CIMA Rules and Guidance for Corporate Governance for Regulated Entities

The Cayman Islands Monetary Authority’s (CIMA’s) Rule on Corporate Governance for Regulated Entities (Rule) and Statement of Guidance on Internal Controls for Regulated Entities (Guidance) comes into effect on 14 October 2023. The Rule and Guidance will replace the existing corporate governance regulatory measures.


CIMA reviewed the corporate governance supervisory and regulatory framework to identify and implement areas for enhancement based on the following:

  • Lack of supervisory enforceability of corporate governance statements of guidance.
  • Inconsistent application of binding corporate governance rules across regulated sectors.
  • Scope of applicability of the current corporate governance measures not extending to all regulated entities.
  • Alignment with international corporate governance principles and standards.

Following the review,  CIMA released the new Rule and Guidance applicable to all entities regulated by CIMA, as well as sector specific guidance on CIMA’s minimum expectations for the sound and prudent governance of regulated entities.


Which regulated entities does the Rule apply to?

The Rule applies to the following entities that are regulated by CIMA: banks, trust companies, company management, insurance companies, mutual funds, private funds, money services businesses, credit unions and building societies (each a Regulated Entity).

What is the objective of the Rule and the Guidance?

Under the Rule, the governing body of a Regulated Entity (ie the board of directors, general partner or managing members (the Governing Body)) must establish, implement and maintain a corporate governance framework in respect of the Regulated Entity. Such framework must ensure diligent management oversight so as to protect the interests of all members of the Regulated Entity.  

What governance measures must be in place under the Rule?

Corporate Governance Manual: Each Regulated Entity must prepare and adhere to a Corporate Governance Manual, which should establish the corporate culture, business objectives and business strategy of such Regulated Entity and explain how the business objectives and strategy will be achieved in line with its long term goals.

The framework should correspond to the Regulated Entity’s size, complexity, structure, nature of business and risk profile of its operations and should also address:

  1. Objectives and strategies of the Regulated Entity
  2. Structure and governance of the Governing Body
  3. Appropriate allocation of oversight and management responsibilities
  4. Independence and objectivity
  5. Collective duties of the Governing Body
  6. Duties of individual directors of the Governing Body
  7. Appointments and delegation of functions and responsibilities
  8. Risk management and internal control systems
  9. Conflicts of interest and code of conduct
  10. Remuneration policy and practices
  11. Reliable and transparent financial reporting
  12. Transparency of communications
  13. Duties of senior management
  14. Relations with CIMA

Communication of Corporate Governance Manual: The Corporate Governance Manual should be communicated to senior management and persons responsible for Control Functions (ie the Governing Body).

Skills of Governing Body: The operators must constitute an appropriate number of individuals with expertise and skill to be competent to operate the Regulated Entity.

Internal Governance and Procedures: Internal governance and procedures should be documented to support efficient and independent decision making by the Governing Body, such as policies on managing conflicts of interest.

The areas that the governance procedures must cover are as follows:

  • Independence criteria
  • Complaints procedure
  • Code of conduct
  • Remuneration policy
  • Outsourcing
  • Documentation
  • Appointment & Termination Procedures
  • Minimum Time Commitment

Compliance Committee: The Governing Body must appoint a compliance committee or individual with the duty to report directly to the Governing Body on all compliance matters. The nature and complexity of the business of the Regulated Entity should be taken into consideration when determining whether the role can be undertaken by a committee or an individual.

Considering the complexity, size, nature of business and risk profile of mutual and private funds, this obligation may be satisfied by the Governing Body receiving a report, at least annually, directly from the anti-money laundering compliance officer, or another legal professional.

Audit Committee: The Governing Body must appoint an audit committee to be responsible for:

  • The financial reporting process and oversight of the Regulated  Entity’s internal and external auditors
  • Recommending to the Governing Body the approval, appointment, compensation and dismissal of auditors
  • Reviewing and approving the audit scope and frequency
  • Receiving key audit reports and ensuring that senior management take appropriate action to correct any issues highlighted by the auditors

What are the ongoing obligations of the Governing Body?

Management Structure: The governance structure of a Regulated Entity must be appropriate and suitable for effective oversight of the Regulated  Entity, taking into account the size, complexity, structure, nature of business and risk profile of the operations of the Regulated Entity. For regulated mutual or private funds, the Governing Body should take into account the assets under management and number of investors.

Communication with CIMA: The Governing Body has various obligations to communicate with CIMA, in relation to any substantive issues which would materially affect the Regulated Entity. For example, any matter which could materially and adversely affect the financial soundness of the Regulated Entity and any non-compliance with applicable laws and regulatory measures should be communicated to CIMA. The Regulated Entity is also required to respond promptly to any requests received from CIMA.

Oversight:  Despite any outsourcing to service providers (Service Providers), ultimate responsibility for overseeing and supervising the activities of the Regulated Entity remains with the Governing Body of such Regulated Entity.

Communication with Investors: For mutual or private funds, material changes should be communicated to investors.

Oversight:  Despite any outsourcing to service providers (Service Providers), ultimate responsibility for overseeing and supervising the activities of the Regulated Entity remains with the Governing Body of such Regulated Entity.

Annual obligations: At least once per year, the Governing Body should:

  1. conduct and document in formal minutes a meeting of the Governing Body
  2. disclose conflicts of interest in a meeting
  3. review the strategic objectives and policies of the Regulated Entity and either amend or re-adopt them as appropriate
  4. evaluate the progress made towards achieving the strategic objectives
  5. review the collective skill set of the Governing Body and determine if any training or outsourcing is required
  6. self-assess the performance of the Governing Body members and document and remedy any gaps identified
  7. review the risk assessment and risk management systems to ensure that all significant risks are being adequately measured, monitored and mitigated
  8. review the internal controls of the entity, ensuring they are operating effectively and that any deficiencies are adequately addressed
  9. review the remuneration policy, and
  10. confirm to the non-executive directors the minimum time commitment expected on an annual basis at the beginning of the Regulated Entity’s financial year.

It will be necessary for the Governing Body of every Regulated Entity to review the corporate governance framework of the Regulated Entity they operate and to ensure that they are familiar with and understand their obligations under, and implement practices that meet or exceed the requirements of, the Guidance – as well as all applicable provisions of the Rules prior to 14 October 2023 being the effective date. 

It should be noted that any breach of the Rule may lead to the imposition of a fine or a regulatory action being taken against a Regulated Entity pursuant to the exercise of CIMA’s powers under the relevant regulatory acts. 

Marbury can advise you on the practical steps required to ensure that there is an appropriate governance framework in place for your Regulated Entit(ies) that will meet the requirements of the Rules and the Guidance.

Contact your usual Marbury advisor or to discuss your particular situation with regards to new CIMA corporate governance requirements.