For a better experience on Cayman Islands Monetary Authority, update your browser.
Cayman Islands
SIX, Cricket Square
PO Box 10052
Grand Cayman KY1-1001
Cayman Islands
linkedin

Follow us on Facebook

linkedin

Follow us on LinkedIn

Call us on

+1 (345) 949-7089

Business Hours

Monday - Friday, 8:30 a.m - 5:00 p.m

Investigation and Imposition of the Administrative Fine

Statement of Objectives

To describe the policies and procedures that the Authority will follow when deciding whether to impose an administrative fine and during its imposition on a person who has breached a prescribed provision of the Monetary Authority Law, a regulatory law or the Anti-Money Laundering Regulations.

Introduction

The Enforcement Manual (the “Manual”) provides the policies and procedures that the Authority will follow when deciding whether to take enforcement action.

The Procedure for Administering Administrative Fines (the “Procedure”), which forms part of the Enforcement Manual provides the policies and procedures that the Authority will follow when deciding whether to impose an administrative fine and during its imposition. In addition, the Procedure provides the process for calculating the amount of any administrative fine, when a person breaches a prescribed provision of the Monetary Authority Law, a regulatory law or the Anti-Money Laundering Regulations. 2.3 As this this Procedure forms part of the Enforcement Manual, it will be read and applied in conjunction with the other sections of the Enforcement Manual.

Scope of Application

This Procedure applies to all parties that are subject to the Authority’s power to impose administrative fines.

Definitions

For the purpose of this Procedure, the definitions below are provided.

  • Administrative Fines Regulations means The Monetary Authority Law (Administrative Fines) Regulations;
  • Breach includes a contravention and, in relation to a prescribed provision, includes allowing or not allowing a prescribed state of affairs to exist and engaging or not engaging in prescribed conduct;
  • Breach Notice for Proposed Discretionary Fine (also known as the “Breach Notice”) is the warning notice sent to the person informing them of the Authority’s intention to impose discretionary fine and complying with all of the requirements within Regulation 11 of the Administrative Fines Regulations. This Notice will state the Authority’s intention to impose a fine on a person that the Authority believes has breached a prescribed provision;
  • Discretionary Fine is a fine where the Authority has a discretion, as prescribed by the Monetary Authority Law, about whether or not to impose a fine or its amount;
  • Deterrence Principle means the need to deter financial services businesses and others from breaching prescribed provisions;
  • Disciplinary Principle means the need to punish intentional, reckless or inappropriately negligent breaches of prescribed provisions;
  • Discount Agreement means an agreement in principle between the Authority and a person that has breached a prescribed provision about the amount of a proposed discretionary fine;
  • Disgorgement Principle means the principle of ensuring that:

(i) licensees under regulatory laws and those connected with them as defined in section 34(16)(d) of the Monetary Authority Act do not gain (including by avoiding losses) from breaching prescribed provisions; and

(ii) persons mentioned within part (i) of this definition be disgorged of all such gains;

  • Final Fine Amount is the amount determined by the Authority, after applying the Principles and the relevant criteria;
  • Fine Notice is the notice sent to the person informing them of the Authority’s decision to impose a fine and complying with Regulation 15 of the Administrative Fines Regulations 2017. The Fine Notice will be issued by the Authority to a person that has breached a prescribed provision;
  • Investigation Letters are the letters that the Authority may use to contact the relevant parties in writing during an investigation;
  • Investigation Team are the individuals assigned from the Supervisory Division, OIU or elsewhere that will conduct the investigation. The team will be headed by the Head, Deputy Head of the Division (“DHOD”) or a Chief Analyst of the Supervisory Division or unit with conduct of the investigation;
  • Minor breach is a breach for which the non-discretionary fine is $5,000;
  • Oversight Committee means the Committee convened by the Managing Director for the purpose of considering all of the information and evidence presented to them by the Head or Deputy Head of the Supervisory Division or the OIU, following an investigation and the completion of an investigation report. The Oversight Committee in conjunction with the Compliance Division will make a recommendation to the Management Committee regarding the imposition of a discretionary administrative fine or any other enforcement action;
  • Person includes natural persons and corporate bodies;
  • Prescribed provision means a provision under the Monetary Authority Law, the regulatory laws, the Anti-Money Laundering Regulations, or any other instrument under which the Authority may impose an administrative fine;
  • Principles mean the need to promote and maintain a sound financial system in the Islands, the disgorgement principle, the disciplinary principle, and the deterrence principle as outlined in section 42F(1)(b) of the Monetary Authority Law;
  • Serious breach means a breach for which the maximum fine is a single discretionary fine not exceeding:

(i) $50,000 for an individual; or

(ii) $100,000 for a body corporate;

  • Starting Fine Amount means the amount that the Authority determines as the amount from which the Final Fine Amount should be calculated;
  • Very serious breach means a breach for which the maximum fine is a single discretionary fine not exceeding:

(i) $100,000 for an individual, or

(ii) $1,000,000 for a body corporate;

  • Weighted Fine Amount means the amount that is arrived at after the Starting Fine Amount that has been weighted in accordance with the criteria prescribed under the Administrative Fines Regulations. 

Actions the Authority may take upon discovery of a Breach of a Prescribed Provision

The Authority may impose administrative fines and also take any enforcement action for breaches of prescribed provisions.

Where the Authority determines that taking enforcement action pursuant to the regulatory laws is appropriate, either in addition to or instead of the imposition of an administrative fine, the Authority will take the steps set out in the Enforcement Manual and this Procedure, respectively and as applicable.

Where the Authority determines that only an administrative fine is appropriate, it will apply the schedule of prescribed provisions set out in Administrative Fines Regulations.

The Monetary Authority Law and the Administrative Fines Regulations establish three categories of breaches for which administrative fines may be imposed: minor, serious, and very serious. The following is a brief summary of the administrative fine framework set out in the Monetary Authority Law:

  • Minor: These are breaches for which a non-discretionary fine is issued by the Authority. The fine will be issued for a breach categorised as a minor breach of a regulatory law, regulation, rule, or the Anti-Money Laundering Regulations. Once the conditions in the Administrative Fines Regulations are met, the Authority will apply a fine for those breaches. A fine for a minor breach is fixed at $5,000.
  • Serious and Very Serious: For these breaches, the Authority has the discretion to determine whether or not to apply a fine and the amount of such fine. Discretionary fines are issued by the Authority for breaches that are categorised as serious and very serious. For serious breaches, the maximum fine amount is $50,000 for an individual and $100,000 for a body corporate. For very serious breaches, the maximum fine amount is $100,000 for an individual and $1,000,000 for a body corporate.
  • Breaches which are either serious or very serious will be dealt with as enforcement actions and may result in the imposition of an administrative fine, and/or other enforcement action available to the Authority under the relevant regulatory law.
  • As the current Administrative Fines Regulations relate only to AML/CFT breaches, which are all categorised as either serious or very serious, this Procedure, therefore, will only set out the steps in relation to serious and very serious breaches.

How the Authority Imposes an Administrative Fine for Serious and Very Serious Breaches (Discretionary Fines)

Upon the suspicion or discovery of a breach, the Authority will take the following steps:

  • Appoint an Investigation Team and investigate the breach;
  • Upon conclusion of the investigation, produce an investigation report for the Managing Director who may then convene the Oversight Committee to consider the matter;
  • The Oversight Committee, having considered all of the facts, evidence and relevant information will make a determination as to whether there is sufficient evidence for the Authority to issue a Breach Notice. The Oversight Committee will have considered the following issues; (a) whether there was a breach; (b) whether a fine and/or any other enforcement action would be appropriate; and (c) if relevant, the amount of the fine;
  • Once the Breach Notice has been issued to the person they will be provided with a period of no less than 30 days to make written representations to the Authority;
  • If written representations are received in time from the person then the Oversight Committee must reconsider the matter in light of the information in the representations. If the Oversight Committee still holds the belief stated in the Breach Notice, they will then make a joint recommendation, in conjunction with the Compliance Division, to the Management Committee for further administrative action and if appropriate further enforcement action. The recommendation will contain the Oversight Committee’s findings regarding the breach and the recommended fine amount.
  • If the Authority does not receive a reply to the Breach Notice within the 30-day period and the Oversight Committee still holds the belief stated in the Breach Notice, they will then make a joint recommendation for further administrative action and if appropriate further enforcement action. This joint recommendation will be made in conjunction with the Compliance Division, to the Management Committee.
  • If the Oversight Committee concludes that an administrative fine is not appropriate, this decision will be communicated to the person. Once this decision has been made, no further action will be taken unless it is decided that enforcement action is required or additional evidence becomes available to the Authority;
  • Upon receipt of a recommendation from the Oversight Committee, the Management Committee will make a determination on whether there has been a breach and the final fine amount: a. For fines of $500,000 or below, the Management Committee will make a final determination as to whether the fine should be imposed; or b. For fines greater than $500,000, the Management Committee will make a recommendation to the Executive Committee of the Board (“the Board”) for a final determination of the matter.
  • Once the Management Committee or the Board have made a final determination, the Authority will issue the Fine Notice detailing the Final Fine Amount and terms of payment for the Discretionary Fine.

Examples of the Breach Notice and Fine Notice are attached at Schedule 2.

Investigating the Breach

The Authority has, through the regulatory laws and the Monetary Authority Law, a wide range of statutory powers that enable it to conduct investigations. In addition to investigations for enforcement matters, the Authority regularly invokes its statutory powers for ongoing supervisory purposes that may be unrelated to a breach.

Where a serious or very serious breach is suspected, the Authority may appoint an Investigation Team and will conduct an investigation into the matter. During its investigation the Authority may contact the relevant parties in writing (using “Investigation Letters”). Relevant parties will be allowed to make representations to any matters outlined in the Investigation Letters.

The Authority may issue additional Investigation Letters as may be necessary during the course of its investigation, such as where the Authority requires additional evidence or clarification from a person. Any additional Investigation Letters will be issued in the same manner as the initial Investigation Letters, and the relevant parties will be allowed to make representations in respect of the matters outlined within them.

As time is of the essence during the investigation phase, the Authority will use its judgment to provide timelines for responses to its Investigation Letters. Failure to respond to Investigation Letters in a timely manner may be considered an aggravating factor in determining the administrative fine, or may give rise to enforcement action or an additional administrative fine.

Upon the completion of the investigation phase, the Managing Director may convene the Oversight Committee to consider the conclusions of the investigation.

The Oversight Committee, together with the Compliance Division, will make a recommendation to the Management Committee. If the intended Fine is above $500,000 the Management Committee will then refer the matter to the Executive Committee of the Board for their consideration.

The Oversight Committee

The Board of Directors has granted authority to the Managing Director to decide when to convene an Oversight Committee. The Oversight Committee will be an ad hoc committee and will have broadly the following responsibilities and powers, which have been delegated to it by the Board of Directors:

  1. to review the evidence gathered during the investigation stage so that they may determine whether that evidence is sufficient to prove that the alleged breach occurred;
  2. to request further information or evidence, prior to making its recommendation;
  3. to recommend the initial amount of the administrative fine, based on the relevant fine criteria, any weight given to the mitigating or aggravating factors and if relevant any agreed Discount Agreements;
  4. to consider any representations made by the person during the representation period or earlier;
  5. if the person proposes to negotiate, to conduct the discount negotiations and settle the terms of the Discount Agreement; (6) to recommend whether there has been a breach and the final fine amount to the Management Committee; and
  6. to recommend whether there has been a breach and the final fine amount to the Management Committee; and
  7. to do such matters and examine such parties as may be required to give effect to items 1 - 6 above. 

The Oversight Committee will comprise members of senior management, including the Managing Director or her designate. The voting members of the Oversight Committee will be:

  1. the Managing Director or their designate;
  2. a Deputy Managing Director;
  3. the Head or Deputy Head of the Compliance Division; a representative from the Legal Division that is not assigned to advise the relevant Supervisory Division to which the breach relates;
  4. the Head of a Supervisory Division that does not supervise the person; and
  5. the Head or Deputy Head of the Finance Division.

The Head of the Supervisory Division(s) that has conduct of the investigation into the person would only make representations to the Oversight Committee as requested and not take any part in the decision making process.

When appropriate, the Managing Director may substitute any member of the Committee with an alternate. This may be necessary, for example, where a person holds multiple licenses or it is difficult to constitute quorum.

The Oversight Committee is quorate when 4 of 6 members are in attendance.

A person designated by the Managing Director shall be the secretary to the Oversight Committee. The secretary will not be a member of the Oversight Committee.

Whether a matter is finally determined by the Management Committee or the Executive Committee will depend on the seriousness of the breach and the size of the Final Fine Amount.

The Determination Process

Having considered all of the facts, evidence and relevant information, the Oversight Committee and Compliance Division will make a recommendation to the Management Committee regarding; (a) whether there was sufficient evidence of a breach; (b) whether a fine or any other enforcement action would be appropriate; and (c) if relevant the amount of the fine.

For fines of $500,000 or below, the Management Committee will consider the administrative fine and will make a final determination.

For fines of greater than $500,000 the Management Committee will consider the administrative fine and will make a recommendation of the administrative fine to the Executive Committee of the Board for final determination, following the Breach Notice and after the period for written representations from the person has elapsed.

When considering an administrative fine, the Management Committee shall be composed of its usual members, with the exception that the Head or Deputy Head of the Supervisory Division(s) that had conduct of the investigation shall not make any representations to the Management Committee unless requested nor be involved in the decision-making process.

The Management Committee shall first make a provisional determination as to: (a) whether there is sufficient evidence of a breach; (b) whether a fine or any other enforcement action would be appropriate; and (c) if relevant the amount of the fine.

Following the issuance of the Breach Notice and during a specified period of no less than 30 days after the serving of the Breach Notice, the person can make written representations to the Authority regarding the exact breaches. These representations will be considered by the Oversight Committee before their final recommendation to the Management Committee. This recommendation will be made jointly with the Compliance Division. If any other enforcement action is being considered against the same person it may be submitted to the Management Committee at the same time as the Administrative Fine.

Once the Management Committee or the Executive Committee have made a final determination regarding whether there is sufficient evidence to impose an Administrative Fine, the Compliance Division will then issue the Fine Notice if required.

The standard to which the Authority will operate throughout this process of imposing a discretionary fine will be on the balance of probabilities.

The Compliance Division will issue a Fine Notice to the person detailing the Final Fine Amount and terms of payment of the Discretionary Fine.

The Breach Notice for a Proposed Discretionary Fine

The Breach Notice for a Proposed Discretionary Fine or “Breach Notice” will contain a statement notifying the person of the period in which they are to make any written representations to the Authority regarding the matters set out in the Breach Notice. The representation period will differ depending on the specific facts of each case. However, the representation period will not be shorter than 30 days.

If the Authority receives no reply or representations within the period specified in the Breach Notice, the Authority will consider the allegations or matters detailed in the Breach Notice to be undisputed and the Authority may then proceed to issue a Fine Notice.

If a person has committed more than one breach, a Breach Notice or Fine Notice may refer to multiple breaches.

The Replies from the Person during the Representation Period

Upon receipt of the affected person’s written representations, the Oversight Committee will consider those representations in accordance with the requirements set out in the Administrative Fines Regulations.

In order to ensure that a person’s reply is received in a timely manner and to ensure appropriate communication, the Breach Notice will specify the address and Division at the Authority where a person’s reply is to be sent. Communication with the person during the representation period will be conducted through email.

Early Settlement of Administrative Fines

A person that is facing an administrative fine may wish to voluntarily settle at an earlier stage and enter into a Discount Agreement. This process is outlined in Part III of this Procedure.

The Fine Notice for a Discretionary Fine

Once the Management Committee or Executive Committee, as the case may be, has approved the final administrative fine, the Authority will then issue a Fine Notice of the Discretionary Fine to the person.

The Fine Notice will contain details of the breach, the Final Fine Amount and the terms of payment. A Fine Notice is final, subject only to a person’s statutory appeal rights.

Method by which a Person May Receive a Breach Notice or Fine Notice for a Proposed Discretionary Fine 

Breach Notices and Fine Notices will be sent by email to the last given email address which the Authority has on record for:

  1. a company, trust or partnership - the registered office and each of the directors, trustees or general partners; and
  2. an individual - the individual’s email address. 

Each person is responsible, under the relevant regulatory laws, for ensuring that their contact email information is up-to-date. In addition, the Authority has electronic systems (such as REEFs and the Director Registration and Licensing Portal) through which licensees and registrants are able to update their email addresses with the Authority in real time.

The Authority may give a person notice, including the sending of both the Breach Notice and Fine Notice by sending it to an e-mail address that the person had last given to the Authority. This provision allows for notices to be sent to:

  1. the person’s e-mail address;
  2. or if the person is a body corporate the e-mail addresses of the directors, members or registered office providers;
  3. and if the person is a partnership, the e-mail addresses of any of the partners or the registered office provider if applicable. 

It is therefore, the responsibility of all persons that are subject to the Authority’s regulatory or supervisory oversight to ensure that their contact information (including email address) is accurate and up-to-date.

If the Authority does not receive a reply to a Breach Notice from a person, the Authority may utilise the Procedure for Lost Contact to provide notice to the person; however, if the Authority determines that the Procedure for Lost Contact is not required, the Authority may proceed directly to issuing a Fine Notice. The Authority may also utilise the Procedure for Lost Contact to issue a Fine Notice.

Publicity and Confidentiality

The Authority considers the enforcement of the regulatory laws, the regulations, rules, and Anti-Money Laundering Regulations to be a matter of substantial public importance. On that basis, full details of administrative fines imposed including person names, provisions breached, the amount of the fine imposed, the date of each individual breach, a summary of facts supporting the breach, and any further relevant information, will all normally be published by the Authority.

 In exceptional circumstances, such as where there is a risk to (a) national security; (b) critical ongoing investigations; or (c) the Islands’ financial stability, the decision whether or not to fully disclose details of the administrative fines will be made by the Executive Committee of the Board of Directors of the Authority. 

Calculating the Administrative Fine

Determining the Appropriate Level of Financial Penalty

The Authority’s penalty-setting regime is based on the following principles:

  • The need to promote and maintain a sound financial system in the Islands;
  • Disgorgement - a person should not benefit from any breach;
  • Discipline - a person should be penalised for wrongdoing; and
  • Deterrence - any penalty imposed should deter the person who committed the breach, and others, from committing further or similar breaches.

The total amount payable by a person subject to an administrative fine may be made up of two elements: (i) disgorgement of the benefit received as a result of the breach; and (ii) a financial penalty reflecting the nature and seriousness of the breach. These elements are incorporated in a five-step framework, which can be summarised as follows:

  1. The removal of any financial benefit or avoidance of loss derived directly from the breach (“disgorgement”);
  2. The determination of a figure which reflects the nature and seriousness of the breach;
  3. An adjustment made to the Step 2 figure to take account of any aggravating and mitigating circumstances;
  4. An adjustment made to the amount arrived at after Steps 2 and 3, where appropriate, to ensure that the penalty is consistent with the Guiding Principles1 , namely- (a) the need to promote and maintain a sound financial system in the Cayman Islands; (b) the disgorgement principle; (c) the disciplinary principle; and (d) the deterrence principle; and 
  5. If applicable, a settlement discount will be applied. This discount does not apply to disgorgement of any financial benefit derived directly from the breach. 

These steps will apply in all cases.

Where a breach committed by a corporate body is shown to have been committed with the consent, connivance, knowledge or neglect of any relevant, finable individual, that individual person may also be subject to an administrative fine as well as the corporate body. 

The Authority recognises that a penalty must be proportionate to the breach. The Authority may decrease the level of the penalty arrived at after applying Step 2 of the framework if it considers that the penalty is disproportionately high for the breach concerned which the Authority may take into account.

The lists of factors and circumstances in this Part are not exhaustive. Not all of the factors or circumstances listed will necessarily be relevant in all cases and there may be other factors or circumstances not listed which are relevant.

The Five Steps for Imposing Penalties

Step 1 – Disgorgement

The Authority will seek to deprive a person (or individual) of the financial benefit derived directly from the breach (which may include the profit made or loss avoided) where it is practicable to quantify this. The Authority will ordinarily also charge interest on the benefit from the time the breach started

Where the success of a person’s (or individual’s) entire business model is dependent on breaching the Authority’s rules or other requirements of the regulatory system and the breach is at the core of the person’s regulated activities, the Authority will seek to deprive the person (or individual) of all the financial benefit derived from such activities. Where a person (or individual) agrees to carry out a redress programme to compensate those who have suffered loss as a result of the breach, the Authority will, when calculating the financial benefit derived directly from the breach, take any redress into consideration. In such cases, the final penalty might not include a disgorgement element, or the disgorgement element might be reduced.

Step 2 - The Seriousness of the Breach

The Authority will determine a figure that reflects the seriousness of the breach. In many cases, the amount of revenue generated by a person (or individual) from a particular product line or business area is indicative of the harm or potential harm that its breach may cause, and in such cases the Authority will determine a figure which will be based on a percentage of the person’s (or individual’s) revenue from the relevant products or business areas. The Authority also believes that the amount of revenue generated by a person (or individual) from a particular product or business area is relevant in terms of the size of the financial penalty necessary to act as a credible deterrent. However, the Authority recognises that there may be cases where revenue is not an appropriate indicator of the harm or potential harm that a person’s breach may cause, and in those cases the Authority will use an appropriate alternative. For example, the Authority may also consider the breach’s effect on the performance of the Authority’s statutory functions; any inconvenience or distress to consumers and / or members of the public; or any negative impact on the image of the Cayman Islands as a financial services centre. 

In those cases where the Authority considers that revenue is an appropriate indicator of the harm or potential harm that a person’s (or individual’s) breach may cause, the Authority will determine a figure which will be based on a percentage of the person’s “relevant revenue”. “Relevant revenue” will be the revenue derived by the person during the period of the breach from the products or business areas to which the breach relates. Where the breach lasted less than 12 months, or was a one-off event, the relevant revenue will be that derived by the person (or individual) in the 12 months preceding the end of the breach. Where the person (or individual) was in existence for less than 12 months, its relevant revenue will be calculated on a pro rata basis to the equivalent of 12 months’ relevant revenue. 

Having determined the relevant revenue, the Authority will then decide on the percentage of that revenue which will form the basis of the penalty. In making this determination the Authority will consider the seriousness of the breach and choose a percentage between 0% and 40%. This range is divided into five fixed levels which represent, on a sliding scale, the seriousness of the breach. The more serious the breach, the higher the level. For penalties imposed on persons (or individuals) there are the following five levels:

  • level 1 - 0% No profit add on;
  • level 2 - 10% of profit;
  • level 3 - 20% of profit;
  • level 4 - 30% of profit; and
  • level 5 - 40% of profit. 

The Authority will assess the seriousness of a breach to determine which level is most appropriate to the case.

In deciding which level is most appropriate to a case, the Authority will take into account various factors, which will usually fall into the following four categories:

  1. factors relating to the impact of the breach;
  2. factors relating to the nature of the breach;
  3. factors tending to show whether the breach was deliberate; and
  4. factors tending to show whether the breach was negligent. 

Factors relating to the impact of a breach committed by a party include:

  1. the level of benefit gained or loss avoided, or intended to be gained or avoided, by the person from the breach, either directly or indirectly;
  2. the loss or risk of loss, as a whole, caused to consumers, investors or other market users in general;
  3. the loss or risk of loss caused to individual consumers, investors or other market users;
  4.  whether the breach had an effect on particularly vulnerable people, whether intentionally or otherwise;
  5. the inconvenience or distress caused to consumers; and
  6. whether the breach had an adverse effect on markets and, if so, how serious that effect was. This may include having regard to whether the orderliness of, or confidence in, the markets in question has been damaged or put at risk.

Factors relating to the nature of a breach by a person include:

  1. the nature of the rules, requirements or provisions breached;
  2. the frequency of the breach;
  3. whether the breach revealed serious or systemic weaknesses in the person’s procedures or in the management systems or internal controls relating to all or part of the person’s business;
  4. whether the person’s directors and/or senior management were aware of the breach; the nature and extent of any financial crime facilitated, occasioned or otherwise attributable to the breach;
  5. the scope for any potential financial crime to be facilitated, occasioned or otherwise occur as a result of the breach;
  6. whether the person failed to conduct its business with integrity or in a fit and proper manner;
  7. whether the person, in committing the breach, took any steps to comply with rules and statements of guidance, and the adequacy of those steps; and
  8. the extent to which the behaviour which constitutes the contravention departs from current market practice. 

Factors tending to show the breach was deliberate include:

  1. the breach was intentional, in that the person’s directors and/or senior management, or a responsible individual, intended or foresaw that the likely or actual consequences of their actions or inaction would result in a breach;
  2. the person’s directors and/or senior management, or a responsible individual, knew that their actions were not in accordance with the person’s internal procedures;
  3. the person’s directors and/or senior management, or a responsible individual, sought to conceal their misconduct;
  4. the person’s directors and/or senior management, or a responsible individual, committed the breach in such a way as to avoid or reduce the risk that the breach would be discovered;
  5. the person’s directors and/or senior management, or a responsible individual, were influenced to commit the breach by the belief that it would be difficult to detect;
  6. the breach was repeated; and
  7. in the context of a contravention of any prescribed provision, the person obtained reasonable professional advice before the contravention occurred and failed to follow that advice. Obtaining professional advice does not remove a person’s responsibility for compliance with applicable prescribed provisions.

Factors tending to show the breach was reckless or negligent include:

  1. the person’s directors and/or senior management, or a responsible individual, appreciated or ought to have appreciated there was a risk that their actions or inaction could result in a breach and failed adequately to mitigate that risk; and
  2. the person’s directors and/or senior management, or a responsible individual, were aware or ought to have been aware there was a risk that their actions or inaction could result in a breach but failed to check if they were acting in accordance with the person’s internal procedures.

Additional criteria to which the Authority will have regard when determining the appropriate level of financial penalty to be imposed are set out under regulations 4 and 5 of the Administrative Fines Regulations.

In following this approach, factors which are likely to be considered ‘level 4 factors’ or ‘level 5 factors’ include:

  1. the breach caused a significant loss or risk of loss to individual consumers, investors or other market users; 
  2. the breach revealed serious or systemic weaknesses in the person’s procedures or in the management systems or internal controls relating to all or part of the person’s business;
  3. financial crime was facilitated, occasioned or otherwise attributable to the breach;
  4. the breach created a significant risk that financial crime would be facilitated, occasioned or otherwise occur;
  5. the person failed to conduct its business with integrity or in a fit and proper manner;
  6. the person’s behaviour in facilitating the breach, or failing to avoid the breach, caused actual or potential harm to the Islands’ reputation;
  7. the breach caused actual or potential harm to the Islands’ financial stability; and
  8. the breach was committed deliberately or recklessly.

Factors which are likely to be considered ‘level 1 factors’, ‘level 2 factors’ or ‘level 3 factors’ include:

  1. little, or no, profits were made or losses avoided as a result of the breach, either directly or indirectly;
  2. there was no or little loss or risk of loss to consumers, investors or other market users individually and in general;
  3. there was no, or limited, actual or potential effect on the orderliness of, or confidence in, markets as a result of the breach;
  4. there is no evidence that the breach indicates a widespread problem or weakness at the person; and
  5. the breach was committed negligently or inadvertently.

In those cases where revenue is not an appropriate indicator of the harm or potential harm that a person’s breach may cause, the Authority will adopt a similar approach, and so will determine the appropriate Step 2 amount for a particular breach by taking into account relevant factors, including those listed above. In these cases the Authority may not use the percentage levels that are applied in those cases in which revenue is an appropriate indicator of the harm or potential harm that a person’s breach may cause.

Step 3 - Mitigating and Aggravating Factors

The Authority may increase or decrease the amount of the financial penalty arrived at after Step 2, but not including any amount to be disgorged as set out in Step 1, to take into account factors which aggravate or mitigate the breach. Any such adjustments will be made by way of a percentage adjustment to the figure determined at Step 2.

The Authority will consider the relevant criteria set out in regulations 5 and 6 of The Monetary Authority (Administrative Fines) Regulations in determining whether there are any factors that may have the effect of aggravating or mitigating the breach.

The weight given to the criteria outlined in regulations 5 and 6 are set out in Schedule 1 to this Procedure.

Step 4 - Adjustment for Deterrence (the deterrence principle)

If the Authority considers the figure arrived at after Step 3 is insufficient to deter the person who committed the breach, or others, from committing further or similar breaches then the Authority may increase the penalty. Circumstances where the Authority may do this include:

  1. where the Authority considers the Final Fine Amount insufficient in relation to the breach in order to meet the statutory principle of acting as a deterrent;
  2. where previous Authority action in respect of similar breaches has failed to improve industry standards;
  3. where the Authority considers it is likely that similar breaches will be committed by the person or by other parties in the future;
  4. where the Authority considers that the likelihood of the detection of such a breach is low; and
  5. where a penalty based on an individual’s income may not act as a deterrent, for example, if an individual has a small or zero income but owns assets of high value.

Step 5 – Discount Agreement

The Authority and the person on whom a penalty is to be imposed may seek to agree the amount of any financial penalty and other terms. In recognition of the benefits of such agreements, the amount of the financial penalty which might otherwise have been payable will be reduced to reflect the stage at which the Authority and the person concerned, reached an agreement. The settlement discount does not apply to the disgorgement of any benefit calculated at Step 1. The process for agreeing an early settlement by way of a Discount Agreement is outlined in Part III of this Procedure.

Serious Financial Hardship 

The Authority’s approach to determining penalties is intended to ensure that financial penalties are proportionate to the breach. The Authority recognises that penalties may affect firms and individuals differently, and that the Authority should consider whether a reduction in the proposed penalty is appropriate if the penalty would cause the subject of enforcement action serious financial hardship.

Where an individual or firm claims that payment of the penalty proposed by the Authority will cause them serious financial hardship, the Authority will consider whether to reduce the proposed penalty only if: 

  • the individual or firm provides verifiable evidence that payment of the penalty will cause them serious financial hardship; and
  • the individual or firm provides full, frank and timely disclosure of the verifiable evidence, and cooperates fully in answering any questions asked by the Authority about their financial position.

The onus is on the individual or firm to satisfy the Authority that payment of the penalty will cause them serious financial hardship.

Individuals 

In assessing whether a penalty would cause an individual serious financial hardship, the Authority will consider the individual’s ability to pay the penalty over a reasonable period (normally no greater than three years). The Authority‘s starting point is that an individual will suffer serious financial hardship only if during that period his net annual income will fall below $14,000 and his net worth will fall below $16,000 as a result of payment of the penalty. Unless the Authority believes that both the individual’s income and net worth will fall below these respective thresholds as a result of payment of the penalty, the Authority is unlikely to be satisfied that the penalty will result in serious financial hardship.

The Authority will consider all relevant circumstances in determining whether the income and net worth threshold levels should be increased in a particular case.

The Authority will consider agreeing to payment of the penalty by instalments where the individual requires time to realise his assets, for example by waiting for payment of a salary or by selling property.

For the purposes of considering whether an individual will suffer serious financial hardship, the Authority will consider anything that could provide the individual with a source of income, including savings, property (including personal possessions), investments and land. 

The Authority may also consider the extent to which the individual has access to other means of financial support in determining whether he is able to pay the penalty without being caused serious financial hardship.

Where a penalty is reduced it will be reduced to an amount which the individual can pay without going below the threshold levels that apply in that case. If an individual has no income, any reduction in the penalty will be to an amount that the individual can pay without going below the thresholds. See paragraph 1 under 'Individuals'.

There may be cases where, even though the individual has satisfied the Authority that payment of the financial penalty would cause serious financial hardship, the Authority considers the breach to be so serious that it is not appropriate to reduce the penalty. The Authority will consider all the circumstances of the case in determining whether this course of action is appropriate, including whether:

  1. the individual directly derived a financial benefit from the breach and, if so, the extent of that financial benefit;
  2. the individual acted fraudulently or dishonestly with a view to personal gain;
  3. previous Authority action in respect of similar breaches has failed to improve that person’s conduct; or
  4. the individual has spent money or dissipated assets in anticipation of Authority or other enforcement action with a view to frustrating or limiting the impact of action taken by the Authority or other authorities.

Corporate Bodies

The Authority will consider reducing the amount of a penalty if a firm will suffer serious financial hardship as a result of having to pay the entire penalty. In deciding whether it is appropriate to reduce the penalty, the Authority will take into consideration the firm’s financial circumstances, including whether the penalty would render the firm insolvent or threaten the firm’s solvency. The Authority will also take into account its statutory objectives, for example in situations where consumers would be harmed or market confidence would suffer, the Authority may consider it appropriate to reduce a penalty in order to allow a firm to continue in business and/or pay redress.

There may be cases where, even though the firm has satisfied the Authority that payment of the financial penalty would cause it serious financial hardship, the Authority considers the breach to be so serious that it is not appropriate to reduce the penalty. The Authority will consider all the circumstances of the case in determining whether this course of action is appropriate, including whether:

  1. the firm directly derived a financial benefit from the breach and, if so, the extent of that financial benefit;
  2. the firm acted fraudulently or dishonestly in order to benefit financially;
  3. previous Authority action in respect of similar breaches has failed to improve industry standards; or
  4. the firm has spent money or dissipated assets in anticipation of any investigation or other action by the Authority, other regulatory authority or other enforcement agency and / or with a view to frustrating or limiting the impact of action taken by the Authority or other authorities.

Early Settlement and the Discount Agreement

Early Settlement 

Early settlement is available to parties to encourage early resolution through voluntary settlement of administrative fines. The Authority and the person on which an administrative fine is to be imposed may seek to negotiate the amount of the fine, and other terms, as part of an early settlement. A person may wish to enter into an early settlement with the Authority, and may do so prior to or after receiving a Breach Notice for the Proposed Discretionary Fine. The Authority may, but need not, negotiate with a person to attempt to reach an early settlement, whether or not the Authority has given a Breach Notice for the Proposed Discretionary Fine.

In cases where early settlement is agreed upon, a discount may be applied by the Authority up to a maximum of 40%. The discount does not apply to the disgorgement of any financial and economic benefits derived by the person from the breach (as provided for in the disgorgement principle). Where the Authority and the person agree the terms of the early settlement, the Authority and the person will enter into a discount agreement.

In accordance with the requirements of the Monetary Authority Law, arriving at an early settlement reflects an efficient use of the Authority’s time and resources and reduces the cost and supervisory burden of a protracted administrative fines process. In recognition of the benefits of such processes, the amount of the fine which might otherwise have been payable, that is, the usual fine, may be reduced to reflect the stage at which the Authority and the person enter into a binding discount agreement.

A person may write to the Managing Director at any time indicating its desire for an early settlement as part of its breach resolution process. The Authority will consider the request and where it agrees to the negotiation of an early settlement, this in no way indicates the suspension of an investigation. The investigation of the breach will continue in accordance with the Administrative Fines Regulations, this Procedure and any other relevant procedures.

The Authority may deviate from the application of these procedures in certain exceptional circumstances, which will be determined at the sole discretion of the Authority.

The Discount Agreement

If a person requests the early settlement of an administrative fine, the process is as follows:

  1. The person makes a formal written request to the Authority for an early settlement, addressed to the Managing Director. The Authority expects that the person will admit the breach and/or breaches in this correspondence, and submit any mitigating factors upon which the person wishes to rely. This is the Early Settlement Request.
  2. The Authority, within 21 days following receipt of the Early Settlement Request, will write to the person acknowledging receipt and requesting any relevant information2 in relation to the breach, with a clear deadline for submission. This is the Early Settlement Response. The Authority will provide the person with a reasonable timeframe to submit the requested information. This timeframe will usually be no more than 30 days, and extensions will not usually be granted except in exceptional circumstances.
  3. The Authority, once satisfied that full and frank information has been provided in response to the Early Settlement Response, will then schedule a settlement meeting with the person at an agreed upon date and time3 . It is intended that there would be only one settlement meeting required in order to finalise the discount agreement.
  4. The Authority and the person will exchange all information, in advance of the meeting, which will form the basis for the discount agreement. This information will include details of progress on remedial action being taken in the case of the person and details of the usual fine(s) for the breach or breaches being discussed, in the case of the Authority.
  5. The meeting will be attended by representatives of the person who are authorised or empowered to agree and sign on the terms of the proposed discount agreement. It is not anticipated that the Authority will sign the discount agreement at this meeting.
  6. The proposed discount agreement containing the amount and terms of the settlement will be submitted to the Oversight Committee and then forwarded to the Management Committee or the Executive Committee as the case may be.
  7. The decision of the Management Committee or the Executive Committee including, the settlement amount, discount, response timeframe and any other terms will be communicated to the person within 21 days following the settlement meeting, via submission of the Discount Agreement.
  8. The person will be required to sign the discount agreement to formally indicate their acceptance of the Discount Agreement at the meeting. 

The fully executed discount agreement is binding on the Authority and the person.

The terms of the early settlement will usually be published, save for exceptional circumstances and at the discretion of the Authority. The public release will provide an account of the admitted breaches and all relevant details including, amongst other things, the name of the person, the breaches, investigations summary and the fines imposed, including any discount applied.

At any point during this process, the Authority may, in its discretion, decide to conclude the early settlement discussions. This decision may be as a result of a lack of cooperation by the person as displayed by, for example, failure to meet specific requests, terms or timeframes.

The Settlement Discount

This Procedure allows for the Authority to apply a discount, up to a set maximum, to a fine that it would otherwise expect to impose on a person after considering the breach and other relevant factors. The settlement discount will be applied to the usual fine, which will be determined by reference to the Authority’s penalty-setting regime4 . The decision to agree to early settlement and the level of the discount applied must take account of some key factors including:

  1. A clear determination of the amount of the financial penalty that the Authority would otherwise have expected to impose on the person had the administrative fines procedure been taken through to its conclusion;
  2. The Authority’s satisfaction with the person’s progress and/or plans at remediating the breaches; and
  3. The person’s level of cooperation with the Authority during the breach investigation.

The Authority may reduce the usual fine by a stipulated percentage subject to the stage at which the early settlement was initiated by the person by way of writing to the Authority requesting such; and based on the established criteria presented in Table A. Table A presents the four stages of the Authority’s administrative fines process for the purpose of determining the discount to be applied. For the maximum discount to be applied at any stage of the process the Authority should be satisfied that following initiation of early settlement discussions by the person, all requirements set by the Authority were fully met and that the person made good faith attempts to cooperate and provide full information to the Authority. 

Table A: Discount Criteria

Stage Discount            Description
1 Up to 40% Stage 1 refers to the period preceding the Authority’s discovery of the breach. Essentially, this applies to cases where the Authority becomes aware of the breach solely because the person advises the Authority of the breach.
2 Up to 30% Stage 2 refers to the period from the commencement of the breach investigation by the Authority until, but not including, the date on which the Breach Notice for Proposed Discretionary Fine is issued to the person.
3 Up to 20% Stage 3 refers to the period from the end of Stage 2 until the expiration of the period (including any extensions granted) allowed to the person for providing written representations in response to the Breach Notice for Proposed Discretionary Fine. In cases where these representations are submitted to the Authority prior to the set deadline, Stage 3 will end on the date on which the Authority is in receipt of the written representations. 
4 Up to 10% Stage 4 refers to the period from the end of Stage 3 until, but not including the date on which the Fine Notice of Discretionary Fine is issued by the Authority. 

In addition to the discounted fine, or instead of the discounted fine, the Authority may impose an enforcement action on the person. This enforcement action may form part of the discount agreement, and may be considered when determining the discount applied.

If the person does not enter into a binding discount agreement or fails to settle the agreed fine within the timeframes set by the Authority, the discount agreement will be void at the expiration of the period. During Stage 4 or any time prior, a further request to enter into another discount agreement negotiation may be submitted by the person for consideration by the Authority. The Authority will not consider discount agreements and/or requests for early settlements on the date of or following the issuance of the Fine Notice of Discretionary Fine.

In the event that a discount agreement cannot be agreed by all parties, the breach will be dealt with in accordance with the Manual and this Procedure.

Where the person enters into a Discount Agreement, that person may not appeal against the decision of the Authority to issue the fine or the fine amount, if the fine is no more than the amount agreed to in the Discount Agreement.

See also Schedule 1 & Schedule 2.