Compliance programmes

Programme requirements

What requirements exist concerning the nature and content of compliance and supervisory programmes for each type of regulated entity?

The MAS Risk Management Guidelines detail the nature and content of compliance and supervisory programmes expected of financial services firms. The Guidelines do not have the force of law, but will be taken into account by the MAS in its supervision of financial services firms generally. These include the following:

  • The Guidelines on Risk Management Practices - Board and Senior Management highlight the corporate governance roles of the board of directors and senior management pertaining to risk management.
  • The Guidelines on Risk Management Practices - Internal Controls provide guidance on sound and prudent policies and procedures on the safety, effectiveness and efficiency of the firm’s operations, the reliability of financial and managerial reporting, and compliance with regulatory requirements.
  • The Guidelines on Risk Management Practices - Credit Risk articulate the broad principles that should be embedded in a risk management framework covering strategy, organisational structure, policy, and credit control processes for origination, monitoring and administration of credit transactions and portfolios.
  • The Guidelines on Risk Management Practices - Market Risk provide guidance on the sound management of risk resulting from movements in market prices, in particular, changes in interest rates, foreign exchange rates, credit spreads, and equity and commodity prices.
  • The Guidelines on Risk Management Practices - Liquidity Risk provide guidance on sound management of risk of a financial services firm being unable to meet its financial obligations as they fall due without incurring unacceptable costs or losses through fund raising and assets liquidation.
  • The Technology Risk Management Guidelines set out risk management principles and best practice standards to guide financial services firms in establishing a sound and robust technology risk management framework, strengthening system security, reliability, resiliency and recoverability, and deploying strong authentication to protect customer data, transactions and systems.
  • The Guidelines on Risk Management Practices - Business Continuity Management provide guidance on sound principles to minimise the impact to businesses due to operational disruptions and serve as standards that financial services firms are encouraged to adopt.
  • The Guidelines on Outsourcing set out the MAS’s expectations of a financial services firm that has entered into any outsourcing arrangement or is planning to outsource its business activities to a service provider. Firms are expected to conduct a self-assessment of their outsourcing arrangements against these Guidelines.

In addition, the following regulations on corporate governance, which have the force of law, apply to banks incorporated in Singapore and approved exchanges, approved clearing houses and approved holding companies respectively:

  • Banking (Corporate Governance) Regulations 2005; and
  • Securities and Futures (Corporate Governance of Approved Exchanges, Approved Clearing Houses and Approved Holding Companies) Regulations 2005.

In November 2018, the BA was amended to specifically allow the MAS to issue regulations relating to the risk management of banks. In February 2017, the MAS published a consultation paper on proposed amendments to the Banking Regulations and the Banking (Corporate Governance) Regulations in relation to these regulations. At the time of writing, the MAS has not issued these regulations.

Gatekeepers

How important are gatekeepers in the regulatory structure?

Compliance function

The MAS Guidelines on Risk Management Practices - Internal Controls provide that the compliance function is expected to assist senior management in managing effectively the compliance risks faced by the financial services firm. Compliance officers are expected to report to the board on matters such as:

  • an assessment of the key compliance risks the firm faces and the steps being taken to address them;
  • an assessment of how the various units in the firm are performing against compliance standards and goals;
  • compliance issues involving persons in positions of major responsibility within the firm and the status of any actions being taken; and
  • material compliance violations involving any person or unit of the firm and the status of any actions being taken.

Compliance officers are expected to address compliance shortcomings and violations, including ensuring that adequate disciplinary actions are taken where appropriate and requisite reports are promptly made to the firm’s supervisor or other authorities.

They are also expected to provide advice and training on regulatory requirements and standards of professional conduct to staff, conduct periodic reviews to assess compliance with policies, procedures and regulatory requirements, and facilitate a whistle-blowing process.

The head of compliance is expected to promptly inform the chair of the board directly in the event of any major non-compliance by a member of management or material non-compliance by the firm with an external obligation if he or she believes that senior management or other persons in authority at the firm are not taking the necessary corrective actions and a delay would be detrimental to the firm or its stakeholders.

Audit function

Under the MAS Guidelines on Risk Management Practices - Internal Controls, internal auditors are expected to have appropriate independence from reporting lines to the firm’s board or to an audit committee of the board. They should have sufficient stature within the firm to ensure that senior management reacts to and acts on their recommendations. Internal auditors are expected to, among other things:

  • be empowered to initiate a review of any area or any function consistent with their terms of reference;
  • employ a methodology that identifies the material risks run by the firm;
  • prepare an audit plan that is reviewed regularly based on their own risk assessment and allocate audit resources accordingly;
  • ensure that policies and processes are complied with; and
  • check for proper and adequate segregation of duties and reporting lines for front office and risk management personnel, and whether there is adequate oversight by competent managers.
Directors' duties and liability

What are the duties of directors, and what standard of care applies to the boards of directors of financial services firms?

All directors on the board of Singapore-incorporated companies are subject to directors’ duties under Singapore law. Sources of directors’ duties arise from statute (the Companies Act (Cap. 50) (CA)) and from common law. These duties overlap substantially, and generally include:

  • the duty to act honestly and use reasonable diligence;
  • the duty to act in the interests of the company;
  • the duty to avoid conflicts of interest;
  • the duty to act for proper purposes;
  • the duty to disclose potential conflict; and
  • the duty not to make improper use of information acquired by virtue of their position as ‘an officer or agent’ of the company to gain a personal advantage or advantage for any other person or cause detriment to the company.

Under the common law, directors are regarded as fiduciaries and therefore owe fiduciary duties to the firms.

A director is required to exercise the same degree of care and diligence as a reasonable director found in his position. This standard depends on factors such as the individual’s role in the firm, the type of decision being made, and the size and the business of the firm.

When are directors typically held individually accountable for the activities of financial services firms?

Under certain statutes, directors may be held individually accountable for contraventions of financial services firms. Examples include the following:

  • where the financial services firm had contravened the market misconduct provisions with the consent or connivance of the director or as a result of any neglect on the part of the director; and
  • where the director failed to take all reasonable steps to secure compliance by the financial services firm of the relevant statutory provisions.

In April 2018, the MAS published a consultation paper on proposed guidelines on individual accountability and conduct, which provide guidance on, among other things, the MAS’s expectations of directors of financial services firms. The proposed guidelines are intended to supplement the existing regulatory framework, focusing particularly on the measures that financial services firms should put in place to promote ethical behaviour and responsible risk-taking, and strengthen the accountability of senior managers for the actions of their staff and the conduct of the business under their purview. At the time of writing, the proposed guidelines have not been issued by the MAS.

Private rights of action

Do private rights of action apply to violations of national financial services authority rules and regulations?

Yes, in relation to certain violations. In particular, the SFA creates an express right of civil action against persons who contravene any of the market misconduct provisions in the SFA, if they had gained a profit or avoided a loss as a result of the breach. The contravening person shall be liable to pay compensation to a claimant who had suffered loss arising from the contravention.

A claimant may also potentially sue for breach of statutory duty. Generally, to establish a cause of action, the plaintiff must show that:

  • the defendant is under a statutory duty;
  • the defendant has breached that statutory duty;
  • the breach caused the damage suffered by the plaintiff; and
  • the damage is within the scope of protection of the statute.

However, the scope and application of the tort of breach of statutory duty has been regarded as uncertain and severely restricted by the courts. The primary reason for this is because, for the tort to be established, the court must be satisfied that the legislature had intended to create an entitlement to damages at common law for a breach of the statutory provision. As a result, the courts have generally shown a tendency to refuse claims brought for breach of statutory duty.

Standard of care for customers

What is the standard of care that applies to each type of financial services firm and authorised person when dealing with retail customers?

The standard is that of reasonable care (Deutsche Bank v Chang Tse Wen [2013] 4 SLR 886 at [72]). Generally, this is a common-sense inquiry: ‘whether the reasonably prudent banker, faced with the same circumstances, would regard the course of action taken on the facts justifiable’ (Yogambikai Nagarajah v Indian Overseas Bank and another appeal [1996] 2 SLR(R) 774 at [62]).

Does the standard of care differ based on the sophistication of the customer or counterparty?

Yes. In Go Dante Yap v Bank Austria Creditanstalt AG [2011] 4 SLR 559 at [46]-[48], the Court of Appeal held that the standard of care was informed by, among other factors, the experience and sophistication of the customer. As the customer in the case was someone who was commercially savvy and had sufficient knowledge of investment principles to understand the types of risks involved, this lowered the standard of care to be expected of the bank as it would have been entitled to assume that the customer could rely on his own judgment and sources of information, without requiring constant updates and advice.

In addition, it is unclear whether the court’s view of non-reliance or exclusion clauses, which are often relied on by banks to negate their duty of care, may vary based on the sophistication of the customer. There is commentary in case law that suggests that as against unsophisticated investors, such clauses may not guarantee that a bank will not be liable. The Court of Appeal in Als Memasa and another v UBS AG [2012] 4 SLR 992 commented that it may be desirable for courts to reconsider whether financial services firms should be accorded full immunity for ‘misconduct’ by relying on non-reliance clauses as against unsophisticated investors. The position is clearer, however, with regard to sophisticated investors, where the courts have held that exclusion or non-reliance clauses may be relied upon by financial services firms against a claim by the customer for breach of representations or duties (Orient Centre Investments and another v Société Générale [2007] 3 SLR(R) 566, Tradewaves Ltd v Standard Chartered Bank [2017] SGHC 93 at [128]).

Rule making

How are rules that affect the financial services industry adopted? Is there a consultation process?

The MAS typically engages in a public consultation process and invites responses from the public or industry members. There may be multiple rounds of consultation and responses before the proposed rules are finally passed by the Singapore Parliament and come into force.