{{ languageVal }}
  • English

Industry Updates

Cayman Islands Monetary Authority Regulatory Measures for Regulated Entities

16 May 2023

On 14 April 2023, the Cayman Islands Monetary Authority ("CIMA") released a series of updated and new regulatory measures for regulated entities.


These new measures include:

  • Rule and Statement of Guidance ("SOG")– Internal Controls for Regulated Entities; and
  • Rule – Corporate Governance for Regulated Entities (together, the "New Measures")

The updated measures include:

  • SOG – Corporate Governance for Mutual Funds and Private Funds;
  • SOG – Outsourcing Regulated Entities;
  • Rule and SOG - Cybersecurity for Regulated Entities; and
  • SOG – Nature, Accessibility and Retention of Records

Together, the "Updated Measures".




The New Measures apply to all entities regulated by CIMA under the 'regulatory acts', as defined within the Monetary Authority Act (As Revised).  This includes licensed (or registered, as applicable) banks, trust companies, building and cooperative societies, insurance companies, money services businesses, mutual funds, private funds, securities investment business operators, company managers and corporate service providers, virtual asset service providers and entities regulated under the Directors Registration and Licensing Act (As Revised).


The Updated Measures continue to apply to the same regulated entities to which they applied previously, with one notable addition.  Private funds are now within scope of the SOG on Corporate Governance that previously applied only to mutual funds (the SOG – Outsourcing Regulated Entities and the Rule and SOG - Cybersecurity for Regulated Entities both expressly exempt private funds and regulated mutual funds).


Effective Dates


The Updated Measures are in effect from 14 April 2023.  The New Measures come into effect six months from the publication date, i.e. on 14 October 2023 (the "Effective Date").


Status of Rules and Statements of Guidance


A Rule is a CIMA directive creating a regulatory obligation and a breach may lead to a fine or regulatory action.  A SOG is a measure for CIMA to assess compliance with a Rule or the law.


Updated Measures


Overall, the Updated Measures do not import any material changes, except that Corporate Governance guidance now applies to private funds, as further discussed below.


Regardless, regulated entities should actively review the Updated Measures to ensure that they are, and remain, compliant with all applicable requirements.


New Rule and Statement of Guidance on Internal Controls


The new Rule and SOG – Internal Controls for Regulated Entities (the "IC Rule and SOG") is divided into two parts.  Part I contains general rules and guidelines for all regulated entities (including regulated mutual funds and private funds) and Part II contains sector specific rules and guidelines, in particular in relation to fiduciary service providers (e.g. trust companies, company managers and corporate services providers) and securities investment business.

The new IC Rule and SOG provides that the governing body of a regulated entity is ultimately responsible for ensuring that an adequate and effective system of internal control is established, documented and maintained.

The five key components that an internal control framework should address are: the control environment; risk identification and assessment; control activities and segregation of duties; information and communications; and monitoring activities and correcting deficiencies.

CIMA recognises that application of these requirements is proportionate and may vary subject to the size, complexity, structure, nature of business and risk profile of the regulated entity.

Delegation to, or reliance on, other service providers through outsourcing arrangements is permitted, as is relying on the internal control systems of other entities within the same group,  subject to such control systems meeting the requirements within the new IC Rule and SOG and generally under Cayman Islands laws and regulations.

The new IC Rule and SOG include a number of documentation and reporting requirements, as well as enhanced risk assessment and response measures for governing bodies, senior managers (where applicable) and those performing control functions.  Regulated entities should carefully examine these requirements in keeping with the size, complexity, structure, nature of business and risk profile of their organisations.

New Rule on Corporate Governance


The new Rule – Corporate Governance for Regulated Entities (the "CG Rule") applies to all regulated entities, including mutual funds and private funds.  Whereas before, corporate governance requirements were largely set out in the form of recommendations within a SOG (except with respect to regulated insurers1), these requirements will amount to a regulatory obligation from the Effective Date.


The new CG Rule requires a regulated entity to establish, implement and maintain a corporate governance framework commensurate with its size, complexity, nature of business, structure, risk profile and its operations.  As is the case with the IC Rule, the CG Rule will also be subject to proportional application.


The corporate governance framework of a regulated entity must address, at a minimum: its objectives and strategies; structure and governance of the governing body; appropriate allocation of oversight and management responsibilities; independence and objectivity; collective duties of the governing body; duties of individual directors; appointments and delegation of functions and responsibilities; risk management and internal control systems; conflicts of interest and code of conduct; remuneration policy and practices; reliable and transparent financial reporting; transparency of communications; duties of senior management; and relations with CIMA.


In addition to enhanced documentation requirements, governing bodies of regulated entities are required to meet, at least annually, to review and revise, as necessary, aspects of their corporate governance and internal control practices and frameworks to ensure there are no gaps in compliance with CIMA's published measures.


Statement of Guidance on Corporate Governance for Mutual Funds and Private Funds


The former SOG for Regulated Mutual Funds – Corporate Governance from December 2013 has now been replaced by the updated SOG - Corporate Governance for Mutual Funds and Private Funds, which has been extended to apply to private funds and is intended to provide specific industry guidance to impacted investment funds with respect to addressing their obligations under the CG Rule.  The nature of the regulatory requirements are largely unchanged, except to import appropriate terminology in relation to private funds, such as references to 'marketing materials' in addition to offering memorandum.  The SOG also replaces previous references to 'Governing Body' with 'Operator', in keeping with the terminology in the underlying Acts.


Although these requirements are largely unchanged, their application to private funds is a new development.


Further Assistance


If you need additional advice relating to your ongoing regulatory compliance obligations, please contact us.  We would be delighted to assist.

1 Insurers regulated under the Insurance Act (As Revised) are currently subject to the Rule – Corporate Governance for Insurers, which came into effect in April 2016. The new Rule introduces enhanced requirements in relation to certain aspects of corporate governance. The new Rule will replace the existing Rule when it comes into effect in October 2023.