The Monetary Authority of Singapore (MAS) recently released a report on “Strengthening Capital Markets Intermediaries’ Oversight over AML/CFT Outsourcing Arrangements”.
The report highlights some key principles that Capital Markets Intermediaries (CMIs) should follow when relying on third-party providers for the outsourcing of their anti-money laundering and counter-terrorism financing strategies, such as:
- The Board and Senior Management need to fully understand the money laundering and terrorism financing (“ML/TF”) risks involved in their business and exercise strong oversight over their controls;
- Based on MAS’s Guidelines on Outsourcing from October 2018, the outsourcing of AML/CFT control functions is considered material outsourcing. As such, CMIs need to ensure that they conduct a robust assessment of their service provider, before establishing the business relationship as well as on an on-going basis.
Most commonly, the AML/CTF functions being outsourced include customer due diligence (“CDD”) measures, screening, and money laundering risk profiling of customers.
In certain instances, MAS found that AML/CTF Service Providers (ASPs) were putting capital markets intermediaries at risk, resulting in breaches that senior management ultimately holds responsibility for. Examples of breaches include:
- Protracted delays in conducting periodic reviews of existing customers;
- Enhanced customer due diligence measures not being duly completed (e.g. higher-risk customers being wrongly rated as “medium risk” by the ASP);
- Delayed or missing screening of existing customers.
The root causes for such breaches are usually a combination of the contracting company’s inadequate understanding of the service providers’ practices, and a lack of proper oversight and timely monitoring mechanisms from the CMIs.
Best practices when contracting a third-party provider
MAS prescribes a series of best practices to follow, which include:
During the initial due diligence phase:
- The introduction of a structured assessment process, with defined criteria (including the ASP’s level of staff competency and experience, its track record and ability to comply with regulatory requirements), as part of its outsourcing policy.
- A gap analysis between its AML/CFT policies and procedures and that of the potential ASPs, as well as a review the potential ASPs’ policies and procedures to ensure that they met local regulatory requirements prior to signing a contract.
- Approval by senior management of the appointment of the ASP, with formal documentation to support the assessments and a well-defined outsourcing agreement.
On an on-going basis:
- Active efforts by CMI’s AML/CFT compliance officer(s) to ensure outsourced control functions are being performed as intended, and regularly reports on key control issues noted for the Board and Senior Management’s deliberation.
- Escalation procedures to be established on significant ML/TF issues, including persistent delays in obtaining required CDD documents, changes in the ASP’s AML/CFT policies and procedures, and screening hits.
- Periodic review assessments to be performed and duly approved, with proper documentation.
Partnering with Know Your Customer
At Know Your Customer, we specialise in partnering with financial institutions and other regulated organisations to implement fully secure yet customer-friendly digital onboarding and AML solutions in Singapore and globally.
Our partnership formula provides:
- A thorough mapping of clients’ KYC policies to the KYC/AML and client onboarding procedures provided by our solutions;
- The identification and implementation of multiple workflows and digital journeys based on customer types and specific enhanced due diligence requirements;
- The configuration of the KYC Live Monitoring tool to automatically perform periodic reviews based on specific requirements across jurisdictions and existing customers’ risk profiles;
- Multiple options for integration with legacy systems and data upload of existing customers’ information to centralise and standardise all AML/CFT operations within one digital solution;
- Real-time connections to company registries for the retrieval of official documentation and reliable company data in line with regulatory requirements for documentary evidence;
- Access to immutable audit trails recording all AML/KYC actions performed on any customer by the system and customers’ compliance officers, ensuring transparency and facilitating periodic internal and external reviews of existing processes.