The Anti-Money Laundering Regulations, 2017 ("AML Regulations") were gazetted on 20 September 2017 and come into force on 2 October 2017. The Money Laundering Regulations (2015 Revision) have been repealed and the Guidance Notes on the Prevention and Detection of Money Laundering and Terrorist Financing in the Cayman Islands (the "Guidance Notes") shall be updated in due course.
While the fundamental anti-money laundering and combatting of terrorist financing ("AML / CFT") obligations remain, the AML Regulations bring about many significant changes to the Cayman Islands' AML / CFT regime to keep it more closely aligned with the FATF Recommendations1 and global practice.
This update highlights some of the key changes to the AML / CFT regime under the AML Regulations.
Expansion of Scope
The AML Regulations remove the definition of 'relevant financial business' under the prior Regulations and now infer the application of the same term, as expanded, under the principal law, the Proceeds of Crime Law (2017 Revision) ("POCL"). In addition to the previously prescribed activities, 'relevant financial business' now includes (i) "Otherwise investing, administering or managing funds or money on behalf of other persons" and (ii) "Underwriting and placement of life insurance and other investment related insurance".
This means that both regulated and unregulated investment entities, insurance entities and finance vehicles will now be subject to the AML Regulations and the mandatory procedure obligations. We understand that a competent authority2, separate from the Cayman Islands Monetary Authority ("CIMA"), will also supervise AML / CFT compliance of certain unregulated entities conducting relevant financial business, but it is likely that CIMA will be responsible for the oversight of all investment and insurance entities.
We understand that in order to allow insurance entities, finance vehicles and unregulated investment entities not previously subject to the AML / CFT regime to implement appropriate procedures (or delegation arrangements) to comply, CIMA is considering issuing an advisory, as guidance, which allows such entities a grace period (possibly of one year) to comply with their procedural obligations under the AML Regulations.
We shall be issuing a client update titled "New AML Regulations: Application to Insurance Entities and Unregulated Investment Entities" shortly with further details.
Addition of Definitions
In conjunction with the expanded provisions on risk-based approach and enhanced due diligence, new, more prescriptive, definitions have been added (or transferred from the Guidance Notes), including 'beneficial owner' and 'politically exposed persons'. The definition of beneficial owner largely derives from the same term under the FATF Recommendations, as used recently under FATCA and the Common Reporting Standard.
Expansion of Mandatory Procedures
Specific procedures for: (i) adopting a risk-based approach (i.e. identifying, assessing and understanding risks, in relation to the customer, its business and transactions); (ii) employee screening procedures; and (iii) conducting sanction and FATF non-compliant territory checks have been added to the current mandatory AML / CFT procedures, which include:
(a) client identification and verification;
(b) internal controls and communication (ongoing monitoring and internal audit);
(c) internal and external reporting and the appointment of a money laundering reporting officer;
(d) designating an AML Compliance Officer; and
(e) training and awareness in relation to the AML / CFT regime.
Adoption of Risk-Based Approach
A comprehensive set of procedural requirements have been introduced around the implementation and management of risk-based policies and procedures, from customer risk assessments and ongoing monitoring through record keeping and regulatory disclosures. The practical application of the risk rating methodology for customer relationships should be expanded upon in the Guidance Notes. In relation to due diligence procedures, the risk analysis is amplified by the requirement to identify and reasonably verify beneficial owners.
Enhanced Due Diligence
Pursuant to the risk assessment procedures, certain customer relationships (assessed as higher risk) shall be determined to require enhanced due diligence; i.e. beyond standard due diligence.
For example, a new Part VII has been introduced to address procedures applicable to politically exposed persons (and their family members and close associates). There is also a specific procedural requirement to conduct sanctions checks. As noted above, it is understood that the updated Guidance Notes shall also address the practical application of enhanced due diligence procedures in further detail.
Where simplified due diligence cannot be applied and the applicant for business is a legal person or arrangement, the identification and verification procedures will need to be applied to the beneficial owner(s) / controller(s) of the applicant for business. The AML Regulations adopt the definition of beneficial owner (and controlling ownership) similar to that adopted under the FATF Recommendations and Interpretive Notes.
Simplified Due Diligence (KYC Exceptions)
Where a customer relationship has been assessed as lower risk, persons conducting relevant financial business shall be permitted to apply simplified due diligence procedures (or avoid conducting full verification). The majority of KYC exceptions under the prior Regulations and Guidance Notes continue to exist. However, there have been certain significant adjustments, for example:
(a) An assessment of lower risk needs to be consistent with the findings of the national risk assessment (i.e. any commentary in reports issued thereunder) or a Supervisory Authority (e.g. CIMA and the Guidance Notes);
(b) In relation to the Regulation 8 exemption, where a relationship is funded from a bank account in the name of the customer in an approved jurisdiction, verification will now need to be performed on the customer before repayment; and
(c) For nominee relationships (where the nominee meets low risk criteria), the written assurance required from the nominee customer must now acknowledge that identification and verification information on their principal and beneficial owners shall be made available upon request. It will be important here to apply ownership thresholds and criteria for beneficial ownership, as set out under the FATF definitions.
Removal of Schedule 3
The list of jurisdictions, previously approved by CIMA as having equivalent AML / CFT regimes to the Cayman Islands has been removed and shall be maintained by the AML Steering Group, a body created under the POCL. It appears that references to such jurisdictions, particularly in the context of simplified due diligence, still remain.
Offences, Penalties and Administrative Fines
Any person who breaches the AML Regulations commits an offence and is liable on summary conviction to a fine of up to CI$500,000 (approximately US$600,000) or on indictable conviction to a fine (unlimited) and imprisonment for two years. These are significant uplifts in penalties from the prior Regulations.
In addition, under amendments to the Monetary Authority Law and proposed regulations, which are not yet in force, CIMA will have the power to impose administrative fines for non-compliance with the AML Regulations. Under the proposed regulations, breaches of the provisions have mostly been classified as 'serious' offences that incur a fine of CI$50,000 for individuals and CI$100,000 for body corporates, at CIMA's discretion. Imposition of an administrative fine will not preclude separate prosecution under the AML Regulations (or vice versa).
As with the prior Regulations, vicarious liability provisions apply whereby if an offence is proved to have been committed with the consent or connivance of, or be attributable to the neglect of, a director, manager, secretary or other similar officer of the body corporate (or equivalent entities; e.g. members or partners), the person and the body corporate are both liable.
Guidance Notes and Transitional Provisions
It is clear that, given the significant expansion of the AML Regulations to investment entities not previously in scope, and the adoption of further FATF principles, the Guidance Notes shall take on renewed importance, to clarify and interpret the legislation. The AML Regulations do recognise that a court (and therefore the Supervisory Authority or prosecutors) shall take into account any relevant and applicable supervisory or regulatory guidance in determining compliance with the AML Regulations.
We shall revert further once these matters have been addressed under the Guidance Notes consultation.