Guide to Beneficial Owner under Singapore AML regulations

Several terms and jargon are used when discussing anti-money laundering laws and the various compliance requirements. One of them is identifying the beneficial owners (‘BO’). Let us discuss the beneficial ownership from an AML compliance perspective under Singapore’s AML regulations.

Cases of financial crimes involving money laundering and terrorist financing are increasing daily. Also, criminals are misusing the advancement in technology to evade government scrutiny. So, it has become more pertinent than ever to identify the beneficial ownership of customers and other stakeholders to get a clear picture of the identity of all the people and entities involved in the business relationship.

Who is a Beneficial Owner?

A beneficial owner can be described as a person who is the owner of a business or a person who controls it. Knowing the legal entity and the person who manages the company is likely to get the maximum benefit from the transaction with the business organization. It will help correctly assess the customer-specific risk of associating with the business and the management of the same. Knowing the BO will allow the company to effectively carry out the KYC process and comply with the AML laws by knowing the person identity who will benefit most from the business relationship.

As per the FATF, the beneficial owner is the person who ultimately owns or controls the business or a person on whose behalf transactions are carried out. The FATF also says that the BO includes people with ultimate effective control over a legal person or arrangement.

As per the Singapore AML regulations, the Beneficial Owner is defined as a

natural person, who directly or indirectly owns or controls a company,
Individuals who own at least 25% share or voting rights in a company,
Individuals who exercise control over the management of the company.

Beneficial Owners and the KYC processes

KYC refers to Know Your Customer, a primary legal requirement that financial institutions and DNFPBs must adopt, followed by the performance of the Customer Due Diligence process. The basic rule here is to collect the customer information to identify and verify the customer’s identity. It helps in risk assessment. The main objective is that the individual or the entity with whom the institution will establish a business relationship is legit and the activities are not illegal.

KYC and BO identification are critical for legal and natural persons (as one person would be working on behalf of another person without a legal arrangement). An individual likely classified as BO is subjected to the KYC process. Their identification details should be obtained and verified. This verification should be continued until a natural person who owns or controls that legal person is identified.

Regulations in Singapore – AML as well as BO

It is known that governments worldwide have first implemented the AML rules, while the regulations regarding identifying the BO were introduced subsequently (mostly in recent times).

The AML laws provide BO identification as part of Know Your Customer measures. The objective of BO identification under the AML laws is to make business transactions more transparent and discourage criminals’ use of legal structures for carrying out money laundering and terrorism financing activities.

Processes that need to be followed for BO identification

Financial institutions and DNFBPs must follow the recommended processes to collect information about the BO. The business entities should seek the documents and other essential information during the customer onboarding. The details include the business’s name, the place of operation, the nature of the business, registration number, etc. The objective is to collect relevant information about the ownership of the business and know who controls the company and who has the power or influence to direct the transactions. The regulated entities may seek the documents such as organization structure, Memorandum of Association, or Register of shareholders and Senior Management to identify the beneficial owners.

Collecting beneficial ownership information is necessary if there has been a significant change in the account or transaction activities. It will identify who benefits the most from the association or acting behind the corporate veil.

Failure of BO identification and risk assessment procedures

The requirements related to BO identification aim to introduce regulatory mechanisms regarding beneficial owner data so that the artificial structure is not exploited to carry out illegal activities or financial crimes like money laundering.

The AML regulations provide enormous penalties for non-compliance with AML compliance requirements. Since the identification of BO forms part of the KYC process and, thus, of AML compliances, this must be adhered to. Further, by non-identifying BO, financial institutions and DNFBPs would be assumed to encourage the shell legal structures to carry out financial crimes. This will result in hefty administrative penalties and reputational damage to the regulated entities.

Preparing yourself to identify BOs and stay AML compliant

AML laws are becoming stricter and financial institutions, and other regulated entities must adopt a comprehensive AML/CFT framework to avoid penalties for non-compliance. The strictness results from the rising money laundering cases and high-profile cases in the public domain. Such cases question the integrity of the business entities and the government, which is expected to take actions to combat money laundering and financing terrorism.

The best way to prepare for a challenging future and comply with AML regulations is to develop and adopt a proactive approach to KYC and CDD measures, including robust KYC questionnaires and procedures to dive into the structure of the legal person to understand the ownership and control interest. It would ensure that the business entity has accurate details of the legal structure and the beneficial ownership of the customer to trace down the source of the financial crimes easily.

Relying on professional AML consultants would be the best recommendation for implementing a comprehensive AML/CFT framework. We, Niyeahma, offer end-to-end services such as in-house AML compliance department setup, conducting enterprise-wide risk assessment (EWRA) comprehensive AML training to the Compliance Officer and the team, assistance in the selection of the right AML software, and periodic AML/CFT health check needed to stay AML compliant and avoid penalties.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article Singapore

Trade-Based Money Laundering: Concept, Red Flags, and Mitigation Measures

Money launderers use innovative methods to launder money, trying hard to evade the attention of the authorities and succeed in their criminal activities. One of the commonly used methods is trade-based money laundering.

What is Trade-Based Money Laundering?

Trade-Based Money Laundering (TBML) is a method criminals use to launder illegal money under the cover of business transactions. Sometimes legitimate businesses are routing the criminal proceeds using fake commercial dealings.

Understanding the techniques and laundering typologies associated with TBML is essential to detect and prevent the exploitation of legit businesses for disguising the nature and source of dirty money.

What are the common techniques of Trade-Based Money Laundering?

There are various methods of trade-based money laundering which criminals use to conceal their financial frauds and make their black money appear clean. Some of these techniques are as under:

Over-invoicing:

It is a method in which the exporter sends inflated bills to the importer. The invoice consists of increased numbers, and the payment exceeds the actual value of the goods purchased.

With these legit documents with incorrect values, the importer transfers the illegal funds from one country to another through legit financial systems without being caught by the authorities.

The exporter receives the excess money, which is not due or legitimate but transferred in the garb of invoices. This is very common in industries like precious metals and stones, where the product’s value can be misrepresented, and a premium can be charged on the face of the invoice.

Under-invoicing:

It is also another trade malpractice in which the invoice is sent to the importer with bills at a lesser value than the goods shipped. The importer receives the goods worth higher value, which can later be sold in the local market in black, without recording the actual value in the books.

Here, the laundering happens through the transfer of value in products rather than the direct movement of funds.

Multiple invoicing:

One invoice may be legal but is issued many times in this method. The same invoice is sent to multiple customers without actual shipment being made to all these customers.

Against the same invoice, under the name of “supply of goods,” the exporter receives a higher value than the goods actually exported.

This method transfers criminal funds from one or multiple countries to another, from one party or through multiple parties.

Over/under-shipment of goods:

In this case, the exporter transfers more goods than those disclosed in the shipping documents.

In case of over-invoicing, the exporter receives more funds from the importer, i.e., illegal funds of the importer by moving to the exporter, disguising it as a transfer towards the supply of goods. While in the case of under-invoicing, the importer receives higher-value products as the number of goods mentioned on the invoice is misrepresented.

Quality deviation:

A common trade malpractice is to ship goods of lower quality instead of the high quality mentioned on the invoice. The exporter receives a higher value from the importer, as misrepresented on the invoice. Again, this is the technique money launderers use to move high-value dirty money from one country to another.

What are the red flags indicating Trade-Based Money Laundering?

It is essential to detect the risk indicators suggesting the involvement of red flags associated with trade malpractices. Let’s discuss the instances where you can recognize suspicious activities hinting towards TBML:

Trading activities differ entirely from the mentioned business activity, such as courier service providers dealing in used car or jewelry businesses. It is an instant red flag and requires investigating the suspicious activity and the beneficial ownership of the parties involved.
Businesses that continually show losses and manage continuity can be involved in trade malpractices. In reality, they may be getting high value from the goods imported or exported, but in the books, they show losses or low product margins.
New businesses that show unusually high profits and engage in high-volume transactions raise suspicion as the firm is likely to engage in malpractices considering the volume of profits.
The involvement of third-party businesses and the complication of the deals make it hard to identify the source of the funds. Businesses that use complex corporate structures without a reasonable ground are a big red flag. They show complicated deals to confuse the investigators and hide the discrepancies in the trade.
Sometimes, companies use wrong addresses, and these fake addresses are a matter of concern because they directly reveal that the establishment mentioned in the documents is likely to be non-existent.
In today’s digital world, a business that does not have an online identity is also likely to attract scrutiny, especially if the services and scope of work are missing in the online space.
Businesses that are almost a namesake of popular and established businesses are also a red flag. These so-called companies present themselves as a partner or sister concern to show that they are associated with them in any manner, which is not the case.

A sudden increase in trade dealings by a company that has been dormant for quite some time.

What are the necessary measures to prevent Trade-Based Money Laundering?

Customer Due Diligence is one of the most essential AML measures to detect and prevent TBML instances. The following best practices must be adopted to manage the risks:

Know Your Customer (KYC) and Customer Risk Assessment

Often exporters and importers are hand-in-glove, and adopting a robust CDD process is important to unearth the nexus. The regulated entities must identify the customers and the beneficial owners and verify their identity to determine the legitimacy of the person with whom business is conducted.

Along with sanctions screening, the companies are recommended to screen the customers to check for any adverse media or negative news against the customer, their business, or the beneficial owners. This will help the company determine the customer’s risk rating and decide whether to deal with the person, considering the past or current criminal records.

Further, businesses must adopt a risk-based approach to assess the customer’s trade-based money laundering risk and apply adequate mitigation measures. For example, for high-risk customers like Politically Exposed Persons (PEP) or customers associated with a high-risk country, Enhanced Due Diligence measures must be followed.

Ongoing Monitoring of transactions and business relationship

The business needs to continuously monitor the transactions and ensure that the customers’ activities align with the AML regulations and the customer’s risk profile. Implementing an ongoing monitoring program to detect any unusual activities or inconsistent customer behavior timely is also pertinent.

Effective Customer Due Diligence measures shall help the organizations detect the risks while onboarding the customers and during the ongoing business relationship.

How can Niyeahma assist the regulated entities in navigating the AML journey?

Businesses can identify the red flags and risks that point towards malpractice and immediately take steps to prevent it. Regulated entities – Financial Institutions and Designated Non-Financial Businesses and Professions (DNFBPs)– must be vigilant and identify fraudulent activities. They can thwart the criminals’ attempts with awareness of the modus operandi used by the criminals.

For this, the regulated entities need to design and implement a robust AML/CFT framework, including comprehensive Customer Due Diligence processes. Niyeahma has been assisting its clients in Singapore, operating in different business sectors, in assessing the ML/FT risk and developing a customized AML/CFT program to identify and manage the financial crime risk.

Niyeahma can impart thorough training to the compliance team, covering the discussion around ML/FT red flags and how to detect malpractices with a proactive risk-based AML approach. We help you implement the AML compliance processes correctly and prevent the efforts of the money launderers in misusing your organization to run illegal money through your organization.

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article Singapore

What Skills Should an AML Compliance Officer Possess?

Appointment of an AML Compliance Officer is mandatory as per Singapore AML rules and regulations. The AML laws provide that the regulated entities, including Financial Institutions and Designated Non-Financial Businesses and Professions (DNFBPs), must appoint a competent AML Compliance Officer. The Compliance Officer has a key role in the overall AML compliance process. The Compliance Officer designs the AML Compliance framework, periodically checks the efficiency of the AML measures, ensures that the AML Program is appropriately implemented, and drives toward the desired results of combating financial crimes and safeguarding the business.

The Compliance Officer manages the organization’s AML/CFT Program and makes sure of compliance with the applicable AML regulatory landscape.

Let’s delve more into the details and know what skills an AML Compliance Officer should possess.

Must have skills of an AML Compliance Officer

As the primary driver of the AML Compliance ride, the AML Compliance Officer must possess the skills to ensure effective and complete compliance with Singapore’s AML regime:

Identifying and Assessing the ML/FT Risk:

The AML Compliance Officer is responsible for accurately assessing the ML/FT risk the company is exposed to and evaluating the possible impact of the same on the business if such risk materializes. The AML officer must understand the business and be in a position to identify the risks factors necessary to take into consideration for conducting the Enterprise-Wide Risk Assessment, such as the nature and size of the business, the customer’s profile, the nature of the goods traded or services provided, the jurisdiction in which the company operates, including the location of the customers, etc.

Designing the AML Policy and Procedures:

The AML Compliance Officer should be equipped with extensive knowledge of creating the right Internal AML Policy, Procedures, and Controls (IPPC) documentation based on the organization’s regulatory requirements and the overall Enterprise-Wide Risk Assessment.

Hence, for the effectiveness of the IPPC, the AML Compliance Officer must determine the company’s risk profile and accordingly customize the AML policies and procedures to fight money laundering and prevent the financing of terrorism.

Identifying the red flags and suspicious activities:

Transaction monitoring is a continuous process involving continuous tracking of the customer’s profile and transactions to identify any suspicious transactions or inconsistent activities throughout the lifecycle of the business relationship.

Companies must find unusual transaction patterns and recognize money laundering attempts. An AML Compliance Officer must be capable of effectively and timely handling the alerts generated during the transaction monitoring program. The officer must have data analysis skills to spot the risk indicators and take necessary actions.

Imparting AML Training:

As the head of the AML compliance function of the company, an AML Compliance Officer’s skill must include providing appropriate AML training to the employees and stakeholders to create awareness around AML regulatory obligations and the team’s role in managing the same. The training is essential to let the employees correctly adopt the Customer Due Diligence measures in accordance with the customer’s risk rating and ensure financial criminals do not misuse the business.

Reporting capabilities:

The AML Compliance Officer should possess reporting skills. AML Officer is ultimately responsible for reporting suspicious transactions to the Suspicious Transactions Reporting Office. Further, the Compliance Officer also needs to collaborate with regulators, stakeholders, and law enforcement authorities to submit comprehensive information on the AML compliance process of the organization. The reports help the government take action to prevent money laundering.

Internal AML Audit:

The Compliance Officer is also responsible for conducting periodic audits of the implemented AML program and gauging the quality and adequacy of the AML controls. The officer must be capable of critically evaluating the implemented IPPC and implementing enhanced measures to rectify the existing AML gaps or weaknesses.

Other vital skills:

An AML compliance officer must have extensive knowledge of the AML rules and regulations. Though there’s no specific profile of the AML officer and educational background, having business acumen, sharp interpretation skills, good at numbers, and understanding government rules and regulations helps implement the regulatory requirements. The Compliance Officer’s awareness of the international best AML practices would help the organization maintain a competitive edge and gain the customers’ and stakeholders’ trust in the company.
The person should have leadership skills and communicate efficiently with the organization and employees. The person should have the wisdom to maintain discretion to safeguard sensitive information while ensuring necessary details are disseminated to senior management and relevant team members.
Another AML analyst skill is that the officer should have the capability to work as a team where the officer is required to collaborate with regulatory authorities and relevant stakeholders and collaborate with them to achieve the goals of the AML compliance process.
Other AML skills, such as having an unbiased opinion on the AML health of the business and suggesting the best measures to improve it. The officers should have the skills to operate independently and gain a deep understanding of the business’ compliance requirements. The AML officer must be capable of managing the conflict of interest between AML compliance and the business.

Set your AML function right with an AML Compliance Officer

The compliance officer’s skills include risk assessment of the business, identifying high-risk clients, reporting suspicious transactions, found if any, and reporting them to the concerned authorities. The officer helps implement the anti-money laundering program efficiently and ensures that the business integrates an AML compliance system that meets global standards.

The officers must be knowledgeable and have the experience to ensure the business stays AML compliant. They are responsible for the company’s regulatory compliance process, report creation, transaction monitoring, and helping the business safeguard customers’ interests.

Let Niyeahma assist you with your AML journey by identifying the right AML Compliance Officer to stay compliant with Singapore AML regulations and safeguard businesses against financial crime. We understand your business requirements and will help you appoint an MLRO to fulfill the regulatory requirements and streamline your AML compliance program. Benefit from the compliance officer’s experience and expertise and shield your organization from the threat of money laundering and financing of terrorism.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article Singapore

Signs It’s Time to Review Your Enterprise-Wide Risk Assessment (EWRA)

In recent times, where the regulatory frameworks and the risk trends are continuously evolving, it is essential for the regulated entities in Singapore to regularly review and update their Enterprise-Wide Risk Assessment (EWRA) from the money laundering and financing of terrorism (ML/FT) perspective.

In this article, let us briefly discuss the EWRA and its significance, the top indicators warranting revision of the risk assessment, and the consequences of not updating the business risk assessment on time. This article also covers the best practices the regulated entity must consider while reviewing the Enterprise-Wide Risk Assessment.

What is Enterprise-Wide Risk Assessment and its significance?

AML Enterprise-Wide Risk Assessment is an independent process to determine the business’ risk profile regarding exposure to financial crime risk (specifically money laundering and terrorism financing).

EWRA involves identifying the risk factors that impact the business and determining the possibility of its occurrence and the impact it can have on the business. This helps derive the entity’s inherent ML/FT risk and determine the nature and extent of controls needed to mitigate this risk. Once the controls required are identified, the EWRA also requires the entity to evaluate the quality and adequacy of the existing controls and, if required, implement additional mitigation measures. In short, EWRA is an exercise of identifying the risk, mapping it to the business’s risk appetite, and designing and defining the appropriate risk management strategies.

EWRA is known as the foundation step of the AML program. As an outcome of the EWRA, the business understands the level of risk associated with its customer base, geographies, nature of products/services offered, delivery channels used, etc., and accordingly customizes its AML/CFT policies, procedures, and controls. It assists the entity in prioritizing the risk areas and allocating the resources optimally.

Why is a periodic review of ML/FT AML Risk Assessment critical?

The regulated entity must ensure its AML/CFT compliance framework efficiently identifies and manages the ML/FT risk during routine business operations. This AML structure, including the internal systems and processes, has been developed relying on the outcome of the ERWA. Hence, the relevance of the risk assessment must be tested periodically to ensure that the entity’s overall AML framework is aligned with its business profile, applicable AML regulations, and emerging risk patterns.

What key indicators suggest the need to update the Enterprise-Wide Risk Assessment?

Let us navigate the key reasons or signs that suggest reviewing and revising the entity’s Enterprise-Wide Risk Assessment.

Changes in Regulatory Requirements

One of the critical reasons warranting the regulated entity to review and update the ML/FT risk assessment is the amendment in the AML regulations applicable to the business. The authorities keep revising the regulatory framework to introduce newer controls and reporting requirements to address the risk emanating from sophisticated laundering methods developed by criminals.

These changes impact the entity’s overall AML program in terms of impact on the existing risk scenarios and the risk mitigation measures in place.

For example, the authorities changed the classification of one country from high risk to medium risk. This calls for reconsidering the rules followed by the entity for its customer risk profiling. This movement in the classification of the entity’s customers significantly impacts the overall risk profile of the business. The regulated entity must reconsider the business risk associated with its customer bases and refine the need for risk mitigation resources deployed for managing the risks associated with customers from the concerned jurisdiction.

Hence, the entity must revise the risk and align the AML/CFT policies and procedures with these amended regulations.

Significant changes in the entity’s Business Profile

the EWRA is performed considering various risk factors such as –

Customer base:

the nature of clients the entity is engaged with,
the complexity of their ownership structure of clients,
nature of activities they conduct, etc.

Geographies:

location where the entity carries out its operations
the location of its branch and parent company
the jurisdiction the customers are coming from, etc.

Product/Services/Transaction:

the products and services offered
size and complexity of transactions
mode of payment, etc.

Delivery Channels:

customer onboarded mode (face-to-face or through virtual meeting)
distribution method used for delivering services/products
involvement of agents and intermediaries, etc.

Any significant change in these risk factors influences the business profile and may result in encounters with newer risks. For example, if the regulated entity starts its branch office in a country subject to FATF Greylist, it materially changes the business’s overall risk. Or, if the entity starts accepting payment in virtual assets (cryptocurrency), it increases the ML/FT risk of the business, as virtual assets are subject to increased risk of being misused by the launderers to move funds across the borders anonymously.

The ML/FT risk assessment must be revisited upon any significant change in the business operations to proactively identify the new risk scenarios and modify the AML program to address the same.

Launch of New Products or Services

The AML regulations in Singapore require that the regulated entities assess the ML/FT risk that may arise from launching any new product or service. Such risk assessment must be conducted before placing the new offerings into the market. This outcome of the risk assessment shall help the regulated entity to modify the product design or practice area to ensure that the new product/service is aligned with AML regulations and does not offer any window for the criminals to exploit these offerings for laundering the funds or financing the terrorist activities.

For example, a management consultancy firm is considering expanding its business and assisting its corporate clients in purchasing properties against brokerage or commission. The real estate agency or brokerage-related services are prone to high risk, as the base item – real estate – is one of the ML/FT typologies. The regulated entity must reassess the business risk and enhance its AML program to address the risks associated with this new business practice.

This proactive approach shall help the entity design and follow the controls and stay cautious to avoid laundering funds using real estate property through its business.

What are the consequences of relying on outdated business risk assessment?

When the entity relies on the outdated business risk assessment, the AML/CFT controls and the overall AML framework would not effectively mitigate the ML/FT vulnerabilities. The following are the critical consequences of disregarding the exercise of reviewing and updating the Enterprise-Wide Risk Assessment when the situation calls for:

1. Increased Risk of being vulnerable to money laundering and terrorism financing:

If the entity’s risk assessment is not up-to-date with the emerging ML/FT techniques and methods used by the criminals, the possibility of the regulated entity being vulnerable to money laundering and terrorism financing rises. Without awareness of the new risks and trends, the entity cannot design and implement adequate controls, exposing it to financial crimes.

2. Regulatory Non-Compliance:

The Singapore AML regulations are evolving to align with the emerging ML/FT typologies. Regulated entities must update their business risk assessment to assess the revised risk and incorporate the regulatory changes in the overall AML program. Failure to comply with the latest regulations can lead to hefty fines and legal consequences.

3. Reputational Damage:

When the business risk assessment is outdated, the AML program would also be ineffective and irrelevant, demonstrating the lack of the entity’s commitment to combating financial crime. This can result in a loss of customer’s trust and confidence in the business, causing irreversible damage to the brand image of the entity.

What are some best practices to review and update the Enterprise-Wide Risk Assessment?

The following are some of the best practices that the regulated entity should adopt to review and reassess the business risk effectively:

The risk assessment methodology adopted by the entity must be aligned with the nature and size of the business and must be documented adequately.
The EWRA must consider the accurate and complete data to determine the risk profile from qualitative and quantitative perspectives. Comprehensive data from internal (business profile, customer and transactions related data, etc.) and external sources (new ML/FT risks and trends, outcome of National Risk Assessments) must be considered.
Relevant stakeholders must be involved while identifying the potential risk scenarios, such as risk management risk, AML Compliance Officer, etc. The inputs and insights from the various aspects of business can enhance the risk assessment’s quality and accuracy.
It is also suggested to implement appropriate technologies and software to conduct and monitor the entity’s business risk and highlight the circumstances impacting the business risks that require immediate attention.
The regulatory changes must be monitored to ensure necessary amendments are incorporated in the entity’s business risk assessment and, in turn, the overall AML framework.

Let Niyeahma assist you in maintaining your Enterprise-Wide Risk Assessment up-to-date

Ignoring the need for regularly monitoring and updating the business risk assessment can adversely impact the business, resulting in massive penalties, reputational damage, loss of customer’s trust and confidence, etc. To safeguard you against this impact, let Niyeahma be your guide. Niyeahma, with its subject knowledge and experience, can help you maintain your business risk assessment up-to-date and relevant, allowing you to prioritize the resources and protect the business from being exploited by financial criminals.

Assess the business risk and adopt a proactive approach to combat financial crime.

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article Singapore

Simplified Due Diligence by Dealers in Precious Stones and Precious Metals in Singapore

The AML regulations in Singapore provide for adopting a risk-based approach to mitigate the identified money laundering and terrorism financing risk. In this reference, the Precious Stones and Precious Metals (Prevention of Money Laundering and Terrorism Financing) Regulations 2019 provides a concept – “Simplified Due Diligence”.

In this article, we shall explore the meaning of Simplified Due Diligence (SDD) and when and how the dealers in precious stones and metals can implement the SDD measures while complying with the AML regulations.

What is Customer Due Diligence?

The Singapore AML regulations provide that every regulated entity must perform an adequate Customer Due Diligence (CDD) process to manage the risk posed by each customer. CDD enables the entities to examine the background and profile of the customers to identify the associated risk and make informed business decisions in line with the entity’s financial crime risk appetite.

Typically, a Customer Due Diligence comprises of the following:

identification of customers and their beneficial owners before establishing a business relationship (Know Your Customer)
verification of the customer’s identities using reliable, independent sources
understanding the nature of the business relationship and the intended purpose of the transaction
assessing the customer risk profile and determining if any additional information and verification checks are required
obtaining information about the customer’s source of funds and wealth, in case the risk assessed is high, etc.

The risk posed by the different clients is not the same. It depends on the various risk factors like connected geographies, the nature of services or products involved, the client’s association with Politically Exposed Persons (PEP), how the entity engages with clients, the client’s legal structure, etc. Depending on the customer risk assessment, the regulated entities may adopt any of the three types of CDD measures – Simplified Due Diligence, Standard Customer Due Diligence or Enhanced Due Diligence. The nature and degree of verification measures vary under each CDD type.

Let’s deep dive into the Simplified Due Diligence and its critical components as prescribed under the Precious Stones and Precious Metals (Prevention of Money Laundering and Terrorism Financing) Regulations 2019 (PSPM Regulations 2019).

What is Simplified Due Diligence?

As the name implies, Simplified Due Diligence (SDD) is a process of carrying out liberal checks on the customer and requesting fewer documents while adequately managing the financial crime risk. SDD is coined to accommodate the risk-based approach, wherein the resources can be optimally allocated between the low and high-risk customers, balancing the operational efficiency and the ML/FT risk.

It is pertinent to note that though SDD suggests a lower level of checks and scrutiny, but the same must not be misinterpreted as a window to avoid compliance measures.

The regulated entities must thoroughly understand the circumstances where simplified checks are permitted and their implementation process.

Circumstances when Simplified Due Diligence can be applied:

PSPM Regulations 2019 allows the performance of SDD when the ML/FT risk assessed for a customer is “low”, and the simplified measures to be applied to the customer can sufficiently manage the assessed risk exposure. The risk categorization as “low” must be based on a thorough evaluation of factors impacting the business relationship, such as the nature of proposed transactions, geographies the customer is associated with, the previous transactions history of the customer, etc., the records around the customer risk assessment must be well documented.

Additionally, for applying SDD measures during the customer onboarding process, the regulated entities must obtain prior written approval from the Registrar. They are required to adhere to the conditions mentioned by the Registrar in such SDD approval.

Circumstances when Simplified Due Diligence cannot be applied:

When assessing the possibility of implementing SDD, the regulated entities must ensure that their Internal Policies, Procedures, and Controls (IPPC) restrict the application of SDD measures when any of the below-mentioned criteria are satisfied:

the customer is PEP or associated with PEP
the customer is coming from or is closely connected with a high-risk jurisdiction
when the risk assessed for a particular customer is “high”
when any other ML/FT risk indicators have been observed during the pre-onboarding stage

What is Simplified Due Diligence?

Even in Simplified Due Diligence, identification and verification of the customer’s identity is a must.

The regulated entities must apply necessary measures to identify and verify the following parties:

the customer
the true owner of the funds involved in the transactions (cash or cash equivalent)
when the transaction is for the purchase of precious metals or stones, the owner of such PSPM
the beneficial owners of the corporate customer
beneficiary or authorised representative on whose behalf the person is acting

The entity must seek details like name, date of birth, citizenship and the unique identification number. Further, to verify the details, the regulated entities must obtain a Passport or any other government-issued identification document bearing the person’s name, nationality and photograph. Such ID must be valid and current as of the date of the business relationship. In exceptional cases where the original document is produced before the entity for verification, a “true copy” of the ID document must be requested (certified by a competent person such as a notary public, a lawyer or a public accountant).

Further, the entities must also screen the customers and the beneficial owners against the sanctions lists (specifically the United Nations Security Council designation and the domestic designations under the Terrorism (Suppression of Financing) Act).

Since the customer’s risk profile is dynamic, it is essential to subject all the customers to ongoing monitoring, including those classified as “low-risk”. The low-risk customer shall be reviewed regularly to ensure that the customer identification information obtained originally is valid and relevant. The frequency and extent of such ongoing reviews can be reduced compared to the one required for high-risk customers.

When the regulated entities adopt SDD, the records about the identification and verification measures applied by the entity must be maintained adequately.

What are the best practices for implementing Simplified Due Diligence?

The Simplified Due Diligence can offer various benefits to the entity, but only when it is systematically implemented. Here are some of the best practices the regulated entities must consider when defining the Simplified Due Diligence process as part of their AML IPPC:

The risk classification methodology must be well crafted, considering all the relevant risk factors (customer profile, geographies, nature of business relationship, delivery channels, etc.). The customer risk assessment process must ensure that high-risk customers are mistakenly categorised as low-risk and subjected to SDD. Inadequacy in risk profiling may lead to potential financial crime vulnerabilities and non-compliance consequences.
The customer risk profiles must be monitored regularly, in line with their transactions, to ensure that the customer still fits into the “low-risk” zone and does not pose any incremental risk to the business.
Adequate training must be imparted to the Compliance Team and the relevant staff in the entity to create awareness around the SDD process and make them understand that simplified measures must not be employed just for the sake of quick customer onboarding.
The entities may also consider implementing the AML software to streamline the identification verification, including automated screening against sanctions lists. This can bring efficiency to overall customer information collection and documentation activities.

How can Niyeahma assist you in simplifying your Simplified Due Diligence process?

Simplified Due Diligence does not suggest doing away with the customer identification process and obligates the regulated entities to perform certain mandatory checks. Moreover, it is associated with other compliance-related tasks – pre- and post-SDD processes. This includes designing the SDD process as part of IPPC, assessing customer risk, and ongoing monitoring.

Let Niyeahma be your AML Compliance partner and handhold you in the end-to-end AML journey. We can assist in conducting the Enterprise-Wide Risk Assessment and customizing the Internal AML Policies, Procedures, and Controls, including defining the Simplified Due Diligence and Enhanced Due Diligence requirements.

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article Singapore

Employee Due Diligence: A Crucial Element of Internal AML Framework

Employee Due Diligence: A Crucial Element of Internal AML Framework

In the context of anti-money laundering (AML) compliance and its effectiveness, Employee Due Diligence is equally essential as Customer Due Diligence. With adequate Employee Due Diligence, the regulated entities can foster the internal financial crime risk management structure. Acknowledge the importance of this process; the Singapore AML laws mandate the regulated entities to carry out staff screening and apply the necessary due diligence process. In this article, we will discuss Employee Due Diligence, why it is such a significant aspect of the AML function, and the measures to be adopted to carry out the same effectively.

What is Employee Due Diligence under AML?

Employee Due Diligence is not merely restricted to understanding the person’s qualifications and collecting the identity document. Rather, it is a comprehensive exercise involving thorough identification and verification of the employee’s identity, financial background, and professional and criminal history. It also includes obtaining information about employee’s past conduct and attitude towards the organization, compliance, etc. Employee Due Diligence also includes screening the person against sanctions, adverse media, and the global Politically Exposed Person (PEP) database to identify any connection with the designated person or a PEP or negative news.

Employee Due Diligence is necessary for new employees before they are onboarded and for the existing workforce before the change in job profile or promotion. This shall empower the entity to ensure that no employee exploits the offered position to harm the business or adversely impact the entity’s compliance forces.

This comprehensive scrutiny of the employee shall assist the regulated entity in identifying the red flags – general and related to AML compliance – beforehand.

Let’s not limit ourselves to this and explore the importance of Employee Due Diligence.

Why is Employee Due Diligence a critical aspect of AML Compliance?

Employee Due Diligence offers an opportunity to identify the challenges and risks the employees may pose and mitigate those risks. The following are vital merits of adopting strong Employee Due Diligence as part of the AML program:

Hiring a suitable candidate

Having conducted background verification and understood the person’s approach to work, compliance, motivations, etc., the regulated entity can make an informed hiring decision. This will ensure that the right person is in the proper job role, including the AML compliance function.

Hiring the wrong individual can expose the business to legal consequences and damage the morale of other staff members, impacting the overall work environment.

Identifying risks associated with staff

Employees generally have access to necessary resources and business-sensitive information. It is essential to identify the possible risks that employees may pose around the exploitation of confidential data, misuse of business funds, tweaking the controls to help criminals surpass the business with their criminal activities, etc. Employee Due Diligence offers perceptions into the individual’s integrity, trustworthiness, and ability to discharge professional obligations diligently.

Further, it can also give insights into the person’s skills to identify and manage the conflict of interest between business and compliance.

The process shall ensure that no person with a questionable background gets access to the business.

Enhancing the entity’s AML efforts

Implementing AML/CFT policies and controls requires the able team to run the show. When the employee is identified as sharing the same AML goals as the regulated entity, the quality of AML compliance improves. Employee Due Diligence helps in knowing the person’s take on financial crimes, including corruption or bribery, tax evasion, etc. and seriousness towards compliance framework. Only when the teams applying the AML measures are strong can the efficacy of the AML program be maintained.

Avoiding non-compliance consequences and maintaining the reputation

As mentioned above, the AML regulations of Singapore require the Financial Institutions and the Designated Non-Financial Businesses and Professions (DNFBPs) to screen their staff as part of the internal money laundering and terrorism financing risk management framework. Failure to comply with this mandatory obligation may result in severe fines and reputational damage.

When a vigorous Employee Due Diligence program is established and followed by the entity, it indicates the commitment to fight financial crimes and maintain financial integrity, creating a positive image amongst the stakeholders, customers and authorities increasing the brand image in the market.

Boosting the strong AML culture in the organization

Employee Due Diligence demonstrates how high the entity places the AML efforts and compliance. With this example, the new and existing employees recognize the significance of AML measures and wholeheartedly contribute towards complying with the AML landscape and protecting the business. It also enhances employee engagement in the AML functions, resulting in better compliance across all the business areas, leaving no gaps for criminals to exploit the business.

What are the key elements of Employee Due Diligence under the AML Program?

Employee Due Diligence is not a namesake process. The regulated entities must adopt the following approach to perform Employee Due Diligence systematically:

The regulated entities must identify the new joiners and verify the same against reliable, independent sources.
Inquiring about the employee’s education and professional qualifications.
Screening must also be conducted to ensure that the person is not on any sanctions list or associated in any way with the designated person.
Identifying the person’s connection with PEP is also crucial.
Efforts must be made to examine the person’s criminal records, explicitly understanding the person’s conviction of any offence related to fraud, money laundering, corruption, etc.
Reference from past employees must be sought to understand the person’s overall behaviour and work performance.
Insights in the person’s financial history and credit check also help assess the person’s integrity and identify any potential red flags.

The above measures can be complemented by an undertaking of a declaration by the employee to the effect of his identification, criminal conviction and financial profile. The regulated entity may appoint third-party professionals to run these checks on the employees and furnish an independent report if necessary.

It is important to note that the Employee Due Diligence process does not end here. It is an ongoing activity necessary to ensure that staff do not pose any risk or obstruct the business or its efforts to combat financial crime.

With a detailed vetting of the individual’s profile, the entity ensures that they appoint people with clean backgrounds and positive attitudes towards profession and AML compliance.

How can Niyeahma assist you in managing Employee Due Diligence?

Niyeahma can assist you in assessing the business exposure to financial crime and customizing the Internal AML Policies, Procedures, and Controls (IPPC). This AML framework would be comprehensive, covering Customer Due Diligence and a robust Employee Due Diligence program, highlighting the measures to be adopted for staff screening. We can also help with managed due diligence support, offering thorough risk assessment and recommendations of mitigation measures. Let’s build a competent workforce with Employee Due Diligence!

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article Singapore

Adverse Media Search: Strengthening Customer Due Diligence

Adverse Media Search: Strengthening Customer Due Diligence

As we know, Customer Due Diligence is one of the important anti-money laundering measures, focused on identifying the customers and their beneficial owners to establish that the person is the one he presents to be. This identification process must not be restricted to just verification of the identity document to match the name on this document and the “Know Your Customer” details furnished by the person. The effectiveness of the CDD process increases when efforts are made to detect any negative news or adverse media about the person.

In this article, we shall discuss what the phrase “adverse media” indicates, its nexus with AML compliance, and the best practices to be followed to avoid common mistakes generally endured when scanning negative news.

Understanding the Adverse Media Searches and its Role in AML Compliance

Adverse media are generally negative news about the person (individual or an entity) suggesting their association with criminal activities, including any severe non-compliance amounting to the execution of some illegal activities. This adverse information can be related to financial crimes like terrorism financing and money laundering or its connected predicate offences like smuggling, narcotics, corruption, etc.

In the context of AML compliance, adverse media search refers to scanning the customer’s name against reliable data sources to gather information and evaluate the person’s involvement in any crime that may impact the business’s exposure to money laundering or terrorism financing activities.

Adverse media search enables the regulated entity to dive deep into the person’s profile, making the CDD process robust. When any negative information or any criminal history about the person is identified, it helps the entity effectively gauge the risk the customer may pose to the business and make an informed business decision to maintain a business relationship with the person or, if yes, what risk mitigation measures to be adopted.

Decoding the Key Components of Adverse Media Searches

To ensure the effectiveness of the adverse media searches, the regulated entity must not overlook the following critical elements of the adverse media searches:

1. Using reliable and comprehensive data sources:

The entity must conduct negative news screening using a trustworthy and complete database. These data sources include official government websites, paid or subscription-based databases managed by reputable third parties, etc. Reliance can also be placed on credible news channels or platforms for gathering information. Given the global nature of financial crimes, the entities must also consider checking the information on international platforms.

The entities must consider deploying adequate AML screening software that houses comprehensive data about the adverse media collected from different local and international sources.

This can boost the entity’s efficiency around adverse media screening when relevant news items and articles are made available in one place, presenting a complete picture of the customer’s history and combating each source’s information. This can enable the AML Compliance Officer to effectively analyse and determine the customer’s risk.

Depending on the nature of the matter, the entity may also rely on social media platforms like Facebook or Twitter to corroborate any information available on online sources. However, relying solely on the results available on these platforms may not be sufficient, as these may be some personal opinions of the individuals without any investigation or evidence. Hence, the information or data on social media channels must be cautiously used.

2. Inputting the right values to get correct results:

It is essential to input the right details to achieve the desired outcome. The regulated entity must ensure that the adverse media screening is performed:

using the correct spelling or full name of the person,
using aliases of the person screened to yield the information put in the public domain using different names for the same person,
relevant keywords must be used to filter down the results to the most relevant items which impact AML compliance (like “money laundering”, “financial crime”, “fraud”, “corruption”, “tax evasion”, etc.),
if necessary, the entity may choose to provide the date range to understand the current adverse media details that may be most relevant.

The effectiveness of the adverse media search is highly dependent on the screening values used during the process.

3. Correct interpretation and mapping it with the customer’s profile:

When conducting an adverse media search, various possible matches may be found against the person, which may result in a false conclusion unless these available items of article or news are thoroughly evaluated to understand its nature. For example, while conducting a screening, you found an article where the matter is related to a person’s divorce from his spouse. Though this may, so-called, be treated as “adverse media”, it is not related to any financial crime that may impact the potential risk of the business. For AML compliance, such news about mere divorce matters (civil suits) is of no or very little significance, if any.

Thus, the person conducting the adverse media screening must be trained to spot the relevant news or media piece that may be relevant from an AML perspective and actually assist the entity in determining the potential ML/FT risk the customer may pose. The identified negative information must be mapped with the identification details of the person as available with the entity to ensure the relevance of the results.

Further, before concluding the results, the entity must reverify the source of such media to allocate a reasonable significance to such information.

Moreover, attention to detail is also crucial to ensure that no genuine adverse media results are skipped or dismissed, which may be relevant for an entity to assess the risk profile. With well-defined rules around understanding the context, the entity can differentiate between false positive results and legit negative information, ensuring accurate customer risk assessment and reducing the chances of misinterpretation.

4. Up-to-date information and regular tracking for the updated media:

Adverse media screening is also not a one-time activity, wherein the entity can rely on the results obtained when the person was screened once at the time of establishing the business relationships. In the fast-moving world where people can be anywhere anytime and with emerging sophisticated techniques to conduct crime, the reliance cannot be placed on outdated news and information. Only when the entity relies on valid and current data to perform the searches can the purpose of making such efforts be fulfilled.

Hence, the regulated entity must ensure that its existing customer base and their beneficial owners are screening for adverse media on an ongoing basis to immediately identify any availability of negative media that impacts the customer’s risk classification. This is impossible unless the processes and systems deployed by the entity for this screening can identify the changes in the data sources and promptly fetch the new information.

To achieve this, the entity must look for a solution or a tool that supports continuous scanning of the customers for adverse media and triggers an alert when any update is found.

Let’s empower the Customer Due Diligence Process with Adverse Media Searches

The regulated entities in Singapore must ensure that the Customer Due Diligence program, as defined in its Internal Policies, Procedures, and Controls (IPPC), covers the crucial element – Adverse Media Search. The outcome of these screenings must be factored into the entity’s customer risk assessment methodology as one of the contributing parameters that significantly impact the exposure.

Here, we are to assist you with designing and implementing the best practices for effective adverse media screening – Niyeahma. We can assist in identifying the suitable systems and procedures to carry out the negative news screening, training the team on how such a search must be performed and how the results must be interpreted to avoid any erroneous conclusions around the customer’s risk.

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article Singapore

Top 10 AML compliance mistakes made by cash-intensive businesses

Are you dealing more in cash in your business? Or working in a cash-only entity? Yours is a cash-intensive business, and you are at a higher risk of money laundering and similar financial crimes. This is because of the following traits of cash:

It is easier to mix illegitimate funds in a cash-intensive business and convert them into legal funds.
Fake transactions, customers, or unprovided extra services can be resorted to put illicit cash in the legal financial system.
Because of the absence of an electronic trail, tracking and recording it is also a challenge.
Even counterfeit currency makes cash a medium for criminals to commit crimes.
Cash also faces the risks of theft and robbery, adding to its woes.

Since the laundering happens daily, it is slow but more liquid. Such cash-intensive businesses can be any of the following:

Money lenders
Casinos
Bars
Restaurants
Retail stores
Car dealers
Auction houses
Liquor, cigarette, and tobacco shops
Beauty shops
Laundromats
Taxi/cab services
And many more

Since a higher risk of money laundering looms over such cash-intensive business, you must be extra careful. You must pay full attention to suspicious transactions and transaction reporting. It would be best if you were wary of some common red flags to detect suspicious transactions. We discuss the red flags for cash-intensive businesses in the next section.

Red flags of money laundering in cash-intensive businesses

It’s not difficult to suspect involvement of money laundering in cash-intensive business. You can look for the following signs:

Repeated and excessive transactions with one party, entire payment in cash
A business requiring or generating more cash than a business in a similar location, business model, and product/service
No match between a business’s cash-generating capacity and profile or commercial activity.
Specific large amounts of cash payments or receipts in a certain period of the year, which remains consistent across many years
Too many small transactions of cash deposits or a single large cash deposit online without contacting the bank
The presence of non-resident beneficial owners of such cash-intensive businesses
Absence of commercial justification for a significant, cash-only transaction
Large payments in cash by a third party unrelated to the business
Large cash transactions with no information on the origin of funds
Special requests to conduct transactions in cash with no apparent logic
Large cash payments or receipts for transactions in future
Large differences between the charged price and the actual value of products/services in the transaction

Cash-intensive regulated businesses must make a note of these red flags. They must spot such transactions and investigate them further. Detailed investigation can help you reduce your exposure to money laundering vulnerabilities. Besides, you must use the following measures to follow AML laws:

Conduct proper due diligence on your customers
Investigate all your transactions to spot the likelihood of money laundering
Maintain records of all transactions with relevant details
Train all your employees to spot such transactions and customers
Conduct regular risk assessments of your business to identify potential threats

All these measures enable you to adhere to the necessary Singaporean AML requirements. You must make strong efforts to follow every obligation expected from you by the MAS. These measures can help you prevent money laundering threats.

But during these processes, you must ensure you do not make mistakes. You need to dodge them and adopt strong tactics to move ahead.

We’ll look into these mistakes in the next section so you have an idea and don’t commit them.

Common pitfalls of AML compliance for cash-intensive businesses

The AML compliance department is a principle of corporate conduct. It makes your operations possible within ethical and legal boundaries.

1. Lack of a proper AML framework aligned with your business’s compliance needs

The cash-intensive regulated entities must define their AML framework to counter money laundering and terrorist financing risk. The entity must take a risk-based approach and conduct an Enterprise-Wide Risk Assessment. Further, the entity’s Internal Policies, Procedures, and Controls (IPPC) must be aligned with the Enterprise-Wide Risk Assessment.

The IPPC for a cash-intensive regulated business must have the following elements:

Customer Due Diligence
Circumstances requiring Enhanced Customer Due Diligence (ECDD)
Procedures for identifying Politically Exposed Persons (PEPs)
Ongoing Monitoring
Reliance on third party for CDD
Exceptions to CDD measures and timing
Client acceptance policy
Client exit policy
Sanctions screening
Record Management
Detection and Reporting of Suspicious Transactions
Audit of the PPC
Compliance Management Arrangements
Staff Training

2. No idea of the common red flags in transactions or customers

When you aren’t aware of the ML/TF red flags, how would you spot suspicious transactions? If you cannot detect suspicious transactions, you will unknowingly participate in them. And thus, you become a victim of money laundering or any other financial crime.

Comprehend that a cash-intensive business has a high vulnerability to money laundering risks. Recognise this fact and understand the importance of AML compliance. Keep a note of all the indicators of suspicious transactions in cash-intensive business.

When you have them in your mind, you can spot them immediately. And you can prevent or reduce their impact. You can even check your old transactions to identify if any of those were unusual, inconsistent, or have a red flag.

3. Failure to conduct thorough due diligence of customers

Identifying your customers and verifying their identities through documentary proof is crucial. Through due diligence, you can assess their risk level. Also, you must monitor them throughout their journey to assess risk level changes.

If you miss doing so, you’ll never be able to identify the risks your customers pose to your cash-intensive business. It’s not only about the customer but also their offerings, geographical presence, and transactions. Your business can face money laundering threats from any of these factors. So, you must analyse these factors to prevent exposure to financial crimes.

While doing so, use technological systems and solutions. Take a risk-based approach to CDD for efficient allocation of time and resources. Ensure that you conduct it frequently for up-to-date information. For effective management, train your employees on CDD and customer risk profiling.

4. Failure to conduct Enhanced Customer Due Diligence (ECDD)

Your customer due diligence initiatives help you separate high-risk and low-risk customers. This categorization helps you move ahead in your due diligence and AML activities. The same scrutiny does not apply to both categories of customers. That is why simplified due diligence is essential for every customer.

But after this, when you identify the high-risk customers, do not forget to enhance your due diligence efforts. These high-risk customers can be:

Politically Exposed Persons (PEPs)
Sanctioned individuals or entities
Feature in terrorist lists or other watchlists
Engaged in high-risk transactions

Once you identify these customers, apply enhanced customer due diligence before transacting with them. Investigate them further to detect any risks to your cash-intensive business. Think well and analyse such customers more. Take a risk-based decision before going ahead with the business relationship.

5. Absence of employee training in the execution of AML activities

What happens if your employees are unaware of the importance of AML activities? What if they are not attentive to suspicious transactions and customers?

You will be unable to perform your AML measures. You stay non-compliant with AML regulations in Singapore. And then you lose customer trust and reputation, and might have to pay penalties. So, it is better to train your employees on AML compliance.

Teach them all the requirements to comply with. Make them understand the importance of AML compliance for your cash-intensive business. Provide ongoing training to ensure they stay up-to-date with the latest regulations. When they fulfil their roles effectively, they help create a strong AML culture.

So, emphasise the importance of AML compliance to avoid money laundering risks.

6. Missed opportunities in transaction monitoring

Transaction monitoring is the most critical aspect of a cash-intensive business. Each of your transactions is different, involving different customers and cash value. You must assess these transactions to stay aware of potential money laundering threats. You must know the following:

Parties involved
Volume
Value
Nature and complexity level
Distribution channels
Product/service involved
Source of funds
Documentation
Other necessary aspects of the transaction

By knowing these aspects, you can know everything about a transaction. Thus, you can detect the suspicious ones. In its absence, you’ll be unable to detect risky customers and transactions.

Also, remember that it is not a one-time exercise. You must track transactions constantly to generate alerts whenever something is unusual. Scan them closely from every angle. Examine the patterns and trends. Generate an alert when it doesn’t align with the usual. Investigate it further.

7. Neglecting regular risk assessments of your business

Knowing the risks is essential to develop a risk-based approach to preventing money laundering. It is possible with regular risk assessments of your business.

These enterprise-wide risk assessments enable the detection of risks and their evaluation to understand their gravity and impact. Once you understand this, you can develop measures to mitigate, manage, or prevent them. After this, you can take a risk-based approach to fight these financial crimes. This approach also enhances your efforts towards meeting the regulatory expectations. Conducting them frequently lets you capture the changes in risks and business conditions.

Without such risk assessments, you will not know the risks to your cash-intensive business. Without this knowledge, it is challenging to develop measures against money laundering. So, do not neglect to conduct frequent risk assessments.

8. Underutilising technology in AML compliance activities

Technology is a big game changer in AML. Many countries worldwide have accepted technological solutions to support their AML initiatives. It can be a helpful tool even for cash-intensive businesses. Although cash doesn’t have an electronic trail, you can use technology to perform AML tasks for cash.

But what is more important is understanding the significance and use of technology in AML.

You can deploy automatic systems for KYC, CDD, transaction monitoring, and risk assessments. The addition of technology makes the detection of suspicious transactions and customers easier. You can use advanced AI, ML, and data analytics technologies for effective results. Thus, technology prevents money laundering and makes your AML compliance efforts more relevant.

9. Inability to track the performance of AML framework and improve thereon

So, you have implemented all the relevant AML measures in your entity. You have a well-defined AML framework with the necessary policies and internal controls. You have procedures for KYC, KYT, due diligence, transaction monitoring, and risk assessment. All this is good.

But how will you know if they align with your business goals? Are they reaping results for your business? Are they effective in achieving AML compliance?

You can find answers to these questions only through audits and performance reviews of the AML framework. So, create and use relevant performance metrics for your AML program. Establish performance indicators to review the adequacy of these measures to achieve AML compliance.

With these performance metrics, you can audit your AML procedures. You can check whether these are enough to prevent money laundering threats. If not, you can develop improvement strategies and adapt to changing risks.

10. Insufficient reporting, recording, and documentation

So, you have not committed any of the above mistakes in your AML compliance. You have implemented each initiative and achieved your AML compliance. But how will you prove this to MAS and other regulatory authorities in Singapore?

As evidence, you must have proper records, reports, and documents.

Documentation is a critical aspect of AML compliance. Whatever techniques and results you find from these AML measures, you must save them. Even your customer interactions and communication with regulatory authorities are vital. Maintaining all these records in proper format and templates is necessary. You also need to submit reports to authorities under AML reporting requirements.

Missing any of these would mean non-compliance. If MAS asks you for any records during audits or investigations, you must have them. Absence would lead to remediation plans by MAS, penalties, or declaration of non-compliance.

So, now you know the common mistakes cash-intensive businesses make in AML compliance. If you are one such cash-intensive business, be better prepared. Avoid these pitfalls and adopt industry best practices to follow Singaporean AML regulations.

If you need help in any aspect of AML compliance, AML Singapore is your one-stop destination.

We are a prominent provider of AML compliance services to entities in Singapore. We understand the significance of AML for a business and help you prioritise it. We can help you:

Create relevant AML frameworks
Track transactions to detect suspicious activities
Assess customers to build their risk profiles
Put in place appropriate AML policies, procedures, and controls
Select the best technology solution for AML

Achieve your AML goals faster and more accurately with our partnership. Our AML consultants safeguard your business from ML/TF threats and put it on the right track. So, let us know if you need any help in AML compliance.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article Singapore

ACRA’s AML Compliance Review and Best Practices for RFAs

Registered Filing Agents in Singapore must comply with AML/CFT obligations as provided in the ACRA (Filing Agents and Qualified Individuals) Regulations 2015. As a supervisory authority, the AML/CFT function of these Registered Filing Agents (RFAs) is subject to compliance review by the Accounting and Corporate Regulatory Authority (ACRA).

During this review process, ACRA assesses the compliance practices implemented by the registered filing agents licensed in Singapore. After this review, a Compliance Assessment Report is prepared, capturing the findings and observations around the RFA’s AML/CFT compliance measures. To meet the ACRA (Filing Agents and Qualified Individuals) Regulations 2015 compliance requirements and successfully demonstrate the RFA’s commitment to AML compliance, the RFA must adopt best practices in AML compliance.

RFA’s compliance with ACRA Guidelines and compliance review by ACRA

ACRA (Filing Agents and Qualified Individuals) Regulations 2015 apply to the RFAs in Singapore. Per these regulations, you must make every effort to follow the requirements. To check whether you comply or not with the provisions, ACRA conducts reviews.

ACRA may itself conduct the compliance review of the RFA or may appoint independent professional experts to review your compliance procedures and recommend remedial actions. The appointed reviewer shall make an on-site visit, accompanied by an ACRA officer, and shall study the following:

Overall business profile, activities undertaken, compliance functions set up by the RFA and the AML compliance officer
ML/FT exposure of the business by reviewing the outcome and methodology used by the RFA for conducting the enterprise-wide risk assessment
Scope and effectiveness of the RFA’s Internal Policies, Procedures, and Controls (IPPC)
Degree and nature of measures applied by the RFA as part of the customer due diligence and enhanced customer due diligence processes
RFA’s approach to obtaining or determining the customer’s beneficial ownership
Mechanism followed for identifying and reporting the suspicious transaction
Internal communication for AML IPPC amongst the team members
The scope, frequency and adequacy of the AML training program
Analysis of remediation actions executed by the RFA towards the findings made during previous compliance review or inspection

Before visiting the RFA’s premise of detailed review, the ACRA or the reviewer requests the RFA to complete the self-assessment and submit necessary documents pertaining to the following:

Risk-based approach adopted by the RFA and the details of the ML/FT business risk assessment conducted by the RFA
Implementation of the IPPC
RFA’s confirmation on various CDD measures adopted by the RFA for identifying the customers, beneficial owners, etc. and verifying their identities
Details around the red flags list maintained by the RFA and the process followed for timely reporting of the suspicion
Information on compliance with AML training and AML audit requirements

Along with these details in the self-assessment form, the RFA must attach a copy of the latest IPPC adopted by the RFA.

Upon consolidated review of the self-assessment form filed by the RFA and the review of the documents during the on-site visit, the reviewer shall prepare a report on the observations and findings around the RFA’s AML/CFT compliance, highlighting the gaps and the recommendations to remediate these gaps in accordance with the applicable AML regulations and ACRA regulations.

Best practices around AML compliance to adequately address the AML review by ACRA

To ensure compliance with the ACRA guidelines and successfully address the compliance review initiated by ACRA, RFA needs to develop and maintain a robust ML/Ft risk management framework.

Here are the best practices you must adopt for effective AML compliance and avoid non-compliance penalties:

Ensure the quality of your business risk assessment

One critical reason for inaccuracies in AML measures is wrong or incomplete assessments. Identify the threats to your business. Only with awareness of the ML/FT risk the business may face can you customise the AML/CFT framework and make it more effective and relevant to your business activities.

You must periodically review the quality and validity of your business risk assessments. Ensure that it covers all the risk factors impacting the business, such as the nature of the customer, the geographies you do business with, the nature of the services you offer, delivery channel, complexity and type of the transactions executed, etc.

Once you know them, you can develop and implement AML measures against these risks. Enhance the quality of your risk assessments to create a direction for your AML measures. Use the risk criteria mentioned in ACRA’s guidelines while assessing risks. Also, consider the outcome of Singapore’s latest National Risk Assessment.

Track the internal policies, procedures, and controls (IPPC)

As a measure against money laundering and terrorism financing, you must ensure a well-defined and customised AML framework comprising internal policies, procedures, and controls. A comprehensive and up-to-date IPPC will guide you in identifying and managing the risk at each aspect of your business, be it launching a new business practice, onboarding a new customer or executing a transaction with an existing customer.

Ensure your IPPC helps you stay compliant with the regulatory landscape while safeguarding the business.

Check the quality and effectiveness of your customer due diligence measures

An essential element of the AML compliance program is knowing your customer and conducting an adequate due diligence. You must invest your time and effort in periodically reviewing the adequacy and efficacy of the customer due diligence (CDD) measures.

Check out the following to make sure your customers do not stand a chance of misusing your services for any financial crime:

Robustness of the process used for identifying the customers and verifying their identities
Adequacy of the process followed for determining the beneficial owners of the customers
Compliance with the ACRA’s guidelines around customer acceptance
Reliability of the independent sources used for customer identity verification
Identification of the politically exposed persons (PEPs)
Compliance with sanctions screening requirements and the technology adopted for the same
Methodology followed for conducting the customer risk assessment
Quality of the enhanced customer due diligence (ECDD) measures applied when a customer is identified as high-risk
Timeliness of applying and concluding the CDD and ECDD measures
Ongoing monitoring process deployed for keeping the customer’s risk profile in sync with the RFA’s risk appetite

Ensure that the CDD measures empower you to apply a risk-based approach and adequately identify and assess the customer risk.

Assess the suspicious transaction identification and reporting procedures

Having well-defined procedures for monitoring business relationships and transactions and flagging suspicious or unusual activities is a best practice for AML compliance.

Ensure that your list of red flags is up-to-date and relevant to the nature of your business activities. You can refer to the ACRA’s guidelines on indicators of suspicious transactions for defining these risk indicators. If not done, set up a mechanism and system for timely and efficient reporting of the identified red flags from the front-line employees to the AML compliance officer. A process that enables the comparison officer to investigate the detected suspicion and decide on its final report with the suspicious transaction reporting office must be developed.

Check the quality of the suspicious transaction reports (STRs) filed with STRO.

Investigate employees’ AML training and knowledge

Employees’ knowledge of AML measures is essential for AML compliance. AML training ensures the seamless process of complying with AML regulations. So, you must check all your employees and senior management’s understanding of the following:

Importance of AML for the business
AML measures necessary to comply
Internal policies, procedures and controls
Awareness about their AML responsibility

Conduct relevant training for each level of participants for their job-specific topics and general AML awareness.

Adequate AML recordkeeping

Recordkeeping for any entity is useful. Even the AML laws in Singapore mandate you to maintain records of your AML processes for at least five (5) years. Maintaining all the relevant AML records in an organised manner is one of the best practices for RFAs.

You must retain the following records:

Records about customer due diligence applied (identification records, details around customers’ risk profiles, screening outcome, etc.)
Suspicious transactions identified and reported
Transactional details and documents
Business risk assessment
Training records

You might need these records for future reference. Authorities would also ask for them during AML compliance reviews or inspections.

Introduce an AML audit process to reduce the possibilities of regulatory actions

One best practice after implementing the AML compliance function is an AML audit. Periodic AML audit allows you to identify deficiencies in your AML compliance beforehand. You can improve upon them and make them efficient and productive. Thus, you can achieve accuracy and completeness in your AML compliance initiatives.

So, you are already compliant whenever the regulatory authorities audit or investigate your AML compliance.

Handling ACRA compliance review transparently and confidently

You must maintain complete transparency while presenting the details and information to the reviewer during the ACRA lead compliance review. With the best practices adopted in the AML function, give the reviewer a clear and complete picture of your compliance. Be open to receiving feedback from the reviewer and effectively implementing the remediation actions suggested by the reviewer or ACRA.

Make a plan to put into practice the compliance enhancement recommendation captured in the review report, including identifying the responsible person and setting stringent timelines for the same.

These are some of the best practices to be adopted by RFA to ensure effective compliance and successful compliance review by ACRA.

Niyeahma – your partner for professional AML consulting services

Niyeahma dedicates itself to helping entities adhere to the AML regulations in Singapore. You can trust us to strengthen your guarding measures against financial crimes. Our consultants, policymakers, and analysts help you with various AML compliance services. We prepare you for the AML compliance reviews by ACRA or other authorities. We help you fill out the self-assessment form and prepare the documents. You can also trust us to improve actions after compliance reviews. We understand the gaps, strategise actions, and execute them to enhance compliance. So you know whom to call for any queries or support in AML compliance.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article Singapore

Navigating the AML regulatory changes: Elevating the Compliance

A businessman uses a DMS to manage clipboard tasks, checklists,

Navigating the AML regulatory changes: Elevating the Compliance

AML regulations keep evolving. Authorities update them to factor in the changes in international AML requirements and newer sophisticated methods invented by criminals to launder funds or conduct any other financial crime. For you, as a business entity subject to the AML regime in Singapore, there are things to keep in mind while adopting the AML regulatory changes.

Advancements in the business landscape and related operational threats also play a role. All these changes make it crucial for you to navigate the AML compliance updates effectively and implement the best practices in your entity. These facilitate your efforts in ensuring AML compliance with new regulations and amendments.

This blog explores the best practices to manage these AML compliance changes to enhance your business’s AML compliance program in line with Singapore’s regulatory landscape.

AML landscape in Singapore

Singapore is a well-known international financial center. It deals in many trading transactions, international businesses, and money transfers. These characteristics increase its vulnerability to money laundering and other financial crimes. To detect and prevent such illicit activities and strengthen entities’ defences, regulatory bodies like the Monetary Authority of Singapore (MAS), the Ministry of Law, Accounting and Corporate Regulatory Authority (ACRA), etc. have prioritised AML.

It aligns with global efforts towards developing and implementing measures against financial crimes. MAS, ACRA, etc., motivate the regulated entities to create an AML culture. It enables the development of robust controls against these risks. It releases circulars, rules, and notifications for AML/CFT compliance procedures. These AML guidelines teach you about emerging risks, best practices, and industry red flags.

With such sustained effort and innovative practices, AML supervisory bodies of Singapore commit to preventing financial crimes. Even the entities have taken strong measures to manage these risks and minimise their impact. The aim is to free Singapore’s financial system from money laundering threats.

Things to keep in mind while adopting AML regulatory changes

You must remember the following things while ensuring AML compliance with new AML regulations or amendments to the existing AML compliance framework:

Stay aware of the AML regulatory changes

Awareness of new laws and amendments is essential to see their impact on your business. Stay up-to-date on the changes in regulations or the introduction of new laws. You can set up a robust system to track these changes, such as subscribing to the relevant authorities’ websites for updates or subscribing to any paid database that triggers the notification for any regulatory updates to the local regulations or international standards. Also, have employees monitor these amendments to avoid missing any.

The regulatory amendments primarily impact the AML processes, policies, and controls. So, you must be aware of these changes to incorporate into your internal policies, procedures and controls (IPPC) and implement them across the organisation.

Check the impact of new regulations or amendments on your business

The regulations and laws are the main bases for creating your AML framework. With minor changes in them, your policies and procedures will also change. So, knowledge of the impact of the regulatory changes is critical.

Assess the impact of regulatory changes on your business operations. You might not be able to amend your policies and processes unless you analyse the effects of the legal changes on your business profile. So, understand the regulatory changes. Identify what changes it has led to in your operations and AML efforts. This analysis will help you decide on the necessary actions and resources to adjust to the regulatory changes.

Check the impact as soon as the amendments come into force so you do not miss the bus. There might be deadlines, new reports to submit, or procedural adjustments. Any delay in these would affect your final AML compliance. So, a timely and accurate evaluation of implications is necessary for ensuring AML compliance with new regulations or amendments to the existing AML laws.

Form a team to manage the holistic assessment and implementation of AML changes

Regulatory changes mean that you need to modify your AML framework. And you can’t do it alone. To achieve comprehensive compliance, you must understand the impact and amend the AML/CFT framework (policies, procedures, controls, and systems). To facilitate this, you need a team. A team to apply AML compliance updates adequately, following the best practices.

So, create a team that adjusts your AML framework to the regulatory changes. Your team must have risk management, compliance, IT, and legal. They must deeply understand existing AML laws and the new regulations. Only with such diversified expertise can you manage to make effective changes.

If required, involve the relevant stakeholders from the business operations and the senior management to adopt the changes entirely and accurately.

Revise and adjust your AML policies and procedures to these changes

A key thing to keep in mind is making the related changes in your AML framework per the regulations.

Regulatory authorities amend existing regulations if they are not making a difference. Or they bring in new laws to make up for the deficiencies in existing laws. So, following the changes and new rules becomes your legal obligation.

You must review your existing AML policies, procedures, and controls. See where you can find loopholes or gaps. Fill those gaps or deficiencies with new rules or amendments. Alter these AML measures and initiatives to align them with the new regulations. Make necessary adjustments to ensure AML compliance with new or amended AML regulations.

Test the updated AML policies and procedures for effectiveness

You have made the changes in your AML framework per the new regulations in Singapore. But is it working as expected? Are you able to achieve your AML compliance goals? Is your updated program capable enough to prevent money laundering activities and transactions?

You can get answers to these questions only with proper testing and validation of your updated AML policies, procedures, and controls. You must detect if the updates and modifications ensure compliance with new regulations. If not, that means there are still gaps in your framework. If yes, that means the changes to AML regulations are compelling enough.

If you miss this testing and conformity, your AML/CFT framework will still have issues. Thus, you may still be vulnerable to the ML/TF risk despite deploying the controls. These robust monitoring mechanisms enable prompt action on deviations and inaccuracies.

Train your employees on the updates and resulting changes in your AML processes

Who will make these changes in AML processes? Who will execute the new procedures and controls? It’s the employees. That is why they must know about the new updates and have relevant training.

With minor changes in laws, employees’ roles and responsibilities may change. Their procedures to complete an AML task alter. So, employees must also know the new procedures and methods to complete their jobs. You must train your employees to fathom and adapt to these AML updates.

Communicate to them about the new regulations. Solve their doubts, answer their queries, and clarify every minor AML task that would be executed in an altered manner. Such comprehensive, change-specific training is a crucial thing to keep in mind while applying AML regulatory changes.

Align your technology systems with the regulatory amendments

An often-ignored aspect while implementing the AML compliance updates is technology systems.

You may be using AML software for KYC, CDD, transaction monitoring, and customer screening. All these procedures run on rules or parameters set in the system. But when regulations change, there might be changes in these rules also. Generally, entities neglect the impact of new regulations on technology systems. You shouldn’t.

You must assess and upgrade the system changes to qualify for the new regulations. These amendments might occur in data management, solutions, and rules. Make these changes at the immediate time possible to continue with AML compliance processes. You will need to collaborate with the IT team to bring these changes into effect.

Create and maintain documentation of changes

When you created the AML framework for your business, you recorded it. When you make changes to it, document the amendments as well.

You must create and maintain records of:

Changes in regulations
Resulting amendments to the AML framework
Impact on the AML compliance status and ML/TF risks to your business

Such comprehensive records are helpful during audits or authorities’ investigations. The authorities might ask for any of these records at any time. So, you must maintain clear and accurate documentation around the mechanism and the best practices followed for updating your AML compliance framework.

Ask for clarification or guidance from regulatory authorities

While applying AML regulatory changes, one thing to remember is clarity on the needed modifications. You must have an active and open communication channel with regulators.

Seek guidance from the regulatory authorities whenever and wherever needed. Get your doubts clarified on the implications of a regulation to your industry vertical. You can be accurate in your AML compliance only with the correct understanding of the purpose of bringing the changes to the regulation.

To foster such a relationship, show your commitment to compliance. Prove that you are ready to take every action to prevent ML and TF threats. This shows your dedication to the purpose of AML for the security of the country’s financial system.

Prepare for the change

One of the things to keep in mind while applying AML regulatory changes is that change is imminent. So, you must be ready for it. It mustn’t come as a surprise to you.

Prepare the business and employees for it. Distribute enough budget for it. While preparing the project schedules, keep aside time to implement and adopt these changes.

Your employees must not be adamant about not learning the new AML procedures. Train your employees in change management. Motivate them to accept and agree to the changes in AML policies. Teach them the Dos and Don’ts to avoid any possible negligence. It is possible to bring the modifications into effect only with their readiness.

These are the key considerations to keep in mind while applying AML regulatory changes in your business’s AML/CFT compliance program. Missing any one or more of these might affect your AML compliance efforts. Ticking the boxes or maintaining a checklist is fine. But what you need is implementation not on paper but in practice. So, ensure that the changes align with your goals and are effective for operations.

Niyeahma – your partner for professional AML consulting services

Niyeahma is a leading player in AML compliance for regulated entities in Singapore. We help you navigate AML regulations and their amendments successfully. We create a robust plan to study the impact of the changes and apply them.

We commit to continuous improvement in AML efforts. You can expect our experts’ hands-on response to evolving regulations. Connect with our team to receive continued quality AML compliance services and build resilience.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article Singapore