Amendments to the AML/CFT Notices and Guidelines

On 30 June 2025, the Monetary Authority of Singapore (“MAS”) published its Response to Feedback Received on Proposed Amendments to AML/CFT Notices and Guidelines (the “Response”), and the updated notices and guidelines, essentially for all types of financial institutions (“FIs”) and variable capital companies (“VCCs”). The amended notices and guidelines took effect on 1 July 2025. No transition is provided. 

In this article, we are discussing the material amendments to the MAS’ notices and guidelines on anti-money laundering (“AML”) and countering the financing of terrorism (“CFT”). Hereby, we are focusing on Notice SFA 04-N02 to Capital Markets Intermediaries on Prevention of Money Laundering and Countering the Financing of Terrorism (“Notice SFA04-N02” or “SFA04-N02”) and the Guidelines to Notice SFA 04-N02 on Prevention of Money Laundering and Countering the Financing of Terrorism – Capital Markets Intermediaries (“Guidelines to SFA04-N02”) that apply to holders of a capital markets (“CMS”) licence under the Securities and Futures Act 2001 (“SFA”), such as licenced fund management companies. 

Inclusion of Proliferation Financing 

The scope of the AML/CFT notices and guidelines has been amended to explicitly include counter–proliferation financing (“CPF”). A description of proliferation financing has been included in paragraph 1-4-8A of the Guidelines to SFA04-N02. Footnotes in the regulations further remind financial institutions that, for the purposes of the AML/CFT notices and guidelines, money laundering includes proliferation financing. Accordingly, money laundering risks must be regarded as including proliferation financing risks, and controls must be expanded accordingly. 

Proliferation financing (“PF”) risk assessments can be carried out independently or as part of the ML/TF risk assessments that the financial institution is already conducting. If the financial institution has not yet performed a PF risk assessment, it should do so as soon as possible. 

Consideration of National Risk Assessments in the Financial Institution’s Enterprise-wide ML/TF Risk Assessment 

Previously, Notice SFA04-N02 had only mentioned Singapore’s National ML/TF Risk Assessment Report to be considered in the financial institutions’ enterprise-wide ML/TF risk assessment (“EwRA”). The updated Notice SFA04-N02 holds financial institutions to include Singapore’s various risk assessment reports, such as the Money Laundering National Risk Assessment Report, the Terrorism Financing National Risk Assessment Report, and the Proliferation Financing National Risk Assessment Report, in its EwRA. 

Identification of the Customer 

The provisions in Notice SFA04-N02 for the information required from customers have been segregated to distinguish between information required from customers who are individuals and customers that are legal persons or legal arrangements (para. 6.6 SFA04-N02). For the information required from customers who are individuals, no material changes were made (para. 6.6(a) SFA04-N02). For the information required of customers that are legal persons or legal arrangements (para. 6.6(b) SFA04-N02), the following notable amendments were introduced: 

1. A requirement to obtain information on the purpose for which the legal person or legal arrangement was set up was introduced. 

2. A requirement to obtain information on the place from where the legal person or legal arrangement is administered was introduced (para. 6.6(b)(vii) SFA04-N02). In the case of a trust, the place of administration is where the trust’s administration is carried out. This includes keeping of accounting records, acting as a custodian without also acting as a trustee, the management and administration of trust assets, dealing with trust assets, including the investment, transfer and disposal of such assets, the distribution of trust assets, the payment of expenses or remuneration out of the trust; review and monitoring the activities of investment advisers, agents, and persons to whom a trustee has delegated any trust, power or discretion, exercising any trust, power or discretion on behalf of a trustee, opening bank accounts for an express trust, and transferring assets into an express trust. (See paragraph 6 of the TCA Guidelines on Scope of Regulation (“TCA-G04”))(para. 3.7 Response). In case of a legal person, the place of administration is the registered or business address or principal place of operations of the legal person, or of the corporate service provider of the legal person, if any (para. 3.8(a) Response). 

3. For trusts, financial institutions are held to obtain a copy of the trust deed or its equivalent (para. 6.6(b)(vi) SFA04-N02) that set out relevant identification information and support the establishment of the trust, such as reliable extracts of the trust deeds, deed of appointment etc. (para. 3.17 Response). 

Trust Relevant Parties as Beneficial Owners 

The list of parties involved in trusts that financial institutions must identify has been modified (para. 6.14(b)(i) SFA04-N02). A reference to trust relevant parties as defined in paragraph 2.1 of MAS Notice TCA-N03 has been introduced. Trust relevant parties are 

1. the settlor; 

2. the trustee; 

3. the protector; 

4. the beneficiary, class of beneficiaries or object of a power; or 

5. any other persons with the power under the legal arrangement instrument or by law to do any of the following: 

1. 1. dispose of the property under the legal arrangement; 

2. invest the property under the legal arrangement other than as a trust manager of the legal arrangement; 

1. 3. direct, make or approve distributions of the property under the legal arrangement; 

4. vary or terminate the legal arrangement; 

1. 5. add or remove a person as a beneficiary or object of a power under the legal arrangement; or 

6. add a person to, or remove a person from, a class of beneficiaries under the legal arrangement. 

Herby, an “object of a power” means a person who is a member of a class of possible beneficiaries under the trust, and is reasonably expected to benefit from the trust, whether or not because the person is referred to as a potential beneficiary by the settlor of the trust in a document relating to the trust such as a letter of wishes, or the class of possible beneficiaries has narrowed for any reason (para. 2.1 TCA-N03). The respective persons should be identified as soon as reasonably practicable after they become identifiable, and in any case before making a distribution to that person or when that person intends to exercise his/her vested rights. 

In case of higher-risk customers, the financial institution shall establish and corroborate the source of wealth of the higher-risk trust relevant party that is a contributor of assets to the legal arrangement (para. 3.2 Response). 

Information on Beneficial Owners 

The amended notices list the information that financial institutions must obtain from beneficial owners (in para. 6.14A(a) SFA04-N02). 

1. The full name, including any aliases; 

2. The unique identification number (such as an identity card number, birth certificate number or passport number); 

3. The residential address; 

4. The date of birth; 

5. The nationality. 

If the financial institution is unable to obtain the unique identification number or residential address of the beneficial owner after taking reasonable measures, and has assessed the ML/TF risks in relation to the customer as not being high, the financial institution may simply obtain the date of birth and nationality of the beneficial owner, in lieu of the unique identification number, and the business address of the beneficial owner, in lieu of the residential address (para. 6.14C SFA04-N02). However, the financial institution must document its assessment and the measures taken (para. 6.14D SFA04-N02). 

Information on Intermediate Owners 

In addition to the information required from beneficial owners who are natural persons, the Notice also lists information required from beneficial owners that are legal persons or legal arrangements (para. 6.14A SFA04-N02). In its Response, the MAS clarifies that beneficial owners are only natural persons. The requirement to obtain information on legal persons or legal arrangements applies to legal persons or legal arrangements in the chain of ownership or control between the customer and the beneficial owner, i.e. intermediate owners (para. 3.10 Response). 

Financial institutions must obtain at least the following information from intermediate owners: 

1. its full name; 

2. its incorporation number, business registration number or tax identification number or its equivalent; 

3. its registered or business address, and if different, its principal place of business; 

4. its date of constitution, incorporation or registration; 

5. its place of incorporation or registration; 

6. a copy of the trust deed (or its equivalent)(if any); 

7. the purpose for which the legal person or legal arrangement was set up; 

8. the place from where the legal person or legal arrangement is administered; and 

9. the legal form, constitution and powers that regulate and bind the legal person or legal arrangement. 

Detection of Fraudulent or Tampered Data, Documents or Information 

The financial institution should provide its staff with adequate guidance on how to identify indicators of fraudulent or tampered data, documents or information, such as significant discrepancies in a customer’s representations, anomalies in financial statements, or a lack of sign-off by relevant certifying parties such as an auditor. The financial institution should put processes in place to escalate instances where such indicators are detected (para. 6-6–5A Guidelines to SFA04-N02). 

Screening 

Financial institutions are reminded that they need to be cognisant of the limitations of their screening tools (para. 5.4 Response). They should take a risk-based approach to determine where pertinent search engines should be used on top of screening against commercial databases; for example, further information on an apparent match in the screening against the commercial database may be obtained in internet-based search engines predominately used in countries closely associated with the nationality, residence, or source of wealth of the person screened (para. 6-15-3 Guidelines to SFA04-N02 and FN 7 to para. 6-15-3 Guidelines to SFA04-N02). 

Red Flags on Customers 

Customers who exhibit characteristics of a higher-risk shell company are listed as an additional example of a category of potentially higher-risk customers (para. 8-2(a)(vii) Guidelines to SFA04-N02). Such indicators of a higher-risk shell company may be an unclear economic purpose of requiring an account relationship in Singapore, an unclear economic purpose for linking a common individual or address to multiple companies, the addition of unrelated third parties to operate the account after its opening, an unusual change in the corporate structure or the beneficial owner after account opening, suspicious transactions which are not in line with the financial institution’s understanding of the customer, or superficial corporate websites inconsistent with the customer’s purported business (para. 8-2(a)(vii) Guidelines to SFA04-N02). 

Assessment of the Source of Wealth 

Financial institutions must establish the source of wealth of their high-risk customers, i.e. the origin of the customer’s and beneficial owner’s entire body of wealth (i.e. total assets). Hereby, they need not only to clarify the source of current assets but must establish the seed money that generated subsequent wealth and gifts or other assets received by the customer or beneficial owner, as applicable (para. 8-5-5 Guidelines to SFA04-N02). Where a material source of wealth of the customer or beneficial owner is a gift or other asset received from third parties, the financial institution should obtain information to establish the legitimacy and plausibility of such a gift or other asset. Firstly, it should establish the relationship between the donor and the customer or beneficial owner. Secondly, it should verify the transactions effecting the gift or transfer of the other asset against reliable and independent sources of information, such as bank statements or public sources. Finally, the financial institution should also assess the plausibility of the donor’s source of wealth that enabled the gift or other transfer of the asset (para. 8-5-7B Guidelines to SFA04-N02, para. 5.8 Response). 

Financial institutions must corroborate the source of wealth of their high-risk customers and their beneficial owners. Hereby, the financial institution should apply a risk-based approach and focus on the corroboration of sources of wealth and sources of funds that are more material and/or present a higher ML/TF risk (para. 8-5-7 Guidelines to SFA04-N02). Namely, financial institutions “are not required to obtain documents from many years ago which may no longer be easily available and are not of high relevance to the generation of the customer’s wealth.” (para. 5.8 Response) 

To the extent practicable, the financial institution should use reliable and independent sources. Where information is not available from public sources, the financial institution should exercise prudence and perform additional checks to validate its plausibility. The financial institution should document the basis for its use of the information and periodically review this basis (para. 8-5-7 Guidelines to SFA04-N02). 

Where the financial institution is unable to corroborate a source of wealth or source of funds that more material or presents a higher ML/TF risk, it should assess whether the residual risks associated with not corroborating such a source of wealth or source of funds are acceptable and whether additional risk mitigation measures should be applied in the absence of corroboration (para. 8-5-7A Guidelines to SFA04-N02). 

However, where the customer is a high-risk customer other than a politically exposed person (“PEP”), the financial institution may assess if the sources of wealth and sources of funds need to be corroborated (para. 8-6-1 Guidelines to SFA04-N02). For example, the financial institution may conclude that no corroboration is necessary, where the customer is a listed company that has publicly available information on its wealth-generating commercial activities, or is a financial institution that is subject to and supervised for compliance with AML/CFT requirements consistent with standards set by the FATF and thus subject to corporate governance or other regulatory requirements (FN 9 to para. 8-6-1 Guidelines to SFA04-N02).