Your risk and compliance news roundup from the Asia-Pacific region
Welcome to the latest edition of Protiviti’s Asia-Pacific Risk and Compliance Insights. In this bimonthly newsletter, we provide a summary of important risk and compliance developments across the Asia-Pacific financial services sector.
Recent developments include the Hong Kong Monetary Authority’s feedback on its sanction screening system review; the Monetary Authority of Singapore’s draft publication on senior management accountability; Japan’s establishment of a study group on cryptocurrency exchanges; and Australia subjecting digital currency to its AML/CTF Act.
The Australian Prudential Regulation Authority (APRA) published a draft Prudential Standard CPS 234 Information Security on 7 March 2018. This is the first prudential standard addressing information security and proposes that financial institutions under APRA’s authority perform the following:
- Define information security roles and responsibilities of the board, senior management, governing bodies and individuals;
- Maintain information security capability relative to the size and extent of threats to the information assets of the entity;
- Implement controls to protect its information assets relative to the criticality and sensitivity of the information assets and undertake adequate testing and assurance surrounding the effectiveness of these controls; and
- Notify APRA of any material information security incidents.
A series of changes to the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) came into effect on 3 April 2018.
One of the most significant updates is to include digital currency exchange (DCE) providers operating in Australia in scope for the Regulation. These updates aim to help DCEs reduce risks of criminal activity, including money laundering, cybercrime and terrorism financing activities. The regulation required DCEs to register with AUSTRAC and comply with AML/CTF Act compliance and reporting requirements by 14 May 2018.
A key update to the AML/CTF Act released on 3 April 2018 was the cessation of the requirement for cash-in-transit and insurance service businesses (excluding car dealerships) operating in Australia.
Businesses providing cash-in-transit and/or other designated services impacted by the updates are urged to update enrolment details with AUSTRAC to reflect designated services accurately and avoid deactivation of enrolment where obligations are present.
The APRA has announced a plan to remove the 10 percent benchmark on investor loan growth introduced in 2014 to reduce higher risk lending. The move is in light of moderated lending growth and improved standards and oversight. The APRA may remove the 10 percent cap if the board of an Authorised Deposit-Taking Institution (ADI) can provide assurance by confirming the following:
- Lending has been below the 10 percent benchmark for the past six months or more;
- Lending policies meet the APRA’s guidance on serviceability; and
- Lending practices will be strengthened where necessary.
Where the above assurances are not met, ADIs will still be required to employ the benchmark.
Furthermore, ADIs are also expected to develop internal portfolio limits and policy limits on maximum debt-to-income levels for individual borrowers. These limits are intended to have ADIs decipher and include the total borrowings of an individual for assessment rather than assessing only for the specified loan.
The banking royal commission has identified a range of structural reforms required for the provision of financial advice. The key issues raised include:
- Increased operating independence between product and advice to reduce conflicts that exist in vertically integrated business models;
- Inherent conflicts that exist within commissions-based remuneration structures that may compromise acting in the best interest of customers; and
- Strengthening process and controls minimise the risk of “fees for no service”.
Additional consultation and upcoming changes in this area are expected.
Initial coin offering (ICO) issuer Black Cell Technology Limited (Black Cell) has halted its Hong Kong ICO and agreed to unwind ICO transactions for Hong Kong investors by returning to them the relevant tokens. This follows regulatory action taken by Hong Kong’s Securities and Futures Commission (SFC) over concerns that Black Cell had engaged in potential unauthorised promotional activities and unlicensed regulated activities.
In addressing the SFC’s regulatory concerns, Black Cell has also agreed not to devise, set up or market any scheme that constitutes a Collective Investment Scheme (CIS) unless it is in compliance with the relevant requirements under the Securities and Futures Ordinance (SFO).
The SFC issued a circular to draw the attention of licensed corporations to the Report on the Thematic Review of Licensed Corporations Engaged in Sponsor Business. The report summarises the key observations identified by the SFC in its inspection focused on how sponsor work is carried out. Some compliance failures were identified in the sponsor work done for initial public offering (IPO) transactions on the GEM Market of the Hong Kong stock exchange. The report also highlights some practices observed during the inspection which did meet the expected SFC standards. The SFC reminded licensed corporations to comply with the expected standards outlined in the report.
The Hong Kong Monetary Authority (HKMA) issued a circular which highlights the findings of the HKMA’s thematic review of authorised institutions’ sanctions screening systems.
The findings include examples of best practices as well as areas for improvement. The HKMA also recommends authorised institutions perform gap analyses and regular sanctions screening system testing. The HKMA will collect information from all authorised institutions in the third quarter of 2018 on individual action plans and is considering conducting future reviews.
The Bank of China Hong Kong (BOCHK) joins four other major banks now actively using a blockchain-powered trade finance platform. The new BOCHK branch will run 24 hours a day with video-banking services offering transactions and product applications.
In September 2017, the HKMA, the de facto central bank, set out seven core initiatives to bolster fintech in reaction to criticism that the city was lagging competitors in terms of embracing such technologies. Adoption of blockchain was one of these initiatives.
The HKMA tested its own trade finance platform last year as a proof-of-concept to reduce the risk of fraudulent activity and operational costs.
The HKMA announced the publication of the Knowledge Kit for Independent Non-Executive Directors (INEDs). The Knowledge Kit is part of the on-boarding programme launched by the HKMA for INEDs of locally incorporated authorised institutions.. It introduces essential banking and regulatory knowledge, helping INEDs to take up their roles and responsibilities more effectively throughout the on-boarding process.
The SFC’s investigation revealed that, between January 2011 and October 2016, CN Capital failed in its regulatory obligations in a number of areas.
Examples of noted shortcomings include the failure of staff members of CN Capital to disclose personal investment holdings in writing to CN Capital. Additionally, CN Capital’s responsible officers conducted a total of 3,188 personal trades without obtaining any written pre-clearance from the designated officer of CN Capital.
The SFC also noted that in 619 incidents, two responsible officers held their personal investments for less than 30 days without prior written approval from the company’s designated compliance officer. Two responsible officers conducted a total of 966 personal trades in the same stock, on the same day as the transactions conducted for the fund managed by CN Capital.
The SFC fined the institution and two of its responsible officers.
Considering the rapidly changing environment surrounding cryptocurrency, the Japan Financial Services Agency (JFSA) established the Study Group on Cryptocurrency Exchange Industry (free translation) in order to examine regulatory measures for various issues in the industry. Members of the group are comprised of academic experts, financial practitioners and industry sector representatives, among others, with industry associations such as cryptocurrency exchanges and related ministries and agencies as observers. The JFSA will serve as secretariat.
JFSA AML Developments
The JFSA has released a provisional English translation of its Guidelines for Anti-Money Laundering and Combating the Financing of Terrorism. The Guidelines, which were initially released in late 2017, clarify the required actions and expected actions to be implemented by each financial institution and how the FSA shall conduct monitoring going forward.
Recent media reports also indicate that the JFSA is considering a fact-finding survey on all regional banks and shinkin banks (credit unions) on their measures to prevent money laundering and illegal remittances, which would target all 365 such institutions in the country.
Japan’s stepped up anti-money laundering focus precedes an expected Financial Action Task Force Mutual Evaluation review which is expected to be conducted in 2019.
The Monetary Authority of Singapore (MAS) is working with key industry stakeholders to develop a guide to promote the responsible and ethical use of artificial intelligence (AI) and data analytics by financial institutions.
The guide will set out key principles and best practices for the use of AI and data analytics, helping financial institutions to strengthen internal governance and reduce risks of data misuse. The guide is targeted for completion by the end of 2018 and is expected to cover all segments of the financial sector.
The MAS has issued its response to feedback received on proposed amendments to Securities & Futures (Reporting of Derivative Contracts) Regulations.
The MAS had issued a consultation paper on 18 January 2016 inviting comments on the proposed amendments to implement reporting of commodity and equity derivatives contracts, as well as other revisions to complete the implementation of the OTC derivatives trade reporting regime in Singapore.
A detailed summary of the proposed changes can be found on the MAS website.
The MAS has issued an advisory to remind financial institutions to remain vigilant, following recent reports of cyber incidents overseas (Bangladesh, Russia) where attackers attempted fraudulent fund transfers using the SWIFT system.
The MAS’ advisory note reminds financial institutions to continue to strengthen measures to safeguard themselves by:
- Implementing a layered security approach to protect IT environments as well as appropriate measures to secure SWIFT payment terminals;
- Employing strong access controls to restrict the usage of administrator-level system accounts on SWIFT servers; and
- Performing payment reconciliation/monitoring of SWIFT messages to detect any fraudulent payments in a timely manner.
The MAS has proposed guidelines to strengthen individual accountability of senior managers and raise standards of conduct in financial institutions. The guidelines are a key part of the MAS’ broader efforts to foster a culture of ethical behaviour and responsible risk-taking in the financial industry across three key areas:
- Promote individual accountability of senior managers;
- Strengthen oversight of employees in material risk functions; and
- Embed standards of proper conduct among all employees.
It is important to note that this newsletter is provided for general information purposes only and is not intended to serve as legal analysis or advice. Companies should seek the advice of legal counsel or other appropriate advisers on specific questions and practices as they relate to their unique circumstances.
(Issue 9, 2018)