MAS consults on FI-FI Information-Sharing Platform for AML/CFT

25 October 2021

The Monetary Authority of Singapore (“MAS”) is consulting on the introduction of a regulatory framework and secure digital platform for financial institutions (“FIs”) to share risk information with each other to prevent money laundering (“ML”), terrorism financing (“TF”), and proliferation financing (“PF”).

Such risk information would include information relating to, or particulars of, a customer (e.g. the beneficial owners and authorised signatories of a customer) and transactions, the high risk behaviour exhibited, and risk observations or analysis that are relevant to the account or customer (“risk information”). FIs will also be able to review the risk information shared on the platform using data analytics to disrupt illicit transactions. This enriched set of risk information will enable FIs to conduct sharper analysis of customer behaviours and activities, as well as alert each other to situations which pose higher financial crime risks, thus raising overall defences for Singapore’s financial system. 

It is intended that the sharing of risk information will be permitted only: 

1. to address potential ML, TF or PF concerns in key risk areas;
2. if the customer’s behaviours and transaction activities exhibit multiple red flags that cross risk thresholds to suggest that potential financial crime could be taking place;
3. in the data format specified by MAS, such that only relevant risk information is shared, and in a proportionate manner; and
4. via a secured digital platform owned and operated by MAS, to be named the Collaborative Sharing of ML/TF Information & Cases, or COSMIC in short.

Further, MAS will also introduce a legislative framework to govern the sharing of risk information on COSMIC, including safeguards on the use and confidentiality of information obtained from the platform. The legal framework for COSMIC will be set out in the Financial Services and Markets Act (“FSMA”), after the Financial Services and Markets Bill is introduced in Parliament later this year, and the FSMA is amended to include this framework. Under the proposed framework, a customer must first exhibit multiple high risk behaviours or indicators that suggest serious financial crime (“red flags”), before an FI is required to or may share risk information on that customer with other participant FIs. This sets an objective threshold to ensure that COSMIC is used only for cases of significant concern, and safeguards against frivolous requests that unnecessarily expose customer information. As there may be legitimate explanations for such red flags, MAS will also require the FI to seek an explanation from the customer as part of its risk assessment of potential financial crime concerns. Under the proposed framework, an FI will be able to share risk information with another FI through COSMIC in three ways, i.e. Request, Provide and Alert.

COSMIC will be developed and deployed in phases, to ensure operational stability and efficiency. In the initial phase, which is expected to last for about two years, the MAS intends to focus on combating the key risk areas of misuse of legal persons, trade-based ML, and PF. The initial participants will be six banks which are major players in the commercial and small-medium enterprises (SME) banking segment: DBS, OCBC, UOB, Standard Chartered Bank, Citibank and HSBC. The MAS will progressively extend COSMIC to a wider segment of the financial sector and increase the key areas of focus where appropriate in the subsequent phases. Significantly, in designing the regulatory framework and risk information sharing platform, the MAS sought to learn from the successes and challenges faced by jurisdictions such as the United States and the United Kingdom, which have regimes to facilitate FI-FI information sharing for AML/CFT purposes.