Legal Update: Strengthening AML/CFT Name Screening Practices
In this legal update, we examine the information paper issued by the Monetary Authority of Singapore (“MAS”) on 28 April 2022 regarding the strengthening of Anti-Money Launder/Combating the Financing of Terrorism (“AML/CFT”) Name Screening Practices for Financial Institutions (“FIs”).
What is Name Screening?
Name screening is a fundamental control in the AML/CFT frameworks of financial institutions. FIs screen the names of potential and existing customers, and their relevant parties1, to identify associations with sanctions, politically exposed persons (“PEP”), and other adverse news. This identification enables FIs to assess potential money laundering, terrorism financing and proliferation financing (“ML/TF/PF”) risks posed by these parties, and take steps to manage and mitigate these risks.
FIs typically perform name screening during customer onboarding, periodic Know-Your-Customer (KYC) reviews, ongoing batch screening2, and transactions processing.
MAS Overall Observations
In the information paper, MAS sets out the observations and good practices, as well as its supervisory expectations. FIs should benchmark themselves against the practices and supervisory expectations set out in the paper in a risk based and proportionate manner.
MAS observed that FIs generally had adequate management oversight and formalised policies and procedures (“P&P”) on the use of systems and resolution of alerts, to facilitate consistent implementation. However, the robustness of name screening practices was uneven across FIs.
Senior management of some FIs did not exercise adequate oversight, leading to deficiencies in P&P and poor checks and balances over alert resolution. These resulted in lapses in the execution of name screening controls and, in some cases, potential regulatory breaches.
MAS also observed that several FIs placed undue reliance on system vendors to set the parameters in their name screening systems, without adequately understanding how the settings impact the accuracy and effectiveness of the screening results.
Notwithstanding the outsourcing of services to the service providers, it is pertinent to note that the board and senior management are still ultimately responsible for maintaining effective oversight and governance of outsourcing arrangements, managing outsourcing risks and implementing an adequate outsourcing risk management framework.
- there is a risk that the FIs’ screening systems may not have been appropriately calibrated to cater to the risk profile of their business activities;
- FIs should adequately assess and test that the screening parameters are effective for generating name matches; and
- FIs should draw their system vendors’ attention to this paper, for them to gain a better understanding of MAS’ expectations of FIs, and work with FIs to achieve them.
MAS’s Expectations of FIs
MAS looks to an FI’s Board and Senior Management (“BSM”) to exercise oversight of the governance and implementation of effective name screening processes, as part of the FI’s overall AML/CFT frameworks and controls. BSM should set an appropriate tone-from-the-top on the importance of these controls, and ensure that:
- adequate frameworks and P&P on name screening controls are established.
- relevant staff have a good understanding of the strengths and limitations of the FI’s name screening systems (and their corresponding parameters) and have processes to assess if the systems are performing as intended.
- effective checks and balances, such as maker-checker controls and quality assurance (“QA”) processes, are implemented for alert resolution.
We set out below some of the key expectations MAS has for the FIs.
Senior Management Oversight
- Senior management are to exercise active oversight of FIs’ name screening frameworks, policies, processes and compliance;
- Senior management or management committees responsible for overseeing ML/TF/PF risks are to have access to relevant information to monitor and deliberate follow-up actions;
- FIs to put in place established processes to track the ageing of unresolved name screening alerts, including details such as days outstanding, functions responsible and weekly trends;
Frameworks, Policies and Procedures
- FIs to establish adequate frameworks, P&P on name screening for customer onboarding, periodic KYC reviews, ongoing batch screening and transaction processing;
- There should be wider scope of identified parties for screening beyond baseline regulatory requirements;
- FIs should conduct regular batch screening of customers and relevant parties to identify new ML/TF/PF information in a timely manner;
- FIs should implement structured processes to track parties for screening to prevent/detect omissions and delays;
Screening parameters and databases
- FIs in implementing name screening systems should adequately assess and test that the screening parameters applied are effective for generating name matches;
- FIs should perform regular reviews of their screening parameters to assess whether they are effective in highlighting ML/TF/PF risks;
- FIs should establish controls to regularly review the completeness of their screening databases;
- FIs should incorporate fuzzy logic matching capabilities to perform more effective name screening;
- FIs should perform robust and timely assessment of name screening alerts, and maintain adequate documentation of the assessment;
- FIs should establish clear P&P for the resolution of alerts, and include detailed guidance and examples on criteria to assess, types of identifiers to consider and documentation requirements, such as justification for dismissing screening alerts;
- FIs should not exclude (i) adverse news from regional and local news sources, or (ii) past adverse news; and
- FIs should not dismiss (i) group of alerts on consolidated basis without addressing the specific unique information in each individual alert, or (ii) alerts with generic explanations that were inadequate to justify the conclusions.
We further set out below some negative observations made by MAS, which FIs should not practise, and our recommendations on how to prevent such problems from arising.
How to prevent?
FIs should take MAS’s expectations into account and take name screening in AML/CFT seriously. Adequate name screening processes will be required to ensure compliance with the requirements under the relevant notices and guidelines. MAS would not hesitate to take enforcement actions against FIs who have failed to comply with their AML/CFT requirements, as they had done in previous cases.
Please feel free to contact us if you would like to know more about how your organisation and you can manage your ML/TF/PF risks and comply with your AML/CFT obligations.
Please click on the attachment for more details.
For further information contact:
Partner & Head, Corporate and Financial Services
+65 6361 9845
+65 6361 9363
Tan Tien Wei
+65 6361 9863
+65 6361 9367