Regulators consult on anti-money laundering guidelines and issue guidance on cybersecurity, best execution, and senior management accountability.
This blog post summarizes key regulatory developments in Hong Kong and Singapore during September 2020, including: (i) the SFC’s consultation on enhancements to its Guideline on Anti-Money Laundering and Counter-Financing of Terrorism for SFC-licensed firms (AML Guideline); (ii) the SFC’s thematic review report setting out the key findings and guidance on cybersecurity issues and vulnerabilities associated with mobile trading applications; (iii) the MAS’ consultation response to its proposal on best execution requirements; and (iv) the MAS’ new accountability guidelines for senior management.
The SFC consults on enhancements to the AML Guideline
On 18 September 2020, the Securities and Futures Commission (SFC) published a consultation paper proposing a number of amendments to the AML Guideline.
The SFC proposes to clarify and consolidate certain anti-money laundering and counter-financing of terrorism (AML/CFT) requirements by incorporating into the AML Guideline relevant guidance from the Financial Action Task Force (FATF), including the FATF’s Guidance for a Risk-Based Approach for the Securities Sector, as well as the SFC’s previous circulars on AML/CFT standards and regulatory expectations. The consultation paper follows a wave of high-profile disciplinary actions taken by Hong Kong regulators for breaches of AML/CFT requirements in recent years.
The proposed changes to the AML Guideline include:
- Enhancing and providing further guidance to the securities industry on implementing AML/CFT measures in a risk-sensitive manner
- Providing additional measures to help mitigate risks associated with cross-border correspondent relationships
- Incorporating relevant guidance from the SFC’s previous circulars in several areas, such as institutional risk assessments and third-party deposits and payments
The consultation will close on 18 December 2020.
Licensed firms should review the SFC’s proposals set out in the consultation paper and consider whether, and the extent to which, they will need to make changes to their internal policies, procedures, and systems and controls if the SFC’s proposed changes are effected without further amendment.
For more details, see Latham’s blog post Hong Kong SFC Consults on Enhancements to Anti-Money Laundering Guideline.
The SFC publishes guidance on internet trading cybersecurity
On 23 September 2020, the SFC issued a circular and a report setting out its key findings and guidance on cybersecurity issues and vulnerabilities associated with mobile trading applications. The report follows the SFC’s thematic review of internet brokers that provide online trading services on desktop, mobile, or designated website platforms.
The report highlights areas of improvement and suggests implementing additional measures in relation to the following areas:
- Two-factor authentication for log-ins to clients’ internet trading accounts
- A monitoring and surveillance mechanism to detect unauthorized access to clients’ internet trading accounts
- Strong encryption algorithms for data transmission and storage
- Stringent controls to ensure session timeout after a period of inactivity
- A secure network infrastructure through proper network segmentation
- Security controls for remote connections to networks
- Security patches or “hotfixes”
- A cybersecurity risk management framework, setting out key responsibilities
- Security control requirements in relation to mobile trading applications
Licensed firms should consider the report’s findings and ensure that they are in compliance with the SFC’s cybersecurity requirements.
The MAS confirms regulatory approach for best execution and timeline for compliance
On 3 September 2020, the Monetary Authority of Singapore (MAS) issued a response to feedback about its proposal for holders of a capital markets service license, banks, merchant banks, and finance companies that conduct certain regulated activities (Capital Markets Intermediaries) to establish policies and procedures and/or execute customers’ orders on the best available terms (Best Execution).
The MAS reaffirmed that all customers’ orders (whether agent or principal, and regardless of venue) are to be covered under the Best Execution policies and procedures if the activities are regulated under the Securities and Futures Act, Chapter 289 of Singapore (SFA), with the exception of certain types of customers that are exempt.
In addition, the Best Execution requirements will apply to all capital markets products that fall within the definition of securities, units in a collective investment scheme, derivatives contracts, or spot foreign exchange contracts (SFEC), for the purposes of leveraged foreign exchange trading, with the exception of SFECs that do not fall within the SFA’s scope.
The MAS clarified that Capital Markets Intermediaries should, among other things:
- Establish and implement Best Execution policies and procedures that are approved by their board of directors
- Periodically review the MAS’ policies and procedures
- Comprehensively take into account factors such as the characteristics of the execution, settlement, and customer order, if appropriate, to achieve Best Execution
- Proactively disclose their Best Execution policies to their customers in a clear manner
The MAS has provided an 18-month transitional period (from 3 September 2020 to 3 March 2022) for licensed firms to formalize their policies and procedures, and implement applicable Best Execution requirements.
Financial institutions should review their existing execution order practices, including when third-party order-routing services are used, and ensure that appropriate updates are made well ahead of the effective date to ensure compliance with the new guidelines.
For more details, see Latham’s blog post Singapore: New Best Execution Requirements.
The MAS issues new accountability guidelines for senior management
On 10 September 2020, the MAS issued guidelines (Senior Management Guidelines) to strengthen the accountability of individuals who are employed by, or acting for or by arrangement with, financial institutions, and are principally responsible for the day-to-day management of key functions in financial institutions (Senior Managers) and to promote ethical behavior in financial institutions.
The Senior Management Guidelines aim to support financial institutions by setting out a framework and best practices for bolstering accountability and conduct standards. They are not meant to be exhaustive or prescriptive. To foster a strong culture of responsibility and ethical behavior in financial institutions, the MAS set out the following expectations:
- Senior Managers who are responsible for managing and conducting the financial institution’s core functions are clearly identified
- Senior Managers are fit and proper for their roles, and are held responsible for the actions of their employees and the conduct of the business under their purview
- The financial institution’s governance framework supports Senior Managers’ performance of their roles and responsibilities, with a clear and transparent management structure and reporting relationships
- Individuals who have the authority to make decisions or conduct activities that can significantly impact the financial institution’s safety and soundness (or cause harm to a significant segment of the financial institution’s customers or other stakeholders) are “fit and proper for their roles, and subject to effective risk governance, and appropriate incentive structures and standards of conduct”
- The financial institution has a framework that promotes and sustains the desired conduct amongst all employees
The Senior Management Guidelines will become effective on 10 September 2021.
Financial institutions should avoid adopting a check-box mentality in applying the Senior Management Guidelines. Instead, they should carefully review the Senior Management Guidelines and make adjustments based on the scale, nature, and complexity of their business. Financial institutions with fewer than 50 employees do not need to apply the Senior Management Guidelines, but should still achieve the areas above.
Financial institutions should use the Senior Management Guidelines to develop and entrench a strong culture of responsibility and ethical behavior within their organizations. The MAS will continue to engage financial institutions, their boards, senior management, and other employees on the adequacy and effectiveness of their culture and conduct practices through its ongoing supervision.
For more details, see Latham’s blog post Singapore: MAS Issues New Accountability Guidelines for Senior Management.