KYC Policy for PikoHANA


1 INTRODUCTION

1.1. The Accounting and Corporate Regulatory Authority Act (Cap. 2A) (“ACRA Act”), in particular, Part VIA, establishes the regulatory regime for corporate service providers, comprising registered filing agents and registered qualified individuals.

1.2.The Accounting and Corporate Regulatory Authority (Filing Agents and Qualified Individuals) Regulations 2015 (“Regulations”) sets out the specific requirements for corporate service providers.

1.3. Part II of the First Schedule of the Regulations, titled “Anti-Money Laundering and Anti-Terrorism Financing Measures”, contains the terms and conditions which apply to a filing agent (“FA”) who is registered under section 28F of Part VIA of the ACRA Act, when it, by way of business, prepares to carry or carries out transactions for a customer concerning activities specified in paragraph five of First Schedule of the Regulations. These terms and conditions are aligned with the Financial Action Task Force’s recommendations to combat money laundering, terrorism financing, and proliferation financing.

1.4. The objective of these Guidelines is to aid FAs in their understanding of their obligations under Part VIA of the ACRA Act and Part II of the First Schedule of the Regulations. The examples provided within are not exhaustive.

1.5. These Guidelines may be amended by ACRA from time to time and FAs are advised to refer to the latest version that is available on ACRA’s website.

 

2 APPLICATION OF THESE GUIDELINES

2.1 Definitions of Terms Used in Guidelines

An “agent”, in relation to a customer, is a person appointed by the customer to act on the customer’s behalf in any business relationship.

Beneficial owner” in relation to a customer means:

(a) An individual who ultimately owns or controls (whether through direct or indirect ownership or control) more than 25% of the shares or voting rights of the customer; or

(b) Otherwise exercises control over the management of the customer.

A “business relationship” in the context of a relationship between a registered FA and a customer means a business, professional or commercial relationship between a registered FA and its customer, in performing the activities in para. 2.3.1. It may be a formal or an informal arrangement, and includes an occasional or a one-time transaction.

A “company” is defined as a company incorporated pursuant to the Companies Act or pursuant to any corresponding written law.

A “foreign company” is defined as a company incorporated outside Singapore

Compliance management arrangements” means carrying out regular reviews, assessments and updates of the adequacy of internal policies, procedures and controls to ensure that money laundering and financing of terrorism and proliferation risks are mitigated effectively. Examples of areas that may be reviewed are:

(a) whether there are areas of weakness in the registered FA where appropriate risk-sensitive checks may not be being carried out in accordance with Part II of the First Schedule of the Regulations;

(b) whether correct and updated records are kept; and

(c) whether there are any new products, services or procedures that may be used for money laundering and financing of terrorism and which must be catered for.

A  “connected party”, means:

(a) in relation to a legal person (other than a partnership), means any director or any natural person having executive authority (eg: Chief Executive Officers, Managing Directors, etc.) in the legal person;

(b) in relation to a legal person that is in a partnership, means any partner or manager[1]; and

(c) in relation to a legal arrangement, means any natural person having executive authority in the legal arrangement.

A “customer”, in relation to a registered FA, means any person who employs or engages a registered FA to carry out any transaction with ACRA using the electronic transaction system on his behalf.

A “director” has the same meaning as that provided in section 4 of the Companies Act, that is, a director includes any person occupying the position of a director of a corporation by whatever name called and includes the person in accordance with whose directions or instructions the directors of a corporation are accustomed to act and an alternate and substitute director. It should be noted that all directors will be subject to the legal obligations of directorship in the Companies Act.

A “filing agent” (“FA”) means a person who or which, in the course of his or its business, carries out on behalf of any other person any transaction with ACRA using the electronic transaction system or any other means permitted or directed by ACRA if the electronic transaction system is unavailable.

FATF” means the intergovernmental body known as the Financial Action Task Force, which develops and promotes policies and international standards to protect the global financial system against money laundering, terrorism financing and proliferation financing. The Financial Action Task Force has issued 40 Recommendations, 11 Immediate Outcomes and Interpretive Notes for combating money laundering, terrorism financing and proliferation financing.

Internal communication” means having procedures in place to alert the relevant persons working for the registered FA such as its registered qualified individuals and employees to: (a) how criminals may make use of the registered FA to launder money or fund terrorism or proliferation, so as to enable them to take appropriate action to prevent and to report it; and (b) Updates on guidance and news issued by authorities in Singapore.

A “limited partnership” is defined as a limited partnership registered under the Limited Partnerships Act.

A “limited liability partnership” is defined as limited liability partnership registered under the Limited Liability Partnerships Act.

A Politically Exposed Person (“PEP”) is defined as an individual who:

(a) is or has been entrusted with any prominent public function in Singapore (domestic PEPs) or in a country or territory outside Singapore (foreign PEPs). In this context, “prominent public function” includes the role held by a head of state, head of government, government minister, senior civil or public servant, senior judicial or military official, senior executive of a state-owned corporation, senior political party official, or a member of the legislature but excludes the role held by middle-ranking or more junior officials; or

(b) is or has been entrusted with any prominent public function by an international organisation (PEPs of international organisations). In this context, “prominent public function” includes the role held by a director, deputy director, member of the board and member of the senior management of an international organisation, but excludes the role held by middle-ranking or more junior officials;

A “close associate” of a Politically Exposed Persons means a natural person who is closely connected to a Politically Exposed Persons, either socially or professionally. This includes:

(a) an immediate family member (spouse, child, adopted child, step child, sibling or parent) of a politically exposed person; or

(b) a natural person that the Politically Exposed Persons may have significant influence over due to the level of exposure to the PEP.

Transaction” with ACRA means:

(a) Filing, lodging, submitting, producing, delivering, furnishing, or sending of any document with or to ACRA under the legislation administered by ACRA;

(b) Making of any application, submission or request to ACRA under the legislation administered by ACRA;

(c) Providing of any undertaking or declaration to ACRA under the legislation administered by ACRA; and

(d) Extracting, retrieving or accessing of any document record or information maintained by ACRA under the legislation administered by ACRA.

2.2 Requirements for registration and renewal as filing agent

2.2.1. Under section 28C(2) of the ACRA Act, a person may only carry out a transaction with ACRA using the electronic transaction system on behalf of another person, only if that person is a registered FA. However, specified categories of persons are exempted under the ACRA (Authorised Users of Electronic Transaction System) Regulations 2015 from having to be registered under the ACRA Act as FAs.

2.2.2. A person who wishes to be registered as an FA or have his registration renewed has to submit an application to ACRA under section 28F of the ACRA Act.

2.2.3. From 15 November 2018, anyone seeking to register or renew his/her registration as a registered FA will be required to complete a mandatory training programme which comprises a prescribed AML/CFT course and an AML/CFT Proficiency Test prior to the application. RFAs have to fulfil the mandatory training programme once every two years as a pre-condition of their renewal.

2.2.4. Under section 28F(9) of the ACRA Act, a registered FA shall comply with all of the following:

(a) Perform customer due diligence measures to detect or prevent money laundering and the financing of terrorism as prescribed in the Regulations;

(b) Cease acting as a FA for a person if he is unable to complete the prescribed customer due diligence measures in respect of that person;

(c) Keep records obtained through the prescribed customer due diligence measures in such manner and for such minimum period as may be prescribed; and

(d) Such other terms and conditions of registration as may be prescribed. These terms and conditions include those contained in Part II of the First Schedule of the Regulations, titled “Anti-Money Laundering and Anti-Terrorism Financing Measures.”

2.3 Terms and conditions of registration in Part II of the First Schedule of the Regulations

2.3.1. The terms and conditions of registration in Part II of the First Schedule of the Regulations apply to a registered FA when it, by way of business, prepares to carry out or carries out transactions for a customer concerning any one or all of the following activities:

(a) Forming corporations or other legal persons; 

(b) Acting, or arranging[2] for another person to act —

(i) as a director or secretary of a corporation;

(ii) as a partner of a partnership; or

(iii) in a similar position in relation to other legal persons;

(c) Providing a registered office, business address or correspondence or administrative address or other related services for a corporation, partnership or any other legal person;

(d) Acting, or arranging for another person to act, as a shareholder on behalf of any corporation, other than a corporation whose securities are listed on a securities exchange within the meaning of section 2(1)[3], or a recognised securities exchange within the meaning of section 283(1)[4], of the Securities and Futures Act[5].

2.3.2. Though not exhaustive, the following are some factors which ACRA will consider when determining whether a registered FA is acting “by way of business”:

(a) The registered FA sets up its business with the intention of performing the activities listed in para. 2.3.1 and other filings with ACRA on behalf of its customers;

(b) The registered FA advertises/promotes the provision of services, or receives business referrals from other businesses or registered FAs concerning the activities in para. 2.3.1 amongst other filings with ACRA on behalf of its customers; and

(c) The registered FA performs the activities in para. 2.3.1. amongst other filings with ACRA on behalf of its customers for the purposes of profit.

3 MONEY LAUNDERING AND THE FINANCING OF TERRORISM

3.1 What is money laundering?

3.1.1. Money laundering is a process carried out with the intention to conceal the benefits obtained from criminal activity so that they are made to appear to have originated from legitimate sources. In this process, money obtained through criminal activity or other criminal property, for example, money or money’s worth, securities, tangible property and intangible property, are mixed with or exchanged for money originating from legitimate sources or other assets with no obvious link to their criminal origins.

3.1.2. Generally, the process of money laundering comprises three stages:

(a) Placement: the physical disposal of the benefits of criminal activity;

(b) Layering: the separation of these benefits from their source by creating intervening layers of financial transactions; and

(c) Integration: this places the laundered benefits back into the economy so that they re-enter the financial system by appearing to be legitimate business funds.

3.2 What is the financing of terrorism?

3.2.1. Terrorism seeks to influence, compel or intimidate governments or the general public through threats or violence, causing of damage to property or danger to life, creating of serious risks to public health or safety, or disrupting of important public services or infrastructure.

3.2.2. The financing of terrorism involves the funding of such activities. Sources of terrorism financing may be legitimate or illegitimate. For example, they may be derived from criminal activities. They may also be derived from legitimate sources such as income from legitimate business operations belonging to terrorist organisations. The methods used by terrorist organisations to obtain, move, or conceal funds for their activities can be similar to those used by criminal organisations to launder their funds.

4 OBLIGATIONS UNDER PART II OF FIRST SCHEDULE OF THE REGULATIONS

4.1 General Obligations

4.1.1. A registered FA shall comply with the following general obligations in the conduct of its business activities:

(a) a registered FA shall exercise due diligence, and conduct its business, in such a manner as to guard against the facilitation of money laundering and the financing of terrorism and proliferation; and 

(b) a registered FA shall assist and cooperate with the relevant law enforcement authorities in preventing money laundering and the financing of terrorism and proliferation.

Requirement for internal policies, procedures and controls

4.2.1. A registered FA shall have detailed and up-to-date anti-money laundering and counter financing of terrorism risk management internal policies, procedures and controls (IPPC), and document these accordingly. The IPPC serves to document how a registered FA intends to discharge its responsibility for the prevention of activities related to money laundering and financing of terrorism and proliferation, and provide direction to its registered qualified individuals and employees for such prevention. The IPPC should be effective in mitigating the risks faced by the registered FA and reflective of the registered FA’s operations.

The internal policies, procedures and controls required

4.2.2. A registered FA is required to establish and maintain detailed, up-to-date and risk-sensitive IPPC concerning all of the following matters: 

(a) customer due diligence measures (including simplified and enhanced) and on-going monitoring (including enhanced on-going monitoring);

(b) making of suspicious transaction reports;

(c) record-keeping;

(d) risk assessment and management;

(e) audit of the internal policies, procedures and controls;

(f) monitoring and management of compliance with, and the internal communication of, the internal policies, procedures and controls; and

(g) hiring and training of employees.

4.2.3. The IPPC in para. 4.2.2 include those which:

(a) provide for the identification and scrutiny of complex or unusually large transactions; unusual patterns of transactions which have no apparent economic or visible lawful purpose; unusual patterns of transactions which are not related to the business activities of the customer for which the entity was originally set up to conduct; and any other activity which the registered FA regards as particularly likely by its nature to be related to money laundering or the financing of terrorism;

(b) specify the taking of additional measures, where appropriate and necessary, to prevent the development of new products and new business practices, including new delivery mechanisms, for money laundering and the financing of terrorism and proliferation; and the use of new or developing technologies, for both new and pre-existing products, for money laundering and the financing of terrorism; and

(c) determine whether a customer, connected party, beneficial owner, or agent is a politically exposed person.

4.2.4. Senior management should be actively involved in the approval process of the registered FA’s IPPC.

4.2.5. Please refer to Annex A for the essential elements of an IPPC for the prevention of money laundering and the financing of terrorism. A registered FA has the discretion to customise its IPPC in addition to those elements provided in Annex A, to ensure that the IPPC is reflective of its business context.

4.3  Assessing risks and applying a risk-based approach

Situations in which a registered FA is required to apply a risk-based approach

4.3.1. A registered FA should take appropriate steps to identify and assess the registered FA’s exposure to money laundering and financing of terrorism risks and apply a risk-based approach in:

(a) establishing IPPC in relation to the risks faced by the registered FA in order to prevent activities related to money laundering and the financing of terrorism. The IPPC should be effective in mitigating the ML/TF risks faced by their business operations;

(b) identifying and verifying the identity of the beneficial owners of its customers and other connected parties;

(c) performing customer due diligence (including screening and risk assessments) on existing and new customers and other connected parties, and determine the extent of customer due diligence ranging from simplified to enhanced customer due diligence where appropriate to mitigate the ML/TF risks assessed for their customers and services offered; 

(d) understanding the risks of money laundering and the financing of terrorism in the countries or territories that a third party that the registered FA wishes to rely on operates in, if applicable; and

(e) determining the frequency of performing on-going monitoring of business relationships, depending on the level of risks.

4.3.2. A registered FA, when assessing risks, should take into account factors such as the type of customer, the type of service or transaction that the customer expects the registered FA to perform, and the geographic area of operation of the customer’s business. A registered FA is also required to give particular attention to business relationships and transactions with persons from or in countries that have inadequate anti-money laundering or financing of terrorism measures.

4.3.3. A registered FA should at least take the following steps in applying a risk-based approach:

(a) identify the money laundering and the financing of terrorism and proliferation risks faced by the registered FA;

(b) assess the risks identified according to various categories, for example, customers (including their layers of structures, scale of activities), services or transactions provided, and countries or territories where the customers are from or in; before determining the level of overall risk and the appropriate types and extents of controls to be designed and implemented. For example, a risk assessment may lead to a classification of different levels of risk, for example, higher, medium and lower risk;

(c) design different extent of controls (for example, different extent of customer due diligence measures for different categories of customers) to mitigate the assessed risks. For example, enhanced customer due diligence measures needed to mitigate higher levels of risk, and simplified due diligence measures needed to mitigate lower levels of risk;

(d) monitor the implementation of these controls and enhance them if necessary; and

(e) document the risk assessment, keep it up to date and provide the risk assessment information to ACRA when required by ACRA.

4.3.4. A registered FA shall also screen a customer against:

(a) the lists of individual and entities known or suspected to be related to terrorists or terrorist organisations (UNSCR 1267/ 1989 Al-Qaida list and subsequent resolutions),

(b) UNSCR 1988 Taliban list and subsequent resolutions, and all other persons identified in the First Schedule of the Terrorism (Suppression of Financing) Act);

(c) who are known or suspected to be involved in the proliferation of weapons of mass destruction and its financing to Iran (UNSCR 2231 list and subsequent resolutions) and the Democratic People’s Republic of Korea (UNSCR 1718 list and subsequent resolutions); or

(d) any other listing promulgated by ACRA.

4.3.5. A registered FA can refer to the following link to MAS’ website on targeted financial sanctions.A registered FA should also subscribe to MAS’ website to receive alerts to changes to the lists. 

http://www.mas.gov.sg/Regulations-and-Financial-Stability/Anti-Money-Laundering-Countering-The-Financing-Of-Terrorism-And-Targeted-Financial-Sanctions/Targeted-Financial-Sanctions/Lists-of-Designated-Individuals-and-Entities.aspx

4.3.6. In addition, a registered FA is to obtain more information about terrorist designation and the legislation for countering of terrorism, and sign up to the Inter-Ministry Committee on Terrorist Designation website at:

http://www.mha.gov.sg/Pages/Inter-Ministerial-Committee---Terrorist-Designation-%28IMC-TD%29-.aspx

Customer Risk identification and assessment

4.3.7. In identifying and assessing its risks with respect to a customer, a registered FA shall screen the customer for adverse information (e.g. using free public search tools or via subscription to commercial screening programs), and also against other relevant sources on combating money laundering and financing of terrorism as per paragraph 4.3.3 to 4.3.5 for the purposes of determining if there are any money laundering or financing of terrorism risks in relation to the customer. The registered FA shall conduct screening and assess the risks of the customer before it establishes a business relationship. The results of the screening performed should be documented accordingly. For example, screenshots or printouts of the search results should be retained to evidence that screening had been performed.

4.3.8. Higher risks - These may be circumstances where the risks of money laundering or the financing of terrorism are higher and enhanced controls, including enhanced customer due diligence measures and enhanced on-going monitoring may have to be performed. Examples of higher risk factors include but are not limited to the following: 

Customer risk factors

(a) the business relationship is conducted in unusual circumstances (e.g. significant unexplained geographic distance between a registered FA and the customer);

(b) non-resident customers;

(c) legal persons or arrangements that are personal asset holding vehicles;

(d) companies that have unaccounted use of nominee shareholders or bearer shares;

(e) businesses that are cash-intensive;

(f) the ownership structure of the customer appears unusual or excessively complex given the nature of its business;

(g) the customer or a group of customers makes frequent unaccounted transactions to the same individuals or group of individuals;

(h) the customer has criminal convictions involving fraud or dishonesty;

(i) the customer, beneficial owner, or agent is a politically exposed person;

(j) the customer does not have up-to-date company accounts;

(k) the customer makes frequent unaccounted changes to its shareholders or directors;

(l) the customer’s business makes substantial losses;

(m) the customer makes regular transactions which are unrelated to the original business it was originally set up to conduct;

(n) the customer gives unusual instructions or makes inexplicable changes to instructions;

(o) the customer shows unwillingness to provide evidence of identification or provides unsatisfactory evidence of identification of himself or his beneficial owners, connected parties, or both; and

(p) where there are difficulties in obtaining details of the customer’s beneficial owners, connected parties or both.

Country/ territory risk factors

(a) countries or territories identified by credible sources, such as FATF mutual evaluation or detailed assessment reports or published follow up reports, as not having adequate anti-money laundering or counter financing of terrorism systems;

(b) countries or territories subject to sanctions, embargoes or similar measures issued by, for example, the United Nations;

(c) countries or territories identified by credible sources as having significant levels of corruption or other criminal activity; and

(d) countries or territories identified by credible sources as providing funding or support for terrorist activities or that have designated terrorist organisations operating within their territories. 

Services/ transactions risk factors

(a) anonymous transactions (which may include cash);

(b) non face-to-face business relationships or transactions;

(c) payments received from un-associated third parties for the services or transactions provided;

(d) incorporation of shell companies with nominee shareholders and/ or directors;

(e) purchase of companies or business entities that have no obvious commercial purpose;

(f)  transfer of funds without provision of underlying services or transactions;

(g) unusually large cash payments in circumstances where payment would normally be made by other forms such as cheque, bank draft, etc.;

(h) unusual instructions to structure fund transfer amounts to avoid thresholds set by banks;

(i) divergence from the type, volume or frequency of services or transactions expected in the course of the business relationship with the customer;

(j) services or transactions which are unusual for the type of customer or which do not make commercial sense; and

(k) structuring of shareholdings with intention to avoid identification of beneficial owners.

4.3.9. Lower risks - There are circumstances where the risks of money laundering or financing of terrorism or proliferation may be lower, and where reduced controls including simplified customer due diligence measures may be allowed to be performed. Examples of potentially lower risk situations include but are not limited to the following:

Customer risk factors

(a) the customer is a financial institution which is subjected to AML/CFT obligations; and

(b) the customer is a public company listed on a stock exchange and subject to disclosure requirements which impose requirements to ensure adequate transparency of beneficial ownership.

Country/ territory risk factors

(a) countries or territories identified by credible sources, such as FATF mutual evaluation or detailed assessment reports, as having adequate anti-money laundering or counter terrorism financing systems; and

(b) countries or territories identified by credible sources as having a low level of corruption or other criminal activity.

Mitigating the risks through development of controls

4.3.10. After a registered FA has identified and assessed its risks, it shall ensure that the corresponding extent of controls are put in place to reduce these risks and prevent its business from being used for money laundering or the financing of terrorism or proliferation. Some examples of risk-mitigation controls are:

(a) applying different extent of customer due diligence measures, for example, enhanced, normal or simplified customer due diligence for different levels of risks;

(b) applying different extent of identification and verification measures for beneficial owners or connected parties;

(c) obtaining additional information, for example, source of wealth, source of funds etc., on higher-risk customers including politically exposed persons; and

(d) applying different extents of on-going monitoring of the transactions of customers.

Monitoring the implementation of and enhancing the effectiveness of controls

  4.3.11. A registered FA shall have some means of monitoring and reviewing whether its’ controls are working effectively and if not, where these controls need to be enhanced. Some examples of situations which may be considered in deciding whether these controls should be enhanced are:

(a) a sudden unaccounted increase in business from an existing customer;

(b) transactions which are not in keeping with the customer’s profile and business;

(c) when Singapore regulatory authorities announce trends in money-laundering and financing of terrorism and proliferation, or changes or enhancements to anti-money laundering and financing of terrorism and proliferation measures; and

(d) when credible sources highlight trends and cases pertaining to money-laundering and financing of terrorism and proliferation.

Documenting the risk assessment

4.3.12. A registered FA shall document its risk assessments (including information regarding each risk revision for every customer) of its customers and provide the risk assessment information to ACRA when required by ACRA.

4.4  General principles for performance of customer due diligence measures

Requirements of customer due diligence

4.4.1. A registered FA shall comply with the following requirements in performing customer due diligence measures:

(a) identify its customers and agents, if any, and verify their identities on the basis of documents, data or information obtained from a reliable and independent source;

(b) where there is a beneficial owner who is not the customer, identify the beneficial owner, and take reasonable measures on a risk-sensitive basis to verify the beneficial owner’s identity; and

(c) obtain information on the purpose and the intended nature of the business relationship.

When customer due diligence measures have to be performed

4.4.2. A registered FA shall perform customer due diligence measures when:

(a) it establishes a business relationship;

(b) it suspects that there is money laundering or financing of terrorism; or

(c) it doubts the veracity or adequacy of documents, data or information previously obtained for the purposes of identification or verification.

4.4.3. Generally, the verification of the identity of a customer, connected party, beneficial owner and agent must be completed before the establishment of a business relationship. However, if it is essential not to interrupt the normal conduct of business (for example, if there is urgency to perform a particular transaction for a customer) and the risks of money laundering or financing of terrorism or proliferation may be effectively managed by the registered FA, then this verification may take place after the establishment of the business relationship, provided that it is completed within 14 calendar days after the establishment of the business relationship. If CDD cannot be completed by the end of 14 calendar days, the registered FA should consider taking the steps mentioned in paragraph 4.4.7.

4.4.4. A registered FA shall also perform customer due diligence measures at other appropriate times in relation to its existing customers on a risk-sensitive basis taking into account any customer due diligence measures previously performed on these existing customers, when these customer due diligence measures were last performed, and the adequacy of data or information previously obtained.

4.4.5. For customers onboarded prior to 15 May 2015, a registered FA must complete performing customer due diligence measures before conducting further transactions for the customer.

Determining the extent of customer due diligence measures to be performed

4.4.6. A registered FA shall determine the different extent of customer due diligence measures which have to be performed, based on its risk assessments. It must also be able to demonstrate with the necessary documentation to the Chief Executive of ACRA (CE) that the extent of the measures is appropriate in the context of money laundering and financing of terrorism risks. 

Inability to perform customer due diligence measures

4.4.7. Where a registered FA is unable to perform or complete any customer due diligence measures in relation to a customer (including simplified or enhanced customer due diligence measure), then it must:

(a) not carry out any transaction with or for the customer;

(b) not establish a business relationship with the customer;

(c) terminate any existing business relationship with the customer; and

(d) consider whether it is required to file a suspicious transaction report under section 39(1) of the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act, and section 8 or 10 of the Terrorism (Suppression of Financing) Act.

4.4.8 Please refer to Annex B for indicators of suspicious transactions that the registered FA should take note of.

Reliance on identification and verification already performed

4.4.9. A registered FA is not required to repeatedly identify and verify the identity of a customer or its beneficial owner, for every transaction.

4.4.10. A registered FA is allowed to rely on the identification and verification measures that it has already performed, subject to its on-going monitoring procedures, unless it has doubts about the veracity of the information obtained. Examples of situations that may lead to a registered FA having doubts may be where there is a suspicion of money laundering or financing of terrorism in relation to a particular customer, or where there is a material change in the way that the customer’s account is operated, which is not consistent with the customer’s profile.

Reliance on third parties to perform customer due diligence measures

4.4.11. If a registered FA relies on a third party to perform any customer due diligence measures, including simplified and enhanced customer due diligence measures, it shall first have to be satisfied that the following requirements are met:

(a) the third party it intends to rely on is also subject to and supervised for compliance with anti-money laundering and counter financing of terrorism and proliferation requirements, and for the recording and reporting of transactions suspected of involving money laundering or the financing of terrorism, consistent with the FATF Recommendations, and that the third party has adequate measures in place to comply with those requirements;

(b) the registered FA takes appropriate steps to identify, assess and understand the risks of money laundering and the financing of terrorism and proliferation in the countries or territories that the third party operates in;

(c) the third party must not be one which the registered FA has been specifically precluded by the Chief Executive of ACRA (CE) from relying on; and

(d) the third party is able and willing to provide, without delay, upon the registered FA’s request, any document obtained by the third party with respect to the customer due diligence measures performed for the registered FA.

4.4.12. If customer due diligence measures are performed by a third party for a registered FA, the registered FA is required to immediately obtain the necessary information about the customer from that third party.

4.4.13. A registered FA remains ultimately responsible for compliance with its legal obligations under Part II of the First Schedule of the Regulations, notwithstanding its use of a third party to perform customer due diligence.

4.5 Identification and verification of customers’ and agents’ identities

Persons whom a registered FA shall identify and verify

4.5.1. A registered FA shall establish the identity of each customer, connected party and its agent, if any. For this purpose, the registered FA may refer to the Customer Acceptance Form at Annex C.

Requirements for identification and verification of customers and agents

4.5.2. Identifying a customer or agent is a two-part process. First, a registered FA shall identify the customer or agent by obtaining and recording information about the customer, and second, he shall verify the information using reliable and independent source documents, data or information, so as to ensure that the information obtained and recorded is authentic. A national registration identity card (in the case of a Singaporean) or a passport (in the case of a foreigner) is considered a reliable and independent source document.

4.5.3. However, where the customer or agent is unable to produce original documents for verification for good reason, the registered FA shall take additional steps to verify the identity of their customers on a risk based approach. For cases where the customer is a natural person residing locally, a RFA may choose to accept copies of identification that are not notarised. In other situations of higher risks such as foreign customers not residing in Singapore, and/or are not able to produce original documents for verifications, RFAs should take reasonable measures such as accepting statutory declarations, or documents that had been certified to be true copies by notaries public, Commissioner of Oaths, or registered lawyers to ensure that copies of identification documents produced by customers are true copies.

4.5.4. A registered FA shall also keep copies of all documents used in verifying the customer’s and agent’s identity.

4.5.5. Where the customer is a Singapore Government entity, the registered FA shall only be required to obtain information to confirm that the customer is a Singapore Government entity as asserted.

Identification and verification of customers who are individuals

4.5.6. A registered FA shall obtain and record at least the following information to identify a customer who is an individual:

(a) full name, including any alias;

(b) identity card, birth certificate or passport number;

(c) residential address;

(d) telephone number and other contact information (eg: electronic mailing address);

(e) date of birth; and

(f) nationality/dual nationalities (where applicable).

4.5.7. If the customer is a sole proprietor, a registered FA shall also obtain and record the above information in relation to the sole proprietor.

4.5.8. For purposes of verification, a registered FA should ask to see photo identification documents of the customer. Examples of photo identification documents include identity cards, passports, or driving licences.

Identification and verification of customers who are not individuals (i.e., natural person)

4.5.9. A registered FA must obtain and record at least the following information of a customer who is not an individual:

(a) full name;

(b) incorporation number or registration number (eg: business profiles from corporate registry) in the case of a customer that is a body corporate or unincorporate;

(c) identities of the directors or partners as applicable;

(d) address of place of business or registered office address,

(e) telephone number and other contact information (eg: electronic mailing address);

(f) the date of incorporation or registration (as the case may be); and

(g) the place of incorporation or registration (as the case may be)

4.5.10. For a customer which is an existing foreign company, if a registered FA is unable to obtain its incorporation or registration documents from a body which regulates the foreign company in its domicile jurisdiction for purposes of verification of the foreign company’s identity, it should have the foreign company’s identity verified independently by a person responsible in that foreign jurisdiction for the regulation of these companies. It shall also verify the identities of the foreign company’s directors. A registered FA may also refer to the following link for a non-exhaustive list of foreign regulators of companies and refer to it to obtain relevant information about foreign companies: http://www.ecrforum.org/worldwide-registers/

4.5.11 If the registered FA is satisfied that there is little or no risk of money laundering or terrorist financing, the registered FA may obtain information on the identity of the client using:

(a) a structure chart (of the entity) provided by the client directly; or

(b) information available on the client’s website; or

(c) information available from the client’s annual reports; or

(d) information from any reliable public source that is reliable.

4.5.12. If the customer is an existing partnership, limited partnership or limited liability partnership, a registered FA shall also obtain and record the identities of all the partners and connected parties (eg: through a business profile of the customer)

4.5.13. If the customer is a body corporate or unincorporated other than a company, limited partnership or limited liability partnership, a registered FA shall also obtain and record the identities of all the persons having executive authority in the customer including the requirements described in paras. 4.5.9 to 4.5.14.

4.5.14. If the customer is a legal arrangement, a registered FA must verify the identity and particulars of:

(a) For express trusts, the settlor, the trustees, the protector (if any), the beneficiaries or class of beneficiaries, and any natural person having ultimate ownership of the assets or undertakings of the trust, or exercising ultimate control or ultimate effective control over the trust (including through a chain of control or ownership or both); 

(b) for any other type of legal arrangement, the persons in equivalent or similar positions, as those described under sub‑paragraph (a).

4.5.15. A registered FA shall document its risk assessments of its customers, and the reasons why the corresponding levels of due diligence were performed.

Identification and verification of agents

4.5.16. Where the customer (natural person or not) appoints one or more persons to act on his behalf as an agent in establishing a business relationship with a registered FA, the FA must obtain and record the following information of the agent:

(a) full name, including any alias;

(b) identity card, birth certificate or passport number, in the case of an agent who is an individual;

(c) incorporation number or registration number, in the case of an agent that is a body corporate or unincorporate;

(d) residential address or address of place of business or registered office address,

(e) telephone number and electronic mailing address; 

(f) date of birth, incorporation or registration (as the case may be); and

(g) nationality or place of incorporation or registration (as the case may be).

4.5.17. A registered FA shall also verify the authority of the agent to act on behalf of the customer. This may be done by obtaining the appropriate documentary evidence that the customer had appointed the agent to act on his behalf (for example, company resolution, letter of appointment or power of attorney).

Obtaining information on the purpose and the intended nature of the business relationship

4.5.18. Examples of information that may be relevant for a registered FA to obtain to understand the purpose and intended nature of the business relationship are:

(a) details of the customer’s business;

(b) the nature and purpose of the relationship between the customer and its beneficial owners; and

(c) the anticipated level, frequency and nature of transactions that are to be performed by the registered FA for the customer throughout the business relationship.

4.6 Identification and verification of beneficial owners’ identities

Requirements for identification and verification of beneficial owners

4.6.1. A registered FA shall inquire if there is any beneficial owner in relation to a customer. Where he becomes aware pursuant to the inquiry or otherwise that there is one or more beneficial owner in relation to the customer, he must take measures, to obtain information on the identity of every beneficial owner, and also verify the identity of every beneficial owner. The registered FA should obtain at least the information from paragraph 4.5.5 to 4.5.8 in relation to the beneficial owner. In addition, if the beneficial owner is a body corporate or unincorporate or a legal arrangement, the registered FA shall take reasonable measures to understand the ownership and control structure of the body corporate or unincorporate, or the legal arrangement, as the case may be.

4.6.2. After the beneficial owners have been identified, a registered FA may adopt a risk-based approach in verifying the identities of the beneficial owners. The registered FA may decide, based on risk, whether it is reasonable to obtain additional information provided by its customers about their beneficial owners, for example, an undertaking or a declaration from its customers, and take reasonable measures to verify the identity of the beneficial owner by, for example, researching publicly available information on the beneficial owner or arranging a face-to-face meeting with the beneficial owner, to corroborate the undertaking or declaration provided by the customer.

4.6.3. Where the customer is unable, for good reason, to produce original documents to identify or verify his beneficial owners, the registered FA shall take additional steps to verify the identity of the beneficial owners on a risk based approach. For cases where the beneficial owner is a natural person residing locally, a RFA may choose to accept copies of identification that are not notarised. In other situations of higher risks such as foreign customers not residing in Singapore, RFAs should take reasonable measures such as accepting statutory declarations, or documents that had been certified to be true copies by notaries public, Commissioner of Oaths, or registered lawyers to ensure that copies of identification documents produced by customers are true copies. A registered FA should keep the documentation of the CDD performed in the identification and verification of the beneficial owner and ensure that it is available upon ACRA’s request.

Situations where inquiry into the existence of beneficial owners is not required

4.6.4. A registered FA is not required to inquire if there exists any beneficial owner in relation to a customer that is:

(a) a Singapore government entity, that is, a ministry or department of the Government, an organ of state or a statutory board;

(b) a foreign government entity;

(c) an entity listed on the Singapore Exchange;

(d) an entity listed on a stock exchange outside Singapore which is regulated by an authority of a country or territory other than Singapore regulating the provision of financial services;

(e) a Singapore financial institution, as defined in section 27A(6), read with section 27A(7), of the Monetary Authority of Singapore Act;

(f) a financial institution incorporated or established outside Singapore that is subject to and supervised for compliance with requirements for the prevention of money laundering and the financing of terrorism consistent with the standards set by the FATF; or

(g) an investment vehicle, the managers of which are Singapore financial institutions or financial institutions incorporated or established outside Singapore, and subject to and supervised for compliance with requirements for the prevention of money laundering and the financing of terrorism and proliferation consistent with standards set by the FATF;

unless the registered FA has doubts about the veracity of the information obtained when performing customer due diligence measures.

4.6.5. A registered FA shall keep a record in writing of the basis for its determination that a customer falls within (a) to (g) above.

Identifying the “beneficial owner”

4.6.6. For a customer that is a body corporate, the registered FA shall identify the beneficial owners by:

(a) identifying the natural persons (whether acting alone or together) who ultimately own all the assets or undertakings of the body corporate;

(b) to the extent that there is doubt under (a) as to whether the natural persons who ultimately own the body corporate are the beneficial owners or where no natural persons ultimately own the body corporate, identifying the natural persons (if any) who ultimately control the body corporate or have ultimate effective control over the body corporate; or

(c) where no natural persons are identified under (a) or (b), identifying the natural persons having executive authority in the body corporate, or in equivalent or similar positions.

4.6.7. For a customer that is a legal arrangement, that is, an express trust or similar arrangement, the registered FA shall identify the beneficial owners:

(a) of the express trusts, by identifying the settlor, the trustee(s), the protector (if any), the beneficiaries or class of beneficiaries, and any other natural person exercising ultimate ownership, ultimate control or ultimate effective control over the trust (including through a chain of control/ownership or both); or

(b) for other types of legal arrangements, identifying persons in equivalent or similar positions as those described under (a).

Customers who are estates of deceased persons

4.6.8. The beneficial owner of an estate is any executor, administrator or personal representative until the administration of the estate is complete.

  4.6.9. The beneficial owner of these customers is:

(a) where the individuals who benefit from the body corporate or legal arrangement have been determined, any individual who benefits from at least 25% of the property of the body corporate or the legal arrangement;

(b) where the individuals who benefit from the body corporate or legal arrangement have yet to be determined, the class of persons in whose main interests the body corporate or legal arrangement is set up or operates; or

(c) an individual who controls at least 25% of the property of the body corporate or legal arrangement.

4.6.10. A registered FA shall, upon ACRA’s request, be required to provide detailed and accurate beneficial ownership information of the customer to ACRA within 48 hours of the request.

4.7. On-going monitoring of a business relationship

Requirements of on-going monitoring

4.7.1. A registered FA shall conduct on-going monitoring of every business relationship with a customer by:

(a) scrutinising transactions undertaken throughout the course of the relationship (including, where necessary, the source of funds) to ensure that the transactions are consistent with the FA’s knowledge of the customer, and his business and risk profile;

(b) keeping the documents, data or information obtained in the course of performing customer due diligence measures (including simplified and enhanced customer due diligence measures) up-to-date; and

(c) determine the appropriate frequency on when on-going monitoring must be conducted using a risk based approach.

4.7.2. A registered FA shall conduct due diligence measures when: -

(a) there is a material change in the nature of the business relationship with the customer;

(b) a registered FA becomes aware that it may lack adequate identification information on a customer; or

(c) a registered FA becomes aware that there may be changes in the ownership or constitution of the customer.

4.8 Enhanced customer due diligence measures

Situations in which enhanced customer due diligence measures have to be performed

4.8.1. A registered FA shall perform enhanced customer due diligence measures and enhanced on-going monitoring:

(a) in respect of all complex or unusually large transactions or unusual patterns of transactions that have no apparent or visible economic or lawful purpose;

(b) when it proposes to have a business relationship, or has established a business relationship, with any person from or in countries or territories outside Singapore known to have inadequate measures for the prevention of money laundering or the financing of terrorism (as determined by it, or as notified to it by the CE);

(c) for other categories of customers or other transactions which it considers may present a high risk of money laundering or the financing of terrorism;

(d) in respect of a business relationship or a transaction with a customer if the customer is from or in a country or territory for which the FATF has called for countermeasures including enhanced customer due diligence measures to be performed;

(e) for dealing with customers who are not physically present for identification purposes;

(f) where it proposes to have a business relationship with a foreign politically exposed person; and

(g) where it proposes to have a business relationship with a local politically exposed person that has been assessed to be of higher risks.

4.8.2. In determining whether a customer is from a country or territory in para. 4.8.1(b) or para 4.8.1(d), or in determining whether a customer is high risk under para. 4.8.1(c), a registered FA shall consider the FATF’s website (link is provided below), of high risk and non-cooperative countries. 

http://www.fatf-gafi.org/topics/high-riskandnon-cooperativejurisdictions/

Dealing with non-face-to-face customers

4.8.3. Where a customer has not been physically present for identification purposes, a registered FA shall take specific and adequate measures to compensate for the higher risk, including performing one or more of the following:

(a) ensuring that the customer’s identity is established by additional documents, data or information;

(b) implementing supplementary measures to verify or certify the documents supplied;

(c) ensuring that the first payment to the registered FA for the services rendered is carried out through an account opened in the customer’s name with a Singapore financial institution;

(d) telephone or video contact with the customer at a residential or business number that can be verified independently; or

(e) confirmation of the customer’s salary details by requiring the presentation of recent bank statements.

Dealing with Politically Exposed Persons (“PEPs”)

4.8.4. A PEP is an individual who is or has been entrusted with a prominent public function. Due to their position and influence, many PEPs are in positions that can be potentially abused for the purpose of committing money laundering and related predicate offences, including corruption and bribery, as well as conducting activity relating to terrorism financing.

4.8.5. When considering whether to establish or continue a business relationship with a PEP, a registered FA should focus on the level of ML/TF risk associated with the particular PEP. A registered FA should also have sufficient controls in place to mitigate this risk.

Determining whether an individual is a PEP

4.8.6. A registered FA shall establish and maintain risk-sensitive internal policies, procedures and controls to determine whether a customer, connected party, agent, beneficial owner is a PEP, an immediate family member of a PEP or a close associate of a PEP when conducting CDD on their customers.

4.8.7. To determine if a customer/agent/connected party/beneficial owner is a PEP, a registered FA should ensure that the CDD information is up to date so that they can monitor the business relationship for a change in PEP status. To do that, they can use the internet and media as sources for determining, monitoring, verification of information in relation to PEP. They may also subscribe to commercial databases to help them in identifying a PEP. Alternatively, self-declaration by a customer of their PEP status can also be accepted. However, a registered FA should also engage the customers and obtain information pertinent to the different elements of the PEP definition.

For more details on dealing with PEPs, please refer to the FATF guidance paper on PEPs: http://www.fatf-gafi.org/documents/documents/peps-r12-r22.html

Performance of enhanced customer due diligence measures and enhanced on-going monitoring when dealing with PEPs

4.8.8. After determining whether an individual is a PEP, an immediate family member or close associate of a PEP, a registered FA may adopt a risk-sensitive approach in determining whether to perform enhanced customer due diligence measures and the extent of such measures to be performed for any or all of the following:

(a)  a domestic PEP, or his immediate family member or close associate;

(b) a PEP of an international organisation, or his immediate family member or close associate; or

(c) a PEP who has stepped down from his prominent public function, taking into consideration the level of influence that the person may continue to exercise after stepping down from such prominent public function, or his immediate family member or close associate.

4.8.9. If a registered FA is satisfied that the individuals in para. 4.8.9 do not present a high risk, he may decide not to perform enhanced customer due diligence measures and enhanced on-going monitoring for these individuals. The registered FA should document the reasons for this decision. However, if it is satisfied that these persons present a high risk, then he shall perform enhanced customer due diligence measures and enhanced on-going monitoring for these individuals.

4.8.10. If a registered FA is dealing with a foreign PEP, or his immediate family or close associate, he shall perform enhanced customer due diligence measures and enhanced on-going monitoring for these individuals.

4.8.11. Enhanced customer due diligence measures and enhanced on-going monitoring include but are not limited to the following: 

(a) inquiring into the background and purpose of any transaction that the registered FA is engaged to carry out;

(b) obtaining approval from its senior management for establishing the proposed business relationship. The objective is that senior management is aware of the proposed business relationships with PEPs and that a registered FA does not undertake business relationships with them without proper controls.

(c) taking reasonable measures to establish the source of wealth and source of funds which are involved in the proposed business relationship. The source of wealth refers to the origin of the PEP’s entire body of wealth/total assets, and how the PEP came to acquire such wealth. The source of funds refers to the origin of the particular funds which are the subject of the business relationship between the PEP and a registered FA. The information required for the source of funds should not be limited to knowing which financial institution the funds are from, but should also establish a provenance or reason for it having been acquired.

A registered FA may rely on publicly disclosed assets or rely on self-declarations of the PEP. However, when relying on self-declarations, any inability to verify the information should be taken into account in establishing the actual value of the wealth or funds. A registered FA may also rely on information sources such as publicly available property registers, land registers, asset disclosure registers, company registers, past transactions and other sources of information about legal and beneficial ownership where available. Internet and social media searches may also be relied on to reveal useful information about a customer’s source of wealth or funds. A registered FA may also conduct more thorough searches through commercial screening software. Possible sources of wealth or funds include a PEP’s current income, sources of wealth or funds obtained from his current and previous positions, business undertakings and family estates;

(d) conduct enhanced on-going monitoring on the business relationship entered into, which means on-going monitoring that is enhanced in terms of frequency over the course of the business relationship in question; and

(e) keep a record in writing of his findings.

Dealing with other high risk situations

4.8.12. A registered FA, when assessing risks, should take into account factors such as the type of customer, the type of service or transaction that the customer expects the registered FA to perform, and the geographic area of operation of the customer’s business. A registered FA is also required to give particular attention to business relationships and transactions with persons from or in countries that have inadequate anti-money laundering or financing of terrorism measures.

4.9 Audit Function

Requirements of an audit function

  4.9.1. A registered FA shall establish and maintain risk-sensitive internal policies, procedures and controls for auditing the internal policies, procedures and controls described at para. 4.2.

4.9.2. It shall implement and maintain an independent audit function, and be able to regularly assess the effectiveness of these internal policies, procedures and controls and its compliance with the Part II of the First Schedule of the Regulations.

4.9.3. A registered FA may establish and rely on an external auditor/external auditing entity to perform an audit of its internal policies, procedures and controls.

4.9.4. A registered FA who is a sole proprietor is not allowed to appoint himself as both the compliance officer and internal auditor. If he is appointed as the compliance officer, there will not be sufficient independence if he appoints himself as an internal auditor as well. In such a situation he will have to appoint an independent third party as an external auditor/external auditing entity.

4.10 Compliance Management

Requirements of compliance management

4.10.1. A registered FA should:

(a) have internal communications procedures to communicate its internal policies, procedures and controls described at paragraph 4.2;

(b) develop compliance management arrangements;

(c) appoint an employee or officer in a management position as one of its compliance officers in relation to anti-money laundering and countering the financing of terrorism and proliferation measures; and

(d) Ensure that the compliance officer, as well as any other persons appointed to assist him, is suitably trained, qualified, and has adequate resources and timely access to all

4.11 Screening and training of employees

Requirements on screening and training of employees

4.11.1. A registered FA shall:

(a) implement screening procedures for the hiring of fit and proper persons as employees;

(b) ensure that its employees are trained in the laws for the prevention of money laundering and financing of terrorism and proliferation;

(c) ensure that its employees are trained on the prevailing methods of, and trends in, money laundering and financing of terrorism and proliferation; and

(d) ensure that its employees are trained on its internal policies, procedures and controls for the prevention of money laundering and financing of terrorism and proliferation, including the roles and responsibilities of employees and officers of a registered FA in relation thereto.

Examples of factors to be considered for the screening of potential employees

4.11.2. Examples of factors that a registered FA may consider when conducting screening of individuals whom it may wish to hire as its employees are:

(a) whether the individual has been convicted in Singapore of any offence involving fraud or dishonesty punishable with imprisonment for 3 months or more;

(b) whether the individual conduct and compliance history as a registered FA or registered qualified individual has been satisfactory, if the individual has been previously registered. 

A registered FA may also consider requiring individuals whom it wishes to hire as its employees to declare their criminal convictions at the point of job application.

Scope of training

4.11.3. A registered FA shall ensure that its employees are trained and aware of the laws for the prevention of money laundering and financing of terrorism and proliferation, including the ACRA Act and Regulations, the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act and the Terrorism (Suppression of Financing) Act, and other legislation concerning the prevention of money laundering or financing of terrorism and proliferation.

 4.11.4. Training of employees should also cover the following areas:

(a) recognition of and dealing with suspicious activities and transactions; 

(b) the impact that money laundering and financing of terrorism and proliferation may have on a registered FA, its business, customers and employees;

(c) the money laundering and financing of terrorism and proliferation risks that a registered FA faces, given the nature of its business and services;

(d) the changing behaviour and practices of money launderers and those financing terrorism and proliferation;

(e) the internal policies, procedures and controls that have been put in place by the registered FA to identify, reduce and manage money laundering and financing of terrorism and proliferation risks;

(f) different customer due diligence measures, and, on-going monitoring measures; and

(g) effective ways of determining whether customers are PEPs and to understand, assess and handle the potential risks associated with PEPs. Training may use real-life case studies and examples and input and analysis from experienced and trained employees.

Frequency of training

4.11.5. The frequency of training should be sufficient to maintain the knowledge and competence of employees to apply customer due diligence measures appropriately. For avoidance of doubt, employees should at least be trained on an annual basis.

4.12 Record-Keeping

4.12.1. A registered FA shall keep the records of all customer due diligence information (including screening results and risk assessment), and the supporting records in respect of a business relationship which is the subject to any customer due diligence measures or on-going monitoring. These records should be sufficient to permit a reconstruction of individual transactions.

4.12.2. A registered FA shall keep written records of the registered FA’s measures taken in relation to the screening and training of its employees.

  4.12.3. Examples of records that should be kept are:

(a) A copy of the information and evidence of the customer’s and agent’s identity (including that of any beneficial owner in relation to the customer). These include but not limited to:

(i) copies of all documents used in establishing and verifying the customer’s, beneficial owner’s and agent’s identity;

(ii) the agent’s authority to enter into a business relationship on behalf of a customer;

(iii) information on the purpose and intended nature of the business relationship;

(iv) written records of the basis of the registered FA’s determination that a customer falls into the categories for which inquiry into the existence of beneficial owner is not required;

(v) documents of the registered FA’s basis for being satisfied that a third party it is relying on to perform customer due diligence has met the relevant requirements;

(vi) the registered FA’s risk assessment where it performs simplified customer due diligence measures and the nature of the simplified customer due diligence measures;

(vii) written records of the registered FA’s findings with regard to a PEP;

(viii) written records of the registered FA’s findings with regard to other high risk customers or transactions; and

(b) other relevant supporting records.

Duration of time for the keeping of records

4.12.4. The above records above must be kept by a registered FA throughout the duration of a business relationship and for an additional period of at least 5 years beginning on the date on which a business relationship ends.

Format for the keeping of records

4.12.5. A registered FA has the discretion to keep the records:

(a) by way of original documents;

(b) by way of good photocopies of original documents;

(c) on microfiche; and

(d) in computerised or electronic form including a scanned form.

4.12.6. The registered FA must keep the above information to be readily available for examination upon request by ACRA.

 4.13 Reporting of suspicious transactions

4.13.1. A registered FA must have procedures in place to report suspicious transactions. The minimum areas to be covered in the procedures should include:

(a) Persons to whom they have to report;

(b) Avenue to report suspicious transactions;

(c) Information required to be in a STR; and

(d) Timeliness of STR.

4.13.2. A registered FA must have procedures for reporting or escalating suspicious transactions to the compliance officer and/or Senior Management.

Requirement to consider whether a suspicious transaction report must be filed

4.13.3. Where a registered FA is unable to apply customer due diligence measures in relation to a customer, it shall consider whether it is required to make a disclosure under section 39(1) of the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act and section 8 or 10 of the Terrorism (Suppression of Financing) Act.

4.13.4. If in the course of carrying out a registered FA’s work, any of its officers, registered qualified individuals or employees knows or has reasonable grounds to suspect that any property may be connected to money laundering or financing of terrorism or proliferation, he must promptly alert the compliance officer or a member of the senior management of the registered FA. The compliance officer or senior management of the registered FA should consider making a suspicious transaction report to the Suspicious Transaction Reporting Office of the Commercial Affairs Department (CAD). The STR should be lodged without delay and should not exceed 15 business days of the case being detected, unless the circumstances are exceptional or extraordinary.

4.13.5.  A suspicious transaction report may be made electronically via the STRO Online Notices and Reporting Platform (SONAR). More details on how to file STRs via SONAR are available on CAD’s website: https://www.police.gov.sg/sonar

4.13.6. A report should be filed with Suspicious Transaction Reporting Office, CAD as soon as practicable. If a decision is made not to file a suspicious transaction report by the compliance officer or senior management of the registered FA, the reasons for the non-filing should be documented and made available to ACRA when required.

4.13.7. Where a registered FA forms knowledge or suspicion of money laundering or terrorism financing or proliferation, and reasonably believes that performing any of the measures as required by paragraph 4 will tip-off a customer, a natural person appointed to act on behalf of the customer, a connected party of the customer or a beneficial owner of the customer, the registered FA may stop performing those measures. The registered FA shall document the basis for its assessment and file an STR without delay. 

4.13.8. Please refer to Annex B for indicators that a registered FA should take note of in deciding whether to file a suspicious transaction report.

ANNEX A

Policy Statement and Description of Key AML/CFT Officers and Their Roles and Responsibilities

1.1.  An IPPC should include a policy statement to describe the RFA’s role in and its commitment towards combatting money-laundering and financing of terrorism (ML/TF). It may consider the following points when drafting its policy statement:

(a) What is the RFA’s role in combatting money-laundering and financing of terrorism?

(b) What is the risk appetite of the RFA towards combatting money-laundering and financing of terrorism?

(c) What are the values the RFA will promote within the organisation towards the prevention of money laundering and the financing of terrorism?

1.2. An IPPC should include a description of the key AML/CFT officers within the RFA and their specific roles and responsibilities. For example, the IPPC should spell out the specific persons responsible for compliance, training and screening of employees.

1.3. The IPPC should elaborate the checks and balances or safeguards set up within the RFA to ensure clear delineation of roles and responsibilities. For example, the person who introduces or recommends a client, should not be the same person who approves the client to be accepted.

1.4 . The IPPC should also state how frequently the IPPC will be updated to ensure its relevancy.

2 Application of a risk-based approach, and identification and assessment of risks

[Note: This section spells out the requirements for the RFA to describe the risks faced by the RFA’s business operations and how the RFA identifies these risks. It should include:

a. How it identifies and assesses the risks faced in the course of its business;

b. How often it reviews the risks posed by the customer;

c. What the respective customer due diligence processes (CDD) for the different risks identified are; and

d. How the RFA monitors the effectiveness of its IPPC

2.1. Describe the services and products the RFA offers, including how the RFA identifies and assesses the risks[6] of the services and products offered.

2.2. What ML/TF vulnerabilities and typologies are the RFA typically exposed to arising from the products, services offered and the jurisdictions the RFA operate in and with?

2.3. Describe the profile of the RFA clients – which jurisdictions they are from, what transactions they typically engage you to perform on their behalf.

2.4. Describe the screening procedures of the RFA, including the source of information in which screening was performed against, any screening software subscribed, the frequency of review, etc.

2.5. Describe how the RFA classifies the customer into risk categories (low, medium and    high).

2.6. Describe how the RFA monitors and evaluates the effectiveness of the IPPC.

3 Performance of customer due diligence measures

[Note: In this section, RFAs should indicate how they design the appropriate level of controls after assessing the risks in Section 2. RFAs should elaborate on the level of CDD that was implemented on customers based on their risk classifications.

This section should include:

a. How the RFA screens and identifies the risks associated with their customers/agents/ connected parties/beneficial owners;

b. How the RFA identifies and verifies the customers/ agents/connected parties/ beneficial owners;

c. What are the CDD procedures for each risk category (simplified, normal & enhanced) of customers identified;

d. How the RFA identifies and verifies the beneficial owners of their customers;

e. What are the CDD procedures for each risk category (simplified, normal & enhanced) of beneficial owners identified; and

f. What are the on-going monitoring procedures for the customers/agents/connected parties/beneficial owners, including frequency of review.

3.1. Describe the different CDD processes on how the customer/agent/connected party is identified and verified according to their risk categories identified (Simplified CDD, Normal CDD, Enhanced CDD). This should include:

(a) a description of how the RFA identifies and verifies the identity of the customer/agent/connected party;

(b) a description of the extent of CDD measures for an existing customer/agent/connected party, that is, enhanced, normal or simplified customer due diligence measures; and

(c) a description of the extent of CDD measures for a new customer/agent/connected party, that is, enhanced, normal or simplified customer due diligence measures.

3.2. Describe the CDD process on how the beneficial owner(s) is identified, and verified on a risk based approach. This should include:

(a) identification and verification of identity of beneficial owner(s) and the extent of CDD performed; and

(b) extent of CDD measures for existing beneficial owner(s), i.e., enhanced, normal or simplified CDD measures.

3.3. Describe the situations where enhanced CDD is performed by the RFA. This should include but is not limited to:

(a) customer/agent/connected party/beneficial owner(s) from or in countries or territories outside Singapore known to have inadequate measures for the prevention of money laundering and financing of terrorism;

(b) customer/agent/connected party/beneficial owner(s) from or in country or territory for which FATF has called for countermeasures including enhanced customer due diligence measures to be performed;

(c) categories of customer/agent/connected party/beneficial owner(s) or other transactions which the RFA considers may present a high risk of money laundering or the financing of terrorism;

(d) customer/agent/connected party/beneficial owner(s) who is a politically exposed person including those who have stepped down, their immediate family members or close associates; and

(e) customer/agent/connected party/beneficial owner(s) who is not physically present for identification purpose. 

3.4. Describe the procedures where enhanced CDD is performed in relation to the RFA’s customer/agent/connected party. This should include but is not limited to:

(a) How the RFA enquires into the background and purpose of any transaction that the RFA is engaged to carry out as part of enhanced CDD;

(b) Whether approval is obtained from the RFA senior management for establishing the proposed business relationship as part of enhanced CDD; and

(c) The type of measures to establish the source of wealth and source of funds which are involved in a proposed business relationship as part of enhanced CDD.

 3.5. Describe the process where CDD is performed by a third party. How does the RFA ensure that the following requirements are met before relying on the CDD performed by the third party:

(a) In what way is the third party subjected to and supervised for compliance with AML/CFT requirements, consistent with the standards set by the FATF;

(b) What measures does the third party have in place to comply with the above requirements;

(c) What steps did you as an RFA, take to identify, assess and understand the risks of money laundering and financing of terrorism in the countries or territories that the third party operates in; and

(d) How did you as an RFA, check that the third party is not one which ACRA specifically provided that you should not rely on.

3.6. How do you as an RFA, ensure that the third party is able and willing to provide, without delay, upon the RFA’s request, any document obtained by the third party with respect to the CDD measures performed in relation to the RFA’s customer.

3.7. Describe the actions taken where CDD cannot be performed or completed before the transaction was made. This should include but is not limited to:

(a) What considerations the RFA takes into account in deciding whether or not to carry out any further transactions with or for the customer;

(b) What considerations the RFA takes into account in deciding whether or not to establish a business relationship with the customer;

(c) What considerations the RFA takes into account in deciding whether or not to terminate any existing business relationship with the customer; and

(d) What considerations the RFA takes into account in deciding whether or not to make a disclosure under section 39(1) of the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act, and section 8 or 10 of the Terrorism (Suppression of Financing) Act.

3.8. Describe the procedures in which on-going monitoring is being performed. This should include but is not limited to:

(a) how transactions are scrutinised and undertaken throughout the course of the relationship (including, where necessary, the source of funds) to ensure that the transactions are consistent with the FA’s knowledge of the customer, and his business and risk profile;

(b) how the documents, data or information obtained in the course of performing CDD (including simplified and enhanced customer due diligence measures) are kept up-to-date;

(c) how every business relationship is reviewed based on the risk assessment; and

(d) how often on-going monitoring is conducted over the course of the business relationship.

4 Record-keeping

[Note: this section is meant for RFAs to elaborate on the types of records they collect as part of their CDD. It must include the duration in which the records are kept (minimally for 5 years after terminating business relationship with the customer). These records should be sufficient to permit a reconstruction of individual transactions and the RFA has the discretion to keep the records in different formats (eg: hardcopies or electronically). RFA should elaborate on their processes accordingly.]

4.1. Describe the process in which documents related to the risk assessments and CDD are stored. This should include a description of the format, the record retention period and types of documents stored. The type of records to be kept should include but is not limited to:

(a) copies of all documents used in establishing and verifying the customer’s, beneficial owner’s and agent’s identity;

(b) the agent’s authority to enter into a business relationship on behalf of a customer;

(c) information on the purpose and intended nature of the business relationship;

(d) written records of the basis of determination that a customer falls into the categories for which inquiry into the existence of beneficial owner is not required;

(e) documents for being satisfied that a third party it is relying on to perform customer due diligence has met the legal requirements;

(f) the risk assessment for cases where simplified customer due diligence measures is being performed;

(g) written records of findings with regard to a politically exposed person;

(h) written records of findings with regard to other high risk customers or transactions; and

(i) any suspicious transaction reports filed.

5 Filing a suspicious transaction report (STR)[7]

[Note: this section is meant for RFAs to indicate their processes on how and when suspicious transactions are identified and the person responsible for filing the STR. RFAs to elaborate on their processes accordingly.]

5.1. Describe the procedures used by the RFA in dealing with suspicious transactions. This should include but is not limited to:

(a) Persons within the RFA to whom they have to report possible suspicious transactions, for possible referral to STRO;

(b) How the suspicious transaction is escalated for a decision on whether to file an STR;

(c) The internal guidelines of the RFA to guide its employees on the type of information to include in a STR;

(d) The internal guidelines on how soon RFA should file a STR.

(e) The list of indicators of suspicious transactions. (RFAs may refer to Annex B for the indicators of suspicious transactions)

6  Audit function, compliance management and internal communication

[Note: this section is meant for RFAs to elaborate on how they will ensure the relevancy of the IPPC and how the IPPC is being communicated to the employees. RFA should elaborate on their processes, as appropriate to the RFA’s context, accordingly.]

6.1. Describe how the RFA implements and maintains the audit function to assess the effectiveness of its IPPC.

6.2. Describe how the RFA ensures that the IPPC is communicated to its employees, officers and Registered Qualified Individuals to ensure the awareness of their roles in preventing money laundering and financing of terrorism.

7 Screening of employees and training

[Note: this section is meant for RFAs to elaborate on the procedures that they have in relation to screening of their employees during the hiring process and the relevant training plans on AML/CFT. RFA to elaborate on their processes accordingly.]

7.1. Describe how the RFA screens its employees to ensure that the employees are fit and proper persons[8].

7.2. Describe how and the frequency in which the RFA ensures that the employees are trained on the implementation of the RFA’s IPPC and other AML/CFT measures.

ANNEX B

Indicators of Suspicious Transactions

The following list is not exhaustive and should be used as a general guide only. The registered FA must file a suspicious transaction report if there are indicators that a transaction is suspicious. There may, however, be valid or legitimate explanations for the transactions. In such a case, a suspicious transaction report need not be filed but the RFA should document the reasons why a report was not filed.

Indicators relating to incorporation of shell companies

* Companies registered in Singapore with no apparent business and low paid up capital.

* Addresses of the registered FA or PO Box addresses are used by companies as their registered mailing addresses.

* Multiple bank accounts opened with various banks for no apparent economic or business reasons.

* Authorised bank signatories are usually foreign directors and shareholders located overseas.

* Bank accounts are opened at around the same period foreign directors are in Singapore to incorporate their companies.

* Frequent large incoming remittances into bank accounts from different individuals and companies, located mainly overseas.

* After receipt of funds in the bank accounts, the funds are usually moved out of Singapore within the next few days. These bank accounts generally have low balances.

* Transaction patterns in the bank accounts are often not in line with the company’s principal business.

* Companies incorporated by foreign directors with no links or activities in Singapore.

* Multi-jurisdictional or complex structures of corporate entities are established.

Indicators relating to other crimes

* Customers give suspicious information for CDD purposes.

* Customers unwilling/unable to provide information for CDD purposes.

* Customers use suspicious looking identity documents for CDD purposes.

* Customers uncontactable for CDD purposes.

* Customers featured in adverse news.

* Transactions involving politically exposed persons

* Unrealistic turnover in customer’s financial statements

* Unusual/uneconomical movement of funds. 

  

Indicators of Terrorism Financing

* Clients featured in adverse news or sanction lists related to terrorism and/or terrorism financing.

* Counterparties of client featured in adverse news or sanction lists related to terrorism and/or terrorism financing.

* Clients who are designated entities in the following sanctions lists:

** United Nations (Sanctions – Iran) Regulations 2014, UN 2231

** United Nations (Sanctions – DPRK) Regulations 2010, UN 1718

* Counterparties of client who are designated entities in the following sanction lists:

** United Nations (Sanctions – Iran) Regulations 2014, UN 2231

** United Nations (Sanctions – DPRK) Regulations 2010, UN 1718

High risk transaction pattern

* Transactions indicated as ‘donations’ or ‘contributions to humanitarian aid’ (in particular to non-profit or religious organisations in a conflict zone)

* Transactions linked to the purchase of items that may be used for terrorism activities, where the declared purpose of the transaction does not match the profile of the parties involved

* Transactions with entities located in conflict zones (where terrorism-related activities or entities are present), and where the declared purpose for the transaction does not match the profile of the parties involved

* Accounts with minimal activity before 2014 now showing inflows from unknown origins, followed by fund transfers to beneficiaries or ATM withdrawals in conflict zones.

* Client suddenly procuring and/or shipping oil equipment to conflict zones, where the activity is not consistent with the customer’s line of business or occupation.

* Clients log on to their online accounts from locations in conflict zones, in a manner that does not appear to have a lawful or legitimate purpose.

Other Indicators of Terrorism Financing (Applicable to Other Crimes)

High risk transaction pattern

* Clients who have frequent cash deposits and withdrawals

* Counterparties of clients who make frequent cash deposits into client’s accounts

ANNEX C

Client Acceptance Form For Due Diligence Purposes (For Duly Established Company In Singapore)

ANNEX D

Risk Assessment Form (For Professional Intermediaries Internal Use)

______________________________

[1] Manager in relation to a LLP, means any person (whether or not a partner of the LLP) who is concerned in or takes part in the management of the LLP. (whether or not his particulars or consent to act are lodged with the Registrar as required under s23(2) of the LLP Act).

[2] "arranging" means providing for any person to act as director, secretary, partner or shareholder on behalf of another person

[3] Section 2(10 states "securities exchange" means an approved exchange in respect of the operation of its securities market.

[4] Section 283(1) states “recognised securities exchange” means a corporation which has been declared by the Authority, by order published in the Gazette, to be a recognised securities exchange for the purposes of this Division.

[5] Please refer to the Schedule of the Securities and Futures (Recognised Securities Exchange) Order 2005 for a list of recognized securities exchanges

[6] RFAs should also refer to Singapore National Risks Assessment Report to identify risks associated with CSP

[7] RFAs can refer to Annex B of the CSP Guidelines for indicators of suspicious transactions

[8] Fit and proper considerations include: 

(a) whether the person has been convicted in Singapore or overseas, of any offence involving fraud or dishonesty punishable with imprisonment for 3 months or more; 

(b) whether the person is an undischarged bankrupt in Singapore; and 

(c) whether, if the person has been previously registered as a FA or qualified individual, his conduct and compliance history as a registered FA or registered qualified individual had been satisfactory. 


Was this article helpful?