https://www.finews.asia/finance/42189-singapore-aml-audit-best-practices-abs

Banks scrutinize best practices after the city-state’s historic money laundering scandal.

By Singapore’s standards, the scale was epic. About $2.3 billion in seized assets and at least 10 arrested and convicted, as finews.asia has extensively documented since the crimes first became public at the end of 2023.

It ruffled the feathers of authorities and led to asset seizures at numerous banks, including Citi, DBS, and major Swiss institutions including the former Credit Suisse and Julius Baer.

Best Practices

In the wake of all that, the Association of Banks in Singapore (ABS) released an industry-led best practice paper on Monday related to AML audits and the roles that internal and external auditors play in them.

Although they don’t directly reference the scandal by name, saying that the standards are based on an Anti-Money Laundering Audit Peer Group (AAPG) 2023 benchmarking survey, the inference, and the dates, seem auspiciously coincidental.

Blink of an Eye

The AAPG was established last October, and the survey was innocently conducted just about then, right at the same time the scandal started to hit the headlines.

Now, voila, just a year later, little more than a blink of an eye in auditing time, we have glistening new paper.

Much Gentler

Much of the 55-page tome is snooze-worthy, setting out baseline requirements and best practices for internal and external audits.

To wit, until well into the 2010s and very likely up to the money laundering scandal, AML audits in Singapore were seen as far gentler affairs than the mind-numbing thematic audits undertaken by the HKMA such as its recent review of transaction monitoring systems at authorized institutions.

Standard Typologies

The paper does not do much to dispel that former nonchalance, setting out things that should be super-obvious to most institutions with any experience of the greater FATF-sphere.

It sets out things such as having the internal audit function conduct a once-yearly AML/CFT risk assessment and asking auditors to do a third line-based sampling of higher-risk clients, including family offices - or looking at potentially suspicious ones using standard typologies such as round-tripping, and any linked to suspicious transaction reports in some way.

Machine Learning to the Rescue

There are some areas, however, where the paper veers towards newer pastures related to the use of data analytics.

Here it asks the internal audit function to use natural language processing or machine learning to help with sampled lookbacks related to the escalation processes of transaction monitoring cases or as a generalized health check of the morass of false positives the automated alerts such systems tend to generate.

Undetectable Shells

It indicates, by way of example, how internal auditors can use so-called network link analysis to identify things like shell companies that tend to pass through standing control frameworks undetected.

As part of the whole generative AI shebang, it also includes sections on older tech such as fuzzy logic for name matching while asking internal auditors to combine rule-based analytics with supervised machine learning and data visualization for clients that pose higher money launder and terrorism finance risks.

HKMA Efforts

At the end of the day, much of this seems to mirror efforts by the Hong Kong Monetary Authority (HKMA). As finews.asia discussed in September, the city's de facto central bank has asked banks to upgrade suspicious activity monitoring systems using AI with a signed and sealed plan delivered to their doorstep by next March.

The writing on the wall seems clear enough. The future of preventative money laundering detection lies in using AI tech for many banks operating in the region’s main hubs, and they will need to have something up and running by next year - if they don't already.