As a result of the ACRA Amendment Act in 2014, Registered Filing Agents and Corporate Service Providers now have to conduct independent Anti-Money Laundering / Countering the Financing of Terrorism (AML/CFT) reviews as part of their annual audit reviews.
As part of the new framework, it is a requirement for service providers to develop and implement Internal Policies, Procedures and Controls (IPPC) to comply with Financial Action Task Force (FATF) recommendations for reducing money laundering and terrorism financing.
The amendment specifically affects the following entities in Singapore:
Service providers are required to complete the Self-Assessment Form before the ACRA-appointed reviewers conduct their onsite visit. The service provider should review the questions in the Self-Assessment Form, and ensure that if any of the responses is “Yes” to support it with the necessary documentation.
First and foremost, service providers should have adequate AML/CFT risk management Internal Policies, Procedures and Controls. Therefore, an internal policy document should be created with the appropriate AML/CFT Policy’s outlined.
This policy should cover the following areas:
ACRA has released an overview of the AML/CFT policy in the publication Guidelines for Registered Filing Agents.
What are the roles of the following positions in the company to actively prevent money laundering and terrorism financing? Establish a reporting structure for the following positions in the Singapore company:
The reporting structure should also include the key roles of:
These are key persons who are responsible for AML/CFT and they should be named in the reporting structure as well as mentioned in the AML/CFT policy.
Any high risk clients or otherwise that trade in a suspicious way should be reported to the Compliance Officer and escalated to Management if approval is required. The audit department of a service provider should be independent and adequately resourced, with the ability to assess the effectiveness of its procedures periodically.
We recommend service provider to perform an overall risk assessment of its clients. Corporate service providers can assess clients’ risks based on the type of customers, type of services provided, types of transactions that the client engages in or the countries or jurisdictions where the customers are from or in.
List all the risk categories that are relevant to you.
For each specific risk category, assign it a risk rating and a risk mitigation strategy.
Each risk category can simply be listed as:
Service providers should conduct more checks on any clients that fall in the high risk category to mitigate risks with enhanced due diligence procedures and these procedures should be documented.
Service Providers is an industry with a low number of suspicious transaction reports to the average number reported in Singapore per year.
Even if a service provider has not reported an STR before, they should still have proper escalating procedure logged in the AML Policy and can sign up for an account for Suspicious Transaction Report Online Lodging System.
The objective of the onsite visit is to show the inspectors as a company you have understood the instructions and are consciously acting with the AML procedures in mind.