After a relatively quiet couple of years on the AML front, 2020 onwards saw a number of significant changes to the Cayman AML regime as well as pertinent industry reminders. The Anti-Money Laundering Regulations (2020 Revision) (as amended) (the AML Regulations), which replaced the 2018 Revision, apply to persons engaged in relevant financial business (as defined in the Proceeds of Crime Act (Revised)), which includes Cayman Islands regulated funds. Also in 2020, the Cayman Islands Monetary Authority (CIMA) published the updated Guidance Notes on the Prevention and Detection of Money Laundering, Terrorist Financing and Proliferation Financing in the Cayman Islands (as amended) (the Guidance Notes), replacing the 2017 version, as amended.

The updates to the Cayman AML regime during 2020 included the following key topics (amongst others):

• Removal of the Equivalent Jurisdiction List. Prior to the AML Regulations one of the factors in assessing whether it was appropriate to apply simplified due diligence (SDD) on an applicant for business was whether the applicant was from a country included on a list published by the Cayman Islands Anti-Money Laundering Steering Group called the “List of Countries and Territories Deemed to have Equivalent Legislation” (the Equivalent Jurisdiction List). However, from 5 August 2020, the Equivalent Jurisdiction List provision was removed and financial services providers (FSPs) were henceforth required to consider whether the country of the applicant for business could be considered as having a low degree of risk of money laundering and terrorist financing.
• Eligible Introducer Requirements. Rules on the use of eligible introducer letters became more stringent during 2020. The Cayman AML regime continues to permit FSPs to rely on third parties for the verification of identification of applicants and beneficial owners provided that the risks are low and where there is no suspicion of money laundering or terrorist financing. However, any AML comfort letters provided by third-party introducers of business are now required to state, in addition to the name of customer being introduced, the name of the beneficial owner(s) of the customer amongst other requirements.
• Reliance on AML service providers. FSPs, including investment funds, engaging non-Cayman service providers must specifically consider country risk prior to entering into the outsourcing arrangements. Under the reliance model, a regulated fund will rely on a third party to carry out AML in accordance with their own policies and procedures. However, where the AML service provider implements AML procedures in accordance with the anti-money laundering regime of a jurisdiction other than the Cayman Islands, the fund has to consider and document the risks associated with such reliance including country risk. In addition, it is now a requirement that for the purposes of identifying the beneficial owners of customers or applicants for business (when required under the AML Regulations), a 10% threshold (10% Threshold) must be applied, even if the AML service provider is subject to an AML regime which permits a higher threshold. It should therefore be a requirement of the appointment that the 10% Threshold is applied when carrying out identification and verification of beneficial owners (or generally that the Cayman Islands standards are adopted where the relevant standards of the third country AML regime are lower when compared to the Cayman Islands).
• CIMA Inspections of Registered Persons. In 2020, CIMA commenced inspections of registered persons under the Securities Investment Business Act (RPs) (predominantly investment managers and investment advisors). The focus of these inspections was not on investment funds, however, as RPs are subject to the same Cayman Islands AML Regime as regulated funds, certain lessons can be taken from the CIMA findings arising out of these inspections. Weaknesses were found across the spectrum of requirements for AML/CFT programmes including across employee training, outsourcing policies and risk assessments, application of the risk-based approach, on-going monitoring and the establishment of an effective audit function, amongst others. Details of the findings can be found in CIMA’s December 2022 report on its website.
• AML Officer Reminder. In an industry notice dated 7 June 2021, CIMA reminded all persons carrying out relevant financial business that they are expected and required to ensure that their AML Compliance Officers, Money Laundering Reporting Officers and Deputy Money Laundering Reporting Officers (AML Officers) are aware of their respective duties and responsibilities as set out in the AML Regulations and will act in accordance with them. CIMA further reiterated that AML Officers must be able to dedicate sufficient time for the efficient and effective discharge of their respective functions and stressed the importance of other roles not compromising their independence. CIMA Circular July 2022. CIMA published a circular on 12 July 2022 setting out the findings from on-site inspections conducted on RPs for the period 24 October 2020 to 31 December 2021 (see above). At the end of the circular CIMA reminded all FSPs (i.e. addressed not just to RPs but to all FSPs which would include regulated funds) that any breach of a law, regulation or rule or non-compliance with a statement of guidance may result in an enforcement action by CIMA.
• AML audits for RPs. On 25 January 2019, CIMA announced in a notice that it was requesting RPs (such as investment managers and advisors) pursuant to Section 5(5) of the Securities Investment Business Act (revised) to have their AML/CFT systems and procedures audited, by suitably qualified entities, for compliance with the AML Regulations. Over the last few years more clarification on the requirements of AML audits for RPs has become available. There has been no further issued guidance on AML audits for FSPs other then RPs, but the position remains that, in accordance with the AML Regulations, all FSPs (including regulated funds) are required to have in place an appropriate and effective risk-based independent audit function as may be appropriate for the ongoing monitoring of business relationships or one-off transactions. Further, the Guidance Notes anticipate that AML/CFT systems and programmes should include an audit function to test the AML/CFT system.