Menu

Loading Results

Rethink risk, regulation and compliance to drive strategy

Key updates in the asset and wealth management industry

March 2021

While the economy is expected to pick up in 2021, the risk of financial stress remains during this protracted recovery period. Organisations are looking to cultivate a new trait: resilience. Risks that once seemed remote and improbable have also become the norm.

In this issue, we dive into the MAS’ efforts to promote and cultivate trust and ethics in the financial industry. We also look into recent enforcement actions imposed by MAS, as a learning point on how we can continue to be viewed as regulatory high performers by the regulators; and the latest terrorism financing national risk assessment report.

Download the full update

Environmental risk management

On 8 December 2020, the Monetary Authority of Singapore (“MAS”) published the finalised Guidelines on Environmental Risk Management (“Guidelines”) for asset managers, following consultation papers issued earlier in the year. The Guidelines apply to all holders of a capital markets services licence for fund management and real estate investment trust (“REIT”) management, as well as registered fund management companies.

It is crucial for asset managers to ensure the resilience of their customers’ assets against the impact of environmental risk. Asset managers can also play a key role in the transition towards an environmentally sustainable economy by channelling capital through their green investment activities and support international and national environmental policies.

  • Governance and strategy

  • Research, portfolio construction and portfolio risk management

  • Stewardship

  • Disclosures

With an 18 month transition period given to assess and implement the Guidelines, asset managers need to consider some fundamental questions on the adequacy of their environmental risk management process:

  1. Does your board and management committee have adequate oversight and accountability over your portfolio level environmental risks?
  2. Are there risk management processes in place for identifying and assessing the impact of environmental risks on your funds/mandates?
  3. Do you have the right data, processes and capabilities in place to measure your portfolio level exposures to environmental risks and to perform scenario analysis?
  4. Are you able to explain these risks and the steps you have taken in managing environmental risks to your stakeholders, including investors and regulators?

Technology risk management

Advances in technology mean that organisations are increasingly dependent on information to meet the needs of customers. However, the ways of securing and protecting this information have not kept pace or extended to information that third parties may have.

On 18 January 2021, the MAS released the revisions to the Technology Risk Management (TRM) guidelines for financial institutions (FIs). Cyber security assessment and cyber surveillance and security operations are two new sections that have been introduced. Five sections have undergone significant revisions and three new annexes have been added focusing on application security testing and device security (BYOD and mobile application security).

Technology risk governance and oversight

Technology risk governance and oversight which articulates the need for members of board and senior management to have necessary skills and understanding of technology risks, having distinct roles and responsibilities, with an emphasis on a sound and robust technology risk management framework through effective information asset management and third party services management.

IT project management and security-by-design

Establish standards and procedures for vendor evaluation and selection, monitor vendors’ controls, implement safeguards and put in place source code escrow agreement in the event that the vendor is unable to support the FIs. Establish a framework to manage its system development life cycle (SDLC) based on the security-by-design principles. Quality assurance performed by an independent quality assurance function to assess whether project activities and deliverables comply with the FI’s policies, procedures and standards.

Software development and management

Software development and management advocating the adoption of secure software development best practices in relation to Agile, DevSecOps, and APIs.

Access management

Access controls for users performing remote access connection to include strong authentication, such as multi-factor authentication. Remote access to information assets are only allowed for devices that are secured to FI’s security standards.

Operational infrastructure and security risks

Management of operational infrastructure security risks arising from emerging technologies such as Internet of Things (IoT) and virtualisation.

Taking a defence-in-depth approach

Defence-in-depth approach to strengthen cyber resilience which includes collecting, processing and analysing cyber-related information for its relevance and potential impact to the FI’s business and IT environment. Additionally, carrying out regular scenario-based cyber exercises, and performing an adversarial attack simulation exercise.

Individual accountability and conduct

The Guidelines on Individual Accountability and Conduct (“Guidelines on IAC”) was issued by the MAS on 10 September 2020.

The Guidelines on IAC focuses on measures FIs should implement in promoting individual accountability of senior managers, strengthening oversight over material risk personnel, and reinforce standards of proper conduct among all employees.

The Guidelines on IAC have left many FIs with a concern that they could drown in paperwork. But paperwork alone won’t ensure compliance. A strong governance structure is important to enable clear direction and oversight of culture and conduct across the FI.

The Guidelines on IAC will come into effect on 10 September 2021. MAS has in place existing legislation and guidelines that address accountability and conduct regimes. The Guidelines on IAC supplement the existing framework to strengthen the accountability of senior managers and promote ethical conduct at all levels of the organisation. MAS has said that it will adopt a consultative approach in assessing FIs’ compliance with the Guidelines on IAC in the initial phase of implementation.

MAS steps up enforcement actions against market abuse and financial misconduct

The Monetary Authority of Singapore (MAS) has taken several strong actions against FIs and individuals for market abuse, financial misconduct, and control breaches related to money laundering. The MAS issued an Enforcement Report in November 2020, covering the period January 2019 to June 2020 detailing various enforcement actions taken for breaches of MAS regulations and requirements.

2019/2020 enforcement outcomes

Actions taken on breaches of MAS-administered Acts, Regulations and Notices

  • 9 criminal convictions
  • 25 prohibition orders
  • 124 warnings
  • $11.7 million in civil penalties
  • 3 license revocations
  • 76 letter of advice
  • $3.4 million in financial penalties and compositions
  • 23 reprimands
  • 282 supervisory reminders

MAS’ enforcement priorities looking ahead include the following:

  • pursue serious and complex cases of disclosure breaches;
    deepen capability to proactively detect potential mis-selling of financial products;
  • continue to focus on FIs which lack rigorous systems and processes for combatting money laundering and countering terrorism financing;
  • update enforcement-related powers to better detect, investigate, and take action against misconduct; and
  • enhance focus on senior management accountability for breaches by their FIs or subordinates.

MAS issues the Terrorism Financing National Risk Assessment (2020)

The MAS issued the Terrorism Financing National Risk Assessment on 30 December 2020. This terrorism financing (“TF”) national risk assessment (“NRA”) is a product of Singapore’s ongoing review of TF risks, and updates the earlier Anti-Money Laundering, Countering the Financing of Terrorism (“AML/CFT”) NRA published in 2014.

A comprehensive whole-of-government approach to identify, monitor and mitigate TF risks has been developed and implemented. Given the global nature of terrorism and TF, Singapore will continue to maintain close working relationships with overseas law enforcement, intelligence, regulatory and supervisory counterparts, and contribute actively to regional and international forums.

Based on 2014 guidance published by the Financial Action Task Force (“FATF”), outcomes of the TF NRA were generated through:

  1. Examination of the overall threat
  2. Evaluation of TF risks of various sectors
  3. Examination of the overall threat

Not sure if you are on track with your implementation?

Our team of professionals can help you with:

  • evaluating new regulations on your business model
  • assessing your current and future regulatory risk profile and impact of new regulations
  • providing advice on regulatory relations and in meeting regulatory standards and expectations
  • developing and operationalising a risk-based compliance and ongoing monitoring framework
  • supporting you in dealing with regulatory enforcement actions and remediation exercises

Find out how PwC can support you

Want more resources on related topics?

Receive invites to our upcoming webinars and publications covering risk and regulatory matters in the asset and wealth management industry.

Register your interest

{{filterContent.facetedTitle}}

Follow us

Required fields are marked with an asterisk(*)

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Contact us

Paul Pak

Paul Pak

Asset and Wealth Management Leader, PwC Singapore

Tel: +65 9622 4233

Email
Hide