On 16 June 2014, the Monetary Authority of Singapore (the “MAS”) issued an information paper (the “paper”) entitled Guidance on Private Banking Controls. The paper aims to guide financial institutions (“FIs”) on the policies, procedures and controls required for their private banking business in relation to the following three key areas: (i) anti-money laundering and countering the financing of terrorism, (ii) fraud risk controls, and (iii) investment suitability.
Anti-money laundering and countering the financing of terrorism (AML/CFT)
Although FIs have enhanced their AML/CFT frameworks over the years, the MAS takes the view that the effectiveness of the AML/CFT framework could be undermined by poor implementation of controls. The MAS discusses the sound practices and attention areas in this chapter of the paper under the following categories:
- Customer on-boarding/acceptance: FIs should focus on having an effective customer due diligence (“CDD”) and customer on-boarding policy where higher-risk accounts, including those of politically exposed persons (“PEPs”), are subjected to more extensive due diligence as well as closer and more proactive monitoring.
- On-going monitoring: The MAS highlights the need to have robust and comprehensive periodic reviews and on-going monitoring of transactions to facilitate the detection of unusual transaction patterns and changes in customer circumstances that could potentially render the business relationship undesirable or expose the financial institution to higher money laundering or terrorism financing risks.
- Use of financial intermediaries: The MAS notes that FIs in the private banking industry typically use financial intermediaries as a source of customer acquisition. As such, the MAS decided to provide some guidance in the area as well.
- Suspicious transaction reporting: FIs should maintain comprehensive and accurate records and audit trails of internal assessments, regardless of whether suspicious transaction reports (“STRs”) are ultimately filed. In addition, STRs should be filed in a timely manner as delays may compromise the effectiveness of an investigation.
- Wire transfers: FIs should always have full knowledge of originator details for incoming wire transfers, and ensure that similar information is provided for all outgoing wire transfers.
Fraud risk controls
The MAS notes that the close and trusted nature of the relationship between the customer and the relationship manager in private banking exposes the FI to higher risk of internal and external fraud. Although most FIs have in place fraud risk controls, there is scope for improvement. The MAS discusses this chapter under the following headings:
- Enhanced authentication of customer instructions: FIs must establish the authenticity of all customer instructions before acting on them. Authentication should be performed by parties independent of the front office and against the institution’s official records. In addition to the usual verification of customers’ signatures by independent parties and to counter any possible forgery, FIs may subject higher fraud risk transactions to additional authentication procedures. To enhance the timely detection of unauthorised funds withdrawals and transactions, FIs could use information technology, such as SMS and e-mails to alert customers of their account activities.
- Hold-mail (“HM”) services: The MAS has identified that accounts with HM services are more susceptible to being abused since customers’ receipt of account statements on a delayed basis creates opportunities for misappropriation of assets and other irregularities to go undetected. FIs should offer HM services only in exceptional circumstances and upon request by customers. Retained mail should only be delivered to the customers or their authorised representatives, and FIs should monitor accounts with uncollected retained mail. Relationship managers should not be allowed to deliver retained mail to customers without the involvement of independent parties. FIs should only offer non-system generated (i.e. manually compiled) or customised statements to their customers on a selective basis.
- Inactive/dormant account: As inactive/dormant accounts are exposed to increased fraud risks, FIs should have procedures to ensure proper and prompt identification of such accounts and subject such accounts to close monitoring and stringent reactivation controls.
- Customer static data: Customers’ static data should be centrally and independently controlled, and changes to it should be subjected to enhanced independent authentication procedures.
The MAS divided the discussion in this chapter into the following headings:
- Customer profiling: FIs should ensure that the risk assessment process is sufficiently comprehensive to cover all aspects relevant to determining a customer’s risk profile. Relationship managers should not be allowed to override risk profiles generated by risk profiling tools unless there is adequate justification. This is especially pertinent when the final assigned risk profiles are markedly more aggressive than that derived using the risk profiling tools. FIs should not review their customers’ risk profiles only during the periodic customer reviews which is based on the ML risk classification of the customers as this may result in customers of low ML risk having their risk profiles reviewed less frequently than warranted by their financial circumstances or trading activities.
- Product classification: FIs should consider reviewing their product risk rating methodology annually to ensure that it remains relevant. There should also be structured processes in place to regularly review product risk classification. Sole reliance on product experts to perform ad hoc reviews may not be sufficient.
- Advisory and sale processes: FIs may consider specially-designed processes to deal with specific customer groups that may require more customised advice. There should be proper sales and advisory processes to complement and leverage on customer profiling and product risk classification frameworks.
Instil appropriate risk and control mindset
The MAS indicates in the paper that senior management should set the right tone at the top in instilling an appropriate risk and control mindset in staff, across all levels and functions to ensure effective implementation of the AML/CFT, anti-fraud and investment suitability frameworks.
Although aimed at FIs in relation to their private banking business, many of the sound practices highlighted in the paper might also be relevant for other client-facing businesses of the FIs. The MAS qualifies that the non-exhaustive contents of the paper do not modify or supersede any applicable laws, regulations and requirements.