Key Takeaways From MAS Information Paper on AML/CFT For External Asset Managers
EAMS are also known as independent asset managers. EAMs conducting fund management activities in Singapore are required to be licensed under Capital Market Services Licence, be a Registered Fund Manager or be appropriately exempted. Although the recommendations in the information paper are based on the inspections conducted on EAMs, they are applicable to all other types of fund managers as well.
AML/CFT Compliance
Board and senior management (BSM) play a crucial role in ensuring EAM meets the AML/CFT regulatory requirements. Lack of oversight from BSM leads to poor risk management culture.
- BSM should be aware of regulatory requirements and expectations, set the right money laundering / terrorism financing (ML/TF) risk culture, and maintain adequate oversight through proper monitoring and escalation mechanisms.
- review documentation presented for approval and ensure they accurately reflect EAM’s exposure to ML/TF risks.
- Ensure all three lines of defences are aware of their AML/CFT responsibilities , held accountable and equipped with knowledge to detect ML/TF red flags.
- Ensure there are adequate compliance resources to match the need of the EAM.
- Ensure internal audit (IA) function is independent and adequately resourced with personnel with knowledge and expertise. Ensure scope and frequency fits business needs.
Conducting an Enterprise-Wide Risk Assessment once every two years
Enterprise-Wide Risk Assessment (EWRA) assists an entity to understand its overall vulnerability to ML/TF risks. It is required for EAMs to conduct EWRA assessment at least once every two years or when material trigger events occur, whichever is earlier. Material trigger events include acquisition of new segments or delivery channels or launch of new products and services.
- EAMs should consider all relevant factors, bearing in mind its business model, including target markets and delivery channels when assessing ML/TF risks at enterprise level.
- Sure consistency in applying risk assessment framework at individual customer level and enterprise-wide level.
- Provide adequate guidance and conduct proper review of EWRA to ensure inputs are accurate and assessment outcomes are reasonable.
- Review and update EWRA on a regular basis.
Customer Risk Assessment
As part of conducting overall ML/T risks posed by customers, entities are required to conduct risk assessments at the individual customer level. The risk assessment will assist to determine the risk rating to be assigned to each customer and ultimately make the decision as to whether a customer should be onboarded, be subjected to enhanced due diligence etc.
- Ensure all relevant risk factors such as higher risk countries/jurisdictions, higher tax risks, are considered when conducting a risk assessment.
- Consider pertinent and credible information to assess ML/TF risks posed by customers and ultimate beneficial owners, including politically exposed persons (PEPs) or close associates and family members of PEPs.
- Execute customer risk assessment is conducted prudently to ensure higher risk customers are identified and subjected to enhanced due diligence measures.
Customer Due Diligence – onboarding of new customers
EAMS are required to apply appropriate customer due diligence measures which includes identification, verification of customers, and relevant persons such as natural persons acting on behalf of the customers, connected parties and beneficial owners. Screening on all relevant entities and persons are also required and form part of the due diligence process.
- Ensure customers and all relevant parties are identified and verified.
- Ensure verification of identities of the customers and their relevant parties is completed and before establishing business relations with customers or within 30 business days from establishment of business relations.
- Ensure all screening is performed on all customers and their relevant parties when, or as soon as practicable after, they establish business relations with customers.
Customer Due Diligence – transaction monitoring and periodic review
EAMs are required to conduct transaction monitoring to detect and report suspicious activities. Suspicious activities include transactions that are inconsistent with EAM’s knowledge of the customer and risk profile of the customer.
- Put in place proper transaction monitoring framework including risk based parameters thresholds. Regularly review the thresholds.
- Review transactions holistically across multiple managed accounts belonging to the same beneficial owners or group of interconnected managed accounts.
- Scrutinize transactions including inflows and outflows. Pay special attention to especially those involving third parties and those flagged out by custodian banks for example.
- Perform robust assessment on risk mitigation measures such as suspicious transaction filing, exit business relations etc. Ensure customers connected to ML/TL if retained, reasons as to why they are retained be documented and approved by senior management.
- Ensure periodic reviews focus on and holistically consider all relevant ML/TF risk areas such as outcomes of screenings checks and results of transaction monitoring.
Enhanced Customer Due Diligence and Suspicious Transactions Reporting
EAMs should perform enhanced customer due diligence (EDD) measures on high risk customers which includes obtaining approval from senior management, obtaining information on source of funds and source of wealth and subjecting customers to more frequent periodic checks. EAMs are required to file suspicious transactions reports (STRs) with the Suspicious Transaction Reporting Office (STRO) within 15 days of the suspicion being flagged.
- Ensure customers/BOs posing higher risks are identified and subjected to enhanced due diligence measures.
- Perform adequate independent verification of customers/BOs source of wealth and source of funds to assess legitimacy of the funds/assets managed.
- Must file STRs on a customer as long as long as it is known or there are reasonable grounds to suspect any property of the customer could be connected to ML/TF.