Anti-Money Laundering Policy (MAS) Singapore

An Anti-Money Laundering Policy (MAS) in Singapore documents the organisation's approach and the obligations placed on those it covers.

MAS — Singapore's central bank and integrated financial regulator — issues binding AML/CFT notices and guidelines for all regulated entities. MAS Notice SFA 04-N02 (for capital markets services licence holders), MAS Notice 626 (for banks), MAS Notice 314 (for finance companies), and MAS Notice PSN02 (for payment service providers under the Payment Services Act 2019) prescribe detailed requirements for customer due diligence (CDD), enhanced due diligence (EDD), ongoing monitoring, suspicious transaction reporting (STR), and record-keeping. The Financial Advisers Act (Cap. 110) and the Trust Companies Act (Cap. 336) impose additional AML obligations on financial advisers and licensed trust companies respectively.

The Suspicious Transaction Reporting Office (STRO), a division of the Commercial Affairs Department (CAD) within the Singapore Police Force, receives and analyses STRs filed by reporting entities under Section 39 of the CDSA. STRO is Singapore's Financial Intelligence Unit (FIU) and a member of the Egmont Group of Financial Intelligence Units. All reporting entities — including banks, insurers, capital markets intermediaries, payment service providers, digital payment token (DPT) service providers, and designated non-financial businesses and professions (DNFBPs) including lawyers, accountants, company service providers, and precious metals dealers — must file STRs with STRO when they have reasonable grounds to suspect that property is connected to a criminal offence.

Singapore's AML framework aligns with the Financial Action Task Force (FATF) Recommendations, and Singapore underwent its most recent FATF Mutual Evaluation in 2016, receiving largely compliant or compliant ratings across the 40 Recommendations. The MAS has subsequently issued updated guidance through Circulars and Information Papers, including Guidance on AML/CFT Controls in Trade Finance (2020) and Information Paper on Strengthening AML/CFT Practices for Digital Payment Token Service Providers (2023).

The Anti-Money Laundering Policy differs from an Anti-Bribery and Corruption Policy, which addresses the Prevention of Corruption Act 1960 (Cap. 241) and focuses on bribery offences rather than money laundering. Companies subject to both MAS regulation and general anti-corruption obligations should maintain separate AML and anti-bribery policies, though the two may cross-reference each other where customer due diligence reveals potential corruption indicators.

Singapore-registered companies that are not directly MAS-regulated but operate in sectors with elevated money laundering risk — including real estate, precious metals and stones dealing, and cross-border trade — should also maintain documented AML policies. The Inter-Ministry Committee on AML/CFT, chaired by MAS and comprising representatives from the Attorney-General Chambers (AGC), the Ministry of Home Affairs (MHA), and the Ministry of Law (MinLaw), coordinates national AML/CFT policy and periodically updates Singapore National Risk Assessment findings that inform sector-specific risk indicators.

An Anti-Money Laundering Policy in Singapore is needed by every entity regulated by the Monetary Authority of Singapore (MAS) and by designated non-financial businesses and professions (DNFBPs) that are subject to AML/CFT obligations under the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act 1992 (CDSA).

When a company applies for or holds a MAS licence — including a banking licence under the Banking Act (Cap. 19), a capital markets services licence under the Securities and Futures Act 2001 (SFA), an insurance licence under the Insurance Act 1966 (Cap. 142), or a payment services licence under the Payment Services Act 2019 — the AML Policy is a mandatory compliance document reviewed by MAS during the licensing process and at subsequent supervisory examinations. MAS Notice 626 (banks), MAS Notice SFA 04-N02 (CMS licence holders), and MAS Notice PSN02 (payment service providers) require regulated entities to establish, maintain, and regularly review documented AML/CFT policies and procedures.

When a company provides digital payment token (DPT) services — including cryptocurrency exchanges, digital wallet providers, and cross-border money transfer services — the Payment Services Act 2019 requires a major or standard payment institution licence from MAS, with full AML/CFT obligations including customer due diligence, transaction monitoring, sanctions screening, and STR filing. MAS has issued specific guidance for DPT service providers through its Information Paper on Strengthening AML/CFT Practices (2023), and companies in this sector require AML policies tailored to the unique risks of virtual asset transactions.

When a law firm, accounting practice, or corporate service provider acts as a DNFBP performing specified activities — including forming companies, acting as nominee directors, managing client accounts, or supporting real estate transactions — the entity is subject to AML/CFT obligations under MAS notices applicable to DNFBPs and the Accounting and Corporate Regulatory Authority (ACRA) guidelines for corporate service providers. ACRA-registered filing agents must maintain AML policies and file STRs with STRO when suspicious activities are detected.

When a company onboards new customers or business relationships, the AML Policy governs the customer due diligence (CDD) process — including identity verification, beneficial ownership identification, source of wealth and funds assessment, and sanctions screening against the MAS Sanctions List, United Nations Security Council (UNSC) sanctions lists, and other applicable sanctions regimes. MAS requires CDD to be completed before establishing a business relationship, with no exceptions for low-value transactions unless specifically permitted by the applicable MAS Notice.

When an employee or compliance officer detects a transaction or pattern of transactions that gives rise to a suspicion of money laundering or terrorism financing — such as structuring transactions to avoid reporting thresholds, transactions with no apparent economic rationale, or transactions involving high-risk jurisdictions identified by FATF — the AML Policy prescribes the internal escalation process and the timeline for filing an STR with STRO. Failure to file an STR when required is a criminal offence under Section 39(1) of the CDSA.

An Anti-Money Laundering Policy for Singapore entities must contain the mandatory elements prescribed by MAS notices and the CDSA to satisfy regulatory requirements and demonstrate effective AML/CFT compliance. The forms-legal.com Anti-Money Laundering Policy template includes 9 sections covering the mandatory elements under MAS Notice 626 (banks), MAS Notice SFA 04-N02 (CMS licence holders), and the Payment Services Act 2019 AML/CFT requirements.

The Money Laundering Reporting Officer (MLRO) designation must identify the senior officer responsible for AML/CFT compliance — including receiving internal suspicious activity reports, deciding whether to file STRs with STRO, and serving as the primary contact for MAS supervisory enquiries. MAS expects the MLRO to be of sufficient seniority (typically at least a senior vice president or equivalent) and to have direct reporting access to the board of directors or senior management. The MLRO must be based in Singapore and registered with MAS where required by the applicable notice.

Governance and oversight structure must describe the board's and senior management's responsibilities for AML/CFT compliance, including approval of the AML policy, allocation of adequate resources, and periodic review of the AML framework's effectiveness. MAS Notice 626 (for banks) requires the board to approve the AML/CFT policies and to be informed of significant AML/CFT compliance matters, including material STRs, regulatory findings, and independent audit results.

Customer due diligence (CDD) procedures must specify the processes for verifying customer identity using reliable, independent source documents (NRIC, passport, ACRA business profile), identifying and verifying beneficial owners of corporate customers (with a 25% ownership threshold as the default under MAS guidance), assessing the purpose and intended nature of the business relationship, and conducting ongoing monitoring of transactions. Enhanced due diligence (EDD) procedures must be specified for higher-risk customers — including politically exposed persons (PEPs), customers from FATF-identified high-risk jurisdictions, correspondent banking relationships, and complex or unusually large transactions.

Transaction monitoring and suspicious transaction reporting (STR) procedures must describe the systems (automated or manual) used to monitor customer transactions against established risk indicators, the internal escalation process from front-line staff to the MLRO, the MLRO's decision-making criteria for filing STRs with STRO, and the timeline for STR submission. Section 39(1) of the CDSA requires reporting within a reasonable time, and MAS expects STRs to be filed promptly — typically within 1-3 business days of the MLRO's determination that filing is warranted.

Sanctions screening procedures must describe the process for screening customers, transactions, and counterparties against the MAS Sanctions List (maintained under the Monetary Authority of Singapore (Sanctions and Freezing of Assets of Persons — Democratic People's Republic of Korea) Regulations and equivalent regulations for other sanctions regimes), UNSC consolidated sanctions lists, and other applicable lists. MAS requires real-time or near-real-time screening for wire transfers and periodic batch screening for existing customers.

Record-keeping requirements must specify the retention period for all CDD records, transaction records, STR records, and internal correspondence — a minimum of 5 years from the date of cessation of the business relationship or completion of the transaction under MAS notices, or longer where required by specific legislation. Records must be maintained in a manner that permits retrieval within a reasonable time for MAS inspection or law enforcement requests under Section 35 of the CDSA.

Training requirements must mandate AML/CFT training for all employees upon hiring and at least annually thereafter, with role-specific training for employees in customer-facing, compliance, and senior management positions. Training must cover the identification of suspicious transactions, the internal reporting process, sanctions obligations, and the criminal penalties for non-compliance under the CDSA and TSOFA.

Independent audit and testing must require periodic independent review of the AML/CFT framework — annually for MAS-regulated entities — to assess the adequacy and effectiveness of policies, procedures, and controls. MAS expects the independent review to be conducted by internal audit or an external firm with AML/CFT expertise, with findings reported to the board audit committee.