Registered Persons (“RPs”) are defined under the Securities Investment Business Act (“SIBA”) and are involved in various securities investment activities in the Cayman Islands. CIMA has adopted a risk-based approach to supervise these entities, focusing on their AML/CFT policies and compliance. The report outlines the key findings from inspections conducted to assess RPs' adherence to the AML Regulations (“AMLRs”) and related guidance notes, highlighting both improvements and ongoing deficiencies in compliance.
Improvements
The inspections revealed a general improvement in compliance among RPs since January 2022. Notably, RPs have improved in:
- Employee training and awareness: Employees are increasingly aware of their regulatory obligations.
- Oversight of compliance functions: Enhanced oversight by boards of directors.
- Outsourced AML/CFT compliance functions: Improvements in outsourcing policies, procedures, and risk assessments
- Risk-based approach (“RBA”): RPs are better at assessing risks related to AML/CFT
- Internal reporting: Improvements in maintaining logs relating to the reporting of suspicions and declined business.
- Record keeping: Relevant records are appropriately maintained and readily accessible to the Authority.
Weaknesses
However, significant weaknesses remain, particularly in Customer Due Diligence (“CDD”) and ongoing monitoring, with 81% of RPs indicating deficiencies in these areas. Additionally, 63% of RPs showed weaknesses in establishing an independent AML/CFT audit function.
A review of RPs’ policies, procedures, and the adequacy and effective implementation of their AML/CFT programmes, including outsourced AML/CFT functions, revealed the following weaknesses:
- Customer due diligence and ongoing monitoring: A significant number of RPs showed weaknesses in CDD and ongoing monitoring programmes. Gaps included insufficient documentation for identifying beneficial owners and inadequate ongoing monitoring evidence.
- Independent AML/CFT audit function: Lack of adequate independent audit functions, with many RPs failing to conduct effective audits of their AML/CFT controls.
- Employee training and awareness: Weaknesses in training programmes, particularly for new employees and directors.
- Oversight of compliance function: Need for improved governance structures for effective oversight from RP boards regarding AML/CFT compliance.
- Outsourced AML/CFT compliance functions: Weaknesses in outsourcing frameworks, emphasising the importance of maintaining oversight of outsourced functions.
- Assessing risk and application of an RBA: Require better documentation and implementation of risk assessment and management strategies.
- Internal reporting procedures: RPs showed weaknesses in their internal reporting procedures, particularly regarding suspicious activity reports.
- Record keeping: Lack of appropriate records management systems to ensure compliance with regulatory requirements.
- Sanctions compliance: Deficiencies in maintaining sanctions screening documentation, indicating a need for improved compliance processes.
Conclusion and recommendations
While improvements in compliance were noted, the Authority emphasises the need for RPs to address the identified deficiencies promptly. Continuous monitoring and periodic assessment of AML/CFT compliance frameworks remain essential to ensuring adherence to regulatory requirements. The Authority will continue to enforce compliance and take appropriate action against breaches.
How can we help?
Understanding and applying AML regulatory requirements can be a time-consuming process with multi-jurisdictional factors and complex structures to consider.
Our automated technology solution, tailored to jurisdiction-specific AML regulations and managed by our specialist AML team to provide an end-to-end KYC service, supports:
- Managed due diligence and ongoing monitoring
- Independent AML/CFT audit function
- AML/CFT training
- AMLCO, MLRO, and DMLRO roles
- AML/CFT risk assessments
- Sanctions screening
Contact us for more information.
