2023-08-31
Added
The Monetary Authority of Singapore issued this circular to require financial institutions to strengthen governance and detection processes for sanctions-related risks. Institutions must establish clear Board oversight, define risk appetites, and implement robust escalation procedures to manage both local and unilateral sanctions. Additionally, FIs are expected to enhance detection capabilities through data analytics and risk-based lookback mechanisms to identify potential sanctions evasion activities.
10 Shenton Way MAS Building Singapore 079117 Telephone 65 6225 5577 Facsimile 65 6229 9229 Circular No.: AMLD 11/2023 Date: 31 August 2023 To Chief Executive Officers of all Financial Institutions Dear Sir/Madam, ENSURING EFFECTIVE DETECTION OF SANCTIONS-RELATED RISKS Financial institutions (FIs) in Singapore need to ensure that they have processes in place to effectively detect and manage sanctions-related risks. FIs have to keep abreast of developments relating to all sanctions, including unilateral sanctions imposed by other jurisdictions that can impact its operations, and customer relationships. While the Monetary Authority of Singapore (MAS) does not implement unilateral sanctions imposed by other jurisdictions, we expect FIs to consider the reputational, legal and operational risks arising from any actions they might take following these unilateral sanctions, and to take appropriate measures to manage these risks. 2 This circular sets out additional guidance that FIs should consider incorporating in their processes to better detect and manage sanctions-related risks. Specifically, FIs should: (A) Ensure strong Board and Senior Management (BSM) oversight of sanctions-related risks 3 FIs should have an established governance process for the BSM to exercise oversight of sanctions-related risks relating to the FI’s business. A sound governance process should include: (a) BSM setting a clear risk appetite in relation to its sanctions-related risks, including on indirect exposure to sanctioned persons, activities, or jurisdictions. FIs are reminded of Singapore’s zero-tolerance towards breaches of sanctions applicable in Singapore, and should report any assets frozen under Singapore laws to the authorities and file a Suspicious Transaction Report (STR). In determining its approach in relation to unilateral sanctions imposed by other jurisdictions, the BSM should, in assessing the reputational, legal, and operational risks, carefully balance the potential impact on its business operations (including in other jurisdictions) against that from fast developing and/or escalating sanctions against any specific jurisdictions. (b) BSM setting clear roles and responsibilities within the FI with regard to detecting, monitoring, and managing sanctions-related risks. The relevant functions should be involved, and adequately resourced to perform the role. FIs should also ensure that staff
are adequately trained to identify sanctions-related typologies. It is important for FIs to raise risk awareness and reinforce staff accountability across all lines of defence, including front line and operations staff. (c) Having an established risk metrics to help BSM regularly monitor for significant sanctionrelated risks exposures, and to manage the risk on an ongoing basis. (d) Defining an escalation process for the first and second line functions to surface material sanctions-related risk events to the BSM expediently. Such material risk events should include situations when new sanctions are being imposed on a jurisdiction that the FI is operating in, as well as when new sanctions-evasion cases and typologies have been detected by the FI. (B) Continue to strengthen its sanction-risk detection capabilities 4 MAS has observed an increased use of data analytics (DA) by FIs in their detection of sanctionsrelated risksin addition to traditional name and transaction screening controls. Such use of DA includes the use of network link analysis to identify additional customers with relational or transactional links to sanctioned persons, and potential sanctions evasion activities. In the banking sector, some FIs have also taken further steps to enhance its detection capabilities by instituting retrospective reviews of wire transfer transactions to proactively identify existing customers that previously transacted with sanctioned persons1 , for closer review (“lookback mechanism”)2 . Such a lookback mechanism has enabled FIs to detect potentially higher risk customers or transactions that seek to evade traditional payment screening controls by re-routing (or layering) their transactions through third-party accounts. 5 When instituting a lookback mechanism, FIs should take a risk-based approach. The approach should take into account the materiality and impact of different sanctions on its business operations, as well as reputational, legal and operational risks. In addition, FIs should establish clear baseline parameters to ensure the effectiveness of its lookback mechanism, including the following: (a) Setting clearly defined trigger events for the lookback mechanism. This should minimally include new designations of persons that present higher sanctions risks to the FI. (b) Defining the scope of transactions that are subjected to the lookback mechanism, and the period of lookback. It should at minimum cover the FI’s corporate customer accounts and transactions occurring at least 12 months preceding the date of designation. (c) Ensuring that the lookback mechanism is initiated soon after the trigger event. The review of identified customer accounts with past transactions with sanctioned persons should be completed no later than two months after date of designation. 1 These potentially higher risk customers might cease transacting with sanctioned persons before the latter’s sanction designations and route the same type of transactions to third-party accounts. As the customers would no longer be transacting with the sanctioned persons directly, the transactions would not be flagged by the FI’s payment screening controls. 2 Please refer to paragraph 3.6 of MAS’ ‘Sound Practices to Counter Proliferation Financing’ issued in August 2018 for previous guidance on such retrospective reviews.
(d) Ensuring that deviations from baselines are escalated to BSM such that BSM is kept apprised of the potential risks involved, and that they are in line with the FI’s defined risk appetite. 6 FIs should review their AML/CFT frameworks and controls against the additional guidance set out in this circular, and take steps to enhance its controls as appropriate if any gaps are noted. We trust your FI will do its part to safeguard the integrity of Singapore’s financial centre. Yours faithfully THONG LENG YENG EXECUTIVE DIRECTOR ANTI-MONEY LAUNDERING DEPARTMENT