Staying up to date with the ever-evolving regulations and navigating the complex regulatory landscape can be challenging. In this edition of the Synpulse RegWatch, we present the most recent updates on regulatory compliance in both Singapore and Hong Kong.
Join us as we explore these updates and provide recommendations to help you stay compliant.
Singapore: The key ESG consultation paper in Singapore revolves around the proposed Code of Conduct (CoC) for ESG rating and data product providers. This CoC closely adheres to the recommendations put forth by the International Organisation of Securities Commissions (IOSCO). This paper contains the precise definitions of ESG rating, ESG data providers, as well as the principles and best practises associated with them.
Hong Kong: The HKMA and SFC both issued a number of publications. The HKMA released "Prototype of a Green Classification Framework for Hong Kong," which tackled the local green classification framework and taxonomy. The Hong Kong regulator has also released the "Enhanced Competency Framework on Green and Sustainable Finance (GSF)." This framework outlines clear and standardised competency standards that are necessary for job roles related to GSF. Finally, in Ms Julia Leung’s (CEO of the SFC) speech, she spoke about the IOSCO’s support for the ISSB standards as the global standard framework for corporate sustainability disclosures.
As the topic of ESG continues to develop further in the region, we recommend that financial institutions (FIs) consider the following:
Singapore: The MAS provided comprehensive guidance for FIs on enhancing their controls to combat money laundering and terrorism financing. This guideline focuses on several key aspects for improvement, which includes strengthening the screening process, leveraging data analytics, conducting regular reviews to improve internal controls, and ensuring time and quality Suspicious Transaction Reports (STR) submissions.
Furthermore, the MAS released best practices for managing money laundering, terrorism financing, and sanctions risks in the context of digital assets. This guidance includes the identification of "red flags" and recommended practises that FIs can adopt to identify, manage, and mitigate the associated risks related to money laundering, terrorism financing, and sanctions.
Hong Kong: The SFC has released amendments to the AML/CFT guidelines. These amendments include a revised statutory definition of a "politically exposed person" (PEP), the inclusion of a definition for a "former non-Hong Kong PEP," a revised statutory definition of the beneficial owner of a customer that is a trust, the incorporation of guidance to reflect that data or information provided by a recognised digital identification system.
Considering the emphasis that the MAS gives to addressing terrorism financing risks through both traditional and non-traditional means, FIs should take the following considerations into account:
Additionally, in line with the SFC and HKMA recommendations, authorised institutions should consider the adoption of nationally recognised digital information sources for customer ID&V such as iAM SMART to begin with before integrating with other country sources such as Singpass, etc. while also amending policy and procedures to incorporate a more risk-based approach to dealing with high risk customers such as PEPs.
Hong Kong: The HKMA and SFC published a joint circular on the streamlined approach for compliance with suitability obligations when dealing with sophisticated professional investors. Under this streamlined approach, the FI is not required at a transaction level to match the sophisticated professional investor’s (SPI) risk tolerance level, investment objectives and investment horizon, or assess the SPI’s knowledge, experience and concentration risk. Explanation of product characteristics, nature and extent of risks could also be provided to the SPI upfront.
Singapore: The MAS published several publications on digital assets. Firstly, a whitepaper proposing a common protocol to specify conditions for the use of digital money such as central bank digital currencies (CBDCs), tokenised bank deposits, and stablecoins on a distributed ledger. Secondly, MAS published a report proposing a framework for designing open, interoperable networks for digital assets (i.e. tokenised real-economy and financial assets). Lastly, MAS announced new requirements for digital payment token (DPT) service providers to safekeep customer assets before the end of the year. This will mitigate the risk of loss or misuse of customers’ assets and facilitate the recovery of customers’ assets in the event of a DPT service provider’s insolvency. MAS will also restrict DPT service providers from facilitating lending and staking of DPT tokens by their retail customers.
Hong Kong: The SFC concluded its consultation on the regulation of virtual asset trading platforms. The SFC will implement several robust measures to protect these investors including ensuring suitability in the onboarding process, good governance, enhanced token due diligence, admission criteria, and disclosures. Additional guidelines were also issued on the transitional arrangements of the new licencing regime.
Given increasing regulatory scrutiny on digital assets, FIs should ensure compliance with the new regulations by establishing:
Singapore: The MAS announced the release of an open-source toolkit (i.e., Veritas Toolkit version 2.0) to enable the responsible use of artificial intelligence (AI) in the financial industry. This will help FIs carry out the assessment methodologies for the fairness, ethics, accountability and transparency (FEAT) principles. The FEAT principles provide guidance to firms offering financial products and services on the responsible use of AI and data analytics.
Taiwan: The TWFSC published a consultation related to the principles and use of AI within the financial services industry. There are six core principles highlighted in the paper namely (i) Governance and accountability mechanisms, (ii) Fairness and people-centred values, (iii) Privacy and Customer rights, (iv) System robustness and security, (v) Transparency and explainability and (vi) Sustainable development. Additionally, the TWFSC published revised guidelines related to outsourcing. This includes managing outsourcing risk with a risk-based approach and simplifying existing outsourcing application processes.
Australia: The APRA released its initial findings from an independent tripartite cyber assessment. The regulator discovered several key control gaps, including incomplete identification and classification of critical and sensitive information assets, limited assessment of third-party information security capability, inadequate definition and execution of control testing programs, infrequent review and testing of incident response plans, limited internal audit review of information security controls, and inconsistent reporting of material incidents and control weaknesses to APRA in a timely manner.