Published Date: 27 April 2021 The Monetary Authority of Singapore
Distinguished guests, ladies and gentlemen, good morning to all of you.
1 I am honoured to be joining you at the ACAMS Asia Pacific Anti-Money Laundering and Anti Financial Crime Conference. While we are unable to meet in person, I am glad that ACAMS’ training and events have continued virtually amidst the disruptions brought on by COVID-19, just as the financial industry itself has shown resilience in adapting to remote or hybrid working.
2 This morning, I would like focus on how financial institutions and MAS can continue to work together and work smarter in the fight against money laundering and terrorism financing (ML/TF). Embedded in this theme are the efforts by MAS and law enforcement agencies to tap public-private collaboration, and catalyse the effective use of data analytics to prevent criminals from abusing our financial system. While we have come far on this journey collectively, there is more we can do to build on our early successes. I would like to take this opportunity today to touch on a three key areas: firstly, to highlight the key milestones that we have achieved; secondly, to point out the landmarks ahead; and lastly, to signpost some tricky terrain that we must navigate. Please allow me to elaborate.
Collaboration & data analytics have led to key successes
3 Let me start by celebrating our successes. Since the AML/CFT Industry Partnership, or ACIP, published its Industry Perspectives Paper on AML/CFT data analytics in November 2018, the use of data analytics and digital processes in general has become more embedded, and many banks in Singapore have upgraded or are in the midst of upgrading their risk detection and analytics systems, leading to increased AML/CFT effectiveness. Major banks, MAS and CAD have collaborated closely to target key ML/TF risks and priority cases through ACIP. When COVID-19 emerged, the new capabilities that we have collectively built not only supported the banks in remaining operationally resilient, but also helped the banking system maintain and even improve overall AML/CFT defences.
4 One example is the enhanced operational efficiency arising from the use of electronic means to issue and reply to police production orders, through Project POET, short for Production Orders: Electronic Transmission. Project POET has dramatically cut the turnaround time for this process by up to 97%, and correspondingly freed up resources spent dealing with these production orders. Since being co-developed by the Singapore Police Force and OCBC in July 2019, DBS and UOB have also come on board, and I encourage other banks and FIs to consider doing so as well.
5 I doubt anyone here would have predicted, when the initiative started, that Singapore would go through a circuit breaker within a year of its launch. The infrastructure, while set up earlier for the main goal of reducing turnaround time for information transmission, became a key channel to ensure the continued ability of banks and law enforcement agencies to seamlessly send and receive information crucial for financial investigations, even while remote working arrangements were in place. Similarly, ACIP, which was launched in 2017, played a vital role during the pandemic, in sharing best practices on how banks can maintain the effectiveness of their AML/CFT controls, complementing MAS’ and CAD’s joint alert on emerging criminal typologies. Another good example was the interception of more than S$6 million arising from a COVID-related scam in March 2020, by the Anti-Scam Centre - a partnership between the Singapore Police Force and major banks started in June 2019.
6 Equally encouraging, a number of banks have, aided by their data analytics capabilities, identified networks of potential shell companies and pass-through transactions in their bank accounts. They brought such activities to the attention of ACIP, which then issued a number of advisories to alert the wider industry of the key indicators of these suspicious networks.
7 Since 2019, CAD and MAS have also worked closely with key banks, through the ACIP partnership, on specific cases and targets where intelligence and leads are shared through a hub and spoke model for the purposes of surfacing new leads and conducting further analytics. These collaborative efforts have thus far culminated in successful interceptions of about S$69 million, including more than S$19 million of incoming funds that were blocked through the banks’ proactive identification of suspicious accounts. It is indeed encouraging to see that our joint fight against illicit actors has evolved beyond their swift identification, to the upstream prevention of crime.
We should build on these gains and remain alert to emerging risks
8 Let me now paint the landmarks for the road ahead. What next, and where do we go from here? Firstly, MAS continues to encourage and expect FIs to effectively leverage data analytics in their AML/CFT frameworks. There is, of course, no “one size fits all” approach and you should consider how data analytics can more fruitfully be applied to your FI, even if it is to start small and build up from there.
Strengthening data analytics capabilities and governance
9 One promising application of data analytics is to move towards a more dynamic and trigger-based risk assessment of customers and suspicious transactions, incorporating behavioural factors such as transactional patterns and changes in customer profile. For instance, illicit shell companies may change their shareholding and beneficial ownership structure, pivot from the original business activities declared to banks at account opening or have sudden high frequency or large unexplained transfers. Identifying and acting quickly on such triggers, whether from singular factors or a combination of multiple red flags, could make a critical difference in stopping criminals before the damage is done.
10 For FIs that have already integrated data analytics tools into your AML/CFT processes, we encourage you to develop strong governance processes, to ensure that these tools remain relevant and effective:
a. Firstly, good data is the bedrock of analysis. You should consider developing a data governance framework and robust infrastructure to ensure that your analytics tools run effectively, and in a scalable manner.
b. Next, you should identify clear objectives and desired outcomes for the adoption of each analytics tool - whether it is risk prioritisation, surveillance, or automation of information collation. This will prevent the mis-application of the tools or model outside their intended purposes.
c. Third, you should systematically measure the effectiveness of your tools against the desired outcomes, so you can identify and address any issues at an early stage.
MAS will be working closely with the industry to provide more guidance through an information paper on some of these key aspects.
11 For FIs that are just starting out on their journey in data analytics, you could consider focusing first on making less complex changes to your systems that could lead to bigger wins, such as tools that enhance prioritisation of resources within your FI and those that lead to better risk detection. This could range from the ability to make more timely and flexible calibration of transaction monitoring rules to capture known typologies or scenarios, to analytical tools for prioritising the review of system alerts. These efforts would help your FIs manage resources better, and seek an optimal balance between reducing false positives while sieving out higher-risk alerts for timely review.
12 Alongside the investments in advanced data analytics hardware and software, I would be remiss if I did not mention the most important component - a committed and strong pool of talent, or as some would call it, the “heartware”. I would like to commend ACAMS’ work and efforts on capacity building in combating ML/TF. The Certified Anti-Money Laundering Specialist course offered by ACAMS is one of the key training programmes that have been accredited by the Institute of Banking and Finance, or IBF. It is recognised by the industry and aligned with the Skills Framework for Financial Services.
13 As you have already set aside valuable time to be here at this event, I may be preaching to the converted, but I urge all AML/CFT professionals to continually seek opportunities for reskilling and upskilling as threats are ever evolving. The IBF has worked closely with the industry to update its framework for new roles and skills such as compliance analytics, data analytics and data visualisation. Courses accredited by IBF will deepen your understanding of data analytics and expand your competency to apply data analytics tools for AML/CFT purposes. Individuals who successfully complete an IBF-accredited programme and meet the relevant criteria may apply for IBF Certification, which is an industry endorsed mark of quality awarded to practitioners who have attained the required skills.
14 Beyond the existing workforce, as AML/CFT needs continue to grow, we urge FIs to consider hiring and training individuals who may not previously be in compliance-related roles but have adjacent skills and experience to offer. IBF can assist to co-create with the industry, job and training pathways or professional conversion programmes to help transit alternative talent pools into AML/CFT roles. This way, we expand the talent pool beyond traditional recruitment sources to build a sustainable and deeper pipeline of AML/CFT professionals for the industry. I also welcome and encourage FIs to work closely with industry associations and training providers to co-create relevant AML/CFT courses to meet the needs of your respective industries. You may seek the support of the IBF on the funding and accreditation of these courses.
Staying vigilant to new risk areas
15 Second, as we strengthen our AML/CFT defences, we also need to stay vigilant to new risk areas that are “by-products” of financial innovation. Let me highlight a couple of areas to which MAS is paying closer supervisory attention:
a. The first relates to virtual assets or digital payment tokens (or DPTs). From an AML/CFT perspective, DPTs pose higher risks given the speed, anonymity and cross-border nature of the transactions they facilitate. Since the introduction of the Payment Services Act to regulate DPT service providers, MAS has stepped up our efforts to set clear supervisory expectations of AML/CFT controls, and enhance our surveillance of the sector. Our in-house surveillance efforts now enable us to pro-actively detect suspicious networks and unlicensed activities for further supervisory and law enforcement actions. FIs looking to offer DPT services should also institute the necessary controls to ensure that these risks are appropriately mitigated.
b. Another area is the use of Variable Capital Companies, or VCCs. The number of VCCs has grown significantly since the framework was introduced in January 2020. As fund vehicles with a separate legal personality can potentially be misused as a conduit for illicit purposes, MAS is assessing the higher risk segments in this space, for more intensive supervisory follow-up. We plan to conduct thematic inspections of financial institutions that perform AML/CFT checks for VCCs to assess the robustness of their AML/CFT controls.
Doubling down on collaborative efforts
16 Lastly, and perhaps most importantly, we will be doubling down on industry as well as public-private collaboration, powered by data analytics. Despite the significant gains we have made over the past few years, a remaining challenge is that criminals continue to exploit information gaps between FIs to launder their illicit gains. I earlier described how ACIP was able to disrupt fund flows linked to suspicious accounts, thanks to the effective use of data analytics and close partnership amongst its members. These are the kinds of successes we need to replicate and scale up.
17 To facilitate the timelier detection of illicit behaviour, particularly in priority risk areas identified through our national risk assessment, such as the misuse of shell companies, trade-based money laundering and proliferation financing, we are working closely with a number of banks to explore how they can share key risk information with each other in a timely and secure manner. The US and UK, for example, already have legal frameworks in place to permit such sharing. We in Singapore will need to consider how such sharing can be effectively implemented within our local context. As you will no doubt appreciate, this is a complex endeavour, but one that promises to be a “game-changer” for AML/CFT, especially when coupled with the growing effectiveness of data analytics. We hope to make sufficient progress to outline our intended approach in the coming months.
We must guard against de-risking and apply our risk-based approach better
18 Having set out the major landmarks for the road ahead, I will conclude with a reminder to pay attention to potential pitfalls along the way - in particular, the unintended consequences of our well-intended actions.
19 Access to a bank account is essential to many of our daily activities, such as receiving salaries, paying bills and making purchases. It is something that most of us take for granted. Even as we maintain our vigilance against financial crimes, we should ensure that the banking system stays inclusive, and does not unfairly shut out Singaporeans previously convicted or suspected of financial crimes, or their families and close associates. From the bank’s perspective, the business case for retaining such customers may not be strong, given the potential risk of future misdemeanours and in some cases, the difficulty of establishing that the customers’ existing financial resources are legitimate. Yet, as a society and industry, we need to recognise that “de-risking” of such individuals could significantly impact their lives and livelihoods and hinder their ability to re-integrate into society. The answer to this challenge is to be more deliberate and targeted in our risk-treatment strategies.
20 I therefore urge banks to perform thorough risk assessments of such customers and not opt to terminate their accounts without having sufficiently considered if risks can be mitigated. Accounts should not be terminated solely on the basis of adverse news, and banks should make appropriate distinctions between customers who are convicted or suspected of financial crimes, and their family members or close associates. As far as possible, the customer should be given the opportunity to explain any behaviour that the bank has assessed to be suspicious. The bank should exit the relationship only if the residual risks posed by the customer cannot be adequately mitigated even with additional controls applied. While sophisticated AML/CFT systems and close-knit partnerships such as ACIP give us powerful tools to pick out potentially suspicious behaviour, we also have a responsibility to be discerning and proportionate when taking actions to safeguard our banks and banking system.
21 In this spirit, we are heartened that the industry has recognised and supported efforts towards greater financial inclusion. MAS is working with several banks in Singapore on limited purpose bank accounts for individuals who are considered to pose higher financial crime risk. These accounts would allow these individuals to carry out banking transactions for daily needs, while managing risks by limiting inflows to those from white listed sources, such as salaries and government pay-outs. We are now finalising the operational details of these accounts with the banks.
Conclusion
22 In closing, let me encourage you again to persevere in strengthening your FI’s AML/CFT effectiveness, by effectively leveraging data analytics and keeping abreast of emerging risks. As professionals, I hope you will individually work to break new ground in these efforts. Many thanks as well to ACAMS for inviting me to give these remarks and also for putting together this highly topical conference agenda. I wish you an enjoyable and fruitful rest of the day, and look forward to meeting you in person soon.