In the month of July, and whilst coping with the current Global Pandemic – COVID-19, the MAS has not waivered in its battle against financial crime and corruption, specifically AML.
The MAS published a guidance paper which sets out its supervisory expectations of sound practices where AML/CFT control functions are outsourced, and flexed its supervisory powers by serving two enforcement actions against companies that failed to adhere to their AML obligations. We have provided below a summary of these and key takeaways.
MAS issues AML outsourcing guidance paper for capital market firms
The new guidance paper, published on 15th July, from the MAS sets out its supervisory expectations for capital markets intermediaries that outsource their anti-money laundering (AML) and countering the financing of terrorism (CFT) control functions.
The guidance paper follows a series of thematic inspections of Capital Markets Intermediaries – or CMIs – conducted by the MAS. The inspections looked at the adequacy of the CMIs’ oversight of AML/CFT service providers and assessed their understanding of the key control functions outsourced to these service providers.
Gaps were observed by the MAS, and in some cases, material lapses in controls which led to breaches of the MAS’ requirements. The main reasons were due to a combination of the CMIs’ lack of understanding of the service providers practices, and an absence of oversight and timely monitoring.
The MAS expects all CMIs to conduct a gap analysis between their own processes and controls and the best practices outlined in the guidance paper and the MAS Guidelines on Outsourcing. If necessary, they must take appropriate measures to enhance their practices.
At its core, the paper reiterates that capital markets intermediaries must remain responsible for outsourced AML/CFT and that outsourcing these areas constitutes material outsourcing. The learning points in the paper may also be relevant and applicable to other financial institutions, and MAS states that FIs should incorporate them in a risk-based and proportionate manner.
CMIs are and must remain responsible for outsourced AML/CFT control functions
This is the key takeaway from the MAS guidelines, and includes when FIs outsource AML/CFT control functions to, for example, a fund administrator. Tone from the top is paramount, with the Board and senior management demonstrating that they understand the risks faced by the CMI, and exercising oversight over the controls put in place to mitigate those risks.
Outsourcing of AML / CFT arrangements constitutes material outstanding
The MAS has also taken the opportunity to confirm that such arrangements constitute material outsourcing under the MAS 2016 Outsourcing Guidelines. It observed gaps in CMIs’ oversight of AML/CFT outsourcing arrangements, particularly in the evaluation of potential service providers and the ongoing monitoring post-appointment.
When evaluating potential service providers, CMIs should implement a structured assessment process with defined criteria in order to assess, among other things, the provider’s experience, track record and level of staff competency. Crucially, the assessment process should incorporate a thorough review of the proposed provider’s AML / CFT practices and risk assessment framework to ensure that they are both on the same page when, for instance, assigning risk to clients. Appointment of providers should also be approved by senior management with formal documentation to support the assessments.
For CMIs to demonstrate effective oversight of their service providers, the MAS suggests conducting annual monitoring visits, performing sample reviews of accounts, reviewing screening results and any changes to the provider’s processes. CMIs could also put in place quarterly reporting to track the progress of periodic reviews and engage independent third parties to conduct sample reviews of customer accounts.
AML / CFT Enforcement Actions by the MAS
The MAS has carried out two significant enforcements in the area for AML / CFT – a further sign that it is an area they tend to supervise very closely.
Penalty of $1,100,000 on Asiaciti Trust Singapore Pte Ltd for AML/CFT Failures
The MAS has imposed a composition penalty on trust firm Asiaciti Trust for failure to comply with AML requirements.
Between 2007 and 2018, Asiaciti Trust committed serious breaches of AML/CFT regulations. It failed in three main areas:
- Implementing adequate AML/CFT policies and procedures to determine customer risk. As a consequence it did not independently ascertain the source of wealth of a controller of higher risk customers.
- Carrying out enhanced ongoing monitoring of higher risk customers, such that it did not enquire about unusual transactions undertaken by PEPs.
- Undergoing independent audits of its AML/CFT controls.
According to the findings, this lack of adherence to the regulations, guidelines and notices published by the MAS hindered the trust’s ability to detect and mitigate money laundering risks associated with its higher-risk customers. Asiaciti was fined over a million dollars.
MAS revokes licence of Apical Asset Management Pte. Ltd for AML/CFT breaches, and reprimands its CEO and Board
On 28 July, the MAS revoked the CMS license of Apical Asset Management (Apical) for breaching the AML/CFT requirements. The MAS confirmed that it is the only entity to have had its CMS license revoked for AML/CFT offences in the past five years.
The enforcement arose as a result of a supervisory inspection, during which the MAS uncovered “severe deficiencies” in Apical’s AML/CFT controls from 2013 to 2018. At the core of the issues was that Apical did not have in place even basic AML/CFT policies and procedures, which exposed it to the risk of receiving illicit funds. This risk was further heightened as a result of some of its customers having complex ownership structures, comprising multiple layers and investment entities. In summary, Apical failed in four key areas:
- Conducting an enterprise-wide risk assessment (EWRA)
- Properly assessing its customers to determine their money laundering risk
- Conducting effective ongoing monitoring controls and having in place effective procedures. This resulted in it failing to monitor a PEP for a significant length of time.
- Subjecting itself to an independent audit to assess its AML/CFT controls.
As well as having its licence revoked, the MAS reprimanded the CMSL holder’s CEO (Yeh Yin Yee) and its director (Bernard Kan Cheok Yin) for the part they placed in the control deficiencies, and in particular for not exercising sufficient oversight or to ensure that MAS’ requirements were met.
How we can help?
Here at Bovill, we are no strangers to the AML requirements set out by the MAS (as well as those of other regulators). We are well-equipped to conduct AML/CFT reviews, draft policies and procedures, and provide AML-related audits including regulatory mock inspections.
If you are looking for assistance in this area, please get in touch to with us to find out more.