Apex Regulatory Update – October 2019


Share on facebook
Share on twitter
Share on linkedin


  1. Introduction


This quarter’s Regulatory Update from the Apex Group outlines the key regulatory developments impacting asset managers around the world; from changes to the Cayman Securities Licencing Requirements to a snapshot of the EU Beneficial Owners Register. Make sure you are up to date on local regulations within all the jurisdictions you operate.


  1. Cayman Securities Licencing Requirements[1]


Scope and Exemptions


June 2019 saw changes  to the Securities Investment Business Law (“SIBL”) to align the law with global standards. These updates and changes  are applicable to those currently registered as ‘excluded persons’ under the law.


In accordance with the  SIBL, anyone engaging in deals, arranging deals and advising on/ managing securities in their course of business, must be licenced unless they fall under the “Excluded” categories.


Excluded persons will now have to register with the Cayman Islands Monetary Authority (“CIMA“) and were requested to submit two AML/CFT reporting forms (“AML/CFT Forms[2]) by 15 August 15 2019 in order to be eligible to register by 15 January  2020. Failure to have met the August deadline will have resulted in automatic de-registration by CIMA.

Registered vs Non Registrable Persons


SIBL established three categories of companies, within the excluded persons bracket, that were required to register with CIMA. The amendments to SIBL stated that 3 specific categories were required to register or re-register as “Registered Persons”.


Companies in scope:


  1. Those providing services intra-group;
  2. Those providing services to high-net-worth (“HNW”)and sophisticated persons (“HNI”) or to entities whose investors are HNW and HNI
  3. Those regulated by overseas regulators


The other categories, that were not required to register with CIMA, have been referred to as “Non-Registrable Persons[3] and their activities will no longer be regarded as constituting securities investment business for the purposes of SIBL.


Therefore any entity which continues their securities investment business overseas will not be in scope of SIBL and should de-register unless they use a Cayman Islands branch.


CIMA Requirements


In order to become a Registered Person, a company is obliged to meet a number of requirements including:


  • Confirmation that its shareholders, directors and senior officers are fit and proper persons;
  • Have at least two individual directors (MDs) or Managers (for LLC). Previously one director or manager would have been sufficient;
  • MDs or Managers must be registered or have a license under the Directors Registration and Licensing Law 2014 as amended;
  • The Registered Person must ensure segregation between their own funds and property and that of their clients’
  • Any material change in the company information must be notified within 21 days to the CIMA, as well if the company cease to deal with securities.
  • File the AML/CTF Forms:
    • An Excluded Person who fails to file the AML/CFT Forms by 15 August 2019 will be unable to benefit from the re-registration process under the transitional provisions of the SIBL Amendment. Should it wish to continue to carry on securities investment business after 15 January 2020, it will be required to submit a brand new application.


The Economic Substance Legislation (“ES Law”)


The International Tax Co-operation (Economic Substance) Law, 2018 (“ES Law”) came into effect in the Cayman Islands on 1 January 2019 in response to the work of OECD and EU on fair taxation.


  1. The economic substance test (“ES Test”)


ES Law requires in-scope entities (“Relevant Entities”)  continuing more than one relevant activity to have demonstrable economic substance within the Cayman Islands. This must be reported annually (within 12 of  their financial year end) to the Tax Information Authority. This is known as the economic substance test.


Relevant Entities


A Relevant Entity Means:


  • A company that is incorporated under the Company Law or a limited liability company;
  • A limited liability partnership
  • Company incorporated outside the Cayman Islands and registered under the Company Law


It excludes:


  • Investment funds, including mutual funds licensed or registered with CIMA, intermediary fund and some open-ended and closed-ended funds, investment entities under the CRS law (Common Reporting Standards)
  • Entities that are authorised to carry out business in the Cayman Islands as domestic companies
  • Entities that are tax resident outside the Cayman Islands. In this case, they are required to produce satisfactory evidence to substantiate the same (e.g. tax ID number, tax residence certificate, income tax return, etc.)

Relevant Activities


“Relevant activities” includes each of the following, but excludes investment fund business:


  1. banking business;
  2. distribution and service centre business;
  3. financing and leasing business;
  4. fund management business;
  5. headquarters business;
  6. holding company business;
  7. insurance business;
  8. intellectual property business;
  9. shipping business.



Specifically in relation to fund management business activities, ES Law refers to companies that are “managing securities belonging to another person in circumstances involving the exercise of discretion” (“Relevant Activities”). 


ES Test


The ES Test requires Relevant Entities carrying on Relevant Activities to:


  • Conduct Cayman Islands core income generating activities (“Cayman Islands CIGA”) in relation to that relevant activity;
  • Be directed and managed in an appropriate manner in the Islands in relation to that relevant activity; and Have incurred adequate operating expenditure, have an adequate physical presence and an adequate number of employees or other personnel with appropriate qualifications in the Cayman Islands. The Cayman’s Authority has included in their guidance the definition for both adequate and appropriate, as follows:
  • “adequate” shall mean “as much or as good as necessary for the relevant requirement or purpose”;
  • “appropriate” shall mean “suitable or fitting for a particular purpose, person, occasion”


The economic substance tests will be driven by the amount of revenue the entity generates. The higher the revenue,  the more substance the entity can expect to have in place in Cayman.


Many entities are therefore looking at alternative approaches to keep the Cayman entity but minimise the revenue if possible that will flow through the Cayman manager.


The industry is currently waiting on the sector specific guidance to determine what requirements will need to be met by the managers in order to comply.


Amendments to the Companies Law (2019 Revision) (the “Companies Law”) 


Directors and Officers – notice deadline reduced


In early September 2019, the period within which a Cayman Islands entity must notify the Registrar of Companies (the “Registrar”) of any changes to its directors, officers, managing member, or general partner was reduced from 60 days to 30 days in a reversion to the position prior to 2015.


Penalties for a breach of this obligation remain unchanged and, accordingly, are generally capped at approximately US$610 in the absence of knowing and wilful breach.


Directors and Officers – list inspections


Another amendment to the law is the new provision which allows anyone to inspect a new ‘list of names’ of the current directors of a Cayman Islands company upon payment of a fee of CI$50/US$61.


When this section of the law comes into force, the list (which will be maintained by the Registrar of Companies rather than at the registered office) will contain only the names of current directors and alternate directors and will not feature any information regarding past directors or address details.  Such inspection must be completed at the offices of the Registrar.


This new section of the law (55A) will come into once the necessary systems have been put in place by the Registrar of Companies, the date of which is still to be appointed by the Cabinet of the Cayman Islands Government.

Register of Members – greater detail


Section 40 of the Companies Law adds a new requirement regarding voting rights for different categories of shares. The Register of Members of a Cayman Islands company must now specify which category has voting rights and, if so, whether such voting rights are conditional.


Voting rights are defined as the right “to vote at general meetings of the entity on all or substantially all matters.”  A voting right is considered to be conditional where the voting right only arises in certain circumstances (e.g. following a trigger event).  Shares that grant their holders the right to vote only on limited matters (such as the appointment of a particular director) are not considered to be shares with voting rights.  Generally speaking, investors in Cayman funds do not receive voting shares.


This amendment requires existing Cayman Islands companies to review each existing class of shares to determine how they should be categorised and to ensure its register of members reflects such categorisation.


Apex is already working to ensure that the required information is included in the Register of Members of our Registered Office clients.


Beneficial Ownership – penalties increase


The penalties for breach of obligations relating to the beneficial ownership regime (the “UBO Regime”) have been increased with the effect that:


  • second offences by companies who fail to comply with their UBO Regime obligations will attract penalties of approximately US$120,000, while a third offence will render a Cayman Islands company liable to being struck off;
  • second offences by individuals or entities failing to respond to formal notices issued under the provisions of the UBO Regime will attract penalties of approximately US$60,000 and/or two years’ imprisonment; and
  • second offences by those failing to provide required beneficial ownership information (including existing registered persons who fail to notify the company of changes to their information) will also incur penalties of approximately US$60,000 and/or two years’ imprisonment.


These changes are intended to ensure that those persons named on beneficial ownership registers are aware of their ongoing obligation to keep the company informed of changes in their required particulars (such as address changes or new passports).


The Data Protection Law 2017 (“DPL”)


The Cayman Islands decided in 2009 to develop Data Protection legislation employing the model of the EU. The resulting DPL was enacted in 2017 and came into effect in 30 September 2019. It follows many of the same definitions and provisions as the 2016 General Data Protection Regulation of the EU (“GDPR”).


The DPL defines “personal data” as data relating to a living individual who can directly or indirectly be identified, including an expression of an opinion about, or an indication of intentions in respect of, the individual.  It defines “processing” broadly, including the collection, organisation, storage, alteration, use, disclosure or destruction of personal data.  The DPL applies to both public and private sector “data controllers” and places limits on how personal data may be used by, or shared with, third parties.  The DPL also provides special protections for particularly sensitive types of personal data.


Cayman Islands domiciled entities will be required to provide their clients with a Privacy Notice that contains clear and concise information about you and what you do with their personal data.


Data Protection Principles (Schedule 1)


Personal data must:


  1. be used fairly and only when specific conditions are met, for instance where consent has been given, where there is a legal obligation, or where it is necessary for performance of a contract.;
  2. be obtained for one or more specified, lawful purposes, or compatible purposes;
  3. be adequate, relevant and not excessive in relation to the purpose or purposes for which they are collected or used;
  4. be accurate and up to date;
  5. not be kept for longer than necessary;
  6. be used in accordance with the rights of individuals as specified in the remainder of the draft Bill;
  7. be protected by appropriate technical and organizational measures against unauthorized or unlawful use, and against
  8. loss, destruction or damage;
  9. not be transferred abroad unless an adequate level of protection can be guaranteed. 


Rights of Individuals


  • the right to access your own personal data and certain information about its use; (s.8)
  • the right to require that processing of your personal data cease; (s.10)
  • the right to require that processing of your personal data for the purpose of direct marketing cease; (s.11)
  • the right to require that a decision which significantly affects you, and which is made solely by automatic means, is reconsidered on another basis; (s.12)
  • the right to seek compensation for damages caused by contravention of the Data Protection Law; (s.13)
  • the right to seek rectification, blocking, erasure or destruction of inaccurate personal data; (s.14) and,
  • the right to complain to the Ombudsman where it appears that a violation has occurred. (s.43)

Duties of Data Controllers

The Data Protection Law imposes certain specific obligations on the persons who control the use of personal data (“data controllers”), including:


  • the duty to apply the data protection principles; (sch.1, para 6)
  • the duty to respond in a timely fashion to requests from data subjects in relation to their personal data; (s.8)
  • the duty to notify data subjects and the Ombudsman of any personal data breaches.(s.16)


Exemptions (ss.17-31)


There are exemptions to certain obligations in order to ensure that personal data can be used in appropriate circumstances, e.g. for national security, law enforcement, certain public functions, health care, education, social work, journalism, literature, art, research, history, statistics, information available under an enactment, legal proceedings, personal family or household affairs, honours, corporate finance, negotiations, legal privilege. The Cabinet may also develop further regulations relating to exemptions.


Enforcement (Parts 5-6)


The Ombudsman has the following powers:


  • to hear, investigate and rule on complaints;
  • to monitor, investigate and report on the compliance of data controllers under this Law;
  • to intervene and deliver opinions and orders related to processing operations;
  • to order the rectification, blocking, erasure or destruction of data;
  • to impose a temporary or permanent ban on processing;
  • to make recommendations for reform both of a general nature and directed at specific data controllers;
  • to engage in proceedings where the provisions of this Law have been violated, or refer these violations to the
  • appropriate authorities;
  • to cooperate with international data protection supervisory authorities;
  • to publicize and promote the requirements of this Law and the rights of data subjects under it;
  • to do anything which appears to him to be incidental or conducive to the carrying out of his functions under this Law.


Offences and penalties (incl. fines and administrative penalties): (part 6)


  • failing to make certain particulars available to a data subject in response to a request;
  • failing to notify the data subject and the Ombudsman of a personal data breach;
  • withholding, altering, suppressing or destroying information requested by the Ombudsman;
  • knowingly or recklessly disclosing information;
  • obstructing a warrant, or making a false statement;
  • unlawfully obtaining, disclosing, selling or procuring personal data;
  • failing to comply with an enforcement or monetary enforcement order;
  • offences otherwise specified in Regulations.


Apex has prepared a Data Protection Addendum to incorporate the requirements of the DPL into our existing Administration and Corporate Services agreements for clients with Cayman Islands entities.  If you have not already been contacted by us, please reach out to us to get the addendum so that we can work with you to have this in place to comply with the DPL.  Please also see our website at https://theapexgroup.com/privacy-policy/ where you can find our updated Data Protection Notice.


  1. Senior Managers and Certification Regime


The Senior Managers and Certification Regime (“SM&CR”) came into force on 7 March 2016 with the aim of reducing harm to consumers and strengthen market integrity. This is achieved by raising the standards of conduct for everyone who works in financial services.


The regime applies to the firms’ most senior executive management and directors who are subject to regulatory approval by the FCA. In particular, the Regime applies to Senior Management Functions for employees performing a certification function and directors of authorised persons, including Notified NEDs.


The “Conduct Rules” included in the SM&CR set minimum standards of individual behavior in financial services, with the aim of improving individual accountability and awareness of conduct issues across firms.


The “Certification Regime” requires firms to assess the fitness and propriety of those employees that could pose a risk of significant harm to the firm or any of its customers. These individuals do not need to be approved by the FCA, however they need to comply with fit and proper conditions, certified by the firm. If the firm believe that a person is no longer fit and proper to perform the function he’s appointed with, the certification of fit and proper could be removed or future approval status might be prohibited.


Under section 59 of the Financial Services and Markets Act 2000 (FSMA), authorised firms are also  required to ensure that individuals seeking to perform one or more of the PRA–designated Senior Management Functions seek FCA approval before taking up their position.


Not getting approval before taking up the role may lead to enforcement action against the firm and/or the individual. For dual-regulated firms, the PRA leads the assessment of applications for the approval of the PRA-designated Senior Management Functions. The authorisation of an individual to carry on PRA-regulated activities will not be granted unless both the PRA and the FCA are satisfied that the applicant meets the standards laid out in FSMA. The FCA is required to give its consent to the PRA before any final decision can be made on an application.


In March 2019 the FCA published guidance to help solo-regulated firms in preparing for Statements of Responsibilities and Management Responsibilities Maps, which are mandatory under SM&R and will comes into effect on December 09, 2019.


For further information about the SMR&CR please  click here.


  1. The Ultimate Beneficial Owners Register – EU snapshot


The 4th AML EU Directive (“4AMLD”) as amended by the 5th AMLD requires that each EU Member State establish a register of beneficial owners (“RBO”), in respect of corporate and other legal entities incorporated within its jurisdiction.


In particular, under the 5MLD the RBO can now be accessed by the general public without the need for them to show a ‘legitimate interest’.


Below is an overview of the transposition of the Directive into National Laws in some Member States where Apex Group Ltd. has a presence.




In March 2019, the Luxembourg RBE Law came into force, introducing the obligation of creating a Register of Beneficial Owners. The aim was to implement new transparency measures introduced by the 4AMLD and reinforced by the 5AMLD, prevent the use of the financial system for the purposes of money laundering or terrorist financing, facilitate collaboration between national FIUs and bank supervisors regarding the exchange of information and effectively identify and address tax evasion. We put together a deep dive into the UBO requirements in Q2 this year, Click here to read more.


The obligation applies to mutual funds and all legal forms that have registered with the Luxembourg trade and companies register.


An additional administrative period of three months is granted to entities that have not yet made their declarations to the Register of Effective Beneficiaries. Registration will therefore remain free until 30 November 2019https://www.lbr.lu/mjrcsrbe/jsp/IndexActionNotSecured.action?time=1568290426562&loop=1




Part of the 4AMLD was transposed and incorporated into Irish legislation in 2016. This includes the requirement for legal entities to keep up-to-date and accurate information on UBOs in their internal registers.


The Companies Registration Office (CRO) has been appointed by the Minister for Finance as the responsible body for the establishment and maintenance of a Central Register of Beneficial Ownership. All corporate and legal entities (other than companies listed on a regulated market), including Trusts, Investment funds and Industrial and Provident Societies are required by 4AMLD to keep details of their Beneficial Ownerships on their own internal register.


The RBO has been open since 29 July 2019. All existing Irish companies have until 22 November 2019 to file information with the RBO without being in breach of their statutory duty to file. Failing to maintain and/or file a register of Beneficial Owner(s) is an offence and can result in a summary conviction, to a Class A fine, or a conviction on indictment, to a fine not exceeding €500,000.


The Netherlands


On 4 April 2019, a legislative proposal to implement the Dutch UBO register was submitted to the Dutch parliament. The UBOs are defined within the Governmental Decree, and such definition reflect the statements in the 4AMLD and 5AMLD.


The UBO register will be part of the Trade Register of the Dutch Chamber of Commerce and, as in other Member States, certain UBO information will be publicly available.


The UBO register has to be implemented by 10 January 2020. After the Act enters into force, entities will have 18 months to submit relevant UBO information to the Dutch Chamber of Commerce.


The following legal entities are required by the Dutch law to register their UBO in the UBO Register:


Private Companies with Ltd Liability BVs, Public companies NVs other than those listed on a regulated market or 100% subsidiaries of such entities, European public companies, European economic interest groupings, Cooperatives and mutual insurance associations; Associations with full legal capacity and associations with limited legal capacity to operate a business; Foundations (Stichtingen); all types of partnerships and shipping companies.


Mutual funds and trusts will also be required to register their UBO information.



Since January 2018, Maltese companies and any other commercial partnership, foundations, trust and associations are under the obligation of providing the information related to the company’s beneficial owners to the related responsible authorities (Registrar of Companies, MFSA, Registrar for Legal Persons, collectively known as “Register”).


The Regulation[4] applies to companies continued in Malta in terms of the Continuation of Companies Regulations and excludes:


  • companies listed on a regulated market :
  • companies whose shareholders are all natural persons whose details are disclosed in the public records at the register of commercial partnerships maintained by the Maltese Registry of Companies.


Since July 2019,  information in the Register is publicly accessible.


United Kingdom


Many of the UK obligations are covered by the People with Significant Control (“PSC”) registry which came into force in April 2016.


The UK has a separate register of beneficial ownership for three different types of asset:


  1. Companies
  2. Properties
  3. Land and Trusts.


The only UBO information publically available is on the PSC Register.


In August 2019, the UK’s Department for Business, Energy & Industrial Strategy performed a review on the use and usefulness of the PSC. You can read the original review here.


Crown Dependencies


On 19 June 2019 the British Crown Dependencies of Jersey, Guernsey, and the Isle of Man announced that they will provide public access to beneficial ownership registers, in order to be in line with all other European Union Member States.


The implementation will be on a phased approach, with deadline to be 2022/2023.




Jersey has legislation in place to ensure adequate, accurate and current beneficial ownership information is available for all legal entities in accordance with international standards.


Since 1989, Jersey incorporated companies have held UBO information in Jersey’s Companies Registry, hosted and maintained by the Jersey Financial Services Commission.


For all other legal entities, the beneficial ownership information is held by Trust and Company Service Providers, for which Jersey has comprehensive regulation requiring them to hold adequate, accurate and current beneficial ownership information on all clients.




The Beneficial Ownership of Legal Person (Guernsey) Law came into force in August 2017, and made the requirement of for all Guernsey companies to file  the beneficial ownership information mandatory


The Law applies to Guernsey companies, LLPs and foundations, while Listed companies, GFSC regulated funds and GFSC licensees are exempt.


Currently, the information on the register is not available to the public but can be disclosed to appropriate law enforcement, regulatory and tax authorities. The Register will become public by 2022/2023.


Isle of Man 


The Beneficial Ownership Act 2017 repeals the Companies (Beneficial Ownership) Act 2012 and places all Isle of Man corporate and legal entities under the same legislation regarding beneficial ownership.


Contrary to other Jurisdictions, the Act has introduced the obligation for every legal entity to appoint a “nominated officer” who will receive all the information around Beneficial Ownership and will be in charge of recording these into the Isle of Man Database of Beneficial Ownership.


The Register will become public by 2022/2023 through a 3 year, phased approach.


If you have any questions or queries regarding any of the above mentioned regulations please Click Here to contact us.


[1] Source: https://www.cima.ky


[2] (AIR-157-75 AML/CFT Inherent Risk – Securities and ARC-158-75 AML/CFT Risk Controls – Securities)


[3] Amongst those, a single family office, a foreign company carrying on securities investment business outside the Cayman Islands


[4] Subsidiary Legislation 386.19 – Legal Notice 374 of 2017, as amended by Legal Notice 184 of 2018 and 158 of 2019 “Companies Act (Register of Beneficial Owners) Regulation


Share on facebook
Share on twitter
Share on linkedin

Get in touch with our team

Submit your query

Cookie control
This website uses cookies so that we can make your experience better. If you wish to change your cookie settings please refer to our Privacy Policy. Otherwise we will assume you’re OK to continue. Privacy Policy