2015-10-28

Added

Circular CMI 06/2015 on Enhancing Anti-Money Laundering and Countering the Financing of Terrorism Measures

The Monetary Authority of Singapore issued this circular to outline findings from thematic inspections of registered insurance brokers regarding their anti-money laundering and countering the financing of terrorism controls. It mandates that firms formalize policies, conduct rigorous customer due diligence, perform enterprise-wide risk assessments including tax risks, and strictly adhere to regulations for handling customer moneys. The document further requires all insurance brokers to implement enhanced screening for sanctioned entities and maintain timely deposits of client funds into designated accounts.

Monetary Authority of Singapore logo

Singapore

Monetary Authority of Singapore

Click to view thumbnail

Circular No. CMI 06/2015 28 October 2015 To: Registered Insurance Brokers under the Insurance Act (Cap. 142) Dear Sirs ENHANCING ANTI-MONEY LAUNDERING & COUNTERING THE FINANCING OF TERRORISM MEASURES AND BUSINESS CONDUCT In 2014, the Monetary Authority of Singapore (“MAS”) appointed external auditors under section 320(1) of the Securities and Futures Act (Cap. 289) (“SFA”), section 65(1) of the Financial Advisers Act (Cap. 110) (“FAA”), section 73(3) of the Trust Companies Act (Cap. 336) (“TCA”) and section 50(1) of the Insurance Act (Cap. 142) (“IA”) to conduct thematic inspections of close to 300 financial institutions (“FIs”) that conduct regulated activities under these Acts. The inspections were conducted from September 2014 to January 2015, and covered insurance brokers (“IBs”).They were based on a set of agreed-upon procedures between MAS and the external auditors, and focused on the FIs’ internal controls and policies and procedures in the following areas: a) Anti-money laundering and countering the financing of terrorism (“AML/CFT”)1 ; b) Handling of customers’ moneys and assets; and c) Record keeping. 2 MAS also reviewed selected FIs’ assessment of their enterprise-wide money laundering and terrorism financing (“ML/TF”) risks, and the ML risk from tax crimes (“tax risks”) of their customers in the last two years.

1 IBs which are exempted from holding a financial adviser’s licence under section 23(1)(c) of the Financial Advisers Act (Cap. 110) are required to comply with the Notice to Financial Advisers on Prevention of Money Laundering and Countering the Financing of Terrorism issued on 24 April 2015, in respect of their financial advisory services. 10 Shenton Way MAS Building Singapore 079117 Telephone: (65) 6225 5577 Facsimile: (65) 6229 9229

Monetary Authority of Singapore 2 3 While most of the IBs inspected have measures to comply with the relevant rules and regulations, there are some areas for improvement. This circular sets out common findings, as well as good practices observed during the thematic inspections and reviews. As the inspections and reviews were carried out prior to the revision of the Notice to Financial Advisers on Prevention of Money Laundering and Countering the Financing of Terrorism (“revised FAA-N06”) and Guidelines to the Notice (“revised Guidelines”) on 24 April 2015, this circular also draws your attention to some additional requirements and AML/CFT measures that FIs have to put in place under the revised FAA-N06 and revised Guidelines. (A) AML/CFT Requirements (i) Policies and Procedures(“P&Ps”) 4 Most of the IBs which are exempt financial advisers (“IBs/EFAs”) inspected haveput in place P&Ps on AML/CFT. However, some of the AML/CFT controls were not formalised or applied consistently within the firm. The common areas include ongoing monitoring of business relations with customers and the frequency of AML/CFT training. We would like to remind IBs/EFAs to formalise all their AML/CFT practices and apply their P&Ps consistently. IBs/EFAs should also regularly review their P&Ps to ensure that they remain relevant and up-to-date with regulatory obligations. (ii) Customer Due Diligence (“CDD”) Identification and Verification of Identities of Customers 5 The IBs/EFAs inspected were generally cognisant of their responsibilities to identify and verify the identities of their customers, the natural persons appointed to act on behalf of customers, as well as connected parties and beneficial owners of customers (collectively referred to as “relevant persons”). However, some IBs/EFAs met these obligations only partially. For instance, some IBs/EFAs did not have complete identification information of their customers or natural persons appointed to act on behalf of customers. IBs/EFA are

Monetary Authority of Singapore 3 reminded to carry out CDD measures to identify and verify the identities of the relevant persons in a timely and effective manner. Customer Risk Assessment 6 Some IBs/EFAs had performed simplified CDD on customers without documenting the details of their risk assessments or the nature of simplified CDD measures performed. IBs/EFAs should only perform simplified CDD measures if they are satisfied that the risks of ML/TF are low. As stated in paragraph 7 of the revised FAA-N06, IBs/EFAs are required to analyse the ML/TF risks of customers and document their basis for applying simplified CDD. 7 IBs/EFAs should also formalise their risk assessment criteria in determining whether to apply simplified, standard or enhanced CDD. These risk assessment criteria should be applied consistently within the firm. In addition, the choice of CDD measures should be supported by documentation of the ML/TF risk assessments of customers. Screening 8 MAS observed a mix of good practices and shortcomings among the IBs/EFAs inspected in relation to the screening of relevant persons. Some IBs/EFAs did not screen the relevant persons or document the screening results. Under paragraph 6.37 of the revised FAA-N06, IBs/EFAs are required to screen the relevant persons against the appropriate ML/TF information sources or lists. 9 In terms of good practices, some IBs/EFAs utilise commercial databases to identify adverse information on individuals and entities as part of their screening processes. Some also employ automated AML/CFT surveillance systems to conduct daily screening on the relevant persons to promptly detect any change in the risk classification of these persons. Reliance on Third Parties versus Outsourcing to Service Providers to Perform CDD Measures 10 Some IBs/EFAs have sought clarifications on the difference between relying on a third party and engaging an outsourced service provider to perform CDD measures. This is explained in paragraph 9 of the revised Guidelines. We would like to highlight that in an

Monetary Authority of Singapore 4 outsourcing scenario, the IB/EFA should clearly document the roles and responsibilities of the outsourced provider in a formal agreement. Necessary safeguards should be put in place to ensure that the outsourced service provider is carrying out its responsibilities effectively. Ongoing Monitoring 11 Some IBs/EFAs had failed to perform periodic reviews to ensure that CDD information on customers remained relevant and up-to-date. IBs/EFAs are required to monitor their business relations with customers on an ongoing basis. Paragraph 6-10 of the revised Guidelines provide guidance on the measures and frequency for ongoing monitoring. IBs/EFAs are also reminded to maintain proper documentation of these measures. Documentation of CDD Measures 12 Some IBs/EFAs had retained CDD documentation in foreign languages. IBs/EFAs are reminded to maintain all records in the English language to comply with paragraph 10 of the revised FAA-N06. (iii) Enterprise-Wide ML/TF Risk Assessment 13 Paragraph 4.1 of the revised FAA-N06 includes new obligations for IBs/EFAs to identify and assess the overall ML/TF risks they face as an institution, and take steps to mitigate these risks. The enterprise-wide ML/TF risk assessment forms the basis for the FI’s overall risk-based approach. IBs/EFAs should continue to fine-tune and review their risk assessments on a regular basis. 14 MAS observed from our inspections and engagements with FIs in 2014 that most FIs were still in the process of identifying, assessing and documenting their enterprise-wide ML/TF risks. Further, some FIs had not developed or documented their enterprise-wide ML/TF risk assessment methodologies. Some FIs had not considered the results of Singapore’s National Risk Assessment (“NRA”) when assessing their enterprise-wide ML/TF risks. Improvements were noted from a subsequent thematic review conducted this year. Many FIs have since identified, assessed and documented the ML/TF risks arising from their business activities and the controls to address these risks.

Monetary Authority of Singapore 5

15 We observed from the thematic review that certain FIs had considered various factors in their enterprise-wide ML/TF risk assessments. Some examples of the risk areas and specific factors used by these FIs are as follows: Risk / Control Areas Specific Factors Customers, countries, jurisdictions • Supplement the FI’s own risk analysis with additional information from the NRA Report relating to risks in various industry segments • Inclusion of tax havens in high risk countries / jurisdictions Products, services, transactions • Number of suspicious transaction reports filed • Expected growth in transaction volumes for significant revenue-generating products Mitigation, controls • Frequency of AML/CFT training • Staff resources to manage escalation of potential ML/TF risks • Method of customer screening (manual versus automatic) 16 Some FIs have implemented a scoring matrix that integrates the various quantitative and qualitative risk factors in assessing the overall enterprise-wide ML/TF risk. In addition, certain FIs have processes to review their enterprise-wide ML/TF risk assessment every six months or at the trigger of a material event, whichever is earlier. IBs/EFAs are strongly encouraged to consider these additional factors in assessing their enterprise-wide ML/TF risks. (iv) Tax Risk Assessment 17 FIs had performed a tax risk review of their customers when tax crimes were designated as ML predicate offences in Singapore. However, some FIs did not subsequently incorporate tax risk assessment into their P&Ps for CDD and ongoing monitoring. All FIs are required to implement effective controls and preventive measures in respect of tax crimes. FIs can employ various measures to assess tax risk, including but not limited to using red-

Monetary Authority of Singapore 6 flag indicators2 to determine if there are any grounds for suspicion that a customer’s assets are proceeds of tax crimes. FIs must also conduct enhanced CDD measures if there is such a suspicion. A suspicious transaction report should be filed where there is knowledge or suspicion of tax crimes. FIs should independently assess whether to establish or continue business relations with a prospective or existing customer where there are reasonable grounds that the customer’s assets are proceeds of tax crimes. If so, FIs should obtain senior management’s approval and document the basis of the decision. 18 FIs with better practices would require all customers to declare their tax residency annually. Some would also obtain independent, country-specific legal or tax opinion from tax auditors, lawyers or bankers to confirm the tax-compliance of structures, or tax reporting responsibilities of customers. They would corroborate the customers’ tax declarations against these opinions. Some FIs would also request supporting documents to substantiate the customer’s source of funds or wealth, such as bank statements, recent business accounts filed with relevant authorities, or income tax assessments. A few FIs, subject to customer confidentiality provisions, also coordinated follow-up actions in respect of the tax risk of the same customer within the group to prevent regulatory arbitrage. (B) AML/CFT obligations for all IBs 19 Some IBs which are not EFAs are unclear about their AML/CFT obligations. All FIs, including IBs which are not EFAs, are required to comply with the Terrorism (Suppression of Financing) Act (Cap. 325), MAS Regulations issued under section 27A of the Monetary Authority of Singapore Act (Cap. 186)3 and MAS Notice MA-N-EXT 1/2012 (Prohibition on Transactions with the Iranian Government and with Iranian Financial Institutions) at all times. To ensure that IBs do not deal with sanctioned individuals and entities, IBs should screen the relevant persons before establishing business relations with any customer.

2 FIs may refer to the industry sound practices issued by the Private Banking Industry Group for the common red flag indicators – http://www.abs.org.sg/pdfs/Publications/PB_Code_20140721.pdf. 3 Please refer to the following link for the relevant MAS Regulations – http://www.mas.gov.sg/Regulations￾and-Financial-Stability/Anti-Money-Laundering-Countering-The-Financing-Of-Terrorism-And-Targeted￾Financial-Sanctions/Targeted-Financial-Sanctions/MAS-Regulations.aspx.

Monetary Authority of Singapore 7 Please refer to the new Targeted Financial Sanctions section4 on the MAS website for more information. IBs which are not EFAs should also take guidance from paragraph 6-15 of the revised Guidelines on screening. (C) Handling of Customers’ Moneys 20 We observed that some IBs had breached section 35ZD of the Insurance Act by failing to establish and maintain a separate insurance broking premium account (“IBPA”) with a bank licensed under the Banking Act (Cap. 19) for moneys received from customers on account of insurers, or vice versa. The IBPA requirements serve to safeguard customers’ moneys and must be complied with at all times. 21 We also noted that some IBs had taken more than two weeks to deposit customers’ moneys into the IBPA. MAS expects all IBs to deposit customers’ moneys into the IBPA in a timely manner by the next working day following the receipt of such moneys or the notification of the receipt of such moneys, whichever is later. (D) Next Steps 22 MAS expects the Board and senior management of IBs to exercise effective oversight of their operations and ensure compliance with the relevant rules and regulations at all times. With the revised FAA-N06 and revised Guidelines having taken effect from 24 April 2015, all IBs/EFAs should have amended and implemented their P&Ps and controls to comply with the revised requirements. IBs should also take into account the common findings highlighted in this circular and enhance their P&Ps and controls where necessary. They are also strongly encouraged to implement the good practices highlighted in this circular, in a manner commensurate with the size and scale of their operations.

4 Please refer to the following link – http://www.mas.gov.sg/Regulations-and-Financial-Stability/Anti-Money￾Laundering-Countering-The-Financing-Of-Terrorism-And-Targeted-Financial-Sanctions/Targeted-Financial￾Sanctions.aspx.

Monetary Authority of Singapore 8 23 Please acknowledge receipt of this circular. Yours faithfully (Sent via MASNET/email) MERLYN EE EXECUTIVE DIRECTOR CAPITAL MARKETS INTERMEDIARIES DEPARTMENT I