Navigating key risks and regulations for asset managers and offshore funds

In a nutshell:

• Asset and wealth managers are on the regulators’ radar: greater duty of care, fairness, and irreproachable business conduct standards are expected.
• Regulators are acutely aware of the growth in private markets, and unsurprisingly are focusing on asset managers in this space.
  
• Emerging technology and cybersecurity are on the priority list of the regulators.
  
• It is a global and local (Singapore) priority to hold senior managers more accountable as seen in the recent enforcement actions and fines.
  
• Financial crime is in focus in light of the growing complexity of sanctions compliance and remains a key source of enforcement actions and fines making headline news.
  

There are a number of key learnings from increasing enforcement, fines and more detailed guidance and heightened expectations.

Key takeaways:

• Build awareness of AML “red flags” within your front office as they play a key role in identifying, assessing and controlling its ML/TF risks.
• Suspicious Transaction Reports (STR) should be filed promptly when existing or prospective customers are flagged for suspicious activities.
  
• Perform your own due diligence before placing reliance on customers introduced by other FIs (e.g. understand the FI’s overall AML/CFT framework).
  
• Managers need to remain vigilant in the corroboration of source of funds and key statements about source of wealth (e.g. sale of property, business) for high-risk clients.
  
• Review the customer risk assessment periodically to incorporate new emerging trends and/or other high-risk indicators (e.g. citizenship in countries that offer citizenship by investment schemes).
  
• Ensure adequate due diligence over third-party vendors’ screening systems including an evaluation of the database and sanction lists source, screening parameters, fuzzy matching logic and alert dismissal, among other areas.
  

Useful insights were shared on key actions RFMCs should undertake to transit to licensed fund management companies (A/I LFMC), following the repeal of the RFMC regime.

Key transition points to consider:

• Update the existing compliance manual and compliance monitoring plan to cover the enhanced requirements for A/I LFMC (i.e. Notice and Guidelines on Technology Risk Management).
• Take note of the additional filing requirements such as quarterly/annual regulatory returns.
  
• Start working on financial projections to ensure that the risk-based capital (RBC) requirements are met ahead of the first quarterly returns due in October 2024.
  
• Be aware of MAS’ pre-approval requirements on some key changes within your organization such as the appointment of CEO/directors.
  

Asset managers must institute a plan to mitigate business disruptions and ensure business continuity.

In action, this means:

• Perform an assessment using an established methodology to identify your critical business services and functions and conduct a business impact assessment.
• Establish a Service Recovery Time Objective (STRO) and Recovery Time Objective (RTO) for the identified critical business service(s) and function(s) using impact vs time assessment.
  
• Map your dependencies (i.e., people, business processes, technology, third-party or intragroup service providers) that support your critical business service(s) and function(s).
  
• Consider involving your key third parties or intra-group dependencies in your BCP testing and ensure adequate monitoring of third parties’ BCP measures, as these parties may not be outsourcing arrangements.
  
• Reassess your plan on an ongoing basis as and when there are material changes/developments (e.g., material service providers, new services, incidents).
  

Asset managers managing Cayman funds shall consider the following:

• Corporate governance enhancements: Effective April and October 2023, the Cayman Islands introduced updates through the Statement of Guidance on Corporate Governance for Mutual and Private Funds, and the Rule on Corporate Governance for Regulated Entities. These guidelines emphasise the importance of a well-structured governing body, clear operator duties, conflict of interest policies, and robust investor communication strategies.
• Proportional approach: The importance of a proportional approach to compliance was stressed, tailoring measures to the fund's size, complexity, and risk profile, rather than a one-size-fits-all methodology.
  
• Comprehensive compliance: The necessity for funds to ensure comprehensive compliance was highlighted, not only at the manager level but also at the fund level.
  
• Board composition and meetings: Emphasising the criticality of diverse and skilled board composition, it was advised on the annual self-assessment for boards and the necessity of holding regular meetings to review the fund’s performance and compliance with regulatory requirements.
  
• Service provider engagement: Importance of engaging with service providers (which, from the fund's perspective, are the administrator and the investment manager) and ensuring that their performance is appropriately overseen and supervised by the operator of the fund, who has the ultimate responsibilities for various compliance areas including AML, foreign account tax compliance act (FATCA) / common reporting standard (CRS) and data protection.
  
• Practical compliance steps: Practical steps for funds to enhance their corporate governance framework were offered, including adopting thorough corporate governance documents, implementing a conflict of interest policy, and ensuring regular board assessments and meetings.
  

The Panel kicked off with a discussion on the key areas asset managers should focus on arising from the AML/CFT developments in Singapore.

Key takeaways for asset managers are as follows:

• Staying informed about emerging trends is crucial for fund managers to recognise new red flags and derive learning points from each incident.
• Senior management should involve compliance team early in the onboarding stage, such as during investor pipeline meetings, where they can assist by asking pertinent questions.
  
• Front office plays a crucial role in as they typically possess more detailed information about clients. It is essential to maintain and share these records within the organization, including the compliance team, to ensure accurate AML/CFT risk assessments.
  
• Potential “red flags” often overlooked when assessing AML/KYC risk include:
  
  • Overreliance on service providers e.g. engaging major banks or top fund administrators as outsourced providers
    
  • Highly complex structure and investments in high-risks jurisdictions, often misusing special purpose vehicles (SPVs) and trust structures
  • Multiple citizenships
    

In view of the popularity of Cayman Islands as an offshore funds domicile, Singapore fund managers should take measures to stay compliant with the Cayman AML regime in addition to complying with Singapore AML/CFT requirements. The panel highlighted several common areas often get overlooked by Singapore asset managers:

• The ultimate beneficial owners' threshold is 25% in Singapore, while it is 10% in the Cayman Islands. Asset managers should not overlook the AML/KYC obligations of other jurisdictions. In addition to the sanction checks performed against Singapore and US OFAC sanction list, Cayman Islands compliance would require sanction checks against EU, UK, UN and Cayman sanction lists.
• Beyond performing AML/CFT checks on the investors, it is key to conduct AML/CFT reviews on the counterparty when acquiring investments from third party.
  
• Record keeping should are kept at least five years; however, it is advisable to keep records for a minimum of six years to comply with Cayman Common Reporting Standard regulations.

The panel then discussed other potential risk areas warranting governance and oversight in light of regulatory/enforcement priorities and trends for consideration by CROs and Compliance functions:

• Business conduct standards to ensure the clients’ interests are front and centre from product development through to launch, and robust investment processes subject to adequate oversight. This is relevant for asset and wealth management centres in Asia like Singapore which are maturing as investment management and product manufacturing hubs.
• Globally, regulators are acutely aware of the growth in private markets across private equity, venture capital and private credit, and the bespoke risks (e.g. valuation) associated with these asset classes.
• Emerging technology and cybersecurity are on the priority list of the regulators as they look to foster and facilitate tech-enabled innovation in the financial sector whilst addressing the associated risks and building resilience.
  

Key governance insights in the Cayman Island’s perspective, include:

• Corporate governance: Board agenda should cover various areas such as monitoring and supervising delegated functions, ensuring sufficient capability to oversee fund operations, conducting annual conflicts of interest declarations and ensuring compliance with Cayman regulations.
  
• FATCA CRS: Avoid obtaining a GIIN for the fund’s SPV unless necessary (e.g. financial institution) to prevent attracting regulatory scrutiny. FATCA CRS reporting should be completed annually for funds to avoid heavy penalties.
  
• Ultimate beneficial owner reporting: Applicable to both the Cayman and BVI regimes. If a renewed passport is requested by the registrar, it must be provided immediately to prevent penalties.
  
• Data protection: In the event of data leakage, consider Singapore’s data protection regime and potentially report to Cayman Island government.
  
• Economic substance: Each legal entity domiciled or registered in the Cayman Islands must make an annual Economic Substance Notification (ESN) regarding whether it was carrying on any of a defined list of activities (Relevant Activities). Entities which are in scope (Relevant Entities) and which were conducting any Relevant Activity are required to meet an economic substance test (ES Test) in respect of such Relevant Activity.