Cayman Islands: Q&A – The Cayman AML Regime: Service Providers, Delegation And The "Risk Based Approach"

What do you think was the authorities' goal in making further amendments to the AML Regime in 2018?

The Anti-Money Laundering Regulations, which came in to force in October 2017 and the accompanying Guidance Notes, which were published in December 2017 sought to close gaps that remained between Cayman's robust anti-money laundering regime and the Financial Action Task Force 2012 recommendations.  The Cayman Islands government and the Cayman Islands Monetary Authority (Authority) are well aware that it is imperative that the Cayman Islands is not only perceived to, but does in fact, play a central role in the global fight against money laundering and terrorism financing.  At the same time, there is a deep understanding of the need to remain competitive and commercial. 

The changes published in 2018 are a reflection of the careful balancing act Government and the Authority must play between imposing a robust AML regime and ensuring it can actually work in practice within the existing framework of an established industry.  The amendments are the outcome of industry consultation with the Authority throughout 2018; it was essential to obtain this further guidance addressing how certain new requirements of the AML Regulations will actually work in practice.

How would you characterise the significance of the changes made in the 2018 amendments?

Anti-money laundering efforts will undoubtedly be an area of increased focus for relevant financial businesses, such as investment funds and managers. However, it is clear from developments over the course of 2018 that much of the established industry practice remains unchanged; concerns of total upheaval within the industry have been allayed and given the size of the financial services industry in Cayman, the significance of this cannot be underestimated.  In particular, the practice of reliance on third party service providers to help meet AML obligations remains an option; express clarification that this deeply entrenched practice can remain has been hugely important.

Was there significant confusion previously around the difference between delegation and reliance?

Generally there was a clear understanding of the reliance concept, it being the predominant compliance option taken by investment funds.  It is for this very reason that funds did not historically have to appoint AML officers or adopt AML manuals – they simply relied upon their chosen administrator and such administrator's own AML officers and AML manual. Whether it was widely appreciated how and why  this form of reliance differed to "delegation", I do not know. In any event,  delegation is rarely used in the funds industry; it would require a third party to apply a fund's own AML manual (and most third party service providers are not comfortable doing this). 

What are some of the practical implications arising from the changes?

The bigger picture remains unchanged; what has changed (or, in some respects, been clarified) is the detail.

Service providers who are being relied upon to help funds or other businesses meet their AML obligations may now be asked to take on additional duties, such as the provision of AML officers and conducting risk analysis for their clients (not only on customers but also on business activity).  Reporting on AML matters will likely increase; oversight by, and ongoing and regular dialogue with, the newly appointed AML compliance officer will become the norm. There will certainly be greater scrutiny of service providers to determine and (crucially) document whether it is reasonable to rely upon them; it is now necessary to consider what might be the risks of relying on a particular service provider, particularly where such service provider is not itself subject to the Cayman Islands AML regime.

Are there any additional key points or messages you think service providers or compliance officers should know about these changes?

Whilst the focus on a 'risk based approach' helpfully moves away from a "check box" approach to anti-money laundering compliance, by allowing different businesses to assess their own risks and tailor their policies and practices to those risks, it places an additional administrative burden on businesses (and in particular, compliance officers and directors).  In the face of a new administrative fines regime, enhanced fines under the AML Regulations and potential personal liability on AML officers, it is essential that businesses are properly considering and documenting their rationale and their decisions not only when their policies and practices are developed but as they evolve and are implemented over time.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.