A data platform is being built to allow banks operating in Singapore to share intelligence on customers who are potentially involved in criminal activities.
The move is part of the country’s efforts to bolster its defenses against financial crimes, including money laundering, terrorism funding, and financing of weapons of mass destruction, according to the Monetary Authority of Singapore (MAS).
Also: Five easy steps to keep your smartphone safe from hackers
Dubbed COSMIC, the data platform is currently being jointly developed with six major banks, including DBS, UOB, Standard Chartered, Citibank, and HSBC.
It will plug current gaps where, due to confidentiality requirements, financial institutions are unable to alert each other about unusual activities involving their customers. This gap enables criminals to carry out illicit transactions through different financial institutions to avoid detection, said Singapore’s Minister of State for Trade and Industry Alvin Tan, who also is a MAS board member.
His comments were made Tuesday during the second reading of the Financial Services and Markets (Amendment) Bill in parliament. The proposed amendments to the Bill will permit the sharing of information and establish the legal framework to facilitate information exchange via the data platform.
Also: How to protect and secure your password manager
Tan said the amended Bill outlines when and how such sharing of customer risk data can take place. The Bill also provides the legal and operational safeguards to ensure the confidentiality of information that is shared and the interests of legitimate customers. He said the amendments incorporate feedback from public consultation on COSMIC, adding that the data platform will make it easier for financial institutions to detect and deter criminal activity.
The platform will be deployed in phases and is expected to be operational from the second half of next year. In the initial phase, sharing of information between MAS and the six banks will be voluntary.
This phase will enable the platform to obtain operational stability and for MAS, alongside the participating financial institutions, to fine-tune its features and resolve operational concerns, Tan said.
Also: We are still failing to learn the most important lesson in cybersecurity
Access to the data platform will be expanded to more financial institutions eventually, with more focus on other risk areas. For the initial phase, COSMIC will focus on three areas: trade-based money laundering; misuse of legal persons, such as the abuse of shell companies; and financing and evasion of international sanctions. The sharing of data will also be made mandatory in higher-risk situations, the minister noted.
“COSMIC will allow participant financial institutions to share with one another information, on a confidential basis, on customers whose profile or behavior exhibits potential financial crime concerns,” Tan said.
“Such risk information could include ‘red flag’ behaviors and details of the concerning transaction. Sharing on COSMIC would provide a recipient financial institution with better information to augment its risk understanding of a customer, thus, enabling the financial institution to detect suspicious behavior more accurately and expediently.”
Financial institutions might use data on the platform to determine if a financial transaction is legitimate. If a transaction is assessed and suspected to involve criminal activities, a report on the customer must be submitted to the relevant authorities under existing laws.
Also: Cybersecurity teams are reaching their breaking point. We should all be worried
MAS will have access to all information shared on COSMIC, which Tan said is necessary to help the industry regulator monitor processes and ensure participating financial institutions are using the platform appropriately.
“As the owner of the platform, MAS will ensure COSMIC information is exchanged and stored securely,” the minister said. “The platform will have robust controls, including cybersecurity measures, such as data encryption and firewalls to block unauthorized external access. It will also have strict user access limitations. These controls will be subject to periodic audits to ensure their efficacy.”
Also: These experts are racing to protect AI from hackers. Time is running out
Participating financial institutions will be required to maintain robust data cybersecurity measures for COSMIC, including having systems and processes in place to prevent unauthorized use. They will also be expected to implement cybersecurity and encryption measures to protect data obtained from COSMIC.
Financial institutions also are not permitted to disclose information obtained via the data platform to third-party organizations, except in specific circumstances, such as fulfilment of court orders or following police requests to facilitate investigations.