13 April 2023Analysis

CIMA digests money laundering feedback

The Cayman Islands Monetary Authority (CIMA) has announced that it is in the process of digesting feedback from the private sector on proposed amendments to guidance notes relating to the prevention and detection of money laundering, which would have implications for the digital identification and remote onboarding of clients.

CIMA published its Private Sector Consultation Paper: Amendments to Guidance Notes on the Prevention and Detection of Money Laundering, Terrorist Financing and Proliferation Financing in the Cayman Islands (5 June 2020) – e-KYC and Remote CDD / Ongoing Monitoring in December 2022.

The deadline for representations and feedback from the private sector was February 1, 2023.

The proposed amendments support guidance issued by the Financial Action Task Force (FATF) on digital identification and would provide for remote onboarding of clients and the use of e-KYC and digital ID technologies on an ongoing basis (where appropriate based on the risk assessment of clients).

It is unclear if the amendments – or any feedback from the private sector – will have implications for clients, but given the high-profile nature of this issue, it is worth keeping an eye on.

CIMA said that it would also like to remind clients of the importance of clients complying with various policies and procedures set out by CIMA as they relate to cyber security. There has been an increased emphasis on cybersecurity compliance during inspections by the regulator and it is better to be prepared.

CIMA registrants and licensees must comply with a number of rules and a Statement of Guidance and illustrate that they have adopted and implemented various policies and procedures.

CIMA will review compliance with these policies and procedures during an inspection. In particular, it recommends clients familiarise themselves with the Statement of Guidance on “Cybersecurity for Regulated Entities and ensure they are compliant – and can illustrate that.

In early January, CIMA issued explicit instructions on its expectations around companies’ internal audit plans for 2023.

A circular, addressed to both SIBA Licensees and Registered Persons, stipulated that it expects entities to “undertake regular internal audits of their controls and infrastructure to ensure that they are suitably robust in consideration of the nature and scale of their operations”.

In addition, CIMA requested that all SIBA regulated entities provide a schedule of the internal audit reviews scheduled for 1 January 2023 through to 31 December 2023. It also reminded entities that it expects to receive any issued internal audit report within three months of the completion of the review.