Your risk and compliance news roundup from the Asia-Pacific region
Welcome to the latest edition of Protiviti’s Asia-Pacific Risk and Compliance Insights. In this bimonthly newsletter, we provide a summary of some of the important risk and compliance developments across the Asia-Pacific financial services sector.
Recent developments include Hong Kong’s passing of amendments to its Anti-Money Laundering Ordinance; Singapore’s passing of a new Cybersecurity Act; Japan’s publication of regulatory Anti-Money Laundering guidelines; and Australia’s changes to Anti-Money Laundering/Counter Terrorism Funding Rules.
ASIC licenses first crowd-sourced funding intermediaries:
The Australia Securities and Investments Commission (ASIC) has begun a new crowd-sourced funding (CSF) regime, issuing Australian Financial Services (AFS) licenses to seven companies, which will allow them to act as intermediaries in providing CSF services. This will enable eligible public companies to raise capital by making ordinary share offers using the online platform of these intermediaries.
The CSF regime is designed to provide small- and medium-size enterprises and start-ups with alternative ways to access capital, which will lessen the regulatory burden when seeking to raise funds from the public.
Changes to AML/CTF Funding rules:
The Australian Federal Government has introduced amendments to existing AML/CTF rules, which came into effect on 12 January 2018. The main changes include:
- Providing greater flexibility in the know your customer (KYC) process, such as permitting the recognition of foreign certified documents and expanding the number of allowed unique identifiers.
- Expanding the risk assessment obligations to include risks arising from new designated services, delivery methods, technology, business relationships and/or customer controls.
- Removing requirements to assess the cross-jurisdictional equivalency of disclosure requirements relating to beneficial ownership identification. This would allow greater flexibility for reporting entities when on-boarding new customers.
ASIC to explore additional reporting requirements for vertically integrated institutions:
An ASIC review of financial advice provided by five vertically integrated institutions found that although 79 percent of financial products on the firms’ approved product lists were external products, 68 percent of clients’ funds were invested in in-house products. Additionally, 75 percent of advice files reviewed did not satisfy best interest requirements. ASIC states that it is exploring options, including requiring more transparent reporting, to help alleviate the underlying conflicts of interest that may arise in these vertically-integrated firms.
Mortgages and credit cards the first focus of Banking Royal Commission:
The first area of focus for the Banking Royal Commission, created by the Australian Federal Government, is the assessment of mortgages, credit cards and car loans. This initial focus on consumer lending products, and particularly home loans, comes after the billions of dollars of debt was collected by Australian banks over recent years.
The Banking Royal Commission will subsequently move onto investigating any misconduct from the big banks in relation to financial advice, insurance, business loans and superannuation funds.
Australian Parliament establishes the Australian Financial Complaints Authority:
A bill has been passed by the Australian Parliament to establish the Australian Financial Complaints Authority (AFCA). The new authority will provide consumers and small businesses with a free and independent forum to voice any complaints about financial services and superannuation services. The AFCA will start accepting complaints no later than 1 November 2018 and will be subject to oversight by ASIC.
The AFCA will replace the Financial Ombudsman Service (FOS) and the Credit and Investments Ombudsman (CIO). The Superannuation Complaints Tribunal (SCT) will have separate arrangements in place to continue its operations.
JFIC provides feedback on AML/CTF STR review:
Hong Kong’s Joint Financial Intelligence Unit (JFIU) has published its quarterly analysis on the quality of suspicious transaction reports (STRs).
The JFIU has reviewed STRs filed in previous years and identified criteria that may assist authorised entities in filing higher quality STRs (examples include enhancing content of STRs and clarity of STR content).
The Hong Kong Securities and Futures Commission (SFC) has published a circular that encourages its licensed corporations and authorised entities to refer to the reporting methods and STR quarterly analysis available on the JFIU website to enhance the quality and content of future STR submissions.
Compliance Failures in the Distribution of Fixed-income and Structured Products:
An SFC circular highlights recent compliance failures in the distribution of complex bonds and structure products by licensed corporations. The SFC reiterated its expectations of the board and other senior management of all licensed corporations (including the managers-in-charge of core functions) to: maintain adequate oversight of the firm’s business activities; provide adequate staff training; and to put in place appropriate systems and controls to ensure full compliance with the relevant regulatory requirements. The SFC stated that it will continue to carefully monitor the selling practices of licensed entities.
Anti-Money Laundering & Counter-Terrorist Financing (Financial Institutions) (Amendment) Ordinance 2018:
The Hong Kong Monetary Authority (HKMA) has informed licensed institutions that Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) (Financial Institutions) (Amendment) Ordinance 2018 has been published in the Hong Kong Gazette and came into force on 1 March 2018. The amended Anti-Money Laundering Ordinance (AMLO) extends the statutory customer due diligence and record-keeping requirements to solicitors, accountants, real estate agents and trust or company service providers when they engage in specified transactions. Additionally, the Ordinance introduces a licensing regime for trust or company service providers and amends the regulatory requirement of the other sectors. The HKMA reminded authorised institutions to review the AMLO changes and ensure full compliance with the regulatory requirements.
To assist licensed institutions the HKMA published updated AML guidelines including mark-up (details can be found here). The SFC has done something similar of SFC licensed entities (details can be found here).
HKMA publishes its 2017 year-end review and 2018 priorities:
In early February, the HKMA published its Hong Kong banking sector review focusing on the 2017 year-end review and outlining priorities for 2018.
For 2018, the HKMA identified the following focus areas: cybersecurity risks, risks resulting from fintech and technology innovation, conduct and culture, as well as AML/CTF prevention.
Monitoring on Cryptocurrency Exchanges:
Following a report of a hack from Coincheck, a major cryptocurrency exchange, with a loss of 58 billion yen of the NEM cryptocurrency, Japan’s Financial Services Agency (JFSA) posted a new rule requiring registered and pre-registered (under-review) cryptocurrency exchanges to conduct self-checks on their system risk management frameworks and to report the inspection results to the JFSA promptly.
JFSA establishes an AML/CFT Planning Office:
The JFSA has established the Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Planning Office within its organisational structure to facilitate an effective implementation and supervision of national AML/CTF measures. This office will plan and coordinate country-wide tasks and measures in preparation for the forthcoming Financial Action Task Force (FATF) assessment, and plan supervisory monitoring on the AML/CTF measures and activities taken by financial institutions that have developed overseas businesses and operations.
JFSA publishes AML/CTF guideline:
The JFSA has published a draft AML/CFT guideline that sets out comprehensive standards for monitoring (inspection and supervision) of AML/CFT measures taken by financial institutions.
In addition to complying with the AML/CFT-related rules stipulated in the Act on Prevention of Transfer of Criminal Proceeds and the Foreign Exchange and Foreign Trade Act, financial institutions are required to develop and maintain a money laundering and terrorist financing risk management system based on a risk-based approach, as recommended by FATF.
The new JFSA guideline classifies a risk management system into processes of risk identification, evaluation, and mitigation. For each process, the JFSA provides specific measures it expects to be addressed as well as additional recommended measures. The JFSA will closely monitor the implementation of the outlined expectations and assess their effectiveness.
The MAS puts more scrutiny on bank’s property lending risk management practices:
A number of aggressive property transactions by developers in Singapore throughout 2017 has prompted the Monetary Authority of Singapore (MAS) to take a closer look at the way financial institutions are helping to finance development projects.
The MAS is collecting more data from banks through a new survey sent out in December 2017. Some of the information sought by the MAS included the size of banks' exposures and details of the loan facilities granted for each project, such as the key covenants and loan-to-value (LTV) ratios. Recent developments in the property market has been also outlined as a potential stability risk in the MAS Financial Stability Report published in November 2017.
Proposed changes to AML/CFT requirements imposed on money-changing and remittance businesses:
The MAS currently imposes AML/CTF measures on money-changing and remittance business licensees through MAS Notice 3001. This was first introduced in November 2015 and specifically focuses on the remittance and money changer sector.
In order to enhance risk mitigation in the money-changing and remittance sector, the MAS proposed to issue a new notice to clarify certain requirements between money changers and remittance businesses. The impact of advances in technology across these two sectors has made the interpretation of existing rules more challenging. The MAS intends for the proposed changes to: clarify requirements for the issuance of bearer instruments and restrictions of cash pay-outs; to amend MAS Notice 3001 to facilitate the conduct of non-face-to-face business; and to better mitigate the risks of foreign currency transactions.
Singapore Parliament passes landmark Cybersecurity Act:
Under the new Cybersecurity Act, owners of critical information infrastructure in 11 key sectors (including the banking sector) that provide essential services must report cybersecurity incidents and provide information to the Commissioner of Cybersecurity.
In situations of a suspected cyberattack, the new law will take precedence over banking and privacy rules that forbid the sharing of confidential information.
MAS encourages technology use for more efficient customer on-boarding:
The MAS has issued new guidance to financial institutions on the use of innovative technology solutions to facilitate safe, non-face-to-face, customer on-boarding. These measures could include biometric identification, real-time video conferencing, and secure digital signature using Public Key Infrastructure (PKI)-based credentials. The new guidance allows banks to use the “MyInfo” solution, whereby the bank will be able to access personal data that had been earlier submitted to and verified by the Singapore government (subject to customer consent).
(Issue 8, 2018)