Good morning,
It is a pleasure to be here.
Mr Kon Yin Tong,
President, Institute of Singapore Chartered Accountants,
Colleagues and friends,
Introduction
1. Thank you for inviting me.
2. This is the third occasion in July alone that I’m speaking on our evolving crime scene.The Interpol held the third edition of its biennial conference here.The 4th edition of Asian Conference on Criminal and Operational Psychology took place last week.
3. These conferences are being held in Singapore not because our crime rates make for particularly interesting study. Thank goodness, that is not the case. Rather, it is because we hope to be ahead of the curve. One way is to bring together like-minded experts, colleagues, from around the world whom we can learn from and also ask for help to validate our own approaches. That is why these conferences are being held here. Part of plugging into the network of international experts, partly for validation and partly also, in a way, to build thought leadership.
4. Our international colleagues inevitably heap praises on Singapore. But we know only too well how easy it is for motivated criminals to give us the slip. David from the CAD, Denis, they are long-time law enforcement officers, they know we are only, always just one tiny step ahead. Andy Grove, formerly CEO of Intel, famously said “only the paranoid survive”. When it comes to crime-fighting, that attitude is not a bad one.
5. One area we should be particularly vigilant about has to do with digitalization. You do not need me to tell you how dramatically it is changing the nature of businesses, including the finance industry. Digitalization will enable more efficiency and innovation. But it will also enable crime.
6. Unsurprisingly, the finance industry is an attractive target for cybercriminals. Vast sums of money are transacted all the time. But what happens that is even more valuable, is access to commercial data and financial information that can be extracted from these transactions.
7. Singapore has a big stake in this. Aside from financial losses, any major cybercrime incident will severely impact our reputation as a financial hub. More importantly, we risk eroding the trust and confidence that was painstakingly built up.
(A) Accountants have a role in strengthening defences
8. In recent times, the Commercial Affairs Department (CAD) has seen cases where complainants, people who have approached CAD to report cases, these complainants observed financial irregularities, but they were not fully able to make sense of these irregularities. This changed only when the complainants engaged audit or accounting firms to perform forensic accounting and digital forensics. Thereafter, they were able to take decisive action to strengthen their defenses.
9. What does this tell us? It tells us that in the age of digitalization, businesses still need accountants. You can be much more useful by stepping beyond traditional roles to help your clients combat cybercrime.
10. Three capabilities are critical:
a. First is forensic accounting. This will help you uncover fraudulent activities from among voluminous transactional data.
b. Second, as more transactions go digital and mobile, digital forensics will also grow in importance.
c. Third, financial crime compliance, which must evolve to keep up with new business models, such as peer-to-peer lending.
11. Let me take this opportunity to thank ISCA for leading the way. ISCA’s qualification for Financial Forensic Professionals programme covers the above areas that I talked about. It was the first of its kind in the region. We are not talking about thought leadership only, but leadership in action. Thinking about it is great. Doing something about it is even better.
12. In addition, ISCA has worked with the Singapore Accountancy Commission and Workforce Singapore to launch the Professional Conversion Programme for Financial Forensic Professionals. This programme aims to support mid-career individuals seeking a switch to the financial forensic profession, and was just launched last year. If your firm plans to build up in financial forensics, you should think seriously about coming on board to grow your talent pipeline. In all areas of growth, in all areas of emerging capabilities, there is always going to be a crunch. A crunch in talent, a crunch to build up a pipeline of specialists. If you want to be ahead of the curve and not be left on the backburner, you have to do something about building your own pipeline. Poaching from one another will only get you so far and you know what happens when you only have a small pool. Everyone goes after the same people. Overtime, if the entire ecosystem does not keep up, then even the people whose skills were initially much sought after, their growth will be impeded. You will reach that point so you need to think a little further ahead and grow.
13. Having said this, the threat of cybercrime is complex, and cannot be tackled by accountants alone. That is clear. Increasingly, businesses are pulling together cross-domain teams to respond to cyber incidents. Therefore, to be effective, accountants will need to collaborate with other professionals, such as in audit, legal, and cybersecurity.
14. No one should believe that their organization is immune to cyber threats. We can do our level best to protect ourselves, but must still expect incidents from time to time. People hear more and more of these incidents being reported. Yesterday, I came across a report about a company that installed smart home security devices and these smart home security devices of course is linked on the backend to a server as the server helps to control and updates these devices. The server was left exposed for two full weeks. Millions of household data was exposed. How many people have gotten access to that data? What are they going to do with that data? How many homes can be unlocked as a result of that data breach? No one can give a clear answer. That is the extent of the criminal potential in a world where Internet of things is part of our living. What we must then do, is that when incidents happen, we must swiftly engage our enforcement and regulatory agencies, and work with them to investigate and then build up new defences.
(B) An opportunity to pull ahead
15. With every emerging threat, we in Singapore have an opportunity to pull ahead and distinguish ourselves from the competition. Every challenge like that is also an opportunity. This is why there’s much value in getting the stakeholders together early in the game. The more we can align our responses, the faster we can move. The more lead we can build up.
16. That means the Government too, must be agile. Where needed, we will update our legislation. For example, we amended the Criminal Procedure Code last year, providing investigators with enhanced powers to examine digital devices within and outside of Singapore.
17. We are also expanding our network of partnerships with the private sector.
a. For instance, the Singapore Police Force has set up the Alliance of Public-Private Cybercrime Stakeholders. The alliance – comprising 52 members and growing, promotes the swift exchange of information between enforcement agencies and private stakeholders. As a result, money-laundering attempts have been averted and other cybercrimes have been dealt with more expeditiously.
b. The CAD is also collaborating with OCBC on project POET, which stands for “Production Order – Electronic Transmission”. There are clear wins for both public and private sectors in this project. Banks, for instance, will spend less time on manual transactions, and can focus on more complex requests. At the same time, critical banking information will reach law enforcement agencies in a fraction of the time that is needed today. With cybercrime, things move very fast. If you take a lot of time to figure out, the audit trail goes cold all too soon. So time is of the essence. The agencies as a result, can therefore better detect financial crime and solve cases more efficiently.
18. Beyond legislation and partnerships, the Government will also provide funding for critical areas of capability development. The Monetary Authority of Singapore, for example, has launched a Cybersecurity Capability Grant to support efforts to strengthen cyber resilience in the financial sector.
(C) MHA is building its capabilities to combat cybercrime
19. On our part, the Ministry of Home Affairs, the Home Team, is determined to strengthen cybercrime investigation. Let me share an example in the area of digital forensics.
a. Home Team engineers are developing a Digital Evidence Search Tool (DIGEST). DIGEST sifts through large quantities of data extracted from digital devices, and identifies evidence that could aid investigations. DIGEST goes one step further to analyze the information, sense-make, and present a coherent picture linking the different pieces of evidence. Basically it digests the evidence in a much quicker time and makes sense of it.
b. One of the biggest benefits of DIGEST is that it enables SPF’s investigation officers who are otherwise not trained in forensics, to conduct evidence review on their own. Otherwise you will always be limited to the number of officers who understand forensics. You have to multiply your capabilities. Investigators can therefore go about their work more efficiently, and hopefully the period of investigation to get to the root of the problem can also be shortened.
20. Earlier this year, I announced the setting up of a new Home Team Science & Technology Agency. With focused attention and investment, the new Agency will give us state-of-the-art Science and Tech capabilities, including digital forensics. To preserve Singapore’s integrity as a financial hub, we will need to gain an operational edge against evolving cybercrime threats.The new Agency can give us that advantage.
Concluding remarks
21. To conclude my remarks, essentially, we have a window of opportunity here.
22. Accountants can remain relevant while helping businesses strengthen their defenses against cybercrime. You will need to become better at forensic accounting, digital forensics and financial crime compliance.
23. Several agencies are providing support to build up the ecosystem. If you are not already involved, it is probably time to start and soon.
24. On that note, let me wish you all a fruitful time at the conference.
25. Thank you very much.
