Rule – Corporate Governance for Regulated Entities

In force

Subordinate · 2023 · No. 39 · 2023-0039

Official PDF

↓ Download / view PDF

2023-0039_SL 39 of 2023.pdf · 775.95 KB

Exports

Document JSON Version JSON AKN XML

Provenance

Retrieved: 21-Jun-2026
MD5: 3e0c74b2f824
Paragraphs: 115
AKN: generated
Text quality: Text review · 84/100

Source URL

Revision history

SL 39 of 2023 Current

As enacted

Text — SL 39 of 2023

Page 1 of 15

Rule Corporate Governance for Regulated Entities

April 2023

Page 2 of 15 Table of Contents

Page 3 of 15 List of Acronyms

CIMA Cayman Islands Monetary Authority

MAA Monetary Authority Act PIC Portfolio Insurance Company

Page 4 of 15

Introduction

1.1. This document establishes the Cayman Islands Monetary Authority’s (the “Authority” or “CIMA”) rules on corporate governance for entities regulated by the Authority (“regulated entities”) under the regulatory acts, as defined and amended under the Monetary Authority Act (as amended) (“MAA”).

1.2. The Rule should be read in conjunction with the relevant regulatory instruments issued by the Authority from time to time. Regulated Mutual Funds and Private Funds should read this Rule in conjunction with the Statement of Guidance on Corporate Governance for Mutual Funds and Private Funds.

Statutory Authority

2.1. Section 34 of the MAA provides that the Authority:

“After private sector consultation and consultation with the Minister charged with responsibility for Financial Services, the Authority may —

(a) issue or amend rules or statements of principle or guidance concerning the conduct of licensees and their officers and employees and any other persons to whom and to the extent that the regulatory laws may apply;” (b) issue or amend statements of guidance concerning the requirements of the anti-money laundering regulations or the provisions of the regulatory laws; and (c) issue or amend rules or statements of principle or guidance to reduce the risk of financial services business being used for money laundering or other criminal purposes.

Scope of Application

3.1. This Rule applies to the Governing Body of all regulated entities subject to proportional application as outlined in paragraphs 3.2., 6.1. and 6.2. below.

3.2. The corporate governance framework for regulated entities should be commensurate with the size, complexity, structure, nature of business and risk profile of its operations.

3.3. The Authority acknowledges that regulated entities that are part of a group may be subject to group-wide governance practices, and that such entities may rely on service providers in respect of certain governance matters. Where a regulated entity is part of a group, it may rely on the group corporate governance framework provided that the regulated entities’ Governing Body is satisfied that the framework is commensurate with the size, complexity, structure, nature of business and risk profile of its operations and legal requirements in the Cayman Islands, including those outlined in this Rule. Where gaps are identified, a tailored corporate governance framework that complies with the legal requirements in the Cayman Islands is required for regulated entities.

Definitions

Page 5 of 15 4.1. The following definitions are provided for the purpose of this Rule:

4.1.1. The “Governing Body” of a regulated entity is the Board of Directors where the entity is a corporation, the General Partner where the entity is a partnership, the manager (or equivalent) where the entity is a Limited Liability Company, and the Board of Trustees where the entity is a trust business.

4.1.2. “Control Functions” mean properly authorised functions, whether in the form of a person, unit or department, serving a control or checks and balances function from a governance standpoint and which carry out specific activities including strategy setting, risk compliance, actuarial matters, internal audit, and similar functions.

4.1.3. “Director” means a member of the Governing Body, and any person who fulfils the functions of a Director, by whatever name called. Where the Director is a corporate entity, this Rule applies to the natural persons who represent such corporate entity or the regulated entity’s governing body.

4.1.4. “Non-Executive Director” means a Director of a regulated entity who does not perform day-to-day management functions for the entity or a similar function in the regulated entity’s subsidiaries, holding company or companies related to the regulated entity through common ownership or control.

4.1.5. “Senior Management” includes the most senior staff of the regulated entity, including heads of divisions, and any person who fulfils the functions of a senior manager, by whatever name called. Such functions include actively participating in the daily planning, supervision, administration and execution of a regulated entity’s objectives and strategy.

Rules and Guidance

5.1. The Corporate Governance Framework

5.1.1. A regulated entity must establish, implement, and maintain a corporate governance framework which provides for sound and prudent management oversight of the regulated entity’s business and protects the legitimate interests of relevant stakeholders.

5.1.2. A regulated entity must establish a Governing Body that is responsible for implementing a corporate governance framework that addresses, at a minimum:

a) Objectives and strategies of the regulated entity; b) Structure of the governance of the Governing Body; Appropriate allocation of oversight and d) Independence and objectivity; e) Collective duties of the Governing Body; f) Duties of individual directors of the Governing Body; g) Appointments and delegation of functions and responsibilities;

Page 6 of 15 h) Risk management and internal control systems; i) Conflicts of interest and code of conduct; j) Remuneration policy and practices; k) Reliable and transparent financial reporting; Transparency and communications; m) Duties of Senior Management; and n) Relations with the Authority

5.2. Objectives and Strategies of the Regulated Entity

5.2.1. The Governing Body is responsible for, at a minimum:

a) the effective, prudent and ethical oversight of the regulated entity; b) establishing and overseeing the implementation of the entity’s corporate culture, business objectives and strategies for achieving such objectives (including ongoing monitoring and evaluation), in line with the entity’s long-term interests and viability, including the legitimate interests of relevant stakeholders; adequately documenting in writing the objectives and strategies of the entity and communicating to the Senior Management and staff of the entity, including persons in Control Functions; d) ensuring the regulated entity conducts its affairs in accordance with the acts, regulations and rules of the Cayman Islands and the Authority, and where applicable, the entity’s constitutional documents; and e) ensuring the regulated entity adopts a management structure that is commensurate with the size, complexity, structure, nature of business and risk profile of its operations.

5.3. Structure and Governance of the Governing Body

5.3.1. The Governing Body must have, at a minimum:

a) an appropriate number of individuals, as required by the applicable regulatory acts and regulations, with a diversity of skills, background, experience and expertise to ensure that there is an overall adequate level of competence at the Governing Body; b) appropriate documented internal governance practices and procedures to support the work of the Governing Body in a manner that promotes the efficient, objective and independent judgement and decision making by the Governing Body; adequate powers and resources to be able to discharge its duties effectively and efficiently; d) high standards of business conduct and ethical behaviour for Directors and Senior Management, including policies on conflict of interest, code of conduct, private transactions, self-dealing and preferential treatment of favoured internal and external entities; e) a requirement for Directors and Senior Management to declare any actual or potential conflicts of interests as and when these arise; f) an appropriate succession plan for Directors and Senior g) nomination, appointment, resignation, disqualification and termination procedures for Directors and Senior Management; and

Page 7 of 15 h) documented responsibilities of sub-committees of the Governing Body, as applicable, to ensure no single person has unfettered control of the business.

5.4. Appropriate Allocation of Oversight and Management Responsibilities

5.4.1. A regulated entity must clearly define and document the roles and responsibilities allocated to the Governing Body, Senior Management and persons in Control Functions as applicable, in order to promote an appropriate separation of the oversight function from management

5.4.2. The Governing Body must oversee Senior Management (including the appointment and, termination of senior managers), set appropriate performance standards for Senior Management and ensure that Senior Management is managing the day-to-day operations of the regulated entity in accordance with the strategies and objectives established by the Governing Body.

5.5. Independence and Objectivity

5.5.1. The Governing Body must establish and document a clear and objective independence criteria which must be met by its members1 to promote objectivity in decision making by the Governing Body.

5.6. Collective Duties of the Governing Body

5.6.1. The Governing Body, shall, at a minimum:

a) ensure that the relevant regulator(s) is notified by email, within ten days, of any substantive issues which could materially affect the regulated entity, in line with applicable acts, rules, regulations and regulatory measures; b) comply promptly and fully with requests for information from the Authority as required by the regulatory acts; enquire into the affairs of the regulated entity and request information from management or service providers, including their presence at the Governing Body meetings where necessary; and d) ensure that the business of the regulated entity is conducted in compliance with the applicable acts, rules, regulations and regulatory measures in force in the Cayman Islands and in any country in which the regulated entity does business.

5.6.2. The Governing Body shall, at a minimum of once per year:

a) review the strategic objectives and policies of the regulated entity and either amend or re-adopt them as appropriate;

1 The Authority recognises that the Governing Body may consist of members from the parent company, group or business associates of the regulated entity (or, in the case of a mutual fund or a private fund, the parent company, group or business associates of any person providing, directly or indirectly, the investment management or investment advisory services with respect to such mutual fund or private fund), but expects all members to exercise independent judgement and objectivity in the decision making of the Governing Body, taking into account (where relevant) factors required or permitted to be considered by the regulated entity's constitutional documents.

Page 8 of 15 b) evaluate the progress made towards achieving the strategic objectives; review the composition of the Governing Body to ensure that collectively it has sufficient knowledge, skills, experience, commitment and independence to oversee the regulated entity effectively, considering the size, complexity, structure, nature of business and risk profile of the regulated entity. For this purpose, the Governing Body must collectively and individually have, and continue to maintain, including through training, necessary skills, knowledge and understanding of the regulated entity’s business to be able to fulfil its role. Depending on the size, complexity, structure, nature of business and risk profile of the regulated entity, a Governing Body may sometimes rely on the advice of external experts on one or more of these areas. In that case, the Governing Body should nevertheless collectively have the skills and experience necessary to understand and, where appropriate, question and challenge the advice of such external expertise. At all times, the Governing Body must effectively manage any outsourced operations including outsourced functions, as applicable2; d) undertake appropriately executed self-assessments of the performance of the governing body (as a whole) and individual members. Any deficiencies identified should be remedied and documented; e) review the implementation of the risk assessment and risk management systems to ensure that all significant risks are being adequately measured, monitored and mitigated; f) review the implementation of internal controls, ensuring they are operating effectively and that any deficiencies are adequately addressed; and g) where applicable, review the remuneration policy for Senior

5.7. Duties of Individual Directors of the Governing Body

5.7.1. Each Director of the Governing Body shall devote time to the role needed for effective and efficient execution of associated responsibilities. The Governing Body shall indicate a minimum time commitment expected from Non-Executive Directors in letters of appointment, noting that such time commitment may change given the needs of the regulated entity, which may change from time to time. The Governing Body shall confirm to the Non-Executive Directors the on-going minimum time commitment expected on an annual basis at the beginning of each financial year.

5.7.2. The individual Directors of the Governing Body must act in good faith, honestly and reasonably.

2 The following should be considered: • With respect to Class B and Class C insurers, ensure that the appointed insurance manager possesses integrity and adequate knowledge, experience, skill and competence for its role. • With respect to Class A external insurers, ensure that the appointed insurance broker or the representative in the Cayman Islands possesses integrity and adequate knowledge, experience, skill and competence for its role. • With respect to all regulated entities as applicable, review the policy on outsourcing. This could be as simple as stating that the policy is that no functions will be outsourced or listing the functions that have been agreed will and can be outsourced.

Page 9 of 15

5.7.3. The individual Directors of the Governing Body must exercise due care and diligence.

5.7.4. Each Director of the Governing Body must maintain knowledge and understanding of the regulated entity’s business and update his/her knowledge periodically, consistent with changes in industry, regulatory landscape or business of the regulated entity.

5.7.5. Each Director must make enquiries where issues and/or complaints are raised and satisfy him or herself that an appropriate and timely course of action is taken to address the concern. Concerns raised and related corrective action must be appropriately documented.

5.7.6. The Directors of the Governing Body must act in the best interests of the regulated entity and relevant stakeholders putting those interests of the regulated entity and relevant stakeholders ahead of his/her own interests3.

5.7.7. Each individual Director of the Governing Body must understand the limitations of services and reports provided by service providers, as applicable.

5.7.8. An individual Director must exercise independent mind and judgment and objectivity in decision making, taking account of the interests of regulated entity and relevant stakeholders. An individual Director must not use his/her position to gain undue personal advantage or cause any detriment to the regulated entity.

5.7.9. Each Director of the Governing Body must ensure that they are not subject to undue influence from Senior Management or other parties and that they have access to all relevant information about the regulated entity.

5.8. Appointments and Delegation of Functions and Responsibilities

5.8.1. Sub-committees: The Governing Body may establish sub-committees to carry out delegated powers, duties, and functions in respect of certain matters. Established sub-committees are accountable to the Governing Body but should not relieve the Governing Body of any of its

a) Where the Governing Body establishes sub-committees to conduct certain functions, the number and types of subcommittees established should be appropriate the size, complexity, structure, nature of business and risk profile of the regulated entity. Each established sub-committee, as applicable, must have a charter of terms of reference or other instrument that sets out its mandate, scope, accountability, reporting obligations and working procedures. Sub-committees must

3 In the case of a PIC, the Governing Body must assess, at least every two (2) years, whether its relationship with the Segregated Portfolio Company (“SPC”), including in relation to the insurance manager, management structure or governance, is in the best interests of the policyholders of the PIC. If the majority of Directors and senior managers of the PIC are the same as those of the SPC, this assessment must be carried out in writing on an annual basis.

Page 10 of 15 maintain appropriate records (for example, meeting minutes or summary of matters reviewed and decisions taken) of their deliberations and decisions. Such records should document the committees’ fulfilment of their responsibilities and help with the assessment of committee effectiveness by the Governing Body or those responsible for the internal control functions.

b) The Governing Body must have in place an appropriate Compliance Committee or person who reports directly and timely to the Governing Body on all compliance matters (the size, complexity, structure, nature of business and risk profile of the regulated entity’s business can be used as a guide as to whether an appropriate compliance committee or person is most suitable).4

Specific to insurance regulated entities, the Governing Body must ensure that an actuary appointed under the Insurance Act is granted direct access to the Governing Body and to all relevant information.

5.8.2. Outsourcing: where a function of the Governing Body is outsourced, the Governing Body must have mechanisms in place for documenting the delegation and monitoring the exercise of delegated functions. The Governing Body cannot abrogate its responsibility for functions delegated. In particular, it must retain overall responsibility for internal control, internal audit, risk management and actuarial matters, as applicable.

5.9. Risk Management and Internal Control Systems

5.9.1. The Governing Body must provide oversight in respect of the design and implementation of sound risk management and internal control systems and functions. Please refer to regulatory measures on internal controls and risk management.

5.10. Conflicts of Interest and Code of Conduct

Conflicts of Interest

5.10.1. Directors and Senior Management shall declare any actual or potential conflicts of interest.

5.10.2. The Governing Body shall establish a documented ‘conflicts of interest’ policy for its members, which shall at a minimum, include the following:

a) a member’s duty to avoid, to the extent possible, activities that could create conflicts of interest or the appearance of conflicts of interest; b) a review or approval process for members to follow before they engage in certain activities (such as serving on another

4 For mutual funds or private funds, taking into account the size, complexity, structure, nature of business and risk profile of their business, this obligation may be discharged by the Governing Body receiving a report directly from the fund's anti-money laundering compliance officer, or from another suitably qualified compliance or legal professional, not less than annually and on an ad hoc, timely basis, as appropriate.

Page 11 of 15 Governing Body) to ensure that such activity will not create a conflict of interest; a member’s duty to disclose any matter that may result, or has already resulted, in a conflict of interest; d) a member’s responsibility to abstain from voting (unless otherwise allowed by Articles of Association or constitutional documents) on any matter where the member may have a conflict of interest or where the member’s objectivity or ability to properly fulfil duties to the regulated entity may be otherwise compromised; e) adequate procedures for transactions with related parties to be made on an arm’s length basis; and f) the way in which the Governing Body will deal with any noncompliance with the conflict of interest policy.

5.10.3. Where conflicts of interest arise, the Governing Body shall ensure that they are noted in the minutes of the meeting to which the subject matter of the conflict relates.

5.10.4. Subject to any express provisions set out in the regulated entity's Articles of Association or constitutional documents, where a conflict of interest arises, a member of the Governing Body must recuse himself or herself at the earliest opportunity from a Governing Body meeting and refrain from deliberating on any matter giving rise to such conflicts.

5.10.5. Directors and Senior Management must confirm to the Governing Body in writing, via an annual declaration, that any conflicts of interest have been declared throughout the year and must communicate changes to the declaration throughout the year.

Code of Conduct

5.10.6. The Governing Body must abide by a Code of Conduct that is based on the following key principles:

a) Selflessness: Directors must act in the interest of the regulated entity and relevant stakeholders. They should not, under any circumstances, do any act with the primary purpose of gaining any financial or other consideration for themselves, their family or friends. b) Integrity: Directors must avoid placing themselves under any obligation to individuals or organizations that may have an inappropriate influence in the fulfilment of their duties. Objectivity: Directors must act and take decisions impartially, fairly, in the best interest of the regulated entity, on the best evidence and without discrimination or bias. d) Accountability: Directors are accountable to the regulated entity for their decisions and actions and must submit themselves to the scrutiny appropriate to their office. e) Openness: Directors must act and take decisions in an open and transparent manner. Information should not be withheld from the regulated entity unless there are clear and lawful reasons for so doing. f) Honesty: Directors have a duty to declare any private interests

Page 12 of 15 related to their duties as directors and to take steps to resolve any actual or potential conflicts of interests. g) Leadership: Directors should exhibit these principles in their own behaviour. They should actively promote and robustly support the principles, always conduct themselves in a professional manner, and be willing to challenge poor behaviour wherever it occurs.

5.11. Remuneration Policy and Practices

5.11.1 The Governing Body must adopt and oversee the effective implementation of a written remuneration policy. The remuneration policy must: (i) not induce excessive or inappropriate risk taking; (ii) align with the corporate culture, objectives, strategies, identified risk appetite and long-term interests of the regulated entity; and (iii) have proper regard to the interests of relevant stakeholders.

5.11.2 The remuneration policy, at a minimum, must apply to members of the Governing Body, Senior Management, employees in Control Functions and other employees whose actions may have a material impact on the risk exposures of the regulated entity.

5.12. Reliable and Transparent Financial Reporting

5.12.1. The Governing Body must ensure there is a reliable financial reporting process for internal, public and supervisory purposes that is supported by clearly defined roles and responsibilities of the Governing Body, Senior Management and the external auditor.

5.12.2. The Governing Body must establish an audit committee or equivalent that is commensurate with the size, complexity, structure, nature of business and risk profile of the regulated entity. The audit committee or equivalent is chiefly responsible for the financial reporting process; providing oversight of the regulated entity internal and external auditors; approving or recommending to the Governing Body for their approval, the appointment, compensation and dismissal of auditors; reviewing and approving the audit scope and frequency; receiving key audit reports and ensuring that Senior Management is taking the necessary corrective actions in a timely manner to address control weaknesses, non-compliance with and regulations, and other problems identified by auditors. Additionally, the audit committee or equivalent should oversee the establishment of accounting policies and practices by the regulated entity. The Governing Body is responsible for oversight of the audit committee or equivalent.

5.13. Transparency and Communications

5.13.1. Governing Body must have access to accurate, relevant and timely information regarding the regulated entity.

5.13.2. The Governing Body must approve systems and controls to ensure the appropriate, timely and effective communications with the Authority on the governance of the regulated entity.

Page 13 of 15 5.13.3. The Governing Body must hold regular meetings, at least annually. Where the Governing Body is not comprised by a board, its principals or other natural person who exercise ultimate control over the regulated entity should meet at least annually.5

5.13.4. A detailed agenda should be circulated sufficiently in advance of any meeting of the Governing Body to allow each Director to apprise him or herself of the matters to be discussed.

5.13.5. Detailed minutes of all Governing Body meetings shall be prepared with all decisions, discussions and points for further actions being documented. The minutes must include, at a minimum:

a) Attendance of each member; b) Dissensions or negative votes; Conflicts of interest declared; and d) The substance of matters considered.

5.13.6. The minutes of meetings shall provide sufficient detail to evidence appropriate Governing Body attention, the substance of discussions and their outcome, where appropriate, and shall be approved at the subsequent Governing Body meeting.

5.14. Duties of Senior Management

5.14.1. The Governing Body must ensure it is not subject to undue influence from Senior Management or other parties and that it has access to all relevant information about the regulated entity.

5.14.2. The Governing Body must approve appropriate policies and procedures to ensure that Senior Management:

a) is sufficiently accountable to the Governing Body; b) carries out the day-to-day operations of the regulated entity effectively and in accordance with the entity’s corporate culture, business objectives and strategies for achieving such objectives, in line with the entity’s long-term interests and viability, including the legitimate interests of relevant stakeholders; promotes sound risk management, compliance and fair treatment of relevant stakeholders; d) provides the Governing Body adequate and timely information to enable the Governing Body to carry out its duties and functions including the monitoring and review of the performance and risk exposures of the regulated entity, and the performance of Senior Management; and e) maintains adequate and orderly records of the internal organization that can be easily accessed.

Supervisory Review

6.1. Regulated entities must, as required by the Authority, demonstrate the adequacy and effectiveness of its corporate governance framework. As deemed

5 In instances where a corresponding regulatory act or regulation requires a higher frequency of Governing Body meetings, the corresponding regulatory act or regulation will supersede this requirement.

Page 14 of 15 suitable, the Authority will exercise supervisory judgement when assessing such adequacy and effectiveness based on the size, complexity, structure, nature of business and risk profile of the regulated entity.

6.2. Where a regulated entity is of the view that a particular rule (or application of a rule) is not applicable to the entity based on the size, complexity, structure, nature of business and risk profile of its operations, it is the responsibility of the entity to ensure this is comprehensively demonstrated to the Authority, as needed.

Enforcement

7.1. Whenever there is a breach of this Rule, the Authority’s policies and procedures as contained in its Enforcement Manual will apply, in addition to any other powers provided in the regulatory acts and the MAA.

Effective Date

8.1. This Rule will come into effect within six months of the date that it is published in the Gazette.

Page 15 of 15