On 14th October 2023, new rules and guidance were introduced by the Cayman Islands Monetary Authority (CIMA). The new Rule on Corporate Governance for Regulated Entities (Corporate Governance Rule) and Rule and Statement of Guidance on Internal Controls for Regulated Entities (Internal Controls Rule and SOG).
The key requirements and action points are summarised below.
The Corporate Governance Rule
The Corporate Governance Rule applies to the governing body (board, general partner, manager or board of trustees, as applicable) of all CIMA regulated entities and provides that an entity’s corporate governance framework should be commensurate with the size, complexity, structure, nature of business and risk profile of its operations.
A regulated entity must establish, implement, and maintain a corporate governance framework which provides for sound and prudent management oversight of the regulated entity’s business and protects the legitimate interests of relevant stakeholders.
At a minimum, the governing body is responsible for documenting and implementing a corporate governance framework that addresses the following:
Objectives and Strategies of the Regulated Entity;
Structure and Governance of the Governing Body;
Appropriate Allocation of Oversight and Management Responsibilities;
Independence and Objectivity;
Collective Duties of the Governing Body;
Duties of Individual Directors of the Governing Body;
Appointments and Delegation of Functions and Responsibilities;
Risk Management and Internal Control Systems;
Conflicts of Interest and Code of Conduct;
Remuneration Policy and Practices;
Reliable and Transparent Financial Reporting;
Transparency and Communications;
Duties of Senior Management; and
Relations with CIMA.
Documentation: In order to demonstrate effective compliance, it will be necessary to ensure that documentary records, policies, procedures, agreements and minutes are kept. It is recommended that the governing bodies of regulated entities understand their obligations and review their existing corporate governance and internal controls frameworks.
Meetings: The governing body is required to meet at least once per year to review the regulated entity’s strategic objectives and policies and the composition of the governing body itself, including the completion of performance self-assessments. The governing body should also review the implementation of internal controls, risk assessments and management systems to ensure risks are measured, monitored and mitigated and any identified deficiencies are addressed. Any conflicts of interest should be declared throughout the year and confirmed in writing via annual declaration.
Outsourcing and Reporting: Where functions are outsourced, ultimate responsibility for such delegated functions remains with the governing body. Accordingly, such arrangements must be documented and monitored. The governing body must also put in place a compliance committee or person to report on all compliance matters. Depending upon the size, complexity, structure of business and risk profile of the business, this requirement may be discharged by reports (at least annually) from the entity’s anti-money laundering compliance officer or another suitably qualified compliance or legal professional. Financial reporting should be completed by an audit committee (or equivalent) appointed by the governing body.
The Internal Controls Rule and SOG
The Internal Controls Rule and SOG sets out CIMA’s rules and guidance in respect of the way regulated entities are structured and operated in order to ensure the ability to carry on business in an orderly and efficient manner, the safeguarding of its and its clients’ assets, the maintenance of proper records and the reliability of financial, operational and regulatory reports, and compliance with all applicable acts and regulatory requirements. It is comprised of two parts. Part I sets out general rules and guidelines applicable to all regulated entities in respect of five components of internal control, namely:
Control Environment;
Risk Identification and Assessment;
Control Activities and Segregation of Duties;
Information and Communication; and
Monitoring Activities and Correcting Deficiencies.
Part II contains sector specific rules and guidelines for trust companies, company managers, corporate services providers and securities investment business (not covered in this Alert).
CIMA recognises that regulated entities may outsource some business functions and delegate certain duties to service providers. In such circumstances it is possible to rely on the service providers’ system of internal controls provided that that the governing body can demonstrate to CIMA that such system of internal controls meets the requirements of the Internal Controls Rule and SOG. Similarly, a regulated entity, if part of a group, may rely on the group’s system of internal controls provided all requirements are satisfied. To determine this, consideration should be given to the size, complexity, structure, nature of business and risk profile of the regulated entity.
Documentation: As the governing body is ultimately responsible for ensuring that an adequate and effective system of internal control is established and maintained, documentation of the same is important to monitor effectiveness and demonstrate compliance.
Training: Staff training and skills must be regularly updated to ensure compliance with the entity’s operational and internal control policies and procedures and compliance with all applicable legal and regulatory requirements.
Committees: The governing body must be able to demonstrate it has implemented both a compliance committee and an audit committee (or equivalent).
Outsourcing: The governing body must take steps to ensure a service provider’s systems meet the requirements of the Internal Controls Rule and SOG, for example, by obtaining confirmation from the relevant service provider to this effect and ensuring a suitable gap-analysis of the Cayman Islands and locally-applicable requirements is undertaken.
Risk Assessment: Regulated entities must identify and assess all material risks to the achievement of their objectives. They must also develop control activities to mitigate identified risks through policies that establish what is expected and procedures that put the policies into action.
Duties of Directors
The Corporate Governance Guidance imposes a number of duties on the Directors of Funds. The following are examples of some of these duties:
Directors should exercise independent judgement whilst always acting in the best interests of the Fund.
Directors should act honestly and in good faith.
Directors should consider capacity issues before taking on additional responsibilities with other Funds.
Directors are responsible for appointing, removing, monitoring, reviewing and ensuring the continued capability of any third party service providers.
Directors need to regularly confirm that the investment manager is operating within their investment strategy, criteria and restrictions.
Directors need to keep abreast of the financial position, net asset value and calculation thereof.
For all investment funds we launch and support for managers around the world, we provide a highly experienced board of directors for both CV5 and CV5 Digital. Each director has over 30 years of senior level industry experience, fund governance experience and is registered as a director with CIMA under the Director Registration and Licensing Act. Experience is from well known names such as Citi, UBS, BNP Paribas, Merrill Lynch, Morgan Stanley, Van Eck and Shinsei Bank. For more information, please contact us: info@cv5capital.io
Comments