RegWatch: Q3 2023

Staying up to date with the ever-evolving regulations and navigating the complex regulatory landscape can be challenging. In this edition of the Synpulse RegWatch, we present the most recent updates on regulatory compliance in both Singapore and Hong Kong.

Join us as we explore these updates and provide recommendations to help you stay compliant.

• MAS: Consultation Paper on Proposed Code of Conduct for Environmental, Social and Governance (ESG) Rating and Data Product Providers
• HKMA: Prototype of a Green Classification Framework for Hong Kong (Circular) (Discussion paper) (Annex)
• HKMA: Enhanced Competency Framework on Green and Sustainable Finance
• SFC: The Future of Sustainable Finance and Implications for Businesses

Singapore: The key ESG consultation paper in Singapore revolves around the proposed Code of Conduct (CoC) for ESG rating and data product providers. This CoC closely adheres to the recommendations put forth by the International Organisation of Securities Commissions (IOSCO). This paper contains the precise definitions of ESG rating, ESG data providers, as well as the principles and best practises associated with them.

Hong Kong: The HKMA and SFC both issued a number of publications. The HKMA released "Prototype of a Green Classification Framework for Hong Kong," which tackled the local green classification framework and taxonomy. The Hong Kong regulator has also released the "Enhanced Competency Framework on Green and Sustainable Finance (GSF)." This framework outlines clear and standardised competency standards that are necessary for job roles related to GSF. Finally, in Ms Julia Leung’s (CEO of the SFC) speech, she spoke about the IOSCO’s support for the ISSB standards as the global standard framework for corporate sustainability disclosures.

As the topic of ESG continues to develop further in the region, we recommend that financial institutions (FIs) consider the following:

• Seek transparency behind ESG ratings and data products utilised and subject data methodologies to regular review as appropriate.
• Keep abreast of the developments in green taxonomy and work with ecosystem partners to better assess how green and sustainable their businesses are.
• Establish processes to evaluate the labelling of green and sustainable products and whether such products meet the relevant market standards.
• Enable key staff to attend trainings and examinations in the area of green and sustainable finance and provide them with the necessary support.
• Familiarise with ISSB’s sustainability disclosure standards.

• MAS: Strengthening Financial Institutions’(FIs) Countering the Financing of Terrorism (CFT) Controls
• MAS: Industry Perspectives on Best Practices – Management of Money Laundering, Terrorism Financing, and Sanctions Risks from Customer Relationships with a Nexus to Digital Assets
• SFC: Amendments to Anti-Money Laundering and Counter-Financing of Terrorism Guidelines (Circular) (Appendix)

Singapore: The MAS provided comprehensive guidance for FIs on enhancing their controls to combat money laundering and terrorism financing. This guideline focuses on several key aspects for improvement, which includes strengthening the screening process, leveraging data analytics, conducting regular reviews to improve internal controls, and ensuring time and quality Suspicious Transaction Reports (STR) submissions.

Furthermore, the MAS released best practices for managing money laundering, terrorism financing, and sanctions risks in the context of digital assets. This guidance includes the identification of "red flags" and recommended practises that FIs can adopt to identify, manage, and mitigate the associated risks related to money laundering, terrorism financing, and sanctions.

Hong Kong: The SFC has released amendments to the AML/CFT guidelines. These amendments include a revised statutory definition of a "politically exposed person" (PEP), the inclusion of a definition for a "former non-Hong Kong PEP," a revised statutory definition of the beneficial owner of a customer that is a trust, the incorporation of guidance to reflect that data or information provided by a recognised digital identification system.

Considering the emphasis that the MAS gives to addressing terrorism financing risks through both traditional and non-traditional means, FIs should take the following considerations into account:

• Revise the policies of the MAS to acknowledge and address the heightened terrorism financing risk associated with specific aspects of business transactions. Define clear procedures for identifying and managing customers with connections to these high-risk areas.
• Implement neural link analysis (NLA) as a central component of the detection, investigation, and analytics frameworks within the organization. NLA can help in identifying complex networks and relationships that may be indicative of terrorism financing activities.
• Invest in specialised technology solutions capable of ingesting and managing data from various external and internal sources. These solutions should also have entity resolution capabilities to provide detailed insights about customers and other connected entities. This technology aids in comprehensive risk assessment.
• Combine on-chain analytics (related to digital payment tokens) with traditional monitoring and surveillance processes, such as customer onboarding, ongoing due diligence, source of wealth (SOS) verification, and other monitoring activities. This integrated approach creates a holistic monitoring setup to effectively mitigate risks associated with digital payment tokens.
• Use NLA to supplement the filling of suspicious activity reports (SAR) with additional context and insights. This enriched information can enhance the usability and effectiveness of SARs, making them more valuable for investigative and regulatory purposes.

Additionally, in line with the SFC and HKMA recommendations, authorised institutions should consider the adoption of nationally recognised digital information sources for customer ID&V such as iAM SMART to begin with before integrating with other country sources such as Singpass, etc. while also amending policy and procedures to incorporate a more risk-based approach to dealing with high risk customers such as PEPs.

• HKMA/SFC: Streamlined Approach for Compliance with Suitability Obligations when Dealing with Sophisticated Professional Investors (Circular) (Annex 1) (Annex 2)

Hong Kong: The HKMA and SFC published a joint circular on the streamlined approach for compliance with suitability obligations when dealing with sophisticated professional investors. Under this streamlined approach, the FI is not required at a transaction level to match the sophisticated professional investor’s (SPI) risk tolerance level, investment objectives and investment horizon, or assess the SPI’s knowledge, experience and concentration risk. Explanation of product characteristics, nature and extent of risks could also be provided to the SPI upfront.

• Performing a gap analysis between existing practises and Streamlined Approach: Facilitate the prompt identification of necessary improvements for a smooth and efficient implementation of changes.
• Refine existing investment suitability frameworks: Enhancing current investment suitability frameworks involves establishing thorough controls to identify significant transactions in accordance with the Streamlining Threshold.
• Integrate market best practices: Select a suitable partner to ensure your organisation’s capacity to recognise and adopt the most effective market practises. This approach ensures adaptability to evolving conditions and sustained market competitiveness while adhering to regulatory mandates.
• Refer to the article for more details

• MAS: MAS Proposes Standards for Digital Money
• MAS: MAS Proposes Framework for Digital Asset Networks
• MAS: MAS Publishes Investor Protection Measures for Digital Payment Token Services
• SFC: SFC Concludes Consultation on Regulation of Virtual Asset Trading Platforms
• SFC: Circular on Transitional Arrangements of the New licensing Regime for Virtual Asset Trading Platforms (Circular) (Appendix)
• SFC: Circular on Implementation of New Licensing Regime for Virtual Asset Trading Platforms (Circular) (Handbook) (Guidelines)
• SFC: Hong Kong’s New Virtual Asset Licensing Regime

Singapore: The MAS published several publications on digital assets. Firstly, a whitepaper proposing a common protocol to specify conditions for the use of digital money such as central bank digital currencies (CBDCs), tokenised bank deposits, and stablecoins on a distributed ledger. Secondly, MAS published a report proposing a framework for designing open, interoperable networks for digital assets (i.e. tokenised real-economy and financial assets). Lastly, MAS announced new requirements for digital payment token (DPT) service providers to safekeep customer assets before the end of the year. This will mitigate the risk of loss or misuse of customers’ assets and facilitate the recovery of customers’ assets in the event of a DPT service provider’s insolvency. MAS will also restrict DPT service providers from facilitating lending and staking of DPT tokens by their retail customers.

Hong Kong: The SFC concluded its consultation on the regulation of virtual asset trading platforms. The SFC will implement several robust measures to protect these investors including ensuring suitability in the onboarding process, good governance, enhanced token due diligence, admission criteria, and disclosures. Additional guidelines were also issued on the transitional arrangements of the new licencing regime.

Given increasing regulatory scrutiny on digital assets, FIs should ensure compliance with the new regulations by establishing:

• Adapt suitability framework and corresponding operational model (e.g., investor profiling, DA product assessment, VASP suitability obligations) for customers looking to increase their exposure to digital assets.
• Leveraging blockchain analytics (including cross-chain analytics) to effectively identify ML/TF risks arising from digital assets for both prospects and existing clients and mitigate the risks by taking appropriate actions.
• Develop a fit-for-purpose control framework by enhancing existing controls while introducing new control points for safeguarding and monitoring digital assets transactions and custody.
• Perform comprehensive independent control assessment (design effectiveness and control effectiveness) to identify and evaluate areas of enhancements, and take follow-up measures.
• Build a regulatory inventory and conduct regulatory mapping across all products, services, and geographic exposures for digital assets.

• MAS: MAS-led Industry Consortium Releases Toolkit for Responsible Use of AI in the Financial Sector
• TWFSC: Draft of Principles and Policies for the Application of Artificial Intelligence (AI) in the Financial Industry Open for Public Consultation of External Opinions (In Mandarin)
• TWFSC: Regulations Governing the Outsourcing of Internal Operations and Procedures by Financial Institutions (In Mandarin)
• APRA: Cybersecurity Stocktake Exposes Gaps

Singapore: The MAS announced the release of an open-source toolkit (i.e., Veritas Toolkit version 2.0) to enable the responsible use of artificial intelligence (AI) in the financial industry. This will help FIs carry out the assessment methodologies for the fairness, ethics, accountability and transparency (FEAT) principles. The FEAT principles provide guidance to firms offering financial products and services on the responsible use of AI and data analytics.

Taiwan: The TWFSC published a consultation related to the principles and use of AI within the financial services industry. There are six core principles highlighted in the paper namely (i) Governance and accountability mechanisms, (ii) Fairness and people-centred values, (iii) Privacy and Customer rights, (iv) System robustness and security, (v) Transparency and explainability and (vi) Sustainable development. Additionally, the TWFSC published revised guidelines related to outsourcing. This includes managing outsourcing risk with a risk-based approach and simplifying existing outsourcing application processes.

Australia: The APRA released its initial findings from an independent tripartite cyber assessment. The regulator discovered several key control gaps, including incomplete identification and classification of critical and sensitive information assets, limited assessment of third-party information security capability, inadequate definition and execution of control testing programs, infrequent review and testing of incident response plans, limited internal audit review of information security controls, and inconsistent reporting of material incidents and control weaknesses to APRA in a timely manner.

• Review AI Principles: FIs in Taiwan should thoroughly review the six core principles highlighted in the TWFSC paper related to AI usage. Align your AI strategies and practises with these principles.
• Governance and Accountability: Emphasize the need for strong governance and accountability mechanisms within organizations. Establish clear lines of responsibility for AI-related decisions and outcomes.
• Privacy and Security: Stress the importance of robust data privacy and security measures when implementing AI. Develop strong data protection and cybersecurity protocols.
• Transparency and Explainability: Ensure that AI systems are transparent and explainable, as per regulatory requirements. Implement methods for explaining AI decisions to customers and regulators.
• Outsourcing Guidelines: Develop and implement a risk-based approach to outsourcing, ensuring that FIs are compliant with the new regulations.