Water Dragon Solutions Pte Ltd, the Compliance Practice of Maroon Analytics 63 Robinson Road #04-04 Afro Asia Building Singapore 068894 +65 8192 1784 www.maroonanalytics.com Regulatory Update 9 November 2015 MAS Circular to FMCs on Enhancing AML/CFT Measures ( CMI 03/2015 ) Overview Jurisdiction Executive Summary Impact on IAMs Singapore The Monetary Authority of Singapore ("MAS") has published a Circular to report on its findings from thematic inspections performed on financial institutions ("FIs") from September 2014 to January 2015. Fund management companies ( FMCs ) in general have put in place policies and procedures ("P&Ps") on anti-money laundering and countering the financing of terrorism ( AML/CFT ). However, some FMCs have not applied their controls consistently. Certain FMCs had incomplete identification information of their customers while some had performed simplified customer due diligence ( CDD ) without producing supporting documentation. Shortfalls were also found in the screening of relevant persons in client relationships in some FMCs. In addition, several FMCs had failed to monitor transactions or performed periodic reviews on customers. Some FMCs had also retained records of CDD documentation in foreign languages. While some FIs did not incorporate tax risk assessments into their P&Ps for CDD and ongoing monitoring, others required customers to declare their tax residency annually and also obtained independent opinion on tax responsibilities of customers. Some FIs requested supporting documents to provide evidence of the customer's source of funds. FIs are in the process of identifying, assessing and documenting their enterprise-wide ML/TF risks and the controls to address such risks. Whereas MAS highlights the necessity to take Singapore s National Risk Assessment ( NRA ) into consideration, FIs have also considered tax havens, suspicious transactions reports, expected growth as well as staffing and capabilities. Where customers' money and assets are held at custodian banks, MAS recognises that the requirements relating to the segregation of assets under management are fulfilled. The MAS pointed out several shortfalls as well as best practices pertaining to AML/CFT. Where deficiencies are not rectified, the independent asset manager ( IAM ) may be subject to enforcement actions. At the same time, adherence to best practices will ensure the IAM s compliance. IAMs are to comply with the requirements under the revised Notice to Capital Markets Intermediaries on Prevention of Money Laundering and Countering the Financing of Terrorism ("SFA04-N02") and the Guidelines to MAS Notice SFA04-N02 on Company registration 201223691N
Required Action Effective Date Prevention of Money Laundering and Countering the Financing of Terrorism ( AML Guidelines ). IAMs are expected to have amended and implemented their P&Ps and controls to comply with the revised requirements under the updated SFA04-N02 and Guidelines that became effective on 24 April 2015. In their P&Ps and their implementation, IAMs should take into account the shortfalls highlighted and the best practices noted in the Circular. n/a The New Rules Circular to Fund Management Companies on Enhancing Anti-Money Laundering & Countering the Financing of Terrorism Measures and Business Conduct ( CMI 03/2015 ) The MAS has published a Circular to report on findings from its thematic inspections of FIs that conduct regulated activities which was performed from September 2014 to January 2015. In particular, inspections were conducted on licensed and registered fund management companies ("LFMCs" and RFMCs ) and they were focused on FMCs' internal controls and P&Ps with regards to (a) AML/CFT; (b) handling of customers moneys and assets; and (c) record keeping. The MAS also reviewed FMCs' assessment of their enterprise-wide ML/TF risks, and the tax risks of their customers in the last two years. Policies and Procedures ( P&Ps ) FMCs that were inspected in general have put in place P&Ps on AML/CFT. However, the MAS found that some of the AML/CFT controls have not been formalised or applied consistently within the firm. Gaps in AML/CFT controls were commonly found in areas such as ongoing monitoring of client relationships and the frequency of AML/CFT training. FMCs are reminded to formalise their AML/CFT controls and apply their P&Ps consistently as well as regularly review their P&Ps in order to ensure that they remain relevant and up-to-date with regulations. Customer Due Diligence ( CDD ) In general, FMCs were aware of their obligations to identify and verify the identities of their customers, natural persons appointed to act on behalf of customers, as well as connected parties and beneficial owners of customers (collectively referred to as "relevant persons"). However, the MAS found that some FMCs did not have complete identification information of their customers or natural persons appointed to act on behalf of customers. FMCs are reminded to carry out CDD measures to identify and verify the identities of relevant persons timely and effectively. In addition, FMCs must take note that the definition of "customers" has been expanded to include the underlying investors into the investment vehicles (other than listed entities) that the FMC manages under the revised AML/CFT Notice SFA04-N02. FMCs are required to analyse the ML/TF risks of customers and document their basis for applying simplified CDD under the revised SFA04-N02. FMCs may only perform simplified CDD if they are satisfied that the ML/TF risks are low. Several FMCs were found to have performed simplified CDD on customers without documenting the details of their risk assessments or the nature of the simplified CDD measures that were performed. As such, FMCs are reminded to formalise their risk assessment criteria when determining whether to apply simplified, standard or enhanced CDD. In addition, they must ensure that the risk assessment criteria is applied consistently 2/5
within the firm and that the choice of CDD measures must be supported by documentation of the ML/TF risk assessments of customers. FMCs are required to screen relevant persons against the appropriate ML/TF information sources or sanctions lists in order to ensure compliance with their AML/CFT obligations. The MAS discovered shortfalls in certain FMCs whereby relevant persons were not screened or the screening results were not documented. On the other hand, it found that FMCs are using commercial databases to identify adverse information on individuals and entities as part of their screening processes. Some FMCs are also utilising automated AML/CFT surveillance systems to conduct daily screening on the relevant persons which promptly detect any change in the risk classification of these persons. The MAS has also clarified on the difference between relying on a third party and engaging an outsourced service provider to perform CDD measures. In an outsourcing scenario, the FMC must clearly document the roles and responsibilities of the outsourced provider in a formal agreement. In addition, safeguards must be put in place to ensure that the outsourced service provider is carrying out its responsibilities effectively. The MAS also found that some FMCs had performed sample reviews to assess the adequacy of the CDD measures undertaken by outsourced service providers such as their fund administrators or transfer agents. FMCs are required to monitor their business relations with their customers on an ongoing basis. The MAS pointed out in the Circular that some FMCs had failed to monitor customers' transactions or perform periodic reviews to ensure that CDD information on customers remained relevant and up-to-date. As such, FMCs are reminded to maintain proper documentation with regards to these measures. The MAS also found that some FMCs had processes in place to suspend dormant customer accounts after repeated failures to contact the customers. They also had processes to screen customers and beneficial owners prior to the redemption of funds. FMCs are also reminded to maintain all records of CDD documentation in the English language after the MAS found that some FMCs had retained such documentation in foreign languages instead. Enterprise-Wide ML/TF Risk Assessment Under the revised SFA04-N02, FMCs are required to identify and assess the overall ML/TF risks they face as an institution, and take steps to mitigate these risks. FMCs are reminded to continue to fine-tune and review their risk assessments on a regular basis. The MAS pointed out in the Circular that, following the inspections in 2014, FIs in general were still in the process of identifying, assessing and documenting their enterprise-wide ML/TF risks. Several FIs have not developed or documented their enterprise-wide ML/TF risk assessment methodologies. In addition, some FIs did not consider the results of Singapore s NRA when assessing their enterprise-wide ML/TF risks. However, improvements were observed following a thematic review conducted in 2015. Many FIs have since identified, assessed and documented the ML/TF risks arising from their business activities and the controls to address these risks. Following the thematic review, the MAS observed that some FIs had considered various factors in their enterprise-wide ML/TF risk assessments. FIs utilised their own risk analysis together with additional information from the NRA report when assessing risk areas pertaining to customers, countries and jurisdictions. FIs also included tax havens in their consideration of high risk jurisdictions. When assessing risk areas pertaining to products, services and transactions, FIs considered the number of suspicious transaction reports ("STRs") filed as well as the expected growth in 3/5
transaction volumes for significant revenue-generating products. Pertaining to mitigation and controls, FIs considered the frequency of AML/CFT training, the staff resources to manage escalation of potential ML/TF risks and the method of customer screening that was used (manual versus automatic). Certain FIs were found to have implemented a scoring matrix which integrates the various quantitative and qualitative risk factors in assessing the overall enterprise-wide ML/TF risk. In addition, there are also FIs which have processes to review their enterprise-wide ML/TF risk assessment every six months or at the trigger of a material event, whichever is earlier. As such, FMCs are strongly encouraged to consider these practices when assessing their enterprise-wide ML/TF risks. Tax Risk Assessment As tax crimes are designated as ML predicate offences in Singapore, all FIs are required to implement effective controls and preventive measures in respect of tax crimes. FIs may turn to various measures to assess tax risk, such as using red flag indicators to determine if there is suspicion that a customer's assets are proceeds of tax crimes. Where there are grounds for suspicion, FIs must perform enhanced CDD measures. An STR must be filed where there is knowledge or suspicion of tax crimes. FIs are reminded to independently assess whether to establish or continue business relations with a prospective or existing customer in such a scenario. FIs must obtain senior management's approval and document the reason for the decision taken. The MAS pointed out in the Circular that some FIs did not incorporate tax risk assessments into their P&Ps for CDD and ongoing monitoring. FIs with better practices required customers to declare their tax residency annually while other FIs obtained independent, country-specific legal opinion to confirm the tax-compliance of structures, or tax reporting responsibilities of customers. Such FIs would then corroborate the customers' tax declarations against these opinions. In addition, certain FIs requested supporting documents to provide evidence of the customer's source of funds or wealth, which included bank statements, recent business accounts filed with the relevant authorities, or income tax assessments. A handful of FIs also coordinated follow-up actions with regards to the tax risk of the same customer within the group to prevent regulatory arbitrage. Handling of Customers Moneys or Assets The MAS observed that some FMCs had received and held customers moneys and assets on trust for their customers. These FMCs were found to have failed in complying with various regulatory requirements in respect of holding customer' moneys and assets, such as failing to ensure acknowledgement of the trust account status, and failing to deposit moneys received from the customer in the trust account by the following business day. Conversely, the MAS noted that FMCs that have arrangements whereby customers moneys and assets are either held in the names of the customers at custodian banks, or with custodians and prime brokers in the names of the fund vehicles, fulfil the requirements relating to segregation of assets under their management. 4/5
Effect Impact on Independent Asset Managers The MAS pointed out several shortfalls as well as best practices pertaining to AML/CFT. Where deficiencies are not rectified, the IAM may be subject to enforcement actions. At the same time, adherence to best practices will ensure the IAM s compliance. IAMs must have controls in place to comply with the requirements under the revised AML/CFT Notice ("SFA04-N02") and Guidelines. In particular, IAMs must obtain the required information of customers, conduct CDD checks and screenings as well as ensure that periodic reviews are performed. IAMs must also maintain the appropriate documentation in record with regards to their customers. MAS has confirmed that IAMs, whose customers hold the assets managed by the IAM in segregated accounts in their own name, comply with the requirement of segregating customers assets and are thus not required to notify the custodian banks that the assets in these accounts are customer assets. Required Action and Possible Approaches IAMs are expected to have amended and implemented their P&Ps and controls to comply with the revised requirements under the updated SFA04-N02 and Guidelines that became effective on 24 April 2015. In their P&Ps and their implementation, IAMs must take into account the shortfalls highlighted in the Circular and enhance their P&Ps and controls where necessary. They are to draw special attention to the good practices underlined in the Circular and are strongly encouraged to implement them in a manner proportionate to the size and scale of their operations. Please consult the following new rules for details: MAS Circular to FMCs on Enhancing AML/CFT Measures ( CMI 03/2015 ) Notice to Capital Markets Intermediaries on Prevention of Money Laundering and Countering the Financing of Terrorism ("SFA04-N02") Guidelines to MAS Notice SFA04-N02 on Prevention of Money Laundering and Countering the Financing of Terrorism For more information or further discussions, please contact Water Dragon Solutions Pte Ltd, the Compliance Practice of Maroon Analytics Pte Ltd. Rolf Haudenschild DD: +65 8192 1784 rolf.haudenschild@maroonanalytics.com This Regulatory Update is intended to provide general information. Although we endeavour to ensure that the information contained herein is accurate, we do not warrant its accuracy or completeness or accept any liability for any loss or damage arising from any reliance thereon. The information herein must not be treated as legal advice or as a substitute for specific advice concerning a particular situation. If you would like to discuss the implications of the developments discussed in this Regulatory Update on your business, please do not hesitate to contact us. 5/5