The Cayman Islands Monetary Authority ("CIMA") has issued the third edition of its Supervisory Issues and Information Circular (the "Circular"). The Circular summarises the key findings for trust and company services providers (the "Licensees") which were identified during CIMA's on-site inspections during 2016 and highlights the common recurrent areas of non-compliance of the Licensees inspected. It is noted that the trust and company services sector was found to be generally compliant with the relevant and applicable supervisory legislation, statements of guidance and regulatory standards. However, Licensees are encouraged to take note of the findings set out in the Circular and where appropriate, take remedial steps to ensure that their practices are carried out in line with those laws, statements of guidance and standards.
I. Summary of Inspection Findings
Compliance Reviews and Internal Audit
CIMA noted that, in some instances, Licensees failed to undertake regular reviews of existing clients. Inspections further highlighted the fact that risk ratings of Licensee clients were not differentiated by those Licensees and that specific required information was lacking. In this regard, CIMA recommends that (a) a more meaningful description and explanation of source of funds be recorded; and (b) that Licensees adhere to the minimum standard established by the Guidance Notes on the Prevention and Detection of Money Laundering and Terrorist Financing (the "Guidance Notes") by ensuring that all KYC documentation is certified as a true copy of the original. It was also noted that robust KYC policies and procedures have been established however Licensees in many instances did not adhere to them. The Circular notes that the Statements of Guidance issued by CIMA allow Licensees a certain degree of flexibility to implement a program that is appropriate to the nature and scale of the Licensee's business and reminds Licensees that a proper program of compliance and internal audit will assist in identifying and correcting some of these deficiencies
Policies and Procedures
The Circular notes that although all Licensees inspected did have policies and procedures manuals in place, many were not subject to a program of regular review which meant that neither updates to the local legislative framework nor updated risk assessments were reflected in the relevant manuals.
Inspections revealed the need for improvement in AML training programmes. It was noted that although most Licensees directed training at members of their staff, their appointed Compliance Officer and MLRO, no training was considered for members of the board of directors of the Licensee company. The Circular notes that CIMA expects Licensees to determine a frequency for training of staff based on the risk and complexity of its specific business.
Eligible Introducer Testing
The fact that Licensees did not routinely test the reliability of eligible introducer letters was highlighted in the Circular. Licensees are reminded that CIMA expects Licensees to access the KYC documentation in respect of the introduced business, as and when necessary.
II. Administrative Fines Regime
A recent amendment to the Monetary Authority Law provides for a new administrative fines regime which empowers CIMA to impose fines for noncompliance with laws, rules and regulations. The Circular notes that the accompanying Regulations to support the regime are in the process of being finalised and outlines the various categories of breach and the associated fines. CIMA will categorize breaches as being "minor", "serious" or "very serious". Minor infractions will be described as `non-discretionary' and will range from $5,000 per breach to a maximum of $20,000 if on-going. The serious and very serious breaches will be categorised as `discretionary' and will range from $50,000 to $1,000,000.