Rules and Statement of Guidance – Recruitment and Selection Standards for Trust and Corporate Service Providers and Company Managers – October 2024
In forcePage 1 of 13 RULE AND STATEMENT OF GUIDANCE Recruitment and Selection Standards for Trust and Corporate Service Providers and Company Managers
October 2024
Page 2 of 13
Table of Contents
Page 3 of 13 List of Acronyms
BTCA Banks and Trust Companies Act CIMA CMA Companies Management Act CPD Continuing Professional Development GIFCS Group of International Finance Centre Supervisors MAA Monetary Authority Act RSOG SRTC Standard on the Regulation of Trust and Corporate Service Providers TCSPs Trust and Corporate Service Providers
Page 4 of 13
Recruitment and Selection Standards for Trust and Corporate Service Providers and Company Managers
Introduction
1.1. This document establishes the Cayman Islands Monetary Authority’s (the “Authority” or “CIMA”) rules and guidance on the recruitment and selection standards for Trust and Corporate Service Providers (“TCSPs”) and Company Managers.
1.2. The Rule and Statement of Guidance (“RSOG”) should be read in conjunction with:
a) CIMA-issued measures: Regulatory Policy on Fitness and Propriety; Rule and Statement of Guidance on Internal Controls for Regulated Entities; Rule on Corporate Governance for Regulated Entities; Regulatory Policy on Criteria for Approving Changes in Ownership and Control; the Statement of Guidance on Outsourcing for Regulated Entities; Nature, Accessibility, and Retention of Records for Licensees Conducting the Business of Company Management; and
b) all applicable Acts in the Cayman Islands and any other relevant regulatory measures issued by the Authority from time to time.
1.3. Where applicable, any Acts referred to in this document include related regulations as amended from time to time.
1.4. To highlight the Authority’s rules within the compendium, a rule is written in light blue and designated with the letter “R” in the right margin.
1.5. This RSOG is not intended to be prescriptive or exhaustive; rather, it sets out the Authority’s minimum expectations relating to the recruitment, selection, competence, continuing professional development, and training processes of Regulated Persons.
Statutory Authority
2.1. This RSOG is consistent with the Authority’s statutory objectives as prescribed in Section 34 of the Monetary Authority Act (“MAA”), which provides that the Authority may issue rules, statements of principles, or statements of guidance:
“34(1) After private sector consultation and consultation with the Minister charged with responsibility for Financial Services, the Authority may–
(a) issue or amend rules or statements of principle or guidance concerning the conduct of licensees and their officers and employees, and any other persons to whom and to the extent that the regulatory acts may apply;
issue or amend rules or statements of principle or guidance to reduce the risk of financial services business being used for money laundering or other criminal purposes.”
Page 5 of 13 Scope of Application
3.1. This RSOG applies to:
a) Holders of a Trust Licence, Restricted Trust Licence or Nominee Trust Licence that have been issued under the Banks and Trust Companies Act (“BTCA”);
b) Holders of a Companies Management Licence or Corporate Services Licence that have been issued under the Companies Management Act (“CMA"); and
Persons licensed under other regulatory acts, that are allowed to engage in the business of company management pursuant to the CMA.
3.2. The Authority will assess Regulated Persons’ compliance with this RSOG in a manner commensurate with the size, complexity, structure, nature of business and risk profile of their operations.
3.3. The Authority acknowledges that Regulated Persons that are part of a group may be subject to group-wide practices, and that such Regulated Persons may rely on the group for certain recruitment and selection standards. Where a Regulated Person is part of a group, it may rely on the group’s framework provided that the Regulated Person’s Governing Body is satisfied that the framework is commensurate with the size, complexity, structure, nature of business and risk profile of its operations and legal requirements in the Cayman Islands, including those outlined in this RSOG. Where gaps are identified, a tailored recruitment and selection standards framework that complies with the legal requirements in the Cayman Islands is required for Regulated Persons.
Definitions
4.1. The following definitions are provided for the purpose of this RSOG:
4.1.1. “Competence” relates to the level of a person’s professional or formal qualifications, knowledge, skills, and pertinent experience. Competence also includes a person’s capacity to enable the proper performance of his/her role and to maintain and enhance knowledge and skills through training and continuing professional development.
4.1.2. “Continuing Professional Development (“CPD”)” encompasses a wide range of company-developed ongoing training regimes and external non-degree bearing training and development courses offered to professionals with a view to maintain and/or enhance their knowledge and skills.
4.1.3. “Continuing Professional Development Policy (“CPD Policy”)” refers to the documented policy developed by a Regulated Person which outlines its expectations for training and continuing professional development of its employees.
4.1.4. “Key Person” refers to any person who is acting in a Controlled Function as defined under the Authority’s Policy on Fitness and Propriety and includes, but is not limited to, a Director, Partner, Money Laundering
Page 6 of 13 Reporting Officer and Anti-Money Laundering Compliance Officer of a TCSP.
4.1.5. The “Governing Body” of a Regulated Person is the Board of Directors where the Regulated Person is a corporation, the General Partner where the Regulated Person is a partnership, the manager (or equivalent) where the Regulated Person is a Limited Liability Company, and the Trustee or the Board of Trustees where the Regulated Person is a trust business.
4.1.6. “Regulated Person” for the purpose of this RSOG means a natural or a legal person, or arrangement that has been approved, licensed, registered or supervised by the Authority pursuant to the relevant regulatory Acts under the Scope of Application.
4.1.7. “TCSPs” refer to those who undertake any one or more of the following activities pursuant to the BTCA or the CMA as applicable:
a) acting as a Corporate or Partnership formation agent; b) acting as (or arranging for another person to act as) a Director, Secretary or Official of a Company or a Partner of a Partnership or as a Foundation Official; providing administration or management of a Trust, Company, Partnership, Foundation or for any other legal person or legal arrangement; d) providing registered office, business address for accommodation, correspondence for administrative address for a Company, Partnership, Foundation or for any other person; e) acting as a Resident Agent1 for the purposes of meeting the requirements to hold beneficial ownership or interest information; f) acting as (or arranging for another person to act as) a Trustee of an Express Trust; g) acting as (or arranging for another person to act as) a Nominee Shareholder for another legal person; h) Persons who act as Executors and Administrators; and i) establishing and maintaining beneficial ownership registers on behalf of companies and limited liability companies incorporated or formed in the Islands, offering an information technology solution to those companies and limited liability companies to make extracts of information on the beneficial ownership register searchable by the competent authority established under Part XVIIA of the Companies Act and responding to requests from the competent authority about whether a company, a limited liability company or a subsidiary of the same is exempted from the application of that Part or of Part 12 of the Limited Liability Companies Act.
1Consistent with Section 3(1) (ba) of the CMA, Resident Agent means an agent establishing and maintaining beneficial ownership registers on behalf of companies and limited liability companies incorporated or formed in the Cayman Islands.
Page 7 of 13
Recruitment of Key Persons
5.1. Recruitment Stage
Approval of Candidates
5.1.1. A Regulated Person must obtain the Authority’s approval before the appointment of a Key Person.
5.1.2. A Regulated Person should evaluate and assess candidates for the role of a Key Person to ensure that they are fit and proper to perform the role for which they are applying.
5.1.3. The Authority will assess candidates for the role of Key Persons, as submitted by the Regulated Person, consistent with the Authority’s Regulatory Policy on Fitness and Propriety.
5.1.4. The Authority reserves the right to approve or reject such an appointment in accordance with all applicable Acts in the jurisdiction and any relevant regulatory measures issued by the Authority from time to time.
Policies and Procedures
5.1.5. A Regulated Person should establish and maintain appropriate recruitment policies and procedures commensurate with the size, complexity, structure, nature of business and risk profile of its operations that have been approved by the Governing Body.
5.1.6. A Regulated Person should review its recruitment policies and procedures, at least annually, and update them if necessary, to ensure that they continue to align with business and staffing needs and industry developments.
5.1.7. The Authority expects that at a minimum, the recruitment policies and procedures should capture the following to ensure they are appropriate and comprehensive:
a) the Regulated Person’s overarching and fundamental objective of recruitment and selection and onboarding procedures; b) the Regulated Person’s commitment to fair and transparent recruitment processes; an appropriate record of job descriptions for all advertised roles. These job descriptions should provide all candidates with a clear understanding of the role; purpose, accountabilities, and responsibilities, along with the requirements, knowledge, skills, and experience required for the role; and d) include a methodology for assessing the fitness and propriety of candidates offered contracts of employment or functions within the Regulated Persons. Considerations include, but are not limited to: honesty, integrity and reputation; competence and capability; and financial soundness.
R
Page 8 of 13 5.1.8. A Regulated Person should be able to demonstrate that it has evaluated how a candidate’s knowledge, skills, experience, and qualifications meet the requirements for the role, as outlined in the job description. In addition, the Regulated Person should be able to demonstrate that they have taken reasonable steps to verify the candidate’s relevant information before onboarding the candidate.
5.1.9. A Regulated Person should be able to demonstrate that it has adequately assessed and verified candidates’ references, membership in professional bodies (if applicable), criminal records, regulatory censure, financial soundness, professional reprimands, sanctions, conflicts of interest, legal proceedings and any other formal censure, discipline, or public criticism at the recruitment stage, as part of its fitness and propriety assessment on the candidate.
5.1.10. A Regulated Person should ensure that its recruitment, selection and employment practices are fair, transparent and in compliance with all applicable Acts in the Cayman Islands and any relevant regulatory measures issued by the Authority from time to time.
5.1.11. A Regulated Person should ensure there is adequate staffing to meet the requirements of the Regulated Person’s business plan to support the licence held2.
5.2. Post-Recruitment Supervision of Key Persons
5.2.1. A Regulated Person should ensure Key Persons remain competent, fit and proper and able to effectively carry out their roles and responsibilities and that the level of competence is commensurate with the size, complexity, structure, nature of business and risk profile of its operations.
5.2.2. A Regulated Person must notify the Authority immediately on becoming aware of significant changes that adversely affect the fitness and propriety of its approved Key Persons.
5.2.3. A Regulated Person must notify the Authority of a cessation of its approved Key Persons within twenty-one (21) days.
5.2.4. A Regulated Person should annually review the competence, qualifications, knowledge, and skills of its Key Persons to ensure that their level of competence remains commensurate with the size, complexity, structure, nature of business and risk profile of its operations. Appropriate measures should be taken to address any gaps identified.
5.2.5. A Regulated Person should consider and assess changes in Key Persons’ performance and behaviour, at least annually, and put measures and controls in place to address any misconduct or underperformance.
5.2.6. A Regulated Person should ensure that the responsibilities and authority of each Key Person are clearly documented and communicated.
2Where outsourced service providers are utilised to meet staffing needs, Regulated Persons should refer to the Statement of Guidance on Outsourcing for Regulated Entities. R
Page 9 of 13 5.2.7. Job descriptions should be reviewed as appropriate to ensure they are up-to-date, accurate, clear, and helpful to candidates and current Key Persons.
5.2.8. Reviews of job descriptions should evaluate and make accommodations for the needs of Key Persons, such as additional skills or qualifications, where they have entered a new role, or where their role has changed or expanded in scope. Reviews should also consider any changes in the size, complexity, structure, nature of business and risk profile of the Regulated Person’s operations.
5.2.9. A Regulated Person should have effective systems and processes to ensure that Key Persons are appropriately supervised. These systems and processes should be documented and communicated to all Key Persons.
5.2.10. To support the adequate supervision of Key Persons, the policies and procedures that the Regulated Person has in place should be appropriate to the knowledge, skills and pertinent experience of each Key Person and should include the following:
a) overarching reporting lines; b) reporting relationships between a Key Person and a supervisor; internal escalation processes for staff-related matters; d) changes in reporting lines; e) multiple reporting lines; and f) the method and frequency of advising Key Persons of such reporting relationships.
Directorship Services Obligations
6.1. The Governing Body should undertake self-assessments of the performance of the Governing Body collectively and its individual members to ensure they remain competent to carry out the recruitment, supervision, and training standards of the Regulated Person.
6.2. Where a Regulated Person licensed under the CMA is acting as or fulfilling the function of, or arranging for another person to act as or fulfil the function of, director or alternate director of a company, the Regulated Person, licensed under the CMA, should ensure the director or alternate director understands his or her duty to:
a) act openly, honestly and in good faith, at all times, and exercise independent judgment, always acting in the best interests of the client. b) carefully consider all decisions and understand the potential negative implications for the client company, its shareholders or its customers. maintain a thorough knowledge and understanding of the client’s business and update his/her knowledge periodically, consistent with changes in the industry, regulatory landscape or business of the client. d) satisfy himself or herself that an appropriate and timely course of action is being taken to address any concerns raised. e) satisfy himself or herself that the client, its governing body, its service providers, and advisors are acting in accordance with the client’s constitutional documents and any other documents directing the
Page 10 of 13 management and operation of the client and/or its advisors or service providers.
Ongoing Training and Continuing Professional Development
7.1. A Regulated Person should have a documented CPD Policy which sets out ongoing training and CPD requirements for all employees including Key Persons, which should be commensurate with the size, complexity, structure, nature of business and risk profile of its operations.
7.2. A Regulated Person’s CPD Policy should be reviewed and approved by the Governing Body at least every three years, or earlier if needed, to ensure that the CPD Policy continues to meet the training needs of the Regulated Person.
7.3. In developing the CPD Policy, a Regulated Person should make accommodations for Key Persons whose roles have changed or expanded in scope, or who have entered new roles. Similarly, a Regulated Person should consider changes to any legal and regulatory requirements, market developments and any other changes impacting the role of the Key Person.
7.4. A Regulated Person may rely upon both internal training resources as well as appropriate external sources in developing a training and CPD programme. A Regulated Person should satisfy itself with the quality of the training materials and the standard of the training programmes when selecting CPD activities and ensure that the contents of such courses are commensurate with the Key Person’s role and responsibilities.
7.5. Where a Key Person holds a relevant professional qualification, designation, or is a member of a relevant professional body or association that requires the completion of a certain number of CPD hours, the Regulated Person should ensure that the Key Person complies with such CPD requirements. A Regulated Person may, as appropriate, use a Key Person’s professional development hours, earned in meeting the CPD obligations of their professional qualification or membership, towards meeting the minimum number of training hours specified in the Regulated Person’s own CPD Policy.
Activities Relevant for Training and Continuing Professional Development
8.1. CPD activities may include, but are not limited to, a varied mix of the following:
a) training courses and activities provided by the Regulated Person; b) industry workshops; lectures and exam training; d) conferences and seminars; e) university courses; f) certification courses; g) distance learning which requires active participation; h) self-study with Independent Assessments; and i) publication of research papers and journal articles.
8.2. Relevant CPD topics for Key Persons should be commensurate with the Key Person’s role and responsibilities, and include inter alia, the following topics, which may be relevant to the Regulated Person’s specific business operations:
Page 11 of 13 a) Enterprise-wide Risk Management; b) Anti-money Laundering and Countering Terrorist Financing Risk; Other relevant financial, operational and emerging risks; d) Applicable Compliance, Legislative and Regulatory Standards; e) Business Conduct and Ethical Standards; f) New Financial Products in the Industry and the Associated Risks; g) Management Information Systems and Technological literacy; h) General Management and Governance; and i) Financial Reporting and Quantitative Analysis.
Record Keeping
9.1. A Regulated Person must keep all recruitment and selection records in accordance with requirements outlined in the Rule and Statement of Guidance – Nature, Accessibility and Retention of Records for Licensees Conducting the Business of Company Management.
9.2. A Regulated Person should keep the appropriate records related to their recruitment processes. Records should include, at a minimum:
a) records relating to hiring decisions including decisions to refuse or reject a candidate; b) records relating to complaints about the hiring process or appeals to any decisions taken to transfer, promote, demote; advertisements or notices to the public or Key Persons about openings, promotions, and/or training opportunities; d) job descriptions for existing and advertised positions; e) job applications, resumes, interview notes and records; f) records relating to fitness and propriety checks; and g) dates hired, promoted, demoted, transferred.
9.3. A Regulated Person should also keep proper records of CPD activities, including the details of the training conducted and the attendance records for persons who have completed the training.
9.4. Records should demonstrate how the training relates to and supports persons remaining competent in their role.
9.5. As a best practice, a Regulated Person should encourage Key Persons to keep proper records of their own CPD activities including, as applicable:
a) name of course attended; b) topic or subject matter; date of attendance; d) number of hours; and e) assessment results.
Enforcement
10.1. Whenever there has been a breach of the Rules included in this document, the Authority’s policies and procedures, as contained in its Enforcement Manual, will apply in addition to any other powers provided in the relevant Acts and the MAA.
R
Page 12 of 13 Effective Date
11.1. This Rule and Statement of Guidance will come into effect within six (6) months of the date that it is published in the Gazette.
Page 13 of 13