In our update of October 2015 we summarised the provisions and application of the Cayman Islands Monetary Authority's ("CIMA") Statement of Guidance on the outsourcing of material functions by regulated entities (the "Guidance").
The Guidance applies to entities regulated by CIMA (with the exception of regulated mutual funds, Excluded Persons under the Securities Investment Business Law and private trust companies) ("Regulated Entities").
One of the key requirements under the Guidance is that CIMA expects Regulated Entities to have assessed their outsourcing risk management and to have addressed any deficiencies in outsourcing policies and arrangements by September 2016.
Regulated Entities are also expected to carry out risk assessments and reviews of their outsourcing arrangements at least annually, and more frequently, subject to the level of risk or materiality of the relevant outsourced functions.
We therefore expect an analysis of compliance with the Guidance to be a focal point of CIMA inspections of Regulated Entities and for CIMA to require remediation in cases of non-compliance.
Although stated as not being exhaustive or prescriptive, the Guidance nevertheless prescribes minimum requirements both as regards a Regulated Entity's governance and the contents of its outsourcing agreements (whether or not they are with related parties) and includes requirements which may not necessarily be common in the course of outsourcing negotiations. For instance, Regulated Entities are expected to ensure that their delegate service providers maintain adequate insurance cover.