Most people think of the Cayman Islands as a major offshore tax and banking secrecy haven – and the regulatory requirements of operating in the jurisdiction are often brushed off as either easily-navigable or unenforced.
However, the reality is quite different.
As the compliance landscape continues to evolve and expand, the responsibility to carry out effective Know Your Customer (KYC) checks as part of a comprehensive Anti-Money Laundering (AML) framework is becoming a global standard – even in traditional bastions of banking and corporate secrecy such as the Cayman Islands.
In this article, we’ll be taking a look at the Cayman Islands Monetary Authority (CIMA)’s rules and regulations when it comes to KYC/AML and what an effective risk-based approach to Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) will look like for businesses operating in the jurisdiction.
The Cayman Islands’ AML and Countering the Financing of Terrorism (CFT) framework is made up of a comprehensive set of regulations and rules that include:
- Anti-Corruption Act
- Anti-Money Laundering Regulations
- Guidance Notes on the Prevention and Detection of Money Laundering and Terrorist Financing in the Cayman Islands
- Misuse of Drugs Act
- Penal Code
- Proceeds of Crime Act
- Proliferation Financing (Prohibition) Act
- Terrorism Act
When it comes to the regulation of businesses that are registered in the Cayman Islands, CIMA rules are centered around the following factors and responsibilities:
1. Equivalence: The Cayman Islands previously determined whether a business applicant should be subject only to simplified due diligence (SDD), and published a list of jurisdictions with equivalent protocols: if a business applicant was from a jurisdiction on the list, it could be fast-tracked for simplified due diligence. This provision was removed in August 2020, which effectively means that determining the risk level of a business (and whether they can be processed with SDD) will be carried out based on the jurisdiction of registration of a business or fund’s administrator.
2. Risk-based Approach: As with the European Union, regulated entities in the Cayman Islands all need to follow a Risk-based Approach (RBA) to compliance and AML / KYC. Cayman Islands businesses carrying out financial transactions need to carry out checks on their counterparties that identify, understand, and assess their money laundering and terrorist financing risk profile, based on the following factors and aspects:
- The jurisdiction of the customer
- The products, services and transactional profile of the customer
- Their delivery channels and areas of operation
3. Customer Due Diligence (CDD) implementation: CIMA regulations stipulate that registered businesses need to carry out CDD on counterparties in any of the following instances:
- When establishing a business relationship
- Carrying out a one-off transaction of a value equal to or more than US$10,000 (this includes a series of transactions of smaller amounts, if they appear to be linked and/or related to the same provision of services or a product)
- Carrying out a one-off wire transfer transaction
- If the counterparty is suspected of or considered high-risk for money laundering.
- If there are any doubts regarding the authenticity or reliability of their submitted KYC information
4. Ultimate Beneficial Owners (UBOs): CIMA’s anti-money laundering regulations (AMLRs) require identification and verification of beneficial owners of businesses if they own 10% or more of its shares, unless the entity has been cleared for SDD.
5. Sanctions: CIMA AMLRs have recently been updated to make specific mention of global sanctions lists and watchlists. Registered businesses need to implement and demonstrate specific protocols for complying with the Cayman Islands’ national financial sanctions directives, as well as EU and UN sanctions lists that are extended to the Cayman Islands.
6. Politically Exposed Persons (PEPs): According to CIMA, the Cayman Islands’ approach to PEPs is in line with EU regulations: PEPs need to be identified and processed in line with the higher risk they pose from an AML perspective.
Through an effective RBA, UBOs should be analyzed to determine if they are in fact a PEP or have a close relationship with one. If that is the case, EDD methods need to be applied in order to ensure that their source of funds is legitimate. In parallel, continuous monitoring needs to be carried out on their transactional behavior to ensure that there are no anomalies and that suspicious activity is effectively identified, investigated and if necessary — reported.
7. Ongoing Monitoring: As with EU and US financial regulations, financial service providers and VASPs need to carry out ongoing monitoring of their customers and counterparties in order to detect and assess any changes to their previously gathered KYC information. It is the responsibility of financial service providers to ensure that KYC and other data obtained as part of the CDD process is up to date. In addition, a customer’s transactional behavior needs to be monitored to ensure that they do not begin carrying out transactions with counterparties that are higher risk, or that they begin engaging in other high risk actions.
8. Anti-Money Laundering Compliance Officer (AMLCO): CIMA requires regulated businesses / financial service providers (FSPs) to have a designated point of contact for regulators to correspond with. The AMLCO is responsible for:
- Immediately responding to requests from regulators
- Responding to requests from authorities
- Reviewing, Developing and Maintaining the AML/CFT systems and procedures in line with the the Cayman Islands’ AML/CFT protocols
- Maintaining required records/registers, including the data of high-risk customers, a transaction register and PEP register
- Ensuring regular (at least annual) audits of a FSP/VASP’s AML/CFT program
- Advising the FSP/VASP’s management of any AML/CFT compliance issues that need to be brought to their attention
- Providing at least annual reports to the FSP/VASP’s management on the entity’s AML/CFT systems and safefuards.
VASPs in the Cayman Islands
The Cayman Islands’ VASP Act of 2020 provides the main legal framework for how VASPs need to operate and be regulated in the jurisdiction. The VASP Act has paved the way for many crypto companies and VASPs to apply for business registration and licenses in the territory as it provides a good level of regulatory certainty for the space. CIMA data shows that 55% of the VASPs registered in the territory are trading platforms with a daily transaction volume of over US$5 billion (2 to 3% of total global volumes).
As a result of this considered approach to VASP regulation – as well as its proactive steps to strengthening its AML credentials and compliance with leading global financial regulations – the territory is fast becoming a global center for crypto.
How KYC-Chain can help
KYC-Chain offers market-leading automated KYC and AML solutions that allow traditional financial services companies, fund administrators, wealth managers and other crypto companies to onboard customers securely and efficiently. Our end-to-end workflow solution allows businesses that are registered or operating in diverse global jurisdictions to comply with unique financial regulations and reduce their fraud exposure — without the need for large human compliance teams.
Our solution is dynamic and constantly being expanded to meet evolving regulatory and compliance challenges while protecting businesses against the threats of fraud and money laundering – including those operating in the Cayman Islands and many other global jurisdictions.
Are you looking for an efficient, effective and powerful KYC solution for your business? Get in touch and we can start making it happen.