The Monetary Authority of Singapore ("MAS") has on 1 October 2021 published a consultation paper proposing the establishment of a digital platform for financial institutions ("FIs") to share risk information with each other for the purposes of preventing money laundering, terrorism financing, and proliferation financing ("ML/TF/PF").

1. Introduction

In the consultation paper, MAS noted that presently, FIs in Singapore do not warn each other about suspicious activities involving their customers. Thus, an FI would only have such information on a customer that it is able to collect or obtain on its own. This creates a gap that could be exploited by criminals who could try to avoid detection by opening accounts with different FIs and in the name of different entities and conducting transactions through them.

In order to prevent criminals from exploiting these information gaps, MAS is proposing to form a secure digital platform to be known as the Collaborative Sharing of ML/TF Information & Cases ("COSMIC") whereby FIs are able to alert each other though the platform about high risk customers or transactions. This will be done through the sharing of the following types of information (which we will herein collectively refer to as "risk information"):

  1. particulars of customers (such as their beneficial owners and authorised signatories);
  2. particulars of customers' transactions (such as the names of the parties and amounts involved); and
  3. particulars of customers' high-risk indicators (such as the FIs' analysis on such indicators).

The COSMIC platform will be established pursuant to a legislative framework. This legislative framework will be included as part of the new Financial Services and Markets Bill, which is expected to be introduced to Parliament later this year.

Our previous commentary on MAS's consultation on the proposed Financial Services and Markets Bill may be found here.

2. Phased Implementation of COSMIC

MAS intends to develop and deploy the COSMIC platform in phases, with the initial phase lasting for 2 years after its launch (slated for the first half of 2023). In this initial phase, the participants will be the following six banks: DBS, OCBC, UOB, Standard Chartered Bank, Citibank and HSBC. To allow these participants to familiarise themselves with the platform during the initial phase, MAS proposes that information sharing at the initial phase will be on a voluntary basis.

After the initial phase, the sharing of risk information via COSMIC will be made mandatory, and a wider segment of the financial sector will be required to participate.

3. Key Features of COSMIC

(A) Key risks targeted during initial phase

During the initial phase, information sharing will be focused on addressing the following categories of risks:

  1. misuse of legal persons;
  2. trade-based money laundering; and
  3. proliferation financing.

In subsequent phases, MAS will progressively extend the information sharing requirements to address other areas of risk.

(B) Red flags present in order to share customer information

To ensure customer confidentiality, information security and privacy, it is proposed that the legislative framework will stipulate that the use of the COSMIC platform for sharing of risk information must be strictly for the purpose of addressing ML/TF/PF risks and that the sharing must be proportionate.

An FI may only share risk information in cases where there exists multiple red flags, in respect of which the customer is unable to provide a legitimate explanation. This is to ensure that the platform is used only for cases of significant concern, and does not unnecessarily expose customer information.

Broadly speaking, in the consultation paper, MAS has proposed that the red flags would include the following:

  1. indications that a customer's profile is fictitious;
  2. indications that a customer is making financial transactions with no clear economic purpose;
  3. the customer being evasive, giving inconsistent replies or providing supporting documents which do not appear to be genuine; or
  4. indications that seemingly unrelated companies conducting business with each other are being controlled by the same beneficial owners, with unusual transaction patterns between them.

(C) Modes of information sharing

FIs will share information with each other in three ways:

  1. by responding to a request coming from another participating FI ("Request");
  2. by providing information to another participating FI ("Provide"); and
  3. by posting an alert onto a watchlist, which will be accessible to all FIs participating in the COSMIC platform ("Alert").

While sharing information via each of the three modes of Request, Provide, and Alert will be voluntary in the initial phase, thereafter, it will be mandatory for participating FIs to share risk information via Provide and Alert, as well as to respond to Request messages.

(D) Information security requirement

To safeguard information on the COSMIC platform, participating FIs will be required (from the initial stage onwards) to put in place information security measures to prevent unauthorised access, to limit staff access, and to maintain appropriate records and audit trails in respect of information received or provided.

(E) Statutory protection from the use of COSMIC

In order to protect participating FIs from civil liability, the legislative framework will confer protection for any disclosures via COSMIC, so long as the participating FIs have acted in good faith and have exercised reasonable care.

(F) Disclosure of COSMIC information to non-COSMIC participants

There will also be control over the usage of information outside of COSMIC. Broadly speaking, participating FIs will only be permitted to share information outside of the COSMIC platform environment in very limited circumstances, such as for the purpose of complying with court orders, or for the purpose of assisting in police investigations. For other exceptions, such as where participating FIs share information with their local and overseas affiliates, or with advisers and service providers for ML/TF/PF risk management purposes, other conditions would have to be observed.

4. Access and Use of COSMIC by the Government

Within the government, only authorised officers from MAS and the Suspicious Transaction Reporting Office ("STRO") of the Commercial Affairs Department of the Singapore Police Force will be able to directly access and use information from COSMIC. MAS will monitor if FIs use the COSMIC platform correctly, calibrate the COSMIC platform to improve its effectiveness, and use COSMIC information to supervise the financial system. The STRO will use COSMIC information to augment their current role of analysing information on ML, TF and other serious crimes.

5. Conducting Reviews of Customer Relationships

MAS has also reiterated that it expects an FI to perform an AML/CFT assessment of customers that are flagged through COSMIC, just as how FIs are already expected to do so if they obtain risk information about a customer through other means.

In performing such an assessment, the FI should not only use information derived from COSMIC, but also consider other sources of information such as information obtained from its own investigations, its review of the customer's transaction history and transaction patterns, public information sources, and intelligence provided by government authorities.

In addition, the MAS noted that currently, the practice of many FIs is to allow the customer the opportunity to provide an explanation of the red-flagged activity. MAS emphasized that this practice should continue, and that it would be formalizing this through amendments to the current AML/CFT Notices.

6. Impact Assessment

This proposal by the MAS is a development that many FIs are likely to welcome. A regime for sharing of information amongst FIs will go a long way to addressing the current problem of asymmetry of due diligence information and will be a good step forward to mitigate ML/TF/PF risks.

The COSMIC platform may also have the added benefit of allowing FIs to adopt best practices from each other, which will then serve to improve AML/CFT compliance programmes across the industry.

7. Closing Date of Consultation

The consultation closes on 1 November 2021 and a copy of the consultation paper may be obtained here.

The Client Update is prepared by Jeremy Koo (Associate).

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.