| Asia | Articles
In its recent guidance paper for External Asset Managers, the MAS confirms its supervisory expectations for effective AML/CTF frameworks and controls.
The information paper was published on 24th August following AML/CFT thematic inspections and engagements conducted on selected External Asset Managers (EAMs). It includes the framework of inspections, areas of improvements to adopt and specific lapses identified.
While the focus of the thematic inspections are EAMs, the recommendations cut across other fund management business models. Fund management companies are now expected to review and incorporate the findings of the information paper in their AML/CFT frameworks.
AML/CFT inspection framework
Within the paper, the MAS focused on the following areas:
- Governance – role of Board and Senior Management (BSM).
- Risk assessment frameworks – enterprise-wide risk assessment (EWRA) to understand vulnerability to ML/TF risks.
- Customer due diligence – effective and timely execution of AML/CFT controls.
- Enhanced due diligence – perform enhanced due diligence measures on high-risk customers .
- Suspicious transactions reporting – monitoring and reporting suspicious transactions.
Implementing good governance
The Board and senior management must have active oversight on AML/CFT matters. It should also ensure that AML/CFT policies are up to date, three lines of defence are suitably qualified and adequately resourced, and that reporting and escalation mechanisms are implemented.
- The guidance paper identified several areas of vulnerability, including in the following areas:
- Senior management having approved onboarding for high-risk customers without ensuring that enhanced due diligence (EDD) was completed.
- Errors being noted in EWRA frameworks (for example, mathematical flaws in rating systems, nil responses to risk factors when it was relevant).
- Insufficient compliance resources in place to handle the increased volume of transactions, as companies onboarded more customers.
- A lack of internal audit reviews over AML/CFT function and processes.
Conducting robust risk assessments
A proper risk assessment (EWRA) enables EAMs to understand their overall vulnerability to ML/TF risks. Mitigating controls can be designed to lessen these risks.
Some of the gaps detected included the following:
- Important risk factors being omitted from EWRA (for example size and volume of customer transactions, product and service delivery channels).
- A lack of clarify over how the EWRA methodology and rating system was developed.
- No timely reviews or updates of EWRA (the longest delay in update of EWRA was four years).
- Compliance not considering assessments by other credible bodies apart from FATF (for example Transparency International, Organisation for Economic Co-operation and Development) during the risk assessment process.
- Frequent payments received from, and sent to, third parties not being flagged as a risk for further review.
Identifying customer risk factors
The effectiveness of an EAM’s AML/CFT controls depends on the quality of execution. EAMs should make sure that there’s an implementation of process and controls, and that these are carried out properly by the Compliance function.
The guidance paper acknowledged several weaknesses in this area:
- Ultimate beneficiary owners not being identified (for example in a trust).
- Customers being onboarded before due diligence checks were completed.
- Improper screening practices, such as possible hits not being properly dismissed or there being a lack of documentation.
- A lack of regular monitoring over transactions.
- A lack of further review on customers with adverse news.
- No formal procedures being in place over ongoing monitoring.
Enhancing customer risk monitoring
AML/CFT controls are conducted on a risk-based approach, so enhanced measures are required where ML/TF risks are assessed to be higher.
Risks the MAS focused on here included the following:
- A failure to promptly identify high-risk customers and conduct EDD on customers.
- Reliance on customer representation and lack of corroboration of a customer’s source of funds and source of wealth.
Detecting suspicious transactions
Suspicious transaction reports (STRs) should be filed within 15 working days whenever there are transactions suspected of being connected with ML/TF. It’s important to continuously monitor for suspicious activities.
The MAS identified the following risks in its guidance paper on this topic:
- STRs not being filed, despite EAMs having knowledge of unusual activity. Examples include customers connected with tax amnesty programs, legal proceedings for money laundering or unusual activity in customer accounts.
- A failure to pick up suspicious transactions, despite the presence of unusual activity.
How we can help
Our Singapore regulatory specialists are backed up by an international financial crime team and can advise on any element of fraud and financial crime risk. We can particularly help in the following areas:
- Designing your AML/CFT risk assessment procedures to make sure you consider various types of risks, such as country, customer and product risk.
- Preparing an EWRA for you that is tailored to your specific risks.
- Conducting Internal Audits, to ensure that you are meeting MAS’ AML/CFT regulations.
- Providing AML Training to staff, which would incorporate risks specific to you.
- Conducting a gap analysis, focusing specifically on the areas of improvement raised by the MAS.