12th November 2019

Comply With Anti-Money Laundering In Singapore

7 Tips To Help Fintechs Comply With Anti-Money Laundering In Singapore

Singapore is one of the world’s busiest and most innovative commercial hubs and a destination for banks and financial services businesses around the world. Given that status, Singapore places a strong focus on financial regulation and plays a significant role in the global fight against money laundering and the financing of terrorism.

Stay on top of your compliance obligations, and protect your firm’s reputation, with our list of the top seven things you should know about AML regulations in Singapore.

Singapore’s AML/CFT Policy

1. The Monetary Authority of Singapore (MAS)

The Monetary Authority of Singapore (MAS) is Singapore’s central bank and financial regulator. MAS is responsible not only for regulating and supervising the financial sector but promoting Singapore’s economic growth. MAS sets out CFT and AML policy in Singapore, issuing regular guidelines for banks and financial institutions, in addition to acts of law and subsidiary legislation.

Beyond oversight of Singapore’s AML/CFT regulations, MAS is also responsible for managing the city-state’s monetary policy and foreign reserves and, like other central banks, also serves as a financial agent and banker to the government.

2. Data Privacy and the Cloud

The Personal Data Protection Act (PDPA) is Singapore’s principal data protection regulation and is implemented by the Personal Data Protection Commission (PDPC). Introduced in 2012, the PDPA sets out data protection compliance obligations applicable to organizations operating within the city. These obligations are built around three concepts:

  • Consent: Organizations must obtain permission to collect, use, or disclose personal data.
  • Purpose: Personal data must be used for the stated purposes of its collection.
  • Reasonableness: Organizations may only use personal data in a manner that would be considered appropriate to a reasonable person.

The data protection obligations set out in the PDPA are transparent and flexible and are aligned with international best practice, including APEC’s Cross-Border Privacy Rules (CBPR). Where regulations were previously restrictive towards the localization, storage, and transfer of data, under the PDPA, Singapore’s government has embraced cloud technology as a way to enhance data protection without stifling business innovation and economic growth.

In 2020, the PDPA was updated, introducing exceptions to the data collection laws for local Singapore businesses in certain circumstances, including for anti-money laundering and fraud prevention purposes. The exceptions were introduced with safeguards, including a requirement for firms to disclose when they are invoked. 

3. Payment Services Act

Under MAS managing director Ravi Menon, Singapore has become a global fintech leader, introducing regulations for a variety of innovations including blockchain and cryptocurrency, along with other digital financial services. One of the most significant moves to integrate fintech into the city’s economic profile came with the Payment Services Act (PSA) which came into effect in January 2020. 

The PSA is intended to provide a forward-looking legislative framework for the regulation of payments systems and payment service providers in Singapore, bringing them under scope of anti-money laundering and counter-financing of terrorism rules, and introducing new compliance obligations for service providers that facilitate cross-border money transfers. With that in mind, under the PSA, fintech firms are required to hold an operating license (or qualify for an exemption). 

4. Transaction Monitoring

Singapore’s AML/CFT regulations set out a clear requirement for fintechs to implement internal transaction monitoring programs. More specifically, fintechs must conduct ongoing monitoring to ensure that transactions are consistent with customers’ risk profiles, and to verify the source of their funds.

Fintechs in Singapore are required to pay special attention to transactions that are complex, unusually large, or which do not fit a customer’s normal pattern of behavior.  Similarly, certain suspicious transaction patterns, such as multiple small deposits over a short time period, also merit special attention. The transaction monitoring process should examine specific characteristics, including:

  • The nature of the transaction relating to the customer’s risk profile
  • Whether transactions were made with the intent to avoid reporting thresholds
  • The destination of payments (e.g. to or from high risk countries)
  • The parties involved (e.g. inclusion on sanctions lists or watch lists)

5. Payment Sanctions Screening

Counter-financing of terrorism is an important component of anti-money laundering in Singapore. Accordingly, fintechs are also required to conduct payment sanctions screening to ensure their customers are not connected to terrorist activities or organizations, and are not subject to international economic restrictions.

Like transaction monitoring, payment sanctions screening processes should be ongoing, and take place whenever customers engage in unusual or complex transactions. The screening process itself involves checking transaction details against a list of designated individuals and entities, as defined by Singapore’s First Schedule of the Terrorism (Suppression of Financing) Act. Where fintechs find a positive match, they are required to freeze the payment immediately, along with the funds and assets of the designated persons or entities (if possible).

6. AML Onboarding and Monitoring

Singapore’s AML/CFT regulations require fintechs to perform a variety of Customer Due Diligence (CDD) checks when onboarding customers, and to monitor their customers throughout the business relationship. That process involves verifying customers’ identities to ensure they are who they say they are, and that they are being truthful about the nature of their business.

Onboarding and monitoring requirements in Singapore must include checks for Politically Exposed Persons (PEP) and for adverse media stories – both of which can be good indicators of customers’ involvement in money laundering. Screening should be conducted at the beginning of the business relationship and continue periodically. Enhanced due diligence measures may be necessary for customers that present higher levels of risk.

In 2021, MAS issued a consultation paper on a proposed Exemption Framework for businesses in Singapore that have cross-border arrangements with their head offices in foreign countries. Under the exemption framework, these businesses would not be subject to the same AML licensing and conduct requirements that apply to domestic businesses, and would instead be able to apply streamlined regulations.

7. Cryptocurrency Code of Practice

The Association of Cryptocurrency Enterprises and Start-Ups Singapore (ACCESS) released a Code of Practice in August 2020 that expanded Singapore’s AML/CFT regulations to crypto-firms. The Code imposes the standard screening, monitoring, and CDD measures that are applied to conventional banks and financial services firms, but adapts them for the effective regulation of cryptocurrency services. The Code covers activities such as:

  • The exchange of different forms of cryptocurrency or exchanges between crypto and fiat currencies
  • Cryptocurrency transfers
  • Safekeeping and administration of cryptocurrency controls
  • Provision of financial services relating to the sale of cryptocurrency

Get Started Now

Learn More