AML Compliance for Foreign Dealers of PSPM in Singapore

Regulated dealers of Singapore who are based overseas but conduct regulated dealings in Singapore may not necessarily be aware of their detailed legal obligations when undertaking business activities in Singapore. However, when dealing in Precious Stones and Precious Metals (PSPM), they must be aware of their Anti-Money Laundering, Counter-Terrorism Financing, and Counter-Proliferation Financing (AML, CTF, and CPF) obligations. This article focuses on AML compliance for Foreign Dealers of PSPM in Singapore.

Who Is a Foreign Dealer of PSPM in Singapore

If a regulated dealer in Singapore

Is registered outside Singapore, or
Is incorporated outside Singapore, or
Habitually resides outside Singapore,

And such a regulated dealer does not have

A permanent establishment in Singapore, or
A place of management in Singapore, or
A branch in Singapore

Then, such a regulated dealer can be classified as a foreign dealer of PSPM in Singapore.

Why Should Foreign PSMDs Comply with AML Regulations

The overall jewellery and luxury goods market is susceptible to Money laundering, Terrorism Financing, and Proliferation financing (ML, TF, and PF) risks due to their cash-intensive nature and involvement of high-value goods.

However, this risk is heightened for foreign PSMDs due to greater complexities in the supply chain and more cross-border transactions. Thus, Foreign PSMDs must comply with AML regulations to protect their business against heightened ML, TF, and PF risks.

AML Compliance Obligations for All Foreign Dealers of PSPM in Singapore

All foreign dealers of PSPM in Singapore are required to adhere to transaction-based requirements that also apply to domestic regulated dealers. These transaction-based requirements include:

Performing Customer Due Diligence or Enhanced Due Diligence stipulated in the Precious Stones and Precious Metals (Prevention of Money Laundering, Terrorism Financing and Proliferation Financing) Act 2019
Filing Cash Transaction Report (CTR) with the Suspicious Transaction Reporting Office (STRO) for designated transactions and submitting a copy of the CTR with the Anti-Money Laundering/ Countering the Financing of Terrorism Division (ACD), Ministry of Law.
Filing a Suspicious Transaction Report with STRO if any suspicion arises regarding the involvement of ML, TF, or PF activities.

AML Compliance Exemptions Granted to Transitory Foreign PSPM Dealers under Singapore Regulations

Foreign PSPM dealers are exempted from registering with the GoBusiness portal if they are conducting regulated dealing or acting as an intermediary for regulated dealing on a transitory basis.

This means that if a foreign dealer carries a business of regulated dealing or acting as an intermediary in Singapore for a period of 90 days or less in a calendar year, they are not required to register on the GoBusiness portal or comply with entity-based AML compliance requirements.

However, foreign dealers seeking this exemption must inform the Ministry of Manpower regarding their intention to perform a Work Pass Exempt (WPE) activity. Conducting WPE activities without notifying the Ministry of Manpower amounts to an offence in Singapore.

When Should Foreign Dealers Notify the Ministry of Manpower for Work Pass Exempt (WPE) Activities

Foreign dealers must notify the ministry about their Work Pass Exempt (WPE) Activity after arriving in Singapore and getting a short-term visa pass from the Immigration and Checkpoints Authority and before starting the exempt activity.

Particulars that Foreign Dealers Need to Submit Via E-Notification to the Ministry of Manpower for WPE Activities

When submitting an e-notification to the Ministry of Manpower for WPE activities, foreign dealers must furnish the following details

Name
Date of Birth
Passport Number
Disembarkation/Embarkation (DE) card number
Expiry Date of the Passport
Expiry Date of the Short-Term Visit Pass
Type of Activity that the Foreign Dealer is Undertaking
Total Period for Which the Foreign Dealer is Undertaking the Activity and the Start Date and End Date of Such Period
Foreign Dealer’s Workplace Address

As a best practice, foreign dealers should print the acknowledgement letter if, in any case, they need to produce it in the future.

Extension of Foreign Dealer's Notification Duration for WPE Activities

Foreign dealers can apply to extend the duration of their notification for a WPE activity before the end date of the activity, as mentioned in the original notification. They can do so by re-submitting a new notification if they fulfil the following criteria:

The foreign dealer’s total period of activity does not exceed 90 days in a calendar year.
The foreign dealer’s Short-Term Visit Pass is valid for the term of extension that the foreign dealer seeks.

GoBusiness Registration for Foreign Dealers

If a foreign dealer carries on a business in Singapore for more than a period of 90 days, then the foreign dealer will have to register on the GoBusiness portal.

Getting a Foreign Singpass or Corppass Account before GoBusiness Registration as a Foreign Dealer

Foreign dealers require a valid Foreign Singpass or Corpass Account for transacting with selected government digital services in Singapore, such as accessing digital services on GoBusiness portal.

Here is a list of information and documents required for registration for a Corpass Account:

Foreign Entity’s Information

- Business Registration Number
- Business Name
- Date of Incorporation
- Country of Incorporation
- Entity’s Registered Address

Foreign Entity’s Supporting Documents

- Business Registration Document
- Official Proof of Address, in Case the Business Registration Document Does Not Contain the Foreign Entity’s Registered Address
- Certified or Notarised Copy of English Translated Supporting Document, in Case the Supporting Document Is Not in English

Foreign Entity’s Admin’s Information

- Full Name
- Personal Identification Number from the Admin’s country of origin or residence
- Country or Region of Issuance
- Expiry Date of the Personal Identification Document
- Email and Mobile Number

Foreign Entity’s Admin’s Supporting Documents

- Identity Document indicating the Admin’s Personal Identification Number, for example

GoBusiness Registration Process for Foreign Dealers

Foreign Dealers can follow the following steps for GoBusiness registration:

Step 1: Selecting the License to Apply

Selecting Registration of Precious Stones and Precious Metals Dealers

Step 2: Adding General Information

Applicant’s Information
Filer’s Information, if a third party is applying on behalf of the applicant
Applicant’s Address
Organisational Information
Organisation’s Registered and Operating Address

Step 3: Adding Application Information

Information about Owners/Directors/Partners/Company Secretaries/Managers
Information about the Compliance Officer
Information about Substantial Shareholding
Information about PSMD License or its Overseas Equivalent
Place of Business where regulated dealing is conducted. For foreign dealers who do not have a physical place of business, the details of the organisation’s operating address should be included
Determining the class of registration based on the net price of the precious products sold
Category of products that the foreign dealer deals in

Step 4: Uploading Supporting Documents

Work Pass/Passport of the applicant
Work Pass/Passport of the Substantial Shareholder
Work Pass/Passport of the Director
Work Pass/Passport of the Manager
Work Pass/Passport of the Partner
Work Pass/Passport of the Company Secretary
Work Pass/Passport of the Employee managing the applicant’s business
Work Pass/Passport of the Persons holding any equivalent position
Foreign Business Registry Records

Step 5: Payment of Application Fee

The application fee is payable upfront when a new application is submitted, and it is non-refundable.

Step 6: Payment of Registration Fee

It is initiated after receiving an in-principle approval of the registration application
Payment of Registration Fee based on whether it is Class A registration tier or Class B registration tier

Entity-Based AML Compliance Obligations for Registered Foreign Dealers of PSPM in Singapore

Registered foreign dealers of PSPM in Singapore are required to perform entity-based AML compliance functions such as

Conducting Enterprise-Wide Risk Assessment to gauge the business’s risks from ML, TF, and PF activities
Developing Internal Policies, Procedures, and Controls (IPPC) to manage the ML, TF, and PF risks to which the business is exposed.

Summarising the AML Compliance Requirements for Foreign Dealers of Luxury Goods in Singapore

While individuals or businesses outside Singapore may not be fully aware of all their compliance functions, this article ensures that the foreign dealers of luxury goods in Singapore are well aware of their AML compliance obligations.

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article Singapore

Corporate Service Providers Act 2024: AML/CTF Updates for CSPs in Singapore

To prevent the misuse of corporate vehicles for the purpose of Money Laundering, Terrorism Financing, and Proliferation Financing (ML/TF/PF), the Accounting and Corporate Regulatory Authority (ACRA) implemented the Corporate Service Providers Act 2024, transforming the Anti-Money Laundering/ Counter-Terrorism Financing (AML/CTF) obligations for Corporate Service Providers. This blog highlights the AML/CTF updates for CSP in Singapore.

Understanding the Terms Registered Filing Agents (RFAs) and “Corporate Service Providers (CSPs)

Corporate Service Providers are persons engaged in the business of:

Formation of a corporation or any other legal entity on behalf of any other persons
Acting or making arrangements for any other person to act as:

A Director or Secretary of a corporation
A Nominee Director of an un-listed corporation
A Partner of a partnership firm
Any other contemporary position for any other type of legal entity

Provision of a registered office, business, correspondence, or administrative address or any such other related services for legal entities
Conduct of designated activity as a part of their accounting service
Carry out transactions with ACRA

As a Registered Filing Agent
For companies in the capacity of a Secretary

Filing Agents are a type of CSPs that are natural or legal persons who are in the business of carrying out transactions with ACRA on behalf of other persons. Under the Accounting and Corporate Regulatory Authority (ACRA) Act 2004, Filing Agents can carry out transactions with ACRA only if they are registered as RFA with ACRA.

AML/CTF Obligations Prior to Implementation of the Corporate Service Providers Act 2024

Although CSPs perform a range of services, only RFAs that prepare to carry out or carry out transactions on behalf of their customers for those services are subjected to AML/CTF requirements under the Accounting and Corporate Regulatory Authority (Filing Agents and Qualified Individuals) Regulations 2015.

The AML/CTF obligations include:

Establishing Internal Policies, Procedures, and Controls
Making arrangements for AML compliance management, including appointment of a Compliance Officer
Undertaking Customer Due Diligence Measures, including proper identification and verification of the customer, their beneficial owner, and the agent’s identity.
Ongoing Monitoring of the business relationship
Implementing Screening during the hiring process and Training employees on AML/CTF compliance
Implementing an Independent Audit function
Reporting suspicious activities and transactions
Record-Keeping

However, a large group of CSPs that cater to businesses are not RFAs and are not required to perform any AML/CTF compliance obligations. This creates a legislative gap that can be misused by illicit actors.

The CSP Act 2024 seeks to fill this gap.

Key Changes under the CSP Act 2024

The CSP Act has brought some major changes to the AML/CTF compliance obligations for CSPs. This includes:

Requiring all CSPs that provide corporate services in Singapore and from Singapore to register with ACRA as a registered CSP.

This means that even the CSPs which do not transact on behalf of their clients with ACRA, for instance CSPs dealing with foreign customers will also need to register themselves with ACRA.
Interestingly, even the accounting entities that carry out designated activities are also now covered under the definition of CSP.
It is important to note that such accounting entities are subjected to AML/CTF compliance requirements at present under the Accountants (Prevention of Money Laundering and Financing of Terrorism) Rules 2023.

Extending the Anti-Money Laundering, Countering Terrorism Financing and Counter Proliferation Financing (AML/CTF/CPF) obligations to all the registered CSPs.

In line with the developing international obligations, all CSPs are required to not only implement measures to counter ML and TF, but also PF risks.
All CSPs must perform Customer Due Diligence (CDD) before providing any corporate service to a customer, before lodging any transactions with ACRA, and any instance if they suspect involvement of ML/TF/PF or have doubts about the information previously submitted by the customer.
CSPs must maintain the client documents and keep them updated as a part of their ongoing monitoring efforts.
CDD documents and customer records should be retained for a minimum period of five years

Adding obligations on CSPs to check if a person is fit and proper before making any arrangement for them to act as a nominee director of a company.

At present, CSPs are under no obligation to ensure that the natural persons who are arranged to act as nominee directors are fit and proper to carry out the duties of a director.
However, this lack of scrutiny gives criminals a scope to misuse the post of nominee director in creating shell companies, especially if the nominee director is unaware of the duties and obligations of the position they hold.
Thus, the new CSP Act requires CSPs to appoint an individual as a nominee director only if the CSP is satisfied that such a person is fit and proper by taking reasonable steps like:

- Ensuring that such a person is not disqualified from acting as a director under any law
- Verifying their compliance records and previous conduct in the companies that he/she was a director of

Assessing if the potential nominee director has the competency, capacity, and capability to properly fulfil the obligations of a nominee director
Considering their past experience and present commitments, including the number of existing directorships, to determine if they can take on more directorships
Taking into consideration any other factors prescribed by regulatory authorities

By imposing this obligation on CSPs, the new CSP Act seeks to ensure that CSPs do not arrange unqualified persons as nominee directors for their clients.

Bringing in provisions for imposing penalties on registered CSPs and their senior management if there is any violation of AML/CTF/CPF obligations by them.

The new CSP Act seeks to enhance the effectiveness of the registration obligation by making non-registration a punishable offence.
This means that if CSPs fail to register themselves with ACRA, they may be subjected to either a maximum penalty of SGD 50,000 or imprisonment for a maximum period of two years, or both.
An additional penalty of SCD 2,500 per day will be charged to CSPs in case of continued offence.
According to the CSP Act 2024, if CSPs fail to ensure the fit and proper criteria when arranging for a nominee director, they will be liable for an offence with a maximum penalty of SGD 100,000.
Presently, the penalty for violation of AML/CTF requirements by RFAs or their Registered Qualified Individuals (RQIs) is a maximum of SGD 25,000 for every instance of violation. However, this limit is increased for CSPs under the new CSP Act to a maximum of SGD 100,000 proportionate to the risks of ML/TF/PF.
Additionally, the senior management of the CSP, who does not ensure that the CSP should comply with AML/CTF/CPF obligations, shall also be held personally liable and be subjected to the same fine.

Suggesting reasonable steps to ensure the CSP’s activities do not amount to an offence.

The CSP Act 2024 suggests a list of non-exhaustive steps that CSPs can reasonably take to avoid committing any offence, including:

Checking if the CSP’s compliance set-up is sufficient to avoid the conditions making up for an offence.
Putting in place periodic assessments by experts to assess the compliance set-up.
Making sure that the CSP’s employees, agents, and contractors are all equipped with the right set of instructions, information, and training so they can fulfil their compliance obligations to avoid the offence of non-compliance under the act.
Making sure that there are proper systems, processes and structures in place along with the required equipment and other resources for proper compliance to avoid any offence.
Creating an overall compliance culture with zero tolerance for acts of non-compliance that may amount to an offence.

Updates under the Companies and LLPs (Miscellaneous Amendments) Act 2024 in Consonance with the CSP Act 2024

Requirement for Disclosing nominee director and shareholder’s nominee status along with the particulars of the nominator with ACRA.

In order to ensure greater transparency within companies and foreign companies in line with the international standards on beneficial ownership, the ACRA seeks disclosure on nominee arrangements under the Companies and LLPs (Miscellaneous Amendments) (CLLP) Act 2024 so other entities that are obligated to perform AML functions can perform due diligence measures more accurately.
Thus, moving forward, companies and foreign companies will have to share all the particulars maintained in the nominee director and shareholder register with ACRA
All the updates in the particulars must also be communicated to ACRA

Companies, Foreign companies, and LLPs are now required to set up RORC on the date of incorporation.

It is a step moving on from the earlier requirement of setting up RORC within 30 days of incorporation.

Heightened penalty for offences relating to register of registrable controllers, nominee directors, and nominee shareholders

For the RORC and register of nominee directors and shareholders-related offences, the penalty has been increased to a maximum of SGD 25,000.

Implementation Timeline

The CSP ACT and the CLLP Act were both passed by the parliament in July 2024. However, it is said to come into effect in the first quarter of 2025. Following which, the new CSP entrants will be provided with a transition period of six months.

CSPs Stay Updated with AML Singapore

With the implementation of the CSP Act and CLLP Act in the first quarter of 2025, many more resources and guidance can be expected from regulatory authorities. CSPs are thus suggested to keep an eye on the regulatory communications and stay tuned with AML Singapore as we bring you the latest industry updates!

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article Singapore

Best Practices for AML Compliance Department Setup in 2025

Anti-Money Laundering (AML) Compliance is a team effort, and having the right set of minds on the team can make a big difference in regulatory compliance.

This article explores the best practices that a regulated entity can adopt when setting up an AML compliance department.

AML Compliance Department Composition

An AML compliance team is typically composed of:

KYC Analyst
Screening Analyst
Risk Analyst
Compliance Analyst
Subject Matter Experts
AML/CFT Compliance Officer

Why Having an AML Compliance Department Is a Necessity

Regulated entities in Singapore are required to fulfil all the Anti-Money Laundering/Countering Financing of Terrorism (AML/CFT) stipulated in the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act 1992. An AML compliance department takes care of a range of compliance functions:

Enterprise-Wide ML/TF Risk Assessment
Developing Internal Policies, Procedures, and Controls (IPPC)
Know Your Customer, Business, and Transactions (KYC, KYB, and KYT)
Name Screening
Customer Risk Assessment
Risk-Based Due Diligence
Ongoing Monitoring of Transactions and Business Relationships
Regulatory Reporting
AML Training for Other Employees and Staff Members
Engagement with Industry Bodies and Regulatory Authorities

Best Practices for Setting Up AML Compliance Department

1. Assessing the Entity's Compliance Requirements

As the first and foremost step, consider the regulatory expectations for AML compliance for your sector, common industry practices, the regulated entity’s specific compliance objectives, and the gap that the entity seeks to cover.

A background check on the entity’s compliance requirements can give the entity a better idea of its personnel requirements.

2. Recruiting Individuals with the Right Skillset

Professionals who are engaged in financial crime compliance should be equipped with the following set of skills, among others:

Knowledge about AML regulations
Problem-solving mindset
Analytical skills
attention to detail

So, entities that want to set up an AML compliance department should look for these qualities when hiring for their team.

3. Leveraging New Technologies for AML Compliance

There are many technological solutions available in the market that can overcome the challenges of human intervention in compliance, like delays and human errors.

AML software can ease many AML compliance processes while complementing the work of compliance team members by automating the following aspects:

Filing KYC
Name Screening against sanctions list, PEP database and adverse media information
Customer Risk Assessment and Risk Profiling
Ongoing Monitoring of Transactions and Business Relationships
Regulatory Reporting like Suspicious Transaction Report (STR), Cash Transaction Report (CTR), etc
Case Management

Therefore, when developing an AML compliance team, regulated entities can also look into software solutions that can aid the functions performed by the team.

4. Allocating Budget to Fulfill the Team's Resource Requirements

When hiring talent or purchasing new technologies, it is important for regulated entities to ensure that they set aside an adequate budget that is sufficient for the compliance team’s sustenance, like salary and other incentives and day-to-day operations.

Setting a proper budget ensures that the entity’s compliance goals are aligned with the entity’s financial goals.

5. Keeping the Team Independent but Unified

Although, the AML compliance team should work in close collaboration with other teams, like front line staff, to have an effective compliance culture. Their independence is also equally important to ensure that their findings and opinions are honest and unbiased.

The relationship between an AML team and other teams of a regulated entity can be equated with the relationship between different organs of government. While there is separation of powers and responsibilities, there still needs to be a system of checks and balances.

6. Ensuring a Smooth flow of Communication

The best way to ensure cross-team collaboration is to open up channels for communication. A well-defined organisational structure can be a great starting point.

Since every team in an organisation has its own set of goals to achieve, constant and consistent communication can be helpful in ensuring that any conflicts of interest are resolved amicably.

7. Providing Access to All Relevant Data and Information

Since AML compliance is a very dynamic field, the AML department must be given access to all relevant, accurate and updated information regarding the customer and their transactions to ensure that the department can fulfil the regulated entity’s reporting and other AML compliance obligations and guard off the risks of money laundering.

8. Reporting Arrangement with the Senior Management

An AML compliance department is headed by an AML/CFT compliance officer who is incharge of fulfilling all the AML regulatory obligations. The compliance officer should report directly to the senior management.

This ensures that any critical matter relating to AML compliance is resolved promptly and transparently. This position is in line with Singapore’s AML norms, which state that an AML/CFT compliance officer should have the necessary seniority and authority to perform his/her duties.

9. Conducting Regular Training and Awareness Sessions

Since money laundering activities and their related risks are changing very quickly, all employees, but especially those working in the compliance department, should be imparted with regular training on subjects like:

A general background on money laundering, terrorism financing, and proliferation financing
Case studies and recent examples related to Money Laundering/Terrorism Financing (ML/TF) activities
ML/TF Red Flags
The laws and regulations governing AML compliance
Entity’s Enterprise-Wide ML/TF Risk Assessment
Internal Policies, Procedures and Controls (IPPC) of the regulated entity
Risk management strategies
Technologies and systems relating to AML

Regular awareness ensures the compliance team is aware of the risks of financial crimes and the gravity of the functions they perform. Periodic training equips them with the right set of knowledge and skills to perform their functions efficiently.

10. Ensuring Senior Management's Buy-in

If a regulated entity is looking to create and maintain a culture of compliance, then it needs to set the tone from the top. A common point of conflict between management and compliance teams stems from the cost-benefit ratio. Thus, senior management’s buy-in for the compliance program can be a step in the right direction in ensuring that compliance enables the regulated entity’s business, not bar it.

11. Staying Informed with Regulatory Updates

Regulated Entities in Singapore periodically update regulatory information through electronic medium. Here’s a list of non-exhaustive resources that a regulated entity’s AML compliance department can subscribe to to stay updated with regulatory requirements in Singapore:

Collaborative Sharing ML/TF Information & Cases (COSMIC): It is a digital platform for collaboration between financial institutions
MAS Mail List Subscription: Financial institutions can subscribe to the mail list managed by the Monetary Authority of Singapore (MAS) for all AML related news, regulations, and developments for their specific business sector
ACRA News Alert Service: It is an email service provided by the Accounting and Corporate Regulatory Authority (ACRA) for disseminating regulatory information
Inter-Ministerial Committee-Terrorist Designation (IMC-TD) Updates: IMC-TD updates on the terrorist designation and requirements for countering the financing of terrorism

Apart from the above-mentioned resources, compliance department professionals can visit sector-specific regulatory authority’s websites for fresh regulatory updates or guidance.

12. Defining a Code of Conduct

A well-defined code of conduct is the skeletal on which the team’s overall organisational functions can be structured. Including the following aspects in the code of conduct assures that an employee’s behaviour meets the entity’s expectations:

Entity’s ethical standards
Compliance with the laws and regulations
General guidelines on communication and collaboration
Health, safety, and environmental norms
Hierarchical Code

Final Thoughts on Best Practices for Setting Up an AML Compliance Department

All regulated entities wish to implement the best AML controls. However, it is also important to focus on the on-ground personnel who implement those controls. With the best practices outlined in this article, regulated entities can set up an AML Compliance Department that is well-equipped to tackle complex money laundering challenges.

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article Singapore

AML Compliance for Charities in Singapore: A Panoramic View

Charities are social institutions that offer invaluable services to humanitarian causes to complement governmental and international efforts. However, their noble work can be misused or exploited by illicit actors for raising or moving funds for the purpose of Money Laundering (ML), Terrorism Financing (TF), or Proliferation Financing (PF).

This blog discusses the AML compliance requirements for charities in Singapore and the corresponding regulatory framework while also highlighting the ML/TF/PF red flags commonly associated with charities.

It goes on to address the challenges in combatting ML/TF/PF risks and suggests best practices to overcome the challenges with the inclusion of evolving technologies.

Charities that are Subject to AML/CFT Compliance Obligations

Institutions such as Companies Limited by Guarantee, Body Corporates, Societies or Trusts operating under Singapore laws can register themselves as charities under the Charities Act 1994.

However, such institutions must fulfil the following criteria:

The institution must have a charitable purpose as recognised by Singapore’s regulatory framework
The institution must promote public benefit through its activities
The institution must be wholly and exclusively charitable

Singapore laws recognise the following causes as charitable purposes:

Poverty alleviation or reduction
Development of education or religion
Other purposes that benefit the community at large, including the commonly recognised charitable purposes such as:

- Awareness and assistance through health initiatives
- Assistance with citizenship woes, community development, environmental protection, animal welfare
- Aid for needy and destitute with severe illnesses, disability, financial difficulties, or disadvantage due to youth, age, or any other constraints
- Encouragement of sports and physical activities that promote health
- Promotion and awareness in the fields of science, arts, cultural heritage

Thus, all charities working for charitable purposes are subject to Anti-Money Laundering, Countering Financing of Terrorism, and Counter-Proliferation Financing (AML/CFT/CPF) compliance requirements.

Why Charities Must Adhere to AML/CFT Compliance Requirements

Charities are vulnerable to ML/TF/PF risks due to a variety of reasons, such as:

Higher public trust
Wide networks
Cross-border operations
Unregulated funding channels
Weak internal controls

These factors are misused by charities through various means:

Means of Misuse of Charities

Charities may be abused by illicit actors for ML/TF/PF purposes through various means that can be classified into the following categories.

Funding through Charities

Criminals seek to exploit by raising funds in the name of a charity and then diverting such funds for terrorist activities or financial crime at the stage of collection or funds or transfer of funds between the stakeholders. Charities are also vulnerable to being used as a front by illicit actors for the movement of funds.

Misusing Resources Belonging to Charities

Charities are highly dependent on their human resources to execute their cause. However, this dependency makes them vulnerable to the risks of financial crime if a staff member or a board member exploits the charity’s resources to support terrorist activities or financial crime instead of providing for the charity’s beneficiaries.

Misusing the Name of a Legitimate Charity

Illicit actors often adopt a registered charity’s credentials, such as name, contact information and address, to mislead the donors and ultimately divert funds for ML/TF/PF purposes in the guise of charitable work.

Establishing Sham Charities

Instead of using a legitimate charity’s identity, criminals also resort to creating a sham institution altogether that functions like an ordinary registered charity, raising funds and promoting causes on paper to ultimately support ML/TF/PF activities.

Conducting Recruitments

The facilities used by charities and their activities are misused by terrorist organisations and illicit actors for carrying out recruitment for their activities.

Manipulating Charitable Programs

Parasitic use of legitimate charitable programs by illicit actors for carrying out illegal activities. For instance, shelters built by charities and used by beneficiaries may also be misused as a hub for ML/TF/PF activities.

Association with Terrorism Financing or Proliferation Financing Actors

Terrorist organisations may associate themselves with charities through a variety of means, including individual relationships with employees or senior management personnel or formally established partnerships with charities for furthering terrorism or proliferation-related activities.

Common Red Flags for Charities to Beware of

Charities must be aware of the following common red flags that can indicate ML/TF/PF activities:

If a donor insists on using the money for a specific purpose that is not related to the charity’s work domain.
If the amount of donations made does not match with the donor’s financial profile or their commercial activity.
If a donor makes donations using virtual assets but the charity is unable to determine that virtual asset’s ownership pattern.
If a donor relies on third parties to execute transactions without any apparent reason.
If a charity notes unusual behaviour on the part of a donor, such as requests for rerouting parts of donations to a third party that is not known to the charity and does not align with the charity’s purpose.

Criminals are constantly finding new ways of ML/TF/PF. Thus, charities must scrutinise any unusual behaviour or transactions beyond this non-exhaustive list of red flags.

AML Framework for Charities in Singapore

Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act, 1992 and the Terrorism (Suppression of Financing) Act, 2002, are the primary legislations combating money laundering and terrorism financing in Singapore.

In congruence with the recommendations of the Financial Action Task Force (FATF), preventing the abuse of Non-Profit Organisations (NPOs) and the overarching AML/CFT laws in Singapore, the Office of Commissioner of Charities (COC) sets out AML/CFT obligations for charities in Singapore.

AML Compliance Processes that Charities Need to Follow

AML Compliance for Charities needs to be built upon the foundation of a Risk-Based Approach

When managing the identified risks, charities must follow a risk-based approach, i.e. prioritising the management of critical risks by applying higher controls and resources and then moving on to lower risks. Charities can define the following risk management strategy:

The risk management strategy can help charities develop clear guidelines on avoidance, reduction, sharing, and acceptance of risk based on the risk level, quantification of loss, cost of mitigation and the burden of risk management.

The AML compliance process listed in this section guard charities against ML/TF/PF risks:

Charity Risk Assessment

Charities must be aware of the kinds of risks that they may be exposed to and identify the inherent ML/TF/PF risk factors affecting charity operations. These factors include:

Risks Associated with Donors, Beneficiaries, Partner Organisations, Employees, and Volunteers

Charities must determine the risks that arise out of their interaction with their donors, beneficiaries, partners, employees, or volunteers. For instance, charities must evaluate if they accept donations that come with specific requests, such as requests for utilising the donation for specific groups of individuals or organisations.

Risks Associated with Charity Operations

Charities must analyse if any potential illicit activities can arise out of their daily operations. For example, charities must analyse whether their funds are disbursed through non-regulated or high-risk financial channels.

Risks Associated with Geographical Locations

For charities conducting global operations, charities must determine if they are at a higher risk of ML/TF/PF threats if they work in high-risk jurisdictions or deal with donors or partners belonging to high-risk jurisdictions, such as FATF blacklist or grey list countries or conflict-affected zones. Charities having multi-jurisdiction operations are at a higher risk of ML/TF/PF threats arising out of geographical locations.

The above-mentioned risk factors would help charities determine the likelihood of ML/TF/PF risks and their impact when adopting a Risk-Based Approach.

Establishing Internal Policies, Procedures, and Controls (IPPC)

Based on risk identification and assessment exercise, charities must develop and periodically update a customised IPPC that addresses risk management, disbursements, utilisation of donations, monitoring the delivery of their programs and initiatives, and reporting of suspicious activities or transactions that come to notice during the course of their operations.

The IPPC must clearly define the control measures, from due diligence and risk profiling to record keeping, following a risk-based approach while also defining the role of employees and staff members, including all three lines of defence.

Additionally, charities must ensure a transparent AML governance framework with clear communication and commitment from the stakeholders in the implementation of risk mitigation measures.

Role of Governing Board Members and Key Officers in Ensuring AML Compliance

The governing board and the key officers of a charity are the persons who are ultimately responsible for implementing the compliance measures in accordance with the charity’s Internal Policies, Procedures, and Controls and ensuring that the ML/TF/PF risks to the charity are effectively mitigated.

Due Diligence

Charities must perform independent due diligence measures against a donor or beneficiary or other stakeholders such as representatives, partners, agents, contractors, employees, suppliers, vendors and volunteers.

Due diligence should be undertaken by charities in the following instances:

Before accepting funds from a donor, extending support to a beneficiary, or establishing a working relationship with a stakeholder
If the charity suspects a donor, beneficiary, or stakeholder is involved in ML/TF/PF activities
If there is any veracity in the documents or information shared by the donor, beneficiary, or stakeholder.

Know Your Donors, Beneficiaries, and Stakeholders

Charities are required to identify and verify the identities, credentials and good standing of their potential donors, beneficiaries, and stakeholders.

Charities are required to:

Obtain relevant information about not just the donors but also their agents, connected persons, or beneficial owners, and
Verify their background, reputation, financial stability, source of wealth and source of funds against independent and reliable information

When dealing with partner organisations, charities should have clear written agreements concerning the activities conducted and resources utilised under the charity’s name.

Sanctions Screening, PEP Screening and Adverse Media Screening

Charities must screen their donors, beneficiaries, partners, employees, and volunteers against the list of designated individuals and entities set forth by the United Nations Security Council (UNSC) and the Inter-Ministry Committee on Terrorist Designation (IMC-TD) and the Targeted Financial Sanctions imposed by Monetary Authority of Singapore.

If the sanctions screening results in a positive hit, charities are obligated to terminate onboarding of or collaboration with the donor, beneficiary, or stakeholder and file a Suspicious Transaction Report (STR).

Charities must also screen their donors, beneficiaries, and stakeholders to check if they, their agents, or their beneficial owners are Politically Exposed Persons (PEPs), immediate family members or close associates of a PEP.

Charities must screen the names of their donors against adverse media reports, internet records, and database subscriptions to check if there are any public concerns raised about the donor, such as to check if the donor has been declared insolvent.

Charities must also perform searches on the government register to determine if there have been any regulatory actions against the donor, beneficiary, partner, employee or volunteer.

Donor, Beneficiary and Stakeholder Risk Assessment

Charities must evaluate the risk posed by every potential donor, beneficiary and stakeholder and classify them into low, medium and high-risk. Such risk assessment can be made based on the following factors:

Donor, Beneficiary, and Stakeholder Risk:

PEP status of the donors, beneficiaries, or stakeholders and their agents, close associates, or family members
Existence of Adverse Media
Unusual ownership structure
Criminal convictions involving fraud.

Products and Services Risk

Understanding donor and stakeholder services, products, and activities vulnerable to ML/TF/PF risks.

Geographical Risk

Pertaining to the location where the stakeholder is placed or routes transactions or conducts most business with

If the jurisdiction is on FATF’s blacklist or grey list
If the jurisdiction is subject to UN sanctions
If the jurisdiction is infamous for significant levels of corruption.

Other Risk

Non-face-to-face relationships
Unusual involvement of third parties.

Based on the stakeholder risk assessment, the charity must classify its stakeholders as high-risk, medium-risk, and low-risk and apply adequate risk mitigation measures in accordance with a risk-based approach. For example, when dealing with high-risk stakeholders, charities must perform Enhanced Due Diligence.

Enhanced Due Diligence

If establishing a working relationship with a donor, beneficiary, or partner belonging to high-risk jurisdictions or high-risk stakeholders as per the criteria defined in the IPPC, charities must perform additional checks as a part of Enhanced Due Diligence (EDD). For instance,

Charities must seek to ascertain the legitimacy of the source of funds when receiving a substantial amount of donation from an unknown donor
Engagement or work relationship establishment with a high-risk donor, beneficiary or stakeholder must be conducted with the approval of the governing board members
Placing additional checks on the activities of the donor, beneficiary or stakeholder
Conducting enhanced ongoing monitoring of transactions by elevating the frequency and nature of transactions.

EDD helps in identifying and avoiding ML/TF/PF risks to a great extent.

Ongoing Monitoring of Projects and Transactions

For all the ongoing projects or programs under which charities conduct their activities, charities must put in place to ensure that their funds or services are delivered in accordance with the charity’s objectives. Charities must monitor the following aspects of a project in a structured, regular and ongoing way:

Conduct of the stakeholders involved in a project
Performance of the project stakeholders
Proper delivery of charity services
Expenditure is incurred for legitimate purposes
Transactions with the donors, beneficiaries, and stakeholders are in accordance with their respective financial profile.

Audit and Review

Charities must accomplish dual audit and review process:

Audit and review of the financial records
Audit and review of the AML program

The Charities Act 1994 and subsequent regulatory framework require charities to ensure independent audit or examination of their financial records in accordance with the relevant financial reporting standards. Hence, charities must ensure proper accounting of their funds, auditing of their services, and employee training to analyse the performance of their projects and activities.

Additionally, charities must review the quality and effectiveness of their AML controls to ensure that their AML program does not become irrelevant or outdated over time in comparison to the evolving criminal typologies and AML/CFT regulatory framework. There may be specific instances which trigger the need for reviewing risk mitigation measures:

Charities must accomplish dual audit and review process:

Audit and review of the financial records
Audit and review of the AML program

The Charities Act 1994 and subsequent regulatory framework require charities to ensure independent audit or examination of their financial records in accordance with the relevant financial reporting standards. Hence, charities must ensure proper accounting of their funds, auditing of their services, and employee training to analyse the performance of their projects and activities.

Additionally, charities must review the quality and effectiveness of their AML controls to ensure that their AML program does not become irrelevant or outdated over time in comparison to the evolving criminal typologies and AML/CFT regulatory framework. There may be specific instances which trigger the need for reviewing risk mitigation measures:

As and when required, charities must update their documents and information sources if:

There are any regulatory updates, e.g. updates in FATF lists or local or UN sanctions lists.
There are material changes in the working changes with a Donor, Beneficiary or Stakeholder.
Changes in the availability of resources.

Charities must determine the time and frequency of the audit and review process in accordance with their Internal Policies, Procedures, and Controls.

Reporting

If charities encounter suspicious activities or transactions in the course of their day-to-day operations, they are obligated to file a Suspicious Transaction Report (STR) with the Suspicious Transaction Reporting Office (STRO) using the STRO Online Notices and Reporting (SONAR) Platform as per the AML/CFT obligations set out in the Corruption, Drug Trafficking, and Other Serious Crimes (Confiscation of Benefits) Act and the Terrorism (Suppression of Financing) Act.

By implementing the above-mentioned compliance measures, charities can ensure that their activities and services are not misused by illicit actors for ML/TF/PF purposes.

In addition to filing STR, charities are also required to submit a governance evaluation checklist as a part of their annual submission to the COC. The governance compliance checklist explains the charity’s extent of compliance with the Code of Governance. It is to be filed through the charity portal within a period of six months from the end of each financial year through the Charity Portal.

Training

Charities must provide adequate training to governing board members, key officers, employees and representatives regarding AML topics and issues relating to their roles and functions to ensure proper implementation of the charity-specific ML/TF/PF risks.

In addition to role-specific training, a general overview of ML/TF/PF activities, AML/CFT laws applicable to the charity and consequences of non-compliance should also be included in the employee training and awareness component so that the employees, operations personnel, volunteers and other staff members become equipped in identifying ML/TF/PF red flags and filing STRs, and other regulatory reports.

Record-Keeping

Charities must record all relevant information concerning a project, donor, beneficiary, or stakeholder during the course of the working relationship and for a minimum period of five (5) years after the end of the working relationship. The records include but are not limited to:

Documents under in identification and verification of identities
Information regarding the purpose and nature of the working relationship
Charity’s findings about the PEP status and other high-risk factors in writing
Nature of EDD measures taken by the charity in relation to high-risk donors, beneficiaries or stakeholders
Any STRs filed or any ML/TF/PF suspicions raised before the governing board members
All written agreements relating to projects, ongoing monitoring of projects and transactions
All receipts or disbursement of funds
Any incidental matters prescribed in the charity’s internal policy
All AML training records
Outcome of charity risk assessment
All financial records

Conducting Due Diligence on Anonymous Donors

Charities often receive donations from persons who do not wish to reveal their identity in good faith. However, this guard of anonymity can also be used by criminals to circumvent due diligence checks.

Thus, it is important for charities to conduct due diligence and seek to identify any red flags associated with ML/TF/PF activities like involvement of third parties or unusual requests for refunds. However, it is also important for charities to be mindful of the donor’s confidentiality.

Consequence of Non-Compliance with AML/CFT Obligations

The Corruption, Drug Trafficking and Other Serious Crimes Act, 1992, mandates every person to file an STR if the person knows or has reason to believe that any property may be connected to criminal activity. Failure to do so constitutes a criminal offence.

Exceptions: However, with regard to identification and verification requirements. Charities are allowed to accept funds from a donor, disburse funds to a beneficiary or establish working relationships with stakeholders even when they are unable to complete identity verification despite their best efforts, subject to the following conditions:

The activity is essential for not interrupting the day-to-day operations of the charity
The charity is in a position to effectively manage the ML/TF risks
The charity has specific criteria and risk management policies and procedures in order to back the charity’s decision, taking into consideration reputational and legal risks.
The charity must document the deliberation, decision, and rationale of its decision in writing

However, charities must consider if they should file an STR if they are unable to complete any of the due diligence measures.

Challenges in Ensuring Effective AML/CFT Compliance

In cases where a large donor who is known to the charity changes the pattern of donation, it may be challenging for charities to perform due diligence while maintaining cordial work relationships with such donors. In such scenarios, it is important for charities to really know their donor beyond the regulatory pen and paper requirement to circumvent frictions.
Charities operating at a small scale may not have adequate infrastructure to identify complex ML/TF/PF patterns
Inadequate AML training may lead to human error that can pose a significant risk to the charity’s operations.
Charities adhering to AML compliance regulations are required to maintain records of each compliance measure and incidental information and documents. Thus, charities are required to manage large volumes of data that can be difficult to process and analyse.

CharityTech as an Effective AML/CFT Solution for Charities

In the era of digitisation, charities have the option to rely on digital solutions to automate labour-intensive compliance tasks, such as regulatory reporting and record keeping, to reduce the manual workload and associated costs, allowing charities to focus on their core missions while ensuring compliance with AML regulations.

CharityTech relies on advanced statistical modelling, machine learning, and real-time data aggregation to enhance risk assessments. By employing techniques like fuzzy logic and text analytics, RegTech can identify potential risks and suspicious activities more effectively than traditional methods.

Digital solutions can thus help charities overcome logistical challenges and financial crunch problems.

Best Practices to Ensure a Foolproof Implementation of AML/CFT and CPF Program within Charitable Organisations

Creating a checklist for internal periodic review
Identifying personnel and designating them as risk owners to mitigate, manage, and monitor sources of risks in which they have relevant knowledge, expertise, and authority. For example, Treasurers of the charity, as risk owners, can be entrusted with the responsibility of managing risks associated with the disbursement of funds or designating a senior board member as a single point of contact for all AML-related matters.
Charities can create risk registers defining the likelihood of the occurrence of such risk, its impact, and risk mitigation action plans for effective risk management.
Reviewing the effectiveness of compliance measures regularly and periodically based on a risk-based approach (RBA), i.e., once a year for high-risk stakeholders and once every three years for stakeholders not assigned high-risk rating.

Through RBA: Once a year for high-risk stakeholders and once every three years for stakeholders not assigned high-risk rating
When Situation Warrants: Such as updates to Relevant Sanctions lists or watchlists, change in nature of relationship with stakeholder, when additional information required due to inadequacy in existing information, changes in ownership structure of stakeholder (legal entity or legal arrangement).

Subscribing to the MAS and IMC-TD mailing lists to stay updated with the lists of designated persons and entities.
Charities should be cautious about maintaining donors’ confidentiality when performing due diligence measures in alignment with applicable data privacy laws
Charities can rely on advanced technologies such as CharityTech to overcome the challenges of human error and data management.
Having in place, workflows and personnel to fulfil Regulatory Reporting Requirements such as:

STRs with STRO
Annual Report that includes Financial Statements and Governance Evaluation Checklist with the Commissioner of Charities (COC).

Conclusion

ML, TF, and PF risks to the charity sector have far-reaching impacts. Thus, it is important for charities to put in place effective AML/CFT controls and governance practices to prevent erosion of trust for legitimate institutions working for public benefit.

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article Singapore

Client Offboarding Best Practices to Strengthen AML Compliance

Client offboarding involves strategically terminating business relationships with a client. In the context of Anti-Money Laundering (AML), Countering the Financing of Terrorism (CFT) and Counter Proliferation Financing (CPF) compliance, client offboarding becomes necessary when the business relationship with the client is incompatible with the AML/CFT/CPF processes of the Regulated Entity. Timely offboarding helps the Regulated Entity in protecting itself against Money Laundering (ML), Terrorism Financing (TF), and Proliferation Financing (PF) risks.

This Blog discusses the importance of client offboarding in the context of AML/CFT/CPF compliance, the circumstances that necessitate it, the best practices of client offboarding and the step-by-step procedure to ensure smooth client offboarding as a part of the Regulated Entity’s AML/CFT/CPF Program.

What is Client Offboarding?

Client offboarding is the strategic termination of a business relationship with a client conducted with the objective of protecting the Regulated Entity from ML/TF or PF risks. The decision to offboard a client is taken in accordance with the Regulated Entity’s internal Client Acceptance and Exit Policies. These policies are made while keeping in view the AML/CFT/CPF law and regulations in Singapore, which facilitates the effective compliance of the Regulated Entity’s AML/CFT/CPF obligations.

Circumstances Necessitating Client Offboarding

The following circumstances necessitate Regulated Entities to make the decision to offboard a client:

Compliance with AML/CFT/CPF Regulations

Compliance with Targeted Financial Sanctions

Under Singapore’s sanctions regime, Regulated Entities are required to conduct Sanctions Screening on their customers to detect if a customer is a ‘Designated Person’ under the United Nations Act, 2001 and UN Regulations or a terrorist or terrorist entity under the Terrorism (Suppression of Financing) Act. 2002. If the Regulated Entity suspects that a client is sanctioned, it needs to undertake the following steps:

Decline to enter into or terminate any transactions with the customer
Freeze the customer’s funds and other financial or economic assets
File a Suspicious Transaction Report (STR) with the Suspicious Transaction Reporting Office (STRO) or inform the Monetary Authority of Singapore if the Regulated Entity is a Financial Institution

Therefore, AML/CFT/CPF laws require Regulated Entities to terminate business relationships and transactions with a customer suspected to be sanctioned.

Amendment in AML/CFT/CPF Regulatory Regime

When AML regulations in Singapore are amended, there may be a need to offboard certain categories of customers as required under the amendments. For example, if the Singapore authorities introduce an amendment in the law restricting the engagement with countries subject to the Financial Action Task Force (FATF) ‘Call for Action’, then Regulated Entities would be mandated to offboard the clients from these countries.

ML/TF and PF Risks Posed by Customer Exceed Risk Appetite of the Regulated Entity

Risk appetite is the amount of ML/TF and PF risks Regulated Entities can effectively manage through their internal risk management and control practices. When the ML/ TF or PF risks posed by customers exceed the risk appetite of a business, offboarding may become inevitable.

Derisking

Derisking is a process adopted by businesses to end or restrict business relationships with a client to avoid ML/TF and PF risks posed by them. When ML/TF and PF risks cannot be managed or mitigated, derisking becomes necessary. However, Regulated Entities should not adopt blanket derisking to avoid issues such as reputational damage, exclusion of legitimate customers, etc.

Client’s Failure in Know Your Customer (KYC) and Customer Due Diligence (CDD)

Another reason for client offboarding is if the client does not provide requested documentation or fails a background check at the time of KYC and CDD processes. These can raise suspicions, leading to a deeper investigation, requiring additional information or documents from the client or termination of a business relationship, depending on the Internal Policies, Procedures and Controls (IPPC), which are tailored to specific risks of every business.

For example, the client is assessed as high-risk, and the Regulated Entity has requested the necessary information and documents pertaining to the client’s source of funds and wealth. However, the client is hesitant to share these documents. In the absence of completion of the Enhanced Due Diligence process as part of the CDD process, the Regulated Entity must offboard the client, as required under the IPPC, to ensure compliance with AML regulations.

Increased Costs Associated with Know Your Customer (KYC) and Customer Due Diligence (CDD)

Client off-boarding also becomes necessary when the cost involved in adequately completing the KYC and CDD is higher than what Regulated Entities can effectively manage, given their available resources.

Why Is Client Offboarding Essential in Certain Circumstances?

Client offboarding is necessary in the above-discussed circumstances for the following reasons:

Preventing exposure to ML/TF and PF risks
Complying with AML/CFT/CPF regulatory requirements and reducing the cost of non-compliance
Building a positive reputation as a law-abiding and compliant business
Effective ML/TF and PF risk management
Maintenance of the Regulated Entity’s integrity, transparency, and financial health

After discussing the essential questions with respect to client offboarding, the blog now details the best practices to be adopted for a smooth and effective client offboarding process.

Best Practices of Client Offboarding Process under AML Compliance

Defining Risk Appetite

As a part of the Regulated Entity’s AML/CFT/CPF compliance, it is required to conduct an Enterprise-Wide Risk Assessment (EWRA). EWRA involves a thorough assessment of the ML/TF and PF risks a Regulated Entity is exposed to, as well as the likelihood and impact of such risks. This is the inherent risk or gross risk that the Regulated Entity faces. Based on the risks assessed, the Regulated Entity can adopt appropriate and proportionate risk control measures. This is the foundation of a risk-based approach.

Based on the EWRA, Regulated Entities can define their risk appetite. Risk appetite is the amount of ML/TF and PF risks Regulated Entities can effectively manage through their AML/CFT/CPF IPPC. It differs for each business and varies as the business of the Regulated Entity changes and grows.

Client Offboarding Best Practices to Strengthen AML Compliance
With a defined risk appetite, Regulated entities can take informed decisions regarding client’s offboarding in a timely manner.

Since risk appetite keeps changing, it also helps Regulated Entities decide to offboard a client if customer’s risk profile changes, or risks emanating from them become unacceptable after some time.

Defining and Implementing Robust Client Acceptance and Exit Policy

As a part of their IPPC, Regulated Entities should form and implement robust Client Acceptance and Exit Policy. These policies must specify the procedures for client acceptance and onboarding, including Customer Due Diligence (CDD) and Know Your Customer (KYC) procedures. Regulated Entity should also define the circumstances that would warrant a review of the relationship with the customer and the procedure to offboard a customer when required. The Client Acceptance and Exit Policies must align with the overall AML obligations and risk appetite of the Regulated Entity.

Reviewing the Decision to Offboard a Client

Whenever a Regulated Entity comes across a circumstance that would necessitate client offboarding, it should investigate the business relationship with the client and make an informed decision as to whether client offboarding is necessary. Client offboarding without due consideration of customers’ risk profiles, can be an excessive measure indicating ineffective ML/TF and PF risk management.

Record-Keeping of Client Offboarding Process

When the Regulated Entity decides to offboard a client, it should maintain records pertaining to the business relationship with the customer for at least five years from the end of the business relationship. The documents that need to be maintained include the following:

Suspicious transactions related to the client reported to Suspicions Transaction Reporting Office (STRO)
KYC and CDD records collected
Documents capturing the reason for offboarding the customer
Client communication related to the offboarding
Offboarding procedure followed
Any other document that seems necessary

Ensuring Privacy and Confidentiality of Customer Data

While offboarding a client, the Regulated Entity must ensure that customer data remains secure. The regulated Entity needs to ensure that there is no risk to the privacy and confidentiality of any information related to the customer. It must not be made accessible to any unauthorised person.

Employee Training Regarding Client Offboarding Process

Client offboarding is a significant part of the AML/CFT/CPF IPPC of a Regulated Entity. Employees of the Regulated Entity need to be trained to carry out the client offboarding process to ensure that it is conducted in a smooth manner. The employees need to be trained in the following aspects:

Knowledge of the Regulated Entity’s business’s risk appetite
Awareness of AML/CFT/CPF regulations in Singapore related to client onboarding and offboarding and associated compliance requirements
The AML/CFT/CPF EWRA of the business
Transaction monitoring procedures
Red flags indicating ML/TF and PF risks
Customer Risk Assessment and risk profiling
Soft skills pertaining to effective communication with clients
Client Acceptance and Exit Policies, including templates for documenting the decision to offboard, communication with the client, etc

Step-by-Step Client Offboarding Process

The blog now provides a step-by-step procedure that can be followed to ensure a smooth and professional client offboarding process. These steps are as follows:

Detect Circumstances that Warrant Client Offboarding:

Circumstances such as matches found during sanctions screening or ML/TF and PF risks beyond the risk appetite of the Regulated Entity. Regulated Entities should be vigilant in detecting these circumstances in a timely manner. However, the Regulated Entity needs to be mindful of not offboarding a customer right away if doing so would result in “tipping-off” such a customer

Review the Business Relationship with the Client by Conducting a Customer Risk Assessment:

If the customer’s name does not appear in the sanctions list, not requiring immediate offboarding, then the next step is to conduct a proper analysis of the business relationship to assess the ML/ TF and PF risks posed by the client by conducting a Customer Risk Assessment. Customer Risk Assessment is the process through which Regulated Entities assess the ML/TF and PF risks posed by a customer and categorise them into low, medium, or high-risk categories based on the degree of ML/TF and PF risks they pose to the Regulated Entity.

Compare the ML/TF/PF Customer Risk Assessment with the Risk Appetite of the Regulated Entity:

The Regulated Entity should compare the risks posed by the client assessed through the Customer Risk Assessment with the risk appetite of the business, to assess whether the risks can be managed by the Regulated Entity effectively.

Take the Decision Regarding Client Offboarding:

After conducting risk assessment and comparing it with risk appetite, the Regulated Entity will be able to take informed decision regarding offboarding.

Seek Senior Management Approval if Necessary:

There may be situations where senior management approval is necessary for offboarding. For example, if the client is an important customer or regulatory reporting and offboarding are necessary. Such approval should be sought promptly.

Record-Keeping of all Documents Related to Client Offboarding:

Records should be kept for all documents related to the business relationship with the client and the decision to offboard the client, including the rationale that necessitated offboarding for at least five years as required under AML/CFT/CPF regulations of Singapore.

File Suspicious Transaction Report When Necessary:

When a match is found during sanctions screening, or the Regulated Entity detects suspicious activity or transactions, a Suspicious Transaction Report (STR) should be filed.

Communicate to the Client Regarding Offboarding Without “Tipping Off”:

The client should be informed regarding offboarding in a professional and timely manner, without tipping them off regarding filing of the STR, so that the investigation process is not impeded.

Conclusion

Imbibing the above best practices and step-by-step procedures while terminating business relations with a client offboarding ensures a professional and smooth client offboarding process.

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article Singapore

Lodging and Updating RORC information with ACRA: A Bird’s Eye View

Identifying the Ultimate Beneficial Owner (UBO) or Registrable Controller is an essential component of the Customer Due Diligence (CDD) process in Anti-Money Laundering (AML) compliance.

The Accounting and Corporate Regulatory Authority (ACRA) maintains a central registry of registrable controllers of companies, foreign companies, and LLPs functioning in Singapore. For this purpose, ACRA requires companies, foreign companies, and LLPs to lodge and update their RORC information with ACRA. Here’s the article explaining the ACRA’s regulatory requirements for maintaining RORC.

Persons Qualified to Become Registrable Controllers

A registrable controller or beneficial owner is a natural or legal person having a significant interest or control over a company or a Limited Liability Partnership (LLP). For companies and foreign companies with a share capital, a registrable controller is someone having a significant interest, including:

Interest in more than 25% of the shares of the company or foreign company (irrespective of the class of shares or the value of shares) or
Interest in shares (except treasury shares) holding more than 25% of the voting power of the company or foreign company.

For companies or foreign companies without a share capital (such as companies limited by guarantee), a registrable controller is someone having a significant interest, includes:

Direct or Indirect share in more than 25% of the capital or profits of the company or foreign company

Having significant control includes having the following:

The right to appoint or remove directors who have a majority of the voting rights in the director meetings,
More than 25% of the voting rights in the matters that are decided by voting of shareholders
Exercises or has the right to exercise significant influence over the company or foreign company

If a person exercises or has the right to exercise any of the above significant interests or controls, then such a person is a controller. Companies, foreign companies, and LLPs have to set up and maintain a Register of Registrable Controllers (RORC).

Indirect Holding

Companies need to consider and analyse situations where an individual or a legal entity may not directly hold the above rights and may indirectly hold control through a legal entity or a chain of legal entities.

Setting Up the RORC

Companies, foreign companies, and LLPs are required to set up and maintain the RORC either at their registered office address or at the office of their Registered Filing Agent (RFA).

The RORC is not the same as the electronic registers of private companies maintained by the Accounting and Corporate Regulatory Authority (ACRA), the register of members that public companies maintain with themselves or the register of directors and nominee shareholders.

The Register must include the date of entry/update, name of the controller, particulars of the controller and notes or remarks regarding the date on which notice was sent to the beneficial owner and the date on which confirmation was received.

Companies, foreign companies, and LLPs are required to disclose the location of their RORC in their annual return filing. However, they are not required to disclose the location of their RORC to the Accounting and Corporate Regulatory Authority (ACRA).

RORC can be maintained in electronic and physical formats. However, the register is a confidential document which must not be made public.

Measures for Identifying Registrable Controller

Companies, foreign companies, and LLPs are expected to take reasonable steps to identify the beneficial owners. This section discusses the measures that can be taken by companies, foreign companies, and LLPs to identify their registrable controllers.

Taking Reasonable Measures

Companies, foreign companies, and LLPs must take reasonable measures to identify their beneficial owners, such as:

By sending a physical or electronic notice to every director of the company every year,
By sending yearly physical or electronic notice to every member of the company who has more than five per cent of the voting share in the company,

If they are aware of the identity of the registrable controllers of the company, foreign company or LLP.

Sending Out Notices

Companies, foreign companies, and LLPs must send notices to persons that they know or have reasonable grounds to believe are registrable controllers of the company, foreign company or LLP.

The notice must clearly seek the status of beneficial ownership, request for particulars if the addressee confirms that they are a beneficial owner and mention the address to which a reply must be sent, with a timeframe and the regulatory consequences of not responding to the notice.

The notice can be sent in either electronic or physical format.

By implementing these initiatives, companies, foreign companies, and LLPs can fulfil their regulatory obligations towards identifying the beneficial owners.

Obligation for Companies, Foreign Companies, and LLPs with Ambiguity in Identifying Their Registrable Controller

Companies, foreign companies, and LLPs are obligated to identify their registrable controllers or beneficial owners. However, if they are not able to identify their registrable controllers, they must send notices to individuals and legal persons that the company knows or has reasons to believe that such persons know or have reasonable grounds to know the identity of a person who is a registrable controller of the company, foreign company or LLP. Upon taking reasonable measures, if the companies, foreign companies, or LLPs are of the opinion that they do not have a beneficial owner or are unable to identify them, then all the directors with executive control and Chief Executive Officers (CEOs) of the company shall be taken as the registrable controller. In such a case, companies, foreign companies, and LLPs must enter the following details:

A note stating that the company or LLP knows or has reasonable grounds to believe that the company has no registrable controller or has not been able to identify the registrable controller.
The note must also mention that all the CEOs and directors with executive control are taken to be registrable controllers of the company.
The particulars of CEOs and directors to be taken will be the same as that taken for individual controllers.

What Information Must Be Lodged with ACRA

The Accounting and Corporate Regulatory Authority (ACRA) requires companies, foreign companies, and LLPs to lodge particulars of its Registrable Controllers. These particulars are differentiated based on whether the controller is an individual or a corporate entity.

An individual who has significant interest or control over the company, foreign company or LLP is an individual controller.

A body corporate or legal entity incorporated or existing in Singapore or a foreign company registered under the Companies Act having significant interest or control is a corporate controller.

Particulars of Controllers Who Are Individuals

Companies, foreign companies, and LLPs must collect the following information:

Full name of the individual.
Aliases (if any).
Residential Address.
Nationality of the individual.
Identity card/passport number.
Date of Birth.
The date on which the individual became a controller of the company, foreign company or LLP.
The date on which the individual ceased to be a controller of the company, foreign company or LLP.

Particulars of Controllers Who Are Corporate Entities

Companies, foreign companies, and LLPs must collect the following information:

Name of the entity controller.
A unique identity number is issued by the registrar (if any).
The legal form of the entity controller.
Address of the registered office of the entity.
Jurisdiction where the entity is formed or incorporated.
The statute under which the entity controller is formed or incorporated.
Name of the register in the jurisdiction where the entity is registered.
Identification or registration number of the entity in the register of the jurisdiction where it is formed or incorporated.
The date on which the entity became controller of the company, foreign company or LLP.
The date on which the entity ceased to be a controller of the company, foreign company or LLP.

The obligation to maintain RORC information with ACRA does not exempt companies, foreign companies, and LLPs from keeping the same information with themselves.

Lodging Information through a Registered Filing Agent or Self-Submission

Companies, foreign companies, and LLPs can lodge the RORC information either by themselves or through their Registered Filing Agents (RFAs) using ACRA’s online portal Bizfile+.

Bulk Upload Option for RFAs

RFAs can bulk upload RORC information for multiple entities (such as foreign corporate entities, societies, trusts, and entities with UEN not issued by ACRA) identified as controllers using a prescribed Excel template that can be uploaded on Bizfile+.

The records uploaded through the bulk option are processed a day after they are uploaded. Hence, the lodgers are notified by email the next day after uploading. The information uploaded can be viewed through the transaction status enquiry option on Bizfile+ using the transaction number that is provided to the lodger.

Registered Filing Agents (RFAs) can only lodge RORC information for entities in their client list. Before Bulk uploading the information, RFAs need to ensure that they are authorised by their client to lodge and update RORC information on behalf of that client. However, no specific filing access is required for RFA to lodge their client’s RORC information with ACRA.

Individual Upload Option for Self-Submission

Individual companies, foreign companies, and LLPs can upload information for a single entity using the individual upload option by entering the Unique Entity Number (UEN). Companies must verify if they are exempted from updating RORC information. Unexempted entities should then decide the category of the registrable controller, whether it is a corporate entity or an individual, and then enter the relevant information.

Upon uploading all the particulars, the lodger must verify the information before finally submitting it to ACRA and keep a record of the acknowledgement receipt.

Updating RORC Information with ACRA

Companies, foreign companies, and LLPs have to keep the RORC information with ACRA accurate and up to date by periodically sending out a notice to all the registrable controllers asking if a relevant change in the particulars has occurred or if any of the particulars in the RORC are incorrect.

If the company, foreign company, or LLP receives credible information that the particulars of its registrable controllers are incorrect or outdated, then such company or LLP must notify its registrable controller to share correct information. Such notice can be sent physically or electronically. There is no regulatory requirement for a director or secretary’s signature on the notice or for the notice to be sent through a registered address.

If a company, foreign company, or LLP that could not previously identify or did not previously have a registrable controller updates the particulars of a registrable controller. Then, the company or LLP must also enter a note in the register that its directors and CEOs cease to be the registrable controllers, along with the date on which the particulars are added.

ACRA’s Regulatory Timelines for RORC Maintenance, Lodging and Update

There exists a timeframe that companies, foreign companies, and LLPs need to abide by when keeping, lodging or updating RORC information. The RORC must be set up within thirty days of incorporating the company or LLP.

Within thirty days, companies, foreign companies, and LLPs take reasonable measures to identify the beneficial owners and seek confirmation from such persons by sending out notices. Once a confirmation is received in reply to the notice, companies, foreign companies, and LLPs must enter the particulars within two days of confirmation.

However, if no confirmation is received, companies, foreign companies, and LLPs must enter the particulars that they have in their possession within two days after the end of thirty days from the date on which the notice was sent.

If the company, foreign company, or LLP is satisfied that it has no registrable controller or is unable to identify them, then the company, foreign company, or LLP must enter the particulars and note within two days from the date on which the company, foreign company, or LLP forms such an opinion.

If there are any changes in the particulars entered in the RORC, the company, foreign company, or LLP must update the changes in the RORC within two days from the date on which such change comes into the knowledge of the company.

Penalties for Not Maintaining RORC Information with ACRA

The Companies Act, 1967 and the Limited Liability Partnership Act, 2005 requires companies, foreign companies, and LLPs (unless exempted) to comply with the RORC obligations. If the compliances are not met, then companies, foreign companies, and LLPs are liable for a penalty of up to 5,000 SGD.

The regulatory framework in Singapore also mandates controllers to disclose information to be mentioned in the RORC and update the company, foreign company, or LLP about any changes in the RORC particulars. Failure to meet this requirement can result in a penalty of up to 5,000 SGD for the controller.

Common Mistakes to Avoid while Filing RORC Information

Maintaining, lodging and updating RORC information can be a tedious task. Therefore, companies, foreign companies, and LLPs should try to avoid the following commonly occurring mistakes:

Not checking if the entity falls under the exempted category
Furnishing incomplete or incorrect information without any justification with ACRA where complete information is not available with the company, foreign company or LLP
Missing statutory timelines for filing or updating information
Not identifying registrable controllers having significant interest or control
Wrongly identifying registrable controllers that do not meet the criteria for holding significant interest or control
Not verifying details entered on Bizfile+ before submitting it to ACRA

Best Practices for Maintaining RORC

Documenting copies of the notices sent to the registrable controllers and receipt of their replies.
Reviewing and updating the RORC information annually by checking for any material changes with the beneficial owners.
Documenting reasons for satisfaction about accuracy and relevancy of RORC particulars if the company/LLP opts not to send a notice for updating particulars to its registrable controllers.
Sending notice electronically through a registered email address with the signature of a Key Managerial Person (KMP), for instance, a director or secretary.
Review the register of members and constitution to determine if an individual or corporate entity qualifies as a registrable controller.
Attach relevant supporting documents, such as the National Registration Identity Card (NRIC), passport copy, utility bills and certificate of registration, when lodging RORC information copy of foreign controllers with ACRA.
Keep a note of persons who have access to RORC.

Conclusion

Companies, foreign companies and LLPs equipped with a comprehensive understanding of the process of setting up and maintaining RORC and lodging and updating RORC information can effectively fulfil the regulatory requirements set by ACRA.

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article Singapore

Transforming Client Onboarding with Robust AML Procedures

Getting more clients and business growth are the primary goals of every business. With the increasing number of clients, a robust client onboarding mechanism can help businesses rule out the potential risk of financial crimes, including Money Laundering (ML), Terrorism Financing (TF), and Proliferation Financing (PF) associated with clients. This blog discusses the prevalent Anti-Money Laundering (AML) requirements and procedures, such as KYC (Know Your Customer) and CDD (Customer Due Diligence) requirements, to be considered while conducting client onboarding by businesses operating in Singapore.

By incorporating AML practices in routine business operations, such as client onboarding, businesses can ensure greater profits and a secure work environment for themselves. Through this blog, businesses can develop an understanding of how to easily and efficiently integrate AML practices into their routine onboarding process.

Risks to be Considered While Conducting Client Onboarding

Client onboarding is the process of getting new clients who set up an account with a business and avail themselves of the products/services offered by such businesses.

However, businesses need to be mindful that some of the clients may increase a business’s exposure to ML/TF/PF threats if such clients are identified as:

Sanctioned Individuals:

Specific individuals or entities subject to targeted financial sanctions by the United Nations Security Council or other relevant committees or international sanctions lists that contribute to the threat or breach of international peace and security.

Politically Exposed Persons (PEPs):

PEPs are individuals entrusted with essential public functions, including the role held by the head of state, head of government, government minister, senior civil or public servant, senior judicial or military official, senior executive of a state-owned corporation, or senior political party official in Singapore or any other jurisdiction outside Singapore. However, mid-level or junior officials are not considered as PEPs.

Individuals who perform essential functions for international organisations, such as working in the capacity of a director, deputy director, member of the board, and member of the senior management of an international organisation, are also considered PEPs. However, mid-level or junior officials are not considered PEPs.

Terrorists or Terrorist Groups:

Individuals or groups engaged in terrorist activities or terrorism financing (TF).

Originate from or Connected to High-Risk Countries:

Individuals or entities belonging to countries that have significant strategic loopholes in their AML/CFT frameworks.

Behaviour Suggests Money Laundering Activities:

If the client’s behaviour resembles the commonly observed red flags or typologies.

Prior Connection with Financial Crimes:

Individuals or entities previously associated with financial crimes, such as tax evasion, corruption, bribery, etc.

AML Compliance Procedures to Follow During the Client Onboarding Process

In order to counter ML/TF/PF effectively, businesses need to identify and categorise their potential clients into high-risk, medium-risk and low-risk clients.

This identification and classification help businesses decide whether to form a business relationship with a client. Businesses apply the following procedures during client onboarding to identify and segregate clients based on the risk appetite of their respective businesses:

Know Your Customer (KYC):

Businesses must undertake KYC processes to identify a client by obtaining particulars such as names, addresses, contact numbers, and other critical information. Further, collect documents and verify the details submitted by the client.

Client Screening:

Businesses must screen the client against lists of sanctions, Politically Exposed Persons (PEPs), terrorists, and negative news sources.

Risk Assessment:

Before onboarding a client, businesses must assess the client’s risk based on the client’s business, location, transaction, delivery channels, and products/services.

Configure Transaction Monitoring Rules:

Establish transaction monitoring rules based on the expected nature, size, and volume of the customer’s transactions, along with other identified risk factors.

Record-Keeping:

Maintain records of all processes undertaken for the client and their results for further reference and usage.

Review and Audits:

Review the client onboarding process to ensure its effectiveness and alignment with regulatory requirements.

Businesses must follow these processes while onboarding new clients. These measures ensure that businesses do not onboard clients linked to illicit activities.

Client Onboarding Regulations in Singapore

Singapore has always been at the forefront of setting global standards for a secure business environment. The Corruption, Drug Trafficking, and Other Serious Crimes (Confiscation of Benefits) Act is the main law that criminalises laundering funds from illicit activities.

To streamline the regulatory practices, a regulatory authority has been established for each sector to define regulatory requirements and ensure compliance by regulated entities.

Know Your Customer (KYC):

Businesses are required by their respective sectoral regulatory authorities to obtain client information such as:

Full name, including aliases
Unique identification number
Registered address
Date of Birth or date of incorporation/registration

Additional case-specific documents must also be collected based on the client’s business structure:

Name, legal form and proof of existence
Instrument under which the entity is constituted
Identities of Directors/ Senior-most executive official
Principal place of business
Ultimate Beneficial Owners

Businesses must verify the information provided by the client using reliable sources such as:

Information available on client’s website or published annual reports,
Information available with public sources such as government directories (Bizfile+), annual returns and filings with regulatory bodies,
Information from other reliable sources like research reports.

Name Screening:

Regulatory authorities require businesses to take reasonable measures to determine if the client or their family members or close associates are Politically Exposed Persons (PEPs). If the client or its family or associates are identified as PEPs, then enhanced due diligence measures must be taken. If there is a reason for a business to suspect that the client may be a terrorist or sanctioned individual, the business must:

Refuse to enter into any transaction with such client,
Terminate any transaction entered into with the client,
Report the police.

Risk Assessment:

Regulatory authorities have specified factors that registered entities must consider when conducting a risk assessment of a client, including:

Type of client
Scale of client’s business activities
Purpose of Business relationship with the client
Geographic area of client’s business activities
Client’s business relationships/transactions with persons from/in countries with inadequate AML/CFT measures
Layers of the client’s business structure

Risk-Based Approach:

Businesses must perform due diligence measures in accordance with the client’s risk profile. For high-risk customers, EDD measures must be taken, such as:

Approval of a senior management official is required before entering into a business relationship with the client.
Reasonable steps must be taken to establish the relevant person’s source of wealth and source of funds
Record the basis of assessment

Where the client’s risk profile is low, businesses can take appropriate simplified or standard due diligence measures to identify the client, its beneficial owners and persons acting on behalf of the client.

Transaction Monitoring:

Businesses must ascertain that the client’s transactions are consistent with the business’s knowledge of the client, the client’s income and sources of funds.

Record Keeping:

Businesses must maintain records for a period prescribed by their respective regulatory authorities of the following information:

All transactions with the client
All information of the client collected during the CDD process
Copy of supporting documents relied on during the CDD process

Review and Audit:

Businesses must implement an independent audit and review mechanism to periodically assess the effectiveness of the business’s AML program.

Tech Initiatives for Improved Client Onboarding Compliance

To streamline the onboarding process, the Monetary Authority of Singapore (MAS) has recognised the MyInfo platform as a reliable source for identifying and verifying customer details such as name, unique identification number, date of birth, nationality, and residential address. Where the MyInfo platform is used, Financial Institutions are not required to obtain additional identification documents or photographs of the client.

Another initiative is non-face-to-face client identity verification. Secure methods such as digital signature, biometric identification, and real-time video conferencing. MAS recommends that regulated entities adopt technological solutions to improve AML efforts, including the client onboarding processes.

For companies registered in Singapore by its residents, verification of corporate structure is easier. However, in the case of a foreign company or a company registered in Singapore by foreigners, a simple verification through video conferencing won’t suffice. Businesses should ensure additional checks by verifying soft copies of registration certificates of such foreign companies or companies registered by foreign persons.

Manual checks of scanned documents can be cumbersome, leading to delays or false results. So, businesses must adopt advanced technological software or systems and deploy experienced compliance teams to handle the verification process. Advanced systems leverage AI, biometrics, and authentication tools for accurate and faster results.

The regulatory authorities have created an email alert system to send UN sanctions list updates to Financial Institutions (FIs) and Designated Non-Financial Businesses and Professions (DNFBPs). Such government initiatives make compliance easier for businesses.

Best Practices of Client Onboarding in AML

Adopt the following best practices of customer onboarding to enable AML compliance:

Follow the precise AML-incorporated client onboarding process.

Customer Identification: Collect data on customers and verify the same with the help of documentary proof.
Risk Assessment: Identify the potential risks of the customer to the business and create a risk profile. Categorise the customer as low, medium, or high risk.
Due Diligence: Standard due diligence is enough if the client is low-risk. In the case of a high-risk client, undertake enhanced customer due diligence, collect more data on such customers, and escalate the case to higher-level authorities.
Account Opening: On collecting all the customer information, if the client’s risk profile is low or medium, proceed with account opening. If the client is high-risk or only half of the data points are available, reject the application.
Annual Assessment: Assess the client’s transactions to detect sudden anomalies. Re-evaluate their risks to check for any changes in risk levels and act accordingly.

Create a crisp and clear client onboarding strategy

A business-client relationship is usually a long-term relationship. So, it is not ideal for any business to start an onboarding process without a clear strategy.

Hence, businesses need to define their onboarding strategy.

Start by defining the objectives of the onboarding process.
Make a list of all the goals the organisation aims to achieve with this onboarding process.
Identify the outcomes that the business wishes to achieve.
Define the step-by-step procedure and guidelines for each step.
List the resources required for each task.
Decide upon the timelines and costs associated with each step.

This will provide a clear direction for the client onboarding process execution.

Update the client onboarding process with changing regulatory requirements

While onboarding customers, businesses need to consider the AML regulations related to:

KYC
CDD
Transaction monitoring
Customer screening

Businesses must perform these procedures while onboarding customers. Any changes in these processes must be reflected in the onboarding process. Thus, it is essential to be updated with the regulatory environment and adapt the business’s internal policies to regulatory changes. These adjustments can ensure proper compliance with regulatory requirements during the customer onboarding process.

Use a combination of human and technology-based techniques for identification and verification

A client onboarding process involves the following processes:

Data collection
Assessment
Verification
Recordkeeping

Manual handling of these processes can be taxing and time-consuming and may lead to high false positives and false negatives. There is a high chance of human error and negligence in identifying critical data. The time-consuming nature of the entire manual process can be a pain point for the customer.

Businesses often resort to advanced technological solutions to tackle this challenge. Automated KYC and CDD solutions collect and verify customers’ data. Advanced systems ensure safe recordkeeping and an overall efficient and secure customer onboarding experience.

Moreover, customers enjoy the automated client onboarding process because it is faster, more accurate, and less complicated. Customers are less likely to get frustrated with repetitive, complicated, or unnecessary questions, so the friction points diminish. Hence, customer drop-offs decrease.

However, complete neglect of human insights is a big mistake. Human eyes can notice strange customer behaviour, which even technology cannot. So, manual checks and technology scanning are necessary to get a 360-degree view of customer risks.

Embrace remote KYC and due diligence methods

MAS has issued circulars for the use of MyInfo and CDD Measure for non-face-to-face business relations. It involves data collection and validation using video conferencing, biometric identification, and digital signature. Regulated entities are encouraged to embrace remote KYC for the following reasons:

It adds to customers’ convenience. It enables customers to complete the process from anywhere at any time using their devices.
It avoids the hassle of office visits and producing physical documents. All these are manageable digitally, adding to a positive user experience.
When customers complete the identification and validation processes remotely, the onboarding is accelerated. Saving time on client onboarding allows businesses to focus on other strategic tasks.
Technological interventions by the government and regulatory authorities such as MyInfo and Singpass provide the necessary features to check the authenticity of documents and information. This ensures enhanced risk management.

If customers are happy, there are fewer chances of drop-offs.

Train the employees on client onboarding in AML

Client onboarding processes require managing a lot of information and documentation, which requires trained and skilled employees. Unskilled employees affect the process’s quality.

Training must be provided on the significance of AML compliance and employee responsibilities. Employees must know the KYC and CDD data points to collect to build the risk profile. These include:

Identity
Contact details
Sources of income/wealth
Beneficial owners
Credibility score
Any mention of sanctions or PEPs

Efficient data collection and verification with documents ensure quality and correct results. Employees must keep up with the latest industry trends, best practices in client onboarding, and AML regulations.

Recordkeeping- The backbone of the AML program

The client onboarding process leads to a massive load of data. Businesses must maintain records of every step of the onboarding process, including KYC, CDD, and KYT (Know Your Transaction) procedures. Records are essential for future use and to ensure compliance. Advanced technologies have systems in place to collect and validate data, which can be used for record keeping.

Authorities refer to these records when conducting audits or investigations of an organisation’s AML compliance processes. Businesses must furnish records such as account details and information about the entity when submitting suspicious activity and cash transaction reports to the Suspicious Transaction Reporting Office (STRO) using the STRO Online Notices and Reporting Platform (SONAR).

Creating a balance between AML compliance and customer experience

It is important to strike a balance between adhering to regulatory requirements and catering to the client’s needs. Businesses can take the following steps to enhance client experience while performing AML procedures:

Making efforts to reduce the time taken in AML procedures with the help of advanced technologies
Prioritising the client’s data privacy and ensuring transparency during the onboarding process to build trust
Engaging the client with the business’s core products or services to create a long-term relationship.

Businesses can adopt such strategies to improve the customer experience while completing the client onboarding process.

Motivate customers to furnish correct, complete, and updated data

Clients may not always be ready to furnish their information. They might find the data collection process tedious and invasive. So, it becomes important for businesses to devise effective ways to gather data from customers like:

Explaining the significance of AML compliance to the client.
Making the data collection process more manageable and smoother.
Train employees to engage with clients during the onboarding process to make it a more comfortable experience.
Incorporate technological solutions to speed up the process.

Adopt a risk-based approach for further due diligence

Upon performing KYC, businesses can identify client risks. So, based on the customer’s risk profile, businesses can perform adequate due diligence measures.

Thus, a risk-based approach must be adopted for customer due diligence. Applying the same and consistent due diligence for all customers is a big mistake.

So, due diligence measures vary based on a customer’s risk profile. If a client is high-risk, enhanced due diligence (EDD) is required. A simple CDD or standard CDD would suffice if the risk is low. This process allows businesses to determine their client acceptance and exit policy.

Increase the KYC and due diligence intensity for foreign customers

The involvement of more than one country changes the story of AML compliance. There are differences in AML regulations, and distinct identification and verification rules exist. These variances affect the process of validating customer data. Therefore, businesses must exercise greater caution while dealing with cross-border transactions.

Organisations can adhere to the following practices:

Collect more data about foreign clients, their agents and beneficial owners.
Assess the AML regulations of the jurisdiction that the client belongs to or is connected with.
Perform client screening against that jurisdiction’s local sanctions list, PEP lists, and adverse media information.

Ensure sufficient data security policies for keeping customer data safe

In the current times, data protection is a significant concern. Businesses store large quantities of customer data. Ignoring data security may make customer identities and documents unsafe. So, businesses must ensure data protection by implementing these principles:

Maintain data confidentiality and security.
Implement technological solutions to prevent data breaches and hacking.
Follow privacy regulations to avoid any access by non-permitted users.
Adopt sound cybersecurity measures and anti-malware policies to protect customer data from malicious actors.

Corroborate client representation with reliable information

It is important not to rely solely on the information provided by the client. Businesses must verify client’s information with reliable documents and evidence. For instance, Businesses can seek a company memorandum and articles of association to verify the particulars of a corporate entity and identify its beneficial owners.

For Politically Exposed Persons (PEPs) or prominent public profiles, businesses can corroborate such client representation against reliable public information sources.

Conclusion

Implementing the above-mentioned best practices can ensure a safe and smooth onboarding process that can culminate into a long-term business relationship with mutual benefit for businesses and clients.

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article Singapore

ACRA AML/CFT Requirements Review (Inspection) of Public Accountants and Accounting Entities

All accounting entities and public accountants in Singapore carrying out covered activities are required to undergo periodic ACRA inspections, through which their Anti-Money Laundering and Counter-Financing of Terrorism (AML/CFT) compliance measures are inspected by ACRA. The ACRA is responsible for forming and appointing the Public Accounts Oversight Committee (PAOC), which is responsible for appointing an entity reviewer to carry out the ACRA AML/CFT Requirements Review process of all accounting entities and individual practitioners.

The Accounting and Corporate Regulatory Authority (ACRA) registers and regulates public accountants and individual practitioners in Singapore as per the rules and standards prescribed under the Accountants Act, 2004.

The Accountants Act, 2004, also referred to as ‘the act’, is the primary legislation in Singapore governing accountancy services provided by accounting entities and professionals. The Accountants (Prevention of Money Laundering and Financing of Terrorism) Rules 2023 require accounting entities and their practitioners to have in place, an adequate AML/CFT compliance framework, consisting of internal policies, procedures and controls (IPPC) for combating Money Laundering (ML), Financing of Terrorism (FT), and Proliferation Financing (PF) risk effectively.

Let’s examine these AML regulations in Singapore. Moreover, we’ll discover the AML compliance initiatives that luxury goods market operators must implement to reduce the risks of financial crimes. These measures mitigate money laundering risks and prevent criminals from exploiting this market.

Accounting entities and individual practitioners’ AML/CFT IPPC is subject to ACRA AML/CFT Requirements Review.

ACRA AML/CFT requirements review (inspection) process of Public Accountants and Accounting Entities

ACRA AML/CFT Requirements Review (Inspection) Process of Public Accountants and Accounting Entities

The ACRA AML/CFT Requirements Review process comprises of following steps:

1. Entity Reviewer Inspects AML/CFT Compliance Requirements

The entity reviewer carries out an AML/CFT requirement review. For this purpose, the entity reviewer has the power to:

Examine any records or the description of records in the possession or under the control of the accounting entity or practitioner that the reviewer entity believes are relevant to review.
Seek explanations or further details of any records or documents, excluding any such record or document containing privileged communication to or from a legal practitioner.
Upon concluding the review, the entity reviewer submits a report to the Registrar.

2. Opinion of the Registrar

After considering the report submitted by the entity reviewer, if the registrar is of the opinion that the accounting entity or any of its practitioners have breached any of the AML/CFT requirements, it shall submit a report to the Public Accounts Oversight Committee PAOC (Firm Level).

3. Decision by the Public Accounts Oversight Committee (PAOC)

Upon submission of the report by the registrar, the PAOC assesses and decides the consequences of non-compliance with AML/CFT requirements by accounting entities and practitioners.

Consequences of AML/CFT Non-Compliance by Accounting Entities and Public Accountants

The Public Accounts Oversight Committee (PAOC) is the final authority to decide on the outcome of AML/CFT requirements inspection as the PAOC determines procedure for conducting ACRA inspection of any accounting entity and public accountants

Upon considering the ACRA inspection report of the Registrar, if the PAOC (Firm Level) is satisfied that the accounting entity or its individual practitioners are non-compliant, with AML/CFT compliance requirements,

The following consequences may follow where the PAOC may direct the following orders:

Revocation of the approval granted to the accounting entity or cancellation of the registration of individual practitioners.
Suspension of the accounting entity from providing accountancy services or suspension of an individual practitioner for up to one year.

The PAOC is also empowered under the law to prescribe to public accountants and accounting entities, any standardised methodology, procedures, code of professional conduct, or other requirements necessary to enable them to identify, prevent, and mitigate ML/FT and PF risks, with timely reporting of suspicious activities and transactions to regulatory authorities, and maintaining adequate records of AML/CFT measures taken.

Conclusion

The PAOC in Singapore is responsible for deciding on the registrar’s opinion based on the ACRA inspection carried out by the entity reviewer. The PAOC, upon finding any incidence of non-compliance with the prescribed AML/CFT requirements, shall take punitive action.

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article Singapore

AML compliance for the luxury goods market in Singapore

Money laundering threats are a common stain on all kinds of luxury goods. Worldwide, financial criminals consider art, antiques, gems and stones, yachts, and watches to be an accessible medium to launder money. So, AML compliance for the luxury goods market is essential to eliminating money laundering.

Recently, Singapore fell prey to such a money laundering scandal in the luxury goods market in 2023. The criminals earned dirty money through illicit means and cleaned them up in the legal Singaporean financial system. Using this money, they bought several luxury goods, which the police seized during investigations. This scam brought the country’s regulatory authorities’ attention back to strengthening AML regulations for the luxury goods market.

Let’s examine these AML regulations in Singapore. Moreover, we’ll discover the AML compliance initiatives that luxury goods market operators must implement to reduce the risks of financial crimes. These measures mitigate money laundering risks and prevent criminals from exploiting this market.

AML compliance mandate concerning luxury goods

The AML regulations in Singapore apply to “precious products”.

Recently, the Singapore authorities introduced a Bill seeking to expand the scope of “precious products.” Previously, this term was restricted to high-value products wherein at least 50% of value was attributed to precious stones or precious metals (PSPM). Now, with the newly proposed definition of “precious products,” the mandatory condition of having a PSPM element in a product to qualify as a “precious product” has been relaxed.

Now, the “precious products” would include the following items subject to the prescribed threshold, and the dealers engaged in such precious products would be subject to AML compliance in Singapore:

Jewellery, watches, ornaments, apparel, accessories, etc., of value exceeding S$ 20,000, irrespective of the value attributable to the PSPM.

Considering the money laundering vulnerabilities associated with luxury items, the definition of “precious product” is proposed to be amended to include high-value luxury items traded at premium prices because of the brand label associated with the item or the involvement of craftsmanship.

Such products include high-end watches, accessories, apparel, etc., though they involve very little or no element of precious metals or precious stones. Criminals have exploited these products, resulting in the laundering of illegally obtained proceeds.

Money laundering threats in the luxury goods market

The risks associated with luxury goods are high due to the following reasons:

High-valued items

Luxury items are high-valued goods, attracting money launderers who exploit them in several ways. High-valued items make it easier for money launderers to launder vast sums of money.

Cash transactions

The purchase and sale of luxury goods are mainly through cash transactions. Thus, it becomes difficult for authorities and police to track their source and destination.

Global Nature

You can transact luxury items globally across multiple jurisdictions. This feature increases your exposure to money laundering and similar other threats, with no restriction on the boundaries.

Easy to transport

These goods are easily transportable, and questioning and interrogation are minimal or non-existent. You can carry some of these items, like jewellery, luxurious apparel or ornaments, across borders without hassles.

High resale value

One unique characteristic of luxury items is their high resale value. There is a high demand for these goods among wealthy and high-net-worth individuals. These goods also fetch a good resale value, specifically in the case of rare and unique collectibles. So, criminals leverage this feature to their benefit.

Involvement of intermediaries

Luxury items provide an easy way to use shell companies or third parties to buy, sell, and manage these assets. This means you buy these items not directly but using offshore or foreign accounts. The anonymity and privacy associated with these intermediaries increase the possibility of money laundering activity, concealing the true identity of the criminal or launderer.

Confidentiality

The luxury goods markets enjoy a sense of confidentiality and discretion. You need not provide details on the actual owners of these goods. That is why the risk of financial crimes is high.

Low awareness

Dealers in such luxury items are unaware of the AML compliance requirements worldwide and nationally. Moreover, they are ignorant of the risks of such financial crimes to their business.

Trade-based money laundering

Trade-based money laundering is possible in the case of luxurious items carrying a premium associated with the brand, which is abstract. It is an accessible market for over- or under-invoicing. You can manipulate the prices to show higher or lower rates for laundering money. Criminals might also create false invoices to show a purchase and sale transaction despite no such activity.

Secured transaction zones for art

Another primary factor that has cropped up in recent years is the construction of Freeports. These are storage spaces in transit zones near airports to facilitate art purchase and sale transactions. These are secured zones offering privacy and anonymity to buyers and sellers. In these spaces, no tax is applicable on art and antiques, so you are also saved from those costs.

Easy to buy and sell personal luxury items

Money laundering in personal luxury items is easy because anyone can buy these from any country. Ineffective due diligence measures at borders lead to easy transit to the country of residence. Thus, provoking the launderers to evade taxes on such items and launder money without coming into the spotlight of the origin country’s regulator. Moreover, no one asks the beneficial ownership of these personal luxury items.

Possible use as currency or medium of exchange

Luxury goods obtained illegally are used as a means of payment or to barter another luxury item. Thus, you can place dirty money in the legal market as a currency.

Virtual luxury items

Now, these luxury items are also available in virtual form. So, the risks associated with virtual assets also apply to them. Specifically, they can avoid many regulatory mandates and sanctions.

Thus, these are the possible ways criminals can engage in money laundering through luxury goods transactions.

Accordingly, recognising the legal requirement and the associated risk, you must prevent criminals and launderers from saving your business from exposure to financial crimes. If you don’t, you will be AML non-compliant, inviting fines and penalties. It can lead to criminal action against you, reputational damage, or loss of business. So, you must adopt appropriate techniques to prevent them.

Strategies in AML compliance for the luxury goods market

To prevent and mitigate money laundering and other financial crimes, you must implement the following techniques in AML compliance for the luxury goods market:

Strategies to Ensure AML Compliance in Luxury Goods Market

Detailed AML compliance program

The high risks of money laundering require a detailed strategy for fighting it. You need to know your plan for complying with AML regulations. It is also essential to prevent and mitigate the potential money laundering threats.

So, design a comprehensive customized AML compliance program. It must have adequate policies and controls to fight these financial crimes. This includes procedures for KYC, CDD, transaction monitoring, and sanction screening. Keep updating them on time to align with the evolving regulations and innovations in money laundering.

The strategy must also define the skills you need in your business to handle AML compliance. Based on this, you can hire people for AML compliance-specific jobs. It also enables you to design relevant AML training for your AML activities. Thus, the strategy directs you on how to go about your AML compliance.

This AML compliance program must align with the following acts applicable to luxury items businesses in Singapore:

Corruption, Drug Trafficking, and Other Serious Crimes Act (CDSA)
Terrorism (Suppression of Financing) Act (TSOFA)
Precious Stones and Precious Metals (Prevention of Money Laundering and Financing of Terrorism) Act, 2019
Precious Stones and Precious Metals (Prevention of Money Laundering and Financing of Terrorism) Regulations, 2019

KYC and customer due diligence

AML compliance requirements need you to know about your customers. So, you must focus your efforts on conducting KYC and customer due diligence of your customers. Collect the following details on your customers and verify the same using reliable, independent sources:

Name, address, occupation
Nationality
Transaction’s purpose and objective
Source of funds and wealth
Beneficial owners of luxury items
Expected mode of payment

The most critical information is where the money is coming from and where it is going. Also, the information bit on beneficial ownership. Both these data points help you establish any potential linkages to financial crimes.

You must create your customers’ risk profiles based on all these details. The risk profile helps you categorise customers as low, medium, and high risks. It is also necessary to screen your customers against different national, regional, and international watchlists, including but not limited to:

Terrorists
Politically Exposed Persons (PEPs)
Sanctions
Individuals involved in corruption, bribery, and other illegal acts

So, you must be extra careful while dealing with high-risk customers. All these information-gathering and analysing processes need you to deal with more paperwork.

Transaction monitoring & Identifying suspicious transactions

Monitoring your customers’ transactions is critical to spot suspicious ones. You must be aware of the red flags to detect them. Once you know them, it is easier for you to detect them. You can investigate them further and take action based on the results.

Understanding the layering of transactions is essential. This is where launderers play smartly to hide dirty money in clean money. So, you must create custom transaction rules based on your customers’ risk profiles and transaction patterns. Look for signs that raise doubt in your mind, like the following:

Large cash transactions
Concealing beneficial ownership
Inconsistency of the transaction with the customer’s profile
Customers from high-risk jurisdictions
Involvement of layers of intermediaries in transactions

Using a technological solution to monitor transactions is a smart move. You can ensure accurate results, complete monitoring, and faster processing. But do not ignore adding the human touch to transaction monitoring. Check the suspicious ones manually to understand the customer behaviour behind possible money laundering.

AML training

You must make it a point to give due importance to AML compliance in your entity. All employees must understand how significant AML compliance is in preventing financial crimes.

Thus, whether you want to create an AML culture in your business, monitor transactions, conduct CDD, or report suspicions, your employees must know how to do all this. If your employees are unaware of the reason and procedures, your AML compliance will go haywire.

So, pay attention to training your employees on AML measures and strategies. Such training must teach the following topics:

Significance of AML compliance for your industry
Methods of conducting KYC, due diligence, and sanction screening
Monitoring transactions, identifying and reporting suspicions

Until employees know the what, why, and how of AML procedures and controls, it is challenging to get their focused dedication; only when they give their 100% can you ensure a culture of AML compliance. It will help you prevent money laundering risks and follow Singaporean AML requirements.

Reporting & AML Recording Keeping

As crucial as transaction monitoring and due diligence are to AML compliance, similar criticality is held by reporting and record-keeping. You will be checking transactions to identify the suspicious ones amongst those. You will also be monitoring your customers to detect their levels of risk to your business. If you forget to maintain records of these results, they do not serve the complete purpose.

Recording and reporting these procedures and results is significant. Since you need to file suspicious activity reports and cash transaction reports, you must have a well-defined procedure for them. Define the people responsible for them, the procedure, and the format. Also, explain any internal reporting process you must follow for AML compliance.

Similarly, maintain records of each of your AML procedures. Save everything, be it KYC records, due diligence reports, customer risk profiles, transaction monitoring results, or AML training manuals. As stipulated in the regulations, maintain these records for at least five years.

Internal and external collaboration

An often overlooked AML strategy is internal and external collaboration, communication, and cooperation.

Smooth communication on AML between departments eases your AML compliance journey. You must discuss the AML procedures that overlap with your activities and challenges, deliberate on potential solutions, and consider their impact. You must also communicate well with senior management to discuss suspicious transactions and customers. The management must communicate the AML policies and procedures to the employees.

Besides internal communication, external cooperation is necessary with:

Industry regulators for AML expectations & guidance
Peers for shared database in KYC, sanctions screening, and due diligence

Thus, you must collaborate with your industry players to achieve AML compliance and free the luxury goods market from money laundering threats.

Niyeahma – your AML compliance journey partner

These AML compliance strategies can ensure your luxury items business sparkles. But doing it all alone while dealing with the rising competition is daunting. So, the best option is to partner with a specialist AML compliance services provider. And who better than AML Singapore to join hands with to move ahead in your AML compliance journey?

Amidst all these money laundering concerns regarding luxury items, you have a beacon of hope in AML Singapore. We help you with all the necessary strength to fight money laundering. Our consultants provide support to protect the integrity of financial transactions.

Our consultants are here to help you with any of the AML compliance strategies listed above. Not only this, we create a customised strategy to suit your business needs. These AML measures ensure you protect your luxury items from exposure to money laundering threats.

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article Singapore

Importance of AML Regulatory Awareness amongst the DNFBPs

Financial crime significantly threatens the integrity of countries and businesses. Given that Designated Non-Financial Businesses and Professions (DNFBPs) play a significant role in the financial system, they are also prone to financial crime threats, making them susceptible to being exploited by criminals for illicit activities. These financial crimes include money laundering (ML), financing of terrorism (FT), and proliferation financing (PF).

In this context, the DNFBPs established in Singapore must understand and comply with regulations concerning ML/FT and PF crimes.

Thus, DNFBPs must have adequate AML regulatory awareness to promptly identify and mitigate the risks of ML/FT and PF. Understanding ML/FT and PF risks and regulatory frameworks is essential for DNFBPs to adopt effective preventive measures to safeguard the business against such vulnerabilities and comply with regulatory frameworks.

What is ML, FT and PF?

Financial crime is an umbrella term encompassing the three vices adversely impacting the world’s financial ecosystem: money laundering, terrorism financing, and financing the proliferation of weapons of mass destruction. Although ML, FT, and PF are often used together, there are certain fundamental differences between them.

Money Laundering (ML)

The crime of ML means disguising criminal proceeds and their illegal sources to make them appear as if generated from legitimate activities. In a general sense, ML is converting dirty money into clean money. It usually involves three stages—placement, layering, and integration—through which the illicit funds are placed in valid financial systems, routed through complex transactional structures, and commingled with legally obtained funds.

Financing of terrorism (FT)

FT is an activity of funding terrorist activities, which can be done irrespective of the source of the fund, i.e., the money used for terrorism financing may be from legal or illegal activities. Therefore, unlike ML, where the proceeds are from illicit activities, the source does not matter in the crime of FT. It is concerned with giving away money to terrorist organisations executing terrorist attacks or propagating the anti-social agenda.

Proliferation Financing (PF)

PF refers to the act of providing funds or any other services in relation to the manufacture, acquisition, possession, development, export, trans-shipment, transfer, stockpiling or use of nuclear, chemical or biological weapons for mass destruction and related materials for non-legitimate purposes.

These financial crimes impact the country’s economy, peace, security, and stability of the financial system.

What is ML, FT and PF Risk?

ML, FT and PF risk or the overall financial crime risk for the DNFBP is the potential exposure that the DNFBPs may face on account of it being used as a medium for facilitating money laundering, terrorism financing, or proliferation financing.

These risks may arise from the nature of the entity’s business, the geographies it is connected with, the customers it handles, or the products/services it offers.

These risks may hamper the business’s stability, harm its reputation and result in financial losses, including huge administrative penalties.

Why are DNFBPs in Singapore prone to ML/FT and PF risk?

Under Singapore’s existing AML regulatory regime, the primary businesses and professions classified as DNFBPs are:

Dealers in Precious Stones and precious Metals (PSPM)
Real Estate Sector Agents and Developers
Lawyers
Corporate Service Providers
Public Accountants
Casinos
Pawnbrokers

As a global financial hub, Singapore attracts various customers and businesses, which increases the likelihood of exploiting these DNFBP segments for illicit financial activities and makes them vulnerable to ML/FT and PF risk.

For example, a criminal from a foreign country may visit Singapore and misuse a PSPM dealer to buy high-value gold or diamonds against the funds illegally generated in the home country. A registered financial agent may also be used to set up a shell company in Singapore, which shall be used as a vehicle for cross-border funds movement without engaging in real commercial operations.

How does the awareness of Singapore’s AML regulatory framework help DNFBPs?

The DNFBPs in Singapore are mandated to implement necessary risk mitigation measures as prescribed in the AML laws. The DNFBPs must understand the AML regulatory framework applicable to their operations and integrate the business activities with the relevant complince obligations. Following is a list of a few indicators highlighting the importance of why DNFBPs in Singapore must be aware of the country’s AML regulatory framework:

Ensuring Continuous Regulatory Compliance

Knowledge and awareness of Singapore’s AML regulations help DNFBPs comply with regulatory requirements. Staying up-to-date with the regulations also helps DNFBPs learn about the new risk mitigation measures prescribed by the authorities to combat the newer ML/FT typologies.

Further, sound knowledge of the laws also helps businesses understand the consequences of non-compliance, such as penalties, fines, and other charges imposed by regulators. With a command over regulations, DNFBPs can avoid and reduce the imposition of penalties and breaches, demonstrating their commitment to responsible business practices.

For example, Regulated Dealers in Precious Stones and Precious Metals are required to file a Cash Transaction Report (CTR) for specified transactions. Thus, unless the dealer is aware of this requirement, there is a high likelihood of missing such compliance and intimating the authorities of the transactions carried in cash involving buy/sell or precious metals and stones.

Crafting Tailormade IPPC and Effectively Combating the ML/FT/PF risk

A thorough understanding of AML laws helps DNFBPs understand the compliance obligations and risk mitigation measures they must follow to protect their businesses and the economy.

AML regulatory awareness would help DNFBPs develop an AML program consisting of internal policies, procedures, and controls (IPPC), driving their ML/FT risk mitigation framework. The IPPC would be comprehensive only if the DNFBP understood the laws and regulations applicable to their business industry. This legal awareness would help the DNFBP detail the methodology for assessing the business risk, customer onboarding (Customer Due Diligence) process, AML governance structure, AML record-keeping mechanism, identification and reporting of suspicious transactions, etc.

With a robust, comprehensive, and documented AML program, the DNFBPs could educate the team and leverage the resources to identify the exposure to ML/FT and PF risks in a timely manner and promptly deploy the necessary risk mitigation actions.

Therefore, a grasp of the regulatory framework helps frame AML policies, procedures, and controls aligned with best practices and regulatory compliance. This leads to better implementation of statutory commitments within the organisation.

Building Trust and Brand Value

Knowledge of regulatory frameworks helps the DNFBPs better implement the AML compliance measures, demonstrating their commitment to combating financial crimes and building a safe and secure working environment. This builds a good business image, promoting growth significantly. Additionally, an adequate compliance culture creates an affirmative reputation among the authorities.

Further, with a comprehensive understanding of regulatory frameworks, DNFBPs promote ethical conduct and avoid penal implications and legal liabilities.

In the age of global trade, knowledge of country regulatory compliance and international requirements is important for businesses wanting to expand their business across borders. Along with an understanding of local regulations, the knowledge of Singapore’s collaboration with international organisations, such as the Financial Action Task Force (FATF), would also help DNFBPs navigate the complexities of global trade with integrity and conviction. DNFBPs with such knowledge can effectively comply with international requirements when engaging in international business and transactions. Businesses complying with AML regulations are always preferred as trusted business partners.

Thus, regulatory awareness increases trustworthiness and respect, attracts new customers and investors, and improves the business’s overall performance.

Selecting and Integrating the Business with Adequate AML Solutions and Tools

With the development in the technological sector, various AML tools and software are available that make AML compliance efficient and easy. Understanding the regulatory framework helps a business identify and deploy the best AML solutions, which helps in effectively implementing the designed AML procedures and controls. These tools with advanced features help businesses automate manual and repetitive processes, such as name screening and ongoing monitoring, and optimising the use of resources. Furthermore, DNFBPs with knowledge of regulations better allocate business resources while ensuring AML compliance.

Primary AML Regulations applicable to DNFBPs in Singapore

In Singapore, the government has enacted various regulations to prevent ML/FT and PF. Here is the list of primary regulations that apply collectively to all DNFBPs in Singapore:

Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act, 1992

The Corruption, Drug Trafficking and Other Serious Crimes Act (Confiscation of Benefits), 1992 (‘CDSA’) is the primary regulation imposing a statutory obligation on reporting entities, including DNFBPs, to detect and report suspicious transactions to the authorities. The CDSA was enacted to provide a regulatory framework for combating corruption, drug trafficking, and other serious crimes, including financial crimes like money laundering.

Terrorism (Suppression of Financing) Act, 2002 (TSOFA)

The Terrorism (Suppression of Financing) Act, 2002 is Singapore’s primary legislation focused on suppressing terrorism financing. It was enacted to give effect to the International Convention for the Suppression of the Financing of Terrorism, a United Nations (UN) treaty, and to restrict terrorism financing more efficiently.

Prevention of Proliferation Financing and Other Matters Act 2024

The Singapore Government recently passed the bill and introduced the Prevention of Proliferation Financing and Other Matters Act 2024. The PPFOMA amends provisions laid down in CDSA and various supporting acts governing DNFBPs to prevent the financing of the proliferation of weapons of mass destruction. The PPFOMA aims to enhance and strengthen the existing AML/CFT framework by including the PF as a criminal activity and extending the applicability to counter measures to this financial crime.

Other Sector-specific Regulations and Guidelines for DNFBPs

In line with the primary statutes mentioned above, various AML supervisory authorities in Singapore have issued detailed regulations and guidelines to help the relevant DNFBPs navigate compliance effectively, seamlessly protecting the segment against the financial crime risk. Some of these regulations and guidelines which the DNFBPs must be aware of and abide by are:

Accountants (Prevention of ML and FT) Rules 2023
ACRA (Filing Agents and Qualified Individuals) Regulations 2015
Precious Stones and Precious Metals (Prevention of Money Laundering and Financing of Terrorism) Act, 2019
Precious Stones and Precious Metals (Prevention of Money Laundering and Financing of Terrorism) Regulations, 2019
Estate Agents (Prevention of Money Laundering and Financing of Terrorism) Regulations, 2021
Legal Profession (Prevention of Money Laundering and Financing of Terrorism) Rules, 2015
Casino Control (Prevention of Money Laundering and Financing of Terrorism) Regulations, 2009

Conclusion

Awareness of Singapore’s AML regulations is essential for DNFBPs to mitigate ML/FT and PF risk and ensure 100% compliance. With a sound understanding of regulatory requirements, DNFBPs can implement essential AML measures tailored to their businesses, safeguarding the business against threats imposed by financial crime activities.

Therefore, familiarity with the AML regulatory framework ensures that DNFBPs comply with legal requirements and maintain the integrity of the financial system.

FAQs on the Importance of AML Regulatory Awareness amongst the DNFBPs

What are DNFBPs in AML?

DNFBP stands for Designated Non-Financial Business and Profession, encompassing real estate agents, lawyers, dealers in precious stones and precious metals, registered filing agents, pawn brokers, accountants, and casinos.

What are the primary laws for AML compliance for DNFBPs?

The Corruption, Drug Trafficking and Other Serious Crimes Act (Confiscation of Benefits), 1992 (‘CDSA’), and Terrorism (Suppression of Financing) Act, 2002 (TSOFA) are the primary laws for AML compliance for DNFBPs.

Why are AML regulations essential for DNFBPs?

AML regulations for DNFBPs are essential as they safeguard DNFBPs from ML/FT and PF risks and provide a systematic methodology to combat the threats of illicit financial activities.

Why are DNFBPs subject to the AML regime?

Although the DNFBPs are part of the non-financial sector, they engage in activities that could be exploited for ML/FT or PF.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article Singapore