FATF grey list
At the conclusion of the Financial Action Task Force (“FATF”) October 2023 Plenary meeting on October 27 2023, the FATF removed the Cayman Islands from the list of jurisdictions under increased monitoring (the “grey list”).
The Cayman Islands Ministry of Financial Services issued the following press release:
While we do expect the European Commission to follow suit and remove the Cayman Islands from its list of high-risk third countries, it may be towards the end of December before an official update is provided (noting that the outcomes of the June 2023 FATF Plenary were updated on August 18 2023).
The European Commission had previously given a commitment in May 2022 that they would begin their steps to delist once the FATF removed the Cayman Islands from its grey list:
Revised Anti-money laundering guidance notes
On August 30 2023, the Cayman Islands Monetary Authority (“CIMA”) published revised Guidance Notes in the Cayman Islands Gazette on the Prevention and Detection of Money Laundering, Terrorist Financing, and Proliferation Financing in the Cayman Islands
The key changes include:
E-KYC and digital ID
The authority expects that once the financial service provider (“FSP”) is satisfied that it knows the assurance levels of the digital identification (“ID”) system, it should evaluate whether the digital ID system is adequate, in the context of the relevant illicit financing risks, under a risk-based approach to customer due diligence (“CDD”):
- Customer identification and verification methods should align with the FSP’s risk assessment of its customers, so the decision to onboard a customer remotely, using electronic Know Your Customer (“e-KYC") methods and digital ID technologies, should be dependent on the risks presented and assessed, and where applicable consider the application of tiered CDD.
- FSPs should consider the basic components of the technology solution, including digital ID/e-KYC systems and take an informed risk-based approach to rely on these when conducting non-face-to-face remote onboarding or ongoing monitoring of business relationships.
- FSPs should carry out formal risk assessments of the new technology solution, including e-KYC/digital ID technology which include documented consideration of how the proposed system works, the level of assurance that it provides, and any particular risks associated with it, inter alia, accuracy of the underlying information and/or technology, appropriateness of the application for the licensee's client base (i.e., some applications are aligned to verify identification within a specific region), timeliness of the applications' updates (i.e., sanctions lists), evaluation of the cyber security measures of the application, storage of personal information, etc.
- Customer identification and transactions that rely on reliable e-KYC/independent digital ID systems with appropriate risk mitigation measures that meet ISO/IEC technical global standards for digital ID systems may present a standard level of risk and may even be lower risk where higher assurance levels are implemented and/or appropriate money laundering and terrorism financing risk control measures, such as product functionality limits, are present.
E-KYC and digital ID - Policies and procedures
FSPs should have robust documented policies and procedures in place to ensure a consistent and adequate approach to relying on new digital ID system/technology solutions for CDD purposes. These may include (but are not limited to):
- A tiered CDD approach that leverages the new technology solutions with various assurance levels;
- Policies for the secure electronic collection and retention of records by the new technology solutions;
- A process for enabling authorities to obtain from the new technology solutions the underlying identity information and evidence needed for identification and verification of individuals;
- Anti-fraud and cybersecurity processes to support e-KYC/digital ID proofing and/or authentication for anti-money laundering and counter-terrorism financing efforts resulting from the new technology solutions;
- Back-up plans for instances where the new technology solutions fail;
- A description of risk indicators that would prompt a FSP to use new digital ID system/technology solutions; and
- Procedures for the regular, ongoing, and independent review of the effectiveness of the new systems and processes used.