AML/CFT Obligations and Requirements for Excluded Persons.
The Anti-Money Laundering Regulations (2018 Revision) (the “AMLRs”) and the Guidance Notes on the Prevention and Detection of Money Laundering and Terrorist Financing in the Cayman Islands, December 2017 (“AML/CFT Guidance Notes”) require entities conducting relevant financial business, inclusive of those carrying out securities investment business, whether or not licensed with or registered by the Authority, to comply with the applicable laws and obligations to prevent and report money laundering, terrorist financing and proliferation financing. Such requirements are also pursuant to Schedule 6 (16) of the Proceeds of Crime Law (2018 Revision).
The Cayman Islands Monetary Authority (the “Authority”), in the exercise of its powers, pursuant to Section 5(5) of the Securities Investment Business Law (2015 Revision) ( “SIBL”), has been requesting companies registered to conduct securities investment business as an Excluded Person to have their AML/CFT systems and procedures audited, by suitably qualified entities, for compliance with the AMLRs.
The Authority will utilise the AML/CFT audit reports generated by the reviews to aid in its assessment of the SIBL Excluded Persons (“the Company”) ongoing compliance with the AMLRs. Doing so will also confirm the frequency in which subsequent AML/CFT Audit Reports are required from the Company.
The scope of the AML/CFT audit report at a minimum should assess whether:-
- The Company’s AML/CFT policies and procedures, internal controls/risk management and implementation of the same are adequate;
- The Company and its Directors are carrying on business in a fit and proper manner;
- The Company conducts periodic reviews of its operations against the AML/CFT and current industry best practice;
- The Company maintains a relevant client Risk Matrix and has in place adequate identification procedures around the on-boarding of clients i.e. know your client, client due diligence, customer risk rating, enhanced due diligence standards;
- The Company has adequate internal reporting procedures, including the maintenance of a suspicious activity reporting log;
- The Company has adequate record-keeping procedures and maintenance thereof in accordance with prescribed periods as required under the AMLRs;
- The Company has adequate identification and record keeping policies and procedures relating to wire transfers;
- The Company provides adequate AML training to its management, staff and in particular, the Money Laundering Reporting Officer (“the MLRO”);
- In cases where group-wide AML policies are adapted, a gap analysis has been conducted to ensure compliance with the Cayman Islands’ AML/CFT framework;
- There is demonstrated separation of the role of the Anti-Money Laundering Compliance Officer and the MLRO from the shareholders of the Company; and
- The Company’s marketing material includes false or misleading representations, or omissions that could ultimately mislead investors.
A review of the AML/CFT reports received during 2018 identified common themes and key control deficiencies, some of which are included below:
- Failure to adequately document AML/CFT policies and procedures;
- Failure to adopt or adhere to outlined AML/CFT policies;
- The wholesale adoption of group-wide AML/CFT policies with no evidence of a gap analysis having been undertaken to ensure that such policies and procedures are in compliance with Cayman Islands’ requirements;
- Lack of a client risk matrix, undated risk assessments or inconsistent risk ratings;
- Failure to adequately document client acceptance procedures;
- Lack of evidence to support on-going monitoring, such as data scrubbing and receipt of updated Know Your Customer (“KYC”) due diligence;
- Inconsistencies when reporting suspicious activities; and
- Lack of evidence to support adequate AML training for staff, the MLRO or Senior Management.
Entities registered as SIBL Excluded Persons are reminded of their AML/CFT responsibilities and are encouraged to place additional focus on their AML/CFT framework to ensure that the expected standards are being met.
Should you require further clarification on this matter, please feel free to contact the Securities Supervision Division at firstname.lastname@example.org.