Regulatory Compliance Updates June 2024 – APAC Region

4 June 2024 – MPC 02/2024 Publication of Final Amendments to Over-The-Counter (“OTC”) Derivatives Reporting Regulations and Revised Guidelines and FAQs to the Regulations

Reporting entities are to take note of the publication of the Securities and Futures (Reporting of Derivatives Contracts) (Amendment) Regulations 2024 (“Amendment Regulations”) in the government gazette on 10 May 2024, and the publication of the revised guidelines to the Securities and Futures (Reporting of Derivatives Contracts) Regulations 2013 (“SF(RDC)R”) and FAQs on the MAS website on 31 May 2024.

The amendments include the revised reporting requirements for OTC derivatives contracts previously consulted by MAS to adopt international guidance, and aim at standardizing and harmonizing the reporting of OTC derivatives data elements. The Amendment Regulations will take effect on 21 October 2024.

With this date fast approaching, MAS would like to reiterate the importance for reporting entities to start preparing for the transition to ensure a smooth process for reporting and mitigate the possibility of breaching the reporting requirements under the Amendment Regulations.

To view the Revised Regulation, please click here.

To view the Revised Guidelines, please click here.

To view the Revised FAQs, please click here.

14 June 2024 – Maintaining resilience amidst system changes

As there have been several major IT incidents which resulted in prolonged disruption of financial services in recent years, the Advisory sets out MAS’ observations from recent incidents and the controls that FIs should implement to improve the robustness of change and release management.

We have set out below a summary of processes and controls identified as improvement areas from the root causes of major IT incidents:

Policy and governance

1. Define criteria and requirements for emergency changes

• emergency changes to IT systems should be a last resort to maintain system integrity, stability, and security
• establish clear criteria for assessing urgency, conducting risk and impact analysis, and defining approval authority
• conduct thorough post-implementation reviews and corrective actions to mitigate issues.

2. Define rollback framework

• develop a rollback framework considering the type and criticality of system changes
• include roles/responsibilities, trigger conditions, communication protocols, fallback mechanisms, and post-rollback procedures
• validate rollback plans to ensure effectiveness in recovering systems quickly.

3. Enforce effective ‘maker-checker’ and ‘segregation of duties’

• apply maker-checker principles to reduce human errors during change implementation
• ensure segregation of duties so that no single individual controls change or release processes.

4. Automate processes

• automate release management processes, including testing and deployment, to minimize human errors and enhance system integrity, stability, and security.

Evaluate and test

5. Identify systems dependencies

• map end-to-end system dependencies to assess potential impacts on upstream and downstream systems
• implement risk mitigation measures for identified dependencies to prevent negative consequences.

6. Perform in-depth risk and impact assessments

• establish a framework for comprehensive risk and impact assessments before implementing changes
• develop methodologies to consistently evaluate cyber security and system resilience impacts.

7. Perform comprehensive system testing

• establish robust testing methodologies covering functional and non-functional aspects proportional to system criticality
• ensure testing environments closely mirror production to accurately predict change impacts.

Monitor and review

8. Enable logging

• log system events associated with changes securely facilitate effective troubleshooting and root cause analysis
• develop technical means to preserve logs during rollback processes to support post-incident analysis.

9. Conduct post-change verification and monitoring

• perform post-change verifications and ongoing system health monitoring to ensure changes are implemented correctly and systems function as expected.
• address any issues promptly to minimize potential disruptions.

By implementing these action points, FIs can enhance their change management and release management processes, reduce operational risks, and maintain the security and resilience of their IT systems effectively.

20 June 2024 – Money Laundering National Risk Assessment

MAS has published an updated Money Laundering (ML) National Risk Assessment (NRA) as part of Singapore’s continuing efforts to maintain the effectiveness of its anti-money laundering (AML) regime amidst the evolving risk landscape.

To view the updated NRA, please click here.

27 June 2024 – FDD Cir 05/2024 Extension of Tax Incentives Schemes for Trusts

The tax exemption schemes for trusts, including income of foreign trusts, relevant income of prescribed locally administered trusts, and income of foreign account of philanthropic purpose trusts, are extended until 31 December 2027.

These extensions aim to support Singapore’s growth as a global wealth management center and a trusted domicile for global trusts.

Financial Institutions should note the extension and refinement of tax incentive schemes for trusts in Singapore as outlined in the circular:

1. Details of extension and refinement

Trusts administered by Singapore-based licensed trust companies (LTCs) or Private Trust Companies (PTCs) can benefit from these tax incentives.

Originally set to expire in 2024, the schemes are now extended to 2027 to provide continuity and certainty to the wealth management sector.

2. Tax exemption criteria

The tax exemption for prescribed locally-administered trusts includes dividends from non-resident holding companies if derived from non-relevant income.

Non-relevant income includes certain categories like Singapore one-tier dividends, rental income from Singapore properties, and specific Singapore investment income exempted under fund incentive schemes.

3. Requirements to ensure economic substance

To qualify for these incentives, trusts must be administered directly or indirectly by an LTC, employing at least two trust professionals starting from 1 January 2025.

This requirement ensures economic substance within Singapore, aligning with regulatory standards.