Regulatory Compliance Audits in Singapore and Hong Kong

With these associated risks, it is more important than ever to ensure that businesses implement an internal audit function that is effective, dynamic and future proof. This is a fundamental risk mitigation tool for any financial institution.

The majority of regulated financial institutions in Singapore are required by the Monetary Authority of Singapore (“MAS”) to put in place adequate, internal audit functions that are commensurate with the scale, nature and complexity of the business conducted by the financial institutions. Similarly, in Hong Kong, the Securities and Futures Commission (“SFC”) conducts regular inspections requiring that financial institutions are always prepared for these assessments.

The role of internal compliance audits and mock inspections

Today’s modern internal compliance audits and mock inspections act as a key tool to identify risks within an organisation and subsequently take steps to effectively address those risks in a timely and efficient manner.

Internal Audit and BCM Audit services

Focus areas in internal audits

As a minimum, we address the following areas when conducting internal audits for firms operating in Singapore or Hong Kong:

• corporate compliance controls
• controls for valuation and customer reporting
• conflicts management
• adequate risk management controls
• appropriate disclosures to customers
• compliance controls
• regulatory filings and breaches
• documentation and record-keeping
• suitability of, and adherence to, internal controls and documents
• compliance training.

Focus areas in BCM audits

In Singapore, firms are required to carry out business continuity management (“BCM”) audits once every 3 years.

At a minimum, we address the following areas when conducting BCM audits:

• board and senior management roles and responsibilities
• validation and measurement of the effectiveness of the BCM and disaster recovery plans
• ensuring key senior management and employees are familiar with the plan
• identification of critical business services and functions and recovery time objectives
• stress test of Business Continuity Plans (“BCPs”)
• concentration risks and dependency mapping suitability
• validation of training and other communications provided to employees.

Business Continuity Management – Monetary Authority of Singapore (MAS) Guidelines

Our Business Continuity Management (BCM) guidelines overview provides key insights into Singapore’s regulatory requirements, including:

• MAS’ BCM obligations
• end-to-end, service-centric approach for critical business services
• ongoing risk assessments and continuity measures
• enhanced focus on high-risk disruptions.

You can download our comprehensive BCM guide here:

Download PDF

First Name^*

Last Name^*

Job Title^*

Email^*

Phone^*

Company^*

Country^*--None--Afghanistan Albania Algeria American Samoa Andorra Angola Anguilla Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia, Plurinational State of Bosnia and Herzegovina Botswana Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Colombia Comoros Congo Congo, the Democratic Republic of the Cook Islands Costa Rica Cote d'Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Faroe Islands Federated States of Micronesia Fiji Finland France Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Honduras Hong Kong Hungary Iceland India Indonesia Iran, Islamic Republic of Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati Korea, Democratic People's Republic of Korea, Republic of Kuwait Kyrgyzstan Lao People's Democratic Republic Laos Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, the former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Moldova, Republic of Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands Netherlands Antilles New Caledonia New Zealand Nicaragua Niger Nigeria Northern Mariana Islands Norway Oman Pakistan Palau Panama Papua New Guinea Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Reunion Romania Russia Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and the Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Korea South Sudan Spain Sri Lanka Sudan Suriname Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania, United Republic of Thailand Timor-Leste Togo Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates United Kingdom United States Uruguay Uzbekistan Vanuatu Venezuela, Bolivarian Republic of Viet Nam Virgin Islands, British Virgin Islands, U.S. Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe

I would like to be kept up to date with the latest regulatory and compliance news

I have read the Waystone Global Data Protection Notice

Submit details and download PDF

Independent Compliance Reviews

Waystone is able to carry out bespoke compliance reviews on key areas such as Anti-Money Laundering (“AML”) policies and procedures, which includes:

• review of current policies against MAS and SFC requirements
• review of customer onboarding procedures
• sample testing of customer identification and verification documents
• sample testing of risk ratings and methodologies
• review of adherence to additional requirements for high–risk customers
• review of periodic due diligence
• review of transaction monitoring
• compliance training.

SFC Mock Inspections and Remediation Support

Waystone specialises in conducting comprehensive mock SFC inspections for financial institutions to proactively identify and address any compliance gaps. Our expert team brings industry knowledge of SFC regulations and best practice, providing an independent and unbiased assessment of a financial institution’s operations.

Regulatory Compliance Audit

Our guide to Regulatory Compliance Audits offers insights into the key steps involved, including:

• scoping the audit based on your business needs
• documentation collation and planning
• assessment of internal controls and risk management
• audit findings and recommendations for improvement.

You can download our comprehensive guide here:

Download PDF

First Name^*

Last Name^*

Job Title^*

Email^*

Phone^*

Company^*

Country^*--None--Afghanistan Albania Algeria American Samoa Andorra Angola Anguilla Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia, Plurinational State of Bosnia and Herzegovina Botswana Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Colombia Comoros Congo Congo, the Democratic Republic of the Cook Islands Costa Rica Cote d'Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Faroe Islands Federated States of Micronesia Fiji Finland France Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Honduras Hong Kong Hungary Iceland India Indonesia Iran, Islamic Republic of Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati Korea, Democratic People's Republic of Korea, Republic of Kuwait Kyrgyzstan Lao People's Democratic Republic Laos Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, the former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Moldova, Republic of Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands Netherlands Antilles New Caledonia New Zealand Nicaragua Niger Nigeria Northern Mariana Islands Norway Oman Pakistan Palau Panama Papua New Guinea Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Reunion Romania Russia Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and the Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Korea South Sudan Spain Sri Lanka Sudan Suriname Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania, United Republic of Thailand Timor-Leste Togo Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates United Kingdom United States Uruguay Uzbekistan Vanuatu Venezuela, Bolivarian Republic of Viet Nam Virgin Islands, British Virgin Islands, U.S. Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe

I would like to be kept up to date with the latest regulatory and compliance news

I have read the Waystone Global Data Protection Notice

Submit details and download PDF

Why choose Waystone

Waystone (Singapore and Hong Kong) is a regulatory compliance consultancy with over 20 years of experience and with many of our clients regulated by the MAS and the SFC. Our APAC Compliance Solutions team is well-equipped to provide clients with bespoke, risk-focused and cost-effective solutions. Our wide-ranging compliance experience provides the expertise you need whilst adding value to your corporate governance standards.

If you would like to find out more about Waystone’s internal audit, BCM audit and mock inspection services available in Singapore and Hong Kong, please reach out to our APAC Compliance Solutions team.

Contact us