Anti Money Laundering and Countering the Financing of Terrorism Regulations in Singapore

According to MAS “Financial institutions operating in Singapore are required to put in place robust controls to detect and deter the flow of illicit funds through Singapore’s financial system”.

In order to provide guidance and compliance requirements on Anti Money Laundering and Countering the Financing of Terrorism (AML/CFT), MAS issues AML/CFT Notices and Guidance papers.

Each business model has a corresponding AML/CFT Notice i.e. the notice for insurance companies provides different compliance details than the notice provided for commercial banking. There is no fintech specific notice, therefore fintech companies should refer to the AML/CFT notice that aligns with their specific business model.

Although the details provided in the notices are different, the general requirements are the same across all business models. The overview below provides the general AML/CFT requirements for the financial services industry in Singapor

To comply with AML/CFT guidelines financial services firms are expected to:

1. Access and mitigate money laundering and terrorist financing risks;

2. Identify and know their customers;

3. Conduct regular account reviews, and

4. Monitor and report any suspicious transaction.

Assessing risk specific guidelines

• Identify ML and TF risks in your company. The guidelines suggest financial services companies look for common ML and TF threats that can be found in their:

  • Customer base and their overseeing jurisdiction

  • Products (including products still under development)

  • Delivery channels

  • Services offered

  • Third party data providers

  • Integrated IT systems

• Reaccess ML and TF Risks before launching new products, practices or technologies

Mitigating risk specific guidelines:

• Ensure executive and the board of directors understand ML and TF risks

• Appoint a qualified chief officer in charge of AML/CFT compliance

• Create policies and procedures for screening new and existing staff

• Implement ongoing employee training programs so that staff up-to-date on AML/CFT policies and procedures.

• Implement policies and procedures for document and data retention

CDD Specific guidelines:

• Create a clear customer acceptance policy as well as procedures that identify the types of customers that are likely to pose a higher risk of ML and TF risk. When creating acceptance policy and procedures fintech companies should consider a customer’s:

  • Background

  • Occupation (including public or high-profile positions)

  • Source of income and wealth

  • Country of origin and residence

  • Products they use

  • Nature and purpose of their accounts,

  • Nature and purpose of any linked accounts

  • Business activities

• Obtain information that can uniquely identify the customer. Examples of uniquely identifying information include:

  • Residential address

  • Registered or business address

  • Date of birth

  • Date of incorporation

  • Nationality

  • Place of incorporation

• Determine if the customer is from a jurisdiction with inadequate AML/CFT measures. The full list of high-risk jurisdictions can be found here.

• Determine if the customer is a Politically Exposed Person (PEP). Examples of PEPs include:

  • Heads of state

  • Heads of government

  • Senior politicians

  • Senior government official,

  • Judicial or military officials

  • Senior executives of state owned corporations

  • Important political party officials

  • Family members or close associates of a PEP

KYC specific guidelines:

• Verify the identity of any customers, beneficial owners, as well as any persons acting on their behalf. Fintech companies should use reliable, independent source documents, data or information. Examples of identity verification include:

  • Confirming the identity of the customer or the beneficial owner from an unexpired official document that bears a photograph.

  • Confirming the date and place of birth from an official document such as a passport or birth certificate

  • Confirming the validity of official documentation through an embassy official or notary

  • Confirming the residential address on documents such as a utility bill or tax statement

• Create a customer profile. The MAS guidelines suggest creating customer profiles in order to understand if a customer’s transaction behavior poses a risk for ML and TF. A customer profile can include:

  • The nature of their business and business relationships

  • Expected level of activity

  • Types of transactions

  • Sources of funds

  • Income

  • Overall wealth

CDD Specific guidelines:

• Create a clear customer acceptance policy as well as procedures that identify the types of customers that are likely to pose a higher risk of ML and TF risk. When creating acceptance policy and procedures fintech companies should consider a customer’s:

  • Background

  • Occupation (including public or high-profile positions)

  • Source of income and wealth

  • Country of origin and residence

  • Products they use

  • Nature and purpose of their accounts,

  • Nature and purpose of any linked accounts

  • Business activities

• Obtain information that can uniquely identify the customer. Examples of uniquely identifying information include:

  • Residential address

  • Registered or business address

  • Date of birth

  • Date of incorporation

  • Nationality

  • Place of incorporation

• Determine if the customer is from a jurisdiction with inadequate AML/CFT measures. The full list of high-risk jurisdictions can be found here.

• Determine if the customer is a Politically Exposed Person (PEP). Examples of PEPs include:

  • Heads of state

  • Heads of government

  • Senior politicians

  • Senior government official,

  • Judicial or military officials

  • Senior executives of state owned corporations

  • Important political party officials

  • Family members or close associates of a PEP

KYC specific guidelines:

• Verify the identity of any customers, beneficial owners, as well as any persons acting on their behalf. Fintech companies should use reliable, independent source documents, data or information. Examples of identity verification include:

  • Confirming the identity of the customer or the beneficial owner from an unexpired official document that bears a photograph.

  • Confirming the date and place of birth from an official document such as a passport or birth certificate

  • Confirming the validity of official documentation through an embassy official or notary

  • Confirming the residential address on documents such as a utility bill or tax statement

• Create a customer profile. The MAS guidelines suggest creating customer profiles in order to understand if a customer’s transaction behavior poses a risk for ML and TF. A customer profile can include:

  • The nature of their business and business relationships

  • Expected level of activity

  • Types of transactions

  • Sources of funds

  • Income

  • Overall wealth

• Conduct required enhanced due diligence for customers who have been identified as higher-risk for ML and FT. Example of scenarios that require EDD include:

  • Politically Exposed Persons

  • Customers from jurisdictions with inadequate AML/CFT standards

• Examples of Enhanced Due Diligence. Although not an exhaustive of EDD examples, the MAS guidelines suggest:

  • Requiring Senior management approval

  • Requiring a credit reference agency search

  • Requiring a reference from a prior bank (including banking group reference) and contact with the bank regarding the customer;

  • Requiring verification of the customer’s income sources

  • Identifying the customer’s source of funds and wealth

  • Requiring a personal reference

Conduct regular account reviews

• Develop and implement clear rules on the records that must be kept for CDD and EDD on customers

• Keep customer information up-to-date

• Review customer deemed as a higher risk for ML and TF on a more frequent basis

• Ensure all CDD information is compliant with the PDPA

Monitor and report any suspicious transactions

• Put in place and implement adequate systems and processes that scrutinise suspicious, complex, unusually large or unusual pattern of transactions.

• Report any suspicious activity via a Suspicious Transaction Report to the Commercial Affairs Department of Singapore.

As money laundering and terrorist financing threats continue to evolve, MAS periodically issues new AML/CFT guidance papers that you can access here.

Finally as noted earlier in the article, MAS has created business model specific notices for AML/CFT compliance. For an exhaustive guide to AML/CFT compliance see your business model specific notices here.