1. Introduction
1.1 Background
To date criminals have continuously responded to the Anti-Money Laundering (“AML”) and Counter Financing of Terrorism (“CFT”) systems implemented within the Financial Services sector. In response to the changing criminal landscape inter-governmental and global standard setting organizations, namely the Financial Action Task Force1 (“FATF”) and Caribbean Financial Action Task Force2 (“CFATF”), have extended the scope of AML/CFT supervisory measures. In particular, the FATF now recommends the direct supervision of certain non-financial businesses, referred to as Designated Non-Financial Businesses and Professions (“DNFBPs”).
The ability of the Cayman Islands to attract customers with legitimate funds and assets not associated with criminal activity remains paramount but is highly reliant on the country’s reputation. DNFBPs within the Cayman Islands that assist in the laundering of proceeds of criminal activity or terrorist financing may adversely affect both the industry and the Cayman Island’s reputation.
In response to these factors, the Cayman Islands Government has amended the Anti-Money Laundering Regulations (“AMLRs”) , inserting Part XIIA, which defines the following businesses and professions as DNFBPs, and designates the Department of Commerce and Investment (“DCI”) as the Supervisory Authority for categories (1) – (3):
(1) real estate agents and brokers;
(2) dealers in precious metals;
(3) dealers in precious stones;
(4) firms of accountants; and
(5) firms of attorneys at law.
1.2 Responsibilities of DCI
The responsibilities of the Supervisory Authority in respect of its allocated DNFBPs are also defined within Part XIIA, section 55D (1) of the AMLRs, and include:
(1) effectively monitoring every DNFBP for which it is designated if the DNFBP is conducting relevant financial business;
(2) taking necessary measures to ensure compliance by DNFBPs referred to in paragraph (1) with these Regulations; and
(3) issuing guidance, directives and procedures to be followed by DNFBPs referred to in paragraph
(1) in order to promote compliance with these Regulations.
1.3 Purpose and Use of the Inspection Guide
This Inspection Guide (“the Guide”) seeks to clarify the purpose of On-site and Off-site Reviews conducted by DCI, and to explain the specific process and procedures underpinning them. DCI has issued Guidance Notes, which provide detailed instructions on how to ensure compliance with the relevant laws and regulation. If an inconsistency is noted between the Guide or Guidance Notes and the laws or regulations, the laws and regulations take precedent.
1.4 Objective of DCI with regard to AML/CFT
DCIs primary objective is to maintain a supervisory system that reflects international standards and to maintain compliance within the industries of the DNFBPs for which it is a Supervisory Authority, hereinafter referred to as a “Licensee(s)”. DCI achieves this objective through integrated off-site and on-site reviews, the actual processes of which are continuously updated in light of experience and changes within the industries of its Licensees.
On-site work includes a review of the Licensees' control environment, and compliance with laws, regulations and supervisory guidance. This inspection tests transactions to evaluate the effectiveness of the control environment and whether the Licensee’s duty is being upheld.
The objective of the supervisory system is to promote and foster prudent practices that enhance DNFBPs and protect the public interest. DCIs remedial powers include imposing sanctions on the Licensee.
Note: As AML/CFT issues emerge or as particular findings dictate, DCI may formulate responses that fall outside of this document.
1.5 Risk Factors
Trade Based Money Laundering (“TBML”) is one of the most common methods used by criminals to launder illegally gained funds. The specific characteristics of precious metal and stones as commodities and the significant proportion of transactions related to international trade make precious metal and stone trade vulnerable to the different laundering techniques of TBML in general and through over/under valuation in particular.
Due to the international nature of the Real Estate sector, it is often extremely difficult to identify real estate transactions associated with Money Laundering (“ML”) or Terrorist Financing (“TF”). The facilities the sector may provide obscure the true source of the funds and the identity of the (ultimate) beneficial owner of the real asset.
2. Risk Based Approach
The FATF Recommendations require countries to adopt a risk-based approach to combatting ML/TF. By adopting a risk-based approach DCI is able to effectively and efficiently allocate resources and realize its objectives. There are two key components to a RBA :
(1) An assessment of the entities ML/TF risks; and
(2) Implementing appropriate measures to manage and reduce the identified risks.
DCI assesses the ML/TF risks posed by DNFBPs based on relevant factors, including but not limited to the below, and determines the frequency and scope of its AML/CFT supervision based on that assessment:
• Findings of the National Risk Assessment ("NRA")
• The size of the Licensee
• The adequacy of the Licensee's AML/CFT controls
• The inherent vulnerability of the product/service(s) offered by the Licensee
• The presence of any "red flags" such as adverse media
• The nature and structure of the Licensee
3. Methodology
DCI supervises AML/CFT compliance through a combination of off-site and on-site reviews. Off-site activities include policy and procedure reviews, and on-site activities include visits to operators’ premises, face-to-face meetings and file reviews
The frequency and scheduling of on-site visits is determined using the Licensee’s risk assessment, the time since the latest AML/CFT review, and the availability of DCIs Officers.
DCI Engagement Approach:
Training
•Training events tailored to DNFBPs to ensure key stakeholders understand the fundamental components and requirements of the Cayman Islands AML/CFT regime, thus promoting compliance
Officers
•Meetings with MLROs, Deputy MLROs and Compliance Officers to determine if they understand the requirements of their role and are an appropriate appointee
Inspection
•An off-site review of key documents, including policies, procedures and KYC documentation.
•On-site review, typically over a half-day, including interviews with key stakeholders and ad-hoc inspections of KYC documentation
•Production of a detailed inspection report, noting findings and requirements
Follow-Up Inspection
•Follow-up inspections are aimed at Licensee's for whom deficiencies were identified a recent inspection, or for whom a significant change to the business has occured.
4. Inspection Process
Inspections and Follow-Ups will typically comprise of three parts:
(1) An off-site review for which we will request information and documentation regarding the Licensee’s policies, procedures and systems;
(2) An on-site review, during which a demonstration of how those policies, processes and systems are applied and operated, and evidence whether they are effective. In particular a sample of customer files will be inspected; and
(3) A period in which the inspection report is drafted and any queries resolved.
4.1 Pre-Review
DCI’s Officers will endeavor to provide notice prior to an on-site review, and where possible will arrange a mutually agreeable date and time to meet with the Licensee. However, DCI is not required to provide notice. DCI’s initial documentation and information requests will be submitted in writing alongside notification of the upcoming review.
Supplying the requested documentation and information in a timely manner will enable DCIs Officers to perform their off-site review ahead of the site visit. It is the responsibility of the Licensee to make information available to DCI without delay.
The law expects that Licensees are both willing and able to combat ML/TF. As such, a Licensee that is late in supplying information may be asked to formally explain the underlying reasons for the delay/noncompliance. If the Licensees inability to supply documentation arises from uncertainty over what DCI has requested, DCI must be contacted immediately.
A list of the AML/CFT documentation and information that may be required for an ‘Inspection’ visit is provided below:
(1) AML/CFT Policies and Procedures, e.g. AML Manual, Compliance Manual etc.
(2) AML/CFT Employee Training Records
(3) AML/CFT Training Materials
(4) Customer Database Summary (Appendix C)
(5) Board Meeting Minutes regarding AML/CFT
(6) Results of any Internal Reviews or Audits regarding AML/CFT
(7) Organizational Structure(s):
(i) Senior Management team of the Licensee; and
(ii) Group Structure of the Licensee (if applicable)
If not included within (1) to (7) as above, the Licensee should also provide:
(1) An up-to-date Risk Based Assessment (“RBA”) of their business. As per the AMLRs, considerations should include:
(iii) The Licensee’s applicants/customers (including beneficial owners);
(iv) The country or geographic area in which persons under (i) above reside or operate and where the Licensee operates;
(v) Products, services and transactions that the Licensee offers; and
(vi) The Licensee’s delivery channels.
(2) A list of the jurisdictions which the Licensee considers to be higher risk for the purposes of ML/TF
(3) Procedures that set out Customer Due Diligence (“CDD”), Enhanced Due Diligence (“EDD”), and Simplified Due Diligence (“SDD”) requirements
(4) Procedures regarding sanctions, and actions taken upon identification of a sanctioned individual/corporation
(5) Procedures regarding Politically Exposed Persons (“PEPs”), and actions taken upon their identification
(6) Procedures for filing Suspicious Activity Reports (“SARs”)
(7) Procedures for Record Retention in terms of AML/CFT
(8) Staff vetting procedures
(9) The level and extent of automated AML/CFT systems
The documents requested for a ‘Follow-Up’ visit are typically tailored to the circumstance resulting in the visit, and as such cannot be generically summarized – although would likely include a number of elements detailed as for an Inspection.
The above is not an exhaustive list, and Licensees may be requested for additional AML/CFT documentation or information (particularly those Licensees providing bespoke products and services).
4.2 Off-Site Review
DCIs Officers would perform an analysis of the documentation and information collected, as in section 4.1, to identify areas of concern and to better inform and streamline the On-Site Review process. During the off-site review stage, further information may be requested.
The findings from this Off-Site Review can therefore be confirmed with Management in a timely manner, and included within the subsequent report of findings.
4.3 On-Site Review
At least one Director plus the Money Laundering Reporting Officer (“MLRO”), or the Deputy MLRO, and the Compliance Officer (“CO”) should be present for any On-Site Review. If for any reason this is not possible, please inform DCI at the earliest opportunity so that alternative arrangements can be made.
DCI’s Officers will require a private room or convenient area to operate. During the visit the Licensee will be asked to answer questions and may be asked to provide demonstrations of their systems.
Example demonstrations may include:
(1) Run reports to highlight customers that have exceeded the qualifying payment threshold
(2) Provide a demonstration of how the system/process identifies and deals PEPs or sanctioned individuals
(3) Provide a demonstration of how the system/process handles customers from certain jurisdictions
(4) Provide the CDD files of a business participant as sampled by DCI from the Customer Database Summary, in particular demonstrating their risk assessment history, their identification details and their AML/CFT history
(5) Demonstrate the Licensee’s ongoing monitoring system/process
(6) Provide some recent cases where ongoing monitoring has identified unusual patterns or behaviour
(7) We may wish to speak to members of staff on the day to assess their understanding of internal policies and training requirements in relation to AML/CFT.
4.4 Post-Review
A draft report will be sent to the Licensee within 6 months of the Licensee’s on-site visit and will discuss:
(1) The topics covered;
(2) A brief overview of the responses provided;
(3) DCI’s observations;
(4) Any areas noted as deficient; and,
(5) Where appropriate, actions required to address any deficiencies.
The Licensee will be invited to comment on the factual accuracy of the report in order for DCI to take any comments into consideration before issuing the final report.
The report findings plus completion of any actions arising from the visit will be taken into account in the DCI’s risk based approach to AML/CFT (Section 2).