Various steps have been taken recently to enhance the Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) regime in Singapore; in particular, in relation to the financial sector. Financial institutions (FIs) had until 24 July 2015 to comply with certain enhanced AML rules, and are required to conduct enhanced Customer Due Diligence (CDD) in relation to existing higher risk customers by 24 October 2015. Further, the Monetary Authority of Singapore (Amendment) Act 2015 (MAS Amendment Act) came into force on 26 June 2015. The MAS Amendment Act introduces enhanced information sharing powers between the MAS and foreign AML/CFT regulators.
The Steering Committee, which includes the Managing Director of the MAS, conducted a Money Laundering and Terrorist Financing Risk Assessment in 2013 (NRA) and the report can be found here. The NRA Report identified particular money laundering and terrorist financing risks in relation to (amongst others) the Financial Sector. FIs are required to take the NRA findings into account when conducting their own risk assessments.
The MAS issued amendments to 11 Notices (Notices) on 24 April 2015 providing for more detailed and enhanced AML requirements. The amended Notice MAS Notice SFA04-N02 issued in relation to Capital Markets Intermediaries (CMIs) can be found here by way of example. Guidelines were issued in relation to each of these Notices providing further guidance on the implementation of the requirements, and the Guidelines to MAS Notice SFA04-N02 are here.
In response to concerns raised by the industry, MAS agreed to provide an increased time period until 24 July 2015 for FIs to comply with certain requirements, and provided a deadline until 24 October 2015 to identify existing higher risk customers and to ensure that enhanced CDD was carried out in relation to such customers.
AML Requirements to be complied with by 24 July 2015
The enhanced AML requirements are broadly similar under the 11 Notices, although some Notices contain sector specific requirements. In this e-bulletin we focus on three of the key requirements which needed to be complied with by 24 July 2015 and which are broadly identical across all Notices.
a. Enterprise-wide risk assessment
Under the amended Notices FIs are required to carry out an enterprise-wide risk assessment relating to their customers, countries in which they operate and their products, services and transactions. Further, FIs are required to ensure that policies and procedures are in place which manage and mitigate the risks identified. Although the MAS does not prescribe a methodology to be used when carrying out the risk-assessment, the Guidelines set out various risk factors to be taken into account. These include whether customers come from countries with relatively high levels of corruption, organised crime or inadequate AML/CFT measures, as identified by the Financial Action Task Force (FATF). The Guidelines also require FIs to take into account the observations on risk included in the NRA Report. The risk-assessment should be reviewed at least once every two years.
b. Risk assessment of new products, practices and technologies
FIs are required to put in place processes aimed at identifying and assessing money laundering (ML) and Terrorist Financing (TF) risks associated with the development of new products and new business practices, including new delivery mechanisms and the use of new or developing technologies. Special attention is to be paid in relation to products or technologies that favour anonymity and that deal with customer funds or the movement of such funds. The special ML/TF risk assessments are to be undertaken prior to the launch or use of such products or technologies and are to be in addition to and separate from the assessment of other types of risks, such as credit risks.
c. Cross-group information sharing
FIs incorporated in Singapore are to put policies and procedures in place that provide for the sharing of customer, account and transaction information across branches and subsidiaries and to the group level's compliance and audit for purposes of CDD and ML/TF risk management. These policies and procedures are to take account of relevant data privacy and secrecy laws of the countries or jurisdictions in which the branches and subsidiaries are located. The latter condition will require a good grasp and understanding of local privacy, secrecy and confidentiality laws to avoid an inadvertent breach of local laws.
"Remediation" required in relation to higher risk customers by 24 October 2015
FIs are required to conduct the detailed CDD measures set out in the Notices in relation to existing customers. The MAS has requested FIs to prioritise the identification of higher risk customers and to ensure that the detailed enhanced CDD measures are applied in relation to those customers by 24 October 2015. For example, Politically Exposed Persons (PEPs) are considered higher risk, and customers which are from a country known to have inadequate AML/CFT measures may be considered higher risk. The Notices have extended the scope of PEPs by including "international organisation" politically exposed persons.
New enhanced CDD measures include an increase of the degree and nature of the monitoring of the business relations with and the transactions for the customer in order to determine whether they appear unusual or suspicious.
The MAS Amendment Act
The MAS Amendment Act came into force on 26 June 2015. The amendments specifically mention the need to comply with the CDD requirements under the Notices and reiterate that a breach of the requirements may result in a fine not exceeding $1 million and in the case of a continuing offence, a further fine of $100,000 per day. The Amendments consolidate and set out the investigatory powers of the MAS in relation to compliance with the AML and CFT requirements.
More substantive changes provide for the MAS's enhanced powers to share information with foreign AML/CTF authorities in relation to FIs' compliance with AML/CTF requirements.
Although FIs will no doubt be concerned with what information can be shared with whom, 11 safeguards regarding purpose, scope and confidentiality have been included in the MAS Amendment Act which need to be satisfied in the context of an information sharing exercise.
It is of note that in certain circumstances, the foreign authorities may share information with third parties, with the MAS's consent.
If not already done, FIs will need to identify the Notice and Guidance applicable to their business and ensure that their AML and CFT policies and procedures are compliant with the more detailed and enhanced requirements. Note will also have to be taken of the 24 July 2015 deadline (which has passed) and the upcoming 24 October 2015 deadline.
The Notices and the MAS Amendment Act are a further illustration that the MAS is likely to pay increased attention to AML and CFT compliance.
Further, we have been seeing increased levels of cooperation and information sharing between regulators and law enforcement agencies across different countries, and the Amendments to the MAS Act suggest that this trend will continue.