In the strive to encourage substantial growth within Singapore’s Fintech ecosystem while maintaining a stringent regulatory environment, our Lion City has to ensure that regulatory notices and guidelines are issued in an agile manner. As avid readers of these notices and participants in consultation sessions we would like to draw attention to some of the much talked about provisions of the Payment Services Act (the “PS Act”), with particular regard to Know Your Customer (“KYC”) requirements.

The Monetary Authority of Singapore (the “MAS”) makes a distinction between face-to-face and nonface-to-face (“NFTF”) client onboarding and KYC measures. These measures affect all licenced Financial Institutions (“FIs”) and with more service providers becoming licensed under the PS Act, the MAS has issued guidance to these institutions.

For the purposes of this article we use the term New FIs (“NFI”) to discuss those affected by the PS Act.
In this article, we discuss and define

1.  NFTF KYC
2. Additional risks arising from NFTF KYC as compared to face-to-face onboarding
3. The measures licensed institutions, including NFIs, should implement in order to mitigate those
   risks: Namely the requirement to obtain a report from an external auditor or independent qualified
   consultant to assess the effectiveness of the NFI’s policies, procedures and technology solutions used
   to manage impersonation risks.

NFTF KYC

NFTF KYC is the process an FI undertakes to conduct due diligence on a customer without any faceto-face meeting between their representatives. Because of the perceived risk in onboarding a customer that is not “known”, the MAS requires FIs to perform customer due diligence measures that are at least as stringent as those that would be required to be performed if there was face-to-face contact and recommends additional measures to mitigate the risk taken on by NFTF.

THE UNIQUE RISKS OF NFTF KYC

The Financial Action Task Force Recommendations (the “Recommendations”) include NFTF business relationships or transactions as examples of potentially “higher risk scenarios”. The Recommendations clarify that examples are given for guidance only and that the risk factors listed may not apply in all situations. Still, the MAS and many other regulators generally treat NFTF KYC as presenting greater anti-money laundering and terrorism financing risks. Moreover, the MAS generally advise NFIs to exercise greater caution when dealing is an unfamiliar or new customer.

As a result, onboarding a new customer via NFTF KYC cannot be presumed to be low risk. Regardless of regulatory requirements, we believe FIs are doing what they reasonably can to ensure that they are not supporting criminal activity. A face-to- face meeting will never be sufficient to mitigate against this risk but we cannot (yet!) discount the power of human interaction in uncovering illicit activity. The main risk of NFTF KYC described by the MAS is impersonation risk. Indeed, the
increasing quality and sophistication of “deepfake” technology is a new and increasing threat globally that presents significant challenges to any NFTF KYC process. In addition, face-to-face KYC facilitates the review of original documents such as passports or identification documents.

The key benefit of doing face-to-face KYC is the occurrence of a contextual conversation. The nonverbal aspects of an in-person conversation may help verify the information being presented. A natural conversation in a meaningful setting will also provide prompts for further questions, making it easier to ask follow-up questions as well as understand the customer’s priorities and needs. These aspects of the natural conversation can make it much easier to fulfil KYC requirements such as source of wealth and ID verification rather than turning it into a tick box exercise.

It should not be forgotten that the risks of NFTF KYC apply to onboarding of both individuals and corporates. For the onboarding of corporates, most FIs would classify KYC that as face-to-face if they have met with at least one authorized representative of the corporate. While we agree with this view, some NFTF risks remain with respect to the relevant individuals of the corporate that the FI does not meet in person.

WHAT MEASURES SHOULD FIs ADOPT TO MITIGATE THESE RISKS?

The MAS has highlighted various options FIs can consider to address the risks of NFTF KYC, including holding real-time video conferences that are almost comparable to face-to-face communications and the provision of certified identification documents by lawyer or notaries public.

The specific measures adopted by FIs may vary utilising a risk-based approach. We expect the MAS to ask NFIs to describe how they mitigate such risks in connection with reviewing NFIs’ PS Act license applications, especially due to the publication of the Guidelines to the Notices on 16 March 2020.

TECHNOLOGY SOLUTIONS

In recent years, various technology solutions have hit the market to help address impersonation risks inherent to NFTF KYC. These technology solutions offer various capabilities including confirming the authenticity of government issued identifications, biometric facial recognition and can use artificial intelligence to prompt investigations. When combined with documentation collection and screening functionality, such technology measures can potentially offer both a robust mitigant to the risks of NFTF KYC as well as an effective customer onboarding platform.

REQUIREMENT OF AN INDEPENDENT REPORT

In accordance with the requirements of the PS Act, any NFI wishing to conduct NFTF KYC is required to appoint an external auditor or an independent qualified consultant to assess the effectiveness of its policies and procedures, and of any technology solutions used to help manage impersonation risks. The NFI is required to submit the report of the assessment (the “Report”) to the MAS within one year after commencing NFTF business.

Interestingly, there is no such requirement from the MAS on traditional FIs; even though the antimoney laundering (“AML”) and combating the financing of terrorism (“CFT”) notices to banks and capital markets intermediaries (MAS Notice 626 and MAS Notice SFA 04-N02) do address the higher risks of NFTF KYC. For example, if an e-wallet and a securities dealer utilise the same technology for NFTF KYC, the e-wallet is required by the MAS to obtain the Report but the securities dealer is not. As the MAS looks to issue digital banking licences, we are curious as to if these digital banks will be treated like traditional FIs or be subject to the more specific requirements of NFIs.

The requirement to obtain the Report was first introduced in the 2018 Circular. However, the conditions and requirements of the 2018 Circular differ from the requirements of NFIs under the PS Act. In the 2018 Circular, the requirements were only applicable to FIs that used “new technology solutions” in performing NFTF KYC. The Report only had to assess the sufficiency of the new technology solutions and there was no requirement to submit the Report to the MAS. The
requirements under the PS Act, are more extensive.

CONCLUSION

Recent events suggest that customer onboarding and KYC periodic renewal will increasingly be done in a NFTF manner. FIs need to develop and document a plan to evaluate and manage the increased
risks of conducting NFTF KYC. Under the PS Act, NFIs have an additional requirement to obtain and submit the Report. Holland & Marie and Maven Diligence, working independently or together, in the capacity of independent qualified consultant are able to assist FIs review and enhance their KYC programmes, as well as issue the Report to be submitted to the MAS.