Legal Updates

The Cayman Islands Monetary Authority (“CIMA”) has issued rules of corporate governance (the “Rules”) applicable to all regulated entities[1] (each an “Entity”) which set out fourteen broad areas of corporate governance to be addressed by each Entity and which will take effect from 14 October 2023.

The application of the Rules is subject to a proportionality test based on the entity’s size, complexity, structure, the nature of its business and the risk profile of its operations. The Rules apply across a wide range of regulated Entities and their implementation is likely to vary considerably between each class of Entity as well as between Entities within each such class as a result of the proportionality test. Investment funds which commonly outsource the majority of their operations will want to implement the Rules in a manner that accommodates the existing compliance policies of their service providers. Banks and other more substantial local Cayman businesses will want to implement the Rules as part of their own internal policies updating their existing compliance framework once the Rules are in effect.

It should be noted that in the context of investment funds the Rules will apply to Cayman master funds in a master feeder structure and where a Delaware LLC acts as general partner of such a fund it will need to ensure that it complies with the Rules. It may be beneficial for such a general partner to use a Cayman based service provider to supply or augment their governing body to take advantage of their familiarity with the Cayman corporate governance regime.

Many of the requirements set out in the Rule will likely already be covered by the provisions of the Entity’s constitutional documents but a review of an Entity’s documents against the requirements of the Rule may be required to ensure such compliance. This briefing seeks to highlight and outline those areas of the Rule which are unlikely to be set out in an Entity’ constitutional documents and which might therefore need to be addressed in separate policies and/or as part of the agenda items to be addressed by the Entity’s governing body at its annual meeting.

Objectives and Strategies

Entities are required to document in writing their objectives and strategies and to communicate these to their staff, to ensure that Entities conduct their affairs in accordance with their constitutional documents and all applicable Cayman laws and regulation.

Governance Structure

The governing body of an Entity must be sufficiently diverse to ensure an overall adequate level of competence and must comply with the requirements of all applicable law and regulation as to the number of individuals required to make up that governing body.

Oversight and Management

An Entity must document the roles and responsibilities of its senior management and compliance staff to ensure an appropriate separation between the oversight and management functions within the Entity and to set appropriate performance standards for senior management.

Independence and Objectivity

The governing body of an Entity must document independence criteria to be met by its members to promote objectivity in its decision making. The Rule makes clear that the governing body of an Entity may consist of members of the parent company, group or business associates of the Entity or in the fund context its investment manager but expects all members of an governing body to exercise independent judgement and objectivity subject to the terms of the Entity’s constitutional documents.

Collective Duties of the Governing Body

The governing body of an Entity must notify CIMA within ten days of any substantive issues which could materially affect the Entity in line with applicable Cayman law and regulation. At least once per year the governing body of an Entity shall:

• review its objectives and policies and amend or re-adopt them as appropriate;
• evaluate its progress toward achieving its objectives;
• review the composition of its governing body to ensure it has sufficient knowledge, experience and independence to effectively oversee the Entity. Consideration should be given to training and outsourcing should be managed effectively so that the governing body is able to understand and challenge advice from outsourced service providers[2];

• undertake self-assessments of the performance of the governing body and its members;
• ensure that all relevant risks are being adequately measured, monitored and mitigated;
• ensure that internal controls are operating effectively and any deficiencies addressed; and
• where applicable review the remuneration policy for senior management.

Individual Duties of the Governing Body

The governing body of an Entity shall indicate a minimum time commitment expected of its non-executive members, which may change from time to time, on their appointment and at the start of each financial year. Each member of the governing body of an Entity shall:

• maintain knowledge of the Entity’s business and update that knowledge with changes in the industry, regulation or business of the Entity;
• put the best interests of the Entity and its stakeholders ahead of their own interests;
• understand the limitations of service and reports provided by service providers of the Entity;
• exercise independent judgement and objectivity; and
• ensure that they are not subject to undue influence from senior management or service providers and have access to all relevant information about the Entity.

Delegation

The governing body of an Entity must have a compliance committee or person who reports on all compliance matters. Where functions are outsourced mechanisms must be in place for documenting the delegation and monitoring the exercise of delegated functions.

Where the governing body of an Entity delegates any functions to a sub-committee each such committee must have a charter of terms of reference setting out its mandate, scope, accountability, reporting obligations and working procedures. Any appointed sub-committees must maintain appropriate records of their deliberations and decisions demonstrating the fulfilment of their responsibilities and their effectiveness.

Risk Management and Internal Control

This area of corporate governance has its own rule and statement of guidance and is subject to a separate briefing.

Conflicts of Interest and Code of Conduct

The governing body of an Entity must document a conflicts of interest policy for its members including:

• a duty to avoid, to the extent possible, activities that could create conflicts of interest or the appearance of such conflicts;

• adequate procedures for transactions with related parties to be made on an arm’s length basis; and
• a duty for its members and senior management of the Entity to confirm in writing annually that any conflicts of interest have been declared and that any conflicts of interests arising during the year have been communicated to the governing body.

Code of Conduct

The governing body of an Entity must abide by a code of conduct based on the following principles:

• members must not under any circumstances do any act with the primary purpose of gaining any financial or other consideration for themselves, their family or friends;
• members must avoid placing themselves under any obligation to individuals or organizations that may have an inappropriate influence in the fulfilment of their duties;
• members must act and take decisions impartially, fairly, in the best interest of the Entity, on the best evidence and without discrimination or bias;
• members must be accountable to the Entity for their decisions and actions and must submit themselves to the scrutiny appropriate to their office;
• members must act and take decisions in an open and transparent manner. Information should not be withheld from the Entity unless there are clear and lawful reasons for so doing;
• members have a duty to declare any private interests related to their duties and must take steps to resolve any actual or potential conflicts of interests; and
• members should actively promote and robustly support these principles, always conduct themselves in a professional manner, and be willing to challenge poor behaviour wherever it occurs.

Remuneration Policy

The governing body of an Entity must document a remuneration policy applicable to its members, senior management, compliance staff and any other staff that may have a material impact on risk exposures. The remuneration policy must:

• not induce excessive or inappropriate risk taking;
• align with the corporate culture, objectives, strategies, identified risk appetite and long-term interests of the regulated entity; and
• have proper regard to the interests of relevant stakeholders.

Financial Reporting

The governing body of an Entity must establish an audit committee or equivalent subject to the proportionality test. The audit committee or equivalent is responsible for:

• the financial reporting process;
• providing oversight of the Entity’s internal and external auditors;

• approving or recommending the appointment, compensation and dismissal of auditors;
• reviewing and approving the audit scope and frequency;
• receiving key audit reports and ensuring that senior management is taking the necessary corrective actions to address control weaknesses, non-compliance with applicable law and regulations, and other problems identified by auditors; and
• overseeing the establishment of accounting policies and practices by the Entity.

Transparency and Communications

The governing body of an Entity must:

• have access to accurate, relevant and timely information regarding the Entity;
• approve systems and controls to ensure appropriate, timely and effective communication with CIMA on the governance of the Entity;
• hold meetings of its members at least annually; and
• ensure that minutes of meetings evidence appropriate attention, the substance of any discussions and their outcome.

Duties of Senior Management

The governing body of an Entity must ensure it is not subject to undue influence from its senior management or other parties, that it has access to all relevant information about the Entity and must approve policies to ensure that senior management:

• is sufficiently accountable to the governing body;
• carries out the day-to-day operations of the regulated entity effectively and in accordance with the entity’s objectives and in line with the entity’s long-term interests, including the interests of stakeholders;
• promotes sound risk management, compliance and fair treatment of stakeholders;
• provides the governing Body adequate information to enable it to carry out its duties including monitoring the performance and risk exposures of the Entity, and the performance of senior management; and
• maintains adequate and orderly records of the internal organization that can be easily accessed.

Application to Mutual Funds, Private Funds and Registered Person Managers

Where the Entity is a Mutual Fund, a Private Fund or the Registered Person Manager of such a fund many of the requirements set out in the Rule will likely already be covered by the provisions of the Entity’s constitutional documents, the fund’s offering memorandum and service provider agreements but a review of an Entity’s documents against the requirements of the Rule may be required to ensure compliance.

The governing body of each Mutual Fund, Private Fund and Registered Person Manager will need to conduct their own assessment of what is required in order to comply with the Rules on the basis of the proportionality test. At a minimum we’d recommend a review and update of the annual agenda used by such a governing body to ensure that the relevant areas of corporate governance are addressed.

Footnotes:

[1] Entities regulated under the Banks and Trust Companies Act (Revised) the Building Societies Act (Revised), the Companies Management Act (Revised), the Co-operative Societies Act (Revised), the Development Bank Act (Revised), the Insurance Act (2010), the Money Services Act (Revised), the Mutual Funds Act (Revised, the Directors Registration and Licensing Act (Revised), the Private Funds Act (Revised), the Securities Investment Business Act (Revised) or the Virtual Asset Service Providers Act (Revised).

[2] For Entities other than those regulated under the Insurance Act (2010) the Rule provides that a policy on outsourcing could be as simple as a list of functions that may be outsourced