Under Regulation 55F of the AMLRs, firms of attorneys at law carrying on or intending to carry on business in or from within the Cayman Islands must register with the LSSA. As part of the registration process, information on the ownership and control of the DNFBP is required to be submitted along with details of all beneficial owners and connected persons of the business. For more information on registration, please click here.

In accordance with Regulation 3(1) of the AMLRs, DNFBPs are also required to appoint an Anti-Money Laundering Compliance Officer (AMLCO). The AMLCO must be at managerial level and is responsible for ensuring the entity’s compliance with the AMLRs, serving as the primary liaison with the LSSA.

Regulation 5 further requires DNFBPs to establish and maintain internal systems, policies, procedures, and controls to effectively manage AML/CFT/CPF risks. These measures must be appropriate to the nature, size, and complexity of the business, and should be fully documented and communicated to all relevant employees.

In line with Regulation 8(1), DNFBPs are expected to identify, assess, and understand their exposure to money laundering, terrorist financing, and proliferation financing risks. This risk assessment must take into account the nature of their clients, the geographic areas in which clients operate, the types of products or services offered, and the delivery channels of the business. These assessments must be documented and regularly updated.

Customer due diligence is a core requirement under Regulation 11. DNFBPs must perform CDD measures at the outset of a business relationship, during any one-off transactions in excess of ten thousand dollars, when there is a suspicion of ML/TF/PF or there are doubts about the adequacy of previously obtained client identification data. Additionally, Regulation 15 requires the verification of the identities of clients and beneficial owners. DNFBPs must be able to demonstrate to the LSSA that their CDD and verification processes are appropriate and proportionate to their level of risk, as documented in their risk assessments.

Record keeping is mandated under Regulation 31. All relevant records must be maintained for a minimum of five years and should be kept in a format that ensures they are readily accessible for regulatory purposes.

As outlined in Regulation 33, DNFBPs must also appoint an MLRO, also at managerial level. The MLRO is responsible for receiving internal reports of suspicious activity and ensuring that any knowledge, suspicion, or reasonable grounds for suspicion of money laundering, terrorist financing, or proliferation financing is promptly disclosed to the Financial Reporting Authority.

Regulation 5 also includes the requirement for DNFBPs to provide effective and ongoing AML/CFT/CPF training to employees. This training must be tailored to the responsibilities of each employee and ensure they are equipped to identify and respond to relevant risks in their day-to-day duties.