2015-10-28

Added

Circular to Corporate Finance Firms on Enhancing Anti-Money Laundering and Countering the Financing of Terrorism Measures and Business Conduct

The Monetary Authority of Singapore issued this circular to Capital Markets Services Licence holders and exempt corporate finance firms following thematic inspections of their anti-money laundering and business conduct controls. The document outlines common findings and good practices regarding customer due diligence, enterprise-wide risk assessments, tax risk management, and staff trading policies. It mandates that firms align their internal policies with the revised SFA04-N02 and Guidelines effective April 2015, ensuring consistent application of AML/CFT measures and enhanced oversight by senior management.

Monetary Authority of Singapore logo

Singapore

Monetary Authority of Singapore

Click to view thumbnail

Circular No. CMI 04/2015 28 October 2015 To: Holders of a Capital Markets Services Licence for conducting the regulated activity of Advising on Corporate Finance under the Securities and Futures Act (Cap. 289), and Persons Exempted from the Requirement to Hold a Capital Markets Services Licence under Paragraph 7(1)(b) of the Second Schedule to the Securities and Futures (Licensing and Conduct of Business) Regulations Dear Sirs ENHANCING ANTI-MONEY LAUNDERING & COUNTERING THE FINANCING OF TERRORISM MEASURES AND BUSINESS CONDUCT In 2014, the Monetary Authority of Singapore (“MAS”) appointed external auditors under section 320(1) of the Securities and Futures Act (Cap. 289) (“SFA”), section 65(1) of the Financial Advisers Act (Cap. 110) (“FAA”), section 73(3) of the Trust Companies Act (Cap. 336) (“TCA”) and section 50(1) of the Insurance Act (Cap. 142) (“IA”) to conduct thematic inspections of close to 300 financial institutions (“FIs”) that conduct regulated activities under these Acts. The inspections were conducted from September 2014 to January 2015, and covered both licensed and exempt corporate finance firms (“CF firms”). They were based on a set of agreed-upon procedures between MAS and the external auditors, and focused on the FIs’ internal controls and policies and procedures in the following areas: a) Anti-money laundering and countering the financing of terrorism (“AML/CFT”); b) Record keeping; and c) Staff trading. 2 MAS also reviewed CF firms’ assessment of their enterprise-wide money laundering and terrorism financing (“ML/TF”) risks, and the ML risk from tax crimes (“tax risks”) of their customers in the last two years. 10 Shenton Way MAS Building Singapore 079117 Telephone: (65) 6225 5577 Facsimile: (65) 6229 9229

Monetary Authority of Singapore 2 3 While most of the CF firms inspected have measures to comply with the relevant rules and regulations, there are some areas for improvement. This circular sets out common findings, as well as good practices observed during the thematic inspections and reviews. As the inspections and reviews were carried out prior to the revision of the Notice to Capital Markets Intermediaries on Prevention of Money Laundering and Countering the Financing of Terrorism (“revised SFA04-N02”) and Guidelines to the Notice (“revised Guidelines”) on 24 April 2015, this circular also draws your attention to some additional requirements and AML/CFT measures that FIs have to put in place under the revised SFA04-N02 and revised Guidelines. (A) AML/CFT Requirements (i) Policies and Procedures (“P&Ps”) 4 Most of the CF firms inspected have put in place P&Ps on AML/CFT. However, some of the AML/CFT controls were not formalised or applied consistently within the firm. The common areas include ongoing monitoring of business relations with customers and the frequency of AML/CFT training. We would like to remind CF firms to formalise all their AML/CFT practices and apply their P&Ps consistently. CF firms should also regularly review their P&Ps to ensure that they remain relevant and up-to-date with regulatory obligations. (ii) Customer Due Diligence (“CDD”) Identification and Verification of Identities of Customers 5 The CF firms inspected were generally cognisant of their responsibilities to identify and verify the identities of their customers, natural persons appointed to act on behalf of customers, as well as connected parties and beneficial owners of customers (collectively referred to as “relevant persons”). However, some CF firms met these obligations only partially. For instance, some CF firms did not have complete identification information of their customers or natural persons appointed to act on behalf of customers. CF firms are

Monetary Authority of Singapore 3 reminded to carry out CDD measures to identify and verify the identities of the relevant persons in a timely and effective manner. 6 We also noted from the inspection that some CF firms had conducted verification of the identities of the customers and their beneficial owners a few months after the establishment of business relations with these customers. As set out in paragraph 6.34 of the revised SFA04-N02, we would like to remind all CF firms to complete such verification measures as soon as reasonably practicable. Paragraph 6-13-2 of the revised Guidelines provide further guidance on the timeline for the completion of such verification measures. Where business relations are established prior to the completion of the verification measures, CF firms should document their reasons for doing so. Customer Risk Assessment 7 Some CF firms had performed simplified CDD on customers without documenting the details of their risk assessments or the nature of simplified CDD measures performed. CF firms should only perform simplified CDD measures if they are satisfied that the risks of ML/TF are low. As stated in paragraph 7 of the revised SFA04-N02, CF firms are required to analyse the ML/TF risks of customers and document their basis for applying simplified CDD. 8 CF firms should also formalise their risk assessment criteria in determining whether to apply simplified, standard or enhanced CDD. These risk assessment criteria should be applied consistently within the firm. In addition, the choice of CDD measures should be supported by documentation of the ML/TF risk assessments of customers. Screening 9 MAS observed a mix of good practices and shortcomings among the CF firms inspected in relation to the screening of relevant persons. Some CF firms did not screen the relevant persons or document the screening results. Under paragraph 6.39 of the revised SFA04-N02, CF firms are required to screen the relevant persons against the appropriate ML/TF information sources or lists. They should also perform the necessary screening to ensure compliance with the Terrorism (Suppression of Financing) Act (Cap. 325), MAS Regulations issued under section 27A of the Monetary Authority of Singapore Act (Cap.

Monetary Authority of Singapore 4 186)1 and MAS Notice MA-N-EXT 1/2012 (Prohibition on Transactions with the Iranian Government and with Iranian Financial Institutions) at all times. Please refer to the new Targeted Financial Sanctions section2 on the MAS website for more information. 10 In terms of good practices, some CF firms utilise commercial databases to identify adverse information on individuals and entities as part of their screening processes. Some also employ automated AML/CFT surveillance systems to conduct daily screening on the relevant persons to promptly detect any change in the risk classification of these persons. Reliance on Third Parties versus Outsourcing to Service Providers to Perform CDD Measures 11 Some CF firms have sought clarifications on the difference between relying on a third party and engaging an outsourced service provider to perform CDD measures. This is explained in paragraph 9 of the revised Guidelines. We would like to highlight that in an outsourcing scenario, the CF firm should clearly document the roles and responsibilities of the outsourced provider in a formal agreement. Necessary safeguards should be put in place to ensure that the outsourced service provider is carrying out its responsibilities effectively. Ongoing Monitoring 12 Some CF firms had failed to perform periodic reviews to ensure that CDD information on customers remained relevant and up-to-date. CF firms are required to monitor their business relations with customers on an ongoing basis. Paragraph 6-10 of the revised Guidelines provide guidance on the measures and frequency for ongoing monitoring. CF firms are also reminded to maintain proper documentation of these measures.

1 Please refer to the following link for the relevant MAS Regulations – http://www.mas.gov.sg/Regulations￾and-Financial-Stability/Anti-Money-Laundering-Countering-The-Financing-Of-Terrorism-And-Targeted￾Financial-Sanctions/Targeted-Financial-Sanctions/MAS-Regulations.aspx. 2 Please refer to the following link – http://www.mas.gov.sg/Regulations-and-Financial-Stability/Anti-Money￾Laundering-Countering-The-Financing-Of-Terrorism-And-Targeted-Financial-Sanctions/Targeted-Financial￾Sanctions.aspx.

Monetary Authority of Singapore 5 Documentation of CDD Measures 13 Some CF firms had retained CDD documentation in foreign languages. CF firms are reminded to maintain all records in the English language to comply with paragraph 11 of the revised SFA04-N02. (iii) Enterprise-Wide ML/TF Risk Assessment 14 Paragraph 4.1 of the revised SFA04-N02 includes new obligations for CF firms to identify and assess the overall ML/TF risks they face as an institution, and take steps to mitigate these risks. The enterprise-wide ML/TF risk assessment forms the basis for the FI’s overall risk-based approach. CF firms should continue to fine-tune and review their risk assessments on a regular basis. 15 MAS observed from our inspections and engagements with FIs in 2014 that most FIs were still in the process of identifying, assessing and documenting their enterprise-wide ML/TF risks. Further, some FIs had not developed or documented their enterprise-wide ML/TF risk assessment methodologies. Some FIs had not considered the results of Singapore’s National Risk Assessment (“NRA”) when assessing their enterprise-wide ML/TF risks. Improvements were noted from a subsequent thematic review conducted this year. Many FIs have since identified, assessed and documented the ML/TF risks arising from their business activities and the controls to address these risks.

16 We observed from the thematic review that certain FIs had considered various factors in their enterprise-wide ML/TF risk assessments. Some examples of the risk areas and specific factors used by these FIs are as follows:

Monetary Authority of Singapore 6 Risk / Control Areas Specific Factors Customers, countries, jurisdictions • Supplement the FI’s own risk analysis with additional information from the NRA Report relating to risks in various industry segments • Inclusion of tax havens in high risk countries / jurisdictions Products, services, transactions • Number of suspicious transaction reports filed • Expected growth in transaction volumes for significant revenue-generating products Mitigation, controls • Frequency of AML/CFT training • Staff resources to manage escalation of potential ML/TF risks • Method of customer screening (manual versus automatic) 17 Some FIs have implemented a scoring matrix that integrates the various quantitative and qualitative risk factors in assessing the overall enterprise-wide ML/TF risk. In addition, certain FIs have processes to review their enterprise-wide ML/TF risk assessment every six months or at the trigger of a material event, whichever is earlier. CF firms are strongly encouraged to consider these additional factors in assessing their enterprise-wide ML/TF risks. (iv) Tax Risk Assessment 18 FIs had performed a tax risk review of their customers when tax crimes were designated as ML predicate offences in Singapore. However, some FIs did not subsequently incorporate tax risk assessment into their P&Ps for CDD and ongoing monitoring. All FIs are required to implement effective controls and preventive measures in respect of tax crimes. FIs can employ various measures to assess tax risk, including but not limited to using red￾flag indicators3 to determine if there are any grounds for suspicion that a customer’s assets are proceeds of tax crimes. FIs must also conduct enhanced CDD measures if there is such a suspicion. A suspicious transaction report should be filed where there is knowledge or

3 FIs may refer to the industry sound practices issued by the Private Banking Industry Group for the common red flag indicators – http://www.abs.org.sg/pdfs/Publications/PB_Code_20140721.pdf.

Monetary Authority of Singapore 7 suspicion of tax crimes. FIs should independently assess whether to establish or continue business relations with a prospective or existing customer where there are reasonable grounds that the customer’s assets are proceeds of tax crimes. If so, FIs should obtain senior management’s approval and document the basis of the decision. 19 FIs with better practices would require all customers to declare their tax residency annually. Some would also obtain independent, country-specific legal or tax opinion from tax auditors, lawyers or bankers to confirm the tax-compliance of structures, or tax reporting responsibilities of customers. They would corroborate the customers’ tax declarations against these opinions. Some FIs would also request supporting documents to substantiate the customer’s source of funds or wealth, such as bank statements, recent business accounts filed with relevant authorities, or income tax assessments. A few FIs, subject to customer confidentiality provisions, also coordinated follow-up actions in respect of the tax risk of the same customer within the group to prevent regulatory arbitrage. (B) Staff Trading 20 We observed that a few CF firms did not have formalised staff trading P&Ps to manage conflicts of interests and ensure compliance with the applicable laws. However, MAS observed that other CF firms had in place the following controls: • staff trading P&Ps requiring directors and relevant staff to obtain approval prior to executing personal trades in securities; all staff are not allowed to trade securities placed on the black lists while staff involved in the relevant CF deals cannot trade in securities on the restricted lists; • conducting periodic reviews of staff personal trades to ensure compliance with the firm’s staff trading P&Ps; and • prohibiting staff from trading in their personal accounts altogether.

Monetary Authority of Singapore 8 (C) Next Steps 21 MAS expects the Board and senior management of CF firms to exercise effective oversight of their operations and ensure compliance with the relevant rules and regulations at all times. With the revised SFA04-N02 and revised Guidelines having taken effect from 24 April 2015, all CF firms should have amended and implemented their P&Ps and controls to comply with the revised requirements. CF firms should also take into account the common findings highlighted in this circular and enhance their P&Ps and controls where necessary. They are also strongly encouraged to implement the good practices highlighted in this circular, in a manner commensurate with the size and scale of their operations. 22 Please acknowledge receipt of this circular. Yours faithfully (Sent via MASNET/email) KOH HONG ENG DIRECTOR CAPITAL MARKETS INTERMEDIARIES DEPARTMENT III