This week the Monetary Authority of Singapore (MAS), the Singapore financial regulator, published this guidance note outlining their expectations for effective money-laundering/terrorism financing (ML/TF) controls for financially regulated firms or “FIs”. The paper does not impose new regulatory obligations but MAS does stress that such firms should benchmark themselves against the practices and supervisory expectations set out in the paper in a risk-based and proportionate manner including conducting a gap analysis.
The guidance is summarized briefly below:
1] Typologies:
Misuse of legal persons/arrangements and complex structures
- Facilitate pass-through or round tripping transactions without any clear economic purpose.
- Create complex layers of ownership with no clear legitimate reasons, but instead with the sole intention of obscuring true beneficial ownership.
Supervisory observations:
- The FIs reviewed had put in place specific policies, procedures and controls to enable proactive detection of potential misuse of legal persons/arrangements (including front/shell companies), and to address risks associated with complex structures.
- Some FIs also made use of data analytics to complement existing ongoing monitoring controls and to identify customers which pose higher risk of misuse.
- While MAS did not observe systemic deficiencies from their review, executional lapses were observed as a result of weak oversight and lack of risk awareness and vigilance to identify unusual red flags.
2] Customer Due Diligence (#1)
- FIs are required to identify and verify the identity of the beneficial owners (BO) in relation to a customer, and where the customer is not a natural person, FIs shall seek to understand the nature of the customer’s business, ownership and control structure.
Supervisory observations:
- FIs would seek to understand the ownership and control structure of the customer to identify the BO where complex structures and arrangements are used and assess whether such structures and arrangements pose additional ML/TF risk concerns.
- In some cases, the lack of guidance provided as well as the lack of staff’s risk awareness had resulted in lapses by FIs in effectively identifying the true BO, and consequently, failure to assess the legitimacy of such arrangements.
3] Customer Due Diligence (#2)
- FIs are required to understand the nature of the customer’s business, its ownership and control structure, as well as the purpose of their accounts.
Supervisory observations:
- While FIs inspected had put in place specific measures to enable detection of front/shell companies for enhanced due diligence, there remain areas where controls could be strengthened.
- Several examples are provided illustrating how a “check box” approach to Customer Due Diligence (CDD) had resulted in failures by the FI to pick up misuse of legal persons risk flags in a timely manner (see the paper for further details from page seven).
Actions taken to enhance AML/CFT controls:
- Enhanced training and guidance on complex ownership and structures to enable staff to identify/detect red flags on customer information/declarations obtained.
- Required further assessment on the use of unusual complex structures and ownership to assess the legitimacy of the customer.
Supervisory expectations:
- While FIs may obtain a customer declaration to identify the true BO, FIs should be alert to shell company red flags which should trigger further due diligence checks.
- Examples of red flags include:
o Unusual or rapid changes to corporate structures, including beneficial ownerships, after account opening; and
o The BO owning a company through a nominee shareholder without a clear economic rationale or purpose.
- MAS expects FIs and their front-line staff to obtain sufficient information to understand and assess if there are legitimate reasons for complex ownership or control structures, particularly for bespoke wealth management structures. Such an assessment is necessary as part of CDD to determine whether more stringent ML/TF risk assessment and monitoring is warranted.
- FIs must:
- Adequately apprise front line staff on red flags relating to the use of complex ownership and control structures to ensure proper follow-up and risk assessments.
- Perform further checks or corroboration where there are doubts over the declarations obtained from the customer.
- Establish clear accountability and processes to enable timely escalation of concerns about ownership structures or BO information.
- Take timely and appropriate risk mitigation measures to address these concerns.
4] Ongoing Monitoring
- Throughout the course of business relations, FIs are required to scrutinize transactions undertaken to ensure that transactions are consistent with the FI’s knowledge of the customer.
Supervisory observations:
- FIs have appropriate systems and controls in place that alerted them to unusual transactions. To ensure effectiveness of transaction monitoring (TM) controls, FIs must ensure that staff are adequately trained to identify, scrutinise and escalate/deal with unusual transactions.
i) TM involving escrow arrangements
Actions taken to enhance AML/CFT controls:
- FI enhanced guidance and training to TM analysts and implemented a quality assurance programme to monitor the quality of TM alert reviews performed.
- FI also put in place reviews to proactively identify customers who present misuse of legal persons risks, based on profile characteristics or transaction patterns, on an ongoing basis as part of enhanced due diligence.
- FI enhanced guidance to analysts on reviewing suspicious transactions involving related entities and implemented fund tracing tool to allow a more holistic end-to-end review and easier identification of red flags through visual representations.
Supervisory expectations:
- There are legitimate commercial reasons for the use of escrow agents and arrangements to safeguard the interests of parties in an escrow agreement. However, FIs should be cognisant that escrow services and accounts could also be abused for layering/illicit purposes.
- FIs should therefore:
o Have a good understanding of the purpose of accounts and expected transactions to assess whether business relations involving escrow agents would pose higher ML/TF concerns at onboarding. The assessment of risks should take into consideration for example, complexity or frequency of transactions, and whether there is a clear economic and legitimate purpose for the arrangement. Where necessary, additional checks should be done.
o Be alert to red flags and unusual transactions or patterns and perform appropriate scrutiny, including for escrow arrangements, to ascertain whether there are any material financial crime concerns on counterparties involved or suspicions which warrant a filing of a suspicious transaction report (STR) and/or the application of other risk mitigating measures.
ii) Executional lapses in review of transactions
- FIs are required to implement appropriate internal risk management systems, policies, procedures and controls to determine if business relations with or transactions for any customer present a higher ML/TF risk and accordingly, perform appropriate enhanced CDD measures for these customers.
Actions taken to enhance AML/CFT controls:
- To address the above gaps in CDD, FI enhanced its AML/CFT controls to:
o Tighten the feedback loop to ensure CDD gaps observed during investigations are adequately escalated to the right party for review.
o Provide additional guidance and training to staff to raise risk awareness to identify higher ML/TF risk business activities.
o Adequately equip TM investigators with the right tools and relevant financial crime information sources to be reviewed as part of alert investigation.
iii) Addressing Information silos
Actions taken to enhance AML/CFT controls:
- To address the above gaps in ongoing monitoring, FI had:
o Tightened the information sharing protocols across BUs and;
o Put in place clear accountability for decisions to ensure that pertinent ML/TF risk concerns are shared with other BUs and escalated on a timely basis. This ensures that ML/TF concerns are adequately mitigated as part of decisions made.
Supervisory expectations:
- Addressing information silos is key for effective ML/TF risk management for FIs. FIs should continually assess the robustness of existing controls and processes to keep pace with changing threats and typologies.
- FIs should be alert to unusual transactions involving complex structures and related entities and conduct the appropriate level of additional due diligence to avoid being exploited as a conduit to layer potentially illicit funds.
RegTrail Insights
At 16 pages the MAS paper is a compact, worthwhile read, particularly with the case studies (which are not summarised above). Such specific recommendations from a regulator are rare. While the paper is directed at financially regulated firms, MAS’s observations and expectations are nonetheless useful and form a strong benchmark comparison for energy and commodity firms regardless of jurisdiction.