Get the most well liked Fintech Singapore Information as soon as a month in your Inbox
“A compliance coverage is just as robust because the infrastructure that delivers it”
That’s how Baran Ozkan, Co-Founder and CEO of Flagright, summed up the most recent anti-money laundering (AML) storm that hit Singapore.
9 monetary establishments, together with UOB, Credit score Suisse, and UBS, had been collectively fined SGD $27.45 million by the Financial Authority of Singapore (MAS) for severe lapses in AML and counter-terrorism financing controls.
It’s a hefty determine, however the true price is perhaps what it reveals about how banks are nonetheless struggling to maintain up with the velocity and class of economic crime.
The penalties adopted MAS opinions linked to a sprawling SGD $3 billion cash laundering case involving pretend paperwork, a number of passports, and a fancy net of shell corporations. The funds had been funnelled by at the least 16 monetary establishments, elevating severe questions on how the system didn’t cease them.
MAS didn’t discover a lack of insurance policies.
What it discovered was one thing arguably worse. Insurance policies that existed, however weren’t correctly adopted. Threat assessments had been flawed. Supply of Wealth (SOW) checks had been inconsistent. Suspicious transactions weren’t investigated in time, even after inside techniques flagged them.
The Guidelines Exist, however Why Does It Nonetheless Fail?
Baran sees this not simply as a course of downside, however a structural one.
He talked about that a lot of the establishments caught on this spherical of enforcement function inside extraordinarily complicated environments, with decades-old techniques stitched collectively over time.
Baran Ozkan
“Their core techniques nonetheless sit on-prem, with restricted connectivity between operational knowledge sources. Threat indicators find yourself siloed throughout merchandise, groups, and geographies.”
It’s not that banks aren’t severe about monetary crime. In accordance with Baran, the intention is there, however execution is being held again by know-how and design.
“Most establishments and management groups I work with take monetary crime danger severely. The hole lies between technique and execution.”
A Recognized Weak point That Hasn’t Improved
One of the hanging failures MAS flagged was round Supply of Wealth (SOW) verification. All 9 establishments penalised got here up quick, even when coping with high-risk shoppers.
“SOW is hard,” Baran mentioned.
Roughly 80% of it lives in land registries, non-public fairness waterfall paperwork, and multilingual court docket filings, in accordance with the CEO of Flagright, usually scanned as PDFs.
“Rule engines constructed to ingest neat CSV recordsdata can’t learn it,” he continued.
In mature monetary hubs like Singapore, the issue can also be cultural. Banks are likely to deal with SOW checks as a one-time onboarding step. As soon as the account is open, they don’t revisit the wealth narrative, even when the consumer’s behaviour adjustments drastically.
Ideally, SOW knowledge would feed into the identical techniques that monitor transactions and danger indicators. If a consumer claiming generational wealth instantly begins transferring cash to a luxurious items dealer in a high-risk jurisdiction, that ought to set off a reassessment.
However in most establishments, these connections don’t exist. The info sits in silos. Threat groups find yourself reacting to particular person alerts as an alternative of recognizing the bigger story.
Credit score Suisse’s Penalty Reveals a Sample
A part of Credit score Suisse’s advantageous was tied to older compliance breaches involving U.S. accounts. Whereas in a roundabout way associated to the present scandal, MAS factored them in.
That call factors to one thing deeper. From what I can see, extra of a historic danger patterns that go unnoticed as a result of totally different elements of the organisation function in isolation.
Baran Ozkan highlighted that almost all large international banks nonetheless run region-specific techniques, insurance policies, and knowledge warehouses.
“That siloed structure might fulfill native rules, nevertheless it buries danger indicators in separate contexts,” he identified.
MAS additionally flagged that some establishments didn’t act even after submitting Suspicious Transaction Studies (STRs). From Baran’s perspective, that’s a severe concern, and a standard one.
An STR, quoting Baran, is “meant to be the fire-alarm that units a full response in movement, not the ultimate tick on a guidelines.”
In lots of banks, STRs are filed by one workforce, whereas investigation and follow-up sit some other place solely. With out a clear, linked workflow, nothing occurs after the report is submitted.
Baran defined that it’s not principally about folks slicing corners. From what he noticed, is that it’s the infrastructure that’s at the moment limiting these banks’ capability to behave.
We Are Overdue for a Rethink
In accordance with Baran, we (as a gaggle) are overdue for a rethink. It’s because he believes that, quoting him,
“The rulebook itself isn’t the issue. The toolings that run beneath it are.”
Whereas rules have developed and criminals have turn into extra refined, many establishments are nonetheless counting on outdated infrastructure. In Singapore, significantly, batch jobs, on-prem {hardware}, and disconnected dashboards aren’t constructed for the type of dynamic, real-time oversight AML now calls for.
What’s wanted, he says, is a contemporary compliance spine.
One thing cloud-native, built-in, and quick sufficient to convey all elements of the danger image collectively (from buyer profiles to alerts, and all the best way to historic context) so groups can reply earlier than the harm is completed.
“Get these proper and at the moment’s rulebook lastly works as meant,” he mentioned.
MAS has mentioned remediation efforts are underway.
Establishments are reviewing their processes, upgrading techniques, and reassigning personnel. But when there’s one factor this newest enforcement spherical makes clear, it’s that coverage alone isn’t sufficient.
And as Baran reminded, “Ignore them and the business will preserve paying multimillion-dollar tuition for a similar lesson.”
