A new bill has been introduced to parliament in Singapore that could provide the legal basis for a new approach to data sharing between regulated financial institutions (FIs).
Under the Financial Services and Markets (Amendment) Bill, Singapore aims to break down the “information silos” that currently prevent FIs from sharing certain forms of customer data with each other.
At present, when a firm detects unusual activity in one of its own customer’s accounts, it is often unable to share that information with other FIs due to data protection regulations.
“Financial criminals exploit these ‘information silos’ by making illicit transactions through a web of accounts in different FIs and moving from one FI to another to avoid detection,” said the Monetary Authority of Singapore (MAS) in an explanatory brief circulated alongside the bill.
“Protecting our financial system from criminal abuse is crucial to maintaining the integrity and reputation of Singapore’s financial centre.”
To address this, the central bank has been working with six commercial banks since 2021 on a new platform that aims to transform Singapore’s ability to fight money laundering (ML) and terrorist financing (TF).
Known as COSMIC, the Collaborative Sharing of ML/TF Information & Cases will enable FIs to share data on customers that exhibit multiple red flags.
“COSMIC will enable FIs to conduct sharper analysis of customer behaviours and activities to detect potential illicit activities more promptly and warn each other of such activities,” said the central bank.
“By eliminating the information gaps between FIs, it will be easier to detect criminals.”
The six commercial banks that have been working with the MAS to develop COSMIC are DBS, UOB, SCB, Citibank, OCBC and HSBC.
Initially, according to the MAS, all data sharing using the COSMIC platform will be voluntary, but in subsequent phases the MAS intends to make certain aspects mandatory.
In the initial stage, the MAS said COSMIC will focus on three major financial crime risks in commercial banking: proliferation finance (PF); abuse of shell companies; and abuse of trade finance.
What’s in the bill?
The bill contains only the key provisions for the initial stage of COSMIC data sharing. In other words, the bill enables FIs to share customer data to mitigate ML, TF and PF risks, but no other types of financial crime at this stage.
“Information sharing will also only be permitted if the customer’s behaviour or transaction activities exhibit predetermined red flags that cross stipulated thresholds, suggesting that potential financial crime could be taking place,” said the MAS.
“For the vast majority of individuals and companies that are legitimate and do not exhibit risky behaviours, FIs will neither have a reason to share their customers’ information nor will they be permitted to.”
The MAS added that, when the COSMIC red flag criteria are met, sharing such data will supersede any other restrictions that may be in effect either by law or by contract.
Similarly, the bill provides protection from civil liability for firms that disclose customer data using COSMIC.
Such protection is provided as long as the decision to disclose the customer data was made in good faith, with “reasonable care” and in accordance with the red flag criteria.
FIs must also establish systems to safeguard information obtained from COSMIC. This includes ensuring that COSMIC can only be accessed by relevant staff on a “need-to-know” basis, and implementing safeguards against unauthorised use.
For the MAS, the bill will grant the central bank access to COSMIC for “supervisory purposes”.
This includes monitoring firms' use of the platform and integrating MAS’ overall surveillance framework to target higher risk activities for intervention and enforcement.
The Suspicious Transaction Reporting Office (STRO), part of the Singapore police's Financial Intelligence Unit (FIU), will also have direct access to COSMIC, and will be able to use it as an additional data source for its own analysis.
Regulators encouraging data sharing and data analytics
Earlier this month, VIXIO looked at several jurisdictions where firms are increasingly being encouraged to use data sharing and data analytics — both up to the point where current regulation permits, and potentially under new legislation.
As a result of their early launch and widespread uptake of instant payments, both the UK and Singapore have become hotspots for money mule activity whereby money laundering is achieved through a web of accounts ostensibly belonging to multiple customers.
Instant payments enables the proceeds of crime to be dispersed through this network across multiple banks in seconds, making it difficult to trace and put a stop to.
Both jurisdictions have encouraged firms to do more to improve their data analytics, and both intend to introduce new legislation to facilitate increased data sharing.
Similarly, Danish bank association Finans Denmark has called on the Danish government to introduce new legislation that would allow banks to share more data to combat fraud.