Money laundering is the process by which the proceeds of crime are channelled through the economy/financial system in a way which is intended to conceal the true origin and ownership of the proceeds of criminal activity. The Proceeds of Crime Act (the PC Act), the Terrorism Act and the supporting Anti-Money Laundering Regulations (Revised) (the Regulations) are the main pieces of legislation in the Cayman Islands aimed at combating money laundering, proliferation financing and terrorist financing. Under these laws, those persons carrying out "relevant financial business" (referred to as financial service providers or FSPs) must apply a risk based approach to anti-money laundering, proliferation financing and terrorist financing (together, AML) compliance.

The PC Act requires that FSPs have a "nominated officer" in place for the purpose of receiving reports relating to criminal conduct, with the Regulations creating the roles of the Money Laundering Reporting Officer (MLRO), Deputy Money Laundering Officer (DMLRO) and AML Compliance Officer (AMLCO). Accordingly, natural persons must be appointed as the MLRO, DMLRO and AMLCO for all FSPs, including investment funds.

The Regulations and Guidance Notes on the Prevention and Detection of Money Laundering and Terrorist Financing in the Cayman Islands (and amendments) (Guidance Notes) published by the Cayman Islands Monetary Authority (CIMA) set out more details on each of these roles and functions.

Under the Regulations each person carrying out relevant financial business must designate a person at management level as their MLRO, to whom suspicious activity reports (SARs) must be made. The MLRO should be someone who is well versed in the business of the FSP which may give rise to opportunities for money laundering, proliferation financing or terrorist financing. A DMLRO must also be appointed to perform the MLRO’s functions in their absence. The DMLRO should be a staff member of similar status and experience as the MLRO.

The Guidance Notes provide that the MLRO should:

• Be a natural person
• Be autonomous, meaning the MLRO is the final decision maker as to whether to file a SAR
• Be independent, meaning no vested interest in the underlying activity
• Have access to all relevant material in order to make an assessment as to whether an activity is or is not suspicious

The primary duties of the MRLO (or the DMLRO in their absence) are to:

• Receive reports of any information or other matter which comes to the attention of a person carrying out relevant financial business, which gives rise to an actual knowledge or suspicion of money laundering, proliferation financing or terrorist financing
• Consider and investigate such reports in light of all other relevant information to determine if the information or other matter gives rise to such knowledge or suspicion
• Have access to other information which may assist in considering such report
• Make prompt disclosures to the Financial Reporting Authority (FRA) in the standard SAR form if after considering a report there is knowledge or a suspicion of money laundering, proliferation financing or terrorist financing
• Establish and maintain a register of money laundering, proliferation financing or terrorist financing reports made by staff
• Maintain a register of reports to the FRA

As the types of transactions which may be used by money launderers are unlimited it is difficult to define a suspicious transaction. The Guidance Notes are instructive in that they differentiate between "unusual" and "suspicious" transactions, as set out below.

"Unusual"

Where a transaction is inconsistent in amount, origin, destination, or type with a customer's known, legitimate business or personal activities, the transaction must be considered "unusual", and the staff member put on enquiry.

"Suspicious"

Where the staff member conducts enquiries and obtains what they consider to be a satisfactory explanation of the complex or unusual large transaction, or unusual pattern of transactions, they may conclude that there are no grounds for suspicion, and therefore take no further action as they are satisfied with matters. However, where the staff member’s enquiries do not provide a satisfactory explanation of the activity, they may conclude that there are grounds for "suspicion" requiring disclosure and escalate the matter to the MLRO/DMLRO.

The PC Act includes an offence directed solely at the failure by the MLRO/DMLRO to disclose to the FRA that they suspect or know that another person is engaged in criminal conduct. The penalty for this offence is a fine and/or imprisonment for up to five years. MRLOs should be aware that the PC Act protects whistleblowers and that reporting suspicious activity to the FRA will not give rise to any civil liability (legal, administrative or employment-related) and it does not constitute a breach of the duty of confidentially under Cayman Islands law.

The PC Act, Regulations and Guidance Notes expand the degree of compliance management expected from FSPs. To manage these expectations effectively, the Regulations require FSPs to designate a natural person at managerial level as the AMLCO. The AMLCO’s duties are to ensure that measures are adopted by the FSP to comply with the Regulations, to oversee the compliance function and to be the point of contact with the Cayman Islands regulatory authorities under the Regulations. The Guidance Notes confirm that the AMLCO can also act as the MLRO, provided they are competent and have sufficient time to perform both roles efficiently.

The AMLCO should:

• Have sufficient skills and experience
• Report directly to the FSP's board of directors or equivalent (Board) and have sufficient seniority and authority so that the Board reacts to and acts upon any recommendations
• Have regular contact with the Board so that the Board is able to satisfy itself that its statutory obligations are being met and that sufficiently robust measures are being taken to protect itself against money laundering, proliferation financing and terrorist financing risks 
• Have sufficient resources, time and support to carry out the role, as well as unfettered access to all business lines and information necessary to perform the function
• Develop and maintain internal AML systems and controls in line with evolving requirements
• Ensure regular audits of the internal AML programme
• Maintain logs required, including of declined business, politically exposed persons and requests from competent authorities
• Advise the Board on compliance issues and report periodically to the Board on the FSP’s systems and controls
• Respond promptly to requests from relevant authorities

The Guidance Notes do permit the specific delegation or outsourcing of the performance of certain AML obligations, such as client due diligence, provided that:

• Suitable natural persons have first been appointed to the roles of AMLCO, MLRO and DMLRO
• Before entering into an outsourcing arrangement, the FSP assesses associated risks, including country risk, and concludes that those risks can be effectively managed and mitigated. The FSP should also have a contingency plan if the service provider fails to perform the outsourced activities
• The FSP conducts due diligence on the proposed service provider and ensures that it is fit and proper to perform the outsourced activities
• The outsourcing agreement clearly sets out the obligations of both parties and includes an obligation on the service provider to file a SAR with the FRA if suspicious activity occurs
• If the service provider operates from a jurisdiction outside the Cayman Islands in which any aspect of AML standards are lower than those of the Cayman islands, the service provider should adopt Cayman AML standards in that regard he FSP has access to all the relevant information or documents maintained by the service provider and all books and records on the outsourced activity are readily accessible to CIMA
• The AMLCO receives regular AML reports and reports on downstream investment activity from the relevant service provider

The Guidance Notes require the AMLCO to ensure that regular audits of the AML program are conducted. The frequency of such audits will depend on the FSP’s nature, size, complexity and risks identified. Audits should test the overall integrity and effectiveness of the systems and controls in place, including audits to:

• Assess the adequacy of internal policies and procedures, including client due diligence, record keeping, transaction monitoring and third party relationships
• Test compliance with the AML laws and regulations
• Test transactions, with an emphasis on high-risk areas, products and services
• Assess employees' knowledge of laws and internal policies and procedures and the adequacy of relevant training programmes
• Assess the FSP’s process of identifying suspicious activity

If the FSP has staff, the key to effective compliance management is ensuring that staff are fully aware of their AML obligations, can recognise suspicious activity and act on it in the proper manner. The Guidance Notes recommend the following:

• Staff screening, the scope of the screening should be proportionate to the potential risk associated with money laundering, proliferation financing or terrorist financing for the FSP’s business and the risks associated with individual positions
• Initial and at least annual refresher training of staff on how to recognise suspicious activity, the results of the FSP’s risk assessments, the systems, policies and programmes they need to follow and the criminal offences that will be committed if they breach the legislation
• General AML training for all new staff as part of their introduction to the FSP
• Tailored training for operations staff, supervisors and managers
• Ongoing in-depth training for the MLRO, DMLRO and AMLCO on all aspects of the AML laws and internal policies

Although the Guidance Notes support the Regulations, they are regarded as mandatory, as CIMA must take into account any applicable supervisory or regulatory guidance if they exercise any of their enforcement powers for breach of the Regulations. It is therefore prudent to approach the Guidance Notes as if they have the force of law.

Under the Monetary Authority Act, CIMA has the power to impose administrative fines up to CI$1 million (US$1,219,500) for each breach of the Regulations, depending on whether the breach is classed as being minor, serious or very serious.

FSPs, their AMLCO, MLRO and DMLRO need to be fully aware of their responsibilities, obligations and potential liability under the Cayman Islands AML regime. Failing to report knowledge or suspicion of money laundering, proliferation financing or terrorist financing, and failing to have suitable procedures in place for internal control and communication, are serious criminal offences and breach of the Regulations can also be penalised by substantial fines imposed by CIMA.