In the last 18 months, the Cayman Islands has made key legislative updates to boost both its AML and Data Protection regimes in the form of a 2017 revision of Anti-Money Laundering Regulations and the passing of the Data Protection Law (“DPL”).
Upon reading the new legislation, you would be forgiven for experiencing a sense of ‘déjà vu’ as these key updates closely echo well established AML guidance in the UK and Channel Islands alongside recent developments in the European data protection framework (GDPR). The DPL is specifically designed in line with GDPR to ensure that all personal data can flow freely between EU member states and Cayman as an ‘equivalent jurisdiction’.
Data Protection Law:
For those familiar with GDPR, the core requirements of the DP law will be very familiar, such as:
- Appropriate technical and organisational measures to securely process data;
- The “Right to Be Forgotten”; and
- Mandatory breach notifications to the regulatory authority and affected data subjects
There are a few nuances of note in the DP law however, relative to GDPR. For example:
- Consent can be implied from the actions of the data subject rather than being expressly written
- Data Controllers are not required to appoint an official Data Protection Officer (DPO) within the organisation although this is the recommended best practice
Significant changes in Cayman AML framework
Similar to the DP law, the main changes in the Cayman AML framework also echo growing international standards.
- Coordination of a risk based approach to Anti Money Laundering and Terrorist Financing
- Expansion of mandatory procedures in the areas of client identification and verification
- Expansion of enhanced due diligence processes and simplified due diligence measures
- Additional requirements with respect to Politically Exposed Persons (“PEPs”)
- New provisions relating to internal and external reporting together with the appointment of a Money Laundering Reporting Officer and deputy
So how does this affect fund managers?
These changes effectively bring Cayman domiciled funds into line with European KYC requirements. Nothing outlined in the legislation goes beyond what is typically found in other equivalent jurisdictions but the mandatory appointment of an MLRO now ensures that these rules must be applied in practice.
At the same time, Cayman continues to strive for stricter data privacy requirements while also advocating an open register of beneficial ownership, in line with other Crown Dependencies and equivalent jurisdictions. In practice this means that many fund managers will have to review their existing KYC, appoint a local Cayman MLRO and introduce a new investor onboarding process.
So what’s the good news?
Simply put, The ID Register allows you to seamlessly manage both risks by putting your data subjects back in control of their information whilst at the same time allowing you to meet your regulatory requirements regarding KYC and FATCA-CRS.
The ID Register gives the investor control over their personal data including with whom it is shared. Fund managers and administrators then subscribe to the live data of their investors rather than having to collect, store and refresh it.
The ID Register has well established risk based procedures to identify and verify the ultimate beneficial owners and controllers of legal persons, screen for Politically Exposed Persons (PEPs) and to apply enhanced due diligence measures in line with Financial Action Task Force guidelines, Cayman Islands Monetary Authority regulations and international best practice.
The ever evolving landscape of anti money laundering and data protection laws around the world represent the shift of regulatory focus towards the identification and verification of ultimate beneficial owners and controllers and the responsibility of organisations to protect personal data. The ID Register offers an effective solution that puts investors back in control of their own data while simultaneously providing a faster and more efficient method of complying with KYC, FATCA / CRS and fund subscription requirements, keeping your firm ahead of the regulatory curve.