The Cayman Islands Monetary Authority has maintained an active regulatory posture through 2025, issuing updated guidance across multiple supervised sectors and tightening expectations for corporate service providers. For CSPs with significant Cayman entity portfolios, several changes require immediate operational attention. This article covers the most material developments and their practical implications.
CIMA's Revised AML/CFT Guidance Notes
CIMA's updated AML/CFT Guidance Notes — issued in Q1 2025 — represent the most significant compliance update for Cayman-serving CSPs since the 2022 revisions. The updated notes align the Cayman framework more closely with FATF's revised Recommendations and address specific weaknesses identified in the 2019 CFATF mutual evaluation.
Key changes from the perspective of CSPs:
- Enhanced beneficial ownership verification standards: The updated notes require independent verification of BO information for all medium-and-above-risk clients. Self-certification alone is no longer sufficient for clients in this risk tier. Documentary verification — through certified copies, third-party verification services, or review of company registry information where available — is now required.
- Source of funds documentation threshold lowered: The threshold above which source of funds must be formally documented and placed on file has been reduced. CSPs should review their existing client files to identify relationships where documentation should be upgraded to meet the new standard.
- CDD refresh frequency for high-risk clients: The notes now specify that high-risk client CDD should be refreshed at least annually, with enhanced CDD elements reviewed and confirmed current at each annual review cycle. For CSPs with large high-risk populations, this significantly increases the volume of annual review work.
- Correspondent relationship obligations: Where a CSP sources clients through intermediary introducers, the notes place additional obligations on the CSP to conduct periodic review of the introducer's AML controls, rather than relying purely on the initial onboarding due diligence on the introducer relationship.
"CIMA's 2025 notes signal a clear shift toward outcomes-based supervision. The question regulators are asking is not 'do you have a policy?' but 'can you show that your policy is actually followed, client by client, and that the documentation proves it?' That requires systematic processes, not good intentions."
— Cayman-based compliance consultant, 2025
VASP Regime: CSP Implications for Digital Asset Clients
Cayman's Virtual Asset Service Providers Act came into force in 2020, but the practical implications for CSPs have crystallised through enforcement activity and supplementary guidance in 2025. CSPs providing registered agent or director services to VASP-licensed entities now face specific obligations that go beyond standard CDD.
The key CSP-specific VASP obligations:
- Before accepting a VASP-licensed entity as a client, CSPs must obtain and review the entity's current CIMA licence, AML compliance programme documentation, and most recent regulatory examination findings where available.
- Annual confirmation of VASP clients' licence status and compliance programme currency must be documented and placed on file.
- Where a CSP provides director services to a VASP, the director must be able to demonstrate familiarity with the VASP regulatory framework applicable to that entity — generic director service without sector knowledge is no longer acceptable.
- Material changes in a VASP client's business model, licence scope, or AML programme must trigger a CDD review, not just annual cycle review.
For CSPs with a growing digital asset client base, this creates meaningful additional compliance overhead per VASP client. The economics of director-service and registered agent relationships with VASPs need to be repriced to reflect these obligations.
Economic Substance: 2025 Filing Window Changes
Cayman's Economic Substance Act continues to evolve in its practical implementation. The 2025 compliance year brought two changes that CSPs must communicate clearly to affected clients.
Revised filing deadlines: For entities with December 31 year-ends (the majority of Cayman structures), the ES return filing window now opens earlier — enabling filing from March 1 rather than April 1 as in prior years. The deadline remains June 30 for most entity types. CSPs should update their compliance calendar accordingly and consider whether earlier filing makes sense for their workflows.
Pure equity holding company clarification: CIMA issued clarification in Q2 2025 confirming that PEHC status applies only where the entity's assets consist solely of equity participations in other entities. Any entity holding debt instruments, bank accounts beyond operational minimums, or IP rights alongside equity participations does not qualify for the reduced PEHC standard and must satisfy full economic substance requirements for its relevant activity category. Several entities had been incorrectly classified as PEHCs and require remediation.
Companies Act Amendments: Register of Directors and Officers
Amendments to the Cayman Companies Act taking effect in mid-2025 introduced new requirements for maintaining and updating the register of directors and officers. The key changes:
- The timeframe for updating the register following a director change has been reduced from 60 days to 30 days. CSPs providing corporate secretarial services must ensure their document and workflow systems prompt timely register updates on every board change.
- The register must now include the service address (or residential address if no service address) for each director and officer. Entities relying on registered office address for all directors need to review and update their records.
- Enhanced information requirements for corporate directors — the registration details of the corporate entity serving as director must be included in the register, not just the corporate entity's name.
These changes require a data audit across your Cayman entity portfolio to confirm register currency and completeness. Entities with outdated or incomplete registers face potential penalties and, more importantly, potential issues in any regulatory examination or transaction due diligence process.
CIMA Enforcement Activity and Supervisory Trends
CIMA's enforcement activity in 2024–2025 provides useful intelligence on supervisory priorities. Published enforcement actions and industry communication indicate elevated focus on:
CDD documentation quality: The most common deficiency identified in CIMA examinations of CSP licensees relates to incomplete or outdated client due diligence files. Files missing source of funds documentation, outdated KYC for high-risk clients, and missing verification evidence for BO claims are all frequent findings.
Record-keeping systems: CIMA examiners are increasingly asking to see that policies are operationalised — that the compliance calendar system actually generates tasks, that KYC expiry alerts actually trigger reviews, and that approval workflows for high-risk client acceptance actually create documented approval records. Firms with paper-based or spreadsheet-based compliance management systems struggle to demonstrate this operationalisation.
Senior management oversight: The board or senior management of CIMA-licensed CSPs is expected to receive regular management information on compliance status — not just to be informed of problems, but to actively oversee the compliance function through structured reporting. Examiners are reviewing board minutes and compliance reports as part of their assessment.
Planning for 2026: Upcoming Cayman Regulatory Developments
Looking ahead, two regulatory developments are anticipated for the Cayman Islands in 2026 and should be in CSPs' planning horizon now.
First, Cayman is expected to introduce a publicly accessible beneficial ownership register for corporate entities — following Jersey's 2026 public access reforms and broader global momentum toward BO transparency. While the implementation timeline remains to be confirmed, CSPs should prepare clients for the possibility and ensure BO data is current and verifiable.
Second, CIMA is consulting on revised guidance for corporate governance standards applicable to CIMA-licensed entities, including CSP licensees themselves. The anticipated guidance will tighten expectations around board composition, conflict of interest management, and compliance function independence. Firms with informal governance arrangements should begin formalising their structures in advance.