These Guidelines provide guidance to all holders of a licence granted under section 138 of the Financial Services and Markets Act 2022 (“FSM Act”) (hereinafter “digital token service providers”) on the requirements in MAS Notice FSM-N27 on Prevention of Money Laundering and Countering the Financing of Terrorism – Holders of Digital Token Service Licence (“the Notice”). These Guidelines should be read in conjunction with the Notice.
The degree of observance with these Guidelines by a digital token service provider may have an impact on the Authority’s overall risk assessment of the digital token service provider, including the quality of its board and senior management oversight, governance, internal controls and risk management.
Key Concepts
Money laundering (“ML”) is a process intended to mask the benefits derived from criminal conduct so that they appear to have originated from a legitimate source. Singapore’s primary legislation to combat ML is the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act 1992. A digital token service provider should refer to the website of the Singapore Police Force’s Commercial Affairs Department (“CAD”) for more information.
Acts of terrorism seek to influence or compel governments into a particular course of action or to intimidate the public or a section of the public. Terrorists require funds to carry out acts of terrorism, and support their nefarious activities. Terrorism financing (“TF”) is the act of providing these funds.
The Three Lines of Defence
- Business units (e.g. front office customer-facing functions of the digital token service provider’s business) constitute the first line of defence in charge of identifying, assessing and controlling the ML/TF risks of their business.
- The second line of defence includes the AML/CFT compliance function, as well as other support functions such as operations, human resource or technology, which work together with the AML/CFT compliance function to identify ML/TF risks when they process transactions or applications or deploy systems or technology.
- The third line of defence is the digital token service provider’s internal audit function or external audit firm appointed by the digital token service provider.
Governance
The digital token service provider’s board of directors and senior management should ensure that the digital token service provider’s processes are robust and there are adequate risk mitigating measures in place. The successful implementation and effective operation of a risk-based approach to AML/CFT depends on the digital token service provider’s employees, officers and representatives having a good understanding of the ML/TF risks inherent in the digital token service provider’s business.
A digital token service provider’s board of directors and senior management should understand the ML/TF risks the digital token service provider is exposed to and how the digital token service provider’s AML/CFT control framework operates to mitigate those risks. This should involve the board of directors and senior management ―
(a) receiving sufficient, timely and objective information to form an accurate picture of the ML/TF risks including emerging or new ML/TF risks, which the digital token service provider is exposed to through its activities or business relations;
(b) receiving sufficient and objective information to assess whether the digital token service provider’s AML/CFT controls are adequate and effective;
(c) receiving information on legal and regulatory developments and the impact these have on the digital token service provider’s AML/CFT framework; and
(d) ensuring that processes are in place to escalate important decisions that directly impact the ability of the digital token service provider to address and control ML/TF risks, especially where AML/CFT controls are assessed to be inadequate or ineffective.
Leave a Reply