Module 4 Emerging and Current Regulatory Issues in the ...€¦ · for Stockbroking Companies and...

SECURITIES INDUSTRY DEVELOPMENT CORPORATION © Copyright SIDC

Module 4 Emerging and Current Regulatory Issues in the Capital Market (Session 2) – Part I

V2


2

Notice

• The views expressed here are solely those of the speaker in his private capacity and do not in any way represent the views of the Securities Industry Development Corporation (SIDC) or the Securities Commission Malaysia (SC).

• The cases mentioned in this presentation have been prepared, cited or described on the basis for discussion rather than to illustrate either effective or ineffective handling of a business situation.

• No part of this presentation may be reproduced, stored in a retrieval system

or transmitted in any form or by any means without the permission of the SIDC.


Part I - Managing a regulated entity effectively

The regulatory structure

SC supervisory objectives & philosophy

Regulatory discipline

Self discipline

3


The regulatory structure

• Securities Commission Act 1993 • Capital Markets and Services Act 2007 • Securities Industry (Central

Depositories) Act 1991

Minister of Finance

Audit Oversight

Board (AOB)

Commercial Banks;

Insurance Cos.

Investment Banks

Listed companies

Stockbroking & derivatives broking Cos.

Unit trust management

Cos.

Fund managers & asset

managers

Unit trust distributors;

PRS distributors

Audit firms

4


SC supervisory objectives & philosophy

Mission statement To promote and maintain fair, efficient, secure and transparent securities and futures markets and facilitate the orderly development of an innovative and competitive capital market

Supervisory philosophy Investor

protection Ensure fair & efficient

markets

Reduce systemic risk Oversee market

development

Supervisory objectives

• Market confidence and investor protection

• Capacity to meet on-going requirements

• Management of systemic risk • Orderly winding down

5


Promoting fair, efficient and orderly markets A collective effort

Regulatory Discipline

Rules, regulation and standards, regulatory approval, supervision, enforcement etc

Self Discipline Disclosure, transparency, risk management, compliance, corporate culture, independent directors etc

Market Discipline

Investors, peers, shareholder activism,

press etc

6


• Bond • Equity • CIS • PRS • Take-

overs Code

• Rules of Bursa Malaysia Securities Berhad, Bursa Malaysia Depository, Bursa Clearing & Bursa Derivatives Clearing

• Bursa listing requirements

Regulatory discipline Malaysian capital market regulations

The legislation

governing the

Malaysian

Capital Market

Securities

Commission Act

Capital Markets &

Services Act

Securities Industry

(Central Depositories) Act

Other

guidelines/

instruments

governing the

Malaysian

Capital Market

(non-

exhaustive) 7


How do we assess your firm? Core supervisory methodology


8


What do we assess your firm? Spectrum of supervision on market intermediary

Proper conduct for

protection of

investors’ interests

and market integrity

Financially sound Identify, prevent and

mitigate ML/TF risks.

Micro-prudential

Conduct Macro-prudential

Management of

systemic risk impact

AML/CFT

9



Core principles of SC supervision Part of the SC’s Guidelines on Market Conduct and Business Practices for Stockbroking Companies and Licensed Representatives and Guidelines on Compliance Function for Fund Management Companies

Our expectation on brokers

Integrity

10


Skill, care and diligence

Supervision and control

Financial requirements

Market conduct

Priority to client’s interests

Communication with clients

Conflict of interests

Safeguarding clients’ assets

Compliance culture

Dealing with regulators

Our expectation on fund managers

Integrity

Skill, care and diligence

Supervision and control

Adequate resources

Business conduct

Acting in clients’ interests

Communication with investors &

clients

Conflict of interests

Client asset protection

Compliance culture

Dealing with the SC


11

Supervisory observations on Conduct and Micro-Prudential Some examples….

Conduct Micro-Prudential

• Allow unlicensed persons to carry out regulated activity

• Clients acting as Introducing Representatives

• Sharing of commission derived from clients’ trading

• Unauthorised trading through clients’ accounts and contract amendments

• Lack of oversight by UTMC on agents/ distribution channels

• Mis-selling (via agents’ conduct or marketing materials)

• Complaints not reported to the Board • Access privileges granted are incompatible

with job responsibilities

• Failed to meet the minimum shareholders' funds (RM20 mil) and Capital Adequacy Ratio ("CAR" of 1.2 times) requirements and continued to trade without the SC's written consent, in breach of Section 67 of CMSA.

• Failure to report the breach of licensing conditions to the SC

• Delay in carrying out reconciliation • Custodian do not reflect certain assets’

class in their report • High level cost-to-income ratio

• Valuation errors may derive from pricing and holding of investment, foreign currency conversion and accruals of fees and expenses


12

AML/CFT Regulatory Requirements

Conduct Customer Due Diligence (CDD) on clients and businesses

Lodge Suspicious Transaction Report (STR)

Develop and implement internal controls, policies and procedures

Key AML/CFT/PF obligations:

Stock broking companies

Derivatives broking companies

Fund management/ Unit trust management

companies

Reporting Institutions in the capital market

The law & guidelines that SC administers :

*Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001

--------------------------------------------------------------------

Guidelines on Prevention of ML & TF for Capital Market

Intermediaries (Issued on 15 Jan 2014)

AMLATFPUAA 2001* (Amendment took effect on

Sept 2014)


AML/CFT framework Regular review and testing

Adequate support from Board of Directors & senior management

Adequacy of Customer Due Diligence Process Verify identify, record retention, customer information

Adequacy of Transaction Monitoring Systems Monitoring of suspicious activity

Internal reporting External reporting to authorities

Training/awareness of Domestic and International Pronouncements

Risk based approach

• Customer • Product & service • Country or geographic • Transaction & delivery

channel

To ensure compliance with AMLATFA

To establish clear policies & procedures

To appoint designated compliance officer

13



AML/CFT - New requirements and challenges

• Definition of politically exposed persons (PEPs) to be formalised in the policies & procedures

• Identification of domestic PEPs & family members & close associates • Identification of source of funds and source of wealth of PEPs

• Require frequent assessment of the adequacy of types of monitoring and threshold used to generate alerts to detect potential STRs

• Require proper documentation to justify the reason(s) for non submission of internal STRs (noted low no. of STRs submitted to FIED despite high number of internal STRs)

• Obligation to notify SC within 30 days & thereafter every 6 months interval for name match, freeze funds, reject the customer and lodge STR

• Conduct list-based screening as part of CDD process • Need to understand the entire ownership control structure of the owner • Avoid overreliance on sanction name matches

• Identify and take reasonable measures to verify the beneficial owner up to the level of natural persons

• Obligation to notify SC immediately for name match and take all measures include but not limited to freezing of funds.

• Need to implement system to detect & freeze funds or other assets or persons and entities acting on behalf or at the direction of a designated person or entity.

Domestic PEPs

Suspicious transaction

reporting (STR)

Terrorism financing

Beneficial owner

Proliferation financing

14


Risk-based approach

• Level of understanding of implementation a risk-based approach and how to relate that to mitigate issues

• Some reporting institutions are still in process of transition from rules-based to risk-based


How to identify beneficial owner (BO)? Identify the natural person

How to identify customer?

1. Name, legal form and proof of existence 2. Powers that regulate and bind customers 3. Address of registered office

(a) Identify natural person with ultimate controlling interest in the legal person. This includes:

i. Identification of directors/shareholders with equity interest of 25% or more

ii. Authorisation for any person to represent the company (letter of authority/directors’ resolution)

iii. NRIC/Passport to identify the authorised person

If not (a), then (b) If there is a doubt on the controlling interest, the identity of the natural

person exercising control through other means

If not (a) or (b), then (c) Where there is no natural person, the identity of the natural person who

holds the senior management position

Minimum requirements

15



To what extent market intermediaries take reasonable measures to identify BO?

What does reasonable

measure mean?

To apply risk-based approach

Measures to identify the BO

Record retention

Consider ML/TF risks associated

with the business relation /

transaction

• Ascertain BO in the public domain/records; or

• Ask for relevant data.

1

2 3

16



17

Supervisory observations on AML/CFT Some examples…

Area Observation

Board • No Board deliberation on AML/CFT matters • Certain AML/CFT information were not escalated to the Board • No documented evidence on the deliberation in the Board minutes

Senior Management

• Delay in formalising and implementing comprehensive AML/CFT policies and procedures • Reliance on Compliance to conduct on-going monitoring

Compliance • Compliance officer is not proactive in identifying and reporting of suspicious transactions • No documentation on compliance review

Internal Audit • No independent audit on AML/CFT framework • Inadequate scope of IA to assess the adequacy and effectiveness of framework

Risk Management

• Client’s risk profiling criteria is not formalised in the Manual • Incomprehensive risk profiling criteria • Clients with high risk profile were not tagged in the system for on-going monitoring

Operational Management

• Ineffective transaction monitoring mechanism – absence of exception reports of large or irregular transactions and establishment of internal threshold reporting limits

• Lack of documentary justification in the review of suspicious activities • One-size-fits-all AML/CFT training programme



Self discipline Oversight by Board & senior management; reliance on three lines of defense

1st line of defense

Front line, business units, branches

2nd line of defense Compliance & risk

management

3rd line of defense Internal audit

External audit

Regulators

18


Best practices of Board of Directors of a CMSL

Independence of independent

directors Key positions

19

Self Discipline

Characteristics of an effective

Board

Audit committee

Composition

Roles & responsibilities

Independence of independent directors

Commitment of directors

Remuneration of directors

Audit committee

Risk management frameworks & internal control systems

Key positions


Board’s oversight on senior management in running business Front line, business units and branches – 1st line of defense

Why front liners are important? Important elements for front line staff

• Front line staff have extensive interaction with customers or the public (1st point of contact with customers/public)

• Front-line performs the work specified by the business, reflecting any changes and initiatives implemented by management and the Board

• Strong time, resource and

performance pressures in the front-line environment

Important elements for

effective 1st line defense

(front liners)

Policies & procedures

Training

20

Self Discipline

Why are these important?


Board’s oversight on senior management in running business Policies and procedures (P&P) Why written P&P is required? Common supervisory findings

• To create an internal control framework that management can rely upon and that will ensure the company’s objectives are being met.

• P&P answer the “what” and “how” questions for

individuals within an organisation.

• To document an organisation’s policy for operation and the procedures necessary to fulfill that policy.

• Written documentation will allow for consistent treatment across the company.

• Absence of P&P on core function, for e.g. Risk Management, Compliance Manual, handling of clients’ complaints, handling of interest accruing from investing monies belonging to clients

• Lack proper procedures or processes for identifying, assessing, monitoring and managing money laundering risk

• P&P are not updated • Delay in implementing P&P despite approval from

Board has been obtained • Non-compliance to the company’s policies and

procedures • Written P&P did not provide adequate instruction

to the employees, or omitted the relevant procedures to provide the necessary clarity

• Amendments to P&P were not ratified by the Board • Changes or updates to Standard Operating

Procedures not properly tracked • Actual practices deviated from the requirements in

company’s policies and procedures

21

Self Discipline


Board’s oversight on senior management in running business Training - Continuous and never ending in nature

Benefits of training Common supervisory findings

• Increased productivity Enhance the skills, capabilities and

knowledge of employees

• Minimised effort to supervise Mould the mentality of employees

• Improved morale and job satisfaction Career progression via higher skills

development

• Reduced likelihood of errors

• No structured training to appropriately and adequately train employees on AML/CFT obligations

• No training conducted for commissioned representatives (remisiers)

• A “one size fits all approach” in providing on-going AML/CTF training for its employees. The coverage and depth of the AML/CTF training programmes were not designed to address specific risks of the company’s business lines/functions i.e. Board, senior management, front line staff, operation staff, compliance and Internal Audit

22

Self Discipline


Why is Compliance (2nd line of defense) important ? Cost of non-compliance

Source: FCA/FSA fines table.

Total amount of fines (RM mil) imposed by FCA/FSA for non compliances is increasing

• Loss of clients & business

• Damage to company’s reputation

• Severe financial fine e.g. by SC ranging from RM100,000 to RM400,000

• Business expansion restriction by SC

• Loss of license

• Private reprimand on BoDs

• Civil/criminal prosecution

Benefits are not easily quantifiable but cost of non compliance may be forbiddingly high

23

Self Discipline


Reactive and box-ticking approach

Growing importance of

compliance

Diversification of business lines

Widening of geographical area in which companies are operating &

accepting risks

Increase in the range of

products

Growth of complex

transactions

Forward-looking, proactive & judgment based. A tool to manage risk.

1.

3.

2. 4.

Compliance 2.0 Compliance 1.0

Evolution of Compliance

24

Self Discipline


Based on our experience, why do some compliance programmes fail?

Common supervisory findings

• Enhancement in documentation of compliance review

• Missing working papers • Delay in notifying employees on

implementation of company’s P&P • Non-standardisation of compliance

reviews between principal office and branches

• Appraisal of Head of Compliance is not performed by the Board

• Enhancement to the Board’s attentiveness to compliance matters

• No evidence of gap analysis on new laws, rules and guidelines issued by regulators

• Lack of manpower in the Compliance Department

• Absence of AML/CFT Compliance Monitoring Programme

25

Self Discipline


1. Strategic vision. Compliance activities have to relate to some larger strategic goal.

2. Proactively identifies the specific risks that could arise within each strategic area.

3. Establishes control points for each of these risks.

4. Actively monitors adherence to applicable laws, regulations and guidelines and assists management in addressing and integrating significant legislative or regulatory compliance requirements into its business activities.

5. Well documented. Documentation provides transparency, both internal, to senior management, and external, to auditors and regulators.

6. Escalate breaches of compliance requirements to senior management and the board.

7. Specific people are accountable for managing each specific element of the compliance system.

8. Support from senior management.

9. Practice self-discipline and self-regulation.

10. Periodic testing of compliance practices for continuing effectiveness.

How the Board can set the right tone to achieve a strong and good compliance culture?

26

Self Discipline


Risk Management (RM) – 2nd line of defense Independent oversight over management of risks

Role of RM Common supervisory findings

• Identify current and emerging risks

• Develop risk assessment and measurement systems

• Establish policies, practices and other control mechanisms to manage risk

• Develop risk tolerance limits for Senior Management and Board approval

• Monitor positions against approved risk tolerance limits

• Escalate results of risk monitoring to Senior Management and the Board

• Terms of reference of Risk Management Committee to be updated to reflect actual practices

• Risk Management Committee is dormant or non-functioning

• Enhancement required in the documentation of minutes of meetings for the Risk Management Committee

• Inadequate risk management framework

• Lack of emphasis on the use of various stress testing methods as risk management tools

27

Self Discipline


Internal Audit (IA) – 3rd line of defense Independent review on 1st and 2nd lines of defense

Role of IA Common supervisory findings

• Evaluate effectiveness of internal control

• Monitor compliance with company policies and regulations

• Detect fraud

• Review and monitor the external auditor’s independence and objectivity and the effectiveness of the audit process

• Lack of structured training programme in place to enhance the IA staff capacity

• Potential compromise of IA function • Inadequate level of seniority of Head of IA • Breach of SC’s Guidelines on Outsourcing for

Capital Market Intermediaries • Delay in implementing audit recommendations • No independent testing on AML/CFT framework • Inadequate scope of independent testing on

AML/CFT framework • Enhancement required in the documentation of

minutes of meetings for the Audit Committee • Absence of audit manual • Incomprehensive audit charter • Inadequate manpower in IA department • Limited review on the assessment of the

adequacy of the types of monitoring thresholds and parameters used in generating alerts to detect potential suspicious transactions.

• Audit scope does not sufficiently cover all area of business of market intermediary

28

Self Discipline


29

--- End of Part I ---

Let’s continue Part II….


Module 4 Emerging and Current Regulatory Issues in the Capital Market (Session 2) – Part II


Part II - Current and Emerging Regulatory Issues in the Capital Market

Treatment of interest income accrued from placement of client’s fund

Despite prohibition, 3rd party payment persists

Progression of 3rd party receipt

Conflict of interest

Market manipulation

Cyber threats and the impact on the capital market

1

2

3

4

5

6

31


Treatment of interest income accrued from placement of client’s fund

Scenario

• Retention of client’s funds for the company’s benefits would be in breach of the Act.

Supervisory findings

• No policies & procedures on handling of interest income accrued from investing monies belonging to client.

• Inconsistencies in the application of policy on interest income accruing from client’s monies.

Recommendations

• Implement policies & procedures on handling of interest income and apply it consistently to all clients.

• Return interest income accrued except for reasonable administration charges for managing the fund placements.

• Formalise procedures of administration charge and communicate to client in writing.

Regulatory Requirement s.117 of the CMSA prescribes that interest income generated from placing client’s funds in money market is deemed as client’s assets.

1

32


Despite prohibition, 3rd party payment persists Different modus operandi but 3rd party payment nonetheless

The SC prohibited the issuance of third party payments and cash cheques (2011).

Case study 3 (2014) Intermediary allowed payment to offshore 3rd party account seemingly in client’s name (hacked client’s email) Issues • Fraudulent &

unauthorised transactions • 3rd party payment

although prohibited by the SC’s Guidelines on Market Conduct and Business Practices for Stockbroking Companies & Licensed Representatives

Case study 2 Intermediary allowed cash cheques to be issued for payment of sales proceeds Issues • Conduit to facilitate

money laundering • Smurfing i.e. breaking

down payments into smaller amounts

• Facilitation of market misconduct

Case study 1 Intermediary allowed payment of sale proceeds to 3rd parties Issues • Conduit to facilitate

money laundering • KYC issues where clients

include dealers in antique & currencies

• Facilitation of market misconduct

2

33


Case study 1 (1/2) Replacement of sales cheques to third parties

24 clients

Clients of XYZ Stockbroking Co

4 companies

7 individuals

RM8 million RM2 million

XYZ Stockbroking Co

Sales of shares

Trust account withdrawal

24 clients

R

E

Q

U

E

S

T

XYZ Stockbroking Co (RM10 mil)

NEW PAYEE

XYZ Stockbroking Co

No STR

reported

34

No business relationship with XYZ Stockbroking Co

Payment to 3 companies

See example


Case study 1 (2/2) Example of individuals ordering the replacement of cheques to a third party

R E Q U E S T

Client 2 Aged 34 Trainer, Ciku Sdn Bhd

Client 3 Aged 43 Electrician, Ciku Sdn Bhd

Client 1 Aged 69 Secretary, Ciku Sdn Bhd

Client 4 Aged 35 Merchandiser, Ciku Sdn Bhd

Client 5 Aged 34 Account Executive, Ciku Sdn Bhd

Accounts opened on 10 March 2009 Dealer’s Rep: (DR): Mr T

Who is the third Party?

XYZ Stockbroking Co

XYZ Stockbroking Co

ABC Enterprise

XYZ Stockbroking Co

RM830,000

XYZ Stockbroking Co

35

• Profile of third parties: Dealing in antique and currencies Investment holding company Trading in precious metals

Client 1 – RM150,000 Client 2– RM275,000 Client 3– RM65,000 Client 4– RM200,000 Client 5 - RM140,000

PLC Berhad

Period: Feb – Oct 09


Case study 2 Replacement of sale cheques to cash cheques

1 June 2009 A/C opened on

DR: Ms C Client 9 35 years old Manager – Lee Jewelry Annual Income RM24k-60k

July 2009 Deposited

USD200,000 for purchase of US shares with ABC Stockbroking Co

Dec’09 – Jan’10 No activity

3 Feb’10

STR lodged to FIU

Feb’10 Sold off all

remaining shares RM853,687.93

10 Mar’10

+

RM853,687.93 (USD 248,634.90)

July-November 2009 Purchased and sold

foreign shares

Client Request for Cash Cheque Replacement

XYZ Stockbroking Co

XYZ Stockbroking Co

XYZ Stockbroking Co

17 pieces of RM50k each

XYZ Stockbroking Co

XYZ Stockbroking Co

36

http://www.google.com.my/imgres?imgurl=http://in.reuters.com/resources/r/?m=02&d=20091105&t=2&i=12211145&w=460&fh=&fw=&ll=&pl=&r=img-2009-11-05T140832Z_01_NOOTR_RTRMDNC_0_India-437027-2&imgrefurl=http://in.reuters.com/article/idINIndia-43702720091105&usg=__LbmgJh1oGge4Pu_8NCSupk5RMM8=&h=306&w=460&sz=21&hl=en&start=1&zoom=1&itbs=1&tbnid=DCgoMq8dG8uRzM:&tbnh=85&tbnw=128&prev=/images?q=chinese+gold+jewellery&hl=en&gbv=2&tbs=isch:1&ei=g1o8TcXfHY7zrQe-x5mgCA

http://www.google.com.my/imgres?imgurl=http://www.reuters.com/resources/r/?m=02&d=20100511&t=2&i=105500296&w=460&fh=&fw=&ll=&pl=&r=2010-05-11T125638Z_01_BTRE64A0ZYI00_RTROPTP_0_ECONOMY-CHINA-RESERVES&imgrefurl=http://www.reuters.com/article/idUSTRE64A2T220100511&usg=__G1Wvlaa68Ay0j1JbiQAWci3EeME=&h=307&w=460&sz=19&hl=en&start=8&zoom=1&itbs=1&tbnid=tXRmYiohUVipbM:&tbnh=85&tbnw=128&prev=/images?q=chinese+woman+bank+in+money&hl=en&gbv=2&tbs=isch:1&ei=il48TYfsNIjOrQeYytmsCA

http://www.google.com.my/imgres?imgurl=http://ownthedollar.com/wp-content/uploads/2010/10/sell-shares-stock-300x199.jpg&imgrefurl=http://ownthedollar.com/2010/10/hardest-part-investing-knowing-sell-investment/&usg=__cWmnm7zTBgKQ3uWIR-DaS-Hygeg=&h=199&w=300&sz=15&hl=en&start=47&zoom=1&itbs=1&tbnid=A5ZE32_mJGQNyM:&tbnh=77&tbnw=116&prev=/images?q=sell+shares&start=40&hl=en&sa=N&gbv=2&ndsp=20&tbs=isch:1&ei=BG48TezLDs7NrQei39CsCA

http://www.google.com.my/imgres?imgurl=http://www.credit.com/article/image/12-18-09-account-closed-lg.png.jpg&imgrefurl=http://www.credit.com/news/experts/2009-12-21/possible-cause-of-credit-limit-reductions-or-account-closures.html&usg=__JqoOpGr-n2FziEppue7Ugf0sZCI=&h=310&w=310&sz=74&hl=en&start=3&zoom=1&itbs=1&tbnid=_pF-Lqf1Vl1wFM:&tbnh=117&tbnw=117&prev=/images?q=close+account&hl=en&gbv=2&tbs=isch:1&ei=LW48TeyQGMrprQfA3IyoCA

http://www.google.com.my/imgres?imgurl=http://www.clipartguide.com/_named_clipart_images/0511-1010-1401-1804_Wall_Street_Sign_in_New_York_City_Center_of_the_Stock_Market_clipart_image.jpg&imgrefurl=http://www.shoponline2011.com/m~c-desktop_computers~b-461~f-1-1600~i-2.aspx&usg=__4vofKrSlXql21D4hdsRK758F2sE=&h=315&w=350&sz=67&hl=en&start=42&zoom=1&itbs=1&tbnid=M8kXk3G_lqTCQM:&tbnh=108&tbnw=120&prev=/images?q=US+STOCK+MARKET+LOGO+CLIPART&start=40&hl=en&sa=N&gbv=2&ndsp=20&tbs=isch:1&ei=xmA8TYefPISqrAeB1KmgCA


Case study 1 and 2 Outcome and action by SC

Intermediary was: • Reprimanded • Fined a penalty of RM250,000 • Directed to develop and implement a comprehensive Anti-Money Laundering training programme

for its staff

April 2011 August 2013 April 2014

Amended the Guidelines on Market Conduct and Business Practices for Stockbroking Companies and Licensed Representatives to incorporate the following prohibitions: • Issuance of third-party

payments from clients’ accounts; and

• Issuance of cash cheques for payment of sales proceeds

Electronic notification was disseminated to Stockbroking Companies as a reminder on the prohibition of issuance of third party payment and cash cheques

Expanded the type and example of third party payment in Guidelines on Market Conduct and Business Practices for Stockbroking Companies and Licensed Representatives

37


Case study 3 Fraudulent instructions through hacked client’s email for transfer of funds to overseas 3rd party account

Urgent need to raise funds. Instruct dealer to sell shares & transfer proceeds/cash in trust account to 3rd party account in Hong Kong

Instructed to sell more

shares/transfer more cash in trust

account

Funds successfully transferred

Dealer’s representative receives email from “client” who is in London to enquire about the balance in shares & trust account.

E.g. of offshore 3rd party account seemingly in client’s name

Client’s name Accounts paid into

ABC Company XYZ for client ABC

ABC XYZ bank for client ABC

ABC ACB

Dealer called clients to verify

veracity of request

Dealer’s representative lodged police report in Malaysia

Managed to stop remittance of funds for the 2nd transfer

Clients discovered unauthorised selling of shares upon logging in

to online trading accounts

Fraud discovered

38


Progression of 3rd party receipt 3rd party deposits: a conduit to facilitate money laundering and fraud cases

Case study 6 (2014) Fraud involving the use & exploitation in the identification of the beneficiary of 3rd party deposits Issues • Current gap in the industry in

identifying the payor/depositor

• Weaknesses in the process of monitoring and detecting suspicious transaction

• Absence of AML/CTF compliance programme

• Poor judgment by the compliance officer in responding to triggers highlighted by business

Case study 5 Fraud from acceptance of 3rd party cheques & instruction from 3rd party Issues • Accept instruction from 3rd

party • Accept 3rd party cheques

Case study 4 Inflated series of deposits received from client within a month, including 3 deposits from an unidentified 3rd party Issues • Failure to apply on-going

monitoring of suspicious transactions

• “Red flag” signaling suspicious transactions were being missed or ignored

3

39


Case Study 4 Deposits from unidentified third party

-

50,000

100,000

150,000

200,000

250,000

300,000

350,000

RM

Amount deposited by Client Y to Company C's trust account via Telegraphic Transfer

A/C opened on 10 Apr 2012 with

initial deposit of RM10,000

Inflated series of deposits received by Company C from

Client X within a month, including 3 deposits from an

unidentified 3rd party

What went wrong? • Failure to apply on-going monitoring of suspicious

transactions i.e. no review of clients’ transactions against clients’ background and financial profile

• “Red flag” signaling suspicious transactions were being missed or ignored i.e. unidentified 3rd party as payee stated in the TT form and bank statement

Client Y is a foreign client, did not conduct face to face before acceptance. Poor adoption of KYC requirements.

40


Case Study 4 - Outcome

Intermediary was: • Issued show cause letter

• Fined a penalty of RM200,000

• The BoDs & compliance officer were directed to attend at least 2 Anti-Money

Laundering & Anti-Terrorism Financing Act 2001 training programmes within the next 12 months.

• Case was reported to overseas head office & the local regulator in the foreign country was similarly alerted

Aggravating factors: having become aware of deficiencies on AML/CTF matters in 2010, the intermediary repeated past mistakes and failed to review proactively the controls on AML/CTF and failed to beef up its understanding on AML/CTF requirements.

41


Case Study 5 Third party cheques and instruction

Victim Remisier

Deposited the cheques and instruct to assign the money into client Y account

2 3

4

5

6

1 Claim to be dealer of broker X for trading in shares

Fraudster

Instructed fraudster to open account with broker X and issued 3 cheques paying to broker X totaling RM350k for purchase of shares. Cheques given to fraudster.

Received the cheques and handed them over to broker X’s remisier to be deposited into client’s Y account, a client of broker X.

Instruct for withdrawal monies payable to client Y

Raise application to withdraw monies from client Y’s account

Broker X

Assigned the money into client Y’s account which then partially used for settlement of outstanding purchases in client Y’s accounts

Approved the withdrawal and made payment to client Y

7

8

Client Y of broker X

Received the monies

9

Key internal weaknesses: 1. Accept instruction from third party 2. Accept third party cheques

42


Case Study 6 Exploitation in the identification of the beneficiary of 3rd party deposits

Fraudster Victims Company A’s Clients

(suspected to be colluding with fraudster)

Company A

Deposit monies into Company A’s Clients’ Segregated accounts

Notify fraudster of the deposit and provide details/proof of deposit

Passes deposit details to Company A’s client

Notify Company A and provide details of deposit

Allocate the monies into the respective Clients’ accounts as instructed

Conduct transactions and eventually withdraw funds

2

3

4

5

6

7

Claims to be Company A’s representative and entice victims into investing in a fictitious scheme providing unusually high returns

1

What went wrong? • Current gap in the system of deposits without the need to

provide the identification of the intended beneficiary • Weaknesses in the process of monitoring and detecting

suspicious transactions o No review of clients’ transactions against clients’

background and financial profile o No review conducted on aggregate transactions o Inadequate documentation on the review o Accounts identified as suspicious were not promptly

tagged as high risk • Absence of AML/CFT Compliance Programme • Poor judgment by the Compliance Officer in responding

to triggers highlighted by business unit

43


Case Study 6 (cont’d) Recommendations and action plan by SC

Recommendations

• Undertake reasonable verification processes of receipts in bank accounts. • Arranging for the client to promptly advise its settlement department directly

where a client makes a direct payment into the company’s designated acc. • Consider the possibility of tagging the clients’ bank account to the company’s

settlement systems for all receipts & payment transactions • Continuously reminding and educating the clients.

Action plan by SC

• Write to the CEO’s of Intermediaries reminding them to be vigilant in monitoring clients’ transactions especially on third party receipts.

• Engage with the industry to explore solutions for the gaps in the industry practices.

44


Conflicts of interest (“COI”) An intermediary must manage conflict of interest between itself & its customers; between a customer & another customer; between business activities within itself fairly

ABC Group

AAB Investment Bank BBC Investment Management

Corporate Finance

Corporate Banking

Equity Broking

Proprietary Desk

PDT

Research Sales & Marketing

Unit Trust

1) Corporate Finance vs Research

Research is used as a marketing tool to obtain corporate finance business by

providing favourable research coverage on prospective clients.

2) Corporate Finance vs Lending Activities

Loan from a poor quality borrower is approved based on the condition that the

borrower will undertake corporate exercise with the investment bank.

Sales & Marketing

3) Corporate Finance vs Fund Management

Cold IPO shares underwritten by the investment bank is taken up by the fund

management arm.

PDT

Unit Trust

Corporate Banking

Unit Trust

Corporate Banking

4) Corporate Finance vs Sales & Marketing vs Equity Broking

The marketing team might induces its clients to purchase cold shares underwritten

by its own corporate advisory team in exchange for hot IPO shares in the future .

Proprietary Desk

PDT Equity Broking

Sales & Marketing

5) Corporate Finance vs Equity Broking vs Proprietary Desk vs PDT

Non-public material price sensitive information from corporate advisory is used for

self-interest, customer interest or both.

Corporate Finance

Proprietary Desk

Equity Broking PDT

Research

Corporate Banking

Unit Trust

Sales & Marketing

6) Equity Broking vs Proprietary Desk

When placing orders, the investment bank may delay in execution of clients’ order

and prioritise its own order.

7) Research vs Proprietary Desk

Proprietary desk trades ahead of its own research publications.

Equity Broking

Research

4

45


The mechanism implemented to address COI must commensurate with:

1) Size and organisation of the firm; 2) Nature, scale and complexity of its business

Addressing conflicts

Control

• Implement appropriate response to tackle those conflicts

• Chinese Walls defense to mitigate conflict

• Insulating certain group of employees from sensitive information

Avoid

Disclose • Disclose interest or COI to

relevant parties • Disclosure of the actual and

potential COI should be complete, clear, concise, specific, timely and prominent.

• Conflicts that cannot be managed via appropriate controls and disclosure

• Refrain or decline from providing such affected services to clients

• Appoint another representative to provide such services.

46


Market manipulation Market intermediary should have a competent supervisory system of internal controls and management of risks over market manipulations and false trading

Key ingredient of market manipulations Types of market manipulation

• A deliberate attempt to interfere with free and fair operation of the market

• Likely to have the effect of raising, lowering or pegging, fixing, maintaining or stabilising the price of securities

• Create artificial, false or misleading appearances of active trading

Wash Trades

Marking the Close

Phantom order

Pump and Dump / Trash and Cash

Spoofing

Quote Stuffing

Painting the Tape

Rollover

5

47


Case study (1/4) Stock market manipulations & false trading

Price manipulation during the pre-opening session in the trading of XYZ Berhad (“XYZ”) shares.

Entered large buy orders @

closed to / limit up price

Withdrew all these buy

orders in less than 3 minutes

Entered large sell orders @

limit down price

Withdrew all these sell orders

in less than 2 minutes

Issues

• Business practice and conduct of intermediary appears to be improper.

• Orders would unduly influence the theoretical opening price.

• Disrupt the fair and orderliness of the market.

48




Enter Time Withdrawal Time Type Price (RM) Quantity

14:06:35 14:09:23 Buy 2.05 500,000

14:06:52 14:09:29 Buy 2.05 500,000

14:07:02 14:09:33 Buy 2.05 500,000

14:13:00 14:14:00 Sell 1.11 500,000

14:21:31 14:22:27 Buy 2.05 500,000

14:21:42 14:22:34 Buy 2.05 500,000

1

2

3

4

5

6

7 8

9

10

11

12

Last Done Price RM1.58

49




Enter Time Withdrawal Time Type Price (RM) Quantity

14:04:58 14:05:51 Buy 1.75 50,000

14:05:06 14:06:58 Buy 2.05 10,000

14:05:10 14:06:54 Buy 2.05 10,000

14:05:23 14:06:48 Buy 2.05 100,000

14:06:11 14:06:40 Buy 2.05 40,000

14:07:08 14:07:32 Buy 2.04 100,000

14:07:17 14:07:30 Buy 2.03 50,000

14:22:34 14:24:05 Sell 1.11 100,000

14:22:44 14:24:02 Sell 1.12 100,000

14:22:56 14:23:57 Sell 1.12 50,000

14:23:25 14:23:54 Sell 1.13 50,000

1

2

3

4

5

6 7

8

9

10

11

12 13

14

15

16

17

18 19

22

21

20

50


Case study (4/4) Outcome

• DR was issued show cause letter

• DR license was suspended for 4 months and was publicly reprimanded

• Engagement with intermediary to provide guidance on solutions

51


Cyber threats and the impact on capital market The Malaysian capital market is not insulated from cyber threats

Global threats Recent cases of cyber attack in Malaysia

• Attack on Bursa - Distributed Denial of Service (DDoS) attack on Bursa’s internet portal.

• Attack on intermediary - Online trading platform compromised; dormant account activated to place trades (large order @ significant discount; matched immediately). Loss of RM3.6 million.

• Attack on intermediary - Superuser ID hacked (suspected leaked) to change clients’ password and trading pin; led to unauthorised and fraudulent trading. Loss of RM665,780.

• Attack on client - Fraudulent instructions were sent

via hacked clients’ email for the transfer of funds to bank accounts maintained overseas. Loss of RM30 million.

JPMorgan Chase • Hackers gained access to JPMorgan servers that

housed information of former and current customers

Source: Joint Staff Working Paper of the IOSCO Research Department & WFE on cyber crime, securities markets and systemic risk.

3%

7%

14%

28%

38%

52%

7%

3%

3%

21%

55%

45%

Accounttakeover/unauthorise…

Insider informationtheft

Data theft

Other

Denial of service attack

Malicious software(virus)

Most common form Most disruptive form

Most common & disruptive form of cyber attacks in the capital market

6

52


Cyber security framework 4 key elements

Framework

Identify Organisational understanding in identifying & managing cyber security risk to assets

Respond Security incident respond plan & procedures

Protect Appropriate safeguards to protect & ensure delivery of online trading services

Detect Implement activities & systems to detect the occurrence of cyber attack

1 2

3 4

53


Supervisory consideration to assess cyber security readiness

1. Organisational structures and reporting lines (governance)

2. Approaches to information technology risk assessment

3. Business continuity plans (including security incident response procedures) in case of cyber attack

4. Processes & avenues for sharing and obtaining information about cybersecurity threats

5. Protection of intermediary networks and information (including detection of unauthorised activities)

6. Handling of distributed denial of service attacks

7. Training programs

8. Insurance coverage for cybersecurity-related events

9. Contractual arrangements with vendors and other third-party service providers 54


Major control deficiencies on cyber threats that were identified

Governance Lack of Board and senior management oversight Absence of formalised IT risk assessment program and incident response policies Lack of comprehensive & regular IT risk assessment or IT audit conducted by independent parties High reliance on third party service providers but lack of oversight Insufficient service levels prescribed in the SLAs and missing contractual terms regarding vendors’ responsibilities & liabilities

Operational controls Ineffective controls to ensure delivery of passwords to clients in a secure manner Poor control (sharing) of user ID and super ID Insufficient audit trail Poor change management process Inadequate testing of new system before deployment

Monitoring & contingency Inadequate controls for monitoring

abnormal user activities (e.g. suspicious IP addresses) Infrequent and inadequate testing on disaster recovery for ensuring its viability and adequacy Lack of incident reports or insufficient incident details (e.g. root cause analysis & remedial actions) for certain material system delays or system failures

55


56

Challenges ahead in addressing cyber threat

1. Balancing act in accelerating promotion of e-services while minimising fraud risks

2. Cyber threats are getting more sophisticated and stealthier by creating space of “unknown” risks and no ready solution

3. Keeping pace with cyber threats – it is easier to attack than defend

4. Investment in security solution is part of doing business

5. Lack of customers’ awareness on e-services security and customers are always the weakest link


57

The above issues may give rise to disputes from clients.

How do you manage such complaints / disputes from clients?

http://www.google.com.my/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRw&url=http://www.customerexpressions.com/blog/tag/customer-complaint-handling/&ei=LJBiVY21MZeMuATCpoGwCg&bvm=bv.93990622,d.c2E&psig=AFQjCNF2jvOsDVHxVTz1wS_xsAbk-gombQ&ust=1432609184126601


Note: It is the responsibility of the market intermediary to inform customers on the option to channel the complaints to SIDREC only if: • no response from the market intermediary • customers are not happy with the response from the market intermediary

Managing your stakeholders How to handle customers’ complaints?

Designate a Location to

Receive Complaints

Develop a System for

Record-keeping

Process and Record Complaints

Acknowledge Complaint

Investigate and Analyse

the Complaint

Resolve the Problem in a

Manner Consistent

with Company Policy

Follow Up

Prepare and File a Report on the

Disposition of the Complaint, and

Periodically Analyse and Summarize Complaints

58

Managing your stakeholders


Monetary claims

Courts Formal, procedure-

based, adversarial & public

Arbitration Generally must be

contractually agreed beforehand, costly

Capital Market Compensation Fund Corporation

Limited to claims involving fraud/defalcation/mis-selling that results in the insolvency of an

intermediary or involves an insolvent intermediary

How capital markets complaints are handled

Investor complaints against licensed intermediaries:

Breaches of laws, rules or misconduct Monetary claims

Gap!!

Caters to disputes involving capital market products

and services 59



SIDREC Alternative dispute resolution (ADR)

• Promote & facilitate the satisfactory resolution, mediation/withdrawal of disputes/claims • Inform & enhance investor understanding and knowledge of the market & their own responsibilities • Inform & enhance market understanding of investor concerns and challenges through engagement

with our members.

Mediation between disputes

Adjudication if unsuccessful

Members of SIDREC

• Stockbroking companies

• Derivatives broking companies

• Fund Management companies

• Unit Trust Management Companies

Clients of members

• Individual

• Sole proprietorship

60



Scope of claims

Claims within the scope of Capital

Market Compensation Fund Commercial decisions e.g. product

pricing, fees & charges, credit/margin application

Product/investment performance (except non-disclosure/misrepresentation)

Time-barred cases Cases decided or pending in

court/arbitration unless matters are stayed

Matters under investigation by SC/enforcement authorities

Claims Excluded

Current limit:

RM100,000 per claim (to be revised)

Maximum Claim

Individual

Sole proprietor

Clients of Members

Claimant

61



62

What is your key take-away from this Module?

http://www.google.com.my/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRw&url=http://www.santamariadelsur.com/takeaway/&ei=I5FiVfLyBsmouwTTxIKoDg&bvm=bv.93990622,d.c2E&psig=AFQjCNF-tC27PQmBOpWzCLPbIGPThDZ6xw&ust=1432609424100851


63

Key take-away….

Discover

Formulate

Accelerate

Evolve

Inspire

Use actionable and differentiated insights to map out the strategies

Construct approach to meet regulatory requirements

Elevate the approach and create touch points

Derive strategies in accordance with your entity size and objective

Educate internal stakeholders and management to agree on corporate vision and KPIs

http://www.google.com.my/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRw&url=http://vanwyksdorp.town/discover-vanwyksdorp/&ei=kJFiVfaKG4OKuwTbwoCADQ&bvm=bv.93990622,d.c2E&psig=AFQjCNGVYeWXJDslsybrs5hJ2EPq9-_zcw&ust=1432609536724546

http://www.google.com.my/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRw&url=http://www.mindstepsinc.com/2013/02/testing-terms-formulate-2/&ei=s5FiVYeTOZXmuQTGs4LYBg&bvm=bv.93990622,d.c2E&psig=AFQjCNE6MWW7PeP5w1dmFBWX204UZ08v8w&ust=1432609577745208

https://www.google.com.my/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRw&url=https://www.linkedin.com/pulse/20140624130327-4657744-accelerate-growth-by-firing-on-all-cylinders&ei=4ZFiVZ7YOZTnuQSo_4CoAQ&bvm=bv.93990622,d.c2E&psig=AFQjCNFOQyNeZbs6fM2bCR-OC8jaPbopsA&ust=1432609613320464

http://www.google.com.my/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRw&url=http://doremarkable.com/want-change/&ei=BpRiVa7rIdDhuQTskoCYBw&bvm=bv.93990622,d.c2E&psig=AFQjCNG22voy3duADhAdbZ5jcnl1AxRFVg&ust=1432609968809252


Thank You 1. Please slide to the next page

2. Click on the URL

3. Please provide feedback via online evaluation form


Evaluation form:

http://www.surveygizmo.com/s3/2182406/Capital-Market-Director-Programme-Batch-2-Module-4
















Module 4 Emerging and Current Regulatory Issues in the ...€¦ · for Stockbroking Companies and...

Documents

Transcript of Module 4 Emerging and Current Regulatory Issues in the ...€¦ · for Stockbroking Companies and...