The Monetary Authority of Singapore (MAS) serves as Singapore’s central bank and financial regulator. MAS provides oversight for the country’s banks and financial institutions, setting anti-money laundering (AML) and counter-financing of terrorism (CFT) regulations, and enforcing compliance. In that supervisory role, MAS regularly issues guidance to help businesses implement its AML/CFT rules and in April 2022 it issued new guidance on Strengthening AML/CFT Name Screening Practices.
The 2022 guidance followed thematic inspections of AML/CFT name screening frameworks of selected Singaporean financial institutions in 2021. The inspections were conducted in order to ‘assess the robustness… of name screening frameworks and controls, relative to their risk profiles and business operations in Singapore’. Drawing on observations from the inspections, MAS’ 2022 guidance sets out expectations regarding financial institutions’ name screening processes, along with examples of good practices, and areas for improvement. According to MAS, financial institutions should ‘benchmark themselves against the practices and supervisory expectations… in a risk-based and proportionate manner’.
Given the need to comply with MAS’ rules and regulations, it is important that financial institutions in Singapore understand the regulator’s 2022 guidance and the name screening deficiencies that it revealed.
Senior Management Oversight
In its thematic inspections, MAS noted that senior management employees in Singapore tended to be well positioned within their companies’ AML/CFT infrastructure in order to access relevant name screening information, and tended to have established processes to track and address unresolved alerts. However, MAS noted a number of areas for improvement, including:
Inconsistent assessment: Certain financial institutions’ name screening policies and procedures were inadequate, resulting in inconsistent senior management assessment of AML/CFT alerts.
System reviews: Insufficient senior management understanding of name screening systems and a lack of regular system reviews were increasing the risk of inaccurate AML/CFT alerts.
Erroneous dismissal: Inadequate checks and balances in the senior management alert resolution process were increasing the risk of true positive AML/CFT alerts being dismissed erroneously. In particular, MAS’ guidance emphasised the need for ‘four eye checks’ (alerts verified by two people) and for risk-focused quality assurance (QA) to identify procedural weaknesses.
Accountability: A lack of records of senior management discussions of AML/CFT concerns were creating a lack of accountability for compliance issues and obscuring the basis for compliance decisions.
Frameworks, Policies and Procedures
The thematic inspections covered Singaporean firms’ name screening policies and procedures during onboarding, transaction processing, and periodic Know Your Customer (KYC) reviews. In practice, those policies and procedures entail the processes used to input customer names into AML/CFT frameworks, the way those names are tracked, and the criteria used to assess and dismiss those names.
MAS suggested that Singaporean financial institutions had deficiencies in their name screening policies and procedures, including:
Inadequate batch screening tools: MAS found that a ‘small number’ of Singapore’s financial institutions were not implementing adequate tools or systems to conduct batch screening of customer names against sanctions lists. In one case, a firm was conducting batch screening manually, which led to delays and human error, while another firm was using a batch screening tool that could not accommodate the full range of necessary names.
MAS pointed out that Singaporean firms should implement a suitable software screening tool to conduct name screening or put safeguards in place to mitigate human errors.
Former names: The KYC process sometimes requires firms to search for customers’ former names. In this context, MAS found that some financial institutions were not screening for former names, or had not formalised any requirements to screen for former names as part of their KYC process. MAS advises that financial institutions establish clear requirements to screen for former names as part of their AML/CFT solution.
Customer tracking: MAS found that financial institutions were failing to systematically identify and track customers that they were required to screen. Where customers were not tracked, financial institutions experienced delays and omissions in the AML/CFT process.
MAS recommended that financial institutions implement structured tracking processes in order to avoid lapses and delays in AML/CFT alert remediation.
Screening Parameters and Databases
MAS sets out supervisory expectations that financial institutions will implement suitable name screening software solutions and ensure that those solutions are capable of effectively generating name matches. With that in mind, financial institutions are expected to regularly review the parameters under which their name screening systems operate to ensure that they remain up to date with relevant information.
MAS’ thematic inspection revealed that Singapore’s financial institutions were broadly succeeding in implementing formalised frameworks to govern their name screening systems, and periodic reviews of those systems, in order to ensure ongoing accuracy. However, MAS also found the following deficiencies:
Over-reliance on vendors: MAS found that some financial institutions were overly reliant on vendors for setting their name screening system parameters, and for ensuring the adequacy and accuracy of information sources. Consequently, many name screening systems were ‘ineffective in identifying relevant name matches’ and were not receiving adequate information about customers’ specific business activities – and so were failing to identify AML/CFT risks.
Fuzzy logic matching: MAS found that some financial institutions were using name screening tools without fuzzy logic capabilities – and which could only identify customer names where there was a 100% match. By implementing fuzzy logic name screening, these firms would be able to account for partial matches, such as those caused by spelling discrepancies, and so capture potential AML/CFT risks more accurately.
Internal checks: Many financial institutions were found to be failing to conduct checks on the internal lists that held vital name screening information. By failing to regularly maintain and verify the accuracy of that information, financial institutions were degrading the accuracy of their name screening processes, and missing important AML/CFT alerts.
In response to the deficiencies revealed by the inspections, MAS emphasised the need for financial institutions to regularly review their system parameters to ensure their ongoing effectiveness, and to review the completeness of their screening databases to ensure they were updated with sufficient information to facilitate effective compliance decisions.
MAS expects financial institutions to address name screening alerts in a timely manner, and keep suitable records of the process. Similarly, financial institutions are expected to implement independent checks and balances to ensure the alert resolution process remains fit for purpose.
In conducting its thematic inspection, MAS identified the following areas of concern:
Adverse media: MAS’ inspections revealed that some financial institutions in Singapore were not effectively screening customer names against adverse media. In particular, MAS found that:
- Financial institutions were dismissing adverse media from regional or local news sources.
- Financial institutions were determining the relevance of adverse media based only on how recently the story was released.
MAS guidance emphasised the need for financial institutions to ‘consider all key factors’ when determining the relevancy of adverse media stories.
Documentation of screening results: MAS found that some financial institutions were failing to adequately document the results of name screenings and assessments. The deficiencies resulted in missing records and a lack of basis for dismissing AML/CFT alerts.
In order to address those deficiencies, MAS emphasised the need for financial institutions to establish clear documentation requirements for alerts derived from name screening.
Alert dismissal: MAS found that some financial institutions did not have adequate criteria for assessing and dismissing AML/CFT alerts – and were dismissing alerts without adequate basis. In particular, MAS found that:
- Financial institutions were dismissing alerts on a consolidated basis rather than addressing the specific concerns of individual alerts.
- Financial institutions were dismissing alerts for generic reasons rather than adequately justifying the reasons for the dismissal.
Accordingly, MAS recommended that financial institutions set out detailed guidance for the resolution of name screening alerts, and set out requirements for compliance employees to provide justification for alert dismissals.
Checks and balances: MAS’ inspection revealed that a number of financial institutions in Singapore lacked effective checks and balances to determine whether name screening alerts were being dismissed appropriately. MAS highlighted the need for financial institutions to implement checks and balances to ensure effective alert remediation, including regular QA checks to ensure the timely detection of errors.