This client briefing addresses recent changes to the Cayman anti-money laundering framework - in particular those made by the Anti-Money Laundering Regulations, 2017 (AML Regulations), which came into force on 2 October 2017.
The Cayman anti-money laundering framework comprises:
- the Proceeds of Crime Law (2017 Revision) (PCL), specifically Part V of that law, which came into force in May 2017;
- the AML Regulations, made by the Cabinet pursuant to specific powers in the PCL, which repealed the old Money Laundering Regulations (2015 Revision);
- the guidance notes (Guidance Notes) on the prevention and detection of money laundering and terrorist financing in the Cayman Islands dated August 2015, prepared by the Cayman Islands Monetary Authority (CIMA) pursuant to specific powers in the Monetary Authority Law. The Guidance Notes are currently being reviewed and will be updated in due course.
The thrust of the changes to the AML Regulations has been to close gaps that remained between Cayman's robust anti-money laundering regime and the Financial Action Task Force 2012 recommendations (FATF Recommendations). The new AML Regulations do not re-shape the existing regime but they do introduce some important changes that need to be taken into account by those that are implementing Cayman anti-money laundering processes and procedures. The principal changes are as follows:
- Expanded Scope – the AML Regulations continue to define their scope by reference to "relevant financial business" – save that the definition is now no longer contained in the AML Regulations but has been moved to the PCL.
- "Relevant financial business," the conduct of which brings a person (a financial services provider or FSP) within the scope of the AML Regulations, comprises (amongst others) business that is regulated in Cayman, such as banking business, trust business, insurance business, securities investment business, and regulated funds business. Relevant financial business also includes certain non-regulated activities that are listed in a schedule to the PCL, including "trading for own account or for the account of customers in transferable securities." That list of non-regulated activities covered by the AML Regulations has now been expanded to include: (i) " otherwise investing, administering or managing funds or money on behalf of other persons;" and (ii) "underwriting and placement of life insurance and other investment related insurance."
- Whereas previously some unregulated funds were covered by the anti-money laundering regime, for example those that traded in transferable securities or some funds established as exempted limited partnerships (by virtue of the fact that the general partner was conducting securities investment business) the AML Regulations now make it clear that all unregulated as well as regulated investment entities are covered, as well as insurance entities and financing entities.
- As regards the unregulated business, the PCL provides that the Cabinet may assign to the Financial Reporting Authority (FRA), a public sector body or a self-regulatory body the responsibility of monitoring compliance with the AML Regulations by persons covered by the AML Regulations who are not otherwise subject to monitoring by CIMA (which has authority for the supervision of persons conducting regulated business).
- Adoption of a risk-based approach – the other major change is that the AML Regulations now formally introduce the concept of a risk-based approach as part of the AML processes and procedures that must be adopted by FSPs. An FSP is now required to take steps appropriate to the nature and size of its business to identify, assess, and understand its money laundering and terrorist financing risks in relation to a customer, the country or geographic area in which the customer resides or operates, the FSP's products, service and transactions, and the FSP's delivery channels. We expect that the updated Guidance Notes will provide further detail regarding the practical application of the risk rating methodology.
- Expansion of mandatory procedures –the old regulations required that FSPs maintain the following procedures:
(a) Customer identification procedures (KYC)
(b) Record-keeping procedures
(c) Internal reporting procedures (i.e. appointment of a money laundering reporting officer)
(d) Other procedures of internal control (including an appropriate internal audit function) and communication
(e) Designating a person, at management level, to be a compliance officer with responsibility for monitoring and ensuring internal compliance with the laws relating to money laundering
(f) Employee training and awareness in relation to AML regime and transactions by persons engaged in money laundering
The AML Regulations retain these procedures but now provide for two additional mandatory procedures:
(a) Employee screening procedures (for FSPs that have employees)
(b) Conducting sanction and FATF non-compliant territory checks
- Simplified due diligence (general) – whereas previously FSPs could exempt certain low risk customers from KYC, the FATF Recommendations do not permit such exemptions. The AML Regulations maintain the exempted categories contained in the old regulations but now specify that in respect of "Acceptable Applicants" (including a Cayman entity that is an FSP, a government or statutory body of a recognised foreign country, a foreign regulated entity or a company listed on a recognised stock exchange) such customers need to be identified but that verification documents are not necessary. The AML Regulations also maintain the eligible introducers exemption but provide for enhanced written assurances from the eligible introducer, including an assurance that copies of identification and verification data obtained by the eligible introducer will be made available to the FSP on request. An important point to note in respect of the new simplified due diligence provisions is that an assessment of lower risk is not something that the FSP can determine unilaterally anymore. A finding as to low level of risk is now only valid if such finding is consistent with the findings of the Anti-Money Laundering Steering Group, being a body created under the PCL, or any other body designated in writing by the Cabinet in accordance with the PCL.
- Simplified due diligence (SWIFT or Regulation 8 exemption) – one exempted category that has been heavily used in Cayman, in particular by the funds industry, is the category where the relationship is funded from a bank account in the name of the customer in a country recognised by Cayman as having an equivalent AML regime. That, in itself, under the old regulations was capable of constituting the required evidence of identity. The AML Regulations modify this provision to maintain the original concept in a way that can be sustained under the FATF Recommendations by making it clear that basic customer identification details must be obtained upon receipt of payment, but that verification of customer due diligence may ordinarily be collected at a later stage, which must be before onward payment to the customer or to any other person.
- "Beneficial owner" definition – the AML Regulations introduce the concept of "beneficial owners" (on whom KYC checks need to be completed where the customer is a legal person or legal arrangement). The AML Regulations now contain a uniform and clearly identifiable definition that is aligned with the FATF Recommendations (and also FATCA and the Common Reporting Standards), being the natural person who ultimately owns or controls the customer including, but not restricted to: (i) in the case of a legal person other than a company whose securities are listed on a recognized stock exchange, a natural person who ultimately owns or controls, directly or indirectly, 10% or more of the shares or voting rights in the legal person; (ii) in the case of any other legal person, a natural person who otherwise exercises ultimate effective control over the management of the legal person; (iii) in the case of a legal arrangement, the trustee or other person who exercises ultimate effective control over the legal arrangement.
- Increase in penalties – the AML Regulations provide that a person who contravenes the AML Regulations commits an offence and is liable on summary conviction to a fine of CI$500,000 (approximately US$600,000) or on conviction on indictment, to a fine and to imprisonment for two years. This is a substantial increase in the penalties for breach of the AML Regulations. Additionally, recent amendments to the Monetary Authority Law (and related regulations that are still under consultation) expand CIMA's power to impose administrative fines for non-compliance, including non-compliance with the AML Regulations. The proposed regulations are still in draft form and we will circulate a briefing note summarising those powers in due course.
- Deputy MLRO – the AML Regulations now provide for the appointment of a deputy Money Laundering Reporting Officer ensuring that a second person at managerial level will be involved in an FSP's anti-money laundering process.
- Deletion of Schedule 3 – Schedule 3 of the old regulations, which set forth the list of countries recognised by Cayman as having an equivalent AML regime has been deleted from the AML Regulations. The list of recognised countries now will be maintained electronically by the Anti-Money Laundering Steering Group, being a body created under the PCL, on the Cayman government website rather than as a stagnant list maintained in regulations, with the idea being that the list will be able to be updated more quickly.
On the whole, the AML Regulations introduce incremental but effective changes aimed at further strengthening the robustness of the Cayman anti-money laundering framework. We expect further clarification to be set forth in the updated Guidance Notes, a draft of which we anticipate will be circulated by CIMA for consultation in the next few weeks with a view to updated Guidance Notes being finalised and adopted later this year.
The main areas that FSPs, in particular investment funds, that rely on third parties to satisfy their Cayman AML obligations should think about at this stage are (1) updating disclosures referencing the AML Regulations, PCL, and Schedule 3 Countries, as and when such disclosure documents are being updated; and (2) ensuring that the FSP has the ability to control onward payment to a customer or another party in the event that the third party conducting the AML checks is relying on the SWIFT exemption (to ensure that the verification now required by the AML Regulations may be completed before onward payment is made).