2017 AMLRs Key Changes, Outsourcing AML/CFT Operations & FASB Updates

The Anti-Money Laundering Regulations, 2017 – Key Changes

The Anti-Money Laundering Regulations, 2017 (“AMLRs”) which replace the Money Laundering Regulations (2015 Revision) (“MLR”) were gazetted on 20 September 2017 and came into force on 2 October 2017. The adoption of the AMLRs represents an update to the Cayman Islands anti-money laundering and counter-terrorist financing (“AML/CFT”) regime consequent on recent amendments to the Proceeds of Crime Law (2017 Revision) (“POCL”). The AMLRs represent enhancements to the jurisdiction’s existing AML/CFT regime to ensure alignment to the Financial Action Task Force’s (FATF) 2012 recommendations and demonstrates the Cayman Islands’ ongoing commitment to comply with the highest international standards on combatting money laundering and terrorist financing (“ML/TF”).

The principal changes are as follows:

1. Expansion of the Scope: – The AMLRs no longer defines "relevant financial business" but rather adopts the application of the term, as expanded, under the principal law, the POCL. The term "relevant financial business" has been expanded to include (i) “otherwise investing, administering or managing funds or money on behalf of other persons” and (ii) “underwriting and placement of life insurance and other investment related insurance”. Both regulated and unregulated investment and insurance entities engaged in life insurance business will now be subject to the AMLRs. Schedule 6 of the POCL provides a list of activities falling within the definition of “relevant financial business”.
2. Added Definitions: - New and more prescriptive definitions have been added including legal person, legal arrangement, competent and supervisory authority and beneficial owners. The definition of beneficial owners, on whom due diligence checks need to be completed, where the customer is a legal person or legal arrangement, complies with the FATF recommendations, with Cayman establishing a 10% threshold. The AMLRs also included a new definition of politically exposed person. 
3. Expansion of Mandatory Procedures: - In addition to the procedures under the previous regulations, financial services providers (“FSPs”) are now required to:

•  Adopt a risk-based approach;
• Establish and implement employee screening procedures; and 
• Conduct sanction and FATF non-compliant territory checks.

Adoption of a Risk Based Approach (“RBA”): - A comprehensive set of procedural requirements have been introduced for assessing and applying a risk based approach to AML/CFT. This is explored further in Section B – Risk Based Approach to Anti-Money Laundering. 

Expansion of Requirements – The AMLRs makes it mandatory to appoint a Deputy Money Laundering Reporting Officer and this is aimed at ensuring that a second person, at managerial level, will be involved in the FSP's AML process. The MLRs also now describes the role of the Anti-Money Laundering Compliance Officer.

Enhanced Due Diligence (EDD) – Where a customer has been assessed as higher risk, EDD must be applied. A new Part VII has been introduced to address EDD procedures applicable to politically exposed persons, their family members and close associates. EDD also applies where a customer or business is from a country identified by credible sources as having serious deficiencies in its AML framework or pervasive corruption; and it also applies to correspondent banking relationships and in the event of any unusual or suspicious activity. 

Simplified Due Diligence – Most of the KYC exceptions under the prior regulations continue to exist. Two of the important changes are as follows: 

• An assessment of lower risk cannot be determined unilaterally by the FSP. Rather it should be consistent with the findings of the national risk assessment or a Supervisory Authority, such as the Authority; and 
• The exemptions related to eligible introducers remain but now provide for enhanced written assurances from the eligible introducer, including written confirmation with respect to source of funds, and assurance that copies of identification and verification data obtained by the eligible introducer will be made available to the FSP on request. 
   

Equivalent Jurisdictions – The list of jurisdictions which were deemed by the Authority as having equivalent AML/CFT regime, previously known as Schedule 3 countries, has been removed. The list will now be maintained and approved by the government’s AML Steering Group. The updated list which can be found on the Authority’s website at www.cima.ky will allow more timely updates without the need to amend regulations. Regulated entities should note that the new list, issued on 5th October 2017, excludes Mexico, Panama and Turkey. 

Offences and Penalties – Any person who contravene the AMLRs commits an offence and is liable on summary conviction to a fine of up to CI$500,000 (previously CI$5,000 under the MLR), or on conviction on indictment, to a fine and to imprisonment for two years. Additionally, recent amendments to the Monetary Authority Law and related regulations that are still under consultation also expand the Authority’s power to impose administrative fines for non-compliance with the AMLRs 

Risk Based Approach (“RBA”) to Anti-Money Laundering 

Part III of the AMLRs addresses assessing and applying a RBA to AML/CFT. A RBA is aimed at ensuring that measures taken by an FSP to prevent or mitigate ML/TF risks are commensurate with the risks associated with its business. Further it will allow resources to be allocated efficiently to the areas of greater risk. A RBA allows FSPs to more efficiently and effectively adjust and adapt their controls as new ML/TF methods are identified.

FSPs are therefore required to understand the ML/TF risks inherent to their business, which includes risks related to their customers, the jurisdictions where their customers operate or originate, as well the FSPs country risk, the FSP's products, services and transactions, and the FSP's delivery channels. In summary, adopting a RBA will require the FSP to (i) identify, assess and understand its ML/TF risks; (ii) take action to manage and mitigate the ML/TF risks commensurate with the assessed risks, such as applying the appropriate CDD measures and transaction monitoring; (iii) evaluate the mitigating controls and adjust as necessary; (iv) monitor the implementation of systems and improve where necessary; (v) document the RBA procedures; (vi) implement appropriate mechanisms to provide risk assessment information to the competent authorities. 

There may be challenges when implementing RBA, some of which may be inherent to the use of the RBA and others which are consequent on the difficulties in making the transition to a risk-based system. Notwithstanding, the challenges can be viewed as opportunities to implement a more effective system. 

The aforementioned changes are aimed at further bolstering the robustness of the Cayman Islands’ AML/CFT regime. Further clarification and guidance on the the practical application of the RBA will be provided in the Guidance Notes on the Prevention and Detection of Money Laundering in the Cayman Islands (“Guidance Notes”) which are currently under revision.

Outsourcing your AML/CFT Operations

It has been a growing trend for FSPs to outsource aspect of their AML/CFT program as they seek to benefit from the economies of scale that can be derived particularly from outsourcing arrangements with related FSPs. Where a FSP has outsourced its AML/CFT function however, the FSP should adhere to the Statement of Guidance on Outsourcing (“SOG on Outsourcing”). FSPs should also ensure that the outsourcing arrangement does not diminish its ultimate responsibility for effectively overseeing and supervising its activities and affairs and for ensuring that it can meet its legal and regulatory obligations.

Where an FSP decides to outsource its compliance function or MLRO/DMLRO position it should, prior to entering into the proposed outsourcing arrangement, assess all associated risks, including the country risk associated with the jurisdiction that the function is being outsourced to. Where the associated risks cannot be effectively managed and mitigated, the FSP shall not enter into that outsourcing arrangement. The Authority expects, at a minimum, the following for intra-group outsourcing arrangements:

1.  A written outsourcing agreement that clearly sets out the obligations of both parties; 
2.  A contingency plan and a strategy to exit the arrangement in the event that the service provider fails to perform the outsourced activity as agreed; 
3.  An appropriate process for monitoring, reporting and oversight; 
4.  Access to data without delay is not impeded by confidentiality, secrecy, privacy, or data protection restrictions; 
5.  It will be subject to appropriate internal and external audit and risk control measures which are substantially equivalent to those applicable to the regulated entity; and 
6.  The regulated entity will follow any additional expectations the Authority may have depending on the risks related to the outsourcing arrangement and the conclusion of any supervisory review conducted by the Authority.

For further guidance on outsourcing, FSPs may refer to the SOG on Outsourcing.

Updates to the Financial Accounting Standards – Banking Sector

In June 2016 the Financial Accounting Standards Board (“FASB”) issued an updated standard on the measurement of credit losses on financial instruments (“ASU 2016-13”) which describes its current expected credit loss (“CECL”) approach. Banks that follow the accounting standards issued by the FASB need to meet the requirements of ASU 2016-13 with an effective date of January 1, 2020. The Authority has been assessing the progress of all banks, licensed under the Banks and Trust Companies Law (2013 Revision) (“BTCL”) and that follow the accounting standards issued by the International Accounting Standards Board (“IASB”), with respect to the implementation of the required changes relating to impairments, specified in the International Financial Reporting Standard (“IFRS”) 9.

The Basel Committee on Banking Supervision (“BCBS”), in its standards on the regulatory treatment of accounting provisions issued in March 2017, has provided options for supervisory bodies to implement transitional arrangements should the impact of meeting the requirements of IFRS 9 be significantly more material than currently expected and which will result in an unexpected decline in regulatory capital ratios. In order to determine any possible impact on an individual bank’s capital adequacy due to the changes to the bank’s impairments, all banks, excluding branches of foreign banks, licensed under the BTCL and that follow the accounting standards issued by the IASB have been performing parallel runs since the June/July 2017 Quarterly Prudential Return (“QPR”). 

The Authority will provide further updates on the foregoing in due course.

Update to the Financial Accounting Standards – Insurance Sector

During May 2015, the FASB released an accounting standard update No. 2015-09 (“ASU 2015-09”) to enhance disclosure requirements for short duration insurance contracts. The main provisions of this new standard require insurance entities to disclose information about the liability for unpaid claims and claim adjustment expenses. Some of these new requirements include claims development tables by accident year, a reconciliation of incurred and paid claims development information, claims duration information and information about the frequency of claims. This new standard came into effect for public entities with annual periods beginning after December 15, 2015, and interim periods within annual periods beginning after December 15, 2016. A one year deferral was applied to nonpublic entities. 

These new disclosures required under ASU 2015-09 have some similarity to those currently required under IFRS 4 in respects to the required reconciliations of the changes in insurance liabilities and disclosures of significant changes in assumptions. Also, IFRS 4 requires insurance entities to disclose information about their claims developments. The National Association of Insurance Commissioners Statutory Accounting Principles (E) Working Group (“SAPWG”) revised some of its statutory accounting and reporting guidance for ASU 2015- 09. It should be noted that detailed claims development disclosures are already provided by insurers within the United States of America through their annual statement which is readily available to the relevant State insurance regulators.

The updated disclosures under ASU 2015-09 will benefit users of financial statements prepared under US GAAP by providing more relevant, transparent and useful information on the entity’s financial position and performance for the relevant period. From a regulatory perspective some of the key beneficial disclosures are: 

• Incurred and paid claims development information by accident year;
• Reconciliation of incurred and paid claims development information;
• Quantitative information on claim frequency accompanied by qualitative description of methodologies used for determining claim frequency information for each accident year;
• Average annual percentage pay out of incurred claims by age; and
• Additional disclosures on management’s significant estimates. 

At present the Authority is communicating with its key stakeholders and is considering the effect/impact of ASU 2015-09 on its licensees and their reporting.