
Regulatory Compliance Audits in Singapore and Hong Kong
As global events and geopolitical shifts continue to happen, they introduce new risks for financial institutions (“FI”) operating in either Singapore or Hong Kong.
With these associated risks, it is more important than ever to ensure that businesses implement an internal audit function that is effective, dynamic and future proof. This is a fundamental risk mitigation tool for any financial institution.
The majority of regulated financial institutions in Singapore are required by the Monetary Authority of Singapore (“MAS”) to put in place adequate, internal audit functions that are commensurate with the scale, nature and complexity of the business conducted by the financial institutions. Similarly, in Hong Kong, the Securities and Futures Commission (“SFC”) conducts regular inspections requiring that financial institutions are always prepared for these assessments.
The role of internal compliance audits and mock inspections
Today’s modern internal compliance audits and mock inspections act as a key tool to identify risks within an organisation and subsequently take steps to effectively address those risks in a timely and efficient manner.
Internal Audit and BCM Audit services
Focus areas in internal audits
As a minimum, we address the following areas when conducting internal audits for firms operating in Singapore or Hong Kong:
- corporate compliance controls
- controls for valuation and customer reporting
- conflicts management
- adequate risk management controls
- appropriate disclosures to customers
- compliance controls
- regulatory filings and breaches
- documentation and record-keeping
- suitability of, and adherence to, internal controls and documents
- compliance training.
Focus areas in BCM audits
In Singapore, firms are required to carry out business continuity management (“BCM”) audits once every 3 years.
At a minimum, we address the following areas when conducting BCM audits:
- board and senior management roles and responsibilities
- validation and measurement of the effectiveness of the BCM and disaster recovery plans
- ensuring key senior management and employees are familiar with the plan
- identification of critical business services and functions and recovery time objectives
- stress test of Business Continuity Plans (“BCPs”)
- concentration risks and dependency mapping suitability
- validation of training and other communications provided to employees.

Business Continuity Management – Monetary Authority of Singapore (MAS) Guidelines
Our Business Continuity Management (BCM) guidelines overview provides key insights into Singapore’s regulatory requirements, including:
- MAS’ BCM obligations
- end-to-end, service-centric approach for critical business services
- ongoing risk assessments and continuity measures
- enhanced focus on high-risk disruptions.
You can download our comprehensive BCM guide here:
Independent Compliance Reviews
Waystone is able to carry out bespoke compliance reviews on key areas such as Anti-Money Laundering (“AML”) policies and procedures, which includes:
- review of current policies against MAS and SFC requirements
- review of customer onboarding procedures
- sample testing of customer identification and verification documents
- sample testing of risk ratings and methodologies
- review of adherence to additional requirements for high–risk customers
- review of periodic due diligence
- review of transaction monitoring
- compliance training.
SFC Mock Inspections and Remediation Support
Waystone specialises in conducting comprehensive mock SFC inspections for financial institutions to proactively identify and address any compliance gaps. Our expert team brings industry knowledge of SFC regulations and best practice, providing an independent and unbiased assessment of a financial institution’s operations.

Regulatory Compliance Audit
Our guide to Regulatory Compliance Audits offers insights into the key steps involved, including:
- scoping the audit based on your business needs
- documentation collation and planning
- assessment of internal controls and risk management
- audit findings and recommendations for improvement.
You can download our comprehensive guide here:
Why choose Waystone
Waystone (Singapore and Hong Kong) is a regulatory compliance consultancy with over 20 years of experience and with many of our clients regulated by the MAS and the SFC. Our APAC Compliance Solutions team is well-equipped to provide clients with bespoke, risk-focused and cost-effective solutions. Our wide-ranging compliance experience provides the expertise you need whilst adding value to your corporate governance standards.
If you would like to find out more about Waystone’s internal audit, BCM audit and mock inspection services available in Singapore and Hong Kong, please reach out to our APAC Compliance Solutions team.