Financial crime compliance trends in Singapore

Author: | Published: 30 Sep 2016
Email a friend

Please enter a maximum of 5 recipients. Use ; to separate more than one email address.

Financial Crime Compliance (FCC) still tops the agenda for financial institutions (FIs) in Singapore. The regulatory bar keeps rising rapidly and to say the impact of the changing regulatory landscape on the financial services industry in Singapore is huge would be an understatement. The regulator has set a strict tone on the tightening of governance, Customer Due Diligence (CDD) processes, strengthening of internal controls and greater scrutiny of transactions. There is a clear message from the Monetary Authority of Singapore (MAS) that the industry needs to pay attention to ensuring the soundness of their Anti-Money Laundering (AML) compliance framework.

But what can FIs continue to do to enhance their FCC framework, when this is already a challenging web and a costly effort?

"Effectiveness" of the FCC framework seems to be the buzzword today. Compliance will not get any easier with tightening regulations and increasing regulatory expectations. Some of the key highlights are:

  • Getting the FCC compliance target operating model right sounds simple: however, the more complex the FI and its business, the more challenging it is to administer control and surveillance. In addition to the 'business-as-usual' activities, ensuring effective responses to address regulatory changes demands equal parity in treatment. The complexities of the Financial Crime operating model need to be reviewed through a risk lens. Shifting from a process-driven compliance culture to one that is "risk aware", where relevant employees are able to exercise a "risk aware" judgment is an imperative today. Compliance programs and frameworks that are well-defined must continually be challenged and modernized, with new threats and emerging typologies and associated red flags duly embedded in the framework;
  • Enshrining the principle of three lines of defence – the front office, compliance and audit – and how the FCC framework cuts across these three lines, demonstrating a well-oiled engine in operation to detect and prevent financial crime with well-calibrated risk tolerance principles weaved in the architecture. This may be a tall order, but it is really the starting point. The need is to, inter alia, demonstrate that the FI has a good grip on its "single client view" and is effective in monitoring and managing FCC risk;
  • Governance and supervision by the Board and management must be demonstrable. This is easier said than done, but the need is to evidence clear reporting, good quality risk dashboards are provided, escalations of key findings and Boards/Management being involved in critical decisions that impact the management of FCC risk for the organization;
  • Effectiveness of the FCC risk assessment across the organizations and lines of business to calculate inherent risk and assess robustness of controls to manage such inherent risk. The outcome of the risk assessment ought to talk to the operational risk framework and inform the overall risk tolerance across all businesses as well as influence strategic business decisions to deal with certain products, technologies, clients or potential clients and assessing the efficacy of the transactions monitoring systems and processes. The outcome of the risk assessment must – and it is critical that it does – inform the overall framework, policies, procedures, process architecture, people, technology, customer risk profiling, monitoring and assurance exercise as well as help design the Money Laundering Reporting Officer (MLRO)'s dashboard to the management;
  • This sounds unexciting due to constant rhetoric around the subject, but the old news remains that there is a continuous need to beef up the gatekeeping function – which essentially is the Know Your Customer (KYC)/CDD on customers. The better the quality of the CDD, the better the ability of the FI to assess customer risk and monitor the relationship on an ongoing basis. FIs need robust regimes to not only identify risks at the point of onboarding but monitor such risks throughout the lifecycle of the customer with the FI;
  • Separate the operational and advisory functions. It is important that the employees who have 'business-as-usual' tasks and those that ensure the effectiveness of the controls framework are not one and the same group of people;
  • FIs should also be aware of the evolution in trade finance compliance or trade-based money laundering compliance and correspondent banking relationships oversight. For their trade business, FIs need to institutionalize a framework that broadly addresses the review of risk through the trade documentation, trade routes and vessels, screening of parties, assessment of the legitimacy of goods (from dual use risk and under/overpricing) and whether sanctions parties/countries are involved. There is very little appetite from regulators for failures in the compliance framework for FIs that undertake trade finance business or establish correspondent banking relationships;
  • Yet again, a transactions monitoring system is key but this time the focus is on link analysis, common sources of wealth or ultimate beneficial owners' transactions being assessed holistically and making more investments in analytics to optimize the transaction monitoring technology… not to mention the effectiveness of the challenge and audit ability of this complex technology;
  • Document the design of the overall control architecture, which includes the processes and technologies put in place to mitigate FCC risks – perhaps this labyrinth should be documented as a single source of truth and assessed to ascertain whether the controls' environment meets regulatory standards and whether there is more work needed to plug gaps;
  • A robust tax crimes client assessment embedded within the broader FCC framework; and
  • Sharpen the second line of defence assurance program for early detection and timely resolution of issues.

Role of the regulators

There are other issues in addition to coping with the changing regulatory demands. FIs are also constantly walking on a regulatory tightrope so in view of this, perhaps regulators can play a role in helping the industry with their compliance efforts by:

  • Whilst there already is some level of clarity, further improving on interpretation versus expectations will be helpful;
  • Acting as liaison with home and host regulators, ensuring greater transparency on actions and views of home regulators, and promoting cross-industry and jurisdiction cooperation;
  • Establishing uniformity or industry practice in areas around KYC, risk thresholds for sanctions and transactions monitoring;
  • Encouraging greater innovation and embracing technological changes that can create efficiency, and yet of course managing the risk; and
  • Taking into consideration compliance cost and the efforts required to comply with the requirements in its true spirit. For example, consider a differentiation between intentional breaches and technical breaches.

Continued vigilance

The FCC framework will continue to evolve in line with the changing business landscape and regulations are expected to tighten. Looking ahead, FIs will also be investing more in this area especially for larger FIs as they harmonize their global standards across their footprint markets. This will increase compliance cost but it cannot compare with the importance and need for regulatory compliance, as the penalties for non-compliance far outweigh the perceived benefits.

When implementing a risk-based approach, identifying key indicators where the FI needs to perform a deep dive analysis to address any potential risks the organization can be exposed to and the sufficiency of controls in place to manage such risk is essential. The regulatory bar on FIs in a mature and developed market such as Singapore has risen so much today that "risk-based approach" translates to "heightened risk-based approach" when designing AML/Combat the Financing of Terrorism (CFT) frameworks and assessing associated risks and controls. Compliance frameworks need simply to be prudent and defensible in today's regulatory environment.

With the recent actions instituted by the MAS on certain FIs, the regulatory arbitrage should narrow fairly swiftly with industry participants expected to raise the compliance bar further. The natural consequence of this will arguably be increased compliance costs with resultant thinning profit margins for some. This may call for integration or more innovation in business, cost effective service delivery models, digitization and compliance efficacy and use of utilities that can operate within the regulatory regime without impediments to not just reduce cost, but also manage risks.

The writer is a Financial Advisory Partner at Deloitte Southeast Asia. The opinions expressed in this article are the author's own.

About the author
 

Radish Singh

E: radishsingh@deloitte.com
T: +65 6224 8288

Radish leads the Anti-Money Laundering (AML) team within Deloitte Forensic in Singapore and Southeast Asia. Radish is a subject matter expert with over 18 years of experience on advising financial institutions on financial crime. She has been actively presenting on global regulatory reform to financial institutions in Singapore and in various public forums. Her clientele incudes major global and local banks in Singapore. She previously led an engagement with the Association of Banks in Singapore to revise and modernise their AML guidelines for the local banking industry. She also advised the Institute of Banking & Finance Singapore on revising their compliance and AML industry standards modules.


 

The magazine

April/May 2019

SURVEY: Opening the gate of China

After decades of domestic growth, the PRC is gradually letting the international community in. Here lawyers and country heads at some of the world's biggest banks and asset managers explain what others need to know

International briefings

Quick Poll

Is consolidation a good thing for the EU financial sector?


Women in Business Law Group

IFLR's Wibl networking group provides a platform for inclusive debate around fostering female talent in the profession.

Visit its LinkedIn page to find out more, and IFLR's awards page for details on the annual ceremonies.