Upload
phamdat
View
213
Download
0
Embed Size (px)
Citation preview
Understanding MAS 626 in the
Financial Services Industry
A Global View of our Local
Rules
Radish Singh, Thng Teck Soon
6 November 2014
1
• FATF set up in 1989, to identify emerging ML risks and provide guidance and
international standards
• FATF’s Forty Recommendations, developed in 1990 and revised in 1996, set
the framework for AML efforts
• After 9/11, FATF’s mission broadened to include anti-terrorist financing, which
coincided with the US Patriot Act to combat international terrorism
• As international standards are being enacted, ML and TF risks have evolved
with the aid of technology advancement
• However, financial institutions were found lacking in controls …
Evolution of AML / CFT Regime over the years
3 © 2014 Deloitte Southeast Asia Ltd
Money laundering…
United States fine clouds quarterly balance of BNP Paribas -A +A By Staff Writers 31
July 2014 - 1:27pm BNP Paribas, the first French and second Bank in the euro zone, has been
reported on Thursday a net loss of 5 750 million dollars (about 4 300 million euros) in the second
quarter of 2014, under the weight of the fine imposed by the Government of United States in late
June because they have treated with countries on its blacklist. BNP Paribas, in a situation of loss
for the first time since the end of 2008 (as a result of the international financial crisis), was
accused by U.S. authorities of conducting transactions in dollars with Nations under sanctions
from Washington, including Cuba, and to avoid a trial had to pay a fine record of 8 970
million dollars (6 billion euros), the largest penalty imposed a foreign bank in The United
States. - See more at: http://www.cubacontemporanea.com/en/news/united-states-fine-clouds-
quarterly-balance-bnp-paribas#sthash.MH3HYEKP.dpuf
4 © 2014 Deloitte Southeast Asia Ltd
6 © 2014 Deloitte Southeast Asia Ltd
Europe
EU focusing on ML/TF risk since Feb
2013, and is updating the AML Directive
FSA (now FCA) – has fined individuals
(AMLOs) for AML weaknesses
The AML regime globally and in
Asia continues to be under much
regulatory scrutiny.
US
Huge fines being imposed by US
regulators for sanctions
framework failures
New CDD requirements issued by
FinCEN
Asia
HKMA stated plans to double the size
of existing AML team.
MAS has been actively enforcing the
new requirement of tax evasion as a
predicate offence for AML
In other jurisdictions, regulators either
place greater focus on AML and KYC
(India) or to remediate their AML
regimes to meet with FATF standards
.
AML / CFT - Tops the agenda of regulators globally
• Assessment and understanding of risk
• Board responsibility and governance
• Effectiveness of three lines of defense
• Transactions / ongoing monitoring
• Due diligence and customer acceptance policy
• Verification of beneficial owners and risk profiling
• MIS – record keeping, updating and reporting to
supervisors
• Reporting suspicious activity and freezing of assets
• Group wide / cross border management of customer
risk, management of risk, consistent policies and
procedures and information sharing
AML / CFT - Tops the agenda of regulators globally
Risk management guidelines related to anti-money laundering and terrorist financing issued by the Basel Committee (15 January 2014)
7 © 2014 Deloitte Southeast Asia Ltd
AML risk tolerance and
effectiveness of AML risk
management framework
are critical to enhance
compliance standards.
The need for systematic
customer risk
assessment framework
and bank wide risk
tolerance is good
practice.
In 2012, FATF revised the set of international standards to
combat ML/TF risks. Since then, it has commenced a new
round of mutual evaluations to ensure that countries put in
place the necessary controls.
8 © 2014 Deloitte Southeast Asia Ltd
Risk-based approach
Countries should identify, assess,
and understand the money
laundering and terrorist financing
risks they face and take appropriate
measures to mitigate those risks.
Tax crimes
The list of designated predicate
offenses has been expanded to
include tax crimes.
Anti-corruption
Following calls from the G20, the
revised recommendations place a
greater emphasis on action
against corruption – particularly in
the context of PEPs.
Financing of proliferation
Countries should apply UN targeted
financial sanctions to persons and
entities that finance the proliferation of
weapons of mass destruction.
Countries should also ensure national
cooperation and coordination among
their competent authorities.
AML / CFT - Tops the agenda of regulators globally
Key changes by FATF explained
AML / CFT – Singapore Initiatives
National Risk Assessment, inspections, & consultation on the
new AML/CFT Notices
9 © 2014 Deloitte Southeast Asia Ltd
Amendments to various notices – to be discussed later
Tax evasion as a predicate offence
Banks asked to undertake remediation or independent assessment
MAS has focussed on effectiveness of the overall framework…
21 October 2013: Singapore launched a comprehensive assessment of
money laundering and terrorist financing risks in the country
• The proposed changes include new
requirements, as well as codification of existing
supervisory expectations
• Key changes are ML/TF risk assessment, new
products, screening of customers, CDD
measures including on PEPs and BO, reliance
on third party, correspondence banking and
group policy
• Banks need to understand the requirements,
know the inter-linkages between the rules, and
implement change programs to effect new
policies and procedures
Key changes to Notice 626
11
Clarity of regulatory
expectations is a welcome
move – for robustness of
AML compliance framework
as well as greater degree of
certainty.
However, note that AML
compliance is dynamic and
often depends on the bank’s
business (products and
geographies) and customer
profile and risks to name a
few. There is never a “one
size fits all” approach.
© 2014 Deloitte Southeast Asia Ltd
What is new?
Key changes to Notice 626
12
Assessment of overall ML/TF risks and Risk Mitigation
FIs to identify and assess overall ML/TF risks they face as
an institution, and to take commensurate steps to mitigate
these risks effectively.
CDD for wire transfers which exceeds S$1,500
FIs to perform CDD when effecting or receiving funds by domestic
or cross-border wire transfer that exceeds S$1,500 for any
customer who has not otherwise established business relations
with the bank, i.e. walk-in customers.
1
2
© 2014 Deloitte Southeast Asia Ltd
Key changes to Notice 626
Clarification of existing expectations
13 © 2014 Deloitte Southeast Asia Ltd
1 2 3
5 4 7 8
6
9 10
Definition of ”relationship
management”
Steps to take when there are
reasonable grounds for suspicion
Customer screening
requirements
Performance of CDD measures by
third parties
Further obligations for parties
involved in wire transfer
Record
keeping
obligations
Other high risk
categories
Cascading measures
for identifying and
verifying beneficial
owners
Risk assessment and
mitigation requirements in
relation to new products,
practices and technologies
Scope of PEPs and risk-based
approach for certain categories
of PEPs
.
11 Group policies and procedures within the
financial group to share information
required for the purposes of CDD, and for
ML/TF risk management
Key issues:
Need for
NBFI specific
guidance
Risk assessment
Assessing risks and applying a risk-based
approach
15
Entry level risk assessment
Identify, assess and understand
money laundering and terrorism
financing risks in relation to:
• its customers
• the countries or jurisdictions its
customers are from or in
• the countries or jurisdictions the
bank has operations in
• the products, services,
transactions and delivery channels
of the bank
Take into account the results of NRA
in assessment
Risk mitigation
• Include policies, controls and
procedures (approved) to enable it
to manage and mitigate effectively
the risks
• Monitor the implementation of those
policies, controls and procedures
• Take enhanced measures where
higher risks are identified, to
manage and mitigate those higher
risks
• Ensure that measures or enhanced
measures taken to manage and
mitigate the identified risks address
the risk assessment
New products & technologies
New products, practices and technologies
16
Pay special
attention to
products, practices
and technologies
that favour
anonymity
Emerging practices
seem to be that AML
risk assessment is
being done at product
level. Product approvals
should take into
account relevant
considerations and risk
mitigation from AML
perspective Key issues: Scope of
Assessment, Risk Identification,
New Market
• Customer
• Natural persons appointed to act on
behalf of a customer
• Connected parties of a customer
• Beneficial owners of a customer
• Wire transfer originators
• Wire transfer beneficiaries
Customer screening
Who, What and When?
18
Who should FI screen?
• Relevant money laundering and
terrorism financing information
sources
• Lists and information provided by the
Authority and any relevant authorities
in Singapore for the purposes of
determining if there are any money
laundering or terrorism financing
risks in relation to the customer
What should FIs screen against?
© 2014 Deloitte Southeast Asia Ltd
• when, or as soon as reasonably practicable after, the bank establishes business
relations with the customer
• when the bank undertakes any transaction of a value exceeding S$20,000 for any
customer who has not otherwise established business relations with the bank
• when the bank effects or receives any funds by domestic wire transfer, or by cross-
border wire transfer that exceeds S$1,500, for a customer who has not otherwise
established business relations with the bank
• on a periodic basis after the bank establishes business relations with the customer
• when there are any changes or updates to:
- the lists and information provided by the Authority and any relevant authorities in
Singapore to the bank
- natural persons appointed to act on behalf of a customer, connected parties or
beneficial owners of a customer.
Customer screening
Who, What and When?
19
When should such screening take place?
© 2014 Deloitte Southeast Asia Ltd
Key issues: When
to Screen
Customer Due Diligence
20 © 2014 Deloitte Southeast Asia Ltd
Measures for cross-border
accounts, beneficial owners,
and PEPs
Customer Due Diligence (CDD)
21 © 2014 Deloitte Southeast Asia Ltd
What is a “customer”?
“Customer” in relation to a bank,
means a person (whether a natural
person, legal person or a legal
arrangement):
(a) with whom the bank establishes
or intends to establish business
relations; or
(b) for whom the bank undertakes or
intends to undertake any
transaction without an account
being opened.
What is meant by “business relations”?
Business relations is furthered defined as
(a) the opening or maintenance of an account
by the bank in the name of;
(b) the provision of financial advice by the
bank to; or
(c) the undertaking of relationship
management by the bank for a person
(whether a natural person, legal person or
legal arrangement); where relationship
management refers to managing or servicing
by an employee of a bank of an account with
a customer that is opened with the
overseas subsidiary, branch, parent or
related corporation of the bank.
Customer Due Diligence (CDD) Identification and verification of identify of Beneficial Owners (BO)
22 © 2014 Deloitte Southeast Asia Ltd
Legal Persons
• Identify natural persons who ultimately own
the legal person
• Where there is doubt if ultimate owner is
BO, or where no natural persons own the
legal person, identify natural person with
ultimate / effective control of the legal
person
• If still no natural persons identified, identify
natural persons with executive authority in
the legal person
Not a natural person
• Where the customer is a not natural
person, understand the nature of the
customer's business and its ownership
and control structure
Legal Arrangements
• Trusts
• Settlors,
• Trustees,
• Protector
• Beneficiaries or class of beneficiaries
• Natural persons with ultimate
ownership, control, effective control
over the trust
• For other types of legal arrangements,
persons with equivalent or similar positions
as described above.
Inquire and Identify
• Inquire if there is any BO (besides the
account holder)
• Where there is more than 1 BO, identify
the BOs and take reasonable measures to
verify the identifies of the beneficial
owners, using the relevant information
or data obtained from reliable,
independent sources.
Identification
of Beneficial
Owners
Enhanced Customer Due Diligence (ECDD)
What to do with PEPs and high risk accounts?
23 © 2014 Deloitte Southeast Asia Ltd
Enhanced CDD measures include
• Internal policies, procedures and controls
to identify PEPs / High Risk customers
• Approval from FI’s senior management to
establish business relations with PEPs /
High Risk customers
• Conduct enhanced monitoring of business
relations with the customer. The bank shall
ensure that the enhanced CDD
requirements for a PEP shall also apply to
family members and close associates of
the PEP
• A bank may adopt a risk-based approach
in determining whether to perform
enhanced CDD
Key issues:
Relationship
Management,
Different
Standards
• the bank is satisfied that the third party it intends
to rely upon is subject to and supervised for
compliance with AML/CFT requirements
consistent with standards set by the FATF
• the third party is not one on which banks have
been specifically precluded by the Authority from
relying
• the third party is able and willing to provide,
without delay, upon the bank’s request, any
document obtained by the intermediary
• However, no bank shall rely on third party to
conduct ongoing monitoring of customers
Performance of CDD Measures by Third Party
25 © 2014 Deloitte Southeast Asia Ltd
Under what conditions
can financial
institutions rely on
third party for CDD?
Key Issues: Regional Monitoring Hub, Provision of CDD
Documents
• A bank that is incorporated in Singapore shall develop a group policy on
AML/CFT to meet all requirements of this Notice and extend this to all of its
branches and subsidiaries in its financial group, including those outside
Singapore
• Subject to the bank putting in place adequate safeguards to protect the
confidentiality and use of any information that is shared, as may be required by
the law of the country or jurisdiction, the bank shall develop and implement
group policies and procedures for its branches and subsidiaries within the
financial group to share information required for the purposes of CDD, and for
money laundering and terrorism financing risk management
• Such policies and procedures shall include the provision, at the bank’s group-
level compliance, audit, and AML/CFT functions, of customer, account, and
transaction information from its branches and subsidiaries within the financial
group, when necessary for money laundering and terrorism financing risk
management purposes
Group AML/CFT policy
27 © 2014 Deloitte Southeast Asia Ltd
Group AML/CFT policy
28 © 2014 Deloitte Southeast Asia Ltd
Scope
For bank incorporated in Singapore
To meet all requirements
To extend to all branches and
subsidiaries, including those outside
Singapore
Key Issues: Information Barrier
across jurisdictions? How to
link up with other compliance
functions in HO and
elsewhere?
Confidentiality
To put in place adequate
safeguards to protect the
confidentiality and use of any
information that is shared, as may
be required by the law of the
country or jurisdiction
Information to Share
For the purposes of CDD, and for
ML/TF risk management
Customer, account, and transaction
information from its branches and
subsidiaries within the financial group
30 © 2014 Deloitte Southeast Asia Ltd 30
“The challenge before us – as is often noted – is
that the fight against money laundering and
financing of terrorism is never done ...”
Mr Ong Chong Tee,
Deputy Managing Director
(Financial Supervision), MAS
31 © 2014 Deloitte Southeast Asia Ltd
Giam Ei Leen
Thng Teck Soon
Radish Singh
Ho Kok Yong
Partner
Financial Services Industry
Risk and Regulatory Advisory Services
Email: [email protected]
Executive Director
Financial Advisory Services
Forensic / AML
Email: [email protected]
Ho Kok Yong
Lead Client Service Partner
Email: [email protected]
Director
Risk and Regulatory Advisory Services
Email: [email protected]
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities.
DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see
www.deloitte.com/about for a more detailed description of DTTL and its member firms.
Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member
firms in more than 150 countries and territories, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most
complex business challenges. Deloitte’s more than 200,000 professionals are committed to becoming the standard of excellence.
About Deloitte Southeast Asia
Deloitte Southeast Asia Ltd – a member firm of Deloitte Tohmatsu Limited comprising Deloitte practices operating in Brunei, Cambodia, Guam, Indonesia, Laos, Malaysia,
Myanmar, Philippines, Singapore, Thailand and Vietnam – was established to deliver measurable value to the particular demands of increasingly intra-regional and fast growing
companies and enterprises.
Comprising over 270 partners and 6,300 professionals in 24 office locations, the subsidiaries and affiliates of Deloitte Southeast Asia Ltd combine their technical expertise and
deep industry knowledge to deliver consistent high quality services to companies in the region.
All services are provided through the individual country practices, their subsidiaries and affiliates which are separate and independent legal entities.
This communication contains general information only, and none of Deloitte Touche Tohmatsu Limited, its member firms, or their related entities
(collectively, the “Deloitte network”) is, by means of this communication, rendering professional advice or services. No entity in the Deloitte
network shall be responsible for any loss whatsoever sustained by any person who relies on this communication.
© 2014 Deloitte Southeast Asia Ltd 32