CIMA rules on corporate governance and internal controls will come into effect October 2023
The Cayman Islands Monetary Authority (CIMA) recently issued a rule on corporate governance for regulated entities (Corporate Governance Rule) and a rule and statement of guidance on internal controls for regulated entities (Internal Controls Rule and SOG). These rules and guidance are aimed at enhancing corporate governance and internal control practices for CIMA regulated entities and will come into effect on 14 October 2023.
Corporate Governance Rule
- All regulated entities, including (without limitation) mutual funds, private funds, administrators and investment managers, must establish and maintain a corporate governance framework tailored to their operations
- Addresses key aspects such as objectives, governing body structure, oversight responsibilities, independence, risk management, conflicts of interest, financial reporting, and more
- Individual director duties, appointments, and delegation are covered
- The size and complexity of operations influence governance requirements
- A governing body (eg board of directors) must review and adjust governance annually, including the composition and collective skill sets, internal controls, self-assessments, and risk management systems
- Conflict of interest disclosures must be made at least annually to the governing body
Internal Controls Rule and SOG
- Applies to all regulated entities, including (without limitation) mutual funds, private funds, administrators, and investment managers
- Substantive emphasis on the regulated entity having a robust control environment
- Regulated entities must have risk identification and assessment governance, policies, procedures, systems, and controls
- Control activities and segregation of duties are an important part of the internal controls environment
- Evidence of information and communications flowing across and up/down the organisation is key
- Evidence of robust monitoring activities and correcting deficiencies on a timely basis
- Service providers' controls must align with the Internal Controls Rule and SOG, and Cayman local laws
The Corporate Governance Rule and Internal Controls Rule and SOG are legally binding and non-compliance could result in fines or regulatory action by CIMA.
Regulated entities should assess their internal governance and control structures. It is imperative that regulated entities implement the requirements outlined in the Corporate Governance Rule and Internal Controls Rule and SOG before the effective date of 14 October 2023.