Global Regulations and Requirements for KYC Onboarding
(powered by KYCC small icon KYC-Chain)

Contact us

passportaddressdriving licensepublic utility billsource of income
Memorandum&Articles of Associationcertificate of incorporationregister of membersdirectors and officers, authorised signatory lists
Documento Nacional de Identidad
1996. However the Proceeds of Crime Law, enacted into legislation in Sept 2008, repealed the previous Anti Money Laundering Law (the Proceeds of Criminal Conduct) in order to bring harmonisation with all other laws that could encompass money laundering. Additionally, and as a result of the introduction of the Proceeds of Crime Law, the Money Laundering Regulations (2015 revision) and the Guidance Notes (“Guidance Notes”) on the Prevention & Detection of Money Laundering in the Cayman Islands (Aug 2015 revision) were also amended.
The regulator for AML controls is the Cayman Islands Monetary Authority (“CIMA”)
Yes, CIMA has issued the Guidance Notes
The country was subject to an IMF inspection in 2009
Yes, customer due diligence is not required for one-off transactions of less than KYD15,000 (approx. USD20,000).
Individuals: certified photo identification (usually passport); verification of residential address (driving licence or utility bill etc.); source of funds and understanding of source of wealth.
Corporates: must identify the company, its directors and beneficial owners of 10% or more of the company's holdings. Company items such as Memorandum and Articles of Association, Certificate of Incorporation, register of members, directors and officers, authorised signatory lists, financial statements etc. are required on acceptance of new business. Further, due diligence on at least two directors and due diligence on beneficial owners of greater than 10% as described for individuals or 'natural persons' as above.
All beneficial owners of 10% or greater of a company's holdings must be identified/verified. Beneficial owners below 10% should be identified if the entity appears structured to avoid this requirement. Note
Local guidance includes information on enhanced due diligence for PEPs, high risk countries or other higher risk businesses, such as not for profit associations (including charities).
Local guidance requires senior management approval, reasonable measures to establish source of wealth and funds and enhanced ongoing monitoring.
No enhanced due diligence measures required for regulated correspondent banking relationships (see also response to A16 below).
The Money Laundering Regulations (2015) Revision state that no person conducting relevant financial business should form a business relationship or carry out a one-off transaction, with any institution that has no physical presence in the territory in which it is incorporated or in which it is carrying on such business and is unaffiliated with a regulated financial group that is subject to consolidated supervision. Further clarification on correspondent banking relationships with shell banks is provided in the Money Laundering Guidance Notes
In response to a recommendation from the CFATF (“Caribbean Financial Action Task Force”) during their 2007 evaluation of the Cayman Islands’ money laundering regime, the Guidance Notes on Money Laundering have been amended to indicate that financial institutions should have policies and procedures in place to address any specific risks associated with non-face-to-face business relationships or transactions.
Financial Reporting Authority (“FRA”)
Other than SARs, payment service providers are required to report to the FRA if they restrict or terminate business relationships with its payee service providers due to the payee service provider regularly
KYD15,000 (approx. USD20,000).
Yes, per section 139 of the Proceeds of Crime Law, a person is guilty of an offence if they know or suspect that a report is about to, or has been made and discloses to any other person information which is
No. While the use of automated mechanisms to monitor suspicious transactions is suggested by the Guidance Notes as best practice, it is recognised that this may not be cost effective for all companies. As such there is no legal or regulatory requirement to use automated suspicious transaction monitoring technology.
There is no requirement to obtain authorisation from the FRA to proceed with a current/ongoing transaction that is identified as suspicious unless criminal proceedings have commenced and the matter
There is no explicit direction in local legislation on monitoring transactions outside the jurisdiction. However the Guidance Notes do recognise parent/subsidiary relations and also customer transactions for
There is no legal requirement for the bank’s external auditor or any other external organisation to report on the bank’s AML systems and controls. However, per Section 13 (1) (e) (iii) of the Banks and Trust Companies Law (2013 Revision) if an auditor, in the course of carrying out an audit on the accounts of a licensee, obtains or suspects that the licensee is carrying on or attempting to carry on business without compliance with the Money Laundering Regulations (2013 Revision), the auditor shall give the Authority written notice of his information or suspicion and in the case of suspicion, his reason for that suspicion.
Yes, data protection specifically is covered by the Electronic Transactions Law 2000 and more broadly by the Confidential Relationships (Preservation) Law (“CRPL”) (2009 Revision) which is covered in more detail in A32 below: a) the definition of personal data per the Electronic Transactions Law is defined as data which relate to a person who can be identified from those data; or from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller. Thus the definition covers all data related to a person which infers coverage of KYC material
the above Law does not specifically address corporate data, however Section 26 (1) b states that information which relates to the private affairs of any individual or to any particular business shall
no separate definition of sensitive data exists.
Yes, the CRPL was originally enacted in 1976 to protect business dealings and impose strict penalties on those disclosing confidential information unlawfully. The CRPL defines confidential information as including information concerning any property which the recipient thereof is not, other than in the normal course of business, authorised by the principal to divulge. Property includes every present, contingent and future interest or claim direct or indirect, legal or equitable, positive or negative, in any money, money’s worth, real estate etc. and all documents and things evidencing or relating thereto. Therefore, pursuant to the CRPL, divulging any confidential information otherwise than as expressly permitted by the Law is a criminal offence.
financial institutionbusiness transaction
KYD 15,000
Yes, a risk based approach is facilitated both by way of certain exemptions for particular products, and an explanation within the Guidance Notes that a risk based, rather than a 'tick box' approach, should be adopted.
Documents must be originals, notarised or certified copies. Examples of suitable certifiers are lawyers, accountants, notary publics or civil servants
There are several cases in the Cayman Islands on the application of CRPL, namely: a) Gippetti v Cayman National Bank 2006 CILR Note 32; b) Ansbacher (Cayman) Limited (Grand Court) 2001 CILR 214; and c) Corporacion Nacional Del Cobre de Chile (In re Codelco) 1999 CILR 42. Further, the Cayman Islands has entered into various Tax Information Exchange Agreements (“TIEAs”) or Bilateral Agreements and Arrangements with 36 governments, therefore it is possible that in instances where there are no TIEAs in place between a country and the Cayman Islands, this may impact transfer of information. In addition, Cayman has entered into a multilateral agreement, along with representatives from more than 50 jurisdictions, and implemented the Common Reporting Standards by introducing legislation and regulations effective 16 Oct 2015. The first reporting to the regulator by industry under the regulations is due 31 May 31 2017.
Yes, the CRPL as stated above codifies the common law duty of confidentiality owed by a bank to its customers and extends it to other professional relationships. Further, certain information in relation to companies under the Companies Law is confidential in the Cayman Islands. Exempted companies are required by Section 44 of the Companies Law to maintain a register of members at the registered office of the company, but this is not open to public inspection.