2015-10-28

Added

CMI 07/2015 Circular to Licensed Trust Companies on Enhancing Anti-Money Laundering and Countering the Financing of Terrorism Measures

The Monetary Authority of Singapore issued this circular to Licensed Trust Companies following thematic inspections that identified gaps in their anti-money laundering and countering the financing of terrorism controls. The document mandates the formalization of policies, consistent application of customer due diligence, and robust enterprise-wide risk assessments in alignment with the revised TCA-N03 and Guidelines. It further requires enhanced screening, ongoing monitoring, and specific measures to address tax crime risks, urging firms to adopt observed good practices to ensure regulatory compliance.

Monetary Authority of Singapore logo

Singapore

Monetary Authority of Singapore

Click to view thumbnail

Circular No. CMI 07/2015 28 October 2015 To: Holders of a Trust Business Licence under the Trust Companies Act (Cap. 336) Dear Sirs ENHANCING ANTI-MONEY LAUNDERING & COUNTERING THE FINANCING OF TERRORISM MEASURES In 2014, the Monetary Authority of Singapore (“MAS”) appointed external auditors under section 320(1) of the Securities and Futures Act (Cap. 289) (“SFA”), section 65(1) of the Financial Advisers Act (Cap. 110) (“FAA”), section 73(3) of the Trust Companies Act (Cap. 336) (“TCA”) and section 50(1) of the Insurance Act (Cap. 142) (“IA”) to conduct thematic inspections of close to 300 financial institutions (“FIs”) that conduct regulated activities under these Acts. The inspections were conducted from September 2014 to January 2015, and covered licensed trust companies (“LTCs”). They were based on a set of agreed-upon procedures between MAS and the external auditors, and focused on the FIs’ internal controls and policies and procedures in the following areas: a) Anti-money laundering and countering the financing of terrorism (“AML/CFT”); b) Handling of trust funds; and c) Record keeping. 2 MAS also reviewed LTCs’ assessment of their enterprise-wide money laundering and terrorism financing (“ML/TF”) risks, and the ML risk from tax crimes (“tax risks”) of their trust accounts in the last two years. 3 While most of the LTCs inspected have measures to comply with the relevant rules and regulations, there are some areas for improvement. This circular sets out common findings, as well as good practices observed during the thematic inspections and reviews. As 10 Shenton Way MAS Building Singapore 079117 Telephone: (65) 6225 5577 Facsimile: (65) 6229 9229

Monetary Authority of Singapore 2 the inspections and reviews were carried out prior to the revision of the Notice to Trust Companies on Prevention of Money Laundering and Countering the Financing of Terrorism (“revised TCA-N03”) and Guidelines to the Notice (“revised Guidelines”) on 24 April 2015, this circular also draws your attention to some additional requirements and AML/CFT measures that LTCs have to put in place under the revised TCA-N03 and revised Guidelines. (A) AML/CFT Requirements (i) Policies and Procedures (“P&Ps”) 4 Most of the LTCs inspected have put in place P&Ps on AML/CFT. However, some of the AML/CFT controls were not formalised or applied consistently within the firm. The common areas include ongoing monitoring of business relations with trust relevant parties and the frequency of AML/CFT training. We would like to remind LTCs to formalise all their AML/CFT practices and apply their P&Ps consistently. LTCs should also regularly review and update their P&Ps to ensure that they remain relevant and up-to-date with regulatory obligations. (ii) Customer Due Diligence (“CDD”) Identification and Verification of Identities of Trust Relevant Parties 5 The LTCs inspected were generally cognisant of their responsibilities to identify and verify the identities of the trust relevant parties, natural persons appointed to act on behalf of trust relevant parties, connected parties of trust relevant parties, effective controllers of a settlor and effective controllers of a trustee (collectively referred to as “relevant persons”). However, some LTCs met these obligations only partially. For instance, some LTCs did not have complete identification information of their trust relevant parties and natural persons appointed to act on behalf of trust relevant parties. In addition, some LTCs did not identify and verify the identities of the protector of the trust, and the effective controller of the settlor. LTCs are reminded to carry out CDD measures to identify and verify the identities of the relevant persons in a timely and effective manner.

Monetary Authority of Singapore 3 6 Under paragraph 8.3 of the revised TCA-N03, LTCs are required to conduct enhanced CDD measures on politically exposed persons (“PEPs”). We noted that where enhanced CDD was performed on PEPs, most LTCs had established the source of wealth and funds of the trust relevant parties and the effective controllers of the settlors. However, a few LTCs did not conduct a robust review of the settlors’ source of wealth or funds. In this regard, LTCs should consider corroborating the information regarding the source of wealth or funds as set out under paragraph 8-5-7 of the revised Guidelines, based on their risk assessment of the PEPs. Risk Assessment of Trust Relevant Parties 7 Some LTCs had performed simplified CDD on trust relevant parties without documenting the details of their risk assessments or the nature of simplified CDD measures performed. LTCs should only perform simplified CDD measures if they are satisfied that the risks of ML/TF are low. As stated in paragraph 7 of the revised TCA-N03, LTCs are required to analyse the ML/TF risks of trust relevant parties and document their basis for applying simplified CDD. 8 LTCs should also formalise their risk assessment criteria in determining whether to apply simplified, standard or enhanced CDD. These risk assessment criteria should be applied consistently within the firm. In addition, the choice of CDD measures should be supported by documentation of the ML/TF risk assessments of trust relevant parties. Screening 9 MAS observed a mix of good practices and shortcomings among the LTCs inspected in relation to the screening of relevant persons. Some LTCs did not screen the relevant persons or document the screening results. Under paragraph 6.34 of the revised TCA-N03, LTCs are required to screen the relevant persons against the appropriate ML/TF information sources or lists. They should also perform the necessary screening to ensure compliance with the Terrorism (Suppression of Financing) Act (Cap. 325), MAS Regulations issued under

Monetary Authority of Singapore 4 section 27A of the Monetary Authority of Singapore Act (Cap. 186)1 and MAS Notice MA-N￾EXT 1/2012 (Prohibition on Transactions with the Iranian Government and with Iranian Financial Institutions) at all times. Please refer to the new Targeted Financial Sanctions section2 on the MAS website for more information. 10 In terms of good practices, some LTCs utilise commercial databases to identify adverse information on individuals and entities as part of their screening processes. Some also employ automated AML/CFT surveillance systems to conduct daily screening on the relevant persons to promptly detect any change in the risk classification of these persons. Reliance on Third Parties versus Outsourcing to Service Providers to Perform CDD Measures 11 Some LTCs have sought clarifications on the difference between relying on a third party and engaging an outsourced service provider to perform CDD measures. This is explained in paragraph 9 of the revised Guidelines. We would like to highlight that in an outsourcing scenario, the LTC should clearly document the roles and responsibilities of the outsourced provider in a formal agreement. Necessary safeguards should be put in place to ensure that the outsourced service provider is carrying out its responsibilities effectively. Ongoing Monitoring 12 Some LTCs had failed to monitor trust relevant parties’ transactions or perform periodic reviews to ensure that CDD information on trust relevant parties remained relevant and up-to-date. LTCs are required to monitor their business relations with trust relevant parties on an ongoing basis. Paragraph 6-9 of the revised Guidelines provide guidance on the measures and frequency for ongoing monitoring. LTCs are also reminded to maintain proper documentation of these measures.

1 Please refer to the following link for the relevant MAS Regulations – http://www.mas.gov.sg/Regulations￾and-Financial-Stability/Anti-Money-Laundering-Countering-The-Financing-Of-Terrorism-And-Targeted￾Financial-Sanctions/Targeted-Financial-Sanctions/MAS-Regulations.aspx. 2 Please refer to the following link – http://www.mas.gov.sg/Regulations-and-Financial-Stability/Anti-Money￾Laundering-Countering-The-Financing-Of-Terrorism-And-Targeted-Financial-Sanctions/Targeted-Financial￾Sanctions.aspx.

Monetary Authority of Singapore 5 13 A good practice observed was that some LTCs had conducted independent call-backs to beneficiaries prior to distributions of assets, particularly for payments exceeding a certain monetary threshold. Documentation of CDD Measures 14 Some LTCs had retained CDD documentation in foreign languages. LTCs are reminded to maintain all records in the English language to comply with paragraph 10 of the revised TCA-N03. (iii) Enterprise-Wide ML/TF Risk Assessment 15 Paragraph 4.1 of the revised TCA-N03 includes new obligations for LTCs to identify and assess the overall ML/TF risks they face as an institution, and take steps to mitigate these risks. The enterprise-wide ML/TF risk assessment forms the basis for the FI’s overall risk-based approach. LTCs should continue to fine-tune and review their risk assessments on a regular basis. 16 MAS observed from our inspections and engagements with FIs in 2014 that most FIs were still in the process of identifying, assessing and documenting their enterprise-wide ML/TF risks. Further, some FIs had not developed or documented their enterprise-wide ML/TF risk assessment methodologies. Some FIs had not considered the results of Singapore’s National Risk Assessment (“NRA”) when assessing their enterprise-wide ML/TF risks. Improvements were noted from a subsequent thematic review conducted this year. Many FIs have since identified, assessed and documented the ML/TF risks arising from their business activities and the controls to address these risks.

Monetary Authority of Singapore 6 17 We observed from the thematic review that certain FIs had considered various factors in their enterprise-wide ML/TF risk assessments. Some examples of the risk areas and specific factors used by these FIs are as follows: Risk / Control Areas Specific Factors Customers, countries, jurisdictions • Supplement the FI’s own risk analysis with additional information from the NRA Report relating to risks in various industry segments • Inclusion of tax havens in high risk countries / jurisdictions Products, services, transactions • Number of suspicious transaction reports filed • Expected growth in transaction volumes for significant revenue-generating products Mitigation, controls • Frequency of AML/CFT training • Staff resources to manage escalation of potential ML/TF risks • Method of customer screening (manual versus automatic) 18 Some FIs have implemented a scoring matrix that integrates the various quantitative and qualitative risk factors in assessing the overall enterprise-wide ML/TF risk. In addition, certain FIs have processes to review their enterprise-wide ML/TF risk assessment every six months or at the trigger of a material event, whichever is earlier. LTCs are strongly encouraged to consider these additional factors in assessing their enterprise-wide ML/TF risks. (iv) Tax Risk Assessment 19 FIs had performed a tax risk review of their customers when tax crimes were designated as ML predicate offences in Singapore. However, some FIs did not subsequently incorporate tax risk assessment into their P&Ps for CDD and ongoing monitoring. All FIs are required to implement effective controls and preventive measures in respect of tax crimes. FIs can employ various measures to assess tax risk, including but not limited to using red-

Monetary Authority of Singapore 7 flag indicators3 to determine if there are any grounds for suspicion that a customer’s assets are proceeds of tax crimes. FIs must also conduct enhanced CDD measures if there is such a suspicion. A suspicious transaction report should be filed where there is knowledge or suspicion of tax crimes. FIs should independently assess whether to establish or continue business relations with a prospective or existing customer where there are reasonable grounds that the customer’s assets are proceeds of tax crimes. If so, FIs should obtain senior management’s approval and document the basis of the decision. 20 FIs with better practices would require all customers to declare their tax residency annually. Some would also obtain independent, country-specific legal or tax opinion from tax auditors, lawyers or bankers to confirm the tax-compliance of structures, or tax reporting responsibilities of customers. They would corroborate the customers’ tax declarations against these opinions. Some FIs would also request supporting documents to substantiate the customer’s source of funds or wealth, such as bank statements, recent business accounts filed with relevant authorities, or income tax assessments. A few FIs, subject to customer confidentiality provisions, also coordinated follow-up actions in respect of the tax risk of the same customer within the group to prevent regulatory arbitrage. (B) Next Steps 21 MAS expects the Board and senior management of LTCs to exercise effective oversight of their operations and ensure compliance with the relevant rules and regulations at all times. With the revised TCA-N03 and revised Guidelines having taken effect from 24 April 2015, all LTCs should have amended and implemented their P&Ps and controls to comply with the revised requirements. LTCs should also take into account the common findings highlighted in this circular and enhance their P&Ps and controls where necessary. They are also strongly encouraged to implement the good practices highlighted in this circular, in a manner commensurate with the size and scale of their operations.

3 FIs may refer to the industry sound practices issued by the Private Banking Industry Group for the common red flag indicators – http://www.abs.org.sg/pdfs/Publications/PB_Code_20140721.pdf.

Monetary Authority of Singapore 8 22 Please acknowledge receipt of this circular. Yours faithfully (Sent via MASNET/email) KOH HONG ENG DIRECTOR CAPITAL MARKETS INTERMEDIARIES DEPARTMENT III