Andy Randall
Managing Partner
Hong Kong
After industry consultation and feedback process in 2022, the following updated regulatory measures of the Cayman Islands Monetary Authority (CIMA) were gazetted on 14 April 2023:
These regulatory measures are primarily updated and streamlined versions of existing regulatory measures. They include however certain new provisions and changes to scope of which all regulated entities, including mutual funds and private funds, should be aware.
These new regulatory measures came into effect on 14 April 2023 except the Rule on Corporate Governance for Regulated Entities and the combined Rule and Statement of Guidance on Internal Controls for Regulated Entities, which will come into effect on 14 October 2023.
This advisory provides a summary of the key points, as well as guidance on compliance in practice for mutual funds and private funds.
Proportionate approach
The Rule on Corporate Governance for Regulated Entities and the Rule and Statement of Guidance on Internal Controls for Regulated Entities apply to all regulated entities. However, there is a recurring emphasis throughout on proportionate application, providing flexibility especially in the case of regulated funds (meaning both mutual funds and private funds). CIMA expressly recognises that each regulated entity's corporate governance framework and internal controls should reflect its size, complexity, structure, nature of business and risk profile. It also acknowledges that regulated entities may rely on their service providers or group-wide frameworks for their corporate governance frameworks and internal controls, assuming that these demonstrably enable the entity to meet its regulatory requirements.
One of CIMA's principal objectives was to modernise the measures dealing with corporate governance and internal controls, so that they applied more consistently across regulated entities. In addition, CIMA took the opportunity to update aspects of its measures to better reflect current international best practices, and to ensure that it has adequate supervisory and enforcement powers where appropriate. There is no change to the fact that breach of a Rule may lead to a fine or regulatory action, whereas a Statement of Guidance is a measure against which CIMA will assess a regulated entity's compliance with laws, regulations and rules.
Rule on Cybersecurity for Regulated Entities and Statements Of Guidance on Cybersecurity for Regulated Entities, Outsourcing for Regulated Entities and Nature, Accessibility and Retention of Records.
These four regulatory measures are updates to pre-existing versions, amended to clarify that these measures apply to virtual asset service providers under the Virtual Asset (Service Providers) Act and registered persons under the Securities Investment Business Act, just as they already apply to most other regulated entities. The existing exemption for mutual funds from the measures relating to cybersecurity and outsourcing is now also extended to private funds. These changes are helpful and as anticipated.
Rule on Corporate Governance for Regulated Entities
The Rule on Corporate Governance for Regulated Entities replaces the existing Statement of Guidance on Corporate Governance and Rule on Corporate Governance for Insurers. The Rule on Corporate Governance for Regulated Entities covers the ground that one would expect, dealing with:
The main difference between the new Rule on Corporate Governance for Regulated Entities and the pre-existing corporate governance framework relates to applicability. The new Rule on Corporate Governance for Regulated Entities applies to all CIMA regulated entities, bringing mutual funds, private funds, registered persons under the Securities Investment Business Act, registered virtual asset service providers under the Virtual Asset Service Providers Act, Money Services Businesses and Private Trust Companies into scope. Where a regulated entity is of the view that a particular rule is not applicable to it based on the size, complexity, structure, nature of business and risk profile of its operations, it is the responsibility of the entity to ensure this is comprehensively demonstrated to CIMA if required.
The Rule on Corporate Governance for Regulated Entities should be read in conjunction with the Statement of Guidance on Corporate Governance for Mutual Funds and Private Funds which, as discussed below, provides practical guidance on how the key corporate governance principles pertain to mutual funds and private funds.
Statement of Guidance on Corporate Governance for Mutual Funds and Private Funds
The Statement of Guidance on Corporate Governance for Mutual Funds and Private Funds replaces the pre-existing Statement of Guidance on Corporate Governance for Mutual Funds. The key change is that private funds, as well as mutual funds, are now included. The substantive content remains largely the same as before and represents existing industry best practice, covering the Operators' oversight function, conflicts of interest, Operators' meetings, duties of Operators, documentation, relations with CIMA and risk management. A description of what comprises an Operator is set out in the section of Governance.
Rule and Statement of Guidance on Internal Controls for Regulated Entities
The Rule and Statement of Guidance on Internal Controls for Regulated Entities consolidates and replaces a pre- existing Rule on Internal Controls for all Licensees and various sector specific Statements of Guidance on Internal Controls.
The new Rule and Statement of Guidance on Internal Controls for Regulated Entities applies to all CIMA regulated entities, bringing mutual funds, private funds, registered persons under the Securities Investment Business Act, registered virtual asset service providers under the Virtual Asset Service Providers Act, Money Services Businesses and Private Trust Companies into scope.
It sets out the general rules and guidelines for all regulated entities covering each of the five components of internal control, namely the control environment, risk identification and assessment, control activities and segregation of duties, information and communication, monitoring activities and correcting deficiencies. It also sets out additional sector-specific rules and guidelines for Trust Companies, Companies Managers, Corporate Service Providers and Securities Investment Business.
Practical compliance for mutual funds and private funds
The new regulatory measures reflect CIMA's longstanding acknowledgement that funds are in several important respects different from other regulated entities. As well as the emphasis on proportionate approach as discussed above, CIMA has provided practical guidance for mutual funds and private funds in relation to various aspects of the measures.
Structure: It is recognised that funds are structured and resourced differently from other regulated entities in that they typically have no staff of their own and rely on their investment manager and other service providers to help them comply with their regulatory responsibilities. In particular, a number of requirements which relate to a regulated entity's "Senior Management" (defined to include the most senior staff of the regulated entity, including heads of divisions, and any person who fulfils the functions of a senior manager) will not be relevant to a fund. CIMA acknowledges that mutual funds and private funds are unlikely to have "Senior Management" but will instead rely on their Governing Body, which may in turn rely on the fund's investment manager and other service providers to facilitate compliance with the fund's regulatory responsibilities.
Governance: A mutual fund's or private fund's Operators are considered to be its Governing Body.
The Operators refers to the board of directors where the fund is a company, the general partner where the fund is a partnership, the manager (or equivalent) where the fund is a limited liability company and the trustee where the fund is a trust. The Operators of a regulated fund hold ultimate responsibility for effectively overseeing and supervising the activities and affairs of the regulated fund and protecting the interests of key stakeholders. The Governing Body must comprise sufficient appropriately qualified individuals — in practice, for regulated funds CIMA has long operated a 'four eyes' principle requiring at least two individuals to be ultimately in control of the entity, with their details disclosed in any offering document or marketing materials. It is the responsibility of the Governing Body to self-assess as to its members' qualifications and suitability.
Meetings: The Operators of a regulated fund should convene at least once a year (rather than at least twice a year for mutual funds under the pre-existing Statement of Guidance on Corporate Governance for Mutual Funds). While the new Statement of Guidance on Corporate Governance for Mutual Funds and Private Funds has reduced this requirement for mutual funds it is a new requirement for private funds, notwithstanding their significant existing internal focus on corporate governance matters including by way of Governing Body, limited partner advisory committee and investor meetings.
Most mutual fund boards meet on (at least) a quarterly or semi- annual basis, so we do not expect boards to meet less frequently than they currently do. The primary purpose of these meetings is the review of the fund's activities and strategy and to engage with the service providers as part of the Governing Body's oversight function. Typically the fund's financial statements will be considered and approved by the Governing Body in a meeting each year, which provides an ideal opportunity for a broader review.
All of these meetings must be appropriately documented with agendas and minutes of decisions reached. Meetings need not be in person and there is no requirement for professional corporate secretarial support, although support is available if required. In practice, we would anticipate Governing Bodies of mutual funds to continue their existing practices, and Governing Bodies of private funds to meet at least once a year to consider, at a minimum, a standard agenda including consideration of annual financial statements, review of conflicts matters and verification of the performance by service providers of their functions on behalf of the fund.
Independence: There is no requirement for investment funds to appoint directors (or equivalent) that are independent of the investment manager but the Operators must exercise independent judgement, acting in the best interests of the regulated fund (other than where lawfully permitted or required to consider other interests) and taking into consideration the interests of its investors as a whole. CIMA recognises that the Governing Body may consist of members from the investment manager or advisor or an affiliate of such mutual fund or private fund.
Nothing in the new measures seeks to vary the various provisions in Cayman Islands law that have long been the settled position on fiduciary duties in a funds context, such as those provisions in the Exempted Limited Partnership Act that permit the general partner (to the extent contemplated by the limited partnership agreement) to take into account external interests, including their own interests.
Conflict management: The Operators are required to consider their position with respect to conflicts or potential conflicts of interest, and this may be especially likely to arise for those individuals who are connected with a fund's management. The Rule on Corporate Governance for Regulated Entities and Statement of Guidance on Corporate Governance for Mutual Funds and Private Funds emphasise the management of conflicts of interest, and funds must have appropriate policies for this purpose.
Most funds will, at the very least, contain provisions in their constitutional or offering documents that deal with the key questions, such as whether disclosure of the conflict is sufficient or whether the affected individual(s) must recuse themselves. Regular consideration of conflicts has been a recurring agenda item on many board meetings for several years and we expect this trend to continue.
Internal controls: The Operators are responsible for maintaining internal controls appropriate to the fund's business. At its core, these requirements relate to risk assessment, monitoring and management of the entity's business. In an investment funds context, these obligations are primarily discharged by the Operators proactively engaging with service providers to the fund to ensure adequate oversight and to be in a position to receive any communications of risks identified by those providers, and then provide appropriate directions to rectify non- compliance where necessary. This is a routine part of the service provider reporting function, and a discussion and evaluation of key risks to the fund and compliance, in the broadest sense, is one of the primary functions of the meeting.
Proportionate documentation: CIMA recognises that various documentary requirements may be satisfied via typical fund documents. For example, while the Operators of a regulated entity should have a written conflicts of interest policy, this may be documented in a fund's constitutional documents, offering documents or marketing materials, as applicable. They may adopt provisions of a policy maintained by the fund's investment manager, if they are appropriate to the fund. Similarly, regarding the requirement for "appropriate documented internal governance practices and procedures to support the work of the Governing Body", CIMA has helpfully acknowledged that a mutual fund or private fund may deem such practices and procedures to be appropriately captured in its constitutional or offering documents. CIMA has also clarified that a regulated entity may deem the policies and procedures of service providers engaged for governance support to be sufficient. As regards the requirement for a succession plan to be in place for members of the Governing Body, it is recognised that a mutual fund or private fund may deem such a succession plan to be appropriately captured in its constitutional documents, offering documents or service provider agreements.
What should regulated entities be doing now?
We expect that most of our clients will be able to get comfortable that they are compliant with the updated regulatory measures through their existing governance and compliance frameworks. We recommend that those responsible for the governance of regulated entities familiarise themselves with the applicable regulatory measures. To the extent any shortcomings are identified or there are areas where it would be helpful to consider the applicability of any provision to a given entity, please do get in touch with your usual Walkers contact or a member of our Regulatory and Risk Advisory group.
Key contacts
Partner
Cayman Islands
Chief Executive Officer – WPS
Cayman Islands