Implementing framework to comply with CIMA’s Corporate Governance Rule and to go through a CIMA on-site Inspection

The Cayman Islands, renowned as a global financial hub, hosts a diverse array of financial institutions and entities engaged in banking, insurance, investment management, and other financial services. To maintain its stature and protect its reputation, the Cayman Islands Monetary Authority (“CIMA”) has been conducting regular on-site inspections of regulated entities including SIBA Registered Persons (e.g. Investment Managers and Investment Advisors) and Investment Funds. In those inspections, CIMA seeks to assess both the (i) AML compliance framework, and (ii) the corporate governance framework of the regulated entity.

As of October 2023, CIMA has enacted the Rule on Corporate Governance (the “Rule”), making it mandatory for all CIMA regulated entities to implement a robust corporate governance framework as soon as practicable. This framework must be proportionate to the entity’s size, complexity, and risk profile. See CIMA Rules and Guidance on Corporate Governance for Regulated Funds.

CIMA now expects an entity to maintain full and active governance oversight from its boards or governing bodies. An entity that fails to meet the minimum requirements (as set out below) are now exposed to immediate enforcement actions and a reputational fallout. Failure to implement a corporate governance framework constitutes a deficiency in regulatory obligations and may result in immediate enforcement action or monetary penalties without prior notice.

CIMA inspections aim to assess and ensure that regulated entities adhere to the relevant Cayman Islands laws, regulations, rules, and best practice guidance provided by CIMA. The inspections focus on evaluating the effectiveness of a regulated entities’ risk management systems, internal controls, and governance structures. CIMA’s report from the inspection will identify potential areas of non-compliance or weaknesses and then CIMA will make recommendations as to remedial actions to be taken and the regulated entity and/or observations on matters which should be changed to adhere more consistently with best practice.

All regulated entities are expected to implement a governance framework that includes:

1. A qualified, accountable, and independent governing body
2. Clear risk management and internal control systems including a (i) Corporate Governance Manual, and (ii) Conflicts of Interest Policy
3. Documented decision-making processes including Board Meeting Minutes that detail thorough corporate governance discussions
4. Ongoing oversight of financial reporting and disclosures
5. Timely, transparent communication with CIMA

Regulated entities that continue operating without a governance structure are operating in breach of the Rule.

Under the Monetary Authority Act (2020 Revision), CIMA is required to actively monitor and enforce compliance and the on-site inspections that CIMA is undertaking is a key part of this process. Entities that are non-compliant are at risk of the following consequences:

1. Financial Penalties:
   1. Corporate entities: Up to US$1,219,512 per breach.
   2. Individuals in positions of responsibility: Up to US$121,951 per breach.

Cumulative penalties may apply for multiple or ongoing breaches.

   b. Enforcement Orders and Business Disruption:

1. 1. Compulsory corrective directives.
   2. Suspension or revocation of licenses.
   3. Prohibition from conducting regulated business.

   c.  Legal Intervention: 

1. 1. Appointment of third-party controllers or advisors to oversee business functions.
   2. Application to the Grand Court for entity winding-up or other injunctive relief.
   3. Litigation risk from stakeholders for breach of fiduciary duty or negligence.

An absence of an implemented governance framework is not only a compliance deficiency— it may also result in a regulatory breach.

Your regulated entity must take immediate steps to assess and address compliance gaps, which may include taking the following active steps:

1. Conducting a corporate governance gap analysis.
2. Formalizing governance roles and responsibilities.
3. Establishing a compliant board or governing body.
4. Implementing documentation and reporting protocols.
5. Preparing for potential regulatory inquiries or inspections.

Delaying the implementation of a robust corporate governance framework for your regulated entity could place it at real risk of being fined by CIMA as well as reputational and other risks outlined above.

Our experienced Legal and Compliance Team provide a full comprehensive suite of services to assist with implementing a robust corporate governance framework by drafting policies and procedures and providing regular training to the regulated entity. We also advise with the CIMA inspection process, including (i) pre-inspection review, commentary, and updating of compliance documents, (ii) drafting compliance policies and procedures, (iii) attending CIMA inspection calls, (iv) dealing with the remedial actions recommended after the issue of the CIMA report.

View Full PDF

This publication is not intended to be a substitute for specific legal advice or a legal opinion. For specific advice on the matters covered above, please contact your usual Loeb Smith attorney or any of the following: 

E: gary.smith@loebsmith.com
E: robert.farrell@loebsmith.com
E: elizabeth.kenny@loebsmith.com
E: vanisha.harjani@loebsmith.com
E: vivian.huang@loebsmith.com
E: faye.huang@loebsmith.com
E: yun.sheng@loebsmith.com