The Cayman Islands Monetary Authority (“CIMA”) made a number of key changes to its anti-money laundering (“AML”) regulations in 2018 (the “AML Regulations”) including expanding their reach to unregulated entities, including private equity, venture capital and real estate funds, insurance entities and finance vehicles like collateralized loan obligations (“CLOs”). CIMA also now requires the designation of a Deputy Money Laundering Reporting Officer (“DMLRO), in addition to an anti-money laundering compliance officer (“AMLCO”), and a Money Laundering Reporting Officer (“MLRO”), all of whom must be natural persons. The AML Regulations also adopted a risk-based approach, requiring Cayman Island investment funds to understand the money-laundering and terrorist-financing risks that apply to their business and investors, and develop customer due diligence procedures to manage and mitigate those risks.
CIMA released Guidance Notes on the Prevention and Detection of Money Laundering and Terrorist Financial in the Cayman Islands (“Guidance Notes”) on December 13, 2017, to provide a roadmap for Financial Service Providers (“FSPs”) for complying with the AML Regulations. FSPs are defined as those persons engaged in “relevant financial business” as defined under the Proceeds of Crime Law (2018) Revision.
Unregulated Entities Now Covered by Relevant Financial Business Definition
The term “relevant financial business” means the business of engaging in one or more of the following:
banking or trust business;
acceptance by a building society of deposits made by any person (including the raising of money from members of the society by the issue of shares);
business carried on by a co-operative society;
insurance business and the business of an insurance manager, or an insurance agent;
mutual fund administration or the business of a regulated mutual fund within the meaning of the Mutual Funds Law; and
the business of company management.
The term “relevant financial business” also includes any of the activities set out in Schedule 6 of the law, and includes activities including, but not limited to, “otherwise investing, administering or managing funds or money on behalf of other persons” which has been interpreted to include unregulated as well as regulated investment entities (i.e. “private funds”).
Anti-Money Laundering Officer Requirements
Persons engaged in “relevant financial business” are required to undertake due diligence on all existing investors and put in place AML processes and procedures. Section 33 of the AML Regulations states that Cayman Islands investment funds must appoint a natural person to act as their anti-money laundering compliance officer (“AMLCO”), Money Laundering Reporting Officer (“MLRO”) and Deputy Money Laundering Reporting Officer (“DMLRO”).
The same natural person can serve as the AMLCO and the MLRO for a fund, as long as the person has sufficient resources and knowledge of the responsibilities for each role. The AMLCO is responsible for overall compliance with the regulation. The MLRO is the primary point of contact for suspicious activity reports as well as the submission of those reports. The DMLRO is responsible for carrying out the MLRO’s activities in his or her absence.
Most private funds already delegate anti-money laundering to their Fund Administrator, since a fund may not have any individual employees. Moreover, historically there has been no legal requirement to appoint a natural person to serve in these roles. CIMA confirmed that funds could delegate the AMLCO/MLRO functions, as long as a suitable natural person is named to perform the role.
Private funds must submit the names of their AMLCO, MLRO, and DMLRO via CIMA’s REEFS portal on or before September 30, 2018. The information should be provided to the fund’s Registered Office or another of its Cayman Islands-based service providers with access to CIMA’s REEFS system, who can make the filing on the fund’s behalf. CIMA also expects that the Offering Documents of a fund, at its next update, set out the information relating to the persons appointed in the above roles, including their biographical information.
The initial deadline for non-CIMA registered, unregulated investment companies to implement AML procedures or enter into a delegation arrangement was May 31, 2018. CIMA released a notice on April 6, 2018 (“Notice”) which provided an extension for existing Funds to comply with the regulations until September 30, 2018. Funds registering as of June 1, 2018, must fully comply and demonstrate such via the registration application which is submitted using CIMA’s Regulatory Enhanced Electronic Forms Submission (“REEFS”) portal.
As discussed above, private funds must submit the names of their AMLCO, MLRO, and DMLRO via CIMA’s REEFS portal by September 30, 2018.
Private funds will need to implement or update their anti-money laundering policy to outline their internal process for compliance or the oversight of the delegated third party. Whether a private fund elects to comply with the regulation internally or by delegation, the policy will need to identify the responsible parties and ensure those person(s) have the adequate resources and knowledge to comply with the regulation. The policy must also include the requirement to maintain the appropriate books and records to demonstrate their compliance and oversight.
The Guidance Notes are lengthy but provide full insight as to CIMA’s expectations when implementing an anti-money laundering program or delegating to a third party. Regardless of the implementation of an internal program or delegation to a third party, private funds have ultimate responsibility for compliance with the regulation and, as noted below, failure to do so may result in a monetary fine.
Private funds electing to delegate the functions required under the CIMA AML Regulations will need to implement or update current agreements that clearly outline responsibility of each party and will likely incur additional fees for this service. According to the Guidance notes, private fund firms will be ultimately responsible for ensuring compliance and must conduct the necessary due diligence to ensure the delegated party has adequate resources and knowledge of the regulation and requirements to comply. Private funds will also need to implement or update their anti-money laundering policy to outline their internal process for compliance or oversight of the delegated third party.
The Guidance Notes and Notice make clear that a private fund electing to delegate compliance with the regulations must have written policies and procedures that clearly outline the responsible party for oversight and compliance. The responsible party will be required to periodically conduct due diligence to ensure the third party is competent to meet the regulatory obligations and duties imposed under the written agreement. As best practice, private funds should discuss with their Fund Administrator the CIMA Anti-Money Laundering Regulation to determine if there may be any potential issues or gaps. The Guidance Notes require that such records be made available to the Financial Reporting Authority upon request.
In addition to the Guidance Notes, private funds should also review the CIMA Statement of Guidance: Outsourcing Regulated Entities for additional details and expectations of the regulators upon outsourcing what CIMA deems as “material functions.”
Internal Anti-Money Laundering Program Requirements
Where a private fund decides to set up an internal anti-money laundering program, the Guidance Notes state that the private fund must adopt a risk-based anti-money laundering program that takes into consideration factors including the nature and size of business, country or geographic areas, product, etc. In addition to adopting the standard anti-money laundering procedures of know-your-customer, suspicious activity reporting, and record retention, the CIMA AML Regulations also require employee screening. The information in the Guidance Notes is critical for any private fund electing to adopt and comply with these regulations internally. As noted above, private funds will be required to designate natural persons to serve as the AMLCO, MLRO, and DMLRO. Persons serving in these roles should be held by those individuals that have the authority to act on behalf of the private fund (“managerial”). Duties will include conducting the required customer due diligence, assessing reports of suspicious activity, determining whether to file suspicious activity reports with the Financial Reporting Authority and maintaining such records.
CIMA also made amendments to the Monetary Authority Law (2018 Revision) which became effective on December 15, 2017. These amendments increased CIMA’s power to impose fines for breaches of regulatory laws. CIMA must classify breaches as minor, serious or very serious when imposing fines. Those “minor” breaches may include late filings for those private funds subject to annual FAR reporting. Private funds should ensure timely filings going forward, especially if there have been late filings in the past. Additionally, failure to comply with the anti-money laundering regulation may result in monetary fines which the regulators have discretion to determine the amount imposed.
The fines range from CI$5,000 for minor breaches to CI$100,000 (for individuals and CI$1,000,000 (for entities) for very serious breaches. Fines for ongoing minor breaches can be assessed on a continuous basis up to a maximum of CI$20,000.