← Back to Insights

Regulatory and compliance updates for Cayman Islands Q3 2023

07 November 2023

FATF grey list

At the conclusion of the Financial Action Task Force (“FATF”) October 2023 Plenary meeting on October 27 2023, the FATF removed the Cayman Islands from the list of jurisdictions under increased monitoring (the “grey list”).

The Cayman Islands Ministry of Financial Services issued the following press release:

https://www.mfs.ky/news/grit-and-commitment-gets-the-cayman-islands-off-the-fatf-list/ 

While we do expect the European Commission to follow suit and remove the Cayman Islands from its list of high-risk third countries, it may be towards the end of December before an official update is provided (noting that the outcomes of the June 2023 FATF Plenary were updated on August 18 2023).

The European Commission had previously given a commitment in May 2022 that they would begin their steps to delist once the FATF removed the Cayman Islands from its grey list:

https://www.mfs.ky/news/eu-confirms-no-additional-aml-cft-measures-for-cayman/ 

Revised Anti-money laundering guidance notes

On August 30 2023, the Cayman Islands Monetary Authority (“CIMA”) published revised Guidance Notes in the Cayman Islands Gazette on the Prevention and Detection of Money Laundering, Terrorist Financing, and Proliferation Financing in the Cayman Islands

The key changes include:

E-KYC and digital ID

The authority expects that once the financial service provider (“FSP”) is satisfied that it knows the assurance levels of the digital identification (“ID”) system, it should evaluate whether the digital ID system is adequate, in the context of the relevant illicit financing risks, under a risk-based approach to customer due diligence (“CDD”):

  • Customer identification and verification methods should align with the FSP’s risk assessment of its customers, so the decision to onboard a customer remotely, using electronic Know Your Customer (“e-KYC") methods and digital ID technologies, should be dependent on the risks presented and assessed, and where applicable consider the application of tiered CDD.
  • FSPs should consider the basic components of the technology solution, including digital ID/e-KYC systems and take an informed risk-based approach to rely on these when conducting non-face-to-face remote onboarding or ongoing monitoring of business relationships.
  • FSPs should carry out formal risk assessments of the new technology solution, including e-KYC/digital ID technology which include documented consideration of how the proposed system works, the level of assurance that it provides, and any particular risks associated with it, inter alia, accuracy of the underlying information and/or technology, appropriateness of the application for the licensee's client base (i.e., some applications are aligned to verify identification within a specific region), timeliness of the applications' updates (i.e., sanctions lists), evaluation of the cyber security measures of the application, storage of personal information, etc.
  • Customer identification and transactions that rely on reliable e-KYC/independent digital ID systems with appropriate risk mitigation measures that meet ISO/IEC technical global standards for digital ID systems may present a standard level of risk and may even be lower risk where higher assurance levels are implemented and/or appropriate money laundering and terrorism financing risk control measures, such as product functionality limits, are present.

E-KYC and digital ID - Policies and procedures

FSPs should have robust documented policies and procedures in place to ensure a consistent and adequate approach to relying on new digital ID system/technology solutions for CDD purposes. These may include (but are not limited to):

  • A tiered CDD approach that leverages the new technology solutions with various assurance levels;
  • Policies for the secure electronic collection and retention of records by the new technology solutions;
  • A process for enabling authorities to obtain from the new technology solutions the underlying identity information and evidence needed for identification and verification of individuals;
  • Anti-fraud and cybersecurity processes to support e-KYC/digital ID proofing and/or authentication for anti-money laundering and counter-terrorism financing efforts resulting from the new technology solutions;
  • Back-up plans for instances where the new technology solutions fail;
  • A description of risk indicators that would prompt a FSP to use new digital ID system/technology solutions; and
  • Procedures for the regular, ongoing, and independent review of the effectiveness of the new systems and processes used.

E-KYC and digital ID - monitoring

FSPs shall adopt appropriate anti-fraud and cybersecurity measures to support digital ID/e-KYC technology, such as authentication systems for CDD purposes.

Video-conferencing is e-KYC

Video-conferencing is a live, visual connection between two or more remote parties over the internet that simulates a face-to-face meeting. Video-conferencing is an e-KYC mechanism and is not considered face-to-face.

Using video-conferencing to onboard customers who are legal persons or arrangements may be used to identify natural persons such as directors, officers, ultimate beneficial owners, settlors, trustees, protectors, or those appointed to act on behalf of the customer.

Independent reviews

CIMA clarified that an independent review may be conducted by internal audit, or any other control function as defined within Rule: Corporate Governance for Regulated Entities. This means that an independent review doesn’t have to be carried out by an external body.

Identification

Verification of documents through “selfie” documents, photographs, or videos: Photographs (not black and white) clearly showing the person’s face, holding the identity document in the same photograph to demonstrate it belongs to the customer. A clear scanned copy (not black and white) or a photograph of the identity document itself should also be provided.

Other amendments

  • Part IX relating to virtual assets service providers (consolidation of the sector-specific guidance notes previously gazetted in February 2021); and
  • Part X relating to securitization (consolidation of the sector-specific guidance notes previously gazetted in May 2021).

https://www.cima.ky/upimages/commonfiles/GuidanceNotesonPreventionandDetectionofML-TF-PF-August2023_1693586227.pdf

Companies (Amendment of Schedule 4) Order 2023

On July 19 2023, The Companies (Amendment of Schedule 4) Order was gazetted and came into force immediately to replace the list of approved stock exchanges in Schedule 4 of the Companies Act (2023 Revision).

https://legislation.gov.ky/cms/images/LEGISLATION/AMENDING/2023/2023-A016/CompaniesAmendmentofSchedule4Order2023SL16of2023.pdf

Beneficial Ownership Transparency Bill

The Beneficial Ownership Transparency Bill (“the Bill”) was gazetted on August 30 2023, along with nine related amendment bills, and will be presented before Parliament in the fourth quarter of 2023. The Bill consolidates the existing beneficial ownership regime.

The key changes include:

  • Inclusion of limited partnerships and exempted limited partnerships, together with companies, foundation companies, limited liability company, and limited liability partnership;
  • Process of compliance for entities listed on specified stock exchanges, persons licensed under a regulatory law or CIMA registered investment funds;
  • The introduction of the requirement for CIMA registered investment funds to appoint a beneficial ownership principal point of contact in the Cayman Islands; and
  • Changes to the definition of beneficial owner and information required to be maintained for each beneficial owner.

Phishing email alerts

On October 27 2023, CIMA issued a warning in respect of emails purporting to be from the Authority. All legitimate emails and website links relating to CIMA will end in @cima.ky

https://www.cima.ky/potential-phishing-email-alert   

Upcoming reporting deadlines

December 1 – An entity must be put into voluntary liquidation to avoid 2024 annual fees.

December 31 - Economic Substance Returns due to the Department for International Tax Cooperation for Relevant Entities carrying on a Relevant Activity with December 31 2022 financial year-end.

December 31 - De-registration deadline to avoid 2024 annual fees for CIMA Registered Entities and Directors.

January 15 - Annual licence fee payments for all entities registered with CIMA. Overdue payment penalties start to accrue after January 15, 2024, on a monthly basis.

January 15 - Annual declaration for directors registered with CIMA under the Director Registration and Licensing Act.

January 15 - Annual declaration for entities registered as a Registered Person under the Securities Investment Business Act.

January 31 - Cayman Islands registered companies, LLCs and LLPs, and all Cayman Islands general and limited partnerships (including exempted limited partnerships) registered after June 30, 2023, must file their economic substance notification with the Registry. An entity must file its economic substance notification before it can file its annual return with the Registry.

January 31 - Annual return and payment of annual fees to the Registrar for all entities incorporated or registered in the Cayman Islands (including foreign partnerships and companies).

 

Read more

Related

Regulatory Tracker
Update on CIMA Regulatory Measures

Update on CIMA Regulatory Measures

Read More
Regulatory Tracker
Regulatory Updates for Cayman Islands Q2 2023

Regulatory Updates for Cayman Islands Q2 2023

Read More
All Articles

Get in touch with our team

Ask a question

Contact Us
Our Business
Local Support
Contact