A regulatory overview of anti-money laundering in Singapore

As one of the world’s busiest and most innovative commercial hubs, Singapore is a natural destination for banks and financial services businesses. The country is home to more than 1300 financial technology (FinTech) firms, which attracted over US$4.1 billion in investment in 2022, and manages over US$4 trillion in assets under management (AUM). It has therefore established itself both as an innovation-friendly business center and as a premier global wealth management hub. It also maintains a strong regulatory framework around anti-money laundering and countering the financing of terrorism (AML/CFT). 

Because of these factors, the country plays a significant role in the global fight against financial crime. Singapore’s AML/CFT regime is subject to constant evolution, with 2024 seeing a steady stream of new guidance and legislation coming into effect. This article walks firms through all the key laws, regulatory bodies, and actionable compliance tips they need to know about. 

Singapore’s AML regulations

Singapore’s AML/CFT regime is contained within a body of legislation that began in the 1990s and is regularly updated in response to changing markets, institutions, and threats. 

The Corruption, Drug Trafficking and Other Serious Crimes Act (CDSA)

The CDSA was introduced in its original form in 1992 to combat drug-related money laundering before being amended in 1999 to expand its scope to other predicate crimes. The CDSA provides the basis for law enforcement to confiscate criminal proceeds and outlines financial institutions’ (FIs’) compliance requirements, such as: 

• Creating policies and procedures for effective AML monitoring must be based on a business-wide risk assessment that identifies their exposure to money laundering and terrorist financing risks.
• Designating a compliance officer to oversee the establishment, implementation, and ongoing management of an AML compliance program.
• Senior compliance staff must ensure new employees are trained in these policies at onboarding and provided with at least annual updates. Firms must also implement a robust training program for all staff members to identify and deal with suspicious activities. 
• Keeping records relating to transactions and filing suspicious transaction reports (STRs), cash transaction reports (CTRs, for transactions over $20,000), and cash movement reports (CMRs, for cross-border transactions).  

The Terrorism (Suppression of Financing) Act (TSOFA)

Similarly to other global anti-terrorism legislation introduced in the early 2000s, the TSOFA specifically criminalized the collection or provision of funds for terrorist purposes and extended existing AML legislation to cover terrorist financing. 

Monetary Authority of Singapore (MAS) Notices  

The MAS is Singapore’s financial regulator. Under the authority of the Financial Services and Markets Act, it publishes legally binding notices detailing specific AML/CFT measures all FIs must implement. These include: 

• Risk assessments to identify money laundering and terrorism financing risks from FIs’ customers, products and services, and jurisdictions of operation. These must be updated to consider threats from new products, practices, and technologies. 
• Customer due diligence (CDD), which involves verifying the identity of any entity a firm begins a business relationship with  or any non-customer involved in certain transactions (such as those over $20,000). It also entails establishing the ultimate beneficial ownership (UBO) of customer accounts. CDD can be in the form of simplified due diligence (SDD) or enhanced (EDD), depending on the level of risk the customer presents. 
• Ongoing monitoring of its customer relationships, including maintaining the accuracy of CDD data and analyzing transactions to ensure they are consistent with a customer’s expected financial behavior. 
• Ensuring the third-party and correspondent institutions an FI has business relationships with meet Singapore’s AML/CFT standards.   

The Payment Services Act (PSA)

Intended to regulate Singapore’s payments industry without stifling FinTech innovation, the PSA was introduced in 2020. It set out regulatory requirements for payment service providers (PSPs) and gave the MAS legal oversight of payment systems, including their AML/CFT obligations. Under the PSA, PSPs must: 

• Conduct CDD on all customers in the same way as other FIs.  
• Continue to screen customers against sanctions lists, adverse media, and politically exposed person (PEP) data. 
• Monitor customer transactions based on criteria such as transaction thresholds, patterns, and transactions to or from high-risk countries. 
• Maintain records on customer activity and report all potentially suspicious transactions. 

The Anti-Money Laundering and Other Matters Act

The Anti-Money Laundering and Other Matters Act took effect in November 2024. It was introduced to achieve specific aims, including giving law enforcement agencies greater powers to prosecute financial crimes – clarifying Singapore’s processes for dealing with seized assets, and aligning casinos’ AML/CFT obligations with those recommended by the Financial Action Task Force (FATF). 

The Financial Services and Markets Act (FSMA) 

The FSMA is an omnibus act for sector-wide financial regulation and migrates the existing supervision framework established by the MAS Act 1970. This includes Part 4 of the FSMA, which focuses on AML/CFT and mandates FIs to disclose information to the authorities as part of investigations. 

In May 2023, this section was amended to create the legal framework for COSMIC (Collaborative Sharing of Money Laundering/Terrorist Financing Information and Cases), a centralized platform for FIs to share customer data for AML/CFT purposes. COSMIC launched in April 2024 with six participating banks and a focus on three specific risks: misuse of corporate structures, trade-based money laundering (TBML), and proliferation financing. 

The consequences of regulatory non-compliance 

The various pieces of legislation that make up Singapore’s AML/CFT regime carry severe penalties for non-compliance, including both fines and imprisonment. Specific punishments include: 

• A maximum $500,000 fine for failing to file a STR. 
• A maximum $10,000 fine or two-year prison sentence for failing to produce documents to an authorized officer. 
• A maximum $10,000 fine for failing to document and retain a copy of every transaction for at least five years. 
• A maximum $250,000 fine and three-year prison sentence for tipping off an entity named in a STR. 
• Failure to comply with MAS notices can result in fines of up to $1 million for each offense, plus $100,000 for every day the offense continues. 

In 2024, an amendment to the CDSA specified two further penalties: 

• A fine of up to $150,000 or a prison sentence of up to three years for continuing with a transaction despite the presence of red flags, or “negligent money laundering.” 
• A fine of up to $250,000 or a sentence of up to five years for “rash money laundering” or proceeding with a transaction despite holding suspicion about it and failing to make further inquiries. 
• A fine of up to $50,000 or a sentence of up to three years for “assisting another to retain benefits of criminal conduct”: acting as a money mule or allowing criminals to access a payment account. 

Singapore’s AML regulators 

The responsibility for directing, monitoring, and enforcing the compliance of Singaporean firms is split between different organizations, each with different objectives and legal powers. AML compliance and enforcement involves a network of relationships between firms, their customers, regulators, and law enforcement bodies, as illustrated below: 

The Monetary Authority of Singapore (MAS)

The MAS supervises FIs’ AML/CFT measures to ensure they meet the required standards and educates them on emerging risks and industry best practices. In addition to its regulatory notices, the MAS directs Singapore’s overall financial policy direction and issues national strategy papers and risk assessments on combatting money laundering. 

The Commercial Affairs Department (CAD)

The CAD is the law enforcement agency responsible for financial crime investigations in Singapore. It is composed of several specialist divisions, each handling particular financial crime typologies. There are three Financial Investigation Divisions, dedicated to money laundering, terrorist financing, and specialized fraud investigations respectively. 

The Suspicious Transaction Reporting Office (STRO)

The STRO sits within the CAD and is Singapore’s financial intelligence unit, meaning it receives STRs, CTRs, and CMRs from FIs. The STRO analyzes these reports for evidence of money laundering, terrorist financing, or other financial crimes, and disseminates intelligence to law enforcement agencies. 

A Guide to AML/CFT for Singaporean FinTechs

Read our expert guide for Singaporean businesses, complete with practical tips and useful pointers on managing financial crime risks.

Download now

Best practices for AML compliance in Singapore

Singaporean firms subject to AML regulation have a large body of legislation to consult, giving them a long list of technical compliance requirements. However, the journey from knowing the rules to understanding how to comply with them in practice can be a challenging one for firms. These are some crucial steps they should take: 

• Implement flexible due diligence protocols: Firms should have the tools and know-how to conduct varying levels of CDD and policies guiding when these levels should be activated to align with a risk-based approach. SDD may consist only of identifying a customer and checking the nature of their relationship with the business. EDD, however, may include source of funds (SOF) and source of wealth (SOW) checks, requests for further identifying information, and greater scrutiny of the business relationship. 
• Build rules and scenarios for transaction monitoring purposes: Effective transaction monitoring is built on a sound knowledge of financial crime typologies and how to detect them in the data. Firms should set transaction monitoring thresholds based on customer segmentation, statistical analysis, and tuning. Machine learning (ML) capabilities can also help them detect new or less well-known suspicious payment patterns. 
• Minimize delays in data updates: Singaporean firms are legally required to conduct ongoing monitoring of their customers, which means they need to access up-to-date information from multiple sources. Firms slow to make the necessary changes will take on unnecessary risk. 
• Maintain awareness of risks: The MAS’ 2024 national money laundering risk assessment highlighted cyber-enabled fraud, organized crime, corruption, tax evasion, and trade-based money laundering (TBML) as Singapore’s key money laundering risks. Firms should also be aware of common and emerging financial crime typologies that may factor into their business-wide risk assessments. 
• Choose appropriate AML software: The development of specialized AML technology, particularly artificial intelligence (AI) and ML, means firms can use a range of software solutions to streamline their route toward compliance. FIs should understand their exact requirements and existing capabilities before assessing the available options and choosing the one that best meets their needs. 

AML solutions for Singaporean firms

ComplyAdvantage has a range of solutions built to make AML compliance as efficient as possible for firms. By using ComplyAdvantage to balance growth objectives with compliance requirements, businesses can: 

• Increase their risk visibility: Firms can safeguard their business operations with 24/7 automated risk monitoring. Ongoing monitoring alerts update compliance teams on customer risk statuses via a single API call.
• Reduce their false positive rates: ML models performing both semantic and statistical analysis on new alerts can bring down false positive numbers by eliminating duplicated or irrelevant data from searches, streamlining analyst workloads and freeing up resources. 
• Enhance sanctions compliance in real-time: With rapid changes to critical information via AI-powered systems, firms no longer have to rely on manual data checks, speeding up compliance and minimizing risk.