KYC.IO

Global Regulations and Requirements for KYC Onboarding
(powered by KYC-Chain)

KYC to onboard domestic persons

passportaddressdriving licensepublic utility billsource of income

KYC to onboard international persons

passportaddress

corporate requirements

Memorandum&Articles of Associationcertificate of incorporationregister of membersdirectors and officers, authorised signatory lists

National ID card name

Documento Nacional de Identidad

Does the country have Esignature Laws?

THE ELECTRONIC TRANSACTIONS LAW

E-sig law files

What year did the relevant AML laws and regulations become effective?

1996

Further details on AML regime

1996. However the Proceeds of Crime Law, enacted into legislation in Sept 2008, repealed the previous Anti Money Laundering Law (the Proceeds of Criminal Conduct) in order to bring harmonisation with all other laws that could encompass money laundering. Additionally, and as a result of the introduction of the Proceeds of Crime Law, the Money Laundering Regulations (2015 revision) and the Guidance Notes (“Guidance Notes”) on the Prevention & Detection of Money Laundering in the Cayman Islands (Aug 2015 revision) were also amended.

Who is the regulator for AML controls for Banking

The regulator for AML controls is the Cayman Islands Monetary Authority (“CIMA”)

Link to site

http://www.cimoney.com.ky

Other financial Services

N/A

Website of Regulator

N/A

Financial Sector regulator

N/A

Practical Guidance for AML

Yes, CIMA has issued the Guidance Notes

Practical guidance PDF's

aml_cft.aspx

Is there a requirement to verify the identity of customers retroactively?

Yes

Retroactive details

Yes

Has the country been the subject of FATF mutal evaluation in the last 3 years?

The country was subject to an IMF inspection in 2009

PDF of FATF review

eca.aspx

Are there minimum transaction thresholds (Y/N)

Yes

More details on minimum transaction thresholds.

Yes, customer due diligence is not required for one-off transactions of less than KYD15,000 (approx. USD20,000).

What are the requirements for customer identification information for individuals

Individuals: certified photo identification (usually passport); verification of residential address (driving licence or utility bill etc.); source of funds and understanding of source of wealth.

Details to be Collected on Corporates

Corporates: must identify the company, its directors and beneficial owners of 10% or more of the company's holdings. Company items such as Memorandum and Articles of Association, Certificate of Incorporation, register of members, directors and officers, authorised signatory lists, financial statements etc. are required on acceptance of new business. Further, due diligence on at least two directors and due diligence on beneficial owners of greater than 10% as described for individuals or 'natural persons' as above.

What are the high level requirements around beneficial ownership (identification and verification)?

All beneficial owners of 10% or greater of a company's holdings must be identified/verified. Beneficial owners below 10% should be identified if the entity appears structured to avoid this requirement. Note

What circumstances are enhanced customer due diligence measures required?

Local guidance includes information on enhanced due diligence for PEPs, high risk countries or other higher risk businesses, such as not for profit associations (including charities).

How should FI's deal with Politically exposed persons

Local guidance requires senior management approval, reasonable measures to establish source of wealth and funds and enhanced ongoing monitoring.

What enhanced due diligence must be performed for correspondent banking relationships?

No enhanced due diligence measures required for regulated correspondent banking relationships (see also response to A16 below).

Are relationships with banks who might be considered a 'shell' and without substance permitted?

The Money Laundering Regulations (2015) Revision state that no person conducting relevant financial business should form a business relationship or carry out a one-off transaction, with any institution that has no physical presence in the territory in which it is incorporated or in which it is carrying on such business and is unaffiliated with a regulated financial group that is subject to consolidated supervision. Further clarification on correspondent banking relationships with shell banks is provided in the Money Laundering Guidance Notes

In what circumstances is additional due diligence required for non face-to-face transactions and/or relationships?

In response to a recommendation from the CFATF (“Caribbean Financial Action Task Force”) during their 2007 evaluation of the Cayman Islands’ money laundering regime, the Guidance Notes on Money Laundering have been amended to indicate that financial institutions should have policies and procedures in place to address any specific risks associated with non-face-to-face business relationships or transactions.

To whom are SAR's made? (suspicious activity reports)

Financial Reporting Authority (“FRA”)

Link to website of SAR reporting

http://www.fra.gov.ky

Other Suspicious or unusual transactions obligations.

Other than SARs, payment service providers are required to report to the FRA if they restrict or terminate business relationships with its payee service providers due to the payee service provider regularly

Are there any de-minimis thresholds below which transactions do not need to be reported?

KYD15,000 (approx. USD20,000).

Are there any penalties for non compliance with reporting requirements e.g. tipping off?

Yes, per section 139 of the Proceeds of Crime Law, a person is guilty of an offence if they know or suspect that a report is about to, or has been made and discloses to any other person information which is

Are there any requirements (legal or regulatory) to use automated Suspicious Transaction monitoring technology?

No. While the use of automated mechanisms to monitor suspicious transactions is suggested by the Guidance Notes as best practice, it is recognised that this may not be cost effective for all companies. As such there is no legal or regulatory requirement to use automated suspicious transaction monitoring technology.

Is there a requirement to obtain authority to proceed with a current/ongoing transaction that is identified as suspicious?

There is no requirement to obtain authorisation from the FRA to proceed with a current/ongoing transaction that is identified as suspicious unless criminal proceedings have commenced and the matter

Does the local legislation allow transactions to be monitored outside the jurisdiction?

There is no explicit direction in local legislation on monitoring transactions outside the jurisdiction. However the Guidance Notes do recognise parent/subsidiary relations and also customer transactions for

Is there a legal requirement for a bank’s external auditor/other external organisation to report on the bank’s AML systems and controls?

There is no legal requirement for the bank’s external auditor or any other external organisation to report on the bank’s AML systems and controls. However, per Section 13 (1) (e) (iii) of the Banks and Trust Companies Law (2013 Revision) if an auditor, in the course of carrying out an audit on the accounts of a licensee, obtains or suspects that the licensee is carrying on or attempting to carry on business without compliance with the Money Laundering Regulations (2013 Revision), the auditor shall give the Authority written notice of his information or suspicion and in the case of suspicion, his reason for that suspicion.

If an external report on the bank’s AML systems and controls is required: a) how frequently must the report be provided?

N/A

To whom should the report on AML systems be submitted?

N/A

Is an AML system part of the financial statement audit?

N/A

What are the requirements for the content of this external report on a bank’s AML systems and controls? Does it require: a) sample testing of KYC files? b) sample testing of SAR reports? c) examination of risk assessments?

N/A

Data Protection Laws And Personal Data

Yes, data protection specifically is covered by the Electronic Transactions Law 2000 and more broadly by the Confidential Relationships (Preservation) Law (“CRPL”) (2009 Revision) which is covered in more detail in A32 below: a) the definition of personal data per the Electronic Transactions Law is defined as data which relate to a person who can be identified from those data; or from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller. Thus the definition covers all data related to a person which infers coverage of KYC material

Data Protection for Corporate Data

the above Law does not specifically address corporate data, however Section 26 (1) b states that information which relates to the private affairs of any individual or to any particular business shall

Data protection for "sensitive Data" and additional protections.

no separate definition of sensitive data exists.

Do any restrictions on the transfer of credit reports exist?

Yes, the CRPL was originally enacted in 1976 to protect business dealings and impose strict penalties on those disclosing confidential information unlawfully. The CRPL defines confidential information as including information concerning any property which the recipient thereof is not, other than in the normal course of business, authorised by the principal to divulge. Property includes every present, contingent and future interest or claim direct or indirect, legal or equitable, positive or negative, in any money, money’s worth, real estate etc. and all documents and things evidencing or relating thereto. Therefore, pursuant to the CRPL, divulging any confidential information otherwise than as expressly permitted by the Law is a criminal offence.

Regulator Acronym

CIMA

Year of last FATF mutual evaluation

2012

Field 67

financial institutionbusiness transaction

Passport Photo

practical Guidance yes / no

Is there a risk based approach

Legal Requirement

Requirement to proceed

requirement to use automated suspicious transaction tools

Who are SARS made to?

FRA

shell banks

Yes

EDD for correspondent banking

PDF of case law

Minimum transactions

KYD 15,000

Min transaction USD

20000

Personal Data protection

Personal Data Protection Act

http://www.icta.ky/upimages/commonfiles/1417632814CIElectronicTransLaw.pdf

If the AML laws and/or regulations became effective in the last 2 years, what were the requirements of the previous AML regime?

N/A

Non financial sector (e.g. casinos, high value goods etc.)

N/A

Does the country have a risk based approach?

Yes, a risk based approach is facilitated both by way of certain exemptions for particular products, and an explanation within the Guidance Notes that a risk based, rather than a 'tick box' approach, should be adopted.

Where copies of identification documentation are provided, what are the requirements around independent verification or authentication?

Documents must be originals, notarised or certified copies. Examples of suitable certifiers are lawyers, accountants, notary publics or civil servants

Is there case law, other constitutional law or any other laws or regulations that may impact upon the transfer of information to this jurisdiction?

There are several cases in the Cayman Islands on the application of CRPL, namely: a) Gippetti v Cayman National Bank 2006 CILR Note 32; b) Ansbacher (Cayman) Limited (Grand Court) 2001 CILR 214; and c) Corporacion Nacional Del Cobre de Chile (In re Codelco) 1999 CILR 42. Further, the Cayman Islands has entered into various Tax Information Exchange Agreements (“TIEAs”) or Bilateral Agreements and Arrangements with 36 governments, therefore it is possible that in instances where there are no TIEAs in place between a country and the Cayman Islands, this may impact transfer of information. In addition, Cayman has entered into a multilateral agreement, along with representatives from more than 50 jurisdictions, and implemented the Common Reporting Standards by introducing legislation and regulations effective 16 Oct 2015. The first reporting to the regulator by industry under the regulations is due 31 May 31 2017.

List of case law, constitutional law or any other laws or regulations that may impact upon the transfer of information.

Yes, the CRPL as stated above codifies the common law duty of confidentiality owed by a bank to its customers and extends it to other professional relationships. Further, certain information in relation to companies under the Companies Law is confidential in the Cayman Islands. Exempted companies are required by Section 44 of the Companies Law to maintain a register of members at the registered office of the company, but this is not open to public inspection.