Skip to main content Skip to navigation

How to comply with anti-money laundering Singapore

AML Compliance Knowledge & Training

7 tips to help FinTechs comply with anti-money laundering in Singapore

Singapore is one of the world’s busiest and most innovative commercial hubs and a destination for banks and financial services businesses around the world. Given that status, anti money laundering in Singapore has a strong focus, and the country plays a significant role in the global fight against money laundering and the financing of terrorism.

Singapore’s AML/CFT policy

Singapore’s AML/CFT policy aims to prevent money laundering, terrorist financing and predicate offences in order to maintain Singapore’s financial integrity from financial crime. The AML/CFT efforts are focused on issuing guidelines, acts of law and legislation for financial institutions.

Stay on top of your compliance obligations, and protect your firm’s reputation, with our list of the top seven things you should know about Singapore anti money laundering policies:

1. The Monetary Authority of Singapore (MAS)

The Monetary Authority of Singapore (MAS) is Singapore’s central bank and financial regulator. MAS is responsible not only for regulating and supervising the financial sector but promoting Singapore’s economic growth. MAS sets out CFT and AML Singapore policies, issuing regular guidelines for banks and financial institutions, in addition to acts of law and subsidiary legislation.

Beyond oversight of the Singapore anti money laundering / CFT regulations, MAS is also responsible for managing the city-state’s monetary policy and foreign reserves and, like other central banks, also serves as a financial agent and banker to the government.

2. Data privacy and the cloud

The Personal Data Protection Act (PDPA) is Singapore’s principal data protection regulation and is implemented by the Personal Data Protection Commission (PDPC). Introduced in 2012, the PDPA sets out data protection compliance obligations applicable to organizations operating within the city. These obligations are built around three concepts:

  • Consent: Organizations must obtain permission to collect, use, or disclose personal data.
  • Purpose: Personal data must be used for the stated purposes of its collection.
  • Reasonableness: Organizations may only use personal data in a manner that would be considered appropriate to a reasonable person.

The data protection obligations set out in the PDPA are transparent and flexible and are aligned with international best practice, including APEC’s Cross-Border Privacy Rules (CBPR). Where regulations were previously restrictive towards the localization, storage, and transfer of data, under the PDPA, Singapore’s government has embraced cloud technology as a way to enhance data protection without stifling business innovation and economic growth.

In 2020, the PDPA was updated, introducing exceptions to the data collection laws for local businesses in certain circumstances, including for anti money laundering in Singapore and fraud prevention purposes. The exceptions were introduced with safeguards, including a requirement for firms to disclose when they are invoked.

3. Payment Services Act

Under MAS managing director Ravi Menon, Singapore has become a global fintech leader, introducing regulations for a variety of innovations including blockchain and cryptocurrency, along with other digital financial services. One of the most significant moves to integrate fintech into the city’s economic profile came with the Payment Services Act (PSA) which came into effect in January 2020.

The PSA is intended to provide a forward-looking legislative framework for the regulation of payments systems and payment service providers in Singapore, bringing them under scope of anti money laundering and counter-financing of terrorism rules, and introducing new compliance obligations for service providers that facilitate cross-border money transfers. With that in mind, under the PSA, fintech firms are required to hold an operating license (or qualify for an exemption).

4. AML Singapore transaction monitoring

Singapore anti-money laundering / CFT regulations set out a clear requirement for fintechs to implement internal transaction monitoring programs. More specifically, fintechs must conduct ongoing monitoring to ensure that transactions are consistent with customers’ risk profiles, and to verify the source of their funds.

Fintechs in Singapore are required to pay special attention to transactions that are complex, unusually large, or do not fit a customer’s normal pattern of behavior. Similarly, certain suspicious transaction patterns, such as multiple small deposits over a short time period, also merit special attention. The AML transaction monitoring process should examine specific characteristics, including:

  • The nature of the transaction relating to the customer’s risk profile
  • Whether transactions were made with the intent to avoid reporting thresholds
  • The destination of payments (e.g., to or from high-risk countries)
  • The parties involved (e.g., inclusion on sanctions lists or watch lists)

5. Payment sanctions screening

Counter-financing of terrorism is an important component of anti-money laundering in Singapore. Accordingly, fintechs are also required to conduct payment sanctions screening to ensure their customers are not connected to terrorist activities or organizations, and are not subject to international economic restrictions.

Like transaction monitoring, payment sanctions screening processes should be ongoing, and take place whenever customers engage in unusual or complex transactions. The screening process itself involves checking transaction details against a list of designated individuals and entities, as defined by Singapore’s First Schedule of the Terrorism (Suppression of Financing) Act. Where fintechs find a positive match, they are required to freeze the payment immediately, along with the funds and assets of the designated persons or entities (if possible).

6. Onboarding and monitoring

Singapore anti money laundering / CFT regulations require fintechs to perform a variety of Customer Due Diligence (CDD) checks when onboarding customers, and to monitor their customers throughout the business relationship. That process involves verifying customers’ identities to ensure they are who they say they are, and that they are being truthful about the nature of their business.

Onboarding and monitoring requirements in Singapore must include checks for politically exposed persons (PEPs) and for adverse media stories – both of which can be good indicators of customers’ involvement in money laundering. Screening should be conducted at the beginning of the business relationship and continue periodically. Enhanced due diligence measures may be necessary for customers that present higher levels of risk.

In 2021, MAS issued a consultation paper on a proposed Exemption Framework for businesses in Singapore that have cross-border arrangements with their head offices in foreign countries. Under the exemption framework, these businesses would not be subject to the same AML Singapore licensing and conduct requirements that apply to domestic businesses, and would instead be able to apply streamlined regulations.

7. Cryptocurrency code of practice

The Association of Cryptocurrency Enterprises and Start-Ups Singapore (ACCESS) released a Code of Practice in August 2020 that expanded Singapore anti money laundering / CFT regulations to crypto-firms. The Code imposes the standard screening, monitoring, and CDD measures that are applied to conventional banks and financial services firms, but adapts them for the effective regulation of cryptocurrency services. The Code covers activities such as:

  • The exchange of different forms of cryptocurrency or exchanges between crypto and fiat currencies
  • Cryptocurrency transfers
  • Safekeeping and administration of cryptocurrency controls
  • Provision of financial services relating to the sale of cryptocurrency

Learn more about our Singapore AML solutions.

Automate customer onboarding and monitoring with a real-time AML risk database.

Get started today

Originally published 12 November 2019, updated 18 October 2024

Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.

Copyright © 2024 IVXS UK Limited (trading as ComplyAdvantage).