CRS and economic substance developments in the new compliance culture

By Chris Capewell; Tim Dawson; Duwayne Lawrence; Nikki Wood, Maples Group

Published: 20 September 2022

A current trend in global regulation is to ensure not only implementation of rules created by supra-national bodies, but also of their application. By way of example, the Financial Action Task Force (FATF) or the relevant FATF-style regional bodies assess countries AML regimes globally on an ongoing basis, examining such regimes for both ‘technical compliance’ (i.e. whether the FATF recommendations have been implemented in local law) and ‘effectiveness’ (i.e. whether such local laws are being applied and enforced). 

The Cayman Islands is recognised by the FATF as compliant or largely compliant with all 40 FATF technical compliance recommendations. Efforts to demonstrate effectiveness of the anti-money laundering regime in enforcing anti-money laundering, counter terrorist and proliferation financing requirements have been positively noted by the FATF. In the context of the FATF review of the Cayman Islands, the jurisdiction has recently seen increased enforcement measures relating to a number of its regulatory laws including the Tax Information Authority (International Tax Compliance) (Common Reporting Standard) Regulations  (As Revised) (the CRS Regulations) and the International Tax Co-operation (Economic Substance) Act (As Revised) (the ES Act).

CRS enforcement

Since implementation of the CRS Regulations on 1 January 2016, the Cayman Islands Tax Information Authority (the TIA) has obtained specified financial account information from Cayman Islands Financial Institutions (FIs) and automatically exchanged that information with over 100 CRS reportable jurisdictions on an annual basis. Among other businesses, all Cayman Islands investment funds fall within the definition of an FI and are required to comply with the CRS Regulations.

The TIA has recently issued enforcement guidelines which build upon the administrative penalty provisions in the CRS Regulations and the CRS guidelines published by the TIA.

What do you need to know?

The enforcement guidelines set out the TIA’s procedure for investigating breaches of the CRS Regulations.  Firstly, a notice (or warning) of a breach is communicated to the principal point of contact (PPOC), the authorised person (AP) or the registered office of a Cayman Islands FI. The notice details the reason the TIA believes a breach of the CRS Regulations has occurred and the proposed penalty to be imposed including the requirements to remedy the breach. The enforcement guidelines include a table of indicative administrative penalties for given breaches. For example, the indicative penalty for failure to register as a FI by the relevant deadline is approximately US$45,000. Failure to establish and maintain written policies and procedures could lead to a fine equivalent to approximately US$9,000. 

The recipient of the breach notice has 60 days to make written representations in response to the notice.  If the TIA nevertheless decides to proceed to impose either the same or a lower penalty, a penalty notice is sent to the PPOC, the AP or the registered office. The recipient has only 60 days to appeal to the Cayman Islands Grand Court against the decision to impose the penalty, its amount or both.

The TIA has already sent breach notices to various entities. Reasons for these include where the TIA believes an entity has not separately registered with the Department of International Tax Cooperation (the DITC) on its online Portal (the AEOI Portal) when the TIA believes it should have done so, or where an entity has failed to respond to an information request.   We expect more activity in this area over the coming months. 

What do you need to do?

Entities should ensure:

  • CRS (and FATCA) classifications are correct (especially if the entity has a US Global Intermediary Identification Number or is registered on Cayman Islands Monetary Authority’s (CIMA) website but does not have an FI number), and the entity has registered on the  AEOI Portal where applicable; 
  • The DITC can contact the PPOC by email (add [email protected] to your safe senders list.); 
  • CRS written policies and procedures are in place and being implemented; 
  • Reliable and complete account holder / investor self-certifications have been received at the time of on-boarding; 
  • Changes in the circumstances of account holders are monitored;  
  • CRS reporting is accurate and completed in a timely manner; and
  • CRS compliance forms are submitted accurately and in a timely manner. 

As the TIA increases their enforcement activities and continue to impose significant penalties for non-compliance, whether or not intentional, it is worth considering if your knowledge of the requirements and implementation of your policies and procedures are robust enough to withstand scrutiny. If in doubt it may be worth considering outsourcing of certain functions to service providers with expertise in this area. Although it is not possible to outsource ultimate responsibility for an entity’s compliance, you will be able to rest easier if you engage an expert assist to you with the bulk of your CRS compliance obligations. 

Economic substance developments

The TIA is also responsible for monitoring compliance with the ES Act. The ES Act is responsive to global OECD Base Erosion and Profit Shifting (BEPS) standards regarding geographically mobile activities.  Very broadly, ‘relevant entities’ carrying on ‘relevant activities’ are required to satisfy certain economic substance (ES) tests.  Requirements of this type have been implemented on a level playing field basis by all OECD-compliant ‘no or only nominal tax’ jurisdictions.

In June 2022, the TIA published ES enforcement guidelines. The ES enforcement guidelines provide industry with a degree of certainty with respect to the TIA’s approach to enforcement action under the ES regime. 

Apart from ensuring effective implementation, enforcement action assists in demonstrating to the international community, in particular, the OECD, that the ES regime in the Cayman Islands is achieving its objectives. 

What do you need to know?

Unlike enforcement under CRS, the ES enforcement process does not include a ‘breach notice’ step, allowing for representations to be made to the TIA. Instead, a ‘penalty notice’ may be issued. The relevant entity may appeal the penalty to the Grand Court within 30 days after a penalty notice has been issued in relation to a missed reporting, and within 28 days after a penalty notice has been issued in respect of a failure to satisfy the ES test. These are extremely short periods in which to prepare and lodge an appeal to court.

The ES enforcement guidelines provide a set of principles, which are intended to guide the TIA in its exercise of discretion when deciding whether ES requirements have been met, and if not, in determining the penalty to be imposed. Adherence to these principles is expected to produce consistency of enforcement while delivering fair results. 

Administrative penalties may be imposed for (i) missed reporting by an entity that is required to satisfy the ES test (this includes continuing daily fines) (ii) failure of the ES test in Year 1, and (iii) failure of the ES test in a subsequent financial year. Importantly, the ES enforcement guidelines provide ‘baseline penalties’, and the TIA may issue different penalty amounts (within the maximum penalties allowed by the ES Act) to fit the circumstances of each case.

If it comes to the TIA’s attention that an entity has misclassified itself, and the deadline for the entity to submit its ES return has passed, the TIA will consider the entity to have missed its reporting requirements under the ES Act and issue a penalty notice to the entity. The entity will then have 30 days from the date of the notice to submit an ES return to the DITC Portal.

If the entity fails to submit an ES return within the deadline, the entity will be deemed to have failed the ES test and will be assessed the maximum applicable penalty under the ES Act.

Where the TIA has determined that there has been a breach, a penalty notice will be issued to the entity’s Responsible Person (RP). Where there is a missed reporting, the penalty notice will set out certain prescribed information.

What do you need to do?

Entities should ensure:

  • ES classifications are correct;
  • ES returns have been filed accurately and on time; and
  • The contact details of their RP are up-to-date (add [email protected] to your safe senders list).


Since the publication of the enforcement guidelines in March 2022, the TIA has initiated enforcement action under both the CRS and ES regimes. In this regard, we have recently seen notices in respect of CRS and letters of enquiry for ES purposes from the TIA. The guidelines aim to ensure procedural fairness, and should bring greater certainty to the TIA’s enforcement processes. This should provide some comfort to entities which are subject to enforcement action. However, entities will reap much greater rewards from being proactive in ensuring compliance with the relevant CRS and ES requirements. To the extent possible, entities should focus efforts on ensuring there is no need for enforcement action to be taken against them in the first place. Understanding their CRS and ES obligations, and putting in place sufficient resources and efficient systems to comply with CRS and ES requirements are good places to start.