Monetary Authority of Singapore (MAS) conducted thematic inspections on enterprise-wide risk assessment on money laundering and terrorism financing (EWRA) in 2020. The paper highlights inspection observations and MAS’ supervisory expectations of effective EWRA frameworks and processes that financial institutions should benchmark themselves against.
The need to do EWRA is not a new requirement. MAS Anti-money laundering/countering financing of terrorism (AML/CFT) notices and guidelines, requires financial institutions to conduct an enterprise-wide risk assessment to understand its vulnerabilities to money laundering/terrorism financing (ML/TF) risks and form a basis for the development of relevant AML/CFT processes and controls.
In general, the thematic inspections have highlighted the following inadequacies within financial institutions.
Inactive oversight of EWRA framework and controls by board and senior management
It has been noted that board and senior management are conducting this as a tick box exercise not understanding of the objectives and internal policies requirements. Therefore quality of assessment it sub-par and many errors and gaps have gone undetected. It is also noted that there is insufficient deliberation and input from senior management on the results and controls of implemented to address EWRA risks.
Lack of attention to design of EWRA
It has been noted that there has been lack of attention on design of EWRA rating methodologies to ensure that they are sound and prudent. And financial institutions, should review EWRA upon material trigger event and not just on a periodic basis.
Errors and omissions on computation of EWRA
Given that most of these assessments are conducted based on formulas and relies on heavy data input, it has been noted that financial institutions are having errors and incomplete assessments conducted. Some institutions are also replying too much on qualitative analysis with limited quantitative analysis.
Insufficient controls put in place
It has been noted that control testing results are not included in the assessment of EWRA to accurately reflect the effectiveness of controls in practice. Also regular testing of EWRA by second line of defense has not been conducted regularly to detect emerging risks.
Failure to follow up on areas of improvement
Financial institutions have failed to follow up on areas requiring improvement as identified in enterprise-wide risk assessment and this is mostly due to lack of oversight from senior management.
Lack of structured processes for gap analysis against guidance paper
MAS expect financial institutions to benchmark their practices against MAS and other relevant guidance papers to ensure gaps are identified and rectified accordingly. Many financial institutions have failed to bench their practices against guidelines and recommendations resulting in inadequate EWRA processes and undetected errors as a result.
Next steps for Financial Institutions
It is paramount for financial institutions to move away from a “tick box” exercise in completing their EWRA and seek to have a framework that is based on sound methodology. It is necessary for financial institutions to understand their AML/CFT risks pertaining to their organization and pay attention to the methodology implemented to design and carry out EWRA. It is also necessary to ensure periodic checks are done on enterprise-wide risk assessment and conducted as and when material triggers take place.
How can Argus Assist?
We, at Argus Global, are a team of consultants who specialize in Regulatory Compliance for FIs in Singapore that are regulated by MAS. We have worked with several FIs on their various compliance requirements and obligations and have assisted to remediate various gaps we have identified.
We assist to do the following:
- Prepare and implement a comprehensive EWRA policy and procedure including the methodology to conduct the EWRA
- Assist to complete EWRA based on information provided and provide recommendations on controls to be implemented
- Assist to review completed EWRA exercise and provide recommendations
- Assist to review or perform periodic EWRA exercise
Please reach out to us for an initial discussion at email@example.com.
Follow us on LinkedIn.
Our regulatory compliance experts can help you determine if your company is up to date with the latest regulations with compliance reviews, and we offer as well ongoing support for all your compliance needs.