AML/CFT & Anti-Bribery and Corruption Training Program

AML/CFT & Anti-Bribery and Corruption Training Program
Aligned to MAS Singapore Guidelines
December 2025
Begin Training
Download Materials
Module 1: Introduction & Regulatory Framework
Welcome and Training Objectives
Welcome to this comprehensive training on Anti-Money Laundering, Countering the Financing of Terrorism, and Anti-Bribery and Corruption. This program is specifically designed to equip you with the essential knowledge and practical skills necessary to identify, prevent, and report financial crimes in accordance with Singapore's stringent regulatory requirements.
As financial crime continues to evolve in sophistication and scale, your role in safeguarding our institution and maintaining Singapore's reputation as a trusted financial hub has never been more critical. This training will provide you with the tools to fulfill your responsibilities with confidence and competence.
Core Training Objectives
Understand the comprehensive regulatory landscape and specific MAS requirements that govern our operations
Recognize diverse money laundering and terrorism financing typologies and emerging threats
Apply risk-based Customer Due Diligence procedures effectively in daily operations
Identify bribery and corruption risks in various business scenarios
Know precisely when and how to report suspicious activities through proper channels
Financial Crime Landscape in Singapore
Singapore stands as one of Asia's most prominent financial hubs, distinguished by a robust and comprehensive regulatory framework that has earned global recognition. However, this prestigious position as a leading global financial center also makes Singapore an attractive target for sophisticated financial criminals seeking to launder illicit funds, evade sanctions, or engage in corrupt practices. The Singapore government maintains a firm zero-tolerance approach to financial crime, enforcing strict compliance standards across all financial institutions.
The scale of financial activity in Singapore is immense, with the city-state managing operations that impact global markets. Understanding this landscape is crucial for every professional working in Singapore's financial sector, as the consequences of financial crime extend far beyond individual institutions to affect Singapore's international standing and economic stability.
$3T
Assets Under Management
Singapore handles over SGD 3 trillion in assets under management, making it a premier wealth management destination
500+
Annual STR Reviews
MAS reviews hundreds of Suspicious Transaction Reports annually from financial institutions across all sectors
$1M+
Maximum Penalties
Penalties for non-compliance can reach millions of dollars in fines plus imprisonment for responsible individuals
MAS Regulatory Framework
Key Legislation and Notices
CDSA
Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act
The primary legislation criminalizing money laundering in Singapore. It requires mandatory reporting of suspicious transactions and imposes comprehensive obligations on financial institutions to implement robust AML controls.
TSOFA
Terrorism (Suppression of Financing) Act
Criminalizes the financing of terrorism and terrorist entities. Requires institutions to actively screen against designated lists, freeze assets immediately upon identification, and report to authorities.
PCA
Prevention of Corruption Act
Makes it an offense to give, receive, or solicit bribes in both the public and private sectors. Singapore's corruption laws have extraterritorial reach, applying to acts committed overseas by Singaporeans.
MAS Notice 626 (For Banks)
Sets out comprehensive AML/CFT requirements specifically for banks including Customer Due Diligence, record keeping, suspicious transaction reporting, and internal controls. This notice establishes the minimum standards all banking institutions must meet.
MAS Notice SFA 04-N02 (For Capital Markets)
Similar requirements tailored for capital market intermediaries, and fund managers. Addresses specific risks associated with securities trading and investment management activities.
Consequences of Non-Compliance
Non-compliance with AML/CFT and anti-corruption regulations carries severe consequences that can devastate both organizations and individuals. MAS takes enforcement seriously, and the penalties extend far beyond monetary fines to include reputational damage that can permanently impair an institution's ability to operate.
For Organizations
Financial Penalties
Monetary penalties up to SGD 1 million per breach, with cumulative fines possible for multiple violations
License Actions
License suspension or permanent revocation by MAS, effectively ending operations in Singapore
Reputational Impact
Severe reputational damage leading to loss of business, client withdrawals, and inability to attract new customers
Ongoing Scrutiny
Increased regulatory oversight, mandatory external audits, and significantly higher compliance costs
For Individuals
Criminal Prosecution
Imprisonment up to 10 years for money laundering offenses, with no possibility of suspended sentences for serious violations
Substantial Fines
Personal fines up to SGD 500,000, which cannot be indemnified by employers
Career Impact
Criminal record permanently affecting future employment in financial services industry globally
Management Liability
Personal liability for senior management under corporate governance principles, even without direct involvement
Module 2: AML/CFT Fundamentals
What is Money Laundering?
Money laundering is the systematic process of concealing the origins of illegally obtained money to make it appear legitimate and usable in the regular economy. This criminal activity enables offenders to enjoy the proceeds of their crimes without detection by law enforcement or regulatory authorities. Money laundering is not a single act but rather a complex process that can involve multiple transactions across various jurisdictions and financial institutions.
The sophistication of money laundering schemes has evolved dramatically with technology, globalization, and financial innovation. Criminal organizations employ professional money launderers who understand financial systems and exploit weaknesses in controls. Understanding money laundering is essential for every financial services professional, as you serve as the first line of defense against these illicit activities.
The Three Stages of Money Laundering
Stage 1: Placement
The initial entry of illicit funds into the financial system
This is the most vulnerable stage for detection as criminals must introduce large amounts of cash or other assets into legitimate channels. Common placement methods include:
Depositing cash into bank accounts in amounts structured below reporting thresholds (smurfing)
Using cash to purchase bearer instruments, money orders, or traveler's checks
Buying high-value assets like real estate, luxury vehicles, artwork, or jewelry
Operating cash-intensive businesses to commingle illegal and legitimate funds
Stage 2: Layering
Creating complex layers of financial transactions to disguise the audit trail
Criminals engage in multiple transactions to obscure the source of funds and confuse investigators. This stage involves:
Wire transfers through multiple jurisdictions, especially to and from financial secrecy havens
Converting funds into different currencies repeatedly to break the transaction trail
Using complex networks of shell companies, offshore entities, and nominee accounts
Making investments in financial instruments and liquidating them in different locations
Stage 3: Integration
Reintroducing the laundered funds into the legitimate economy
At this final stage, the money appears as legally obtained wealth and can be used freely. Integration methods include:
Investing in legitimate businesses or becoming silent partners in established companies
Purchasing luxury real estate, commercial property, or other high-value assets
Creating false loan arrangements where the criminal "borrows" their own laundered money
Using complex financial instruments and investment vehicles to generate apparently legitimate returns
What is Terrorism Financing?
Terrorism financing refers to the provision of funds or financial services to support terrorist activities, organizations, or individuals. Unlike money laundering, which always involves illicit funds being made to appear legitimate, terrorism financing may involve funds from both legitimate and illegitimate sources being channeled to support terrorist activities.
The challenge in detecting terrorism financing lies in the fact that transactions are often small, may involve legitimate sources, and the individuals involved may not have criminal records. Financial institutions must be vigilant for patterns and red flags that suggest funds are being collected or transmitted for terrorist purposes, regardless of the source of those funds.
Terrorism financing can include providing money for terrorist operations, supporting the infrastructure of terrorist organizations, recruiting and training operatives, or facilitating terrorist communications and propaganda efforts.
Money Laundering
Always involves illicit funds
Typically larger transaction amounts
Purpose: Hide the source of funds
Focus on past criminal activity
Terrorism Financing
May involve legitimate funds
Often smaller transaction amounts
Purpose: Support future terrorist activities
Focus on preventing future harm
Key Definitions
Understanding precise terminology is essential for effective AML/CFT compliance. These definitions form the foundation of regulatory requirements and must be applied consistently in your daily work.
Beneficial Owner
The natural person who ultimately owns or controls a customer, or on whose behalf a transaction is being conducted. This includes persons who exercise ultimate effective control over a legal person or legal arrangement.
For corporate entities, beneficial owners are typically individuals who own or control 25% or more of shares or voting rights, though lower thresholds may apply for higher-risk situations.
Politically Exposed Person (PEP)
An individual who is or has been entrusted with prominent public functions domestically or in a foreign country. This includes heads of state, senior politicians, senior government officials, judicial or military officials, senior executives of state-owned corporations, and important political party officials.
Family members and close associates of PEPs are also considered PEPs for due diligence purposes due to their proximity to power and influence.
Shell Company
A company that exists only on paper, has no physical presence or operations, employs no staff, and produces no goods or services. Shell companies are often used to hide beneficial ownership and facilitate money laundering by creating layers between criminals and their funds.
While shell companies have some legitimate uses, they present high money laundering risks and require enhanced scrutiny.
Suspicious Transaction
A transaction that gives rise to reasonable grounds to suspect that it may be related to money laundering or terrorism financing. Suspicion is based on unusual circumstances, lack of economic rationale, inconsistency with the customer's known profile, or presence of multiple red flags.
The threshold is suspicion, not certainty. You do not need proof of criminal activity to report.
Red Flags and Typologies
Red flags are warning signs that should trigger additional scrutiny and potentially lead to filing a Suspicious Transaction Report. Recognizing these indicators is a critical skill for all financial services professionals. No single red flag automatically means money laundering is occurring, but combinations of red flags significantly increase suspicion.
Transaction Red Flags
Transactions that do not match the customer's business profile, stated purpose, or expected transaction patterns
Structuring transactions just below reporting thresholds (e.g., multiple transactions of SGD 19,000)
Frequent or large wire transfers to or from high-risk jurisdictions with no apparent business rationale
Large cash deposits that are inconsistent with the customer's known business or income sources
Transactions involving multiple parties with no apparent economic connection or business relationship
Immediate transfer of deposited funds to third parties or other institutions without clear business purpose
Use of multiple accounts to receive and transfer funds with no clear explanation
Round-dollar amounts or unusual transaction patterns that suggest artificial activity
Customer Behavior Red Flags
Reluctance to provide complete identification documents or source of funds information despite requests
Providing false, misleading, or suspicious information that cannot be verified
Unusual concern about compliance requirements, reporting thresholds, or record-keeping practices
Conducting transactions through multiple accounts or corporate entities with no clear business purpose
Frequent changes to beneficial ownership structures or authorized signatories without reasonable explanation
Customer insists on unnecessary complexity in transaction structures or corporate arrangements
Overly anxious to complete transactions quickly without normal due diligence
Background inconsistent with apparent wealth or transaction patterns
Singapore's Risk-Based Approach
MAS requires all financial institutions to adopt a risk-based approach to AML/CFT compliance. This means systematically assessing and managing money laundering and terrorism financing risks by allocating resources and applying controls according to the level of risk identified. Higher-risk customers, products, services, delivery channels, and jurisdictions must receive enhanced scrutiny and more intensive controls.
The risk-based approach recognizes that not all customers and transactions present the same level of risk. It allows institutions to deploy their compliance resources more effectively by focusing attention where risks are highest while applying simplified measures where risks are demonstrably low. This approach is more effective than applying uniform measures to all situations.
Customer Risk Factors
Type of customer (individual, corporate, trust), nature of business activities, ownership structure complexity, country of origin and residence, reputation and background
Product/Service Risk
Cash intensity of product, degree of anonymity, complexity of transaction structure, ease of concealing beneficial ownership, potential for rapid movement of funds
Geographic Risk
Countries with weak AML/CFT controls or high corruption levels, jurisdictions subject to sanctions, tax havens and financial secrecy jurisdictions, regions with high levels of organized crime or terrorism
Delivery Channel Risk
Non-face-to-face customer relationships, use of intermediaries or agents, cross-border banking relationships, electronic or mobile payment platforms, complexity of distribution networks
Module 3: Customer Due Diligence (CDD)
CDD Requirements Under MAS Guidelines
Customer Due Diligence is the cornerstone of an effective AML/CFT compliance program. It is the process of identifying customers, verifying their identities, understanding their business relationships, and assessing the risks they present. MAS requires financial institutions to conduct CDD before establishing business relations, when carrying out significant transactions, or whenever there are suspicions of money laundering or terrorism financing.
Effective CDD enables financial institutions to know their customers, understand their expected activities, and detect suspicious or unusual transactions that may indicate money laundering or terrorism financing. The depth and intensity of CDD measures must be commensurate with the assessed risk level of the customer relationship.
01
Before establishing business relations
Complete CDD measures before opening accounts or beginning ongoing business relationships
02
Transactions above SGD 20,000
When conducting transactions above the specified threshold for non-account holders
03
Suspicion of ML/TF
Whenever there are suspicions of money laundering or terrorism financing, regardless of thresholds
04
Doubts About Accuracy
When there are doubts about the accuracy or adequacy of previously obtained customer identification information
Standard, Enhanced, and Simplified CDD
MAS requires a risk-based approach to CDD, with three levels of due diligence corresponding to different risk profiles. Understanding when to apply each level is critical for effective compliance.
Standard CDD
For normal risk customers
Applied to the majority of customer relationships where risks are neither particularly high nor demonstrably low.
Identity verification using reliable documents
Understanding business purpose and nature of relationship
Information on source of funds for significant transactions
Regular monitoring proportionate to risk
Examples: Regular SMEs, salaried individuals, established businesses
Enhanced CDD
For high-risk customers
Additional measures required when higher risks are identified based on customer, geographic, product, or other risk factors.
Additional verification from independent sources
Senior management approval for relationship
Establish source of wealth and source of funds
Enhanced ongoing monitoring with increased frequency
More detailed transaction scrutiny
Examples: PEPs, customers from high-risk jurisdictions, complex structures, unusual businesses
Simplified CDD
For low-risk customers
Reduced measures permitted only where risks are demonstrably low and specific conditions are met.
Reduced verification requirements
Less frequent monitoring
Must still identify and verify customer
Subject to ongoing risk assessment
Examples: Singapore government entities, listed companies (subject to disclosure requirements and conditions)
Identification and Verification Requirements
For Individual Customers
Financial institutions must obtain and verify the following information for individual customers:
Full legal name as it appears on official documents
Date of birth to confirm age and identity
Nationality and country of residence for risk assessment
Occupation and employer to understand source of income
Residential address that can be independently verified
Valid identification document: Singapore NRIC for residents, passport for foreigners, or other government-issued photo ID
Verification must be based on documents from reliable and independent sources. Copies of verification documents must be retained.
For Corporate Entities
For legal persons and entities, more extensive information is required:
Full legal name and any trading or business names
Legal form and proof of existence (certificate of incorporation or equivalent)
Registered address and principal place of business if different
Directors and authorized signatories with full details
Business activities and nature of operations in detail
Company registration documents from relevant authorities
Beneficial ownership information identifying natural persons who ultimately own or control the entity
For complex structures, corporate charts showing ownership and control must be obtained and verified.
Beneficial Ownership Identification
MAS requires financial institutions to look through legal entities to identify and verify the identity of beneficial owners - the natural persons who ultimately own or control the customer. This is critical because legal entities can be used to hide the true parties behind transactions, facilitating money laundering and other financial crimes.
For corporate customers, beneficial owners are generally individuals who ultimately own or control 25% or more of the shares or voting rights, or who otherwise exercise control over the management of the entity. Control can be exercised through various means including ownership, voting rights, agreements, or other arrangements.
01
Obtain Corporate Structure Information
Request corporate structure charts, shareholder registers, and ownership information from the customer. For complex structures, detailed organizational charts showing all layers of ownership are essential.
02
Look Through Ownership Layers
Trace ownership through intermediate holding companies and other legal entities to identify the natural persons at the top of the ownership chain. Don't stop at the first corporate layer.
03
Verify Beneficial Owner Identities
Obtain and verify identification documents for all identified beneficial owners using the same standards applied to individual customers, including passport or ID card copies.
04
Document the Structure
Create clear documentation showing the ownership and control structure, including percentages of ownership, nature of control, and how beneficial owners were identified and verified.
05
Update Regularly
Beneficial ownership information must be kept current. Review and update at regular intervals based on risk assessment, and whenever there are material changes to the customer's structure.
Politically Exposed Persons (PEPs) Screening
Politically Exposed Persons present higher money laundering and corruption risks due to their positions of power and influence, which create opportunities for abuse. MAS requires financial institutions to implement systems to identify PEPs and apply enhanced due diligence measures to all PEP relationships.
The definition of PEP extends beyond the individual holding or who held prominent public office. Family members and known close associates are also classified as PEPs because of their proximity to power and the potential for funds to be channeled through these relationships. Financial institutions must screen both at onboarding and on an ongoing basis.
Foreign PEPs
Individuals entrusted with prominent public functions in foreign countries, including heads of state or government, senior politicians, senior government officials, judicial or military officials, senior executives of state-owned corporations, and important political party officials
Domestic PEPs
Individuals entrusted with prominent public functions in Singapore, including senior government officials, members of parliament, senior judges, senior military officers, and senior executives of government-linked companies
International Organization PEPs
Senior officials of international organizations such as the United Nations, World Bank, International Monetary Fund, and regional development banks
Family Members
Immediate family members of PEPs including spouse, children, parents, and siblings. The definition focuses on close family relationships that could facilitate corruption or money laundering
Close Associates
Individuals known to have joint beneficial ownership of legal entities or legal arrangements with a PEP, or who have close business relations with a PEP, or who have sole beneficial ownership of an entity known to be set up for the benefit of a PEP
Enhanced CDD Requirements for PEPs
Obtain senior management approval before establishing the relationship or continuing it if PEP status is identified later
Take reasonable measures to establish the source of wealth (how wealth was accumulated) and source of funds (origin of funds in specific transactions)
Conduct enhanced ongoing monitoring of the relationship with increased scrutiny of transactions
Review the relationship at least annually with senior management involved in the review process
Ongoing Monitoring Obligations
Customer Due Diligence is not a one-time exercise conducted only at onboarding. Financial institutions have ongoing obligations to monitor business relationships throughout their duration to ensure that transactions and activities remain consistent with their knowledge of the customer, their business, and their risk profile. Ongoing monitoring is essential for detecting suspicious activities that may develop over time.
The intensity and frequency of monitoring must be commensurate with risk. Higher-risk relationships require more frequent and detailed monitoring, while lower-risk relationships may be monitored less intensively. However, all relationships require some level of ongoing attention to identify changes in behavior or circumstances that may indicate increased risk.
Transaction Pattern Analysis
Regularly review transactions to identify unusual patterns or activities that are inconsistent with the customer's known business or profile. Look for sudden increases in volume, changes in transaction types, or new counterparties that cannot be explained.
Periodic Information Updates
Update customer information and documentation periodically based on the risk assessment. This includes refreshing identification documents when they expire, updating beneficial ownership information, and confirming business activities remain unchanged.
Risk-Based Relationship Reviews
Conduct comprehensive periodic reviews of customer relationships based on risk assessment. High-risk customers should be reviewed at least annually, while lower-risk customers may be reviewed less frequently. Reviews should reassess the risk rating and update CDD information.
Deviation Investigations
Investigate any significant deviations from expected transaction patterns promptly. Request explanations from customers and obtain supporting documentation. Escalate to compliance if explanations are unsatisfactory or suspicions arise.
Regular Screening
Re-screen customers against sanctions lists, PEP databases, and adverse media on a regular basis. Screening should not only occur at onboarding but throughout the relationship, as statuses can change and new information emerges.
When to Escalate Concerns
Recognizing when to escalate concerns is a critical responsibility of every employee. You are the eyes and ears of the institution's AML/CFT program. When you encounter situations that cause concern or uncertainty, prompt escalation ensures that experienced compliance professionals can assess the situation and take appropriate action.
Never hesitate to escalate. It is always better to escalate a situation that turns out to be legitimate than to fail to escalate something that later proves to be suspicious. There is no penalty for raising genuine concerns in good faith. Your institution's compliance team is there to support you and make final determinations about suspicious activity.
Customer Refuses Required Information
When a customer refuses to provide required identification, documentation, or information about source of funds despite your requests and explanations of regulatory requirements. Reluctance to provide basic CDD information is a significant red flag.
Suspicious Documentation
When documents provided by the customer appear suspicious, falsified, altered, or inconsistent with other information. This includes poor quality copies, different fonts or formats within a document, or information that doesn't match across documents.
Implausible Explanations
When the customer's explanation for their transactions, business activities, or source of funds is inconsistent, implausible, or doesn't make economic sense. Trust your instincts when something doesn't add up.
Unusual Transaction Patterns
When transaction patterns are unusual, inconsistent with the customer's known business profile, or inconsistent with their stated purpose for the account relationship. Significant deviations from expected behavior warrant escalation.
PEP Identification
When you identify a customer as a Politically Exposed Person, family member of a PEP, or close associate of a PEP. All PEP relationships require senior management approval and enhanced due diligence measures.
Any Suspicions
Any other circumstance that raises suspicions or concerns about potential money laundering, terrorism financing, or other financial crime. If something feels wrong or unusual, escalate it for review by experienced compliance professionals.
Module 4: Sanctions & Proliferation Financing
Sanctions compliance is a critical component of financial crime prevention. Violations can result in severe penalties, including criminal prosecution, massive fines, and reputational damage. Understanding sanctions obligations is essential for every financial services professional working in Singapore's interconnected global financial system.
Understanding Sanctions
Sanctions are restrictive measures imposed by governments or international bodies to prevent dealings with specific individuals, entities, or countries. They serve as tools to address threats to international peace and security, combat terrorism, prevent the proliferation of weapons of mass destruction, and respond to human rights violations or other international concerns.
For financial institutions operating in Singapore, sanctions compliance requires understanding multiple sanctions regimes that may apply. Singapore enforces UN Security Council sanctions as a matter of international obligation, and MAS maintains additional sanctions lists. Financial institutions with operations or relationships involving the United States or European Union must also consider those jurisdictions' sanctions programs, which can have extraterritorial reach.
UN Security Council Sanctions
Binding on all UN member states including Singapore. These sanctions are implemented through Singapore law and are mandatory. They typically target countries, regimes, or situations that threaten international peace and security.
MAS Sanctions
Singapore-specific sanctions lists maintained by the Monetary Authority of Singapore. These may supplement UN sanctions or address specific Singapore concerns. All financial institutions operating in Singapore must comply.
OFAC Sanctions
US Office of Foreign Assets Control sanctions have broad extraterritorial application. They can apply to transactions involving US persons, US dollars, US financial institutions, or parties in the United States, even if the institution is not US-based.
EU Sanctions
European Union sanctions lists that may affect institutions with EU operations, dealings with EU persons or entities, or transactions involving the Euro. EU sanctions often parallel UN sanctions but may be broader in scope.
Prohibited Dealings
Understanding exactly what is prohibited under sanctions laws is crucial for compliance. Violations can occur inadvertently through lack of awareness, so all staff must understand these prohibitions clearly.
Making Funds Available to Designated Persons
It is prohibited to make funds or economic resources available, directly or indirectly, to individuals or entities on sanctions lists. This includes transferring money, opening accounts, processing payments, or providing credit facilities.
Dealing with Designated Funds
Financial institutions are prohibited from dealing with funds or economic resources belonging to, owned by, or controlled by designated persons. If such funds are identified, they must be frozen immediately and reported to authorities.
Providing Financial Services
Providing financial services to, or for the benefit of, designated persons or entities is prohibited. This includes payment processing, investment services, insurance, or any other financial services that could provide value.
Trade and Business Activities
Engaging in trade or business activities with sanctioned countries, entities, or individuals is prohibited. This can include importing or exporting goods, providing services, or facilitating such transactions.
Severe Consequences for Violations
Violations of sanctions laws are extremely serious and can result in criminal prosecution with penalties including imprisonment up to 10 years and unlimited fines. Both institutions and individuals can be held liable. Even inadvertent violations can result in significant penalties, making robust screening and compliance programs essential.
Screening Requirements
Financial institutions must implement comprehensive screening programs to identify parties on sanctions lists before establishing relationships or processing transactions. Screening must be thorough, timely, and well-documented. The consequences of processing a transaction involving a sanctioned party can be severe, making robust screening systems a critical compliance requirement.
Screening is not just a one-time check at onboarding. It must be conducted throughout the customer relationship and for every transaction. Sanctions lists are updated frequently as designations are added or removed, so regular re-screening is essential to ensure previously cleared parties have not been subsequently sanctioned.
01
Screen at Onboarding
Screen all customers and beneficial owners against relevant sanctions lists before establishing any business relationship. Never open an account or begin a relationship until screening is complete and clear.
02
Screen Transactions in Real-Time
Screen all transactions and parties involved in real-time or near real-time before processing. This includes originators, beneficiaries, and any intermediary parties identified in payment instructions.
03
Use Automated Tools
Utilize automated screening tools where possible to screen efficiently against multiple sanctions lists simultaneously. Manual screening alone is not sufficient given the volume of transactions and frequent list updates.
04
Regular List Updates
Ensure sanctions lists in your screening systems are updated regularly, ideally daily or in real-time. Sanctions lists change frequently, and using outdated lists creates serious compliance risks.
05
Document and Investigate
Document all screening decisions and results. When potential matches are identified, investigate immediately and thoroughly. Document why matches are either confirmed as true positives or cleared as false positives.
06
Escalate Matches Immediately
Escalate any confirmed or potential sanctions matches to compliance immediately. Do not process or allow transactions to proceed until compliance has reviewed and cleared the matter. Freeze assets if a true match is confirmed.
Proliferation Financing Risks
Proliferation financing refers to the provision of funds or financial services used for the manufacture, acquisition, possession, development, export, transhipment, brokering, transport, transfer, stockpiling, or use of nuclear, chemical, or biological weapons and their means of delivery, along with related materials.
Unlike typical money laundering where criminals seek to hide illicit funds, proliferation financing may involve apparently legitimate businesses and funds from legitimate sources. The challenge is identifying when funds or services are being used to support weapons programs that threaten international security.
Red Flags for Proliferation Financing
Dual-Use Goods
Transactions involving dual-use goods that could be used in weapons programs, such as specialized equipment, chemicals, technology, or materials with both civilian and military applications, especially when inconsistent with the customer's normal business
Weapons-Related Industries
Customers involved in industries related to weapons development, military equipment, scientific research that could support weapons programs, or aerospace and nuclear technology sectors
High-Risk Destinations
Shipments to or from countries of proliferation concern, particularly those subject to UN sanctions or identified by international bodies as having active weapons programs
Unusual Shipping
Complex or unusual shipping arrangements, circuitous routing, transshipments through multiple countries, falsified shipping documents, or concealment of ultimate destinations
Front Companies
Use of front companies, shell companies, or intermediaries to obscure the true parties involved in transactions, especially when combined with other proliferation risk factors
Correspondent Banking Risks
Correspondent banking relationships involve one bank providing services on behalf of another bank, often to facilitate cross-border payments and access to foreign markets. While essential for international banking, these relationships present heightened money laundering, terrorism financing, and sanctions evasion risks because the correspondent bank has limited visibility into the underlying customers and transactions of the respondent bank.
MAS requires enhanced due diligence for correspondent banking relationships because of these elevated risks. The correspondent bank must understand not only the respondent bank as an institution but also the adequacy of its AML/CFT controls, as the correspondent bank can be held accountable for facilitating illicit transactions flowing through its respondent banks.
1
Understand the Respondent Bank
Gather comprehensive information about the respondent bank's business model, customer base, geographic footprint, ownership structure, and reputation. Understand what services they offer and what types of customers they serve.
2
Assess AML/CFT Controls
Evaluate the quality and effectiveness of the respondent bank's AML/CFT controls, policies, and procedures. This should include reviewing their compliance program, transaction monitoring capabilities, and training programs.
3
Review Regulatory Standing
Determine if the respondent bank has been subject to regulatory enforcement actions, sanctions violations, money laundering investigations, or other compliance failures. Check with regulatory authorities and conduct adverse media searches.
4
Shell Bank Prohibition
Ensure the respondent bank does not permit payable-through accounts or other arrangements that would allow shell banks (banks with no physical presence in any country) to access the correspondent relationship.
5
Senior Management Approval
Obtain approval from senior management before establishing any new correspondent banking relationship. This ensures appropriate oversight and accountability for these high-risk relationships.
Module 5: Anti-Bribery and Corruption
Bribery and corruption undermine fair competition, distort markets, and facilitate other serious crimes. Singapore has some of the world's strictest anti-corruption laws, enforced vigorously by the Corrupt Practices Investigation Bureau (CPIB). Understanding your obligations under Singapore's anti-corruption framework is essential for all financial services professionals.
What Constitutes Bribery and Corruption?
Bribery is the act of offering, promising, giving, accepting, or soliciting an advantage as an inducement for an action which is illegal, unethical, or represents a breach of trust. Corruption is a broader term that encompasses bribery and other forms of abuse of entrusted power for private gain, including embezzlement, fraud, and extortion.
It's important to understand that bribery doesn't require large sums of money or explicit quid pro quo agreements. Even modest gifts or favors can constitute bribery if given with corrupt intent to influence a decision or action. The key issue is the purpose and context, not just the value.
An Advantage or Benefit
This can be anything of value: money, gifts, entertainment, preferential treatment, business opportunities, employment for family members, or any other benefit that provides value to the recipient
Inducement or Reward
The advantage is given or received as an inducement to do something or as a reward for having done something. There must be a connection between the benefit and some action or decision
Connection to Official Function
The action relates to the performance of a function, activity, or duty. This includes both public officials performing government functions and employees performing their duties to private employers
Corrupt Intent
The advantage is given or received with corrupt intent - meaning with the purpose of influencing the recipient to act improperly, abuse their position, or breach their duty to their employer or the public
Prevention of Corruption Act Overview
Singapore's Prevention of Corruption Act (PCA) is one of the most comprehensive anti-corruption laws in the world. It criminalizes corruption in both the public and private sectors, making no distinction between bribing government officials and bribing private sector employees. The Act has extraterritorial reach, meaning Singaporeans and Singapore entities can be prosecuted for corrupt acts committed anywhere in the world.
Key Offenses Under the PCA
Giving or receiving a bribe: Both the giver and receiver are equally guilty under the law. Attempting to give or receive a bribe is also an offense
Abetment of corruption: Facilitating, assisting, or encouraging corrupt activities is a criminal offense even if you don't directly give or receive bribes
Conspiracy to commit corruption: Agreeing with others to engage in corrupt activities is illegal, even if the corruption is never actually carried out
Severe Penalties
Standard penalties: Imprisonment up to 7 years and/or fine up to SGD 100,000
Enhanced penalties for public sector corruption: Imprisonment up to 7 years and fine up to SGD 100,000 for each charge
In addition to criminal penalties, convicted individuals may face:
Permanent criminal record
Disqualification from holding public office
Loss of professional licenses
Reputational damage affecting career prospects
Public vs Private Sector Bribery
While both public and private sector corruption are illegal under Singapore law, there are some important distinctions to understand. Public sector corruption is often viewed more seriously due to the public trust involved and potential impact on governance.
Gifts, Entertainment, and Hospitality Policies
One of the most common questions about anti-corruption compliance involves gifts, entertainment, and hospitality. Not all gifts and entertainment constitute bribery - legitimate business courtesies play an appropriate role in building relationships. However, organizations must have clear policies to distinguish between acceptable business courtesies and inappropriate inducements that could constitute bribery.
The distinction often comes down to value, timing, frequency, transparency, and intent. A modest gift given openly during a holiday season is very different from an expensive gift given secretly while negotiating a contract. Context matters enormously.
Acceptable Practices (Generally)
Modest Gifts
Gifts of nominal value given openly and transparently during culturally appropriate occasions such as holidays or traditional gift-giving periods
Business Meals
Reasonable business meals and entertainment that are proportionate to the business relationship and clearly related to legitimate business purposes
Promotional Items
Low-value promotional items bearing company logos distributed widely to customers and business partners as part of marketing activities
Conferences and Training
Attendance at legitimate business conferences, industry events, or training programs with clear business value
Unacceptable Practices
Cash or Equivalents
Cash, checks, gift cards, loans, or other cash equivalents are never appropriate as they are easily converted to personal benefit
Lavish Gifts/Entertainment
Expensive, lavish, or extravagant gifts or entertainment that go beyond reasonable business courtesies and could be seen as attempting to influence
Secret Gifts
Gifts or entertainment offered or received secretly, without disclosure to employers, or with intent to conceal from others
Quid Pro Quo
Anything given or received in connection with a specific business decision, contract negotiation, or with expectation of a particular action in return
Government Officials
Gifts to government officials are subject to much stricter rules and are often prohibited entirely, even if modest in value
Reasonable
The value must be proportionate to the business relationship and what would be considered normal business courtesy in the industry
Transparent
Given openly, properly disclosed to employers, and recorded in accordance with company policies. Never secret or concealed
Infrequent
Occasional rather than representing a pattern of providing benefits to the same person or organization
No Quid Pro Quo
Not contingent on specific actions, decisions, or outcomes. No expectation of anything in return beyond general business relationship
Conflicts of Interest
A conflict of interest arises when an individual's personal interests interfere, or could reasonably be perceived to interfere, with their professional duties and responsibilities to their employer. Even the appearance of a conflict can damage trust and create compliance risks. Conflicts of interest can create opportunities for corruption and must be identified, disclosed promptly, and managed appropriately.
The key to managing conflicts of interest is transparency and disclosure. Many conflicts can be managed effectively if disclosed and addressed properly. However, hidden conflicts that come to light later can result in serious consequences including termination of employment, loss of professional reputation, and even criminal liability in some circumstances.
Financial Interests
Owning shares, having investments, or maintaining financial interests in vendors, customers, competitors, or other parties with whom your organization does business or that could benefit from your professional decisions
Family/Personal Relationships
Family members or close personal relationships with employees of vendors, customers, competitors, or other business partners. This includes romantic relationships with colleagues in reporting lines
Outside Business Activities
Operating or participating in outside business activities, consulting arrangements, or other professional engagements that compete with your employer, use employer resources, or create divided loyalties
Receiving Benefits
Receiving gifts, entertainment, employment offers, or other benefits from parties your company does business with, especially when you have influence over business decisions affecting those parties
Managing Conflicts of Interest
01
Identify and Disclose Promptly
Identify all actual or potential conflicts early and disclose them promptly to your manager and compliance team. Don't wait until the conflict becomes problematic.
02
Recuse from Decision-Making
Remove yourself from decisions or transactions where you have a conflict. Don't participate in evaluations, approvals, or negotiations involving parties where conflicts exist.
03
Document Everything
Document the conflict, when it was disclosed, and how it is being managed. Keep records of recusals and alternative decision-makers assigned.
04
Seek Guidance
When in doubt, seek guidance from compliance or management. They can help you assess whether a conflict exists and determine appropriate management approaches.
Third-Party Due Diligence
Organizations can be held legally liable for corruption committed by third parties acting on their behalf or for their benefit. This includes agents, consultants, distributors, resellers, joint venture partners, and other intermediaries. The law recognizes that companies may use third parties to carry out bribery at arm's length to maintain deniability. Therefore, conducting thorough due diligence on third parties before engaging them and monitoring them throughout the relationship is essential.
Third-party corruption risk is particularly acute in certain situations: when operating in high-risk jurisdictions, when third parties interact with government officials on your behalf, when commission structures provide incentives for improper conduct, or when third parties have unclear ownership structures or poor compliance controls.
Risk Assessment
Assess the corruption risk profile of the third party based on their location, industry, proposed activities, interaction with government officials, and compensation structure. Higher-risk third parties require more intensive due diligence.
Verify Credentials
Verify the third party's credentials, reputation, business registration, ownership structure, and track record. Check for adverse media, sanctions listings, and past regulatory issues. Confirm they have legitimate business operations.
Review Compliance Program
Review their anti-corruption policies, procedures, and controls. Do they have a compliance program? Do they provide anti-corruption training to their employees? How do they manage corruption risks?
Contractual Protections
Include robust anti-corruption clauses in all contracts. These should include representations about compliance, obligations to maintain compliance programs, audit rights, and consequences for violations including termination rights.
Ongoing Monitoring
Monitor the third-party relationship throughout its duration. Conduct periodic reviews and re-screening. Review invoices and payments for unusual patterns. Respond to red flags promptly.
Reasonable Compensation
Ensure compensation is reasonable for services provided and properly documented. Excessive commissions or unusual payment structures may indicate corruption risk. Payments should be made to the third party's business account, never to individuals or in cash.
Facilitation Payments Prohibition
Facilitation payments, sometimes called "grease payments," are small bribes made to secure or expedite routine government actions that the payer is legally entitled to receive, such as processing visas, clearing customs, connecting utilities, or obtaining permits. While some foreign jurisdictions may have historically tolerated these payments under narrow circumstances, Singapore's Prevention of Corruption Act does not provide any exception for facilitation payments. They are illegal, regardless of the amount or the destination country.
Even if local practice in a foreign country suggests facilitation payments are normal or expected, Singapore law applies to Singaporeans and Singapore entities operating abroad. Making facilitation payments exposes both the company and individuals to criminal prosecution under Singapore law.
Absolute Prohibition
All facilitation payments are prohibited under Singapore law, with no exceptions. This applies regardless of:
The amount involved (even very small payments)
Local customs or practices in the foreign country
Whether the payment is to expedite something you're entitled to receive
Whether competitors are making such payments
Whether refusal to pay would result in delays or difficulties
If you are solicited for a facilitation payment, refuse politely, document the solicitation, and report it to your compliance team immediately. Consider reporting to local authorities if safe to do so.
Module 6: Suspicious Activity Reporting
When to File a Suspicious Transaction Report (STR)
Filing Suspicious Transaction Reports is a critical obligation for all financial institutions and their employees. An STR must be filed when you have reasonable grounds to suspect that a transaction or attempted transaction is related to money laundering or terrorism financing. The threshold is suspicion based on facts and circumstances, not certainty or proof.
You do not need to prove that money laundering occurred, nor do you need to investigate to gather definitive evidence. If the circumstances give you reasonable grounds to suspect criminal activity, that is sufficient to require reporting. It is the role of law enforcement, not financial institutions, to prove criminal activity occurred.
Transaction Inconsistencies
Transaction or pattern of transactions that is inconsistent with the customer's known business, profile, or stated purpose for the account. The activity doesn't make sense given what you know about the customer.
Unusual Patterns
Unusual transaction patterns or activity that deviates significantly from the customer's normal behavior or from typical patterns for similar customers in the same industry or circumstances.
Unsatisfactory Explanations
Customer is unable or unwilling to provide satisfactory explanations for transactions or activities when questioned. Their explanations are implausible, inconsistent, or don't make economic sense.
Known Red Flags
Transaction involves known red flags or matches typologies associated with money laundering or terrorism financing that you've learned about in training or from regulatory guidance.
Reliable Information
Information from reliable sources, including law enforcement, regulators, adverse media, or other credible sources suggesting the customer may be involved in criminal activity.
Remember the Key Principle
You are not required to prove money laundering occurred. If circumstances give you reasonable grounds to suspect it, report it. Better to report suspicions that turn out to be unfounded than to fail to report actual criminal activity. There is no penalty for reporting in good faith.
Reporting to STRO
The Suspicious Transaction Reporting Office (STRO) is the financial intelligence unit of Singapore, operating as part of the Commercial Affairs Department of the Singapore Police Force. All Suspicious Transaction Reports must be submitted to STRO, which analyzes the information, combines it with other intelligence, and refers potential cases to law enforcement for investigation.
STR Filing Requirements
File as soon as practicable after forming the suspicion. Don't delay once you've determined an STR is necessary. Timely reporting is critical.
Use the online SONAR system provided by STRO for all STR submissions. This secure system is the only authorized method for filing STRs in Singapore.
Provide complete and accurate information with as much detail as possible. Incomplete STRs reduce their value to investigators.
Include all relevant supporting documents such as account statements, transaction records, identification documents, and correspondence.
Maintain strict confidentiality about the fact that you have filed or will file an STR. Unauthorized disclosure is illegal.
Essential Information to Include
Customer identification details: Full name, identification numbers, date of birth, address, contact information, and any known aliases
Transaction details: Dates, amounts, account numbers, currencies, counterparties, and method of transaction
Reason for suspicion: Specific facts, circumstances, and observations that led to your suspicion. Be detailed and factual.
Related transactions or activities: Other transactions or patterns that provide context or support your suspicion
Steps taken: What steps you took to verify information or question the customer, and their responses
Tipping-Off Prohibitions
Tipping off is disclosing to any person information that is likely to prejudice an investigation of suspected money laundering or terrorism financing. This includes telling the customer that you have filed or intend to file an STR, discussing your suspicions with the customer, or making any statement or taking any action that might alert them that they are under suspicion or investigation.
Tipping off is a serious criminal offense under Singapore law, punishable by fine up to SGD 30,000 or imprisonment up to 3 years. The prohibition exists because alerting suspects allows them to move or hide assets, destroy evidence, or flee before law enforcement can act.
Do NOT
Tell the customer you have filed or will file an STR
Discuss your suspicions with the customer or ask leading questions that reveal your concerns
Disclose the STR or your suspicions to anyone not directly involved in the compliance reporting process
Make comments, facial expressions, or take actions that might alert the customer to an investigation
Delay or refuse transactions in ways that would obviously signal suspicion to the customer
You MAY
Discuss the matter confidentially with your supervisor, compliance officer, or Money Laundering Reporting Officer (MLRO)
Share information with STRO, other law enforcement, or regulators as required or permitted by law
Continue normal customer service without raising suspicion while awaiting guidance from compliance
Ask routine questions about transactions that would normally be asked of any customer
Follow instructions from law enforcement or your compliance team about how to handle the relationship
Internal Escalation Procedures
Knowing the proper internal escalation procedures ensures that suspicious activities are reported efficiently and handled by the appropriate personnel. Every financial institution should have clear procedures, and all employees must know them. Following proper procedures protects both you and the institution.
Step 1: Identify Suspicious Activity
Recognize red flags or unusual patterns in customer transactions, behavior, or documentation. Trust your instincts when something doesn't seem right, even if you can't immediately articulate why.
Step 2: Document Your Observations
Immediately record all relevant facts, dates, amounts, parties involved, and specific circumstances that raised your suspicions. Include what made you suspicious. Documentation should be detailed and factual.
Step 3: Report to Supervisor or Compliance
Escalate to your immediate supervisor or directly to the Money Laundering Reporting Officer (MLRO) or compliance team immediately. Don't delay. Time is critical in preventing criminal activity.
Step 4: Cooperate with Investigation
Provide any additional information if requested by compliance or law enforcement. Be available to answer questions. Do not discuss the matter with others outside the compliance process.
Step 5: Continue Professional Service
Maintain normal customer service to avoid tipping off while awaiting guidance from compliance. Act naturally and professionally. The compliance team will determine the appropriate next steps.
Real-World Singapore Case Studies
Learning from real-world cases helps us understand how financial crimes actually occur and the serious consequences of compliance failures. The following cases from Singapore demonstrate the importance of robust AML/CFT and anti-corruption controls. Each case offers valuable lessons for financial services professionals.
Case Study 1: 1MDB Scandal - Money Laundering
Background
The 1Malaysia Development Berhad (1MDB) scandal represents one of the largest money laundering cases in history, involving the misappropriation of billions of dollars from Malaysia's sovereign wealth fund. Singapore became a critical jurisdiction in the scandal as substantial funds were laundered through Singapore's banking system and financial institutions between 2009 and 2015.
What Happened
Approximately USD 4.5 billion was misappropriated from 1MDB through a complex scheme involving senior Malaysian officials and financiers. The funds were laundered through elaborate networks of shell companies, offshore accounts, and bank accounts in Singapore and other financial centers. Singapore banks processed hundreds of millions in suspicious transactions.
The laundered money was used to purchase ultra-luxury real estate in multiple countries, expensive artwork including pieces by Monet and Van Gogh, superyachts, private jets, and even to finance the Hollywood film "The Wolf of Wall Street." The scheme involved multiple layers of shell companies and nominee accounts designed to hide the true beneficial owners and source of funds.
Singapore's Response
MAS imposed penalties exceeding SGD 29 million on various financial institutions for AML control failures
BSI Bank, one of Switzerland's oldest private banks, had its license permanently revoked and was shut down in Singapore
Falcon Private Bank's merchant bank license was withdrawn for serious breaches
Multiple bank employees were prosecuted criminally and received prison sentences
Over SGD 1 billion in assets were seized or frozen in Singapore
Several other banks received warnings and were required to strengthen controls
Key Lessons
Enhanced due diligence is absolutely critical for PEPs and high-risk customers. Standard CDD is insufficient for high-risk relationships.
Complex corporate structures involving multiple jurisdictions and shell companies should trigger intensive scrutiny and source of funds verification.
Ongoing monitoring is essential to detect unusual transaction patterns. Large, frequent transactions inconsistent with the customer profile must be investigated.
Source of funds and source of wealth must be independently verified, not simply accepted based on customer statements.
Non-compliance has severe consequences including license revocation, institutional closure, and criminal prosecution of individuals.
Senior management must prioritize compliance and ensure adequate resources for AML programs.
Case Study 2: Keppel Offshore & Marine - Bribery and Corruption
Background
Keppel Offshore & Marine (KOM), a leading global offshore and marine engineering group and subsidiary of Keppel Corporation, was involved in a systematic bribery scheme to secure contracts from Petrobras, Brazil's state-owned oil company. This case demonstrates the extraterritorial reach of Singapore's anti-corruption laws and the severe consequences of corrupt practices.
What Happened
Between 2001 and 2014, KOM paid approximately USD 55 million in bribes to Brazilian officials at Petrobras through agents and intermediaries. These bribes were made to secure contracts for the construction of oil rigs and drillships worth billions of dollars, generating approximately USD 351 million in profits for KOM. The bribes were disguised as legitimate consulting fees and commission payments to agents who had little legitimate role to justify their compensation.
The scheme involved creating false documentation, using shell companies in tax havens, and making payments through complex channels designed to hide the corrupt nature of the transactions. Senior KOM executives were aware of or participated in the bribery scheme.
Consequences
KOM was convicted in 2017 and fined SGD 422 million, Singapore's largest criminal fine at that time
The company also paid penalties to US and Brazilian authorities, bringing total fines to over USD 422 million
Six former KOM employees were charged with corruption offenses
Some individuals received prison sentences up to 3.5 years
Significant reputational damage to Keppel Corporation and its subsidiaries
Required implementation of enhanced compliance programs under regulatory supervision
Impact on share price and business relationships
Key Lessons
Singapore's anti-corruption laws apply extraterritorially - corruption committed overseas by Singapore companies and individuals can be prosecuted in Singapore
Organizations are liable for bribes paid by third parties acting on their behalf, including agents and intermediaries
Robust third-party due diligence is essential, especially for agents and consultants who interact with government officials
Payments to agents must be properly documented, reasonable for services provided, and scrutinized for red flags
Strong tone from the top and genuine commitment to compliance culture are critical to preventing corruption
Compliance programs must be adequately resourced and have authority to challenge business decisions
The consequences of corruption extend far beyond fines to include individual criminal liability, imprisonment, and lasting reputational harm
Case Study 3: Standard Chartered Bank - Sanctions Violations
Background
Standard Chartered Bank, a major international bank with significant operations in Singapore, faced coordinated regulatory action from multiple jurisdictions including Singapore for processing transactions that violated United States sanctions against Iran and other countries. The case demonstrates the complexity of sanctions compliance in cross-border banking and the extraterritorial reach of US sanctions.
What Happened
Between 2007 and 2011, Standard Chartered processed thousands of transactions totaling hundreds of millions of dollars for Iranian clients in violation of US sanctions. The bank's compliance controls were inadequate to identify and block these transactions. In some cases, payment instructions were deliberately structured to avoid detection by US sanctions screening systems by removing references to Iranian parties.
The bank processed U-turn transactions (payments that entered and exited the US financial system for non-Iranian parties but involved underlying Iranian interests) and other sanctions-prohibited transactions. Internal emails showed that compliance concerns were overridden by business priorities, with one senior executive notoriously stating that the bank was prepared to accept sanctions risk for business reasons.
Consequences
MAS imposed a SGD 5.2 million penalty on Standard Chartered in Singapore in 2014
US authorities imposed coordinated fines totaling over USD 1 billion across multiple proceedings
UK Financial Conduct Authority also imposed penalties
Required to implement comprehensive sanctions compliance program enhancements
Appointment of independent monitor to oversee compliance improvements for multiple years
Significant reputational damage affecting the bank's standing with regulators and customers
Senior management changes and increased regulatory scrutiny
Key Lessons
Sanctions screening must be thorough, real-time, and cannot be compromised for business reasons
US sanctions can have extraterritorial application affecting non-US institutions, particularly when transactions involve US dollars or US financial institutions
Compliance programs must be adequately resourced with appropriate technology and staffing
Senior management must genuinely prioritize compliance over short-term profits. Compliance cannot be merely a "tick the box" exercise
Cross-border operations require heightened awareness of multiple sanctions regimes that may apply
Systems must be designed to prevent deliberate circumvention of controls
Regular testing and auditing of sanctions controls is essential
Compliance must have authority to escalate concerns and stop problematic business
Case Study 4: Wirecard Asia - Payment Processing & Due Diligence Failures
Background
Wirecard's Asian operations, headquartered in Singapore, were part of a global payment processing company that collapsed spectacularly in 2020 after revelations of massive accounting fraud. The Singapore entity processed payments for merchants globally, including some involved in illegal activities. The case highlights the importance of merchant due diligence in payment processing businesses.
What Happened
Wirecard Asia processed transactions for high-risk merchants including illegal online gambling sites, fraudulent websites, and money laundering schemes operating under the guise of legitimate e-commerce. The company had inadequate due diligence procedures for onboarding merchants and insufficient transaction monitoring to detect illicit activity patterns.
Internal controls were weak, with evidence suggesting deliberate concealment of the true nature of some merchant businesses and their activities. The Singapore entity generated substantial revenues from processing transactions for these problematic merchants, prioritizing business growth over compliance and due diligence. When the global Wirecard fraud was exposed, investigations revealed that the Asia operations had processed billions in questionable transactions.
MAS Actions and Consequences
MAS imposed significant restrictions on Wirecard's Singapore operations, limiting its ability to onboard new customers
Required enhanced compliance measures and increased reporting requirements
Ongoing investigations into potential regulatory breaches and inadequate AML controls
The Singapore entity's business was severely impacted, with major clients leaving
Investigations expanded to examine potential involvement of Singapore personnel in the global fraud
Case served as warning to payment service providers about merchant due diligence obligations
Key Lessons
Payment processors must conduct thorough merchant due diligence before onboarding and throughout the relationship
High-risk industries such as online gambling, adult entertainment, and cryptocurrency require enhanced scrutiny
Transaction monitoring systems must be effective, properly calibrated, and regularly tested
Unusual transaction patterns or volumes must trigger investigation and merchant review
Governance and oversight must be independent and robust, with checks and balances preventing business pressures from overriding compliance
Red flags in merchant behavior (such as use of shell companies, unclear business models, or inconsistent information) should never be ignored or rationalized
Regular audits of merchant portfolios are essential to identify problematic relationships
Module 7: Record Keeping & Documentation
Proper record keeping is fundamental to AML/CFT compliance. Records serve multiple critical purposes: they demonstrate compliance with regulatory requirements, provide evidence for investigations, support suspicious transaction reports, and enable institutions to learn from past activities. Inadequate record keeping can result in regulatory penalties even when underlying compliance activities were adequate.
MAS Record Keeping Requirements
MAS Notice 626 (for banks) and MAS Notice 824 (for capital markets intermediaries) impose comprehensive record keeping requirements on financial institutions. These requirements ensure that complete records are available for regulatory reviews, audits, and law enforcement investigations for an extended period after relationships end or transactions occur.
All records must be maintained in a form that allows them to be retrieved readily upon request by MAS or other authorities. This means records must be well-organized, properly indexed, and accessible within a reasonable timeframe. Simply keeping records is not enough - they must be retrievable when needed.
5
Minimum Retention Period (Years)
All records related to transactions, customer identification, account files, and AML/CFT compliance must be maintained for at least 5 years after the business relationship ends or after the date of the transaction for occasional transactions.
100%
Records to Maintain
Financial institutions must maintain all records related to customer relationships, transactions, due diligence, and compliance activities. This includes both original documents and the institution's analysis and decision-making records.
24/7
Accessibility
Records must be readily retrievable when requested by regulators or law enforcement. Systems should enable quick location and production of required records without excessive delay.
What Records to Maintain
Customer Due Diligence Records
Copies of all identification documents obtained during CDD process
Verification documents and sources used to verify information
Beneficial ownership information including ownership charts
Risk assessment documentation showing how customer risk was determined
All correspondence with customers regarding CDD information
PEP screening results and enhanced due diligence documentation
Periodic review documentation and updates to customer information
Transaction Records
Details of all transactions conducted for at least 5 years
Supporting documentation for transactions such as invoices, contracts
Originator and beneficiary information for wire transfers
Purpose of transactions and source of funds documentation
Records of account activity and statements
Documentation of unusual or complex transactions
Customer explanations for unusual activities
Internal Reports and Analysis
Suspicious Transaction Reports filed with STRO (retain copy)
Internal suspicious activity reports and escalations
Risk assessment results and methodologies
Transaction monitoring alerts and investigations
Audit and compliance review reports
Training records for all staff
Policy and procedure documents with version history
Document Retention Policies
Effective document retention requires more than simply storing records for the minimum period. Financial institutions must implement comprehensive retention policies that ensure records are preserved properly, remain accessible, and are protected from unauthorized access, alteration, or destruction.
Clear Written Policy
Implement a clear, comprehensive document retention policy that specifies what records must be kept, for how long, in what format, and who is responsible for retention compliance. The policy should cover all types of records generated by the institution.
Ready Retrieval
Ensure records are readily retrievable when needed by regulators, auditors, law enforcement, or internal investigators. This requires proper indexing, organization, and search capabilities. Records buried in archives that take weeks to locate are not compliant.
Integrity Preservation
Maintain records in a format that preserves their integrity and authenticity. This includes protection against tampering, alteration, or deletion. Electronic records should have appropriate security controls and audit trails.
Access Controls
Protect records from unauthorized access or disclosure while ensuring authorized personnel can access them when needed. Implement appropriate security controls, especially for sensitive customer information.
Data Protection Compliance
Comply with data protection requirements including Singapore's Personal Data Protection Act while meeting record keeping obligations. Balance retention requirements with data minimization principles.
Audit Trail Requirements
An audit trail is a chronological record that documents the sequence of activities or events related to specific operations, procedures, or transactions. Audit trails are essential for demonstrating compliance, investigating suspicious activities, responding to regulatory inquiries, and deterring internal misconduct.
Essential Elements of Effective Audit Trails
Who Did What
Track which individual or system performed each action. User identification should be unique and authenticated, not generic or shared accounts.
When Actions Occurred
Record precise timestamps for all activities using synchronized system clocks. Date and time must be accurate and in a consistent time zone.
What Was Done
Document specifically what action was taken, what data was accessed or modified, and what decisions were made.
Why It Was Done
Where applicable, record the reason or justification for the action, especially for significant decisions or deviations from normal procedures.
Audit Trail Best Practices
Complete and comprehensive: Capture all relevant activities without gaps. Incomplete audit trails undermine their purpose.
Accurate and reliable: Information must be factual and trustworthy. Inaccurate audit trails are worse than none at all.
Tamper-proof: Implement controls to prevent unauthorized alteration or deletion of audit trail records. Use write-once storage or similar protections.
Readily accessible: Audit trails must be easily accessible for review by authorized personnel, auditors, and regulators when needed.
Support investigations: Provide sufficient detail to support regulatory inquiries, internal investigations, and forensic analysis.
Regular review: Periodically review audit trails to identify unusual patterns, control weaknesses, or potential misconduct.
Module 8: Your Role & Responsibilities
While institutions have compliance departments and designated officers, every single employee plays a critical role in preventing financial crime. AML/CFT and anti-corruption compliance is not solely the responsibility of the compliance department - it is embedded in everyone's daily responsibilities. Your vigilance, knowledge, and actions are essential to protecting the institution and maintaining Singapore's reputation as a trusted financial center.
Individual Accountability
Each employee has personal accountability for compliance with AML/CFT and anti-corruption requirements. This accountability cannot be delegated or transferred to others. You are expected to understand the requirements applicable to your role, recognize red flags and suspicious activities, and take appropriate action. Your decisions and actions have consequences not just for the institution but for your own career and freedom.
Know and Follow Policies
Understand and comply with all AML/CFT and anti-corruption policies and procedures applicable to your role. If you don't understand something, ask. Ignorance is not a defense.
Complete Training
Complete all required training and stay updated on regulatory changes, new typologies, and evolving threats. Training is not just a box to check - it's essential knowledge for your role.
Perform Proper Due Diligence
Conduct thorough and appropriate due diligence on customers, transactions, and third parties according to their risk profile. Never cut corners or skip required steps.
Recognize and Report Red Flags
Be alert for red flags and suspicious activities in your daily work. Report concerns promptly through proper channels. You are the eyes and ears of the compliance program.
Maintain Accurate Records
Keep complete and accurate records of all activities, transactions, and compliance measures. Proper documentation is essential for demonstrating compliance.
Seek Guidance
When uncertain about requirements or how to handle a situation, seek guidance from your supervisor, compliance team, or other appropriate resources. Never guess.
Never Facilitate Crime
Never knowingly facilitate or participate in money laundering, terrorism financing, corruption, or other financial crimes. If asked to do something wrong, refuse and report it.
Speak-Up Culture and Whistleblowing
A strong speak-up culture is essential for effective compliance. This means creating an environment where employees feel comfortable and encouraged to report concerns, ask questions, and challenge decisions without fear of retaliation. Whistleblowing channels provide safe mechanisms to report suspected violations of laws, regulations, or company policies, including anonymous reporting where appropriate.
Research consistently shows that many major frauds and compliance failures could have been prevented if employees who had concerns had felt able to speak up earlier. Organizations with strong speak-up cultures identify and address problems before they escalate into crises.
When to Speak Up
Suspected financial crime: When you observe or suspect money laundering, terrorism financing, sanctions violations, or other financial crimes
Policy violations: When you witness violations of company policies, procedures, or regulatory requirements by colleagues or superiors
Asked to do something wrong: When you are asked or pressured to do something you believe is illegal, unethical, or against regulations
Conflicts of interest: When you become aware of undisclosed conflicts of interest affecting business decisions
Compliance concerns: When you have concerns about the adequacy or effectiveness of compliance controls
Retaliation: When you witness or experience retaliation against someone who reported concerns in good faith
Protection for Whistleblowers
Singapore law and company policies protect individuals who make disclosures in good faith:
No dismissal or demotion for reporting concerns through proper channels
Protection from harassment, discrimination, or hostile work environment
No adverse changes to employment terms or conditions
Confidentiality maintained where possible to protect reporter's identity
Anonymous reporting channels available for sensitive concerns
Senior management commitment to non-retaliation
Remember: Reporting in good faith is always protected, even if the concern turns out to be unfounded after investigation. Good faith means you genuinely believe there may be an issue based on reasonable grounds.
How to Report Concerns Internally
Knowing how and where to report concerns ensures that issues are brought to the attention of appropriate personnel who can investigate and take action. Most organizations provide multiple reporting channels to accommodate different comfort levels and circumstances.
Your Supervisor or Manager
Your immediate supervisor or manager is typically the first point of contact for most concerns. They should be accessible and receptive to compliance concerns.
Compliance Officer or MLRO
The compliance officer or Money Laundering Reporting Officer (MLRO) is responsible for AML/CFT compliance and should be contacted for compliance-related concerns, especially if supervisor escalation is not appropriate.
Ethics Hotline
Many organizations maintain dedicated ethics hotlines or whistleblower channels, often operated by third parties, that allow confidential or anonymous reporting of concerns.
Human Resources
HR can handle concerns about workplace conduct, retaliation, or situations where reporting through direct management chain is not comfortable.
Senior Management
For serious concerns or when other channels are not appropriate, senior management should be accessible to receive reports directly.
Key Principle: Reporting in Good Faith is Always Protected
You will not face retaliation, dismissal, harassment, or adverse consequences for raising genuine concerns through appropriate channels. Even if an investigation determines there was no violation, you are protected if you reported in good faith based on reasonable grounds for concern.
Protected Disclosures
Singapore law provides comprehensive protections for individuals who make protected disclosures in good faith. These protections recognize that whistleblowers play a vital role in detecting wrongdoing and should be encouraged, not penalized, for coming forward. Employers are explicitly prohibited from retaliating against employees who report suspected wrongdoing through proper channels.
What Protection Includes
No dismissal or demotion: You cannot be fired, demoted, or have your responsibilities reduced because you made a protected disclosure
No harassment or discrimination: You must be protected from harassment, bullying, ostracism, or discriminatory treatment by colleagues or management
No adverse changes to employment: Your compensation, benefits, work assignments, or other employment terms cannot be adversely affected
Confidentiality where possible: Your identity should be kept confidential to the extent possible during investigations, though complete anonymity may not always be feasible
Right to remedy: If retaliation occurs, you have the right to seek remedies including reinstatement, compensation, and other relief
What Qualifies as a Protected Disclosure
To qualify for protection, disclosures generally must:
Be made in good faith - meaning you genuinely believe based on reasonable grounds that there may be wrongdoing
Relate to suspected violations of law, regulations, or company policies
Be made through appropriate channels such as supervisors, compliance, ethics hotlines, regulators, or law enforcement
Not be made with malicious intent to harm someone without basis
Note: Even if an investigation determines no violation occurred, you are still protected if you had reasonable grounds for concern and reported in good faith.
Case Scenarios
Scenario 1: Unusual Cash Deposits
Situation
A customer who operates a small retail business has been banking with your institution for two years with normal activity. Suddenly, the customer begins making large cash deposits of SGD 18,000-19,000 every few days, just below the SGD 20,000 reporting threshold. Previously, the customer made deposits of SGD 5,000-8,000 once or twice per month. The deposits are significantly inconsistent with the customer's previous transaction patterns and stated business model. When you inquire about the increased deposits, the customer becomes defensive and provides vague explanations about "increased sales" but cannot provide documentation.
Analysis
This scenario presents multiple red flags:
Structuring: Deposits consistently just below the SGD 20,000 threshold suggest deliberate structuring (also called "smurfing") to avoid reporting requirements
Pattern change: Sudden, dramatic change from established transaction patterns without reasonable explanation
Inconsistency: Activity inconsistent with the customer's known business model and size
Defensive behavior: Customer's defensive reaction and inability to provide satisfactory documentation
Frequency: Regular, repeated pattern suggests systematic behavior rather than isolated circumstances
What Should You Do?
Immediate actions:
Document your observations in detail, including dates, amounts, and the customer's responses to your questions
Do not discuss your suspicions with the customer or make comments that would constitute tipping off
Escalate immediately to your supervisor or compliance officer/MLRO
Continue normal customer service to avoid alerting the customer while compliance reviews the situation
Expected outcome: A Suspicious Transaction Report should likely be filed with STRO. The compliance team will make this determination after reviewing your report and conducting their own analysis.
Scenario 2: Gift from Vendor
Situation
You work in procurement and have professional relationships with several vendors. One vendor you have worked with for over a year offers you two tickets to a sold-out concert by a popular international artist. The tickets have a market value of approximately SGD 800 (SGD 400 each). The vendor mentions this as "a thank you for your business and great working relationship." Your organization is currently in the process of evaluating contract renewals with this vendor, and you are part of the evaluation committee that will make recommendations to senior management. The vendor knows you are involved in this decision-making process.
Analysis
This scenario raises serious corruption and conflict of interest concerns:
Significant value: SGD 800 exceeds what would typically be considered a modest courtesy in most corporate policies
Timing: The gift is offered during an active contract renewal evaluation, creating appearance of attempting to influence your decision
Your role: You have direct influence over business decisions affecting this vendor
Quid pro quo concern: The gift could be perceived as inducement for favorable treatment in the contract renewal
Conflict of interest: Accepting creates a conflict between your personal interest (enjoying the concert) and your professional duty (objective evaluation)
What Should You Do?
Immediate actions:
Politely but firmly decline the gift, explaining that company policy prohibits accepting gifts of significant value, especially during business evaluations
Report the offer to your supervisor and compliance team immediately, even though you declined it
Document the conversation including when the offer was made, what was said, and that you declined
Consider whether you should recuse yourself from the vendor evaluation to avoid even the appearance of impropriety
Review your organization's specific gift and entertainment policy for guidance
Key principle: When in doubt, decline and report. The offer itself should be reported even if declined, as it may indicate the vendor's approach to business ethics and could affect their evaluation.
Scenario 3: PEP Identification
Situation
You are conducting routine annual screening of existing customers as part of your institution's ongoing monitoring program. During this review, you discover that a long-standing customer who has banked with your institution for five years has a spouse who was recently appointed as a senior government official (cabinet minister level) in another country in Southeast Asia. The customer is a successful businessperson who operates several companies in Singapore and the region. Your initial CDD when the customer was onboarded five years ago was appropriate for a standard commercial customer, and the account has been classified as normal risk. The account has been active with regular business-related transactions, and there have been no previous concerns.
Analysis
This scenario requires immediate action due to PEP classification:
PEP family member: The customer is now classified as a PEP family member due to their spouse's senior government position
Higher risk: PEPs present elevated money laundering and corruption risks due to their positions of power and influence
Enhanced due diligence required: MAS regulations mandate enhanced CDD for all PEP relationships
Previously normal risk: The risk classification must be reassessed and almost certainly elevated
Ongoing relationship: This is an existing relationship that must now be upgraded to PEP status with all associated controls
What Should You Do?
Immediate actions:
Escalate immediately to compliance team or MLRO - do not delay, as PEP identification triggers specific requirements
Update the customer's risk classification in your systems to reflect PEP family member status
Do NOT discuss the PEP status with the customer until compliance has determined the approach
Expected compliance actions:
The relationship will require senior management approval to continue
Enhanced due diligence will be conducted including establishing source of wealth (how the customer accumulated wealth) and source of funds (origin of funds in transactions)
The relationship will be subject to enhanced ongoing monitoring with increased transaction scrutiny
The account will be reviewed at least annually with senior management involvement
Additional documentation and verification may be required
Quick Reference Guide
Key Contacts
Maintain easy access to these critical contacts for reporting concerns, seeking guidance, or escalating suspicious activities. Time is often critical in financial crime prevention, so knowing who to contact immediately is essential.
Common Red Flags Checklist
Use this checklist as a quick reference when evaluating customers and transactions. The presence of one or more red flags should trigger additional scrutiny and potentially escalation to compliance.
Customer Behavior Red Flags
Reluctant to provide identification or complete required CDD documentation despite explanations of regulatory requirements
Provides false, inconsistent, or suspicious information that cannot be verified or changes frequently
Unusually concerned about compliance requirements, reporting thresholds, or record-keeping practices
Frequent changes to account details, beneficial owners, or corporate structures without reasonable explanation
Background inconsistent with apparent wealth or transaction volumes (e.g., modest occupation but very high balances)
Unnecessarily complex transaction structures or insistence on using shell companies without business rationale
Transaction Red Flags
Inconsistent with customer profile or stated purpose for account relationship
Structuring below reporting thresholds (e.g., multiple SGD 19,000 transactions)
Funds from or to high-risk jurisdictions with no apparent business connection
Large cash transactions inconsistent with customer's known business or industry norms
Complex transactions with no clear business purpose or economic rationale
Immediate transfer after deposit without clear reason, especially to unrelated third parties
Multiple parties with no apparent connection involved in single transaction
Round-dollar amounts or unusual patterns suggesting artificial activity
Escalation Flowchart
Follow this clear escalation process whenever you encounter suspicious activities or have compliance concerns. Each step is important and should not be skipped.
Step 1: Identify
Recognize red flags, unusual activities, or suspicious patterns in customer behavior, transactions, or documentation. Trust your instincts when something doesn't seem right.
Step 2: Document
Record all relevant facts, observations, dates, amounts, and specific circumstances immediately while details are fresh. Include exactly what made you suspicious.
Step 3: Report
Escalate immediately to your supervisor, compliance officer, or MLRO. Do not delay - time is critical in preventing criminal activity from progressing.
Step 4: Maintain Confidentiality
Do not discuss the matter with the customer, colleagues not involved in compliance, or anyone else. Avoid any action that could constitute tipping off.
Step 5: Continue Normal Service
Maintain professional, normal customer service while awaiting guidance from compliance team. Act naturally to avoid alerting the customer that they are under review.
High-Risk Jurisdictions (Examples)
Certain jurisdictions present heightened money laundering, terrorism financing, or sanctions risks. Transactions involving these jurisdictions require enhanced scrutiny. This list provides examples but is not exhaustive - always check current FATF lists and sanctions designations.
Sanctioned Countries
Countries subject to comprehensive international sanctions including North Korea, Iran, Syria, and others designated by UN Security Council or other sanctions authorities. Transactions involving these countries are typically prohibited.
FATF Grey and Black Lists
Financial Action Task Force (FATF) maintains lists of jurisdictions with strategic AML/CFT deficiencies. These countries may lack comprehensive AML/CFT laws, have weak enforcement, or fail to cooperate with international efforts. The "grey list" (increased monitoring) includes countries actively working to address deficiencies. The "black list" includes high-risk jurisdictions subject to enhanced due diligence.  
High Corruption Countries
Countries with high levels of corruption as measured by Transparency International's Corruption Perceptions Index and similar assessments. Transactions involving these jurisdictions, especially with government-related entities, require enhanced scrutiny.
Tax Havens and Secrecy Jurisdictions
Jurisdictions known for banking secrecy, minimal disclosure requirements, low or no taxation, and ease of establishing shell companies. While some have improved transparency, many continue to facilitate money laundering.
Conflict Zones
Countries experiencing armed conflict, civil war, or significant political instability where governance and financial controls are weak. These jurisdictions present elevated risks of terrorism financing and illicit fund flows.
Important: Risk assessments should consider current designations which change frequently. Check FATF lists, MAS notices, and sanctions lists regularly. Geographic risk alone does not make a customer or transaction suspicious - it is one factor to consider along with others.
CDD Thresholds and Requirements
Understanding when different levels of CDD are required subject to Organization's Risk Appetite and ensures compliance with MAS requirements. This table summarises key triggers and corresponding actions.
Useful Resources
These resources provide additional information, updates, and guidance on AML/CFT and anti-corruption compliance. Bookmark these sites and check them regularly for updates.
MAS Website
www.mas.gov.sg
The Monetary Authority of Singapore website contains comprehensive information on AML/CFT requirements, including MAS Notices, guidelines, FAQs, enforcement actions, and regulatory updates. Visit the AML/CFT section for specific guidance.
STRO Website
www.police.gov.sg - STRO
The Suspicious Transaction Reporting Office website provides information on STR filing requirements, access to the SONAR reporting system, guidance on what to report, and statistics on financial crime in Singapore.
CPIB Website
www.cpib.gov.sg
The Corrupt Practices Investigation Bureau website offers information on Singapore's anti-corruption laws, case studies, corruption prevention guidance, and channels for reporting corruption. Essential resource for understanding PCA requirements.
FATF Website
www.fatf-gafi.org
The Financial Action Task Force website provides international standards, guidance papers, typologies reports, mutual evaluation reports on countries' AML/CFT systems, and lists of high-risk jurisdictions requiring enhanced due diligence.
Training Complete
Thank you for completing this comprehensive AML/CFT and Anti-Bribery and Corruption training program. Your commitment to compliance helps protect our institution, our customers, and Singapore's reputation as a trusted financial center.
Remember: Compliance is everyone's responsibility. Stay vigilant, report concerns promptly, and never hesitate to seek guidance when uncertain. Your actions matter.
Complete Training
Download Certificate