To address the findings in the CFATF Mutual Evaluation Report, the Cayman Islands in 2019 undertook a risk assessment of the Excluded Persons (“SIBL EPs”) registered under the Securities and Investment Business Law (as revised) (“SIBL”). Of note, the Mutual Evaluation Report stated that the lack of data and information on this sub-sector had not permitted the Cayman Islands to fully assess the risks associated with the activities in the securities sector. While SIBLEPs, were always required to comply with the AML/CFT legislation in the Cayman Islands, they were not subject to comprehensive supervision to ensure that they fulfilled these legal requirements.
On behalf of the Anti-Money Laundering Steering Group, please find the attached report: National Risk Assessment of Money Laundering and Terrorist Financing (ML/TF) – Excluded Persons under the Securities Investment Business Law (“SIBL EP Risk Assessment”).
In 2019, the Cayman Islands Monetary Authority (the “Authority”) conducted a comprehensive data collection exercise for SIBL EPs, requiring information to be provided on 5 risk categories: nature, size and complexity of business, customer types, product and services, geographic exposure, and delivery channels. Of 2372 SIBL EPs registered with the Authority at that time, 94% provided a response to the data request, resulting in a comprehensive representation of the sub-sector. The analysis of the data concluded that the risks arising from the geographic exposures of SIBL EPs were Medium Low. However, a Medium-High risk of ML/TF was assigned to the other risk categories. This resulted in a Medium-High rating for the entire sub-sector.
In accordance with AML/CFT international standards set by the Financial Action Task Force, persons conducting relevant financial business should be aware of the risks, threats and vulnerabilities posed to the jurisdiction’s financial system in order to take effective action to mitigate them. This is underscored by regulation 8 (2)(e) of the Anti-Money Laundering Regulations (2020 Revision) which states:
“A person carrying out relevant financial business shall - implement policies, controls and procedures which are approved by senior management, to enable the person to manage and mitigate the risks that have been identified by the country or by the relevant financial business”
As of January 15, 2020, SIBL EPs no longer exist as a category under the SIBL. The legislation has been reformed to enhance this regime. Entities previously registered as SIBL EPs that wish to continue providing services were required to submit application forms to re-register with the Authority in order to be assessed for approval as “Registered Persons” and are subject to authorisation and AML/CFT supervisory engagement similar to all other financial service providers under the Authority’s mandate. This includes onsite
inspections, reporting requirements as well as fitness and propriety tests for beneficial owners, shareholders and directors. Notwithstanding the change in the regime, the risk assessment conducted on SIBL EPs provides relevant information on the AML/CFT risks faced by the entities conducting securities investment business as Registered Persons.
While the supervisory regime has been enhanced, Registered Persons, their service providers and customers must be aware of the risks posed to this sub-sector. The Authority encourages licensees/registrants to take heed of the findings of this SIBL EP Risk Assessment and consider how your business model is susceptible to such risks as well as how your AML/CFT systems, controls, policies and procedures can be strengthened to further mitigate the risks identified. The table outlined in paragraph 8 of the SIBL EP Risk Assessment report provides useful details of higher and lower risk factors relating to customers, products and delivery channels and country risks. Registered Persons and their service providers should consider these in their own risk assessment models.
Entities conducting relevant financial business with Registered Persons are to review the SIBL EP Risk Assessment to ensure they understand the contents. Please be minded that your Registered Person risk assessment should be consistent with the SIBL-EP risk assessment. It is important to note that “consistent” does not mean identical; rather differences should be explained. Your risk assessments should include factors from the national-level SIBL-EP risk assessment. You must also consider whether you are exposed to any of the higher risk products, services, jurisdictions, scenarios etc. identified in the SIBL-EP Risk Assessment. If you are, you must implement procedures to manage or mitigate those identified risks.
The details outlined in the SIBL EP Risk Assessment report is solely for internal use by licensees/registrants for the benefit of building greater awareness of the AML/CFT risks facing the SIBL sub-sector and to enhance preventative measures to reduce such risks.