RegWatch: Q2 2023


In this edition of the Synpulse RegWatch, we present the most recent updates on regulatory compliance in both Singapore and Hong Kong.

Join us as we explore these updates and provide recommendations to help you stay compliant.

ESG Option 1

Summary

Singapore: The Monetary Authority of Singapore (MAS) has published multiple articles on environmental, social, and governance (ESG) and convened the Green Finance Industry Taskforce, which recently launched a final public consultation on a green and transition taxonomy. The consultation defines the activities to be considered and establishes the criteria for determining whether an activity is classified as “green” or “transition”. The MAS also launched the Finance for Net Zero Action Plan, aiming to achieve four outcomes: (i) promote consistent, comparable, and reliable climate data and disclosures, (ii) deepen climate scenario analysis and stress testing to identify climate-related financial risks, (iii) development of credible regional sectoral decarbonisation pathways, and (iv) credible green and transition financing solutions and markets to support decarbonisation efforts.

Hong Kong: The industry saw the inaugural launch of a tokenised green bond offering. The Hong Kong Monetary Authority (HKMA) has published FAQ on climate-related financial risks, providing more clarity on the calculation of risk-weighted assets for (i) credit risks, (ii) operational risks, and (iii) market risks, as well as the (iv) liquidity coverage ratio. Additionally, the Green and Sustainable Finance Cross-Agency Steering Group (Steering Group) and CDP co-organised a seminar on sustainability reporting. The seminar focused on the Steering Group's Questionnaire as a tool for SMEs to effectively convey their sustainability initiatives to stakeholders. It also emphasised the role of financial institutions (FIs) in gathering climate data from clients and assisting them in their transition to low-carbon practices. Lastly, the HKMA issued guidelines on climate risk stress testing, covering stress testing scenarios, assessment requirements, and reporting standards.

Synpulse's recommendations

  • Participate in climate risk stress test exercise, as it enables valuable comparisons with industry peers. It is advisable to engage a trusted partner that offers reliable ESG insights, stress testing, and risk analysis services to help financial services convert environmental risks into credit risks.
  • Consider key risk metrics, assess data requirements, and perform scenario analysis stress tests and reporting to identify the gaps and meet HKMA’s standards.

Discover valuable insights from financial regulators across Singapore, Hong Kong, Malaysia, Thailand, Indonesia, Taiwan, and Australia in Synpulse’s eBook on APAC’s ESG regulatory landscape. This comprehensive resource addresses ESG disclosure and reporting, governance, risk assessment and management, green taxonomies, and carbon pricing.

Synpulse has recently published an eBook on the regulatory approaches of key territories in the Asia-Pacific (APAC) region towards ESG practices.

AML KYC Option 1

Summary

Singapore: The MAS has published a circular addressing the risks of money laundering and terrorism financing (ML/TF) in the wealth management sector. The circular highlights key measures for FIs, including (i) strengthening the Board and Senior Management (BSM) oversight and risk and control functions, (ii) conducting added review and quality assurance testing, and (iii) continuing to exercise vigilance over higher risk customers and transactions. Moreover, an upcoming digital platform will be established to facilitate information sharing among FIs, strengthening their ML/TF risks detection capabilities.

Hong Kong: The HKMA has issued a circular outlining the requirements for account opening and ongoing monitoring for private banking customers. FIs face three key challenges, namely (i) establishing the source of wealth and source of funds, (ii) ongoing monitoring, and (iii) adopting regtech in their AML efforts. To strengthen risk management, a set of “dos and don’ts” and good practices have been prepared. Additionally, the HKMA published updated guidance, focusing on general AML/CFT guidelines, transaction monitoring, screening, and suspicious transaction reporting. The HKMA also released the AML Regtech: Network Analytics report, promoting the adoption of network analytics capability to strengthen the response of AML systems to deception and other financial crimes.

Synpulse's recommendations

The MAS and the HKMA primarily addresses a few focus areas, which include:

  • Adoption of a risk-based approach (RBA) to due diligence requirements and monitoring.
  • Adoption of advanced technology for advanced monitoring and surveillance requirements.
  • Data sourcing, information sharing, and reporting of suspicious behaviour.

We recommend that banks and other relevant authorised institutions all take a few essential steps to ensure that they are functioning in accordance with the relevant regulatory guidance while enhancing the overall customer experience:

  • Review existing due diligence processes to be in line with the RBA and ensure that customers are not unnecessarily subjected to onerous process and documentation requirements.
  • Implement the right level of MIS reporting to ensure the BSM is adequately informed and aware of the current level of ML/TF risks within the bank, particularly in high growth areas and high-risk lines of business.
  • Review the current implementation of monitoring and surveillance technology to ensure that the solution for transaction monitoring (TM) and name screening (NS) are adequate for their intended purpose and align with the risk exposure of the institution.
  • Explore the adoption of advanced technology, such as artificial intelligence and machine learning, to enhance the effectiveness of current TM and NS operations. Also consider leveraging trusted third-party data sources to add context to risk.
  • Examine the implementation of network link analysis to combine intelligence-led analytics with rules-based monitoring systems. This integration can enhance the effectiveness and efficiency of existing AML/CFT programmes.

Regwatch Anti fraud

Summary

Hong Kong: The HKMA has published two papers on anti-fraud. The first circular provides detailed guidelines for payment card issuers in the handling of unauthorised payment card transactions and the resolution of related disputes with cardholders. While cardholders are expected to exercise reasonable care to protect their cards and information, banks must also consider the actual circumstances and limitations cardholders face. The second circular focuses on strengthening security controls for binding of payment cards to contactless mobile payment services, such as Apple Pay, Google Pay, and Samsung Pay. Examples of such authentication measures include (i) two-factor authentication, (ii) in-app confirmation, and (iii) call back.

Synpulse’s recommendations

For banks:

  • Implement detection systems to proactively identify and prevent fraud and scams occurring within a customer’s account.
  • Consider leveraging AI/ML capabilities to facilitate detection of scams, as traditional rules-based detection may not be sufficient.
  • Gather comprehensive transaction data, including if the card was present, location, payment velocity, and other relevant details.

For customers:

  • Review all communications sent by the bank, especially SMS.
  • Safeguard your personal details and authentication factors, such as PIN, and never share them with anyone including people you know and trust.
  • Ensure that you have not left your card unattended. If you have, monitor your account closely for the next month for suspicious transactions.
  • If your card is lost or you suspect fraudulent activity, contact your bank immediately to request a new card. Many times, fraudsters will charge small amounts to a card to ensure it still works before making a big purchase.

Regwatch Operational risks
  • SFC: Management of operational and remote booking risks of trading activities (Circular) (Report)

Summary

Hong Kong: The Securities and Futures Commission (SFC) has issued a circular to licensed corporations (LCs) to remind them of the importance of managing operational and remote booking risks. The areas identified for improvement includes (i) establishing a sound risk governance framework, (ii) implementing appropriate controls and monitoring practices, and (iii) ensuring proper management of loss allocation under transfer pricing arrangements. Expected standards and how LCs could act upon were also discussed in this publication.

Synpulse’s recommendations

  • LCs should conduct a thorough review and gap analysis of its existing risk governance and management framework. This includes the review of operational risks associated with trading activities, remote booking arrangements, and data risks.
  • Prioritise the timely identification of emerging risks, making it an important first step in identifying control deficiencies in existing control environments and implementing remediation actions to contain their impact on the business.

Culture and Conduct Option 1

Summary

Singapore: The MAS has published two consultation papers on proper conduct of prospecting to clients at public places, telemarketing, digital prospecting, and marketing activities. These publications are aimed at protecting consumers from unfair and misleading practices. The consultation period for these papers will conclude on 30 June 2023.

Synpulse’s recommendations

  • Retail banks engaging in extensive prospecting activities at public places and through telemarketing should conduct a thorough review of their existing “dos and don’ts” guidelines and ensure their existing controls remain relevant.
  • Private banks should review their rules of engagement with prospects and clients to ensure investment advice is presented clearly and fairly. Automating these processes for the front office should be considered to carry out business seamlessly.
  • Train front staff to ensure adherence to regulations.

Investment suitability and customer protection Option 1

Summary

Hong Kong: In addition to protecting investors, the HKMA places emphasis on enhancing customer experience in its supervision efforts. It seeks to streamline protection measures while providing guidance to banks. Recent reviews have identified certain practices within banks that unnecessarily lengthen the selling process. Examples of such practices include overly conservative thresholds and unnecessary suitability assessments.

Synpulse’s recommendations

Review investment suitability frameworks to ensure compliance with regulatory requirements, client protection, and optimisation. Key topics should include product profiling, client profiling, controls and disclosures, suitability assessment, and reviews. The investor protection measures and product due diligence can be streamlined to enhance the overall client experience.

Regwatch Data risk management

Summary

Hong Kong: The SFC has provided an overview of the industry landscape and current market practices, as well as detailed guidance to facilitate FIs’ ongoing refinement of data risk management processes. The topics covered include (i) data risk governance and (ii) data lifecycle controls and monitoring. According to the publication, FIs should clearly define roles and responsibilities for managing data risks, as well as have a robust process for identifying, assessing, mitigating, and monitoring such risks. It also emphasises the importance of appropriate controls to protect data against unauthorised access, use, disclosure, modification, or destruction. The HKMA has also released an updated version of its regtech adoption practice guide, with customer data and privacy as the spotlight topic. The guide aims to illustrate how regtech solutions can address privacy risks and support customer data protection, providing practical implementation guidelines and use cases as references for FIs.

Synpulse’s recommendations

  • Review existing frameworks, policies, and procedures to ensure alignment with the expectations of respective regulators regarding data risk management. It is recommended to establish a dedicated task force to oversee this process, with a clear definition of senior management’s responsibilities and accountability, and a well-defined escalation process for addressing any identified regulatory gaps in a timely manner.
  • Take remediation steps and design a pragmatic implementation roadmap to ensure progress in addressing the gaps. Key areas of focus should include, but not limited to, data privacy, data breach, data loss, record management, and data sovereignty.

Our experts in this topic