Sign up for tax alert emails    GTNU homepage    Tax newsroom    Email document    Print document    Download document

May 3, 2022

Cayman Islands’ new enforcement guidelines detail circumstances under which financial institutions could face penalties for failing to comply with Common Reporting Standard

Executive summary

In Enforcement Guidelines (Guidelines) released 31 March 2022, the Cayman Islands' Department for International Tax Cooperation (DITC) outlined the circumstances under which financial institutions could face penalties for failing to comply with the Common Reporting Standard (CRS). The DITC also discussed the process by which financial institutions would be notified of penalties, and the notice and appeals process by which they may contest penalty imposition.

Detailed discussion


The DITC is a department in the Ministry of Financial Services and Commerce that administers the Cayman Islands' international cooperation in tax matters, including monitoring financial institutions' compliance with the Tax Information Authority Act (2021 Revision) (TIA Act) and the Tax Information (International Tax Compliance) (CRS) Regulations (2021 Revision). Under Regulation 24 of the CRS Regulations, the DITC may impose monetary penalties of up to $50,000 on financial institutions and their directors, managers and general partners. The CRS regulations do not, however, specify the circumstances under which penalties will apply or address how a financial institution would contest a penalty.


The Guidelines provide a non-exhaustive list of circumstances under which the penalties may apply. Penalties may generally be imposed for:

  • Failing to establish and maintain policies and procedures

  • Failing to register on the DITC portal by the notification deadline

  • Filing a CRS return based on a self-certification provided by a person not authorized to sign on behalf of the account holder

  • Failing to submit a CRS return (or nil return for financial institutions with no reportable account holders)

For a complete list of the penalties, organized by type, see pages 6 to 8 in the Guidelines.

To determine if a penalty is appropriate, the DITC may investigate. Under the Guidelines, these investigations may consist of a compliance questionnaire, desk audit or information notice. In other circumstances, such as failure to file, an investigation may not be required.

These investigations supplement the Cayman CRS Compliance Form, which must be completed annually by 15 September. The Cayman CRS Compliance Form requests confirmation that, among other things, the Cayman financial institution has registered with the DITC, maintains written policies and procedures, and has collected self-certification forms.

The Guidelines briefly address criminal provisions that could apply under the Tax Information Authority Regulations. If a criminal offense has allegedly occurred, the case will be referred to the Office of the Director of Public Prosecutions, which will determine whether the available evidence merits criminal prosecution.

Accordingly, financial institutions in the Cayman Islands should review their procedures, processes and controls to mitigate the risk of penalties.

Financial institutions should consider the following actions as part of their Cayman Islands compliance:

  • Review legal entities at least annually to ensure timely classification and registration of entities via the DITC portal

  • Maintain written policies and procedures and review those procedures annually to confirm they represent the current process

  • Review processes and controls for obtaining and validating self-certifications

  • Review current processes for collecting, digitizing and storing self-certification forms so that information is properly reflected on filings

  • Review data-retention policies to confirm information, such as data collected on self-certification forms and transaction information, is maintained for six years

Because a false representation on the Cayman CRS Compliance Form could result in sanctions, the person signing the form should confirm that adequate records support the filing, to avoid the application of multiple penalties.


A Breach Notice will be issued before a Penalty Notice. The affected party has until the deadline set in that Breach Notice (a minimum of 60 days) to ask the DITC not to impose a penalty. Among other things, the Breach Notice will provide the factual basis for the proposed penalty, the proposed penalty amount and the deadline for responding. The Breach Notice may also contain the steps required to remedy the breach. For multiple violations of the CRS Regulations, a single Breach Notice may include each Primary Penalty. If the breach has been remedied before the DITC issues a Breach Notice, the subsequent notice will note the remedy.

In considering whether to issue a Penalty Notice, the DITC will consider the seriousness of the breach, whether the breach was intentional or negligent, the actions taken to remedy the breach once the affected party was aware of the breach, and that party's history of compliance. If the DITC determines that a penalty should apply, a Penalty Notice will be sent. Under the Guidelines, the DITC may impose a Primary Penalty (or initial penalty), whose amount will depend on the type of offense (see the Guidelines for details). A Continuing Penalty of up to $100 per day will also apply if the offense is not remediated as specified in the Breach Notice.

The Guidelines are designed to enhance compliance rather than generate revenue. Accordingly, the Guidelines suggest that the DITC will take all facts and circumstances into account, as well as a history of compliance, when reviewing penalty abatement requests. EY anticipates that a "written representation" responsive to the Breach Notice will be the most effective method of securing full or partial penalty relief.

The DITC has yet to comment on when the notification process will begin, other than to say the Guidelines are effective immediately. Until the DITC clarifies this issue, financial institutions should verify that they are complying with the Guidelines to avoid triggering penalties. They should also verify that the Authorizing Person and Principal Point of Contact (PPOC) they have provided is correct. The PPOC is the only person authorized to represent the relevant entity. Thought the PPOC provided may be an institutional email, the regulations do not clarify who is authorized to respond to DITC notices when an institutional email is listed.

Appeals (abatement request)

The Guidelines include a brief discussion of the Appeals process. Any recipient of a Penalty Notice may appeal to a court the decision to impose the penalty, its amount, or both. The appeal must be made within 60 days after the recipient received the Penalty Notice, or any later period the court allows.

If a penalty is appealed, the DITC cannot, without the court's leave, enforce the penalty or levy interest until the appeal is decided. The court may affirm, dismiss, or vary the penalty imposition/decision, or may set the original penalty imposition aside and remit the matter to the DITC for reconsideration based on the court's directions.

With no history of appeals to review, it is unclear whether the DITC and the Cayman Courts will follow an appeals process similar to that used by the United States Internal Revenue Service, with relief routinely granted for reasonable cause, de minimis errors and/or filings made only a day or two late. Moreover, costs could prove prohibitive if an appeal is required, given the need to retain Cayman counsel. Until the standard outcome of penalty notification and appeals processes can be reviewed, or the DITC issues further comment, financial institutions' best option is to comply fully so they can avoid the penalty notification and appeals process, especially given the scale of the penalties that may be imposed.


For additional information with respect to this Alert, please contact the following:

Ernst & Young LLP (United States), Financial Services Organization


The information contained herein is general in nature and is not intended, and should not be construed, as legal, accounting or tax advice or opinion provided by Ernst & Young LLP to the reader. The reader also is cautioned that this material may not be applicable to, or suitable for, the reader's specific circumstances or needs, and may require consideration of non-tax and other tax factors if any action is to be contemplated. The reader should contact his or her Ernst & Young LLP or other tax professional prior to taking any action based upon this information. Ernst & Young LLP assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect the information contained herein.


Copyright © 2024, Ernst & Young LLP.


All rights reserved. No part of this document may be reproduced, retransmitted or otherwise redistributed in any form or by any means, electronic or mechanical, including by photocopying, facsimile transmission, recording, rekeying, or using any information storage and retrieval system, without written permission from Ernst & Young LLP.


Any U.S. tax advice contained herein was not intended or written to be used, and cannot be used, by the recipient for the purpose of avoiding penalties that may be imposed under the Internal Revenue Code or applicable state or local tax law provisions.


"EY" refers to the global organisation, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.


Privacy  |  Cookies  |  BCR  |  Legal  |  Global Code of Conduct Opt out of all email from EY Global Limited.


Cookie Settings

This site uses cookies to provide you with a personalized browsing experience and allows us to understand more about you. More information on the cookies we use can be found here. By clicking 'Yes, I accept' you agree and consent to our use of cookies. More information on what these cookies are and how we use them, including how you can manage them, is outlined in our Privacy Notice. Please note that your decision to decline the use of cookies is limited to this site only, and not in relation to other EY sites or Please refer to the privacy notice/policy on these sites for more information.

Yes, I accept         Find out more