For a better experience on Cayman Islands Monetary Authority, update your browser.

Non-Face-to-Face Customer Due Diligence Measures

Supervisory Information Circulars
Date: Thu, 09 November 2023

The Cayman Islands Monetary Authority (“the Authority”) has recently (August 2023) amended its Guidance Notes on the Prevention and Detection of Money Laundering, Terrorist Financing in the Cayman Islands (“Guidance Notes”) to incorporate e-KYC and remote CCD/ongoing monitoring provisions. This Supervisory Circular sets out the background to these amendments and highlights the key changes.

Background

The Authority has received multiple queries from financial service providers (“FSPs”) on whether CIMA’s AML/CFT/CPF supervisory framework allows for technological solutions for remote/virtual/non-face-to-face onboarding and ongoing CDD.

Sections 12(1)(a) of the Anti-Money Laundering Regulations, 2023 (“AMLRs”) and 4 A 3 (1) of the Guidance Notes require the verification of a customer’s identity to be done using ‘reliable, independent source documents, data or information’. Whilst the Authority’s regulatory approach is one of technology-neutrality, and regulatory requirements apply regardless of the technology involved, the Guidance Notes were expanded to specifically address remote/virtual/non-face-to-face customer onboarding and identity verification.

Key changes to the Guidance Notes

Key changes to the Guidance Notes are set out below. This list is not exhaustive and should not be relied upon in respect of points of law and associated FSP regulatory/supervisory obligations. Reference for that purpose should be made to the appropriate statutory provisions and the Guidance Notes:

Definitions
  • Remote onboarding is defined as the establishment of new business relationships via technology solutions and non-face-to-face means where the customer is not physically present at the place where the relationship is being established (Section 3 B 7).
  • E-KYC is defined as the processes whereby a customer’s identity is verified via electronic means (Section 3 D 13).
  • Video-conferencing is defined as a live, visual, and audio method of communication between two or more remote parties over the internet that  simulates a face-to-face meeting. Notwithstanding, video-conferencing is not considered face-to-face. (Section 3 D 15).
  • Non-face-to-face business relationships is defined as the establishment of business relationships or carrying out transactions where the customer is not physically present at the place where the relationship is being established or transaction is conducted (Section 4 D 18(2)).
Risk Assessment
  • FSPs should assess the ML/TF risks in relation to their delivery channels, including remote onboarding and ongoing monitoring of business relationships (Section 3 B 7 2(d)).
  • Customer identification and verification methods should align with the FSP’s risk assessment of its customers; so the decision to onboard a customer remotely, using e-KYC methods and digital ID technologies, should be dependent on the risks presented and assessed, and, where applicable consider the application of tiered CDD (Section 3 C 7).
  • Where the customer, product, service, or jurisdiction is identified as higher risk for ML/TF, the FSP should conduct additional verification measures to ensure the accuracy of e-KYC procedures (Section 3 C 8).
  • The FSP may also consider not using e-KYC or remote onboarding for the establishment of the business relationship or for performing ongoing CDD but  reverting to face-to-face interactions or reviewing original certified documents, for example (Section 3 C 8).
  • FSPs must carry out formal risk assessments of new e-KYC/digital ID technology (Section 3 D 13-17).
Policies and procedures
  • FSPs should have robust documented policies and procedures in place to ensure a consistent and adequate approach to relying on new digital ID system/technology solutions for CDD purposes. These may include (but are not limited to) (Section 3 G 2):
  • A tiered CDD approach that leverages technology solutions with various assurance levels.
  • Policies for the secure electronic collection and retention of records by the new technology solutions.
  • A process for enabling authorities to obtain from the new technology solutions the underlying identity information and evidence needed for identification and verification of individuals.
  • Anti-fraud and cyber-security processes to support e-KYC/digital ID proofing and/or authentication for AML/CFT efforts.
  • Back-up plans for possible instances where the technology solution fails.
  • A description of risk indicators that would prompt the regulated entity to refrain from utilising remote onboarding/ongoing monitoring measures or perform additional procedures.
  • Procedures for the regular, ongoing review of the effectiveness of systems and processes used.
CDD – For Legal Persons and Arrangements
  • When verifying customers that are corporate legal persons, regulated entities may use publicly available sources, including company registries (Section 4 A 16(d)).
Video conferencing and ‘selfie documents’
  • The use of video-conferencing to onboard customers who are corporate legal persons or legal arrangements (trusts, foundations) may be used to identify natural persons such as directors and officers, ultimate beneficial owners, settlors or grantors, trustees, protectors, enforcers or those appointed to act on behalf of the customer (Section 4 A 17).
  • FSPs who are unable to verify official constitutive or formation documents such as certificates of incorporation, constitution or memorandum and articles of association and trust deeds presented during video-conferencing or via other electronic methods due to unavailability of public sources must seek alternative measures to verify the documentation. This may include obtaining an original certified true copy or accepting soft copies digitally signed by a suitable certifier attesting to the authenticity of the documents (Section 4 A 18).
  • Verification of documents through “selfie” documents, photographs or videos: Photographs should be in colour and clearly show the person’s face, holding the identity document in the same photograph to demonstrate it actually belongs to the customer (Section 4 B 19).
  • A clear scanned copy in colour or photograph of the identity document itself should also be provided. This refers to e-KYC measures outside of digital ID systems, as opposed to ID systems which test the authenticity of ID documents (Section 4 B 19).
Simplified due diligence

FSPs may consider digital ID systems/e-KYC processes with lower levels of assurance to be sufficient for simplified due diligence in cases of low ML/TF risk (Section 5 A 6).

Record keeping

FSPs must also ensure that records of identification data obtained through digital ID systems and e-KYC procedures are easily accessible, maintained and can be made available to competent authorities upon request (Section 8 A 3).

The Authority supports the responsible adoption of remote/virtual/non-face-to-face technologies by FSPs to assist in the mitigation of money laundering, terrorist financing, proliferation financing and targeted financial sanction (ML/TF/PF and Sanctions) risks. Notwithstanding, FSPs must consider the risks associated with remote onboarding and ensure that identified risks are effectively managed. Some FSPs may indeed determine that, based on their business model and assessment of risks, it would not be appropriate to adopt such technological solutions for remote/virtual/non-face-to-face CDD.

For any further queries, please email: ContactAMLCFT@cima.ky

Sign up for our E-alerts

Be the first to know about releases and industry news and insights.