Ong Chong Tee: Observations and thoughts from a financial regulator's perspective

Keynote address by Mr Ong Chong Tee, Deputy Managing Director (Financial Supervision) of the Monetary Authority of Singapore, at the Association of Certified Anti-Money Laundering Specialists (ACAMS) 9th Annual Anti-Money Laundering & Financial Crime Conference, Singapore, 24 April 2017.

1. Good morning. Mr Timothy McClinton, President and CEO of the Association of Certified Anti-Money Laundering Specialists (ACAMS); Ms Hue Dang, CAMS-Audit Head of Asia; Distinguished Guests, Ladies and Gentlemen. I am delighted to join you in this 9th Annual Anti-Money Laundering & Financial Crime Conference in Asia Pacific.

2. I like to commend ACAMS's leadership and your membership for the extensive work on training and various outreach programmes relating to financial crime detection and prevention.  Many of you are specialists and experts in this area.  But as Malcolm Forbes once said: one definition of an expert would be someone who knows enough of a subject to know that he does not know how much he does not know. Fora such as this are therefore beneficial for collective learning and sharing, to plug knowledge gaps and to exchange perspectives.

3. Allow me to share some observations and thoughts this morning from a financial regulator's perspective.

4. For some years now, the global community has been stepping up our efforts to combat money laundering and terrorist financing. The integrity and stability of the international financial system must not be exploited by those who engage in criminal activities.

5. An ongoing challenge is that the threats are ever evolving.  The nature of illicit fund flows are varied and often cut across jurisdictions and economic sectors. In the case of money laundering (ML), the intention is to camouflage the origin of ill-gotten proceeds or property.  Terrorist financing (TF) can be different in that the sources of such funding may be of proper or legal origins. The motivation is often to disguise the use of the funds. 

6. Criminals can and will try to use increasingly sophisticated ways to "beat the system" to launder money or finance terrorism. It is very difficult to estimate the size of this problem given its opaque nature. There have been various estimates that the amount of money laundered each year is far in excess of US$1 trillion. In truth, no one really knows. What is more important is that globally, it is recognised that this is an important issue that affects us all. ML and TF threats undermine the confidence and stability of financial systems. There are also high social and political costs.

7. This is why at national levels, many countries including Singapore have taken holistic measures to address ML/TF risks. Besides a multitude of actions relating to laws, regulations, penalties and public awareness, specific tools also include the ability of regulators and law enforcement authorities to carry out risk surveillance, investigation and information exchanges. A number of international organisations and groupings, including the Financial Action Task Force (FATF), IMF, G20, OECD's Global Forum on Tax, the Egmont Group etc. have also co-ordinated international efforts to tackle the problem in a comprehensive manner. This is essential given the trans-national nature of the threats.

8. The FATF - which is the international standard setting body - has also sought to develop more guidance relating to various sectors and entities. Many of you will be familiar with the FATF Recommendations on money laundering, terrorism financing and proliferation financing. In 2012, the FATF enhanced its Recommendations to put emphasis on effectiveness. That is, merely having rules in place is not enough. FATF also developed a more systematic framework for peer reviews.

9. Let me turn to developments in Singapore.

10.   We have a comprehensive legal and regulatory framework, in line with global standards. We will continue to enhance our Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) regime.

11.  Last year, the MAS decided to consolidate some of our supervisory resources into a single AML department so that we can further deepen our technical expertise and focus in this area. This will allow us to better streamline supervisory efforts across various sectors of finance such as banking, insurance and capital markets. At the national level, the AML Department co-ordinates AML/CFT strategies across all economic sectors, together with other government agencies.

12.  The financial sector is a critical component of our national AML/CFT defences. MAS' framework involves four key elements:

    (a) Progressive Regulations

    (b) Intensive Supervision

    (c) Rigorous Enforcement

    (d) International Co-operation and Industry Partnerships

13.  Firstly, on Regulations. MAS regulations for the financial sector are benchmarked to global standards. Over the years, we have updated our requirements to keep them current and relevant.

14.  But regulations are defined sets of rules and requirements. They cannot possibly cover all situations and every manner of activity or behaviour; to try to do so would require ominous amounts of prescriptive and narrow rules that are neither feasible nor practical. So regulators worldwide including ourselves have to consider carefully how to put in place workable rules: having the appropriate regulations that cover the requirements under the FATF standards while taking into account any practical challenges of implementation, operational inefficiencies and unintended consequences.

15.  This leads me to the second element of our framework - Supervision. It is one thing to have a set of workable rules and regulations. It is another thing to have the requirements clearly understood and complied with. No amount of regulations will be effective if the quality of implementation is poor or if financial institutions (FIs) are not vigilant.

16.  The MAS has in recent years stepped up our AML offsite reviews and onsite supervision of financial institutions. Our supervisory intensity is necessarily risk-based given that both regulators and the regulated entities work within finite constraints of resources and time. Therefore, we have adopted various risk bucketing metrics so that we can be targeted on more vulnerable areas. This has resulted in the intensification of our supervision on areas or businesses that are more prone to ML/TF risks, or where controls have been found to be lacking from past inspections.

17.  We have organised and will organise more industry engagements to share supervisory findings on common lapses and good practices at the end of each series of inspections. This is intended to help level up controls over time.

18.  Our inspections go beyond rules-based compliance.  We focus on whether financial institutions demonstrate a good understanding of risks, and a good risk culture within the organisations. We much prefer that FIs adopt a proactive approach in meeting their regulatory obligations than a passive rule-based attitude. Let me elaborate on this.

19.  One area relates to governance. You are all familiar with the common thinking of having three lines of defence. Recently, there are suggestions to augment this with a "four lines of defence" model for better governance in financial institutions. The first line involves frontline and management controls within business units; then compliance and risk management functions as the second line; and the audit function as the third line. A newer fourth line involves interactions of the FI with its external auditors and regulators. An FI's senior management and board should monitor and be satisfied that these lines are effective.  Senior managers should never "look the other way" on suspicious transactions, even if they involve major clients who are significant revenue sources. After all, reputation and legal risks can be costly too.

20. The MAS expects boards and senior management to have ownership and oversight of ML/TF risk control issues.  FIs therefore must put in place an effective reporting framework to keep board and senior management well apprised. In turn, Board and senior management must oversee proper resolution of ML/TF risk control concerns as flagged out internally by your staff, by auditors or regulators. 

21. The next area relates to risk culture. Clearly, culture is not easy to prescribe as a practical matter. Every staff in the FI, not just its management, contributes to its culture. However, management usually has decisive influence on a firm's overall culture by setting the right "tone from the top" which must be reinforced through supporting actions to secure the commensurate "echo from the bottom". Those in the various lines of defences must be empowered and recognised for doing their jobs well.

22.  My remarks so far have discussed the MAS' approach to Regulations and Supervision. Let me now touch on the next element of our framework - Enforcement. No matter the amount of regulations and notwithstanding the heightened intensity of our risk-based AML supervision, those bent on breaking our ML/TF laws will always try to find ways to exploit any weaknesses in control systems or practices. This can happen especially if an FI's governance and culture fall short and appropriate due diligence is overlooked in lieu of business motivations. Should this happen, the MAS will take tough enforcement actions for breaches of our regulatory requirements. Where laws are broken, we will also not hesitate to refer these to the law enforcement agencies for investigation and prosecution.

23.  Last year, we announced the centralization of our enforcement function into a single department. The team in our Enforcement Department will deepen our capabilities in investigative work that were previously undertaken by prudential supervisors. A centralised enforcement function in MAS will also allow us to take a holistic approach to "follow the funds" should these cut across different types of entities in our financial sector.

24.  Let me now highlight the fourth key element of our AML/CFT framework: International Co-operation and Partnerships.

25.  I have mentioned Singapore's commitment to the international efforts to combat ML/TF risks. We fully support the important work of various international organisations including the FATF. In addition, it is important to have close supervisory co-operation between financial regulators and we hope to expand on our supervisory cooperation network. Another area which we will strengthen is our partnership with the financial industry.

26.  While law enforcement and regulatory authorities have wide powers, the financial industry has an "on the ground" vantage point with front-line knowledge of business and clients. It is hence advantageous to adopt a collaborative "eco-system" approach to holistically deal with ML/TF risks. Such a partnership should be as inclusive as practicable - involving law enforcement agencies, regulator and the industry. Through collaborative partnership platforms, we can expand our understanding of emerging risks and the typologies criminals use to launder money. This will allow us to work together to design better tools to detect and deter ML/TF activities. With this in mind, I am pleased to announce the launch of the AML/CFT Industry Partnership, or ACIP.

27.  Industry engagement is not new. The MAS greatly values its many existing co-operation with the industry such as with the Association of Banks in Singapore (ABS). Such partnerships are also not new in the world. Other jurisdictions, for example the UK and Australia, have also launched similar initiatives.

28.  What the ACIP will do in addition, is to institutionalise a collaborative partnership between the law enforcers, regulator and industry. The ACIP will comprise a Steering Group which will be jointly chaired by the CAD and MAS with senior representatives from the ABS and a pilot group of eight banks.  It will provide a dedicated forum to more effectively exchange ideas and information to mitigate ML/TF risks based on the national threat assessment.

29.  The Steering Group will set up various Working Groups to do targeted work on priority topics. These Working Groups will deliver tangible, relevant and targeted products which will be disseminated to the broader industry. The Working Groups will also share best practices and typology alerts. Senior industry participants from within and outside the financial sector will be invited to contribute to these Working Groups. I trust that all relevant stakeholders will step up to the call.

30.  Last but not least, let me say something about capability and capacity building in combating ML/TF. Private sector bodies such as ACAMS are important in the training of AML/CFT specialists, and will certainly complement the internal programmes of financial institutions. The need to deepen capabilities and enhance capacity applies equally to us as a regulator and to law enforcement agencies.

31.  One newer development is the greater use of technology tools and solutions including in the area of data analytics. I know many of you, in your respective firms, are already tapping on technology tools to improve your ability to detect fraud or unusual activities. Some of you are aware of the ongoing discussions in Singapore to develop utilities that can streamline "KYC" processes and uplift the overall quality and consistency of such checks and customer on-boarding.  We can expect the increased use of technology especially in the areas of AML/CFT screening and risk monitoring.

32.  As a financial regulator, the MAS is able to look for linkages and patterns across financial institutions. These may include emerging risks or irregular relationships, or networks and linkages between entities or actors. MAS is therefore also investing in the use of technology and analytics. Recently, we announced the formation of a dedicated Data Analytics Group which will complement and support the analytics units in our supervisory teams. This internal analytics "hub-and-spoke" model will deepen our "SupTech" capability, in turn allowing MAS supervisors to better tap the "RegTech" capability that many FIs have embarked on. This SupTech-Regtech linkage is targeted at driving adoption of technology for compliance and supervision efficiency and effectiveness.

33.  A greater use of analytics to support our AML/CFT risk monitoring and supervision work will hence be a key priority in MAS. To illustrate, we expect to tap Hadoop-based Big Data system to build complex network models that are better able to identify and pick up subtle patterns in entity behaviours. In the future, we hope to rely more recent technologies such as Machine Learning, Deep Learning and Graphics Processing Unit (GPU) based computing, to deepen MAS's financial surveillance and supervisory insights. I know that some of the major FIs are doing the same. Our Data Analytics Group will also look to establish a community of senior data practitioners with the industry to support an exchange of views for mutual learning.

34.  Let me conclude by reiterating why we take ML/TF threats so seriously. Singapore is an important global financial hub. Our financial centre is home to many FIs including a number of international firms. Many of them serve the region including in global business lines or in regional corporate functions. Our reputation is one of being a clean, trusted and efficient financial centre supported by a talented workforce and strong rule of law. This reputation has been built over the years and must be protected diligently.

35.  With the rise in ML/TF risks globally, Singapore must be proactive in playing our part to combat these threats. To be effective, we need to forge a strong collective effort with every stakeholder doing its part. In this regard, a good regulator-industry partnership is one essential thrust of our AML/CFT strategy.

36.  On this note, I wish you a successful and fruitful conference.