The Monetary Authority of Singapore (MAS) has opened a new consultation on requirements for financial institutions (FI) using COSMIC, a platform designed to prevent money laundering and terrorist financing.
The consultation, which closes on December 15, follows the passage of the Financial Services and Markets (Amendments) Act 2023 (FSMA) in May.
Among its provisions, the act authorisea the central bank to create the COSMIC platform.
COSMIC, or the platform for Collaborative Sharing of ML/TF Information and Cases, is an electronic system for the disclosure, publication and sharing of risk information between FIs.
Its aim is to detect money laundering (ML), terrorist financing (TF) and proliferation financing (PF) risks among customers of one FI and communicate these risks to other FIs quickly and securely.
PF, as defined by the Financial Action Task Force (FATF), is the provision of funds or financial services for the production or distribution of nuclear, chemical or biological weapons.
The MAS is developing COSMIC in partnership with six FIs that are described as “major players” in commercial and SME banking, namely DBS, UOB, SCB, Citibank, HSBC and OCBC.
So far, only these six banks have been designated as “prescribed FIs” under the COSMIC framework, although more will be added in the future.
Proposed requirements
Under the amended FSMA, the central bank is authorised to impose further requirements that will govern FIs’ internal controls and standards towards the COSMIC platform.
In its latest consultation, the MAS has proposed that FIs must introduce an approved internal policy to facilitate the sending, receipt and storage of risk information through COSMIC.
For example, FIs must commit to conducting a risk assessment upon receipt of risk information through COSMIC where there are “positive hits” between the COSMIC screening list and their own customers or prospective customers.
FIs must also introduce internal safeguards that outline how the FI protects risk information that was received through COSMIC from unauthorised disclosure.
Internal safeguards should ensure that the FI has given “due regard” to relevant information that may be available through COSMIC prior to terminating or declining a customer.
Modes of information sharing
The legislation that authorises the creation of COSMIC also introduces three types of information sharing: “Request”; “Disclosure”; and “Listing”.
In its latest consultation, the MAS has proposed that FIs must have internal processes and policies for each type of sharing, and that senior management must approve these and conduct regular audits of them.
FIs must also submit to the MAS how they intend to document risk assessments taken and how they intend to store and retain records of these.
As proposed by the MAS, FIs should retain records of all data and documents related to all three types of information sharing for at least five years.
FIs must also screen prospective customers against the COSMIC screening list before opening accounts and on a periodic basis if an account is opened.
The MAS has clarified that the COSMIC screening list will be “of a different nature” to that of Singapore’s existing screening lists and those issued by foreign nations and the UN.
Background to COSMIC data sharing
In a previous consultation response, published in March, the MAS outlined what information FIs will be required to share via COSMIC.
In brief, the MAS said that FIs must share information on “relevant parties” that exhibit “multiple red flags”.
A relevant party is defined as any person who is, has been or seeks to be a customer of a prescribed FI, while a red flag has not been publicly defined by the MAS.
Instead, the MAS said it will issue red flag criteria to FIs in private, and they will be legally obliged to keep this information confidential, so as to “avoid circumvention” by bad actors.
The MAS added that FIs should not rely solely on information obtained from COSMIC when making anti-money laundering/counter-terrorism financing (AML/CTF) decisions, but should combine it with other sources when making risk assessments.
For example, it should therefore be combined with other tools, such as customer behaviour and transaction analysis, along with other sources of information, both public and non-public.
Ambitious plans for COSMIC
Singapore’s move towards the COSMIC system is seen as a collaborative approach to tackling ML/TF risks, in contrast to the previously siloed approach taken by FIs.
Due to laws against sharing customer data between FIs, money laundering activity that takes place across multiple FIs is both harder to detect and to prevent.
Initially, COSMIC will focus on “serious” financial crime that involves misuse of legal persons, trade-based ML and PF, but there are also wider applications of the technology.
In March, Vixio reported on a dramatic rise in scams in Singapore and a rise in associated money mule activity, where criminals use instant payments to launder stolen funds.
Collaborative, private-to-private data sharing is seen as a necessary shift in the way that FIs respond to fast-moving and technologically advanced forms of money laundering such as these.
Other jurisdictions are also introducing new legislation to enable further collaboration.
In October, for example, the UK passed the Economic Crime and Corporate Transparency Act, which also contains provisions designed to enable data sharing between FIs.