Which control is NOT included in the requirements established by the Monetary Authority of Singapore (MAS) for financial institutions in order to deter money-laundering and financial aid to terrorism (AML/CFT)?
Which control is NOT included in the requirements established by the Monetary Authority of Singapore (MAS) for financial institutions in order to deter money-laundering and financial aid to terrorism (AML/CFT)?
The Monetary Authority of Singapore (MAS) sets out requirements for financial institutions to deter money laundering and financial terrorism. These requirements typically include identifying and knowing customers (part of KYC or Know Your Customer processes), conducting regular reviews of customer accounts, and monitoring and reporting suspicious financial transactions. However, sharing personal information with the Personal Data Protection Commission (PDPC) is not explicitly mentioned in these core AML/CFT requirements.
MAS does not require sharing of personal information with the PDPC. Indentifying and knowing customers, on the other had, is part of KYC requirements that is integral to PMLTF.
The AML/CFT requirements for banks: Risk assessment and risk mitigation. Customer due diligence. Reliance on third parties. Correspondent banking and wire transfers. Record keeping. Suspicious transaction reporting. Internal policies, compliance, audit and training. At the regulatory level, the PDPC, MAS and CSA can work closely and collaborate with each other to enhanced the data protection 1.6 In this respect, we recommend: (a) Collaborative reporting between FIs and MAS, CSA and PDPC (collectively, the “regulatory agencies”), where notifying MAS and/or PDPC in the event of a data breach will suffice. (b) Collaborative investigating between FIs and the regulatory agencies, where only MAS and/or PDPC will investigate should the need arise. (c) Greater coordination between the regulatory agencies.