The updated AML/CTF regime includes the Proceeds of Crime Law, as amended, (2017 Revision) (POCL), the Anti-Money Laundering Regulations, 2017, as amended, (AML Regulations), the Terrorism Law (2017 Revision), as amended, and the Guidance Notes on the Prevention and Detection of Money Laundering and Terrorist Financing in the Cayman Islands dated December 2017 (Guidance Notes). The Guidance Notes provide practical guidelines that represent best practice for the development of AML/CTF procedures in line with international standards.
Key Changes under anti-money laundering Regulations
Relevant Financial Business
The scope of the AML/CTF regime is defined by reference to “relevant financial business”. This continues to be the case, however, the term is now defined by reference to the POCL instead of the AML Regulations, with the definition of “relevant financial business” now including: (i) “Otherwise investing, administering or managing funds or money on behalf of other persons” and (ii) “Underwriting and placement of life insurance and other investment related insurance”. While the expanded definition continues to cover the traditional financial service providers such as regulated mutual funds, trusts business and banking business, it now brings unregulated investment entities (specifically, private equity funds), insurance entities and finance vehicles such as CLOs within the scope of the AML Regulations.
The requirements relating to maintaining client identification and verification procedures, reporting of suspicious activity, internal control procedures, staff training, appointing a Money Laundering Reporting Officer and Compliance Officer (now termed Anti-Money Laundering Compliance Officer) remain under the AML Regulations. However, the AML Regulations introduce the following additional requirements:
- designating a Deputy Money Laundering Reporting Officer;
- screening employees when hiring to ensure high standards;
- adopting a risk-based approach (see below); and
- checking against all applicable sanctions lists and observing the list of countries, published by any competent authority, which are non-compliant, or do not sufficiently comply with the FATF recommendations.
The AML Regulations introduce a risk-based approach, including the requirement that a person carrying out relevant financial business conduct a business risk assessment of products, services, transactions, delivery channels or new or developing technology risks to identify, assess, and understand its money laundering and terrorist financing risks in relation to its customers and the country or geographic area in which the customer resides or operates. Risk assessments must be documented, monitored and kept current and must also incorporate policies and procedures approved by senior management which enable such person to manage and mitigate any risks identified.
The risk-based approach leads to simplified or enhanced customer due diligence (CDD) procedures being applicable depending on whether lower or higher risks, respectively, are identified.
Simplified Due Diligence
On the application of a business risk assessment, where a customer relationship has been assessed as lower risk, persons conducting relevant financial business are permitted to apply simplified CDD procedures. Lower risk customers are required to be identified, but verification documents are not necessary.
Any assessment of lower risk by a financial service provider has to be consistent with the findings of the Anti-Money Laundering Steering Committee (being a body created under the POCL) or any other supervisory authority.
The types of customers to which simplified CDD may be applied include the following:
- Cayman Islands entities that are financial service providers and subject to the AML Regulations;
- government organisations, statutory bodies or government agencies of foreign countries and territories which are recognised by the Cayman Islands as having an equivalent AML/CTF regime (Approved Countries);
- entities which are regulated in an Approved Country;
- companies listed on a recognised stock exchange; and
- customers introduced through an intermediary (Eligible Introducer), when such Eligible Introducer provides detailed written assurances with respect to CDD on the customers.
The commonly used exemption to CDD applicable to electronic payments (where a transaction is funded from a bank account in the name of the customer in an Approved Country) survives only partially under the AML Regulations. The AML Regulations now require basic customer details to be obtained upon receipt of payment, but verification of CDD to be obtained before onward payment.
Enhanced Due Diligence
On the application of a business risk assessment, where a customer relationship has been assessed as higher risk, persons conducting relevant financial business are required to apply enhanced CDD procedures (i.e. beyond standard CDD).
Enhanced CDD must also be applied to politically exposed persons (PEPs) and their family members and close associates, or where a customer or an applicant for business is from a foreign country that has been identified by credible sources as having serious deficiencies in its AML/CTF regime or a prevalence of corruption.
Examples of enhanced CDD measures include, among other things, obtaining additional information on the customer, the intended nature of the business relationship and the source of funds and also updating such information more frequently.
The AML Regulations contain specific requirements to identify beneficial owners and legal arrangements and to apply a risk-based approach to conducting CDD on existing relationships.
The list of Approved Countries is no longer maintained as a schedule to the AML Regulations (previously referred to as Schedule 3), but is now approved by the Anti-Money Laundering Steering Committee and can therefore be amended without the need to pass formal legislation.
Increase in AML Penalties
Any person who breaches the AML Regulations commits an offence and is liable on summary conviction to a fine of up to CI$500,000 (a substantial increase from CI$5,000 under the previous regulations) or on conviction on indictment to a fine (which is unlimited) and imprisonment for two years.
In addition, the Monetary Authority (Amendment) Law, 2016 and the Monetary Authority (Administrative Fines) Regulations, 2017 give the Cayman Islands Monetary Authority (CIMA) the power to impose administrative fines for non-compliance with the AML Regulations. The fines range from CI$5,000 for minor breaches to CI$100,000 (for individuals) and CI$1,000,000 (for entities) for very serious breaches. Fines for ongoing minor breaches can be applied on a continuous basis up to a maximum of CI$20,000. CIMA will have six months from becoming aware of a minor breach to impose a fine. The time limit is two years for breaches described as serious or very serious.
At first glance, the updated AML/CTF regime may cause one to think that the entire regime has been overhauled, however, this is not the case. Many of the changes, although now codified in the Cayman Islands, are not really new per se. The market trend in recent years has been to adopt a risk-based approach, apply enhanced CDD when appropriate, apply AML/CTF procedures to unregulated funds (even though they were out of scope) and conduct CDD on beneficial owners. In addition, a regulated investment fund continues to be able to comply with its AML/CTF obligations by delegation to and reliance on a suitable party (including the Anti-Money Laundering Compliance Officer, the Money Laundering Reporting Officer and the Deputy Money Laundering Reporting Officer). Therefore, many entities conducting relevant financial business will already be compliant with the AML Regulations.
Although changes may not be necessary, we would recommend that current AML/CTF policies and procedures or any delegation/reliance arrangements be reviewed to ensure that they are consistent with the new requirements.
Entities that are newly subject to the AML Regulations have until 31 May 2018 to implement appropriate AML procedures or to implement a delegation/reliance arrangement. There is no sector- specific guidance in the Guidance Notes for some businesses now caught by the AML Regulations, including unregulated investment funds and structured finance vehicles, but such guidance is currently being developed by CIMA and will be published in due course.