This client briefing addresses recent changes to the Cayman anti-money laundering framework - in particular those made by the Anti-Money Laundering Regulations, 2017 (AML Regulations), which came into force on 2 October 2017.
The Cayman anti-money laundering framework comprises:
- the Proceeds of Crime Law (2017 Revision) (PCL), specifically Part V of that law, which came into force in May 2017;
- the AML Regulations, made by the Cabinet pursuant to specific powers in the PCL, which repealed the old Money Laundering Regulations (2015 Revision);
- the guidance notes (Guidance Notes) on the prevention and detection of money laundering and terrorist financing in the Cayman Islands dated August 2015, prepared by the Cayman Islands Monetary Authority (CIMA) pursuant to specific powers in the Monetary Authority Law. The Guidance Notes are currently being reviewed and will be updated in due course.
The thrust of the changes to the AML Regulations has been to close gaps that remained between Cayman's robust anti-money laundering regime and the Financial Action Task Force 2012 recommendations (FATF Recommendations). The new AML Regulations do not re-shape the existing regime but they do introduce some important changes that need to be taken into account by those that are implementing Cayman anti-money laundering processes and procedures. The principal changes are as follows:
- Expanded Scope – the AML Regulations continue to define their scope by reference to "relevant financial business" – save that the definition is now no longer contained in the AML Regulations but has been moved to the PCL.
- "Relevant financial business," the conduct of which brings a person (a financial services provider or FSP) within the scope of the AML Regulations, comprises (amongst others) business that is regulated in Cayman, such as banking business, trust business, insurance business, securities investment business, and regulated funds business. Relevant financial business also includes certain non-regulated activities that are listed in a schedule to the PCL, including "trading for own account or for the account of customers in transferable securities." That list of non-regulated activities covered by the AML Regulations has now been expanded to include: (i) " otherwise investing, administering or managing funds or money on behalf of other persons;" and (ii) "underwriting and placement of life insurance and other investment related insurance."
- Whereas previously some unregulated funds were covered by the anti-money laundering regime, for example those that traded in transferable securities or some funds established as exempted limited partnerships (by virtue of the fact that the general partner was conducting securities investment business) the AML Regulations now make it clear that all unregulated as well as regulated investment entities are covered, as well as insurance entities and financing entities.
- As regards the unregulated business, the PCL provides that the Cabinet may assign to the Financial Reporting Authority (FRA), a public sector body or a self-regulatory body the responsibility of monitoring compliance with the AML Regulations by persons covered by the AML Regulations who are not otherwise subject to monitoring by CIMA (which has authority for the supervision of persons conducting regulated business).
- Adoption of a risk-based approach – the
other major change is that the AML Regulations now formally
introduce the concept of a risk-based approach as part of the AML
processes and procedures that must be adopted by FSPs. An FSP
is now required to take steps appropriate to the nature and size of
its business to identify, assess, and understand its money
laundering and terrorist financing risks in relation to a customer,
the country or geographic area in which the customer resides or
operates, the FSP's products, service and transactions, and the
FSP's delivery channels. We expect that the updated
Guidance Notes will provide further detail regarding the practical
application of the risk rating methodology.
- Expansion of mandatory procedures –the old regulations required that FSPs maintain the following procedures:
(a) Customer identification procedures (KYC)
(b) Record-keeping procedures
(c) Internal reporting procedures (i.e. appointment of a money laundering reporting officer)
(d) Other procedures of internal control (including an appropriate internal audit function) and communication
(e) Designating a person, at management level, to be a compliance officer with responsibility for monitoring and ensuring internal compliance with the laws relating to money laundering
(f) Employee training and awareness in relation to AML regime and transactions by persons engaged in money laundering
The AML Regulations retain these procedures but now provide for two additional mandatory procedures:
(a) Employee screening procedures (for FSPs that have employees)
(b) Conducting sanction and FATF non-compliant territory checks
- Simplified due diligence (general) –
whereas previously FSPs could exempt certain low risk customers
from KYC, the FATF Recommendations do not permit such
exemptions. The AML Regulations maintain the exempted
categories contained in the old regulations but now specify that in
respect of "Acceptable Applicants" (including a Cayman
entity that is an FSP, a government or statutory body of a
recognised foreign country, a foreign regulated entity or a company
listed on a recognised stock exchange) such customers need to be
identified but that verification documents are not necessary.
The AML Regulations also maintain the eligible introducers
exemption but provide for enhanced written assurances from the
eligible introducer, including an assurance that copies of
identification and verification data obtained by the eligible
introducer will be made available to the FSP on request. An
important point to note in respect of the new simplified due
diligence provisions is that an assessment of lower risk is not
something that the FSP can determine unilaterally anymore. A
finding as to low level of risk is now only valid if such finding
is consistent with the findings of the Anti-Money Laundering
Steering Group, being a body created under the PCL, or any other
body designated in writing by the Cabinet in accordance with the
PCL.
- Simplified due diligence (SWIFT or Regulation 8
exemption) – one exempted category that has been
heavily used in Cayman, in particular by the funds industry, is the
category where the relationship is funded from a bank account in
the name of the customer in a country recognised by Cayman as
having an equivalent AML regime. That, in itself, under the
old regulations was capable of constituting the required evidence
of identity. The AML Regulations modify this provision to maintain
the original concept in a way that can be sustained under the FATF
Recommendations by making it clear that basic customer
identification details must be obtained upon receipt of payment,
but that verification of customer due diligence may ordinarily be
collected at a later stage, which must be before onward payment to
the customer or to any other person.
- "Beneficial owner" definition
– the AML Regulations introduce the concept of
"beneficial owners" (on whom KYC checks need to be
completed where the customer is a legal person or legal
arrangement). The AML Regulations now contain a uniform and
clearly identifiable definition that is aligned with the FATF
Recommendations (and also FATCA and the Common Reporting
Standards), being the natural person who ultimately owns or
controls the customer including, but not restricted to: (i) in the
case of a legal person other than a company whose securities are
listed on a recognized stock exchange, a natural person who
ultimately owns or controls, directly or indirectly, 10% or more of
the shares or voting rights in the legal person; (ii) in the case
of any other legal person, a natural person who otherwise exercises
ultimate effective control over the management of the legal person;
(iii) in the case of a legal arrangement, the trustee or other
person who exercises ultimate effective control over the legal
arrangement.
- Increase in penalties – the AML
Regulations provide that a person who contravenes the AML
Regulations commits an offence and is liable on summary conviction
to a fine of CI$500,000 (approximately US$600,000) or on conviction
on indictment, to a fine and to imprisonment for two years.
This is a substantial increase in the penalties for breach of the
AML Regulations. Additionally, recent amendments to the
Monetary Authority Law (and related regulations that are still
under consultation) expand CIMA's power to impose
administrative fines for non-compliance, including non-compliance
with the AML Regulations. The proposed regulations are still
in draft form and we will circulate a briefing note summarising
those powers in due course.
- Deputy MLRO – the AML Regulations now
provide for the appointment of a deputy Money Laundering Reporting
Officer ensuring that a second person at managerial level will be
involved in an FSP's anti-money laundering process.
- Deletion of Schedule 3 – Schedule 3 of the old regulations, which set forth the list of countries recognised by Cayman as having an equivalent AML regime has been deleted from the AML Regulations. The list of recognised countries now will be maintained electronically by the Anti-Money Laundering Steering Group, being a body created under the PCL, on the Cayman government website rather than as a stagnant list maintained in regulations, with the idea being that the list will be able to be updated more quickly.
On the whole, the AML Regulations introduce incremental but effective changes aimed at further strengthening the robustness of the Cayman anti-money laundering framework. We expect further clarification to be set forth in the updated Guidance Notes, a draft of which we anticipate will be circulated by CIMA for consultation in the next few weeks with a view to updated Guidance Notes being finalised and adopted later this year.
The main areas that FSPs, in particular investment funds, that rely on third parties to satisfy their Cayman AML obligations should think about at this stage are (1) updating disclosures referencing the AML Regulations, PCL, and Schedule 3 Countries, as and when such disclosure documents are being updated; and (2) ensuring that the FSP has the ability to control onward payment to a customer or another party in the event that the third party conducting the AML checks is relying on the SWIFT exemption (to ensure that the verification now required by the AML Regulations may be completed before onward payment is made).
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.