Publication
Proposed changes to Alberta’s Freedom of Information and Protection of Privacy Act
Alberta is set to significantly change the privacy landscape for the public sector for the first time in 20 years.
Singapore | Publication | December 2023
The keynote address was an illuminating and informative speech, which highlighted MAS’ “evergreen” enforcement priorities. These priorities are as follows:
(a) Pursuing capital markets misconduct. These cases typically involve individuals who trade on inside information or rig public markets, and that in some cases, financial institutions have been held liable for the improper acts of its client advisors. There is also an increasing focus on holding gatekeepers in capital markets responsible and improving the quality of disclosure in markets.
(b) Enforcing anti-money laundering and countering the financing of terrorism (AML/CFT) requirements. It was noted that as with any open and mature financial centre with significant inflows of money, it is impossible for Singapore to completely prevent illicit fund flows. Singapore nevertheless endeavours to do so to the greatest extent possible; financial institutions are therefore required to have in place AML/CFT measures, and are taken to task when they fall short.
(c) Addressing financial services misconduct. A focus for MAS is the conduct of fund and wealth managers, particularly those that do not have in place an appropriate risk management and monitoring framework.
It was noted that investigations and enforcement work has become, across all areas, increasingly complex and challenging. Misconduct is, for example, rarely localised but often transnational in nature. The volume and variety of digital evidence has also grown exponentially. MAS engaged in the following to address these challenges:
(a) Partnerships. It was emphasised that harnessing partnerships and collaboration at various levels is critical for MAS. MAS has strong relationships with public sector agencies in Singapore and abroad, and has been able to address complex cross-jurisdictional matters such as that involving the massive accounting fraud at the now-insolvent German payment processor and financial services provider and the ongoing S$2.8 billion money laundering case. MAS further provides assistance to its international counterparts where the purpose of such assistance is supervision, investigation or enforcement under the laws of the foreign jurisdiction – this is so even if the relevant person (in respect of whom the assistance is being provided) is not licensed or otherwise regulated under Singapore laws. MAS also partners with financial institutions to combat money laundering and terrorism financing, and such relationships have been fruitful – the AML/CFT Industry Partnership (ACIP) has, for example, led to the successful identification of unlawful activity.
(b) Platforms. The use of technology platforms, including data analytics, has enabled MAS to drive a risk-focused supervisory approach. In addition, MAS is also taking steps to implement an in-house eDiscovery platform.
(c) People. It was noted that as the enforcement landscape becomes increasingly complex and novel areas are brought within the regulatory fold, it is imperative that investigators have the right skillset and training. MAS affirmed its commitment to continually developing its people.
Another highlight of the event was an engaging panel on sanctions (the Sanctions Panel) moderated by David Harris, Partner and Co-Head of the EMEA Investigations Group (NRF London).
The panel discussed the ever-evolving sanctions landscape, which has created significant challenges for sanctions compliance professionals, and the shift in focus by sanctions authorities from implementation to investigations and enforcement. The Sanctions Panel covered a range of topics and observations, including:
(a) Dealing with the lack of alignment in key areas across the major sanctions regimes and understanding the type of sanctions measures in place. It is no longer sufficient to focus on the parties to a transaction and rely on a robust screening system; specialist resource is required to analyse the transaction as a whole, have a process to identify changes in restrictions, determine whether such restrictions are applicable to the business and individual employees, and assess the compliance measures required.
(b) The top enforcement priorities of sanctions authorities, including indirect sanctions risks (e.g. ultimate ownership and/or control of entities) and the focus on investigating the ‘circumvention’ or ‘evasion’ of sanctions. Together with the marked increase in trade-related sanctions, knowing the business of your customer or counterparty and who they are dealing with is a key component of assessing and monitoring transactions.
(c) Regulatory expectations regarding the use of data is increasing and a current area of focus for sanctions authorities is the use of data collected by companies to enhance their sanctions compliance processes. For example, tracking the use of IP addresses and reconciling that data against KYC information provided by customers.
(d) The recent judgment from the Court of Appeal of Singapore in relation to sanctions clauses in the context of documentary credits, and the challenge for companies when balancing the tension between internal risk-based sanctions compliance decision-making and what the company may be able to objectively prove – as a matter of clear evidence – in the event of a contractual dispute. The onus of proving that a company is complying with sanctions increasingly falls on the company itself; it is therefore crucial that companies thoroughly document their sanctions compliance assessments, the steps taken, and the basis for decisions.
(e) Lessons learned from recent enforcement, including the recent multi-billion dollar settlement between a significant global cryptocurrency exchange with various US agencies, and the risks of the long arm of US sanctions enforcement for non-US companies.
(f) While there is inherent unpredictability given the nature of sanctions, a company ought to put itself in the best position to manage sanctions risks by building a strong compliance programme with clear roles and responsibilities, ensuring that it has the right cross-border advisors, and staying up-to-date on relevant developments.
Wilson Ang moderated a lively panel comprising on Responding Effectively to Cyber Security Threats (the Cyber Panel)
The Cyber Panel tackled two aspects, namely the evolving cyber threat landscape and how companies manage cyber risks; as well as a simulated ‘live’ cyber incident with panelists reacting to evolving facts.
The panel started with a discussion on the current cyber threat landscape faced by companies today. Ransomware remains a key risk for companies – particularly with the increased attack surface due to digitisation of our societies and the proliferation of the Ransomware-as-a-service (RaaS) model. Recent advances in artificial intelligence (AI) have also enabled cyber criminals to leverage AI to create scripts and deploy more realistic phishing schemes.
There was a broad consensus that cyber incidents are a question of “when, not if” for companies. Therefore, companies should assume a breach mentality to build cyber and business resilience. This means putting in place a strategy for back-up and recovery, as well as rehearsing incident response playbooks through table top exercises to ensure that response procedures are well socialised and become ‘muscle memory’.
The panel also recognised that cyber incidents are no longer just an IT issue. Cyber incidents are now legal issues, as companies face the risk of regulatory liability (with numerous jurisdictions imposing regulatory penalties based on the percentage of a business turnover) and civil claims if they were to be hit by a cyber incident.
For the simulated ‘live’ cyber incident, panellists were asked to comment on a rapidly evolving ransomware attack against a fictitious healthcare company from their perspective as CISO, in-house counsel, external consultant and outside counsel. Among other things, the panel considered the following issues:
The wide ranging content explored in the GIR Live: Asia-Pacific Investigations Summit reflects the spectrum of compliance and investigations issues affecting companies operating in Asia today – which was ably covered by the expert panellists and moderators. We look forward to attending the next edition of GIR Live: Asia-Pacific Investigations Summit in 2024.
Publication
Alberta is set to significantly change the privacy landscape for the public sector for the first time in 20 years.
Publication
On December 15, amendments to the Competition Act (Canada) (the Act) that were intended at least in part to target competitor property controls that restrict the use of commercial real estate – specifically exclusivity clauses and restrictive covenants – came into effect.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023