The Monetary Authority of Singapore (MAS) regularly seeks to strengthen its regulations for anti-money laundering and countering the financing of terrorism (AML/CFT). In October 2021, MAS conducted a public consultation on a proposal to implement a platform enabling financial institutions (FIs) to share AML/CFT risk information with the objective of reducing the scope for illicit actors to exploit information gaps between FIs. The platform, to be named the Collaborative Sharing of ML/TF Information& Cases (COSMIC), will enable FIs to better identify illicit networks across multiple FIs that are difficult to discover when each FI is limited to analysing its own information.
MAS has designed COSMIC to balance two competing needs: preventing money laundering (ML), terrorism financing (TF) and proliferation financing (PF), and safeguarding the interests and privacy of, and minimising the inconveniences to, law-abiding persons. MAS will therefore only permit FIs to share on COSMIC information that addresses potential ML, TF or PF issues in key risk areas and only when red flags are present to suggest that financial crime may be occurring.
The key risks MAS seeks to detect and disrupt are:
MAS will disclose the red flags to participants in confidence to make circumvention by bad actors more difficult. Unauthorised disclosure of red flags will result in substantial criminal penalties. In broad terms, examples of red flags include fictitious company profiles, transactions with no clear economic purpose and unusual transaction patterns among seemingly unrelated companies that in fact have the same beneficial owners.
Under COSMIC, FIs can share risk information in three ways:
MAS intends a phased rollout for COSMIC. The initial phase, in which six major players in the commercial and small-medium enterprises banking segment will participate, will focus on misuse of legal persons, trade-based ML, and PF. In the later phase, COSMIC will be extended to other segments of the financial sector and its focus areas will be expanded as needed. Information sharing on the platform will be voluntary during the first phase, with disclosure of certain elements later becoming mandatory. The initial phase is expected to last two years, but MAS may adjust the period for on-boarding and operational reasons.
The legal basis for sharing customer information under COSMIC is set out in the Financial Services and Markets (Amendment) Bill, read for the first time on 20 March 2023. Those provisions will take precedence over the Personal Data Protection Act 2012, in particular the access and correction obligations, to avoid tipping off bad actors. FIs that exercise reasonable care and act in good faith will enjoy statutory protection against civil liability regarding their participation in COSMIC.
In March 2023, MAS responded to the feedback it received on the Consultation Paper during the public comment period.
Sharing Information – Scope, Timing and Format
Several respondents asked how to determine which other FIs to involve in the Request and Provide scenarios. MAS stated that it did not intend an FI to seek all other FIs a customer may be linked to, but instead to focus on FIs it knows or has reason to believe may be linked, such as an intermediary or beneficiary institution involved in a wire transfer for the customer.
Some respondents suggested the need for time frames for providing information while others sought flexibility to allow for investigation and analysis. MAS stated that it intends to assess data from the initial phase to develop standards in this regard.
With regard to whether FIs will be obligated to provide information in response to Requests, MAS noted that FIs will need to assess whether a Request is justified, to seek additional information from the requesting FI and, if appropriate, to decline to provide information, in which case it must communicate the reasons via COSMIC.
MAS agreed with one respondent’s suggestion that prospective customers that have not been onboarded due to serious ML/TF/PF concerns should be included in Alerts, in addition to terminated customers.
MAS also clarified that an FI should share information via COSMIC in respect of persons who seek to be customers, are customers or have been customers of the FI and that information will be shared via COSMIC on a template that MAS will provide.
Red Flags and Threshold Criteria
Several respondents sought clarity on the red flags and threshold criteria that would initiate the obligation to share information via COSMIC. As noted above, MAS said it would provide the red flags and threshold criteria separately under obligations of confidentiality so that bad actors would not circumvent them. FIs will be able to share them with group members to facilitate making and responding to requests for information.
Sharing COSMIC Information with Group Members and Third Parties
MAS agreed with the comments of several respondents that FIs should be able to share COSMIC watchlist information with their group members and COSMIC platform information generally with third parties like lawyers and consultants in connection with M&A transactions and when providing compliance advice. Disclosures would be subject to confidentiality obligations and, for disclosures outside Singapore, anonymisation and other requirements.
Statutory Protection for Onward Disclosures
Some respondents suggested that statutory protection from civilliability should be extended to group members and third parties in connection with onward disclosures of COSMIC information. MAS disagreed, on the basis that those disclosures are no different in nature than other intra-group disclosures.
Several respondents inquired about how risk information sharing via COSMIC affects existing STR filing obligations. MAS responded that COSMIC does not affect an FI’s obligations regarding STRs, but clarified that an FI should not rely solely on information received via COSMIC to determine if an STR should be filed. The receiving FI would need to conduct its own investigation and assessment, including based on its own checks on the customer. That said, MAS agreed that streamlining processes for STR reporting and COSMIC sharing deserves further study.
Reviews of Customer Relationships
Some respondents expressed concerns regarding MAS’s proposal to require FIs to conduct reviews of customer relationships before terminating them for suspicious behaviour, including providing customers an opportunity to explain their suspicious behaviour. MAS clarified that FIs should not disclose that information came from or would be provided to others via COSMIC, to avoid tipping them off. MAS also noted that some customers may not be contactable and FIs would only need to make reasonable efforts to contact customers before making a termination decision.
COSMIC represents a potentially significant expansion of the information available to FIs for AML/CFT. While only a limited number of FIs will be included in its initial phase of implementation, FIs not covered during such phase should familiarise themselves with the information sharing requirements via COSMIC and keep abreast with changes to AML/CFT risk information requirements, including those under the soon-to-be amended FSMA.
OrionW regularly advises clients on matters involving the regulation of financial services in Singapore. For more information about AML/CFT measures in Singapore, or if you have questions about this article, please contact us at email@example.com.
Disclaimer: This article is for general information only and does not constitute legal advice.