A Guide to APAC Regulators: Looking Ahead to Money20/20 Asia
Plus - recapping our launch event last week.
Welcome back everyone to this week’s edition of Fintech Compliance Chronicles - the first newsletter I’ve written in well over a month! But that doesn’t mean it has been quiet - on the contrary, if you’ve been keeping up with us, several huge things have happened in these parts:
I took a month off to focus on the month of Ramadan, as was the case last year, and while I was away we featured some great insights from Faraz Rana, Dr. Eva Cruz, Anitha Yeddula, Aly Sosa, and Sunil Landge. Thank you to all of them for taking the time to deep dive on their areas of expertise with focus on compliance.
We held our first-ever launch event (more on this later) - as part of New York Fintech Week hosted by Empire Startups.
We had the pleasure of joining Nick Gallo of Ethico’s wildly successful weekly podcast, the Ethicsverse, and talking about all things risk assessments alongside host Matt Kelly of Radical Compliance and Becky Burtless-Creps of Rethink Compliance.
We crossed the 2,100 subscriber mark a few days ago - thank you! It is hard to believe how quickly these milestones are coming now - it is a testament to the community we have been working hard to build here and I hope you’ll stick with us for the next 2,000.
In just a few hours I’ll be hopping on a flight to head over to Bangkok, Thailand to join the conversation for the upcoming Money20/20 Asia. I’m thrilled to once again announce that we are a press partner for the conference and am looking forward to covering the program. Just as with Money20/20 USA in Vegas that I attended a few months back, I’m excited to see the agenda for Asian version of the conference is equally stuffed with a focus on regulatory compliance. We’ll be covering all of these sessions plus connecting with the regulatory minds of the region next week so stay tuned for our special coverage.
Ahead of the event, I thought it would be helpful for everyone if we highlighted some of the major APAC regulators by giving a brief overview and what their latest enforcement/rulemaking highlights have been. So without further ado, let’s take a look at some of the biggest names in the region:
Hong Kong Monetary Authority (Hong Kong) - The central banking institution covering HKMA. Similar in function/remit and style to the Fed, which it also follows in practice given the local currency (HKD) is tied to the US dollar.
Recent Actions - Using Q1 as a baseline, the bulk of the HKMA’s regulatory enforcement action has been to call out and shut down fraudulent apps, websites, emails, text messages and social media pages. We were getting ready to say that there isn’t much enforcement activity otherwise, however in a bit of breaking news this morning the HKMA announced it went after Hua Nan Commercial Bank for violations of local AML-CFT laws, with gaps in its tracking of business relationships and incomplete data collection during cross-border transfers. A $9 million HKD penalty, which is around $1 million in USD. Although this pales compared to the work that the customs authority is doing with a late-breaking bust of money-laundering of $1.8 billion HKD this past week, and a bust of a similar amount occurring in February.
Australian Securities and Investments Commission (Australia) - The regulator that oversees conduct for corporations and financial markets. Rather than me try to craft a comparison of the various regulators in Australia, here’s a good diagram that denotes the differences, put together by APRA (the country’s prudential regulation authority):
Recent Actions - In terms of what the agency has been up to, yet another diagram, this time by ASIC themselves that covers Oct - Dec 2023 (I guess the Aussies really love their infographics):
Some of the callouts in the detailed report indicate a focus on the superannuation aka pension/retirement funding; where a fund administrator (Telstra) failed to resolve disputes on time while a few others (OnePath Custodians and HESTA Limited) had shoddy disclosures/representations to its customer base. All of these resulted in penalties or infringement fines. Probably the highlight that you’d be most interested in if you enjoy our newsletter is the action ASIC took against Cigno Loans, a company that touts themselves as a “household name in emergency cash solutions” (yeah, sounds totally legit). While the action focuses on them doing business without a license (which should be a no-brainer if they’ve been around for a while), the regulator claims fees were out of control citing one instance where a consumer was charged fees that exceeded 600% of their original loan amount (!!!). The company executives are also called out by name in the press release, a variation from how US regulators operate that will probably create some discomfort (which is probably the point!).
Monetary Authority of Singapore (Singapore) - This is the central bank of the country and the main body that issues regulations and enforces them. Rather than issue a bunch of splashy enforcement orders as is the case with some regulators, they focus on prohibiting specific individuals from transacting in the financial system and mostly are known as the body that regulates licensure. Most global tech companies for example that have any payment ambitions (including one I’ve worked with in the past) will need to play ball with obtaining licenses from the MAS for any activity of note, with the primary focus being AML/CFT compliance.
Recent Actions - While acknowledging the above, one case does stand out - our old friends at Credit Suisse, who got slapped with a $3.9 million fine for misconduct by some of its relationship managers - specifically, omitting key disclosures and sharing bad information. It is rare for the MAS to issue public enterprise-level enforcement, but seeing Credit Suisse and specifically their SG branch called out doesn’t seem surprising given what has already occurred with them in the past year and as UBS cleans house post-acquisition.
Reserve Bank of India (India) - Similar to the MAS - a central bank, regulatory issuance body, and a licensure body all in one. If there’s one international regulator in the fintech/payments/banking space that probably deserves its own dedicated article (heck, maybe even a dedicated newsletter) the RBI is it. They issue circulars with staggering frequency (aka “Master Directions”) while also co-managing an an entire initiative that is a collaboration between Indian Banks and the RBI that has its own regulatory universe, aka the National Payments Company of India (NPCI). Some folks who aren’t familiar with the Indian financial services world tend to confuse the NPCI as being a regulator, but one shouldn’t get it twisted, the ultimate authority and enforcement body is the RBI.
Recent Actions - The RBI puts out an annual report summarizing their activity, including enforcement work. They are pretty active on this front, as they shared in the following aggregated table:
This activity (211 penalties) occurred across 205 regulated entities, or REs as the RBI refers to them. Cooperative banks take the bulk of the penalties, which seems commensurate with the business model that appears to be high risk (essentially small collectives that offer lending and other banking services to locals). But it’s nice to see that rather than ban the business model, they address the risk by enforcement, since reaching the unbanked is an incredible important goal. A look at the current year’s press releases supports this razor-sharp regulatory mindset on their behalf, as almost every week they are hitting banks and FIs with penalties. There must be something about the timing of this article, because just yesterday they levied their biggest fine of the year to Rajkot Nagarik Sahakari Bank for what can be boiled down to improper insider loans and poor handling/creation of deposit accounts in the same insider-y type of way. This bank has most, if not all, of its branches in the city of Rajkot, a historic location in Gujarat state of about 2 million folks where Gandhi had some of his roots that is modernizing and seems to be pretty vibrant. Even so, a cursory glance at the reviews for the branches reveals some inexcusable servicing which I’m sure was part of what tipped the regulators off to investigate further.
National Financial Regulatory Administration (China) - While China has had a number of regulators active in the past, namely the People’s Bank of China (PBOC), the past year has seen some sweeping consolidation of powers into this new body which is being labeled a “super-regulator” - flashy names aside, this isn’t that unusual and fits the bill of what we talked about previously with the RBI and MAS. This new regulator now does consumer protection and supervision, powers previously held by the PBOC and the China Securities Regulatory Commission (CSRC).
Recent Actions - After coming into the news cycle in a flashy way last year by being referenced as the regulator that would inherit supervision of Ant Group (Alibaba’s parent company) going forward after the seeming conclusion of years of penalties from the PBOC, the NFRA has started off 2024 with its own muscle flexing as it slapped the Bank of China, the second-largest lender in the country, with a 4.3 million yuan fine. Interestingly, the focus of this fine is around nine violations that are primarily related to information systems failures - this is a topic that none of the aforementioned regulators have been brave enough to tackle, certainly not in a public fashion. While my own experience has led me to encounter scrutiny from regulators ranging from the US to Ireland to India, I’ve always felt regulators generally tend to be a bit more tentative when it comes to publicly calling out issues of the tech-based nature. Not so for this new kid on the block. In fact, the article reporting on this and a few other fines openly references this regulator focusing on fintech enforcement. In a market as intent on growing financial technology as China and given the prior focus on Ant, this should not be a surprise but let’s see if this has ripple effects to counterparts in other parts of the world.
Bank of Thailand and the Anti-Money Laundering Office (Thailand) - The BOT is the primary regulator and central bank in the country, and while it has a macro-supervisory remit it splits authority with the SEC (same function as the US-based SEC), the Office of Insurance Commission (self-explanatory) and the Anti-Money Laundering Office (again, self-explanatory). The AMLO deserves some focus as of all the previously mentioned regulatory bodies and countries, Thailand is probably the one where it is just getting its hands into the regulatory compliance space relatively speaking. With that said, there are some encouraging signs. They helped to launch the ARIN-AP (Asset Recovery Interagency Network Asia Pacific) in 2013, which is a “FATF (Financial Action Task Force)-style regional body” that helps the global FATF achieve its AML-related goals. And the BASEL AML Index, while still ranking Thailand relatively high for the region in terms of AML risk, noted that on a global scale Thailand’s rating jumped five places past other countries in terms of improvement.
Recent Actions - This is where the rubber meets the road. Rather than publish details of one case at a time, AMLO appears to operate by issuing press releases that consolidate all recent efforts into one announcement which makes the impact felt on a larger scale. And unlike some of the other countries we mentioned previously, given the country is still a hotspot for AML, there is a lot going on here. From mule accounts to corrupt police colonels to investments in latex gloves, you can truly get a glimpse of the impact of the global money laundering world and how deep it goes. I encourage everyone to check out the latest press release highlighting some of the details and the impact of what AMLO uncovered as of March 2024.
Bank Negara Malaysia (Malaysia) - Similar to Thailand, there is a Securities based regulator (Securities Commission Malaysia or SC) and the central bank that handles governance and supervision (BNM). Unlike in Thailand, there isn’t a separate body focused on AML, which comes under BNM.
Recent Actions - Things take a long time to move through the enforcement space in Malaysia. Although the BNM has helpfully provided a very transparent guide to its enforcement, showing actions taken against regulated parties, non-regulated parties attempting to operate without a license in regulated spaces, and court activity, the most typical example of the lack of speed is with a pretty huge case involving a financial institution that was receiving terrorism-related deposits back in 2009. It took around nine years for the bank officials to finally go to jail, but since 2018 the case continues to be in the docket as disputes exist regarding distribution of property/assets emerging from the case and the latest update as of a few weeks ago is that hopefully the case is resolved by May. While Thailand’s system is focused on efficiency where they appear to just publicly auction off assets, Malaysia’s seems to be focused on getting assets to the rightful owners but at the expense of a long drawn out multi-year process.
With all of that said, I’m looking forward to connecting with folks this upcoming week at the conference to talk more and exchange perspectives and ideas on regulatory compliance in APAC/ASEAN. Although I’m not a current practitioner, I’ve dealt with some of these regulators in past life and would be fascinated to see how things have evolved and amplify some of the smarter voices working through these developments.
~~
As mentioned at the start, we held our first-ever event, the Fintech Compliance Circle Launch, in Midtown NYC this past week. A more timely update/recap from my end was missed because as those who attended can attest, I picked up a severe case of laryngitis the day of the event. We had a lot more planned including engaging our virtual audience and doing a proper roundtable/baselining/discussion, but for a variety of reasons including my lack of a voice, we ended up turning it into a networking forum. In spite of all of that, I’m cautiously optimistic all of our attendees had a great time as folks ended up sticking around to connect well past our originally scheduled time.
I want to thank all of the attendees who joined, and I’m looking forward to continuing the conversation as we gear up to announce the next in what I’m hoping will be a monthly series. I also especially want to thank Jon Zanoff and the team at Empire Startups who gave us the platform as part of NY Fintech Week to advertise the event and be associated with their amazing lineup of over 50 spinoff meetups affiliated with the larger conference (which I also attended on Wednesday, albeit in pretty bad/sick shape).
Stay with us as we plan to continue our expanded coverage this week!