Cayman Islands funds – CIMA regulatory measures update

The Cayman Islands Monetary Authority (CIMA) has recently issued certain updated and new regulatory measures for regulated entities. See below for a summary of how these measures will impact regulated Cayman Islands funds.

Introduction

Several Rules and Statements of Guidance (SoGs) were gazetted in the Cayman Islands on 14 April 2023, as listed below together with confirmation of their current status:

New regulatory measures

• Rule and Statement of Guidance - Internal Controls for Regulated Entities: Effective October 2023
• Rule - Corporate Governance for Regulated Entities: Effective October 2023

Updated regulatory measures

• Statement of Guidance – Corporate Governance for Mutual Funds and Private Funds: In effect
• Statement of Guidance - Outsourcing - Regulated Entities: In effect
• Statement of Guidance – Nature, Accessibility and Retention of Records: In effect
• Rule – Cybersecurity for Regulated Entities: In effect
• Statement of Guidance – Cybersecurity for Regulated Entities: In effect

A Rule is a directive issued by CIMA creating binding obligations on those regulated entities within the remit of that regulatory measure. A breach of a Rule may lead to the imposition of a fine or regulatory action being taken by CIMA. An SoG is intended to assist regulated entities to comply with the applicable regulatory requirements and is used as a measure against which CIMA addresses compliance by a regulated entity with those requirements.

All regulatory measures referred to in this Update can be found on CIMA's website.

Impact on investment funds

General – New regulatory measures

The two new regulatory measures are not yet in effect and will take effect 6 months from publication on 14 April 2023; ie, on 14 October 2023.

Both new regulatory measures recognise that the relevant requirements are subject to proportional application, which may reflect the outsourcing of some functions to service providers, reliance on group-wide internal controls systems and the size, complexity, nature of business and risk appetite of the regulated entity. However, regulated funds should review these requirements to ensure that an appropriate compliance framework is put into place prior to the effective date.

Internal Controls

The new Rule and SoG on Internal Controls will apply to both regulated mutual funds (including master funds) and private funds, as well as to all other entities regulated under the Cayman Islands 'regulatory acts', including banks, company managers, insurers, mutual fund administrators, trust companies, virtual asset service providers and entities regulated under the Securities Investment Business Act.

The rules and guidelines set out in this regulatory measure are broken down into two parts; Part I applies generally to all regulated entities and Part II provides sector-specific requirements for trust companies, company managers, corporate services providers, and securities investment business. The five fundamental components of an internal controls framework applicable to all regulated entities, as set out in Part I, are:

• the control environment (ie, the standards, processes and structures which facilitate effective internal control across an organization);
• risk identification and assessment;
• control activities (ie, those activities and structures which mitigate risks) and segregation of duties;
• information and communications; and
• monitoring activities and correcting deficiencies in internal controls.

Corporate Governance

The new Rule on Corporate Governance will, again, apply to all regulated entities in Cayman, including both regulated mutual funds (including master funds) and private funds.

This Rule requires regulated entities to establish, implement and maintain a corporate governance framework which addresses the following elements, at a minimum:

• the objectives and strategy of the regulated entity;
• the governance structure of the entity's governing body or operators (ie, the board of directors, general partner, or trustee(s));
• appropriate allocation of oversight and management responsibilities;
• independency and objectivity;
• collective duties of the governing body and duties of individual directors of the governing body;
• risk management and internal controls systems;
• conflicts of interest and codes of conduct;
• remuneration policy and practices;
• reliable and transparent financial reporting;
• transparency and communications;
• duties of senior management (if any); and
• relations with CIMA.

This Rule requires that the operators of a regulated fund must meet at least once a year. This will be a new requirement for private funds, whereas the requirement previously applicable to regulated mutual funds was to have at least two meetings per annum. It is imperative that the governing body of a regulated fund engages with the fund's service providers both at scheduled meetings and on an ongoing basis, and that the meetings are appropriately documented.

Updated regulatory measures

The updated regulatory measures have not introduced significant changes, other than the extension of the SoG relating to Corporate Governance to cover private funds, which was not previously the case. In particular, the Rule and SoGs relating to Cybersecurity and Outsourcing are not applicable to private funds or regulated mutual funds.

The SoG – Corporate Governance – Mutual Funds and Private Funds aims to provide regulated funds with guidance as to CIMA's minimum expectations for sound and prudent governance.

Solutions and next steps

Mourant can advise on the best way to ensure compliance with the new regulatory measures ahead of the October 2023 deadline. Possible solutions include:

• the adoption of a compliance manual created specifically for investment funds;
• the provision of internal controls and compliance training and advice;
• the provision of local compliance support to assist with risk assessments and their documentation; and/or
• the provision of board support services.

For more information or assistance, please reach out to your usual Mourant contact or one of the key contacts provided on this page.