MAS to build new information-sharing platform for banks in Singapore to combat financial crimes

SINGAPORE: A digital platform for financial institutions in Singapore to share information on suspicious customers or transactions will be set up after parliament passed the Financial Services and Markets (Amendment) Bill on Tuesday (May 9).

The new platform will be jointly developed by the Monetary Authority of Singapore (MAS) and six major commercial banks - DBS, OCBC, UOB, Standard Chartered Bank, Citibank and HSBC.

These banks will be given access to the platform, called the Collaborative Sharing of Money Laundering/Terrorism Financing Information and Cases (COSMIC).

It is set to be rolled out in phases, starting from the second half of 2024.

In the initial phase, COSMIC will focus on three key financial crime risks in commercial banking, namely abuse of shell companies, misuse of trade finance for illicit purposes and financing that aids the proliferation of weapons of mass destruction.

Sharing of information will be voluntary during this initial phase that will last for two years. 

This is to allow the platform to achieve operational stability while MAS engages financial institutions to calibrate features and address operational issues, said Minister of State for Trade and Industry Alvin Tan as he tabled the Bill for a second reading.

MAS intends to make information sharing mandatory for higher-risk situations in the later stages, as well as widen COSMIC’s coverage to include more risk areas and financial institutions.

Further legislative amendments will have to be proposed in the later stages to effect these mandatory requirements. MAS will consult the industry and the public before introducing these amendments, a spokesperson told CNA.

WHY IS THIS NEEDED?

The initiative is part of efforts to beef up Singapore’s defences against money laundering and financing of criminal activity. 

Mr Tan, who is a board member of MAS, said that while financial institutions have made significant strides in this aspect, they are currently unable to warn one another about unusual activity involving their customers given customer confidentiality obligations.

“Criminals exploit this by making illicit transactions through different financial institutions to avoid detection,” he added.

COSMIC, which aims to eliminate these information gaps, will “make it easier for financial institutions to detect and thereby deter criminal activity”, Mr Tan told the House.

Currently, Singapore’s Banking Act mandates that regulated financial institutions and their officers uphold confidentiality when handling customer information.

A private-public partnership, dubbed Anti-Money Laundering and Countering the Financing of Terrorism Industry Partnership (ACIP), was established in 2017 to allow the MAS, the Commercial Affairs Department (CAD) and financial institutions to share specific information on a case-by-case basis.

Such a mechanism has “built trust among stakeholders” and demonstrates the benefits of information sharing, MAS said in response to CNA’s queries.

COSMIC will allow such information sharing “to be conducted at scale and in a structured format, to more efficiently and effectively pick out suspicious actors”, the spokesperson said.

MAS will have access to COSMIC for supervisory purposes. Information on the platform, including material networks of suspicious actors, will also be integrated into MAS’ overall surveillance framework.

In addition, the Suspicious Transaction Reporting Office (STRO) - the unit under CAD that receives, analyses and disseminates financial intelligence – will also have direct access to information on COSMIC.

HOW DOES IT WORK?

Under COSMIC, information sharing will be permitted only if a customer’s behaviour or transactions exhibit red flags that cross stipulated thresholds, which suggests that potential financial crime could be taking place.

For example, a financial institution that observes red flags that cross the stipulated threshold will be able to request information about the customer or transaction from its peers.

When multiple red flags that cross a higher stipulated threshold are detected, a financial institution should provide information to other financial institutions with links to the customer or transaction.

The financial institution should also file a suspicious transaction report to authorities and alert others in the industry using a watchlist.

These pre-determined red flags and stipulated thresholds will be set out in a private directive issued by the MAS to the financial institutions. 

“The thresholds details and permutations of the red flags must be kept strictly confidential among only the participant financial institutions to prevent criminals from circumventing them,” said Mr Tan.

These conditions will also ensure that information-sharing is “strictly restricted to cases of high financial crime concerns”, thereby ensuring the interest and privacy of legitimate customers.

“For most customers, no red flag indicators will be triggered,” said Mr Tan. “For these customers, I wish to reiterate that participant financial institutions will not be permitted to share customers’ information.”

The Bill also provides financial institutions with statutory protection from civil liability in respect of their disclosure of information via COSMIC, provided that the disclosure was done in accordance with the thresholds and made with reasonable care and in good faith.

Some countries like the United States and the United Kingdom already have legal provisions that permit financial institutions to share information for the identification of potential financial crimes.

QUESTIONS ON SCOPE AND SAFEGUARDS

Members of Parliament (MPs) voiced their support for the new platform but raised questions ranging from the inclusion of other financial institutions to the safeguards in place.

For example, Mr Leon Perera (WP-Aljunied) suggested that a “select group” of smaller offshore and private banks should be included in the platform's initial phase, while Mr Derrick Goh (PAP-Nee Soon) asked if there are plans to include financial technology (FinTech) firms, digital payment and other virtual asset service providers.

To that, Mr Tan said the financial crime risks that COSMIC is focusing on at the start “manifest themselves in the commercial and SME banking space, of which the initial six participant banks have significant market share”.

FinTech and digital payments firms, on the other hand, are not “currently operating at quite the same scale”. That said, MAS will consider expanding the platform to include more financial institutions in later phases, he added.

Several MPs also asked about the cybersecurity measures and other safeguards in place to protect the confidentiality of information shared via the new platform. 

Mr Tan noted that MAS, being the owner and operator of COSMIC, will ensure that information is exchanged and stored securely with strict cybersecurity measures such as data encryption.

Such controls will be subject to audits, both internal and external, to ensure effectiveness.

Financial institutions, on their part, are required to put in place safeguards such as allowing only a small group of authorised officers to access COSMIC as well as sharing information within the boundaries permitted by the Bill. 

“MAS will closely supervise participants’ adherence to these measures and will take firm action for any lapses, including breaches which result in customer information leakage,” Mr Tan said.

“In the event of a cybersecurity breach, MAS will work closely with the (financial institutions) to promptly remediate the issue and conduct a post-mortem to assess the need of whether to tighten the defences further,” he said.

Mr Don Wee (PAP-Chua Chu Kang) asked if COSMIC can be built upon existing systems, such as the STRO’s platform.

Currently, the STRO’s platform is used by a much wider pool of both financial and non-financial institutions to report suspicions related to financial crime activity that have been established on reasonable grounds. Hence, it will not be appropriate to integrate both platforms, said Mr Tan.

However, MAS is exploring if the processes for both platforms could be streamlined to reduce the administrative burden on the participant banks and financial institutions, he added.

In response to Mr Wee’s question on who is funding the development of COSMIC and whether participating financial institutions need to pay any fee, Mr Tan said MAS, being the owner of the platform, will bear the cost of development.

Banks will not have to pay a subscription fee to access COSMIC but will be expected to ensure sufficient resources to support their participation. This will include maintaining and effecting any necessary upgrade of data analytical tools.