Key Findings from On-site Inspections of Registered Persons

This circular outlines the findings from the Cayman Monetary Regulatory Authority International (“Cmrai” or “the Authority”) based on on-site inspections conducted on Registered Persons (“RPs”) as per schedule 4 and section 5(4) of the Securities Investment Business Act (“SIBA”). These inspections took place between 24 October 2020 and 31 December 2021. The scope and methodology used for these inspections are detailed in Annex 1.

The Authority identified several weaknesses in areas concerning anti-money laundering (“AML”), countering the financing of terrorism (“CFT”), countering proliferation financing (“CPF”), and targeted financial sanctions (“Sanctions”) (collectively referred to as “AML/CFT”). All RPs are reminded of their regulatory obligations and should ensure that their policies, procedures, systems, and controls meet the required standards as laid out in relevant legislation, regulations, and guidance notes.

Significant deficiencies were observed in the following areas:

• AML/CFT policies and procedures;
• Customer due diligence (“CDD”) and ongoing monitoring;
• Employee training and awareness programmes;
• Oversight of outsourced AML/CFT compliance functions;
• Implementation of an independent, risk-based AML/CFT audit function;
• Governance oversight by the Board of Directors or equivalent;
• Internal reporting policies and procedures;
• Risk assessment and application of a risk-based approach (“RBA”);
• Record-keeping policies and procedures.

RPs are advised to carefully review these findings and ensure that their AML/CFT frameworks are compliant with the standards required. It is important to note that RPs may be subject to future inspections by the Authority, and any deficiencies should be addressed promptly. The Authority appreciates the remediation efforts already undertaken by several RPs.

In a broader context, all Financial Service Providers (FSPs) are encouraged to use this circular to enhance their AML/CFT compliance measures. By improving their policies, ongoing monitoring, training, and oversight, FSPs can mitigate the risk of their services being misused for financial crimes.

Executive Summary of the Inspections

This circular is based on two sets of data: overall findings per RP and findings related to customer due diligence (CDD) and risk assessments across reviewed files.

Overall Findings Per Registered Person (RP) Inspected

A review of RPs' policies, procedures, and the implementation of their AML/CFT programmes (including outsourced compliance functions) revealed several weaknesses, as outlined in the table below:

Identified Areas	% of RPs with Indicated Weaknesses
Customer identification, verification, and ongoing monitoring	79%
Risk-based approach (RBA)	62%
Internal reporting procedures	59%
Sanctions compliance systems and controls	43%
Independent periodic AML/CFT audit evaluations	38%
Procedural manual updates to reflect changes in the Cayman Islands regulatory framework	34%
Record keeping	25%
Employee screening during recruitment and annually thereafter	11%

Customer Due Diligence (CDD) and Risk Assessment Findings Across Reviewed Files

The review of customer files revealed specific weaknesses, including:

• Missing or inadequate CDD documentation: 36% of files lacked sufficient documentation to verify the identities of ultimate beneficial owners or relevant parties.
• Customer risk assessments: 21% of files showed insufficient documentation on risk factors considered when determining a customer’s overall risk profile.
• Ongoing monitoring: 19% of files lacked adequate documentation of periodic customer file reviews and transactional monitoring.
• Sanctions compliance: 17% of files lacked proper documentation of sanctions screening procedures.
• Source of wealth/funds verification: 3% of files lacked documentation proving the customer's source of wealth or funds.
• Enhanced due diligence (EDD) measures: 3% of files lacked evidence of EDD measures for high-risk customers.
• Simplified due diligence (SDD) measures: 1% of files lacked documentation justifying the use of SDD for low-risk customers.

Conclusion and Recommendations

The inspections revealed significant weaknesses in the AML/CFT frameworks of many RPs, particularly in areas such as CDD, ongoing monitoring, employee training, compliance oversight, internal reporting, and risk assessment. The Authority has issued specific requirements for each inspected RP, expecting them to address the deficiencies in a timely and comprehensive manner. Where appropriate, the Authority has taken or will take enforcement action to ensure compliance.

The Authority encourages all RPs to review their AML/CFT frameworks, ensuring they comply with the Cayman Islands' regulatory standards. Regular assessments and updates to compliance programmes are essential to managing risks effectively and protecting the financial system from abuse.

The Authority will continue to carry out both on-site inspections and offsite monitoring as part of its supervisory mandate. RPs and FSPs should be aware that breaches of AML laws, regulations, or guidance may lead to enforcement actions, including the imposition of administrative fines.

References

1. Applicable Securities and AML/CF Legislation
2. Securities Regulatory Rules and Guidance Notes

Annex 1: Scope and Methodology for the Inspections

This Circular is based on findings from inspections conducted on fifty-three (53) RPs, with final reports issued between 24 October 2020 and 31 December 2021. The table below outlines the services provided by the RPs inspected:

Service(s) Offered by RPs Inspected	Number of RPs
Securities Manager	29
Securities Advisor	11
Broker Dealer	1
Securities Arranger	2
Securities Manager/Advisor	3
Securities Manager/Arranger	1
Securities Advisor/Arranger	1
Securities Manager/Advisor/Arranger	5
Total	53

The inspection process included an assessment of corporate governance frameworks, AML/CFT compliance programmes, and the operational effectiveness of AML/CFT controls. Sample customer files were reviewed to evaluate compliance with the applicable AML/CFT standards of the Cayman Islands.