Knowledge

The Cayman Islands Monetary Authority ("CIMA") have issued new regulatory measures relating to corporate governance and internal controls requirements for regulated entities:

• Rule – Corporate Governance for Regulated Entities ("Corporate Governance Rule");
• Rule and Statement of Guidance – Internal Controls for Regulated Entities ("Internal Control Rule and SOG"); and
• Statement of Guidance – Corporate Governance for Mutual Funds and Private Funds ("MF and PF Corporate Governance SOG"),

(together, the "Regulations").

The Corporate Governance Rule and the Internal Control Rule and SOG come into effect on 14 October 2023 and apply to all entities regulated by CIMA, including mutual funds regulated by the Mutual Funds Act (Revised) of the Cayman Islands and private funds regulated by the Private Funds Act (Revised) of the Cayman Islands ("Regulated Funds"). The MF and PF Corporate Governance SOG apply only to Regulated Funds.

Unlike the MF and PF Corporate Governance SOG which sets out CIMA’s recommendations for regulatory compliance, the Corporate Governance Rule and Internal Controls Rule and SOG will create binding obligations on Regulated Funds and should an entity breach the rules, CIMA has the power to impose a fine or take regulatory action against such entity. 

Responsibility largely falls to the governing body of the Regulated Fund to adhere to the Regulations.  The governing body of a Regulated Fund is (i) the board of directors if it is an exempted company, (ii) the general partner if it is an exempted limited partnership, (iii) the manager(s) if it is a limited liability company, or (iv) the board of trustees if is a trust business (the "Governing Body").

The Regulation do provide for some flexibility. CIMA recognises that a Regulated Fund's corporate governance and internal controls framework will be commensurate with the size, complexity, structure, nature of business and risk profile of its operations. Where, based on these factors, a Regulated Fund takes a view that a particular rule (or application of a rule) is not applicable to it, the Regulated Fund will need to be in a position to demonstrate this to CIMA.

In practice, Regulated Funds are likely to already be adhering and complying with the requirements of the Regulations.  CIMA has also acknowledged that the Governing Body may consider certain requirements for internal governance policies and procedures are captured in the Regulated Fund's constitutional documents and/or offering documents. Other requirements may be captured by the policies and procedures of service providers engaged for governance support. If the Regulated Fund is part of a group structure, it may also rely on group-wide practices. However, it is important that the Governing Body can demonstrate the Regulated Fund's full compliance to CIMA with sufficient and adequate evidence.

A Governing Body will need to understand their obligations under the Regulations both when establishing a new Regulated Fund and for existing Regulated Funds. Any shortcomings or inadequacies with respect to corporate governance and/or internal controls should be identified, and the necessary measures implemented to meet the required obligations.

Set out below is a summary of the Regulations and some key actions. The Bedell Cristin team can provide further information and details and are well placed to assist a Governing Body with its Regulated Fund's adherence and compliance with the Regulations. Please contact us and we would be happy to help.

Corporate Governance

The Corporate Governance Rule requires that a Regulated Fund establish, implement and maintain a corporate governance framework which provides for sound and prudent management oversight of its business and protects the legitimate interests of relevant stakeholders.

The Governing Body is responsible for implementing such corporate governance framework that is commensurate to the regulated entity's size, complexity, structure, nature of business and risk profile of the operations. At a minimum, the corporate governance framework should address the following:

• objectives and strategies of the Regulated Fund;
• structure of the governance of the Governing Body;
• appropriate allocation of oversight and management responsibilities;
• independence and objectivity;
• collective duties of the Governing Body;
• duties of individual directors of the Governing Body;
• appointments and delegation of functions and responsibilities;
• risk management and internal control systems;
• conflicts of interest and code of conduct;
• remuneration policy and practices;
• reliable and transparent financial reporting;
• transparency and communications;
• duties of senior management; and
• relations with CIMA.

Regulated Funds should read the Corporate Governance Rule in conjunction with the MF and PF Corporate Governance SOG, which came into effect on 14 April 2023 and sets out CIMA's minimum expectations for sound and prudent corporate governance of Regulated Funds. It outlines the following items:

• oversight function of the operators;
• conflicts of interest;
• operator meetings;
• duties of operators;
• documentation;
• relations with CIMA; and
• risk management.

Key Actions:

Meetings: The Governing Body should meet at least once a year to review and improve the Regulated Fund's corporate governance framework.

Conflicts of Interest: If not already in existence, the Governing Body should establish a conflicts of interest policy. All conflicts of interest must be confirmed in writing to the Governing Body via an annual declaration, which details any conflicts of interests that have been declared throughout the year. This can be added to the agenda for the Governing Body's annual meeting for consideration.

Service Provider Engagement: Particularly if relying on service provider governance and policy, the Governing Body should actively engage with the Regulated Fund's service providers both at scheduled meetings and an ongoing basis. Such engagement and arrangements should be documented and monitored.

Documentation: The Governing Body should ensure that clear, detailed and accurate written records are kept, this includes policies, procedures, reports and minutes of meetings. The Regulated Fund may prepare or update (if already in existence) a compliance manual that addresses the requirements of the Regulations. The Regulated Fund may also need to incorporate additional wording in its offering documentation about its obligations and requirements under the Regulations.

Internal Controls

The Internal Control Rule and SOG sets out internal control requirements for a Regulated Fund to be structured and operated in such a way that would reasonably provide for:

• the ability to carry on its business in an orderly and efficient manner;
• the safeguarding of its and its clients’ assets;
• the maintenance of proper records  and  the  reliability  of  financial, operational, and regulatory reports; and
• the compliance with all applicable acts and regulatory requirements.

Similarly to a Regulated Fund's corporate governance framework, it is acknowledged that each Regulated Fund's internal control needs may vary commensurate with its size, complexity, structure, nature of business and risk profile of the operations.

Part I of the Internal Control Rule and SOG provides details of general internal controls framework rules and guidelines for all Regulated Funds comprising of following components:

• control environment;
• risk identification and assessment;
• control activities and segregation of duties;
• information and communication; and
• monitoring activities and correcting deficiencies.

Part II of the Internal Control Rule and SOG provides sector specific operational controls for trust companies, company managers, corporate service providers and securities investment business.

Key Actions:

Risk Objectives and Assessment: The Regulated Fund must establish objectives and regularly assess and analyse all material risks that may contribute to the achievement of such objectives. It must also develop control activities that address and contribute to the mitigation of risks. 

Roles and Committees: The role of the Governing Body, senior management and control culture of the Regulated Fund should be identified. The Regulated Fund should establish adequate committees, division of duties and reporting lines, such as for compliance and audit, to help mitigate conflict and risk of manipulation of financial data and misappropriation of assets.

Communication and Training: There should be effective internal communication channels and understanding by personnel of control policies, procedures and systems, this includes having measures in place for reporting corrective action and summarising key control issues and complaints.

Service Providers: If relying on a third party's policy and procedure, the Governing Body should ensure their system meets the requirements of the Internal Controls Rule and SOG in relation to the Regulated Fund, for example, reviewing such policy and procedure and obtaining written confirmation to that effect.

Documentation: The Governing Body should ensure that adequate documentation and records are in place that can support and evidence the Regulated Fund's adherence and compliance with the Internal Controls Rule and SOG, such policies, procedures, organisational structure and reporting lines.