We would like to ensure that you are still receiving content that you find useful – please confirm that you would like to continue to receive ILO newsletters.
05 November 2020
Cayman Islands removed from EU tax list
Anti-money laundering changes in effect
FATCA and CRS portal expected to launch in Q4 with new guidance
New filing requirements for certain Cayman entities
EU-US Privacy Shield data transfers invalid
Over the past quarter, the Cayman Islands enacted a number of changes to laws and regulations which affect, or will affect, Cayman funds. This article is intended as a handy reference guide with respect to the recent changes and updates.(1)
As expected, the European Council announced on 6 October 2020 that the Cayman Islands
The transition period with respect to changes to Cayman's Anti-Money Laundering
The Department for International Tax Cooperation (DITC) has indicated that the transition
As of 1 September 2020, Cayman companies and limited liability companies (LLCs) must
In a recent European Court of Justice judgment, the EU-US agreement for data transfers,
As expected, the European Council announced on 6 October 2020 that the Cayman Islands has been removed from the European Union's list of non-cooperative jurisdictions in tax matters (Annex I). The Cayman Islands' original inclusion in Annex I in February 2020 was at odds with the jurisdiction's long-held commitment to enhancing tax good governance, as evidenced by more than 15 legislative changes since 2018 in line with the European Union's criteria.
Removal from Annex I is therefore a welcome development that corrects this anomaly and ensures that Cayman entities will not be subject to any adverse measures proposed by the European Union for Annex I jurisdictions.
The Cayman government's statement can be read here.
The transition period with respect to changes to the Anti-Money Laundering Regulations (2020 Revision) concluded on 5 August 2020, with the effect that funds can no longer rely on the list of countries (Equivalent Jurisdictions List) maintained by the Anti-Money Laundering Steering Group for anti-money laundering purposes; instead, any person carrying out relevant financial business must carry out their own risk assessment of every country or geographic area in which their customers or applicants for business reside or operate.
Funds, or the service providers upon which the funds rely for the purposes of anti-money laundering compliance, must ensure that they have their own list of relevant jurisdictions which have been assessed and documented as having a 'low degree of risk of money laundering and terrorist financing' (which is likely to be broadly similar to the existing Equivalent Jurisdictions List). The amended Anti-Money Laundering Regulations (2020 Revision) set out the criteria which should be taken into account when making a risk assessment of a country or geographic area. Additional guidance can be found in the Guidance Notes on the Prevention and Detection of Money Laundering and Terrorist Financing in the Cayman Islands (as amended).
It may also be necessary to update a fund's offering documents, subscription documents and anti-money laundering policies and procedures in order to reflect the removal of reliance upon the Equivalent Jurisdictions List and, where applicable, to refer to an updated list of risk-assessed countries. Further, to the extent that there are any jurisdictions which the fund or its relied upon service provider now consider to have a changed status, updates to the selling restrictions within the offering document may be prudent.
When reviewing the policies of a fund, its administrator or its other anti-money laundering services providers (where appointed) to identify whether any changes are required in respect of the fund's anti-money laundering compliance framework to ensure compliance and ensure that robust and well-documented risk assessment systems are in place, it would be prudent to ensure that the fund or service provider (in respect of the fund) is up to date regarding ongoing monitoring and eligible introducer letters, the requirements for which have both seen changes in the past six months.
The Guidance Notes on the Prevention and Detection of Money Laundering and Terrorist Financing in the Cayman Islands (as amended) provide a detailed framework for the ongoing monitoring of business relationships. The two central elements of ongoing monitoring are:
As a practical measure, funds should review their own and their administrators' policies to ensure that they are compliant with all of the requirements in respect of ongoing monitoring.
Any anti-money laundering comfort letters provided by third-party introducers of business (eligible introducers) must state the name of the customer being introduced and the name of the customer's beneficial owners, as determined by reference to the Cayman standard (see below). This should be a particular area of focus where service providers have typically relied upon comfort letters from eligible introducers based in jurisdictions with lesser requirements – particularly the United States. Funds should review their eligible introducer comfort letters to ensure that the additional information is included or otherwise provided to the fund upon introduction. Where such information is not available to the fund or service provider, remediation is appropriate.
Finally, a number of Cayman funds rely on service providers outside the Cayman Islands for anti-money laundering compliance procedures. It is important that where the service provider implements anti-money laundering procedures in accordance with the anti-money laundering regime of a different jurisdiction, the fund has properly considered and documented the risks associated with such reliance. The fund must keep a clear record of how it has become comfortable with such reliance, including by taking into account the aforementioned country risk assessment criteria. The Cayman Islands Monetary Authority (CIMA) previously indicated that when applying the anti-money laundering regime of a different jurisdiction, it was not always necessary to undertake a granular assessment of the differences between specific requirements of such a regime and the Cayman regime. However, under the Anti-Money Laundering Regulations (2020 Revision) and the Guidance Notes on the Prevention and Detection of Money Laundering and Terrorist Financing in the Cayman Islands (as amended), CIMA requires that for the purposes of identifying the beneficial owners of customers or applicants for business, a 10% threshold (Cayman standard) must be applied, even if an overseas service provider is subject to a different anti-money laundering regime which may permit a higher threshold. Funds and their anti-money laundering officers should liaise with overseas service providers to ensure that the Cayman standard is applied in all cases when carrying out identification and verification of beneficial owners. It is advisable to review nominee and third-party introducer arrangements to ensure that the nominees and introducers are also applying the Cayman standard in respect of know-your customer checks carried out on underlying clients.
The DITC has announced that it anticipates launching its new online portal (DITC Portal) for registration (notification) and reporting purposes in the coming weeks. This will replace the previous Cayman AEOI Portal. The DITC Portal is designed to improve the overall experience for users, including providing for bulk reporting and bulk user changes and expanding the reporting capabilities beyond reporting under the FATCA and the CRS to incorporate other regulatory frameworks, such as economic substance and country-by-country reporting.
Cayman financial institutions that have been unable to make any notifications, filings or updates while the AEOI Portal has been offline are encouraged to make their filings as soon as possible once the DITC Portal is launched. The FATCA and CRS reporting deadline for the 2019 reporting period is currently 16 November 2020, although this may be further extended depending upon the launch date of the DITC Portal. The 2020 deadline for the submission of the new CRS compliance form is 31 December 2020.
Entities that must meet an economic substance test under Cayman's economic substance legislation and submit an economic substance return in respect of a financial year commencing 1 January 2019 must do so on or before 31 December 2020, also through the DITC Portal. Investment funds and entities through which investment funds directly or indirectly invest or operate and Cayman exempted limited partnerships and trusts are not relevant entities under the economic substance legislation and need not comply with the economic substance test or submit an economic substance return.
Amendments to the Companies Law (Revised) and the Limited Liability Companies Law (Revised) have come into force requiring the registrar of companies to maintain a register which includes certain prescribed information in respect of all Cayman companies and LLCs. This prescribed information is publicly available online upon payment of a fee of US$61.
In relation to Cayman companies, most of the prescribed information is statutory information which would be found in the company's memorandum of association, such as details of registered office, authorised share capital and company number. However, companies (including LLCs) will now be required to file details of their 'nature of business' from a prescribed list of activities (eg, regulated mutual fund or registered private fund), together with details of their year end. For newly formed companies, this information will be collected upon incorporation and, with respect to the nature of business, updated annually via the annual return submitted to the registrar. No action is required at this time for existing entities.
The Exempted Limited Partnership Law (Revised) has long contained a requirement that the registration statement of a Cayman exempted limited partnership (ELP) include information regarding the general nature of the business and, from 1 September 2020, the registrar has required that an ELP identify its nature of business by selecting from the same list as is available for Cayman companies and LLCs. Similarly, the registrar is also collecting information on the nature of business of foreign companies registered in the Cayman Islands upon registration (and is expected to request this information in annual returns).
In a recent European Court of Justice judgment, the EU-US Privacy Shield was struck down. The Privacy Shield sought to establish a framework for the export of data from the European Union to the United States, notwithstanding that the United States was not a jurisdiction which had obtained an adequacy decision from the European Union.
The Cayman Islands Data Protection Law 2017 imposes restrictions on the transfer of personal data to countries or territories which have an inadequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. For the purposes of these restrictions, EU member states, together with jurisdictions in respect of which the European Union has made an adequacy decision, are automatically deemed to have an adequate level of protection.
While the Privacy Shield did not have direct relevance under the Data Protection Law 2017, guidance for data controllers issued by the Cayman Islands Ombudsman noted that self-certification under the Privacy Shield may be taken into consideration as a positive factor when assessing the recipient of personal data under the Ombudsman's general authorisation for the transfer of personal data. While there has been no formal update to the relevant guidance, it is not yet clear whether this still holds true in light of the European Court of Justice decision and, accordingly, increased caution may be appropriate for data controllers under the Data Protection Law 2017 seeking to export data to the United States. In particular, such data controllers should ensure not only that there are standard contractual clauses (SCCs) regarding cross-border data transfer in place as between exporter and importer which replicate the EU SCCs (or any SCCs published by the Ombudsman in due course), but also that they have carried out an assessment to determine that adequate safeguards have been implemented at the US-based importer to provide an adequate level of protection in respect of the relevant personal data. This may result in the need to upgrade SCCs and establish supplementary measures.(2)
For further information on this topic please contact James Bergstrom, Joanne Huckle, Justin Savage or Dave Sherwin at Ogier by telephone (+1 345 949 9876) or email (firstname.lastname@example.org, email@example.com, firstname.lastname@example.org or email@example.com). The Ogier website can be accessed at www.ogier.com.
(2) For further information see "EU-US Privacy Shield declared invalid – what's next?"
Angus Davison, partner, Bradley Kruger, partner, Nick Rogers, partner, Giorgio Subiotto, partner, Kate Hodson, partner and head of ESG funds, Nicholas Plowman, partner, and Praajakta Pargaonkar, senior associate, contributed to the preparation of this article.
The materials contained on this website are for general information purposes only and are subject to the disclaimer.
ILO is a premium online legal update service for major companies and law firms worldwide. In-house corporate counsel and other users of legal services, as well as law firm partners, qualify for a free subscription.