AML/CFT & Sanctions Onsite Inspections & Findings Pt 1

Onsite Inspection Function

The onsite inspection process is fundamental to the effective execution of the Authority’s postlicensing regulatory and supervisory mandate. All Licensees may be subject to the risk-driven onsite inspection process which enables the Authority to review and assess their compliance with applicable laws, regulations, rules, statements of guidance, internal policies and procedures, as well as best practices. On-site inspections can take on different forms, depending on the nature, complexity and purpose of the inspection, and may involve performing a full or limited scope inspection. The Authority conducts thematic reviews, which involve a group of Licensees being assessed on specific supervisory themes.

Synopsis of Onsite Inspections Conducted

During 2018, the Authority conducted a total of 164 inspections (2017:117 inspections) across all sectors. Of the total inspections conducted, 53 inspections were primarily focused on the Anti Money Laundering/Countering Financing of Terrorism (“AML/CFT”) and Sanctions. All inspections conducted during 2018 by license type is illustrated below.

Overview of Inspections Findings and Requirement

There were a total of 1,144 requirements documented in final inspection reports issued by the Authority during 2018. The majority (92%) of the inspection requirements were in the following five (5) key risk areas: AML/CFT and Sanctions Risk (42%), Corporate Governance (22%), Operational Management (19%), Business Continuity Management (5%) and Internal/External Audit (4%).

The following two tables provide a non-exhaustive summary of key findings from the 2018 inspections which relate to AML/CFT & Sanctions and Corporate Governance. This information highlights common recurrent areas of non-compliance and/or breach.

AML/CFT & Sanctions

AML/CFT & sanctions key areas of deficiencies identified resulting in a requirement:

Policies and Procedures

• Outdated or deficient AML/CFT policies and/or controls
• Non-compliance with the Licensee's AML/CFT manual
• AML/CFT policies do not sufficiently address the certification of client identification documents
• Inappropriate documentation of a risk based approach (RBA) 
• Inadequate Politically Exposed Persons (PEP) policies and procedures 
• Inadequate gap analysis performed by the Licensee to identify and address gaps between the Licensee’s AML/CFT Policies and Procedures and the applicable regulatory requirements of the Cayman Islands 
• Non-compliance with regulatory requirements to perform periodic internal AML/CFT audits 

Periodic Reviews and On-going Monitoring

• Inadequate AML/CFT policies and procedures for on-going client and transaction monitoring
• Inadequate performance of client reviews to comply with Licensee’s policies and procedures and/or AMLRs/Guidance Notes 
• Incomplete or inappropriate documentation of source of wealth and/or source of funds

Customer Due Diligence/Know Your Customer Documentation

• Incomplete or inappropriate CDD documentation and/or verification requirements 
• Expired CDD/KYC documents 
• Illegible photo identification documents 
• Improper certification of customer due diligence documentation in accordance with Licensee’s policies and procedures and/or AMLRs/Guidance Notes 

AML/CFT Training

• Inadequate AML/CFT training policy or programmes
• No documented evidence of training or training logs
• No evidence of the AML/CFT training programme contents

Risk-Based Approach

• Licensee’s RBA is not being appropriately applied for its size, nature and complexity, taking into account all relevant risk factors 
• Incomplete or inappropriate client risk rating tool 
   

Corporate Governance Key Areas of Deficiencies Identified Resulting in a Requirement

• No notification to the Authority of changes/new appointments e.g. Diretors/External Auditors
• No performance of periodic self-asessments of the Board of Directors
• No formally docuemnsted or incpmplete business continuity/succession plans
• Governance body terms of reference not in line with actual practice (eg frequency of Board of Directors meetings)
• Absence of a conflict of interest policy
• Inadequate compliance reporting
• No independent directors represented on the Board
• No documented remuneration policy
• No documened plan or strategy for the performance of internal audits
• No appointed compliance committee in place
• No charter documenting the Board of Directors roles and responsibilities

The Authority understands the various challenges that its Licensees may encounter in meeting regulatory requirements. However, as expressed during various stakeholder dialogues, the Authority and Licensees alike continue to concentrate on fostering a compliant and risk-aware environment in line with FATF Standards.

The Authority encourages all Licensees to remain vigilant in addressing AML/CFT and sanctions risk. Financial Service Providers should take note of the deficiencies outlined above, and where applicable, take remedial steps to ensure that their policies, procedures and practices consider pertinent risks and are compliant with applicable laws and regulations

Looking Ahead

The Cayman Islands was evaluated during 4 – 15 December 2017 against international standards on AML/CFT as part of the Caribbean Financial Action Task Force ("CFATF") peer review process. 

The CFATF applied a relatively new methodology which focused on effectiveness as opposed to only technical compliance, as in the past. Countries are now required to demonstrate the effectiveness of their overall AML/CFT regime. There are a number of anticipated enhancements arising from the peer review which could result in some changes being made to the Authority’s supervisory regime. Licensees are encouraged to remain proactive in monitoring industry developments and regulatory requirements. The Authority continues to provide support and guidance to industry through its prudential meetings, participation at training and conferences, publications, statements of guidance, and other resources available on the Authority’s website.

There were also a number of enhancements made to the Cayman Islands regulatory framework aimed at strengthening the Financial Services Industry and adhering to international standards. Of note is the enactment of amendments made to the Monetary Authority Law (2017) and the issuance of the Monetary Authority (Administrative Fines) Regulations, 2017, which grant the Authority power to impose administrative fines for specific breaches of the Anti-Money Laundering Regulations, 2018. The on-site inspection process will continue to be a key component in assessing Licensees compliance with the jurisdictions regulatory framework.