Speech on the 2nd Reading of the Financial Services and Markets (Amendments) Bill

In my speech of the 2nd reading of the Financial Services and Markets (Amendment) Bill, I supported the MAS’ move to set up COSMIC, an information sharing platform between prescribed Financial Institutions as a measure to better act against perpetrators of financial crime. I asked why the act of Financial Institutions sharing with other Financial Information risk information that turns out to be false owing to lack of due diligence is not criminalised given the impact on the subject of the information. I also asked about plans to scale up COSMIC. In addition, I made suggestions on improving the framework governing information sharing too. My speech may be accessed below.

— — — — — — — — — — — — — — — — — — — — —

Mdm Deputy Speaker, as I understand, the primary motivation of the Bill is to provide for a framework to share customer information between financial institutions in Singapore through a secure digital platform known as COSMIC to better combat the scourge of financial crime.

I support this aim. With the growing sophistication of criminals engaged in financial crime who take advantage of information asymmetry between financial institutions, enforcement agencies and regulators within a global ecosystem, there is a case to require enhanced cooperation between financial institutions, even if they may be business competitors. In return, the FIs are immunised against civil liability for sharing information amongst them.

The basic idea is that, with the pooling of information between FIs, there is a better chance to know the nature of the beast that the FIs are dealing with. I do not think there is any quarrel with the basic premise of the Bill.

Like hon Member Mr Derrick Goh who spoke before me, this too brings to my mind the famous Indian folktale of the six blind men and the elephant. This story must have made an impact in our childhood. Each of them touched a different part of the animal and came with a completely different assessment of how the elephant looked like. They later learnt though that when they put together all the information that they have separately gleaned, only then will they know the truth of the matter.

The points I will be raising in my speech are focused on trying to better understand the mechanics of the proposed framework and how they can be reconciled against the stated aim of the Bill.

Everyone wants to know the final shape of the beast, but what incentives are there for people who own each individual part to take the time and trouble to give up his piece and see where and how it fits?

I will cover just two areas. First, operational issues; and second, enforcement issues.

On operational issues, I seek clarification on the important timing issue between the requesting FI and the disclosing FI. This addresses the question, “Do you have a piece?”

I note that under the proposed section 28D of the Bill, the disclosing FI has the discretion whether or not to disclose to the requesting FI the risk information that it is being sought for. In the event the discloser declines to disclose the risk information, it must notify the requester of its decision and the reasons for the same. There is no specific timeline specified for the discloser to reply to the requester through COSMIC. This is understandable as the time needed may be case specific.

On the other hand, there should be a general understanding between FIs that requests for information should be dealt with urgency so that there is a chance to catch up with the suspected criminals.

In the banking world, with transactions being completed in a matter of microseconds, speed of response is of utmost important. May I please ask what stipulations will be imposed on prescribed FIs in this regard? Can we ask, for example, for guidelines, for what is a reasonable time to respond?

I would also like to understand whether the framework will allow for redress against FIs which are objectively assessed to be too conservative or even obstructive in rejecting requests for risk information. Such attitudes will undermine the aim of the Bill. May I ask what can be done in these circumstances to deal with such eventualities? That is to say, how do we assess when a specific FI is being unduly dismissive of a request which should have been taken more seriously?

In this regard, I note that it is proposed that MAS be given the power to issue notices of a general or specific nature to FIs for the effective administration of the information sharing framework. Is it contemplated that this issue I raised will be dealt with through enforcement action permitted under the MAS notices?

There is in addition a connected issue of parity on the part of FIs. Currently, the six major commercial banks chosen to join COSMIC all have strong anti-money laundering and countering the financing of terrorism capabilities. They invest substantial amounts of money in compliance systems that will allow the banks to monitor on real-time transactions and analyse them against a treasure trove of databases to flag suspicious activities. They also make significant investments into the training of compliance officers to act as competent gatekeepers for the respective banks.

Going forward, should MAS decide to expand the list to include more FIs, what would be the considerations to ensure that FIs which have less compliance capabilities and capacities do not unfairly leverage off FIs which do?

I see this as a potential double-edged sword. On one hand, I would imagine that, at least theoretically, the bigger the number of FIs which can join COSMIC, the better protection we get from money laundering, terrorism financing and proliferation financing activities. On the other hand, by prescribing entry requirements, there is a possibility that the smaller financial institutions may be less motivated to make investments to qualify.

One possible option is to make it compulsory for all FIs licensed in Singapore to eventually have a minimum level of compliance competencies so that they all meet the entry requirements. This will eliminate the moral hazard I am concerned about, but I am not sure if this is practicable.

The middle ground option would be to employ the 80–20 rule and just focus on banks of a certain size and above. However, this will be a dog whistle for the criminals to use smaller banks. I would be grateful for the hon Minister of State’s views on this matter.

The next operational issue I wish to touch on is the proposed ability on the part of a prescribed FI to, on its own motion, disclose risk information to another prescribed FI in certain circumstances as provided for under section 28E in the Bill.

I support this move. It makes the information-sharing platform much more effective. That is, what do you do, if you suspect someone else has a piece?

To depend on only the requesting financial institutions to initiate the information-sharing process assumes that the requestors will be able to identify red flags. This may not be always the case. In all likelihood, there will continue to be blind spots in form of Donald Rumsfeld’s “unknown unknowns” or going back to the parable of the blind men and the elephant. Allowing FIs possessing the risk information to proactively share it with the relevant FIs, even without initiation by the latter, addresses this problem.

I note that the operative word here is “may”. FIs “may” proactively share information. The question I have is what structural incentives or disincentives can be provided to the FIs so that they can be motivated to be proactive. Would this be dealt with under the proposed MAS Notice?

I now turn to the area of enforcement against FIs to ensure compliance with the information sharing framework. I have two specific questions in this area.

First, it is proposed that under section 28J in the Bill that a prescribed FI or its officers who knowingly or recklessly discloses or publishes any risk information pertaining to the customer of the bank that is false or misleading in a material particular.

I support the need to create this offence. There are serious repercussions for the customer if the FI gets it wrong. The hon Minister of State acknowledged this in his speech. The customer will be denied access to their bank accounts and probably would be subject of STRs that may trigger investigations by enforcement authorities.

I would like to know why it is not proposed that FIs which are negligent in making such disclosures to other FIs not guilty of offences.

I would like to point out that under section 176(1) of the Financial Services and Markets Act, it is an offence for a person to provide false information to the MAS without exercising reasonable care to ensure that the information is not false or misleading in any material particular. This is the same for other statutes that MAS enforces such as the Banking Act or the Financial Advisers Act. It is consistently provided that a person who negligently provided false information to the MAS is guilty of an offence.

These provisions were enacted with the current paradigm of information flow in mind, that is, as between the FI and MAS. The proposed information-sharing framework between FIs changes the paradigm. I am struggling to understand why in the new paradigm, we are allowing for a lower standard of probity on the part of the FIs when, in fact, the repercussion on the customer is substantially the same.

In fact, I note that under the proposed section 28L in the Bill, MAS is not only entitled to a copy of the risk information that was shared by an FI to another FI but can also act on it. If that is the case, why is it proposed that the consequence for negligently providing false information to MAS be dealt with differently from negligently providing false information to another FI? I would be grateful for the hon Minister of State’s clarification on this.

Under the proposed provisions, it seems that anyone may falsely describe to another the piece he has without consequence if it is attributable to lack of diligence on his part.

Next, I would like to suggest that the proposed offences against FIs under the information-sharing framework be considered for listing in the Sixth schedule of the Criminal Procedure Code under the Minister’s powers provided for under section 427(1) of the Criminal Procedure Code.

Madam, the Sixth Schedule lists offences in respect of which deferred prosecution agreements (DPA) may be entered into between the Public Prosecutor and a subject. The entering into DPAs in lieu of prosecution provides the Public Prosecutor with an important tool to deal with corporate offending without affecting innocent stakeholders such as shareholders. Typically, DPAs provide for detailed remediation on the part of the corporate offender so as to ensure that proper systems are in place to prevent re-offending. This may, in certain situations, serve public interest better.

Currently, the Sixth Schedule consists of a good number of offences in the AML and CFT arena, particularly the offences under the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act 1992 (CDSA) and section 16(4) of the Financial Services and Markets Act 2022.

Given that the proposed offences under the Bill also involve the same subject matter, I believe there is a case for including these offences into the Sixth Schedule.

Mdm Deputy Speaker, it is a public good for us to see the shape of the beast when it is financing great evil in the world. But the difficulty is that the private entities have always had little incentive to produce public good. The current Bill offers some ways for us to harness FIs to this end, and I hope my proposals will not just help us gather more pieces of the puzzle, but ensure that they fit in the right places as well.