Ms Loo Siew Yee, AMD(PPF), spoke on the fundamentals of AML/CFT programmes, MAS' risk-targeted supervision and surveillance, financial institutions’ use of data analytics, and the upcoming supervision of virtual asset service providers.
Keynote Speech by Ms Ho Hern Shin, Assistant Managing Director (Banking and Insurance), Monetary Authority of Singapore, at the Association of Certified Anti-Money Laundering Specialists' AML and Financial Crime Conference 2019
Distinguished Guests, Ladies and Gentlemen, good morning.
1 I am honoured to join you in this year’s Asia Pacific Anti-Money Laundering & Financial Crime Conference.
2 When MAS last gave the keynote address at this conference in 2017, Deputy Managing Director Ong Chong Tee highlighted the 4 key elements of MAS’ AML/CFT framework. They are – progressive regulations, intensive supervision, rigorous enforcement and effective partnerships.
3 I would like to give an update on MAS’ work, priorities and expectations surrounding these key themes.
4 First, on progressive regulations.
5 MAS recently passed the Payment Services Act. Once commenced, the PS Act will enlarge the scope of payment activities covered under MAS’ AML/CFT regulation. It will also provide a risk sensitive and forward looking framework for the regulation of ML/TF risks within the payment ecosystem in Singapore.
6 The PS Act is risk sensitive in that AML/CFT requirements will be calibrated according to the risks posed by the different payment activities. Payment activities that pose higher ML/TF risks will be subject to the full suite of MAS’ requirements, while payment activities that present lower risks will be subject to lesser requirements. For example, cross border peer-to-peer funds transfers will be subject to full AML/CFT requirements. However, payments for goods and services funded through a bank account and traceable to the individual owning the account present low AML risks, and will not be subject to AML requirements. This activity-based approach ensures that ML/TF risks within the payment industry will be appropriately addressed.
7 The PS Act is also forward looking as it will introduce a regulatory framework for digital payment token services. Such services, while still nascent in Singapore, can present significant ML/TF risks due to the anonymous and borderless nature of the transactions they enable. Having risk-appropriate AML/CFT requirements in place will provide legal and regulatory certainty for such service providers to operate in Singapore, and leave room for legitimate and well-run payment services entities to innovate and grow.
8 We will soon consult the industry on the details of the AML/CFT measures to be imposed, when the PS Act takes effect later this year. We look forward to the industry’s feedback on these proposals.
9 Next, on intensive supervision. MAS conducts targeted supervision of FIs in key ML/TF risk areas. Over the past 2 years, we conducted thematic inspections on FIs’ effectiveness in combating proliferation financing, transactions monitoring, and detecting the abuse of legal persons, amongst other areas.
10 Our thematic inspections have allowed us to benchmark best practices across FIs, and pull together emerging typologies and useful case studies, which we typically share with the broader industry through the publication of sound practices papers. We encourage all FIs to make full use of the information published in these papers to assess your existing controls and practices and to enhance them. This will help the entire industry to be alert and responsive to emerging risks, and raise our collective resilience against ML/TF risks.
11 Going forward, combating proliferation financing will remain a priority risk area for Singapore. Sanctions evasion methods continue to rise in sophistication and complexity, and FIs must evolve their detection capabilities in tandem. We have observed during our inspections a number of successes in banks detecting and deterring such illicit behaviour. Let me share some of them.
12 First, ship-to-ship transfers. These transfers can be completely legitimate, for example to reduce shipping costs, but they also could be carried out to conceal the transportation of sanctioned goods. One bank has successfully made use of non-traditional data to improve its ability to detect illicit ship-to-ship transfers. The bank, having financed an oil shipment involving a port that posed higher PF risks, conducted checks with the International Maritime Bureau (IMB). The checks revealed that the vessel veered close to the territorial waters of a sanctioned country, and subsequently, IMB could not verify the discharge of cargo at the port that was listed on the trade documents provided. From these red flags, the bank filed an STR and terminated the transaction.
13 Another way to effectively mitigate PF risks is through better understanding of your customers’ business profiles. In today’s context, reviewing traditional know-your-customer, or KYC information like registered business address or place of incorporation alone is hardly sufficient to fully understand your customer’s nature of business, particularly where PF risks are higher. In our supervisory visits, we observed that banks have enhanced their KYC requirements, to include information on major counterparties, including key suppliers and buyers.
14 Such additional information enable banks to better assess PF risks, by providing banks with a baseline on the expected sources of funds, and expected transaction patterns. Any anomalies in customer behaviours or transactions can then be picked up more quickly for greater scrutiny. Where information obtained suggests higher PF concerns, for example, where there is adverse news on the customer’s counterparty having previously transacted with sanctioned entities, banks then assess whether sanction risks continue to exist, and whether additional controls would be required to mitigate the risk.
15 It is also possible that your customers may not even be aware that they are facilitating PF activities or dealing in prohibited goods. When this happens, MAS encourages FIs to take a proactive role, to explain Singapore’s sanctions framework to customers, and apprise them of the risks of dealing with sanctioned entities or facilitating sanctioned activities.
Use of Shell and Front Companies
16 The misuse of legal persons will likewise remain a focus area for MAS in the coming year. Legal persons such as companies and partnerships, can be misused for illicit purposes including ML, TF and PF. Shell companies in particular have recently come under increased global scrutiny, as they have featured in several high profile cases.
17 While the industry is well aware of this risk, effectively differentiating between legitimate companies and those being misused for illicit purposes is certainly not a simple task. MAS is conducting thematic inspections in this area, and will similarly publish a guidance paper on our findings and good practices. But let me give a preview of some good practices today.
18 The first example illustrates how having a robust understanding of a customer can greatly help banks distinguish between legitimate companies from those engaging in illicit activities. One bank noted that a customer had no clear economic purpose for maintaining a bank account in Singapore. Further due diligence by the bank revealed that the director of the customer was connected to several other corporate accounts, which similarly belonged to foreign owned companies without an operating presence here. Further, there were suspicious transactions such as flow-through transactions, as well as frequent wire transfers to companies in high-risk jurisdictions, which were not in line with the bank’s understanding of these customers. These companies also had superficial corporate websites that seemed inconsistent with the scale of business implied by their transactions. Because the bank was not able to obtain a satisfactory explanation about these transactions, it filed STRs based on the numerous red flags observed and subsequently exited these relationships.
19 In another example, a bank’s rigour in checking a corporate customer’s sources of funds uncovered that the company had been funded by a problematic company set up by this company’s previous director. There was also adverse news that this previous director was involved in setting up multiple shell companies to evade sanctions. The bank was concerned that the directorship had been changed to mask the previous director’s continued association with this company, as well as several other companies. With further indication that this company could also be a shell company, an STR was filed, and the relationship exited.
20 In this last example, knowledgeable and alert staff helped to uncover the use of proxies to open shell companies. An individual was previously blacklisted by the bank after he was involved in opening many shell company accounts through which suspicious transactions flowed. The individual then got a proxy to open the new corporate accounts, and listed himself as a “contact person” after the accounts were opened. This was detected by alert bank staff during a review of a suspicious transaction flowing through one of these new accounts. The bank then filed STRs on these accounts and exited the relationships.
21 Another risk I would like to highlight today is tax evasion. The global implementation of Common Reporting Standards (or CRS) for the automatic exchange of tax information is ongoing. Although CRS is a highly useful tool for combating tax evasion, staggered implementation across countries could result in customers shifting monies to jurisdictions that have yet to implement CRS, to conceal profits or evade tax. The financial sector must not be abused for this purpose, and the industry must continue to be alert to this risk, from management through to the front line.
22 I have touched on a few priority risk areas today. The industry needs to continue being vigilant to evolving risk and typologies, and adapt controls to maintain ongoing effectiveness. I should also highlight that leveraging on data analytics to augment AML/CFT controls can make a big difference in this effort.
23 Data analytics tools allow FIs to expediently process large amounts of data, and more effectively highlight anomalies in transactions or customer behaviour. One FI shared that application of data analytics has already resulted in double digit percentage improvements in the time required for certain operational tasks, such as transactions monitoring.
24 Let me give some concrete examples. To augment customer on-boarding and ongoing monitoring, we see FIs use data analytics to identify customers exhibiting shell company characteristics for closer scrutiny and review. Risk indicators include a high volume of pass-through transactions with high risk countries that is not in line with the customer profile; or unusual changes to key appointment holders such as directors, shareholders or authorised signatories. The results from these reviews have been encouraging.
25 Another promising area is network analysis. This lets FIs quickly discern linkages from large volumes of transactional data. Overlaying these linkages with customers’ business profiles can uncover previously undetected suspicious relationships between customers of a single FI. For example, the trades between a customer and its supposed clients could be fictitious as all these entities could be controlled by the same person. Without network analysis, these relationships may have remained hidden as banks could just be looking at each account in isolation.
26 More effective and discerning detection capabilities can help an FI “tell the sheep from the goats”, preventing criminal behaviour while supporting legitimate businesses. Harnessing customer data and leveraging on data analytics will be critical to effectively disrupt illicit finance. MAS strongly encourages FIs to grow their data analytics capabilities, so that legitimate customers will have even better access to financial services, while criminals will have less space to hide.
27 A robust regulatory and supervisory regime is not complete without an effective and rigorous enforcement function. Our recently published inaugural Enforcement Report outlines MAS’ enforcement priorities and demonstrates our resolve in keeping our financial system clean and trusted. Errant individuals and institutions must be held accountable and penalised for their misdeeds, if we want to prevent our financial system from being used as a conduit for illicit activities. We have not shied away from taking appropriate and prompt enforcement actions in the past, and will continue to do so.
Stocktake of engagement with industry and way forward
28 Let me move on to industry partnerships. It was at this ACAMS event in 2017 that MAS first announced the launch of our public-private partnership – ACIP.
29 ACIP has since established itself as an effective platform for open discussions between the industry, law enforcement agencies, and MAS as regulator on typologies, risk areas, and possible solutions. The insights from these discussions are then shared with the broader industry. ACIP has issued 2 best practice papers for this purpose – one in May 2018 to explain how FIs can guard against trade-based money laundering and the misuse of company structures. The second in November 2018, to encourage greater adoption of data analytics solutions by FIs, and to highlight areas in AML/CFT analytics that can benefit from closer private-public sector collaboration.
Case specific information sharing
30 Since October 2018, we have also embarked on case specific, investigative collaboration within ACIP, starting with business email compromise cases, or BEC, as a pilot project. BEC fraud is an email impersonation scam where companies are deceived into transferring monies, purportedly for business payments, to the bank accounts of unintended recipients. It is a global problem; in Singapore alone, the reported losses were about S$57 million in 2018. The ACIP BEC project is part of a global initiative involving over 14 participating countries, which aims to prevent the dissipation of funds arising from BEC fraud. In Singapore, working closely with our 8 ACIP member banks, CAD seized more than USD 2 million in illicit funds in 6 months. The cooperation rendered by the banks is encouraging and we must thank the banks involved for their timely response and assistance, which has gone a long way to help in the investigations.
31 The BEC is merely the start of such case specific sharing at ACIP, which has shown the benefits of engaging the relevant private sector entities early in the case investigation process. I am excited to see what the public and private sectors can achieve as we deepen our partnership.
32 Apart from case specific information sharing, we can do more to make private-public sector sharing of information and typologies as timely as possible to be even more effective. This is why I am pleased to announce today that we will soon be launching “ACIP advisories”.
33 ACIP advisories share significant cases and typologies that MAS, CAD or the ACIP members have observed. The advisories raise awareness of these typologies, and provide additional information on how to detect and prevent them. ACIP advisories will be shorter than MAS’ guidance papers. The advisories will be developed and disseminated more quickly, to give the industry an early warning of emerging risks, so FIs can be more responsive to new or priority threat areas. I am pleased to let you know that ACIP is working on the first advisory, which will be released by the end of this month. As the advisories contain more sensitive information, they will be disseminated only to the relevant industry officers, including some of you gathered here. I trust you will safeguard and use this information wisely.
34 Before I conclude, it is only fitting for me to emphasise the importance of training and capacity building in combating ML/TF. Even as FIs develop robust AML/CFT systems and controls, it is important to recognise that systems and controls can only augment, but not replace, the capabilities of well-trained teams. Staff involved in AML/CFT work continue to be instrumental in discerning suspicious behaviours and activities, in prioritising and escalating riskier customers and transactions for closer monitoring, in identifying new typologies, and in partnering regulators and law enforcement agencies to take prompt and effective actions. The importance of staff training to do all these well cannot be overstated.
35 MAS and our government partners value the existing close partnership we enjoy with the financial sector. Your vigilance will add to the effectiveness of our regime, and only together can we effectively defend the integrity of Singapore’s financial system.
36 On this note, I wish you a very fruitful and successful conference.