On 30 June 2025, the Monetary Authority of Singapore (“MAS”) published its Response to Feedback Received on Proposed Amendments to AML/CFT Notices and Guidelines (the “Response”), and the updated notices and guidelines, essentially for all types of financial institutions (“FIs”) and variable capital companies (“VCCs”). The amended notices and guidelines took effect on 1 July 2025. No transition is provided. 

In this article, we are discussing the material amendments to the MAS’ notices and guidelines on anti-money laundering (“AML”) and countering the financing of terrorism (“CFT”). Hereby, we are focusing on Notice SFA 04-N02 to Capital Markets Intermediaries on Prevention of Money Laundering and Countering the Financing of Terrorism (“Notice SFA04-N02” or “SFA04-N02”) and the Guidelines to Notice SFA 04-N02 on Prevention of Money Laundering and Countering the Financing of Terrorism – Capital Markets Intermediaries (“Guidelines to SFA04-N02”) that apply to holders of a capital markets (“CMS”) licence under the Securities and Futures Act 2001 (“SFA”), such as licenced fund management companies. 

Inclusion of Proliferation Financing 

The scope of the AML/CFT notices and guidelines has been amended to explicitly include counterproliferation financing (“CPF”). A description of proliferation financing has been included in paragraph 1-4-8A of the Guidelines to SFA04-N02. Footnotes in the regulations further remind financial institutions that, for the purposes of the AML/CFT notices and guidelines, money laundering includes proliferation financing. Accordingly, money laundering risks must be regarded as including proliferation financing risks, and controls must be expanded accordingly. 

Proliferation financing (“PF”) risk assessments can be carried out independently or as part of the ML/TF risk assessments that the financial institution is already conducting. If the financial institution has not yet performed a PF risk assessment, it should do so as soon as possible. 

Consideration of National Risk Assessments in the Financial Institution’s Enterprise-wide ML/TF Risk Assessment 

Previously, Notice SFA04-N02 had only mentioned Singapore’s National ML/TF Risk Assessment Report to be considered in the financial institutions’ enterprise-wide ML/TF risk assessment (“EwRA”). The updated Notice SFA04-N02 holds financial institutions to include Singapore’s various risk assessment reports, such as the Money Laundering National Risk Assessment Report, the Terrorism Financing National Risk Assessment Report, and the Proliferation Financing National Risk Assessment Report, in its EwRA. 

Identification of the Customer 

The provisions in Notice SFA04-N02 for the information required from customers have been segregated to distinguish between information required from customers who are individuals and customers that are legal persons or legal arrangements (para. 6.6 SFA04-N02). For the information required from customers who are individuals, no material changes were made (para. 6.6(a) SFA04-N02). For the information required of customers that are legal persons or legal arrangements (para. 6.6(b) SFA04-N02), the following notable amendments were introduced: 

  1. A requirement to obtain information on the purpose for which the legal person or legal arrangement was set up was introduced. 
  1. A requirement to obtain information on the place from where the legal person or legal arrangement is administered was introduced (para. 6.6(b)(vii) SFA04-N02). In the case of a trust, the place of administration is where the trust’s administration is carried out. This includes keeping of accounting records, acting as a custodian without also acting as a trustee, the management and administration of trust assets, dealing with trust assets, including the investment, transfer and disposal of such assets, the distribution of trust assets, the payment of expenses or remuneration out of the trust; review and monitoring the activities of investment advisers, agents, and persons to whom a trustee has delegated any trust, power or discretion, exercising any trust, power or discretion on behalf of a trustee, opening bank accounts for an express trust, and transferring assets into an express trust. (See paragraph 6 of the TCA Guidelines on Scope of Regulation (“TCA-G04”))(para. 3.7 Response). In case of a legal person, the place of administration is the registered or business address or principal place of operations of the legal person, or of the corporate service provider of the legal person, if any (para. 3.8(a) Response). 
  1. For trusts, financial institutions are held to obtain a copy of the trust deed or its equivalent (para. 6.6(b)(vi) SFA04-N02) that set out relevant identification information and support the establishment of the trust, such as reliable extracts of the trust deeds, deed of appointment etc. (para. 3.17 Response). 

Trust Relevant Parties as Beneficial Owners 

The list of parties involved in trusts that financial institutions must identify has been modified (para. 6.14(b)(i) SFA04-N02). A reference to trust relevant parties as defined in paragraph 2.1 of MAS Notice TCA-N03 has been introduced. Trust relevant parties are 

  1. the settlor; 
  1. the trustee; 
  1. the protector; 
  1. the beneficiary, class of beneficiaries or object of a power; or 
  1. any other persons with the power under the legal arrangement instrument or by law to do any of the following: 
    1. dispose of the property under the legal arrangement; 
  1. invest the property under the legal arrangement other than as a trust manager of the legal arrangement; 
    1. direct, make or approve distributions of the property under the legal arrangement; 
  1. vary or terminate the legal arrangement; 
    1. add or remove a person as a beneficiary or object of a power under the legal arrangement; or 
  1. add a person to, or remove a person from, a class of beneficiaries under the legal arrangement. 

Herby, an “object of a power” means a person who is a member of a class of possible beneficiaries under the trust, and is reasonably expected to benefit from the trust, whether or not because the person is referred to as a potential beneficiary by the settlor of the trust in a document relating to the trust such as a letter of wishes, or the class of possible beneficiaries has narrowed for any reason (para. 2.1 TCA-N03). The respective persons should be identified as soon as reasonably practicable after they become identifiable, and in any case before making a distribution to that person or when that person intends to exercise his/her vested rights. 

In case of higher-risk customers, the financial institution shall establish and corroborate the source of wealth of the higher-risk trust relevant party that is a contributor of assets to the legal arrangement (para. 3.2 Response). 

Information on Beneficial Owners 

The amended notices list the information that financial institutions must obtain from beneficial owners (in para. 6.14A(a) SFA04-N02). 

  1. The full name, including any aliases; 
  1. The unique identification number (such as an identity card number, birth certificate number or passport number); 
  1. The residential address; 
  1. The date of birth; 
  1. The nationality. 

If the financial institution is unable to obtain the unique identification number or residential address of the beneficial owner after taking reasonable measures, and has assessed the ML/TF risks in relation to the customer as not being high, the financial institution may simply obtain the date of birth and nationality of the beneficial owner, in lieu of the unique identification number, and the business address of the beneficial owner, in lieu of the residential address (para. 6.14C SFA04-N02). However, the financial institution must document its assessment and the measures taken (para. 6.14D SFA04-N02). 

Information on Intermediate Owners 

In addition to the information required from beneficial owners who are natural persons, the Notice also lists information required from beneficial owners that are legal persons or legal arrangements (para. 6.14A SFA04-N02). In its Response, the MAS clarifies that beneficial owners are only natural persons. The requirement to obtain information on legal persons or legal arrangements applies to legal persons or legal arrangements in the chain of ownership or control between the customer and the beneficial owner, i.e. intermediate owners (para. 3.10 Response). 

Financial institutions must obtain at least the following information from intermediate owners: 

  1. its full name; 
  1. its incorporation number, business registration number or tax identification number or its equivalent; 
  1. its registered or business address, and if different, its principal place of business; 
  1. its date of constitution, incorporation or registration; 
  1. its place of incorporation or registration; 
  1. a copy of the trust deed (or its equivalent)(if any); 
  1. the purpose for which the legal person or legal arrangement was set up; 
  1. the place from where the legal person or legal arrangement is administered; and 
  1. the legal form, constitution and powers that regulate and bind the legal person or legal arrangement. 

Detection of Fraudulent or Tampered Data, Documents or Information 

The financial institution should provide its staff with adequate guidance on how to identify indicators of fraudulent or tampered data, documents or information, such as significant discrepancies in a customer’s representations, anomalies in financial statements, or a lack of sign-off by relevant certifying parties such as an auditor. The financial institution should put processes in place to escalate instances where such indicators are detected (para. 6-65A Guidelines to SFA04-N02). 

Screening 

Financial institutions are reminded that they need to be cognisant of the limitations of their screening tools (para. 5.4 Response). They should take a risk-based approach to determine where pertinent search engines should be used on top of screening against commercial databases; for example, further information on an apparent match in the screening against the commercial database may be obtained in internet-based search engines predominately used in countries closely associated with the nationality, residence, or source of wealth of the person screened (para. 6-15-3 Guidelines to SFA04-N02 and FN 7 to para. 6-15-3 Guidelines to SFA04-N02). 

Red Flags on Customers 

Customers who exhibit characteristics of a higher-risk shell company are listed as an additional example of a category of potentially higher-risk customers (para. 8-2(a)(vii) Guidelines to SFA04-N02). Such indicators of a higher-risk shell company may be an unclear economic purpose of requiring an account relationship in Singapore, an unclear economic purpose for linking a common individual or address to multiple companies, the addition of unrelated third parties to operate the account after its opening, an unusual change in the corporate structure or the beneficial owner after account opening, suspicious transactions which are not in line with the financial institution’s understanding of the customer, or superficial corporate websites inconsistent with the customer’s purported business (para. 8-2(a)(vii) Guidelines to SFA04-N02). 

Assessment of the Source of Wealth 

Financial institutions must establish the source of wealth of their high-risk customers, i.e. the origin of the customer’s and beneficial owner’s entire body of wealth (i.e. total assets). Hereby, they need not only to clarify the source of current assets but must establish the seed money that generated subsequent wealth and gifts or other assets received by the customer or beneficial owner, as applicable (para. 8-5-5 Guidelines to SFA04-N02). Where a material source of wealth of the customer or beneficial owner is a gift or other asset received from third parties, the financial institution should obtain information to establish the legitimacy and plausibility of such a gift or other asset. Firstly, it should establish the relationship between the donor and the customer or beneficial owner. Secondly, it should verify the transactions effecting the gift or transfer of the other asset against reliable and independent sources of information, such as bank statements or public sources. Finally, the financial institution should also assess the plausibility of the donor’s source of wealth that enabled the gift or other transfer of the asset (para. 8-5-7B Guidelines to SFA04-N02, para. 5.8 Response). 

Financial institutions must corroborate the source of wealth of their high-risk customers and their beneficial owners. Hereby, the financial institution should apply a risk-based approach and focus on the corroboration of sources of wealth and sources of funds that are more material and/or present a higher ML/TF risk (para. 8-5-7 Guidelines to SFA04-N02). Namely, financial institutions are not required to obtain documents from many years ago which may no longer be easily available and are not of high relevance to the generation of the customer’s wealth.” (para. 5.8 Response) 

To the extent practicable, the financial institution should use reliable and independent sources. Where information is not available from public sources, the financial institution should exercise prudence and perform additional checks to validate its plausibility. The financial institution should document the basis for its use of the information and periodically review this basis (para. 8-5-7 Guidelines to SFA04-N02). 

Where the financial institution is unable to corroborate a source of wealth or source of funds that more material or presents a higher ML/TF risk, it should assess whether the residual risks associated with not corroborating such a source of wealth or source of funds are acceptable and whether additional risk mitigation measures should be applied in the absence of corroboration (para. 8-5-7A Guidelines to SFA04-N02). 

However, where the customer is a high-risk customer other than a politically exposed person (“PEP”), the financial institution may assess if the sources of wealth and sources of funds need to be corroborated (para. 8-6-1 Guidelines to SFA04-N02). For example, the financial institution may conclude that no corroboration is necessary, where the customer is a listed company that has publicly available information on its wealth-generating commercial activities, or is a financial institution that is subject to and supervised for compliance with AML/CFT requirements consistent with standards set by the FATF and thus subject to corporate governance or other regulatory requirements (FN 9 to para. 8-6-1 Guidelines to SFA04-N02). 

Red Flags for Transactions 

The participation in a tax amnesty programme (“TAP”) was added as an example of an activity that indicates a higher ML/TF risk (para. B-7(ix) of Appendix B to the Guidelines to SFA04-N02). If a customer participates in a TAP, the financial institution should file a suspicious transaction report (“STR”) and determine if a review of the customer’s account is warranted (FN 23 to para. B-7(ix) of Appendix B to the Guidelines to SFA04-N02). At the same time, financial institutions should encourage their customers to use the opportunity accorded under a TAP to ensure that their tax affairs are in order or regularised (FN 23 to para. B-7(ix) of Appendix B to the Guidelines to SFA04-N02). 

Measures in Case of Increased Risks 

Where the financial institution detects indications that risks associated with an existing customer have increased, the financial institution must not only request additional information and conduct a review of the customer, but also promptly implement commensurate risk mitigation measures, including enhanced monitoring (para. 6-10-3 Guidelines to SFA04-N02).  

Sharing of Information 

Financial institutions are expected to monitor related customer accounts holistically within and across business units, so as to better understand the risks associated with such customer groups, identify potential ML/TF risks and report suspicious transactions.” (para. 6-10-11 Guidelines to SFA04-N02) At least, customer due diligence information should be shared among the financial institution’s business units (para. 6-10-11 Guidelines to SFA04-N02). 

Reduction of Third Parties to Be Relied On 

Under specified circumstances, financial institutions can rely on third parties to carry out customer due diligence measures (sec. 9 SFA04-N02). New provisions were introduced that exclude holders of a payment services licence under the Payment Services Act 2019 or of a digital payment token service provider licence under the Financial Markets and Services Act 2022 and foreign financial institutions holding similar licences from third-party financial institutions that a financial institution can rely upon (para. 9.1 SFA04-N02). 

Suspicious Transaction Reports 

Financial institutions are encouraged to put processes in place to detect and investigate concerns of higher ML/TF risks even before suspicions are raised. This preventive control will allow the financial institution to put early mitigation measures in place. These processes should include the identification and prioritisation of the review of concerns of higher ML/TF risks, their prompt review, and escalating them to senior management or another designated body to decide on the appropriate ML/TF risk mitigation measures (para. 13-A Guidelines to SFA04-N02). 

Suspicious transaction reports (“STRs”) should be referred to the Suspicious Transaction Reporting Office (“STRO”) without delay. Generally, the filing of an STR should not exceed five business days after the suspicion was first established (para. 13-1 Guidelines to SFA04-N02), i.e. after the financial institution concludes that the filing of an STR is warranted based on available information, the circumstances and its investigation (FN 6 to para. 6-15-2 Guidelines to SFA04-N02, FN 14 to para. 13-1 Guidelines to SFA04-N02, and para. 4.3 Response). STRs regarding sanctions should even be submitted within one business day after the suspicion was first established (para. 6-15-2 Guidelines to SFA04-N02). 

Financial institutions do not need to share a copy of suspicious transaction reports (“STRs”) with the MAS by default anymore. They only need to share STRs with the MAS upon the MAS’ request (para. 13.2 SFA04-N02). 

How We Can Help 

Ingenia Consultants Pte. Ltd. provides regulatory support services for financial institutions, including compliance and internal audit. We assist in the review and enhancement of AML/CFT frameworks, carry out customer due diligence, and review such efforts by financial institutions to provide their senior management and board of directors assurance through our internal audits. 

In addition, Auto-Comply, our group company, provides easy, inexpensive screening services. 

For more information on our compliance and internal audit services and capabilities, please contact: 

Rolf Haudenschild 

Co-founder 

Ingenia Consultants Pte. Ltd. 

rolf.haudenschild@ingenia-consultants.com 

On 30 May 2025, the Monetary Authority of Singapore (“MAS”) announced and clarified the implementation of the licensing requirement for digital token service providers (“DTSPs”) under the Financial Services and Markets Act 2022. In its Response to Feedback Received Consultation Paper on Proposed Regulatory Approach, Regulations, Notices and Guidelines for Digital Token Service Providers issued under the Financial Services and Markets Act 2022 (the “Response”), it confirmed that DTSPs require a licence starting 1 July 2025, with no transitional arrangements, and elaborated further on some of the licensing requirements. Having attracted criticism for its cautious approach, the MAS followed up with a media release,MAS Clarifies Regulatory Regime for Digital Token Service Providers, on 6 June 2025 (the “Clarification”). 

Requirement for Licensing 

Under the Financial Services and Markets 2022 (“FSM”), a person in Singapore, including a company incorporated in Singapore, requires a licence to carry on a business of providing the following services outside of Singapore, unless an exemption applies: 

  1. any service of dealing in digital tokens; 
  1. any service of facilitating the exchange of digital tokens; 
  1. any service of accepting (whether as principal or agent) digital tokens from one digital token account, for the purposes of transmitting, or arranging for the transmission of, the digital tokens to another digital token account; 
  1. any service of arranging (whether as principal or agent) for the transmission of digital tokens from one digital token account to another digital token account; 
  1. any service of inducing or attempting to induce any person to enter into or to offer to enter into any agreement for or with a view to buying or selling any digital tokens in exchange for any money or any other digital tokens (whether of the same or a different type); 
  1. any service of safeguarding a digital token, where the service provider has control over the digital token; 
  1. any service of carrying out for a customer an instruction relating to a digital token, where the service provider has control over the digital token; 
  1. any service of safeguarding a digital token instrument, where the service provider has control over one or more digital tokens associated with the digital token instrument; 
  1. any service of carrying out for a customer an instruction relating to one or more digital tokens associated with a digital token instrument, where the service provider has control over the digital token instrument; 
  1. any service relating to the sale or offer for sale of digital tokens which involves  
      1. providing advice, either directly or through publications or writings, and whether in electronic, print or other form, relating to any digital tokens; or 
  1. providing advice by issuing or promulgating research analyses or research reports, whether in electronic, print or other form, relating to any digital tokens. 

The MAS clarified that an individual requires a digital token (“DT”) services licence if he/she carries out the regulated activity by himself/herself. In contrast, he/she does not require a licence if he/she carries out the work as part of his/her employment with a foreign-incorporated company. 

In its Response, the MAS announced that DTSPs which are subject to licensing under the FSA must suspend or cease carrying on a business of providing DT services outside Singapore by 30 June 2025. No transitional arrangements will be provided. 

Conversely, the MAS reiterated in its Clarification that providers of services for digital payment tokens or tokens of capital market products that serve customers in Singapore are already subject to regulation and licensing under the Payment Services Act 2019 and the Securities and Futures Act 2001. There is no change to what these licensed providers can do. These providers, which serve customers in Singapore, may also provide services to customers outside of Singapore. 

Notable Exemptions from the Requirement for Licensing 

First of all, we would like to highlight that the FSM subjects services regarding digital tokens to licensing (sec. 137 FSM and Part 1 of the First Schedule to the FSM). It is our view that only activities for the benefit of third parties can be regarded as services. Therefore, activities carried out for the person’s own benefit, e.g. proprietary trading, do not qualify as a DT service. 

Moreover, only persons who carry on a business of providing any type of DT service require a licence (sec. 137 FSM). Therefore, a person generally does not require a DTSP licence if they occasionally carry out a regulated activity without system. 

Finally, the following types of financial institutions are exempt from the requirement to hold a DTSP licence to the extent that the DT service activity is incidental to the activity for which they hold a licence (or are exempt from holding a licence): 

  1. financial institutions that are required to be licensed, approved or recognised under the Securities and Futures Act 2001, or exempt thereof, such as  
      1. holders of a capital markets services (“CMS”) licence for fund management, dealing in capital markets products, providing custodial services, or advising on corporate finance, and 
  1. recognised market operators; 
  1. licensed and exempt financial advisers; 
  1. major and standard payment institutions holding a licence under the Payment Services Act 2019, namely for digital payment token service. 

Thus, financial institutions that are not required to obtain or hold a DTSP licence include 

  1. fund management companies that manage a collective investment scheme that invests in digital tokens; 
  1. brokers (holding a CMS licence for dealing in capital markets products) that offer tokenised securities; 
  1. corporate finance advisers (holding a CMS licence for advising on corporate finance) that assist companies in raising capital through tokenised securities; 
  1. payment institutions (holding a licence for digital payment token services) when arranging an over-the-counter (“OTC”) transfer of digital tokens between two parties outside of Singapore. 

Requirements to Obtain a Licence 

In its Response and Clarification, the MAS highlighted that it will only grant a DT services licence under extremely limited circumstances due to its concerns about their higher risk of money laundering (“ML”) and terrorism financing (“TF”). 

Nonetheless, the MAS has provided additional clarification regarding the requirements under the Financial Services and Markets Act 2022 for a DTSP to obtain and maintain a licence. 

  • The DTSP must have a permanent place of business in Singapore where at least one person is present during specified business hours. 
  • The DPTSP must have a minimum of SGD 250,000 in base capital, total capital contribution or cash deposit in the case of a company, partnership or limited liability partnership and individual respectively. 
  • The DTSP must have a business model that makes economic sense and must be able to demonstrate to the MAS’ satisfaction that it has valid reasons as to why it does not intend to carry on a business of providing DT services in Singapore despite operating in or being formed or incorporated in Singapore. 
  • The DTSP must not operate in a manner that is of concern to the MAS. Hereby, the MAS may take into account if the DTSP is already regulated and supervised for its compliance with relevant internationally agreed standards, such as standards established by the Financial Stability Board, the International Organisation of Securities Commissions, and the Financial Action Task Force (“FATF”) by all the relevant supervisors in the jurisdictions that it provides DT services outside of Singapore.  
  • The directors and the CEO of a DPTSP must be fit and proper and have sufficient experience in operating a DTSP business as well as a sufficient understanding of the regulatory framework for DTSPs in Singapore. 
  • An executive director, or a similar person in the case of other entities, must be resident in Singapore. 
  • The DTSP must put in place an adequate business structure that does not give rise to any concerns by the MAS, e.g., regarding its capacity to adequately manage key risks associated with its business activities and its ability to comply with regulatory obligations. 
  • The DTSP must have compliance arrangements that are commensurate with the scale, nature, and complexity of its operations. These may take the form of an independent compliance function in Singapore, or compliance support from its holding company or overseas related entity. In any case, a DTSP is required to appoint a suitably qualified compliance officer at the management level who is based in Singapore. 
  • The DTSP is required to appoint an auditor to conduct an audit of the transactions in relation to the DT services and submit the audit report to the MAS annually. 
  • The DTSP must put in place a technology risk management framework and controls adequate for its activities that depend on the underlying distributed ledger technology and interaction with service providers in the network. 
  • An annual licence fee of SGD 10,000 will apply. 

How We Can Help 

Ingenia Consultants Pte. Ltd. provides regulatory support services for financial institutions, including licensing, compliance and internal audit. We support companies in their applications with the Monetary Authority of Singapore (“MAS”) across different sectors, such as capital markets, financial advice and payment services, including digital payment token services. We assist licensed financial institutions in compliance, from outsourced compliance services to advice and regulatory projects, and provide their senior management with assurance through internal audits. 

For more information on our compliance and internal audit services and capabilities, please contact: 

Rolf Haudenschild 

Co-founder 

Ingenia Consultants Pte. Ltd. 

rolf.haudenschild@ingenia-consultants.com 

On 8 April 2025, the Monetary Authority of Singapore (“MAS”) published a Consultation Paper on the Proposed Amendments to Anti-Money Laundering and Countering the Financing of Terrorism Notices for Financial Institutions and Variable Capital Companies. In this consultation, the MAS proposes streamlined amendments across all financial institutions that predominantly implement best practices that were communicated previously. Clearly, the amendments result in higher requirements for the financial institutions’ anti-money laundering (“AML”) and countering the financing of terrorism (“CFT”) measures. The consultation period ends on 8 May 2025. The MAS expects the amendments to take effect from 30 June 2025. 

In this article, we outline the proposed amendments.

Inclusion of Proliferation Financing

To better align AML/CFT regulations in Singapore with the revised FATF standards, the MAS proposes to explicitly state that money laundering (“ML”) includes proliferation financing (“PF”). Therefore, financial institutions must identify, assess, understand and mitigate their PF risks and, thus,include adequate measures to counter PFin their AML/CFT frameworks. Most financial institutions are expected to already include PF in their AML/CFT frameworks. The existing AML guidelines already include information, including red flags, regarding PF.

Expansion of Trust Relevant Parties

The MAS proposes to amend the definition of trust relevant parties in its Notice on Prevention of Money Laundering and Countering the Financing of Terrorism – Trust Companies (“TCA-N03”) and to reference this definition in its AML/CFT notices applicable to other types of financial institutions, for example, the Notice on Prevention of Money Laundering and Countering the Financing of Terrorism – Capital Markets Intermediaries (“SFA04-N02”).

[1] An “object of power” is proposed to mean “a person who

    • Is a member of a class of possible beneficiaries under the trust; and
    • Is reasonably expected to benefit from the trust, whether or not because
      • The person is referred to as a potential beneficiary by the settlor of the trust in a document relating to the trust such as the letter of wishes; or
      • The class of possible beneficiaries has narrowed for any reason.”

 

The MAS proposes that a financial institution must, in addition to the information prescribed for the existing trust relevant parties, obtain information on the identity of the protector, the identity of the class of beneficiaries and object of power, and of any other natural person(s) exercising ultimate effective control over a trust related party. This included information on beneficial owners of a legal person or a legal arrangement that is a trust relevant party. 

Clarification of Timelines for Filing of Suspicious Transaction Reports 

The MAS proposes to reduce the number of days to submit a suspicious transaction report (“STR”) from 15 business days of the case being referred by the relevant employee of the financial institution to 5 business days after suspicion was first established, in the case of sanctions, 1 business day after suspicion was first established. 

In addition, in the proposed amendments to the AML Guidelines, the MAS is promoting a risk-based monitoring to identify and prioritise the review of concerns of higher ML/TF risk. These concerns should be promptly reviewed and escalated for mitigating measures where required. 

Amendments to the Notices and Guidelines 

In this section, we highlight pertinent proposed changes to the notices and guidelines on AML/CFT, in particular the Notice on Prevention of Money Laundering and Countering the Financing of Terrorism – Capital Markets Intermediaries (SFA04-N02) and the Guidelines to MAS Notice SFA04-N02 on Prevention of Money Laundering and the Financing of Terrorism (Guidelines to SFA04-N02). Please note that we do not list all proposed amendments to the notices and guidelines. 

Identification of Beneficial Owners 

Instead of requiring financial institutions to take reasonable measures to verify the identities of the beneficial owners, the MAS proposes that financial institutions must obtain specified information on the beneficial owners that is similar to the information required from the customers.² 

[2] You may note that the MAS is also proposing a list of information required from beneficial owners that are a legal person or legal arrangement.

Guidance to Identify Fraudulent or Tampered Data, Documents or Information 

The MAS proposes that financial institutions must provide their staff with adequate guidance on how to identify indicators of fraudulent or tampered data, documents or information. Indicators include 

  • significant discrepancies in a customer’s representations that are found when these representations are checked against independent sources of information, such as corporate data reports; 
  • accounting errors, or anomalies in financial statements that are not in line with the financial institution’s understanding of the customer’s profile; and 
  • lack of sign-off by relevant certifying parties such as an auditor or notary public. 

If any indicators are detected, the matter should be escalated and appropriate ML/TF risk mitigation measures applied. 

Sharing of Information on Customers 

To ensure the holistic monitoring of customer accounts, the MAS proposes that financial institutions have processes to share information on customers and their related accounts within and across business units. The information shared should minimally include the information to identify the customer and the source of wealth. 

Enhancements in Screening 

The MAS proposes that financial institutions screen against pertinent search engines, in addition to commercial databases. Financial institutions should conduct screening in the native language(s) of the person screened and on pertinent search engines used in countries or jurisdictions closely associated with the person screened. 

Higher-risk Shell Companies 

The MAS provides examples of characteristics displayed by higher-risk shell companies. These include: 

  • Unclear economic purpose for requiring an account relationship in Singapore; 
  • Unclear economic purpose for linking a common individual/address to multiple companies; 
  • Unrelated third parties are added to operate an account after the account opening; 
  • Unusual change of corporate structure/beneficial owner after the account opening; 
  • Suspicious transactions which are not in line with the financial institution’s understanding of the customer; or  
  • Superficial corporate websites that are inconsistent with the scale of the business. 

Examples are provided for most cases. 

Clarification on the Establishment and Corroboration of the Source of Wealth 

The MAS proposes changes to reflect its latest guidance on the establishment and corroboration of the source of wealth, including a risk-based approach. 

Reflecting a risk-based approach, the MAS indicates that financial institutions should obtain source of wealth information to the extent practicable about the entire body of wealth that the customer and beneficial owner would be expected to have, and how the customer and beneficial owner acquired the wealth. Accordingly, the MAS expects financial institutions to establish the seed moneythat generated subsequent wealth. Where a material source of wealth of the customer or beneficial owner is a gift or other asset received from third parties, financial institutions should obtain information to establish the legitimacy and plausibility of the gift or other asset. This should include establishing the relationship between the third party and the customer or beneficial owner, verifying the transaction(s) effecting such gift or other asset against reliable and independent sources of information, and assessing the plausibility of the third party’s source of wealth. 

Financial institutions should take a risk-based approach and focus on corroboration of sources of wealth and sources of funds that are more material or present a higher risk for ML/TF. 

Financial institutions should ensure that sources of wealth and sources of funds are established through appropriate and reasonable means, to the extent practicable, using reliable and independent sources of information. Examples of appropriate and reasonable means include credible public sources. Where independent sources of information are not available, financial institutions should exercise prudence in the use of non-independent sources of information, such as customer representations, assumptions and benchmarks, to ensure adequate rigour of assessment. This should include the performance of additional checks against alternative information sources. Moreover, the financial institutions basis for using such information should be documented and reviewed periodically. 

Where a financial institution is unable to corroborate any more material source of wealth or source of funds that presents a higher risk for ML/TF, it should assess whether the residual risks associated with not corroborating this source of wealth or source of funds is acceptable and whether additional risk mitigation measures should be applied in the absence of corroboration. 

Finally, the MAS proposes to classify all offering of personalised wealth management services, financial advisory services and financial products to high-net-worth individuals as higher-risk business. As a result, financial institutions are expected to independently corroborate these customers sources of wealth and screen operating companies and individual benefactors contributing to the customer’s and beneficial owner’s wealth. 

Participation in Tax Amnesty as Indicator of Higher Risk 

The MAS proposes adding participation in a tax amnesty programme to its list of examples of suspicious transactions (situations) in the section on tax crime-related transactions and requests financial institutions to file an STR when a customer has indicated that it has participated in a tax amnesty programme. 

 

How We Can Help 

Ingenia Consultants Pte. Ltd. provides regulatory support services for financial institutions, including compliance and internal audit. We assist in the review and enhancement of AML/CFT frameworks, carry out customer due diligence, and review such efforts by financial institutions to provide their senior management and board of directors assurance through our internal audits. 

For more information on our compliance and internal audit services and capabilities, please contact: 

Rolf Haudenschild

Co-founder 

Ingenia Consultants Pte. Ltd. 

rolf.haudenschild@ingenia-consultants.com 

The International Internal Audit Standards Board released the new Global Internal Audit Standards (the new “IIA Standards”) on 9 January 2024, and the internal audit functions were required to adopt the new Standards by 9January 2025 

Based on the new IIA Standards, the Institute of Internal Auditors (IIA) has introduced several key changes that can impact the selection of consulting firms a company, such as a financial institution, engages to carry out its internal audit as an outsourced service provider 

  • Stricter independence of the internal audit services (the new “Organizational Independent Standard”) 
  • Greater emphasis on risk-based auditing (the new “Engagement Risk Assessment Standards”) 
  • Higher expectations for internal audit quality and objectivity 
  • More focus on environmental, social and governance (“ESG”), and cybersecurity audits 
  • Adoption of technology and data analytics 

Enhanced Internal Audit Standards 

Organisational Independence 

Under the new Organizational Independence Standard, internal audit service providers are expected to follow stricter independence requirements when providing internal audit and consulting services for the same client. The chief audit executive is required to be qualified and report directly to the board of directors (the “Board”) and the function is positioned at a level within the organization that enables the internal audit function to discharge its service and responsibilities without interference.  

Risk-based Audit 

The new Engagement Risk Assessment Standards reinforce a risk-based approach, requiring internal audits to focus on high-risk areas. Consulting firms that perform internal audits based on regulation or SOX requirements may need to adjust audit methodologies or approaches to align with these new expectations. Internal auditors need to consult with their clients to identify high-risk areas and assess the inherent risk, including alignment with the company’s risk appetite and industry best practices. 

Competency 

The new Competency Standard requires internal auditors to possess or obtain the relevant industry knowledge and auditing standards to perform their responsibilities successfully. For example, to conduct internal audits in the financial sector, the internal audit staff should have the knowledge about applicable regulations and business models, experience to understand the operations of the financial institutions and applicable industry practices, and the skills and abilities to conduct the test of design and test of execution of the financial institution in accordance with the IIA Standards and clearly communicate the findings to the financial institution’s Board and senior management. 

Focus on ESG and Cybersecurity 

The chief audit executive should seek inputs from the Board on the governance and risk management concerns related to non-financial matters such as strategic initiatives, cyber security, health and safety, sustainability, business resilience and reputation and address them as part of the proposed internal audit plan.  

Use of Technology and Data Analytics 

As part of their due professional care, internal auditors are required to consider the efficient use of techniques, tools, and technology and the extent and timeliness of work to achieve the engagement objective. For this purpose, internal auditors may use data analysis software and technologies. 

How We Can Help 

Ingenia Consultants Pte. Ltd. is well-positioned to provide an independent and objective assurance review in accordance with the new IIA Standard. 

Ingenia Consultants Pte. Ltd. is a corporate member of the Institute of Internal Auditors (IIA). Our internal audit team is headed by a certified public accountant (“CPA”) and led by a certified internal auditor (“CIA”). To ensure the independence of our internal audit, in particular, from our regulatory compliance services, we maintain an independent internal audit business unit with separate staff and a separate system dedicated to internal audit. 

At the outset of our internal audit engagements, we work with our clients (their board of directors or senior management) to identify high-risk areas, assess the inherent risk and align our internal audit with the risk appetite determined by the board of directors and industry best practices. To strengthen this process, we also leverage anonymised industry data from our extensive work over several years. 

For more information on our internal audit services and capabilities, please contact: 

Kew Yip Han 

Manager 

Ingenia Consultants Pte. Ltd. 

yiphan.kew@ingenia-consultants.com 

The Monetary Authority of Singapore (“MAS”) released its 2024 Proliferation Financing (“PF”) National Risk Assessment (“NRA”) and Counter-PF Strategy on 30 October 2024. This provides an in-depth analysis of Singapore’s exposure to PF risks and outlines a comprehensive framework to mitigate them. As PF threats grow more complex, the MAS emphasises the importance of financial institutions (“FIs”) enhancing their compliance measures to align them with regulatory expectations and evolving risks. 

The assessment identifies several key threats to Singapore’s financial system. A major concern is the misuse of legal entities to obscure the origins and movement of funds, as proliferators often rely on complex corporate structures to conceal illicit financial flows. Additionally, ship-to-ship transfers present another challenge, facilitating the evasion of sanctions and export controls. The trade in dual-use goods—items with both civilian and military applications—poses a heightened risk, as these goods may be diverted for unauthorized purposes. Moreover, luxury goods exports are increasingly exploited as part of PF networks, while virtual assets pose anonymity risks that make them vulnerable to misuse by sanctioned entities. 

The report further highlights that both financial and non-financial sectors are exposed to PF risks. The financial sector, including banks, digital payment token service providers, remittance agents, and maritime insurers, faces heightened risks due to the nature of its operations, which involve international transactions and potential exposure to illicit actors. Similarly, the sector of designated non-financial professions and businesses (“DNFPBs”), including corporate service providers, dealers in precious metals and stones, and legal professionals, is identified as being at risk due to its role in facilitating business transactions, managing client funds, and establishing corporate structures that could be misused for PF purposes. 

In response to these risks, the MAS has developed a counter-PF strategy focused on strengthening Singapore’s defences. The strategy emphasizes raising awareness and building capabilities by engaging financial institutions and businesses to ensure a deeper understanding of PF risks and regulatory expectations. Enhanced compliance measures, including stricter due diligence, improved transaction monitoring, and more effective screening processes to detect and prevent PF-related activities, are essential components of this strategy. The regulatory framework will also have to undergo continuous risk assessments and adaptations to remain responsive to emerging threats in the global financial landscape. 

The implications of this assessment and strategy for financial institutions are significant. FIs must enhance their risk assessment frameworks by integrating the MAS’ findings into their internal risk models. Strengthening due diligence measures, particularly for high-risk sectors and jurisdictions, is critical to mitigating PF exposure. Institutions may also invest in advanced transaction monitoring systems capable of detecting unusual activities, such as transactions involving dual-use goods or entities with opaque ownership structures. Compliance with sanctions regimes remains a critical priority, requiring regular updates to sanctions lists to prevent dealings with designated persons or entities. Furthermore, targeted training programs should be implemented to equip financial sector employees with the knowledge necessary to identify and report suspicious activities effectively. 

The 2024 assessment introduces several key updates and enhancements to Singapore’s approach to countering PF. The scope of PF threats has expanded to include the misuse of virtual assets and the exploitation of luxury goods exports, reflecting the evolving tactics of proliferators. Additionally, emerging high-risk sectors, such as digital payment token providers and maritime insurers, have been identified as areas requiring greater compliance scrutiny. The refined counter-PF strategy places a renewed focus on awareness, control measures, and continuous monitoring to ensure Singapore’s financial system remains resilient against PF threats. 

These developments underscore the MAS’ proactive approach to addressing the dynamic challenges posed by PF. By continually refining regulatory frameworks and strengthening institutional defences, Singapore reinforces its commitment to maintaining a robust and secure financial ecosystem, ensuring it remains well-equipped to combat both existing and emerging risks associated with PF activities. 

How We Can Help 

We at Ingenia Consultants Pte. Ltd. support our clients in navigating their anti-money laundering requirements, including proliferation finance. We specialize in helping our clients comply with these regulatory obligations, by developing appropriate policies and procedures. For any further information, please contact: 

Phoebe Mok

Senior Manager 

Ingenia Consultants Pte. Ltd. 

phoebe.mok@ingenia-consultants.com  

Financial institutions operating in Singapore, such as holders of a capital market services (“CMS”) licence and payment service providers (“PSPs”), are required to comply with anti-money laundering (“AML”) and countering the financing of terrorism (“CFT”) regulations. One of the key obligations is the timely filing of suspicious transaction reports (“STRs”) with the Suspicious Transaction Reporting Office (STRO), a division of the Commercial Affairs Department (CAD) of the Singapore Police Force
(SPF).

This article provides an overview of the legal requirements, indicators of suspicious transactions, and the process for filing an STR to help financial institutions remain compliant.

Legal and Regulatory Framework

The following key regulations govern the obligation to file an STR:

  • Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act 1992 (“CDSA”)
  • Terrorism (Suppression of Financing) Act 2002 (“TSOFA”)
  • Notices and guidelines by the Monetary Authority of Singapore (MAS), namely
    • MAS Notice SFA04-N02 for CMS license holders, or
    • MAS Notice PSN01 or PSN02 for payment service providers

Under these laws and regulations, financial institutions must promptly file an STR when they have reasonable grounds to suspect that a transaction is connected to criminal conduct, money laundering (“ML”), or terrorism financing (“TF”). At the latest, they are to submit the STR within 15 business days from their discovery of the suspicious transaction (para. 13-1 Guidelines to SFA04-02 for CMS licence holders and para. 18-1 Guidelines to PSN01 or para. 16-1 Guidelines to PSN02 for PSPs)

STRs filed by Financial Institutions in Singapore

As per information published by the Singapore Police Force (“SPF”)1, the number of STRs filed increased significantly in the past years.

Year     Number of STR Filed    % Increase
2020    33,882
2021    45,897                               35%
2022    49,846                               9%

By far most STRs were submitted by banks. In 2021, they submitted 60% of all STRs, and in 2022, 58%.

Indicators of Suspicious Transactions

All financial institutions should identify red flags common to their type of business and, more specifically, to their company’s specific business. They should list these red flags in their procedures and include them in the AML/CFT training of their staff.

While not exhaustive, the following are common red flags that may warrant an STR filing:

  • Transactions involving unusually large amounts with no clear economic purpose;
  • Request by a customer for investment management services where the source of funds is unclear or not consistent with the customer’s apparent standing;
  • An account operated in the name of an offshore company with structured movement of funds;
  • Cross-border transactions involving the acquisition or disposal of high-value assets that cannot be clearly identified as bona fide transactions;
  • Transactions linked to high-risk jurisdictions identified by the Financial Action Task Force (FATF);
  • Customers unwilling to provide information on the source of funds or the purpose of transactions;
  • The customer uses intermediaries that are not subject to adequate AML/CFT laws;
  • A customer relationship with a payment service provider in which a customer has a large number of accounts with the same payment service provider and frequently transfers between different accounts;
  • Concentration of payments where multiple senders transfer money to a single individual’s account;
  • Frequent changes to the customer’s address or authorized signatories;
  • Customers are in a hurry to complete the transaction, with promises to provide the supporting information later;
  • Funds or digital payment tokens (“DPT”, commonly referred to as cryptocurrencies) used by a customer to settle his obligations are from a source that appears to have no explicit or direct links to the customer;
  • Frequent changes in the customer’s identification information, such as home address, IP address, or linked bank accounts/wallet addresses.

Refer to the MAS’ AML Guidelines applicable to your type of business for further examples of red flags that are specific to your type of business (Guidelines to SFA04-N02 for holders of a CMS licence, e.g. for fund management or dealing in capital markets products, Guidelines to PSN01 for PSPs offering fiat payment services such as domestic or cross-border money transfer service, merchant acquisition service, or account issuance service, or Guidelines to PSN02 for PSPs providing digital payment token, i.e. cryptocurrency, service).

Filing an STR: Step-by-Step Process

Identify and Assess the Suspicious Transaction

  • Staff carrying out various tasks may identify suspicious transactions either at the time of onboarding or throughout a customer’s relationship life cycle. Suspicious transactions and other new information indicating an ML/TF risk can also be identified through automated monitoring systems. These systems continuously monitor/screen the customers and analyse transaction patterns, customer behaviour, and predefined rules. The systems help flag information and anomalies that could be potential red flags compared to the customer’s profile, prompting further investigation by compliance teams.
  • The staff who identifies the suspicious transaction should escalate their suspicion to their compliance team or money laundering reporting officer (“MLRO”), as indicated in your AML/CFT policies and procedures.
  • Once escalated to the compliance team or MLRO, they will conduct internal investigations and review the transaction in question.

Complete the STR Form and Submit it to STRO

  • The MLRO or a compliance officer may access the STR form via the STRO Online Notices and Reporting (“SONAR”) system and electronically submit the completed STR form.
  • In the STR form, you must provide details such as transaction amounts, counterparties, account details, and the basis of suspicion, and supporting documents (e.g., transaction records and emails) should be attached where relevant.

Maintain Confidentiality

The fact that an STR has been filed must not be disclosed to the customer. Tipping-off is an offence under the CDSA and TSOFA. Even internally, this information should only be on a need-to-know basis.

Ongoing Monitoring and Internal Reporting

  • Even after the submission, you must continue monitoring the account for further suspicious activity, possibly even conducting enhanced monitoring.
  • Moreover, you should consider additional control measures and implement them, as appropriate.
  • Don’t forget to maintain proper internal records of the STR submission and any follow-up actions.

Compliance Best Practices

The filing of STRs is part of your comprehensive AML/CFT framework. It must be properly embedded and connected within your entire framework to effectively detect suspicious transactions (and adverse information) and ensure their proper filing through STRs.

  • Establish a robust AML/CFT framework, including internal policies and training programs.
  • Ensure all employees are aware of their obligations and are trained in identifying suspicious transactions.
  • Regularly review transaction monitoring systems to enhance detection capabilities and fine tune to keep them relevant.
  • Maintain a log of cases where an STR was filed and circumstances where it was decided not to file an STR with a rationale for the decision.
  • File the STR as soon as investigations are completed, and the facts have been established. At the latest, you should file the STR within 15 business days after the discovery of the suspicious transaction.
  • Cooperate fully with regulatory authorities and provide additional information when required.

Conclusion

Filing STRs is a critical compliance requirement under Singapore’s AML/CFT regulations. Capital Market Services license holders and Payment Service Providers must establish strong internal controls to detect and report suspicious transactions in a timely and accurate manner. Failure to comply may result in regulatory penalties and reputational damage. Staying vigilant and adhering to legal obligations will help financial institutions contribute to Singapore’s efforts in combating financial crimes.

How We Can Help

We at Ingenia Consultants Pte. Ltd. support our clients in navigating their anti-money laundering requirements, including the filing of STRs. We specialize in helping our clients comply with these regulatory obligations, by developing appropriate policies and procedures. For any further information, please contact:

Vijay Bharadwaj

Director

Ingenia Consultants Pte. Ltd.

vijay.bharadwaj@ingenia-consultants.com

The Payment Services Act 2019 (PS Act) of Singapore is a comprehensive regulatory framework that governs payment service providers to enhance the safety, security, and efficiency of payment systems. One of the critical areas under the PS Act is the safeguarding of customer money, which ensures that customers’ funds are protected from misuse and insolvency risks.

Key Safeguarding Requirements

Under the PS Act, payment service providers (PSPs) offering services, such as e-money issuance, or money transfer, are required to safeguard customer funds. The relevant provisions and requirements include:

1. Segregation of Client Money

Section 23 of the PS Act stipulates that licensees must ensure customer money is segregated from their operational funds. This means maintaining separate bank accounts designated solely for holding customer funds to prevent commingling with the company’s assets. This separation protects customer money in the event of the PSP’s insolvency.

2. Safeguarding Arrangements

A major payment institution must ensure that money received from, or on account of, a customer for domestic or cross-border money transfer services or on account of merchant acquisition is
safeguarded if it continues to hold at the end of the business day.
Similarly, a major payment institution must safeguard customer’s funds, at all times, received in exchange for issuing e-money except where these funds are received for:

  • Payments made to reduce a customer’s debt to the institution,
  • Refunds or repayments made by the institution to the customer,
  • Funds used to pay service fees or charges imposed by the institution,
  • Payments made to a recipient as per customer instructions (whether received or not) or
  • Money paid to another person who is legally entitled to it.

This safeguarding can be done in one of the following manners:

  1. by an undertaking, from a safeguarding institution, such as a bank licensed in Singapore, to be fully liable to the customer for the relevant money;
  2. by a guarantee given by a safeguarding institution for the amount of the relevant money;
  3. by depositing the relevant money in a trust account maintained with a safeguarding institution.

3. Timely Safeguarding

PSPs are required to safeguard customer money within a specified period, usually by the end of the next business day after receiving the funds. This ensures that customers’ funds are protected from misuse and insolvency risks.

4. Regular Reconciliation

PSPs must reconcile their records of customer funds daily. This process involves verifying that the amounts held in safeguarding accounts match the total funds owed to customers. Discrepancies must be resolved immediately to maintain compliance.

5. Reporting and Auditing

PSPs must regularly report to the Monetary Authority of Singapore (MAS) on their safeguarding arrangements. They are also subject to periodic audits to ensure compliance with safeguarding obligations.

Consequences of Non-Compliance

Non-compliance with safeguarding requirements can lead to severe penalties, including fines, suspension of the PSP’s license, or other regulatory actions by MAS. PSPs must establish robust
internal controls and governance frameworks to ensure adherence to these regulations.

Why Safeguarding Matters

The safeguarding of customer money is vital for maintaining trust and confidence in payment services. It mitigates risks associated with insolvency and misuse of funds, providing customers with assurance that their money is secure.

How We Can Help

We at Ingenia Consultants Pte. Ltd. support our clients in navigating the safeguarding requirements under the PS Act. We specialize in helping PSPs comply with regulatory obligations, including setting up appropriate safeguarding mechanisms.

For any further information, please contact:
Vijay Bharadwaj
Director
Ingenia Consultants Pte. Ltd.
vijay.bharadwaj@ingenia-consultants.com

Licenced fund management companies restricted to servicing qualified investors, namely accredited investors and institutional investors, (“A/I LFMCs”) are generally required to submit quarterly and annual returns to the Monetary Authority of Singapore (“MAS”) to confirm their compliance with capital requirements and provide information for supervisory and statistical purposes.
Every quarter, they must submit the following forms (reg. 27 SF(FMR)R and sec. 3(1) and 5 of the Statistics Act 1973):

  • Form 1
  • Form 2
  • Quarterly Income & Expenditure Statement For Compilation Of Value-Added Of Financial Sector (Financial Institutions Excluding Insurance Companies) (“QIE Form”)

Form 1 and Form 2 must be submitted within 14 days after the end of the quarter end (reg. 27(6) SF(FMR)R). The QIE Form must be submitted within 15 days after the end of every quarter (para. 2 ED S 01/88 dated 18 July 2018). The latest forms can and should be downloaded from MASNET.

Every year, A/I LFMCs must submit the following forms and document (sec. 107(1) SFA, reg. 27(8)-(9) SF(FMR)R):

  • Financial statements
  • Form 1
  • Form 2
  • Form 3
  • Form 4
  • Form 5
  • Form 6

All of these documents must be submitted within 5 months after the end of the financial year (sec.107(1)(a) SFA).

A/I LFMCs are expected to submit all forms within the stipulated timelines. Missing submissions and missed deadlines contributed to several enforcement actions by the MAS.[1]

If the A/I LFMC is unable to submit the forms within the stipulated timelines, it should notify its MAS officer-in-charge ahead of the deadline, providing reasons for its inability.

Quarterly Returns

The quarterly returns are based on the management accounts of the A/I LFMC. As the timeline for the submission of the quarterly returns is quite short, the A/I LFMC should clearly convey to its accounting team that the management accounts must be quickly prepared after the end of the calendar quarter, in particular, where the A/I LFMC is engaging an outsourced accountant. It is also important to note that the preparation of the quarterly returns requires the balance sheet as of the end of each month to calculate the average aggregated assets in Form 2.

Form 1

To a large extent, Form 1 is a restatement of the Company’s balance sheet whereby the exposure to the different types of activities under the Securities and Futures Act 2001 is emphasised.

Tips

Contrary to Form 1, the “Unappropriated profit or loss” in Form 1 is the sum of the retained earnings and the current financial year’s profit or loss.

Form 2

Form 2 focuses on the A/I LFMC’s capital requirements: the base capital, financial resources, the total risk requirement, and adjusted assets. A/I LFMCs may note that the section on aggregate indebtedness does not apply to them (reg. 15 SF(FMR)R).

Tips

For the calculation of the base capital, the A/I LFMC must pay particular attention to the statement of its profit or loss. For the calculation of the base capital, the “Unappropriated profit or loss” is the A/I LFMC’s last audited profit or loss, its retained earnings. The current financial year’s loss must be deducted from the base capital whereas the current financial year’s profit must not be added for the base capital calculation but is taken into account for the calculation of the financial resources. It is important to remember that the “unappropriated profit or loss” changes and only changes after the A/I LFMC’s financial audit is completed.

An A/I LFMC also does not need to calculate the counterparty risk requirement, the position risk requirement, the large exposure risk requirement or the underwriting risk requirement as long as its average adjusted assets do not exceed the lower of SGD 10m or five times its financial resources (para. 3.3.1(a) read in conjunction with 3.3.3 SFA04-N13).

In many cases, an A/I LFMC’s operational risk capital is simply SGD 100,000. Until the A/I LFMC has an average gross income of SGD 2m for the three immediately preceding years, the A/I LFMC’s operational risk requirement is SGD 100,000 (para. 4.1.2 SFA04-N13).

QIE Form

The QIE Form is based on the A/I LFMC’s profit and loss statement for the full quarter. It examines the A/I LFMC’s income and expenses for statistical purposes. The first section collects data on the investments and their depreciation. The second section analyses the income and expenses, including employment.

To properly complete the QIE Form, the A/I LFMC must report business transactions with Singapore residents and firms under “In Singapore” and transactions with persons and firms outside Singapore under “Outside Singapore”. The A/I LFMC may need to organise its accounting to extract the figures with this segregation.

Salaries are also reported “In Singapore” and “Outside Singapore”. At the same time, a distinction is made between “Singapore resident employees”, these are Singapore citizens and Singapore permanent residents, and other staff, “Non-Singapore resident employees”. The same distinction is also made for total employment figures as at the end of the quarter. The A/I LFMC may need to inquire with its human resources department to make these distinct amounts available.

Tips

In the transfer of its accounts into the QIE Form, the A/I LFMC should pay particular attention to accounts with a negative figure. The QIE Form (generally) does not allow for negative income or expenses. As a result, a negative income may need to be reported as an expense and vice-versa.

In the QIE Form, values must be stated to the nearest Singapore dollar. This may lead to slight discrepancies when multiple numbers that were individually rounded are added up to a sum, namely the profit/loss before tax. Where the A/I LFMC encounters an error message for a field that is a sum, it is worth examining it for an error due to the rounding of the individual components.

Annual Returns

The annual returns are based on the audited financial statements of the A/I LFMC.

Form 1 and Form 2

The A/I LFMC must submit Form 1 and Form 2 as part of its quarterly returns and as part of its annual returns. Although the forms for the quarterly and the annual returns request the same data, different templates need to be used. Importantly, the figures in the annual submissions must be based on the audited financial statements. Thus, they may differ from the figures submitted for the quarter end that coincides with the financial year-end.

Form 3

Form 3 examines the income of the A/I LFMC based on the types of financial services activities.

Tips

Many activities will not apply to the A/I LFMC because the same form applies to all holders of a capital markets services (“CMS”) licence.

Form 4

In Form 4, the A/I LFMC must catalogue its assets under management, namely based on types of investors and activity.

Tips

For the distinction between “Institutional clients” and “Individual clients”, “Institutional clients” is not equivalent to institutional investors as defined in section 4A(1)(c) of the Securities and Futures Act 2001. This distinction in Form 4 rather reflects the distinction as per the market practice of whether the A/I LFMC’s customer is an individual or an institution.

Where an A/I LFMC is also exempt from the requirement to hold a financial adviser’s licence, the A/I LFMC should also note that the distinction between funds under “discretionary management” and “under advisory service” does not reflect the distinction between the two regulated activities of fund management and financial advice. Funds “under advisory service” means the value of assets for which the A/I LFMC acts as an advisor without the authority to make investment decisions. This targets funds where the primary fund manager engages the A/I LFMC as an advisor/sub-advisor for a fund.

Form 5 and Form 6

Form 5 and Form 6 must be completed by the A/I LFMC’s external auditor. In Form 5, the auditor confirms that it has audited the A/I LFMC’s accounts. However, the auditor also confirms that nothing has come to its attention that causes it to believe that the A/I LFMC has not complied with all conditions and restrictions applicable to the A/I LFMC under its licence, i.e. under applicable regulations and as imposed in its licence. Due to this confirmation, various external auditors insist on a comprehensive review of the A/I LFMC’s internal controls, not just the A/I LFMC’s accounts. In Form 6, the auditor confirms that the A/I LFMC’s financial statements have been properly drawn up. 

Financial Statements

The financial statements that the A/I LFMC submits as part of its annual returns must be true and fair financial statements made up to the last day of its financial year in accordance with the Companies Act 1967 (reg. 27(8) SF(FMR)R) and must include the management letter (if any). These will be the company’s audited financial statements.

Ingenia Consultants Pte. Ltd. supports financial institutions in their compliance, including the preparation of quarterly and annual returns for fund management companies. This support is included in our outsourced compliance services or can be engaged separately.

For any further information, please contact:

Maurice Yap
Senior Manager
Ingenia Consultants Pte. Ltd.
maurice.yap@ingenia-consultants.com

 

[1] For example, “MAS Takes Enforcement Actions Against China Capital Impetus Asset Management, its Executive Director and Former CEO for Breaches of the Securities and Futures (Licensing and Conduct of Business) Regulations” of 31 July 2024, “MAS Reprimands RVP One Pte. Ltd. and its Chief Executive Officer for Breaches of the Securities and Futures (Licensing and Conduct of Business) Regulations” of 30 July 2024.

In today’s dynamic business environment, managing risks effectively is critical to ensuring operational resilience, complying with regulatory requirements, and achieving organisational objectives. The risk control self-assessment (“RCSA”) process is a vital tool that empowers organisations to proactively identify, evaluate, and mitigate risks.

What is the RCSA process?

The RCSA is a structured and collaborative approach to assess risks and controls within the operations.

The process involves engaging various stakeholders to:

1. Identify Risks: Understand potential threats to achieving organisational objectives.
2. Assess Risks: Evaluate the likelihood and impact of identified risks.
3. Review Controls: Assess the effectiveness of current risk controls.
4. Mitigate Risks: Design and implement action plans to address gaps or improve existing controls.

Benefits of RCSA

The awareness of the risks it is exposed to and the RCSA process, in particular, provide several benefits
to the company.

1. Proactive Risk Management: The RCSA helps organisations identify and address risks before they materialise.
2. Enhanced Control Environment: The RCSA ensures controls are aligned with identified risks.
3. Informed Decision-making and Resource Allocation: The RCSA process provides leadership with actionable insights on risk exposure and helps allocate resources based on business needs.
4. Improved Compliance: The RCSA demonstrates due diligence in meeting regulatory and governance requirements, namely where the company applies a risk-based approach.
5. Collaboration and Awareness: The RCSA fosters a risk-aware culture across all levels of the organisation.

Key steps in the RCSA process

The RCSA process commonly follows the steps below to identify and assess the inherent risks and the existing controls, determine the residual risks based on these two factors and, finally, plan for required actions, if any.

1. Risk Identification

The relevant stakeholders identify the inherent risks that the company and its operations are exposed to. You can leverage tools like process maps, past incident reports, and risk libraries for a comprehensive view.

2. Inherent Risk Assessment

The identified inherent risks are rated based on two criteria: likelihood (frequency) and impact (severity). The risk rating is applied based on a risk matrix.

3. Control Evaluation

Existing controls are listed for each identified risk and evaluated for their adequacy, effectiveness, and efficiency. For this purpose, findings from recent quality assurance and internal and external audits should be considered.

4. Determination of Residual Risk

The residual risk of each inherent risk is determined by the rating of the inherent risk and the strength of the respective controls in accordance with a pre-defined matrix. Residual risks in the same category may be consolidated to obtain an easier understanding of the company’s risk exposure.

5. Action Planning

Where necessary, corrective action is developed, namely in case of inadequate controls or where the residual risk exceeds the company’s risk. Deadlines for the action items are determined, and ownership for their implementation is assigned.

6. Monitoring and Reporting

The progress of mitigation efforts is continuously tracked to ensure their timely implementation and, thus, enhanced risk mitigation. Findings are documented, and the reports are shared with key stakeholders for transparency and accountability.

Tailoring the RCSA Process for Your Business

Every organisation is unique, requiring a customised specific RCSA. Tailoring the RCSA to your business ensures that risk identification and mitigation strategies align with the organisation’s unique objectives, industry, and operational context. This customisation enhances the relevance, efficiency, and effectiveness of your risk management efforts.

We at Ingenia Consultants Pte. Ltd. support our clients in setting up enterprise-wide risk management frameworks commensurate with the nature, size and complexity of their operations. Namely, we help with the RCSA process and document it.

Industry-specific risk libraries: We provide guidance to your company in identifying and assessing applicable risks leveraging our expertise across various sub-sectors of the financial industry, such as fund management, external asset management, payment services and digital asset services.

Stakeholder engagement: We facilitate workshops and meetings to align teams with RCSA objectives.

Periodic reviews: We establish a process and assist your company in reviewing your risks and refining the RCSA process based on evolving risks.

 

For any further information, please contact:
Vijay Bharadwaj
Director
Ingenia Consultants Pte. Ltd.
vijay.bharadwaj@ingenia-consultants.com