CIMA Regulatory Update: June 2023 to December 2023

Preface

This update reports on legislative and regulatory activities at the Cayman Islands Monetary Authority (the “Authority” or “CIMA”) for the period June 2023 to December 2023. If you wish to receive an email notification when the next edition of this report is available, you can subscribe using the E-Alert function on the Authority’s website.
 

Legislative Changes

Amendments to various Acts were gazetted on 26 May 2023 and published on the Authority’s website which expand CIMA’s powers to impose administrative fines, provide for the liability of partnerships, and limited liability partnerships, exempt limited partnerships and unincorporated associations for offenses, in addition, to provide for disclosures and the sharing of information, and further for incidental and connected purposes. The updated Acts are as follows:

1. Monetary Authority Act (Amendment) Act, 2023
2. Companies Management (Amendment) Act, 2023
3. Directors Registration and Licensing (Amendment) Act, 2023
4. Insurance (Amendment) Act, 2023
5. Money Services (Amendment) Act, 2023
6. Securities Investment Business (Amendment) Act, 2023
7. Virtual Asset (Service Providers) (Amendment) Act, 2023

Regulatory Updates

1) Regulatory Policy on Consolidated Supervision

The revised policy was published on the Authority’s website in November 2023. The revised policy seeks to ensure effective consolidated supervision of regulated entities that are part of a group. This includes ensuring that the Authority has mechanisms in place to identify, assess and mitigate the risks posed to a regulated entity, and its branches, by other members of a group to which the regulated entity belongs.

2) Guidance Notes on the Prevention and Detection of Money Laundering, Terrorist Financing, and Proliferation Financing in the Cayman Islands, August 2023 (the “AML GNs”)

The Authority published the AML GNs as of 30 August 2023 which replaces the previous version of the AML GNs of June 2020. The revision represents the consolidation of the e-KYC and Remote CSS/Ongoing Monitoring Provisions (Amendment) (August 2023); the AML GNs for Securitization (May 2021) and the AML GNs for Virtual Asset Service Providers (February 2021).

3) Rule and Statement of Guidance – Nature and accessibility, and Retention of Records for Licensees Conducting the Business of Company Management

The Rule and Statement of Guidance was gazetted and published on the Authority’s website on 30 August 2023 and will come into effect from 1 April 2024. The Rule and Statement of Guidance ensure that natural persons and entities regulated and registered under the regulatory Acts as defined in the Monetary Authority Act (as amended) maintain their records in a manner that promotes accessibility, retention, and appropriate security.

4) Rule and Regulatory Policy on Domestically Important-Taking Institutions

The Rule and Regulatory Policy was gazetted and published on the Authority’s website on 26 May 2023 and will come into effect on 27 May 2024. The rule and policy apply to all deposit-taking entities designated by the Authority as Domestic Systematically Important Deposit-Taking Institutions. The Authority will continue with its initiatives on the implementation of the rule and policy.

5) Rule and Statement of Guidance on Corporate Governance for Regulated Entities

The Rule and Statement of Guidance was gazetted and published on the Authority’s website on 17 April 2023 and came into effect on 14 October 2023. The measure applies to the Governing Body of all regulated entities and is subject to proportional application as outlined in the relevant sections of the rule.

6) Rule and Statement of Guidance on Internal Controls for Regulated Entities

The Rule and Statement of Guidance was gazetted and published on the Authority’s website on 14 April 2023 and came into effect on 14 October 2023. The measure sets out the Authority’s requirements and minimum expectations on internal controls for all entities regulated by the Authority under the regulatory acts as defined in the Monetary Authority Act (as amended) subject to proportional application as outlined in the relevant sections of this rule.

Status of External Assessments

1) The Financial Action Task Force – Removal of the Jurisdiction from the FATF Grey List.

On 27 October 2023, FATF announced its decision to remove the Cayman Islands from its anti-money laundering (AML) "Grey List” after determining that the country’s AML regime now meets the global standard.

2) Commencement of the European Union’s AML Delisting Process

The European Union (EU) Commission published a delegated regulation on December 2023 regarding the removal of the Cayman Islands from its AML List, marking the first official step towards the Cayman Islands’ delisting from the EU AML list. This regulation is not yet in force and further developments are expected in the near future.

3) Removal of the Jurisdiction from the United Kingdom’s High-risk third countries for AML/CFT/CPF purposes.

As of 5 December 2023, the UK Government officially removed the Cayman Islands from its list of high-risk third countries for AML/CFT/CPF purposes. His Majesty’s Treasury published the regulations in December 2023, following the removal of the Cayman Islands from the FATF’s AML grey list in October 2023.

4) Response to EU Code of Conduct Group’s (“COCG”) recommendations on monitoring collective investments vehicles (“CIVs”) substance requirements in the Jurisdiction

As part of the outcome of the EU COCG’s meeting on monitoring the implementation of the legal framework concerning CIVs in the Cayman Islands, a recommendation was made that a coordination mechanism between the authority competent for the supervision of CIVs with the company registry must be completed at the earliest. To this end, the Authority and the General Registry (under the Ministry of Financial Services and Commerce) have implemented an ongoing data reconciliation mechanism to ensure that all CIVs operating as funds within the jurisdiction are duly registered as such with the Authority. Another recommendation required that the Authority continue to undertake compliance actions targeting CIVs and embark on undertaking compliance actions targeting entities, in order to verify their out-of-scope status. To this end, it may be noted that the reconciliation has been performed for multiple quarters, with outreach by the Authority, as necessary, to request remediation of Registry data, details on investigations, and referral of matters to the Financial Crime Investigations Unit.

Consumer Education & Industry Outreach

Deposit-Taking Institutions

To help consumers make informed decisions during their transaction activities, the Authority publishes a summary of fees charged by domestic deposit-taking institutions. The list is updated quarterly and includes fees such as cheque cashing, cheque deposits, cash withdrawals, and deposits for account and non-account holders but does not include all fees charged by the institutions. The most recent summary was published as of 1 November 2023. Although these deposit-taking institutions are currently registered and regulated by the Authority, the Authority does not control fees as such charges are commercially driven.

Insurance

To provide guidance to insurers on conducting a suitable stress testing framework as an effective risk management tool, the Authority published guidance through a supervisory circular on 28 June 2023 for insurers to follow in developing and implementing stress testing activities. These guidelines do not restrict an insurer from conducting additional stress testing other than that recommended by these guidelines if an insurer deems it appropriate.

Cybersecurity and Cyber Resilience

In today’s world, cybersecurity and cyber resilience are key components of every financial institution and the loss of access to data or, potentially worse, the public disclosure of confidential or proprietary data can cause significant financial losses and reputational impact on financial institutions and their clients. The Authority published its Thematic Cybersecurity Review Report (the “Report”) in June 2023. The Thematic Review spanned from regulated entities within the banking, insurance, and securities sectors with the Report providing insight into good practices and areas of concerns of these regulated entities. The objective of the Report is to raise awareness and improve compliance standards in cybersecurity, amongst regulated entities.