financial Reporting Authority (FRA) periodically publishes analysis on the trends and money laundering offences it has discovered. These statistics are also valuable as they help the FRA in developing future typologies on AML matters in both regulated and unregulated industries. The FRA's annual reports can be found on its website.

1.7 What reporting activities exist for reporting suspicious activities and/or transactions (SARs)? Are there any specific powers to identify the proceeds of crime or to require an explanation as to the source of funds?

There is an established channel through which SARs should be filed. If an individual becomes aware of or suspects criminal activity, he or she is obliged to report these findings internally to:

  • the entity's money laundering reporting officer (MLRO); or
  • the deputy MLRO (DMLRO) if the MLRO is absent.

It is then the responsibility of the MLRO/DMLRO to conduct analysis to determine whether the matter should be externalised with the FRA. While there is no explicit timeframe stated in the AML regulations, this should be done as soon as is practicable. There is a SAR form draft on the FRA website that should be used for this purpose. When submitting the SAR, the MLRO/DMLRO must ensure that any supporting documentation is included in support of the claim.

To assist individuals in making SARs, the FRA recently published guidance notes on how to prepare and submit quality SARs. The guidance notes provide clarification on how to identify the methods through which suspicious activity is conducted, including:

  • wire transfers;
  • negotiable instruments;
  • investments; and
  • deposits/withdrawals.

The movement of funds, including how they originated, is integral for the FRA to be able to analyse whether actual or suspected criminal conduct has occurred.

In light of COVID-19, the need arose to digitalise the mechanisms through which SARs can be reported. In response, the FRA launched AMLive – a secure and confidential portal that accepts SARs in electronic form. This was launched to users through a phased approach and it is expected that in the near future, the previous mechanisms for reporting (physical delivery and email) will no longer be preferred. According to the FRA's 2022 Annual Report, 75% of SARs that were submitted in 2022 were sent through the AMLive Portal.

1.8 Is there a central authority for reporting (ie, a Financial Intelligence Unit (FIU) responsible for assessing SARs reported from relevant entities subject to AML requirements)? Does this authority work internationally?

The FRA is the Cayman Islands FIU, which is responsible for receiving, requesting, analysing and disseminating financial information disclosures concerning the proceeds of criminal conduct, money laundering and terrorist financing. It was established under the Proceeds of Criminal Conduct Act (as revised).

The FRA works at a national level and its analysis is utilised by domestic agencies (eg, the police, immigration and Customs) for investigative purposes. Furthermore, the Cayman Islands has been part of the Egmont Group since 2001. It therefore contributes and cooperates at an international level with other FIUs.

1.9 What relevant public or private corporate or other registers exist to assist with conducting and/or validating AML information, ultimate beneficial owners etc; and what details must be disclosed?

Apart from the beneficial ownership register that must be maintained by corporate service providers and submitted to the General Registry, all other registers required are kept in-house for the purposes of conducting ongoing AML monitoring.

1.10 How do such registers interoperate with one another and do they do so internationally?

The introduction of beneficial ownership registers (see question 1.9) was aimed at improving the exchange of information between the Cayman Islands and international regulatory, enforcement and tax authorities. Furthermore, while the relevant information is stored on the Cayman government's centralised beneficial ownership platform, details pertaining to expired passports, for example, are interoperated and enforced by CIMA.

2 Scope of application

2.1 Can both individuals and companies be prosecuted under the AML legislation?

Under the administrative fines regime, both individuals and companies can be fined for non-compliance with the AML legislation. Depending on the severity of the offence, the Cayman Islands Monetary Authority (CIMA) can issue fines at differing levels, as follows.

Category of breach Fine in Cayman Islands dollars
Minor KYD 5,000
Serious (individual)
Serious (corporate)		 KYD 50,000
KYD 100,00
Very serious (individual)
Very serious (corporate)		 KYD 100,000
KYD 1 million

Furthermore, if an offence is committed, any person may also be subject to imprisonment.

2.2 Can foreign companies be prosecuted under the AML legislation?

There are a number of instances in which a foreign company can be prosecuted under the Cayman AML legislation. For example, a subsidiary of a Cayman entity that operates within the Cayman Islands and conducts business on behalf of the Cayman entity must conform to the AML legislation of the Cayman Islands. Furthermore, there may be a foreign company that is domiciled and operates in another jurisdiction, but which is nonetheless regulated by the CIMA. Irrespective of jurisdiction, such a company must ensure that:

  • it complies with the AML legislation; and
  • jurisdictional gap analysis is conducted.

2.3 Does the AML legislation have extraterritorial reach?

Under the applicable AML legislation, for the purposes of money laundering, if criminal conduct is committed overseas and that conduct would be deemed an offence under Cayman law, it will be deemed an offence in the Cayman Islands if it satisfies the dual criminality test set out in the Proceeds of Crime Act (as revised).

2.4 Are there restrictions on financial institutions' accounts for foreign shell banks? Which types of firms are subject to such restrictions?

Under the Anti-money Laundering Regulations, any person that carries out 'relevant financial business' in or from the Cayman Islands cannot establish a business relationship with a shell bank. The definition of 'relevant financial business' is detailed in the Proceeds of Crime Act (as revised) and includes (but is not limited to) institutions that carry out the following activities:

  • lending;
  • financial leasing;
  • money broking;
  • securities investment business; and
  • portfolio management and advice.

Not only do restrictions apply to such institutions when entering or continuing a relationship with a shell bank, but they are also not allowed to enter into or continue a relationship with a bank that is known to permit its accounts to be used by a shell bank.

2.5 Are there cross-border transaction reporting requirements? If so, what must be reported under what circumstances and to whom?

Any transaction that is deemed to be suspicious in nature must be reported to the Financial Reporting Authority, which mutually cooperates with FIUs internationally.

2.6 Does money laundering of the proceeds of foreign crimes constitute an offence in your jurisdiction?

'Criminal conduct' is defined under the Proceeds of Crime Act (as revised) as conduct which:

  • constitutes an offence in the Cayman Islands; or
  • would constitute an offence in the Cayman Islands if it occurred there.

However, a defence contained within the Proceeds of Crime Act (as revised) stipulates that a person does not commit an offence if he or she knows or believes, on reasonable grounds, that the relevant criminal conduct (by reference to which the property concerned is criminal property):

  • occurred in a particular country or territory outside of the Cayman Islands; and
  • was not, at the time it occurred, unlawful under the criminal law which applied at the time in that country or territory.

If an individual is unsure as to whether he or she has an obligation to report such matters, he or she should speak with his or her money laundering reporting officer for guidance.

3 AML offences

3.1 What AML offences are recognised in your jurisdiction and what do they involve? Are there any codified or common law defences?

AML offences are recognised in the Cayman Islands. The Proceeds of Crime Act (as revised) sets out money-laundering offences. There are five primary offences, as follows:

  • concealing, disguising, converting, transferring or removing criminal property from the Cayman Islands;
  • entering into arrangements to facilitate the acquisition, retention, use or control of criminal property;
  • acquiring, possessing or using criminal property;
  • failing to disclose a suspicion of criminal conduct; and
  • tipping off.

A number of defences are contained within the Anti-money Laundering Regulations – for example, whistleblowers are protected from being subject to any legal, administrative or employment-related sanctions, regardless of the contents of a report. Furthermore, a person does not commit an offence if he or she makes a disclosure to the Financial Reporting Authority (FRA).

3.2 How are predicate offences defined in your jurisdiction? Is tax evasion a predicate offence for money laundering?

In the case of money-laundering offences in the Cayman Islands, it is assumed that criminal conduct has occurred in order to generate the criminal property that is being laundered. This is often known in other jurisdictions as a 'predicate offence'. Under the Anti-money Laundering Regulations, tax evasion is a predicate offence for money laundering. Criminal conduct for the purposes of money laundering can include conduct committed overseas, as long as it would constitute an offence under Cayman law. Thus, foreign tax evasion and equivalent tax crimes are reportable in the Cayman Islands.

3.3 What reporting offences exist (eg, failure to disclose, tipping-off and prejudicing or obstructing an investigation)?

A number of reporting offences exist under the Proceeds of Crime Act (as revised). First, there is a duty to report (within a practical timeframe) if there is knowledge or suspicion of criminal conduct. Furthermore, tipping off or disclosing any information to a target or third party that is likely to prejudice an investigation also constitutes an offence. All of the above reporting offences carry penalties of imprisonment and/or an unlimited fine.

3.4 Do any restrictions or thresholds (eg, in terms of parties, asset type or transaction value) serve to limit the types of activities that constitute AML offences?

There are no explicit restrictions or thresholds in the Anti-money Laundering Regulations that serve to limit the types of activities that constitute an AML offence.

However, the requirement for a person that conducts relevant financial business to conduct due diligence on its customers for one-off transactions is triggered where a transaction is valued in excess of KYD 10,000.

It is common to see suspicious activity reports (SARs) submitted that have a value over this threshold (where suspicious activity has arisen during the due diligence phase). However, SARs must be submitted to the FRA in respect of any suspicious activity – irrespective of transaction value, asset type or the parties involved – as it may have direct or indirect implications or connections to other reports or ongoing investigations.

4 Compliance

4.1 Is implementing an AML compliance programme a regulatory requirement in your jurisdiction? If so, what aspects must this cover? Are there any criteria and/or conditions that a money laundering reporting officer or any other person responsible for AML must observe?

For in-scope persons and entities conducting 'relevant financial business' as defined under the Proceeds of Crime Act (as revised), it is a regulatory requirement within the Cayman Islands, that an AML compliance programme be implemented. Not only should AML policies and procedures exist and conform to the Anti-money Laundering Regulations, but there should also be efficient and operational systems and controls in place. Furthermore, the AML compliance programme should include:

  • a risk assessment process; and
  • identification and verification processes for customers/clients (not only at onboarding, but also on an ongoing basis).

In relation to the obligations of appointed officers, it is a regulatory requirement to appoint an anti-money laundering compliance officer (AMLCO), who is responsible for oversight of the AML compliance programme. Further. there is a requirement for natural persons to assume the roles of money laundering reporting officer (MLRO) and deputy MLRO (DMLRO), with responsibility for the suspicious activity reporting process. While the MLRO and the DMLRO cannot be the same person, there are no restrictions that would prevent the MLRO or DMLRO from assuming the AMLCO role. The Anti-money Laundering Regulations and the associated Guidance Notes specify:

  • a number of suitability conditions, to ensure that appointed officers are sufficiently qualified and experienced to fulfil the roles; and
  • the roles and responsibilities which they must fulfil.

Other components of the AML compliance programme include:

  • reporting procedures for suspicious activity;
  • AML training;
  • record keeping; and
  • maintenance of relevant logs and registers.

4.2 What customer and business partner due diligence (know your customer/client due diligence) requirements apply in this regard? Do any look-through requirements apply? Are there any simplified or enhanced due diligence requirements for certain types of persons and activities?

It is a regulatory requirement for entities conducting relevant financial business to conduct due diligence on their customers/clients. In scenarios where risk is low, simplified due diligence can occur. These are determined based on analysis of the underlying risk factors, such as:

  • customers;
  • country;
  • products;
  • services;
  • transactions; and
  • delivery channels.

If there are any elements that heighten risk, enhanced due diligence should be conducted. This includes:

  • more in-depth analysis of the identification of the customer/client; and
  • enhanced levels of verification.

In the case of corporate customers/clients, entities conducting relevant financial business should look through to find the ultimate beneficial owners and controllers with holdings of 10% or more.

Furthermore, if a 'material' function is outsourced to a service provider, due diligence must still be collected and maintained. In conjunction with the Statement of Guidance on Outsourcing:

  • a risk assessment must occur; and
  • materiality must be considered.

It is possible to rely on eligible introducers for the purposes of due diligence. However, there are strict eligibility requirements which, if not met, cannot be relied upon. Eligible introducers must be periodically tested to ensure continued compliance with the Anti-money Laundering Regulations.

4.3 What due diligence requirements apply in relation to ultimate beneficial owners?

There are two regimes in place in relation to ultimate beneficial owners. Under the Anti-money Laundering Regulations, ultimate beneficial owners (holdings of at least 10%) should be appropriately identified and verified by corporate service providers. That said, it is prudent to:

  • identify and screen any ultimate beneficial owners with holdings of under 10%; and
  • if anything adverse is found in the analysis, to proceed to obtain due diligence.

Under the Beneficial Ownership Regulations, corporate service providers in the Cayman Islands must keep a register of ultimate beneficial owners who hold, directly or indirectly, 25% or more of the shares or voting rights. This must be reported to the General Registry on a monthly basis.

Corporate service providers should ensure that they are aware of the differences in these two regimes, to ensure that the due diligence collected is appropriate to both thresholds. The Cayman Islands Monetary Authority (CIMA) can impose fines for expired due diligence documentation, so it is vital that this be monitored on an ongoing basis.

4.4 Which books and records requirements have relevance in the AML context? What privacy laws apply?

In conjunction with the Anti-money Laundering Regulations and the associated Guidance Notes, the Statement of Guidance on Nature, Accessibility and Retention of Records mandates requirements for record retention. An entity must maintain (for at least five years) all necessary records on clients and transactions to be able to comply swiftly with information requirements from CIMA. The purpose of this provision, from an AML perspective, is that such records may:

  • suffice to permit the reconstruction of clients and transactions; and
  • if necessary, constitute evidence for the prosecution of criminal activity.

In support of the above, CIMA published its Data Protection Act (as revised), which came into force on 30 September 2019. This act provides a legal framework for the use of personal information and includes details on the appropriate channels for reporting a data breach.

4.5 What other compliance best practices should a company implement to mitigate the risk of AML violations?

To mitigate the risks associated with violation of the Anti-money Laundering Regulations, it is best practice to ensure that independent audits occur. An AML audit may be outsourced to a regulatory consultant with the necessary expertise and independence to undertake this. CIMA has been explicit in terms of what it expects to see covered in the AML audit, which should:

  • assess the adequacy of policies, procedures, systems and controls; and
  • include a sample of clients/customers to test for compliance.

The frequency of these audits will depend on the size and complexity of the entity; however, given the pace of regulatory change in the Cayman Islands, it is recommended that these occur on an annual basis.

4.6 Are companies obliged to report financial irregularities or actual or potential AML violations?

Companies are obliged under the Anti-money Laundering Regulations to report:

  • financial irregularities; and
  • actual or potential AML violations.

Irregularities may include situations where a customer/client:

  • enters into transactions or makes decisions that do not correlate to standard behaviour; or
  • conducts transactions that are complex or unusually large, or that follow an unexpected pattern.

The appropriate internal reporting procedures should be followed and, if deemed appropriate, the MLRO/DMLRO should externalise a suspicious activity report as soon as possible to the Financial Reporting Authority (https://www.fra.gov.ky/contents/page/4).

4.7 Does failure to implement an adequate AML programme constitute a regulatory and/or criminal violation in your jurisdiction?

Failure to implement an adequate AML programme may result in liability for administrative fines (https://www.cima.ky/enforcement-1).

5 Enforcement

5.1 Can companies that voluntarily report AML violations or cooperate with investigations benefit from leniency in your jurisdiction?

Companies are always encouraged to report AML violations (eg, a material deficiency in policies and procedures) voluntarily to the Cayman Islands Monetary Authority (CIMA). While this does not directly safeguard the company from an administrative fine, proactive disclosure and efforts to remediate immediately may be viewed favourably by CIMA. Furthermore, there are certain immunities from criminal penalties if a person adequately submits a suspicious activity report.

In relation to AML prosecutions, under the Criminal Justice (Offenders Assisting Investigations and Prosecutions) Bill (as revised), prosecutors can grant immunity from prosecution in order to secure the assistance of a person who committed a crime. If immunity is granted, an immunity notice will be issued in writing which includes a specific description of the offence to which the immunity applies.

5.2 Can the existence of an AML compliance programme constitute a defence to charges of AML violations?

Even where an AML compliance programme exists, this does not automatically serve as a defence to AML violations. While adequate policies and procedures may be in place, if they are not operationally efficient or are not being followed, this could lead to violations. CIMA has published a number of notices in relation to entities that have had an AML compliance programme in place, but that failed:

  • to meet the regulatory requirements set out in the AML legislation; and/or
  • to remediate any gaps identified as part of an on-site inspection process.

5.3 What other defences are available to companies charged with AML violations?

A number of defences are available; however, this will depend on the type of violation that occurred.

5.4 Can companies negotiate a pre-trial settlement through plea bargaining, settlement agreements or similar?

In the case of an administrative fine, CIMA can apply a discount if the individual or company decides to settle promptly. CIMA has a settlement discount regime in place, which has four established criteria (ranging from a 40% discount to a 10% discount). However, this is permitted only if CIMA is satisfied that:

  • remediation plans are being progressed adequately; and
  • the company or individual has been cooperative in the process.

5.5 What penalties can be imposed for violations of the AML legislation? How are these determined? Can non-exhaustive penalties be imposed for such violations (eg, exclusion from public procurement, exclusion from entitlement to public benefits or aid, disqualification from the practice of certain commercial activities, judicial winding up)?

Administrative fines and imprisonment can be imposed for violations of the AML legislation. The severity of these penalties will depend on the gravity of the offence. CIMA has the power to:

  • suspend or remove directors;
  • revoke licences or impose conditions on a licensee;
  • impose fines;
  • appoint controllers or auditors over an entity; and
  • apply to the court for orders necessary to carry out its regulatory or supervisory functions or to intervene in a liquidation.

5.6 Can funds, property and/or proceeds of AML and/or financial crime be subject to asset freezing/confiscation/forfeiture or victim compensation laws? If so, under what circumstances and what types of funds or property may be confiscated/forfeited? Can such actions be taken if there is no criminal conviction?

Under the Proceeds of Crime Act (as revised), the director of public prosecutions can initiate civil proceedings to recover any assets or property that was obtained through criminal conduct. This process can be effected through an array of mechanisms, such as:

  • receiving orders;
  • recovery orders; and
  • property freezing orders.

In relation to the circumstances in which funds or property can be recovered, a number of considerations are set out in the Proceeds of Crime Act (as revised), such as:

  • the recoverable amount;
  • the defendant's benefit;
  • the amount actually available; and
  • interest on unpaid sums.

5.7 What is the statute of limitations for prosecuting AML offences in your jurisdiction?

Limitation periods are prescribed by the Limitation Act (as revised) and vary depending on the nature of the claim:

  • Claims under contract expire six years after the date of breach; and
  • Claims under a speciality (including a deed) expire 12 years after the cause of action arose.

In certain circumstances, limitation periods can be extended where the action involves:

  • fraud;
  • deliberate concealment of facts giving rise to a claim; or
  • mistake.

6 Alternatives to prosecution

6.1 What alternatives to criminal prosecution are available to enforcement agencies that find evidence of AML violations?

If, when conducting an on-site inspection, the Cayman Islands Monetary Authority (CIMA) finds evidence of an AML violation, instead of proceeding straight to prosecution or serving administrative penalties, it may decide to give the entity a chance to remediate the technical deficiencies found within a prescribed timeframe.

In determining what action to take, CIMA will consider a number of elements, such as:

  • the impact on stakeholders' interests;
  • the nature of the contravention; and
  • the willingness of the entity to cooperate and assist in the process.

6.2 What procedures are involved in concluding an investigation in this way?

Following the conclusion of an on-site inspection, CIMA will:

  • issue an AML inspection report; and
  • give the entity an opportunity to provide management comments in relation to the findings.

If the entity appropriately acknowledges the findings in the report and drafts a detailed remediation plan that meets the prescribed remediation criteria, CIMA may exercise its discretion not to enforce immediately. Typically, the entity must provide CIMA with periodic updates (within one month, three months and six months) to demonstrate that it is being proactive in its remediation. Furthermore, if the deficiency found relates to only one client/customer that was sampled, evidence of a review against the entire portfolio of clients/customers is important.

6.3 What factors will determine whether such an alternative to prosecution is to be offered by an enforcement agency to those who have been involved in AML violations?

The factors based on which such alternatives may be offered will depend on the severity of the AML violation. For example, if the deficiencies found are minimal in nature and are not deemed to constitute a serious breach, this may prove favourable when enforcement decisions are made. If no violations were discovered in a previous on-site inspection report, this may also be advantageous when CIMA is considering whether to enforce. Furthermore, proactivity and cooperation with CIMA are beneficial – not only during the remediation phase, but also when an on-site inspection is being conducted.

It is extremely unlikely, however, that an alternative will be available in case of repeat offences.

6.4 How common are these alternatives to prosecution?

Publication of the Mutual Evaluation Report issued by the Financial Action Task Force has led to a significant increase in the number of on-site inspections conducted by CIMA. The number of enforcement notices published by CIMA has also increased exponentially as a result. Opportunities to remediate are available, but cannot be relied upon. The circumstances will be considered on a case-by-case basis.

6.5 What reasons, if any, could lead to an increase in the use of such alternatives?

There are a number of scenarios in which such alternatives can be used. For example, if there was a recent amendment or revision to the AML legislation and the entity had not yet transposed it appropriately into its policies and procedures before an onsite inspection occurred, CIMA may decide to give the entity additional time to remediate the gap.

7 Private AML enforcement

7.1 Are private enforcement actions for AML offences available in your jurisdiction? If so, where can they be brought and what process do they follow?

Individuals can be subject to enforcement actions for AML offences in the Cayman Islands. The levels of administrative fines (which can range from KYD 5,000 to KYD 100,000) will be determined by the severity of the AML violation.

In relation to prosecutions, the director of public prosecutions is the government's principal legal adviser on criminal proceedings and is responsible for all criminal proceedings brought within the Cayman Islands (ie, in the Cayman Islands Summary Court, the Grand Court and the Court of Appeal). On the request of the Cayman Islands Monetary Authority (CIMA), the Cayman Islands courts have the power to:

  • interview an individual under oath; and
  • send the results back to CIMA for further consideration.

Furthermore, CIMA can:

  • apply to the Cayman courts for a search warrant to carry out an investigation; and
  • require regulated entities to provide specified information or documentation.

In conjunction with the above, other authorities – such as the Tax Information Authority and the Financial Reporting Authority – have the power to request information. Upon completion of an investigation under the Police Act (as revised), the police have the power to arrest any person whom they suspect of committing an offence.

7.2 What types of relief may be sought and what types of relief are most commonly awarded? How is the relief awarded determined?

No answer submitted for this question.

7.3 Can the decision in a private enforcement action be appealed? If so, to which reviewing authority?

Decisions in relation to private enforcement can be appealed. Appeals of decisions of the Grand Court are heard by the Court of Appeal (which is governed by the Criminal Procedure Code).

8 AML, cyber and crypto-assets

8.1 How does the AML regime dovetail with other cyber law in your jurisdiction?

The Cayman Islands acknowledges the risks pertaining to cybersecurity. While technological advancements are important to facilitate innovation, secure competitive advantage and promote efficiencies, any compromise in the use of technology may have detrimental impacts for business, including (but not limited to) liability claims and reputational damage.

The Cayman Islands Monetary Authority (CIMA) published a note in May 2020 to establish a framework which entities conducting relevant financial business in the Cayman Islands should adopt to ensure that measures are in place to appropriately identify, protect, detect, respond to and recover from cybersecurity-related threats, incidents and breaches. Shortly thereafter, CIMA published a Statement of Guidance on Cybersecurity for entities that conduct relevant financial business, which supplemented the note and provided greater granularity on the standards required in order to comply. CIMA recommends that the note and the statement of guidance be read in conjunction with the Anti-Money Laundering Regulations.

8.2 What specific considerations, concerns and best practices should companies be aware of with regard to AML prevention in the cyber sphere?

There are a number of overlapping elements between the AML and cybersecurity regimes in the Cayman Islands. The primary concern is to guard against the infiltration and/or loss of data that could be used in an illicit manner. To mitigate the risk associated with money laundering in the cybersphere, a number of regulatory requirements are imposed on entities. These include ensuring that:

  • there is a risk management framework in place to identify cyber-specific risks and how to mitigate them; and
  • testing periodically occurs to ensure that:
    • the framework in place is adequate; and
    • there are robust breach notification and reporting channels.

8.3 Does the AML regime extend to crypto-asset activity and if so, how?

In recognition of the guidance published by the Financial Action Task Force on virtual asset services, CIMA amended the Proceeds of Crime Act in 2019 to expand the definition of 'relevant financial business' (which defines the business types that must comply with the AML regime in the Cayman Islands) to include 'virtual asset services'.

In addition, the Cayman Islands supports the notion of innovation in the crypto-asset space and has published a Virtual Asset Service Provider (VASP) Act, which took effect in October 2020. By establishing a commercially viable and adaptive framework, the Cayman Islands has become an attractive jurisdiction for VASPs. The VASP Act has been enforced through a phased approach; the first phase directly pertains to AML compliance, supervision and enforcement, and other key areas of risk.

9 Trends and predictions

9.1 How would you describe the current AML enforcement landscape and prevailing trends in your jurisdiction? Are any new developments anticipated in the next 12 months, including any proposed legislative reforms?

Since the conclusion of the Financial Action Task Force (FATF) Mutual Evaluation, there has been a significant uptick in the level of enforcement for non-compliance with the AML regime. Thousands of discretionary administrative fines have been issued to Cayman Islands service providers for failure to comply.

Beneficial ownership remains a contentious topic – not only within the Cayman Islands, but also internationally. The Cayman Islands has published regulations for certain types of corporate service providers, requiring them to maintain a beneficial ownership register for parties with direct or indirect holdings of 25% or more. However, there has been much deliberation as to whether these registers should be publicly available. In light of recent rulings in other jurisdictions – for example, the Court of Justice of the European Union holding that public access to beneficial owner registers contravenes a number of articles of the Charter of Fundamental Rights of the European Union – it will be very interesting to see how the Cayman Islands regulators respond to this issue.

9.2 Has your jurisdiction's AML regime been evaluated by an international organisation, such as the Financial Action Task Force (FATF), the Council of Europe (Moneyval) or the International Monetary Fund; and if so, when?

The Cayman Islands is a member of the FATF and regionally is a member of the Caribbean Financial Action Task Force. The Cayman Islands AML regime has been evaluated by the FATF, with the most recent review concluding in March 2019. The Cayman Islands has also been included in the Peer Review conducted by the Organisation for Economic Cooperation and Development since 2020, which assesses ongoing base erosion and profit shifting compliance.

9.3 Does your jurisdiction meet the recommendations of the Financial Action Task Force; and if not, what are the barriers to meeting these?

Since the conclusion of the FATF's latest Mutual Evaluation in March 2019, the Cayman Islands has been working extremely hard to remediate the technical deficiencies identified. Out of the 40 FATF recommendations, the Cayman Islands was deemed to be only 'partially compliant' with just 13. The main technical deficiencies identified related to enforcement. By increasing the levels of enforcement for non-compliance with the Anti-Money Laundering Regulations, the Cayman Islands Monetary Authority (CIMA) has demonstrated to the FATF that it is proactive in striving to conform with the standards set.

When the FATF Plenary met in June 2023, there was an expectation that the Cayman Islands would be removed from the enhanced monitoring list, since all 'partially compliant' recommendations have now been remediated, such that the Cayman Islands is now either 'compliant' or 'partially compliant' with all 40 recommendations. However, this did not happen, so further improvements will be required in relation to the documentation of vulnerabilities at a national risk level and enforcement.

9.4 What noteworthy technology developments have you observed in your jurisdiction over the past 12 months in the growth of regtech and suptech solutions, as well areas where blockchain and digital assets or online-based communities are used as an enabler (eg, money laundering using video games or online forums)?

Like other leading jurisdictions, the Cayman Islands is a key player in the regtech and suptech space. In addition to the Virtual Asset Service Provider (VASP) Act that came into force in 2020 (see question 8.3), TechCayman was established under the Cayman Islands Special Economic Zone to cultivate a technology-based ecosystem and thus encourage entrepreneurs to establish businesses in the Cayman Islands. While CIMA has published no specific guidance in relation to risks pertaining to money laundering in the video game and online forum space, its guidance notes (specifically in relation to VASPs) recommend that online operations form part of VASPs' business risk assessments, to ensure that risks are identified and appropriately mitigated.

10 Tips and traps

10.1 What are your top tips for the smooth implementation of a robust AML compliance programme and what potential sticking points would you highlight?

It is of the upmost importance that entities and individuals with interests in the Cayman Islands:

  • keep up to date with regulatory changes; and
  • acknowledge new trends and typologies that arise in light of dynamic market conditions.

These should not only be understood, but also analysed within the context of current AML compliance programmes to ascertain whether any policies, procedures, systems and controls may need to be revised as a consequence.

To facilitate the implementation of a robust AML compliance programme, its effectiveness should be continually assessed. While policies and procedures may be constructed appropriately and conform to the regulatory framework, the programme will not be effective if the processes, systems and controls in place do not adequately capture the applicable requirements and obligations. Testing effectiveness is thus crucial to the sustained success of an AML compliance programme and where deficiencies are found, a remediation plan should be established.

10.2 What are the key threats and trends that you have seen in your jurisdiction with respect to money-laundering techniques during the COVID-19 pandemic?

In the case of any global systemic shock, a number of threats and trends that can emerge. The COVID-19 pandemic was no exception: due to disruptions to business proceedings, criminals were able to exploit operational vulnerabilities in a number of ways.

As commerce migrated from the physical space to the virtual space, criminals diversified the means by which they conduct illicit activities – as reflected in the use of new online schemes and channels to launder the proceeds of crime. Furthermore, legitimate businesses in distress and goods/services that have become illiquid have been subjected to criminal infiltration, as they can be used as a front to hide fraudulent proceeds and transfers.

From the perspective of the Cayman Islands, the risks pertaining to exploitation in the manufacturing and trade sectors have been minimal (given the jurisdiction's geographical features). However, Cayman's thriving financial services sector has been and will remain vulnerable, given the high level of cross-border business and the volumes of financial transactions that occur.

For remote business, which makes up a significant percentage of transactions in the Cayman Islands, there is always a risk that standard customer due diligence obligations may be circumvented – specifically in relation to verification (eg, due to the restrictions in social distancing during COVID-19, certifications of identification documents could not occur).

The Cayman Islands Monetary Authority (CIMA) was quick to recognise the significant challenges faced by the financial services industry in relation to verifying customers and provided helpful guidance on mechanisms that could be temporarily established in order to ensure that customers could be appropriately identified, verified and risk rated. Examples included:

  • the use of video conferencing with underlying customers;
  • the certification of documents through the use of 'selfies'; and
  • receipt of residential address statements in electronic form.

10.3 Are your jurisdiction's relevant AML legislative and rulemaking instruments available in online; and if so, are they publicly available and in English?

As the Cayman Islands is a British overseas territory with English as its official language, all AML laws and rulemaking instruments are in English. The applicable acts, regulations and guidance notes can be found on CIMA's website at www.cima.ky/.

For guidance notes and information pertaining to reporting suspicious activity and sanctions breaches, see the Financial Reporting Authority's website at www.fra.gov.ky/.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.