2015-10-28

Added

Circular to Fund Management Companies on Enhancing Anti-Money Laundering and Countering the Financing of Terrorism Measures and Business Conduct

The Monetary Authority of Singapore issued this circular to fund management companies following thematic inspections that identified deficiencies in anti-money laundering and counter-terrorist financing controls. The document mandates the formalization of policies, rigorous customer due diligence, and comprehensive enterprise-wide risk assessments, including specific requirements for tax crime risk evaluation. It further clarifies regulatory obligations regarding the segregation of customer assets and requires firms to implement enhanced internal controls and good practices to ensure ongoing compliance with revised guidelines.

Monetary Authority of Singapore logo

Singapore

Monetary Authority of Singapore

Click to view thumbnail

Circular No. CMI 03/2015 28 October 2015 To: Holders of a Capital Markets Services Licence for conducting the regulated activity of Fund Management under the Securities and Futures Act (Cap. 289), and Persons Exempted from the Requirement to Hold a Capital Markets Services Licence under Paragraph 5(1)(i) of the Second Schedule to the Securities and Futures (Licensing and Conduct of Business) Regulations (“Registered Fund Management Companies”) Dear Sirs ENHANCING ANTI-MONEY LAUNDERING & COUNTERING THE FINANCING OF TERRORISM MEASURES AND BUSINESS CONDUCT In 2014, the Monetary Authority of Singapore (“MAS”) appointed external auditors under section 320(1) of the Securities and Futures Act (Cap. 289) (“SFA”), section 65(1) of the Financial Advisers Act (Cap. 110) (“FAA”), section 73(3) of the Trust Companies Act (Cap. 336) (“TCA”) and section 50(1) of the Insurance Act (Cap. 142) (“IA”) to conduct thematic inspections of close to 300 financial institutions (“FIs”) that conduct regulated activities under these Acts. The inspections were conducted from September 2014 to January 2015, and covered both licensed and registered fund management companies. They were based on a set of agreed-upon procedures between MAS and the external auditors, and focused on the FIs’ internal controls and policies and procedures in the following areas: a) Anti-money laundering and countering the financing of terrorism (“AML/CFT”); b) Handling of customers’ moneys and assets; and c) Record keeping. 2 MAS also reviewed fund management companies’ assessment of their enterprise￾wide money laundering and terrorism financing (“ML/TF”) risks, and the ML risk from tax crimes (“tax risks”) of their customers in the last two years. 10 Shenton Way MAS Building Singapore 079117 Telephone: (65) 6225 5577 Facsimile: (65) 6229 9229

Monetary Authority of Singapore 2 3 While most of the fund management companies inspected have measures to comply with the relevant rules and regulations, there are some areas for improvement. This circular sets out common findings, as well as good practices observed during the thematic inspections and reviews. As the inspections and reviews were carried out prior to the revision of the Notice to Capital Markets Intermediaries on Prevention of Money Laundering and Countering the Financing of Terrorism (“revised SFA04-N02”) and Guidelines to the Notice (“revised Guidelines”) on 24 April 2015, this circular also draws your attention to some additional requirements and AML/CFT measures that FIs have to put in place under the revised SFA04-N02 and revised Guidelines. AML/CFT Requirements (i) Policies and Procedures (“P&Ps”) 4 Most of the fund management companies inspected have put in place P&Ps on AML/CFT. However, some of the AML/CFT controls were not formalised or applied consistently within the firm. The common areas include ongoing monitoring of business relations with customers and the frequency of AML/CFT training. We would like to remind fund management companies to formalise all their AML/CFT practices and apply their P&Ps consistently. Fund management companies should also regularly review their P&Ps to ensure that they remain relevant and up-to-date with regulatory obligations. (ii) Customer Due Diligence (“CDD”) Identification and Verification of Identities of Customers 5 The fund management companies inspected were generally cognisant of their responsibilities to identify and verify the identities of their customers, natural persons appointed to act on behalf of customers, as well as connected parties and beneficial owners of customers (collectively referred to as “relevant persons”). However, some fund management companies met these obligations only partially. For instance, some fund management companies did not have complete identification information of their

Monetary Authority of Singapore 3 customers or natural persons appointed to act on behalf of customers. Fund management companies are reminded to carry out CDD measures to identify and verify the identities of the relevant persons in a timely and effective manner. Fund management companies should also take note that the definition of “customers” for a fund management company in the revised SFA04-N02 includes the underlying investors into the investment vehicles (other than listed entities) that the fund management company manages. Customer Risk Assessment 6 Some fund management companies had performed simplified CDD on customers without documenting the details of their risk assessments or the nature of simplified CDD measures performed. Fund management companies should only perform simplified CDD measures if they are satisfied that the risks of ML/TF are low. As stated in paragraph 7 of the revised SFA04-N02, fund management companies are required to analyse the ML/TF risks of customers and document their basis for applying simplified CDD. 7 Fund management companies should also formalise their risk assessment criteria in determining whether to apply simplified, standard or enhanced CDD. These risk assessment criteria should be applied consistently within the firm. In addition, the choice of CDD measures should be supported by documentation of the ML/TF risk assessments of customers. Screening 8 MAS observed a mix of good practices and shortcomings among the fund management companies inspected in relation to the screening of relevant persons. Some fund management companies did not screen the relevant persons or document the screening results. Under paragraph 6.39 of the revised SFA04-N02, fund management companies are required to screen the relevant persons against the appropriate ML/TF information sources or lists. They should also perform the necessary screening to ensure compliance with the Terrorism (Suppression of Financing) Act (Cap. 325), MAS Regulations

Monetary Authority of Singapore 4 issued under section 27A of the Monetary Authority of Singapore Act (Cap. 186)1 and MAS Notice MA-N-EXT 1/2012 (Prohibition on Transactions with the Iranian Government and with Iranian Financial Institutions) at all times. Please refer to the new Targeted Financial Sanctions section2 on the MAS website for more information. 9 In terms of good practices, some fund management companies utilise commercial databases to identify adverse information on individuals and entities as part of their screening processes. Some also employ automated AML/CFT surveillance systems to conduct daily screening on the relevant persons to promptly detect any change in the risk classification of these persons. Reliance on Third Parties versus Outsourcing to Service Providers to Perform CDD Measures 10 Some fund management companies have sought clarification on the difference between relying on a third party and engaging an outsourced service provider to perform CDD measures. This is explained in paragraph 9 of the revised Guidelines. We would like to highlight that in an outsourcing scenario, the fund management company should clearly document the roles and responsibilities of the outsourced provider in a formal agreement. Necessary safeguards should be put in place to ensure that the outsourced service provider is carrying out its responsibilities effectively. 11 Among the fund management companies with better practices, some had performed sample reviews to assess the adequacy of the CDD measures undertaken by outsourced service providers such as their fund administrators or transfer agents.

1 Please refer to the following link for the relevant MAS Regulations – http://www.mas.gov.sg/Regulations￾and-Financial-Stability/Anti-Money-Laundering-Countering-The-Financing-Of-Terrorism-And-Targeted￾Financial-Sanctions/Targeted-Financial-Sanctions/MAS-Regulations.aspx. 2 Please refer to the following link – http://www.mas.gov.sg/Regulations-and-Financial-Stability/Anti-Money￾Laundering-Countering-The-Financing-Of-Terrorism-And-Targeted-Financial-Sanctions/Targeted-Financial￾Sanctions.aspx.

Monetary Authority of Singapore 5 Ongoing Monitoring 12 Some fund management companies had failed to monitor customers’ transactions or perform periodic reviews to ensure that CDD information on customers remained relevant and up-to-date. Fund management companies are required to monitor their business relations with customers on an ongoing basis. Paragraph 6-10 of the revised Guidelines provide guidance on the measures and frequency for ongoing monitoring. Fund management companies are also reminded to maintain proper documentation of these measures. Among the better practices, a few fund management companies have processes to suspend dormant customer accounts after repeated failures to contact the customers, and screen customers and beneficial owners prior to the redemption of funds. Documentation of CDD Measures 13 Some fund management companies had retained CDD documentation in foreign languages. Fund management companies are reminded to maintain all records in the English language to comply with paragraph 11 of the revised SFA04-N02. (iii) Enterprise-Wide ML/TF Risk Assessment 14 Paragraph 4.1 of the revised SFA04-N02 includes new obligations for fund management companies to identify and assess the overall ML/TF risks they face as an institution, and take steps to mitigate these risks. The enterprise-wide ML/TF risk assessment forms the basis for the FI’s overall risk-based approach. Fund management companies should continue to fine-tune and review their risk assessments on a regular basis. 15 MAS observed from our inspections and engagements with FIs in 2014 that most FIs were still in the process of identifying, assessing and documenting their enterprise-wide ML/TF risks. Further, some FIs had not developed or documented their enterprise-wide ML/TF risk assessment methodologies. Some FIs had not considered the results of Singapore’s National Risk Assessment (“NRA”) when assessing their enterprise-wide ML/TF risks. Improvements were noted from a subsequent thematic review conducted this year.

Monetary Authority of Singapore 6 Many FIs have since identified, assessed and documented the ML/TF risks arising from their business activities and the controls to address these risks.

16 We observed from the thematic review that certain FIs had considered various factors in their enterprise-wide ML/TF risk assessments. Some examples of the risk areas and specific factors used by these FIs are as follows: Risk / Control Areas Specific Factors Customers, countries, jurisdictions • Supplement the FI’s own risk analysis with additional information from the NRA Report relating to risks in various industry segments • Inclusion of tax havens in high risk countries / jurisdictions Products, services, transactions • Number of suspicious transaction reports filed • Expected growth in transaction volumes for significant revenue-generating products Mitigation, controls • Frequency of AML/CFT training • Staff resources to manage escalation of potential ML/TF risks • Method of customer screening (manual versus automatic) 17 Some FIs have implemented a scoring matrix that integrates the various quantitative and qualitative risk factors in assessing the overall enterprise-wide ML/TF risk. In addition, certain FIs have processes to review their enterprise-wide ML/TF risk assessment every six months or at the trigger of a material event, whichever is earlier. Fund management companies are strongly encouraged to consider these practices in assessing their enterprise￾wide ML/TF risks. (iv) Tax Risk Assessment 18 FIs had performed a tax risk review of their customers when tax crimes were designated as ML predicate offences in Singapore. However, some FIs did not subsequently incorporate tax risk assessment into their P&Ps for CDD and ongoing monitoring. All FIs are required to implement effective controls and preventive measures in respect of tax crimes.

Monetary Authority of Singapore 7 FIs can employ various measures to assess tax risk, including but not limited to using red￾flag indicators3 to determine if there are any grounds for suspicion that a customer’s assets are proceeds of tax crimes. FIs must also conduct enhanced CDD measures if there is such a suspicion. A suspicious transaction report should be filed where there is knowledge or suspicion of tax crimes. FIs should independently assess whether to establish or continue business relations with a prospective or existing customer where there are reasonable grounds that the customer’s assets are proceeds of tax crimes. If so, FIs should obtain senior management’s approval and document the basis of the decision. 19 FIs with better practices would require all customers to declare their tax residency annually. Some would also obtain independent, country-specific legal or tax opinion from tax auditors, lawyers or bankers to confirm the tax-compliance of structures, or tax reporting responsibilities of customers. They would corroborate the customers’ tax declarations against these opinions. Some FIs would also request supporting documents to substantiate the customer’s source of funds or wealth, such as bank statements, recent business accounts filed with relevant authorities, or income tax assessments. A few FIs, subject to customer confidentiality provisions, also coordinated follow-up actions in respect of the tax risk of the same customer within the group to prevent regulatory arbitrage. (B) Clarification on Handling of Customers’ Moneys or Assets 20 Most fund management companies have arrangements whereby customers’ moneys and assets are either held in the names of the customers at custodian banks, or with custodians and prime brokers in the names of the fund vehicles. In these cases, the fund management companies are considered to have fulfilled the requirements relating to segregation of assets under their management.

3 FIs may refer to the industry sound practices issued by the Private Banking Industry Group for the common red flag indicators – http://www.abs.org.sg/pdfs/Publications/PB_Code_20140721.pdf.

Monetary Authority of Singapore 8 21 A small number of fund management companies had received and held customers’ moneys and assets on trust for their customers. MAS observed that some of these fund management companies had failed to comply with various regulatory requirements in respect of holding customers’ moneys and assets, such as failing to ensure acknowledgement of the trust account status, and failing to deposit moneys received from a customer in the trust account by the next business day. Fund management companies that receive and/or hold moneys and assets on trust for their customers must ensure that they observe all of the applicable requirements set out in Part III of the Securities and Futures (Licensing and Conduct of Business) Regulations. (C) Next Steps 22 MAS expects the Board and senior management of fund management companies to exercise effective oversight of their operations and ensure compliance with the relevant rules and regulations at all times. With the revised SFA04-N02 and revised Guidelines having taken effect from 24 April 2015, all fund management companies should have amended and implemented their P&Ps and controls to comply with the revised requirements. Fund management companies should also take into account the common findings highlighted in this circular and enhance their P&Ps and controls where necessary. They are also strongly encouraged to implement the good practices highlighted in this circular, in a manner commensurate with the size and scale of their operations. 23 Please acknowledge receipt of this circular. Yours faithfully (Sent via MASNET/email) LIM CHENG KHAI DIRECTOR CAPITAL MARKETS INTERMEDIARIES DEPARTMENT II