Duff & Phelps’ Sin Yee Koh Discusses Why Optimal Compliance Practices are Good for Business
Sin Yee Koh is Director in the Duff & Phelps Compliance and Regulatory Consulting practice in Singapore and has many accomplishments to her credit. As a lawyer, she worked in London and Hong Kong and is also qualified to practise in New York. Before joining Duff & Phelps, she had a seven-year stint with the Monetary Authority of Singapore (MAS). She is proficient in English, Mandarin, Cantonese, Hokkien, Japanese and is learning French. In the interview, Sin Yee brings to the table her deep understanding of many different aspects of wealth management, she discusses the challenges faced by her and her team in the compliance and regulatory practice, where she advises financial services firms — especially EAMs — on licensing and ongoing Singapore and cross-border regulatory requirements, on risk management, internal controls, and on compliance protocols and approaches.
Sin Yee joined Duff & Phelps in January 2015 from Kinetic Partners. As a result of Duff & Phelps’ acquisition of Kinetic Partners, Duff & Phelps created a dedicated Compliance and Regulatory Consulting practice. Her team advises regulated financial institutions in Singapore on wealth management, and her clients range from private banks to independent asset managers and multi-family offices. Her team operates in collaboration with a wider team across Europe, Asia and the US.
Strong EAM Focus
“About 90% of our clients in the wealth management community are EAMs. Firms that are not large find that it is less economical to have in-house regulatory experts. For this reason, EAMs tend to rely on us for technical advice on matters of compliance, such as how to apply new regulations in a proportionate way that best suits their business,” she reports. “But the challenge lies in being visible, as smaller firms, especially newer ones, do not focus heavily on compliance matters. Smaller firms at the outset also often need a lot of guidance on how to resource to meet their compliance obligations; whether to hire employees to monitor their compliance obligations or outsource this. We work hard to help them strike the right balance between business and compliance, and also on how best to use external compliance consultants like us in conjunction with their in-house mid and back office talent. This guidance to smaller firms is key as regulations become increasingly principles-based and judgment-heavy. A considerable effort on our part is, therefore, to enhance their appreciation of how compliance optimally complements their business, and then to service them with the utmost professionalism by demonstrating quantifiable value and offering precise advice.”
Tailwinds for 2020
Sin Yee explains that 2020 opened amidst considerable optimism. She refers, for example, to the new variable capital company (VCC) structure in Singapore, introduced in January this year.
“We started the year with a good deal of momentum and hope with the VCC driving the way ahead for fund domiciliation,” she reports.
“In the past, the leading centres for starting a fund would be the Cayman Islands, British Virgin Islands, Delaware and Jersey because these were all considered offshore and had attractive tax treatment and easy-to-use structures built to house funds. Over the years with greater tax disclosure, many offshore centres started to lose some investor popularity, and now, we see onshore financial centres starting to launch their own fund vehicles, first in Hong Kong and then in Singapore with the VCC in January.”
She explains that the VCC was just one of the three tailwinds. Another was the changing dynamics in Hong Kong, which made Singapore look relatively stable for Hong Kong firms and firms from elsewhere expanding into Asia. This resulted in a good number of clients focussing on Singapore starting from the second half of 2019. The third driver was the digitisation of financial services, which created new MAS licensing for digital payments services.
“These three tailwinds meant we arrived in 2020 feeling positive for new business in compliance, for fund management and for Singapore,” she comments, “but then, of course, the pandemic struck causing a hiatus, as the focus shifted to areas such as remote working and technology enablement. Fortunately, now things are picking up.”
Regulation as a catalyst
She highlights that the Individual Accountability and Conduct Guidelines (Guidelines) issued on September 10 by the regulator signals for a return to activity. The UK's Senior Manager and Certification Regime and Hong Kong's Manager-in-Charge Regime encapsulate similar rules.
“These Guidelines apply to almost all firms. It is worth noting for our typical EAM clients that MAS states, firms with fewer than 50 employees should still achieve the five key outcomes the guidelines define,” she reports. “However, the MAS is also realistic, as it also states that these smaller firms will not ordinarily be expected to adopt the specific guidance described in the Guidelines. Clients will be seeking our help to best interpret how they should abide by the Guidelines.”
She notes that MAS had also issued a paper related to these Guidelines, on its observations from thematically inspecting how banks were remunerating and incentivizing their staff to encourage ethical behaviour,” she adds. “What the MAS is really doing is aiming to make people within financial institutions more individually accountable. Additionally, there has been further regulatory activity relating to anti-money laundering (AML) enforcement, more inspections and sharing of observations from the regulator, and a stronger protocol around cyber security.”
Cyber hygiene in focus
She explains that MAS aims to have all FIs achieve six basic cyber security measures. These include securing any accounts of the FI that have full rights to read, write and execute key system resources; applying security patches to address identified vulnerability; having written security standards for all systems; and ensuring that systems conforms to standards. Moreover, they aim to restrict unauthorised network traffic, boost the use of malware protection and drive multifactor authentication for all critical systems and systems allowing online access to customer information.
“Most firms we deal with have yet to implement their responses to this notice on cyber hygiene,” she reports. “This took effect in August and we consider that it is extremely important that firms address these matters urgently and professionally. MAS has said that it expects firms to adopt these fundamental cyber security measures prior to the notice coming into effect, and MAS will assess the extent of compliance with the notice by firms during its supervision. A firm must show cause of extenuating circumstances for not being able to comply within the stated timeframe.”
Act now before breaches occur
Sin Yee cautions that if a firm reports any cyber security breach after August 2020 or is obligated to report this to MAS, there is a likelihood that MAS will refrain from being sympathetic about any loss to the firm arising from the breach. For example, from money wired from the firm, loss of its investment strategies, or customer or employee personal data. Also, MAS could ask the firm how it had complied, or not, with the Notice on Cyber Hygiene and assess if the firm had breached the notice.
“Due to the personalised nature of their services, wealth managers have access to confidential information about their customers, which can be compromised during cyber breaches. The Notice on Cyber Hygiene is thus crucial for wealth managers to comply with,” she states. “This is even more vital when many people are working from home, and there is more reliance on technology. Moreover, there is growing usage of the cloud and such deployment expands the risk of cyber breaches. Cyberattacks are more prevalent than we think.”
She notes that in Microsoft’s June 2020 Endpoint Security Report, in APAC, Singapore experienced the highest attack volume of “drive-by download” in 2019—an increase of almost 140% from 2018, and four times higher than the 2019 global and regional average. Drive-by download is an unintentional download of malicious code to a device, when the user visits a website or fills in a form. The malicious code that is downloaded can then be used by an attacker to steal passwords or financial information.
“Faced with a high encounter rate, the only defence is having a high level of cyber hygiene,” Sin Yee advises. “We work with our clients to ensure they understand these issues and document necessary measures taken.”
Building the client base
Sin Yee shifts her attention to client acquisition, which of course, during the pandemic has been more troublesome for many firms across the wealth management industry.
“A core issue is the inability to meet in person, but additionally, clients have become more fee conscious, and budgets for compliance have been pared back this year,” she says. “In a few cases, this has been quite sharp. Most reductions are only slight, but we have had to adapt in the face of market conditions.”
“The fact that MAS is generally not a prescriptive regulator and understands that regulations must be calibrated according to the size and the nature of each institution or firm helps us in client acquisition. This is because we are able to advise thoughtfully and with a good understanding of EAMs’ unique business models. Where possible, we try to advise our clients on implementing regulations clearly and efficiently; this works well for smaller firms. There is no sense in having them implement a new regulation in a complex way, when this may cost them more operationally and financially and does not help them operate more safely. This approach helps us build confidence with our clients and business slowly, with each of them, looking at the long-term picture and our client’s business longevity as well.”
This mentality helps Sin Yee and her team acquire new clients, the bulk of which come to the firm by word-of-mouth recommendation. Also, Duff & Phelps’ varied business lines and wide global footprint, with nearly 4000 employees in 25 countries globally, provides a pipeline of prospective clients that expand to Singapore from overseas. “We tend to win about half of the new business that opens a dialogue with us, which is a good outcome, and aside from the earlier issues surrounding the pandemic and a natural hiatus, things have again been picking up of late,” she explains.
First, she says, the mission is to keep the business at the top end of efficiency and quality, with the best talent available to help her clients. “We also work harder nowadays to boost our technical expertise as there are new rules and guidance on a host of areas, such as cyber security and data privacy. In fact, it’s getting to the extent where just an understanding of compliance is not good enough. I would like to start registering the team for some technical courses in technology and data so that we can continue to be effective in supporting clients in the new world of regulation. Training is a priority.”
Sin Yee concludes by reiterating that while resources amongst the EAM community are tight with them focusing on servicing their clients and building their AUM, they must not lose sight of the competitive edge that a well-managed compliance protocol brings. Additionally, they must implement new regulations in areas such as individual accountability and cyber hygiene in a way that best complements and supports their business growth. “For smaller firms, we understand they face many competing priorities on their time and budget, which is why we offer such a compelling proposition for them. We aim to advise our clients clearly on how to apply regulations in a proportionate way, which meets the regulator’s expectation but can be implemented by the client based on the scale of their set up.”
Getting Personal with Sin Yee Koh
Sin Yee is a proud Singaporean, who was educated locally and qualified in law from the National University of Singapore, with a year on exchange at the University of Leicester in the UK. “On qualifying, I first worked in the commercial litigation department at Rajah & Tann, one of the largest Singaporean law firms, then practised in the contentious securities regulation litigation and white collar investigations departments of Herbert Smith in Hong Kong, before moving with their practice in London. Later, I returned to Singapore in 2008 to join MAS.”
This gave her considerable global experience, and the seven-year spell at MAS allowed her to work closely on key areas, including enforcement, investigating and prosecuting market abuse and mis-selling, and financial market strategy development.
Outside of work, Sin Yee enjoys practicing Bikram Yoga and ballet. “I started ballet in my late teens, and I've never stopped doing that through different countries and jobs and other commitments,” she says, “and it has helped me stay fit, active and mentally focused. I spend almost five hours a week at it even today, mostly on the weekends. My motto is certainly to do it till I lose it, and I can honestly say it doesn’t get easier. I need to work hard at it and stay disciplined, which has been a positive personal learning for me. On top of that, I am brushing up my French by attending weekly classes.”
More from Sin Yee Koh, Duff & Phelps