Written Reply to Parliamentary Question on the implementation progress of Project Ubin
"Combatting Financial Crime through New Technologies Built on Strong Fundamentals" - Keynote Speech by Ms Loo Siew Yee, Assistant Managing Director (Policy, Payments & Financial Crime), Monetary Authority of Singapore, at the International Compliance Association Annual APAC Conference on 16 October 2019
Distinguished Guests, Ladies and Gentlemen, good morning. I am honoured to join you at the International Compliance Association’s second Annual APAC Conference. This is an exciting time for AML/CFT professionals: technological advances offer the promise of a more effective, efficient and inclusive financial sector, but present challenging and complex financial crime risks. However, technology also gives us new means to face these challenges. Developing and honing these capabilities will be critical to keep our financial centre innovative, trusted and clean.
Anchoring AML/CFT on strong fundamentals
2 At the same time, while developing new tools and capabilities, financial institutions, or FIs, should ensure that the fundamental elements of their AML/CFT framework are strong. It bears repeating that FIs play a vital role in facilitating their customers’ transactions and investments. This relationship gives them unique insights into their customers’ behaviour, and also the responsibility to ensure that they do not inadvertently help to disguise or legitimise ill-gotten gains. With this in mind, let me reiterate the three key areas FIs should focus on when developing their AML/CFT programmes - think of them as building blocks.
3 First, governance. An FI’s board and senior management are ultimately responsible for instilling a healthy ML/TF risk culture and awareness. It is critical that the board and senior management set a firm tone from the top that emphasises AML/CFT as an organisational priority. They should exercise effective oversight over AML/CFT controls and maintain sound governance frameworks for managing their FI’s ML/TF risks. Some FIs have also included performance indicators for financial crime risk management, to improve staff accountability.
4 Next, an FI should inculcate a strong risk awareness across all three lines of its ML/TF risk defences: front office staff, compliance as well as internal audit. These staff should be attuned to their FI’s key risks and take appropriate risk mitigation measures, and stay vigilant against potential new typologies and suspicious behaviour. Staff should also be able to effectively escalate and communicate pertinent ML/TF risk concerns to their board and senior management.
5 Lastly, FIs need to ensure that their controls are effectively executed to achieve the desired outcomes. Through our inspections, MAS has found that operational lapses in systems and controls, such as dismissal of transaction monitoring alerts without proper justifications, could cause significant gaps and expose the FI to risks of illicit flows that it thought it had mitigated. MAS has directed these FIs to improve the quality assurance of AML/CFT controls. All FIs should remain alert to emerging risks and typologies, and continuously explore the use of new technologies for greater effectiveness.
Stronger risk-targeted supervision and surveillance
6 Getting these fundamentals right will put FIs in good stead to face the opportunities and challenges that new financial technology brings. MAS has also been applying new techniques to become more effective in our supervision- we urge FIs to see our deeper and more targeted inspections as an opportunity for learning and improvements.
7 As many of you would be aware, MAS’ Anti-Money Laundering Department has set up a team to focus on data analytics. The team has applied network analysis techniques to suspicious transaction reports, supplemented by data that we collect from FIs and intelligence from law enforcement, to identify networks of suspicious activity across the entire financial sector. We are working to add transactional information to this dataset, and augmenting our capabilities with natural language processing and machine learning tools to more effectively detect and prioritise networks for scrutiny.
8 MAS’ sharpened ability to target key risks is buttressed by our strong cooperation and information sharing with fellow government bodies, such as the Commercial Affairs Department and Accounting and Corporate Regulatory Authority. MAS and CAD also work closely with the industry, such as through the AML/CFT Industry Partnership, or ACIP, to identify and mitigate emerging risks. The key insights from this collaboration are shared in a timely manner with the broader financial sector through guidance papers, best practice papers as well as advisories, so the entire industry is up to speed on the latest threats and mitigating measures.
9 Ultimately, we aim to be targeted, and agile in our supervisory and surveillance approach – maintaining our focus on priority risk areas, while being able to proactively detect and react quickly to new emerging risks. Similarly, we encourage and expect our FIs to adopt new methods and technology to improve their AML/CFT detection and risk mitigation capabilities. Allow me to touch on both these points, starting with MAS’ priority risk areas.
10 Over the past two years, MAS has conducted targeted thematic inspections on FIs’ effectiveness in areas such as combating proliferation financing, transaction monitoring, and detecting the abuse of legal persons. These are core risk concerns for Singapore’s financial sector. We have published guidance papers on our findings and good practices observed from our thematic inspections, and you will find these useful, alongside other resources such as the ACIP Best Practice Papers.
11 Looking ahead, MAS’ next supervisory focus will be FIs’ controls for countering the financing of terrorism (CFT). Terrorists, like other criminals, could use the financial sector to transfer money and finance their nefarious activities. Severing these financial links is an integral part of the global effort to combat terrorism, and it is important that FIs do their part.
12 The detection and tracking of funds linked to terrorism presents a number of unique challenges. The amounts involved may be small and raised from legitimate sources, such as personal donations and profits from business and charitable organisations. For instance, a 34-year-old Singaporean was charged in court on 16 September this year with terrorism financing, having provided two payments totalling $1,145 to an overseas individual who was facilitating terrorist acts. On the other hand, terrorist organisations are trying to get their illicit assets into the financial system. The Financial Action Task Force’s most recent update on ISIL and Al Qaeda, which I encourage you to read, highlights that despite its territorial setbacks in Iraq and Syria, ISIL still possesses stockpiled cash and other resources, and has tried to place them with legitimate businesses and other investments.
13 FIs must have in place adequate controls to detect and trace fund flows linked to terrorist activities. FIs should also be able to respond quickly and robustly to authorities’ requests for information, should there be a need to trace transactions linked to terrorism or TF. MAS plans to examine the effectiveness of FIs’ controls and provide guidance on sound practices that all FIs should adopt.
Developing the industry’s AML/CFT data analytics capabilities
14 Next, let me move on to our FIs’ use of technology for AML/CFT purposes, a development that MAS has encouraged. We are heartened to see that FIs have made good progress on this front over the last two years, by increasingly using automation, data analytics and artificial intelligence to enhance the effectiveness and efficiency of their AML/CFT controls.
15 A number of FIs have successfully integrated these new technologies into their AML/CFT processes. For example, several banks have begun making use of supervised machine learning techniques to better risk-score transaction monitoring and name screening alerts. This helps to prioritise higher risk alerts for closer and more timely review.
16 Banks have also applied network analysis to detect hidden links - such as entities connected through related parties or by transaction patterns - to facilitate the detection and disruption of illicit networks. These techniques have proven to be very powerful, especially when coupled with closer public-private collaboration:
a In one case, MAS provided intelligence to a bank on five suspicious persons who might be involved in money laundering activities. The bank then found 45 customers connected to the five. From the transaction review so far, the bank has decided to exit 13 accounts and continue to review the remaining accounts for suspicious activities.
b In another example, we gave a second bank 15 entities, suspected to be shell companies, to scrutinise. The bank found that these 15 were indeed involved in suspicious transactions. Using network analysis, the bank found another 16 related entities that also exhibited suspicious behaviour.
17 Besides performing data analytics, technology can also automate mundane processes, freeing up resources for more meaningful work. One bank has recently worked with law enforcement agencies to automate its handling of police Production Orders. This includes identifying parties linked to the subject of the Production Order, and performing a deeper review of these parties. Through these reviews, the bank could then identify other entities or transactions of interest, and could provide additional feedback to support the authorities’ investigations.
18 These are just a few examples of how harnessing new technologies can lead to a significant improvement in AML/CFT outcomes. To benefit the sector as a whole, ACIP produced a paper that shared the experiences of ACIP member banks in deploying data analytics across a range of use cases, and provided industry perspectives on successfully integrating AML/CFT data analytics into a bank’s risk management framework.
19 ACIP took a further step this year by organising a data analytics workshop, where banks shared successful use cases and discussed approaches to governance as well as ensuring the “explainability” of new data analytics solutions. The key takeaways from the workshop have just been published on ACIP’s webpage on the ABS website
20 First, the basic principle of appropriate management oversight should apply. Lighter governance at the initial proof-of-concept stage can support faster and more responsive experimentation. However, as the system moves closer to production, senior management should become more familiar with its use case, risk implications, limitations and potential impact. Senior management needs to play an active role in understanding and approving model parameters, including confidence levels and error rates. All these should flow from the risk appetite of the FI.
21 Second, “explainability” should be a priority consideration in the choice, development and implementation of systems and models - FIs should not accept a “black box”. Explainability should be higher for models whose failure would have a more significant impact, and for models that operate autonomously. It should also be tailored to the level of understanding and needs of key users and stakeholders, such as front-line analysts, senior management, and compliance teams.
22 Lastly, it is important to ensure that the system continues to perform effectively once set up. So ongoing system or model performance monitoring is important. There needs to be robust validation processes and frameworks to remediate any potential errors or declines in performance.
23 We hope that the discussions and key takeaways will inspire the rest of the industry to start the adoption of data analytics. This does not have to be a large and daunting endeavour: FIs can start by taking small steps and build up their capabilities along the way.
Robust supervision of virtual asset service providers
24 Finally, I would like to make some remarks about an asset class that has attracted international attention: virtual assets. This includes digital payment tokens, or DPTs, such as Bitcoin, which are a digital representation of value that can facilitate cross-border transactions. Given Singapore’s position as a major financial and Fintech centre, it is natural that DPT firms would wish to set up here.
25 Earlier this year, Singapore’s Parliament passed the Payment Services Act. It will come into effect by January next year. Once it commences, entities performing DPT services will be licensed under the Act and come under MAS’ AML/CFT supervision. MAS has consulted on the requirements that will apply to DPT service providers. These requirements, which take into account the ML/TF risks arising from such activities, are in line with international standards.
26 MAS has warned consumers of the speculative nature of many of these virtual assets, but from the perspective of combatting financial crime we also need to guard against their use for illicit purposes. This is especially pertinent given the potential speed, anonymity, and cross-border nature of such transactions. International typologies have pointed to the misuse of DPTs to finance terrorism and weapons proliferation, launder proceeds from drug trafficking, and receive ransom or other illicit payments. Observers
27 In preparation for new DPT licensees next year, MAS has started to enhance our supervisory and surveillance capabilities to facilitate the pro-active detection of unlicensed DPT activities, and to use “real-time” data gathering to enhance our assessment of ML/TF risks for licensed entities. MAS is experimenting with both in-house and external technologies to draw insights from new data points, such as transactional information on public blockchains and other sources. Such data will provide useful early warning indicators, alongside traditional sources of information such as statutory returns and suspicious transaction reports. Refining our supervisory approach for a fast-developing new asset class is a major but necessary undertaking for MAS, in order to respond effectively to rapid developments in the environment.
28 Let me now to conclude. Emerging financial technologies present both new opportunities as well as new risks. Whether as supervisors or industry professionals, we should seek to understand and harness their potential, while mitigating their dangers. We applaud our FIs’ early successes in deploying data analytics and other AML/CFT tools, and encourage the industry to keep experimenting with new approaches, even as MAS does the same. This conference is an excellent opportunity to compare notes and share ideas, as we make strides towards combatting financial crime. I hope you find your time at this event productive and insightful. Thank you.