This article first appeared in the Q2 2024 issue of the SID Directors Bulletin published by the Singapore Institute of Directors.

The board and senior management bear the collective responsibility of ensuring the establishment and maintenance of an effective risk framework within the organisation to address all kinds of risks, including money laundering and terrorism financing risks. This is even more pressing, as the government is taking decisive steps to ensure that Singapore does not become a safe haven for money launderers and terrorist financiers.


The islandwide anti-money laundering arrests in August 2023 were a wake-up call for many organisations. Almost a dozen suspects have since been charged with various offences, with billions of dollars’ worth of assets seized to date. According to news reports, the proceeds of crime are suspected to have come from criminal activities abroad, including illegal online gambling and unlicensed moneylending.

The scandal had raised questions on whether banks are strictly following the Singapore’s anti-money laundering rules. The Singapore authorities said in September 2023 that they are looking into whether the banks involved had taken reasonable steps to mitigate risks. Additionally, property agents, precious stones and metals dealers, and corporate service providers have also come under increased scrutiny to guard against money laundering risks.

In a separate case, a Singaporean holding directorship in 980 companies was sentenced to four weeks in jail and fined S$57,000 in December 2023 for failing to exercise his duties as a director and other related charges under the Companies Act. News reports noted that two of the companies became vehicles for money laundering.

Money laundering is a global issue and not unique to Singapore. 

What is money laundering and terrorism financing?

Money laundering is the process of legitimising funds derived from illicit activities. Criminals employ a three-stage approach, illustrated in “Three Stages of Money Laundering”, to obfuscate the origins of these funds. From its initial entry into the financial system, the funds undergo a complex web of transactions, designed to create distance from their criminal origins and to create the appearance of legitimacy. Subsequently, these “cleaned” funds are reintroduced into the financial system. The primary distinction between money laundering and terrorism financing lies in the origin of the funds. While money laundering involves the process of legitimising funds generated from illicit activities, terrorism financing can originate from lawful or unlawful activities. Funds for terrorism financing may come from legitimate sources with the intention of supporting or funding activities related to terrorism. 

Source: Q2 2024 issue of the SID Directors Bulletin published by the Singapore Institute of Directors

AML/CFT risk framework

With the growing prevalence of cross-border crime, governments worldwide are requiring companies to adopt stronger anti-money laundering (AML) and countering the financing of terrorism (CFT) measures.

A holistic AML/CFT risk framework for corporations responding to such regulations is set out in the next two pages. The framework comprises three key components: (1) governance and policy-related controls; (2) bedrock controls, designed to identify undesirable customers and detect/report suspicious activities by customers; and (3) controls aimed at enhancing and ensuring the overall effectiveness of the organisation’s AML/CFT measures.

Key components of an AML/CFT Risk Framework

Source: Q2 2024 issue of the SID Directors Bulletin published by the Singapore Institute of Directors

Boards and senior management should clearly communicate their risk appetite and an emphasis on AML/CFT as a priority throughout all three lines of defence. They must also ensure that these three lines of defence are appropriately staffed with qualified personnel.

  • The first line of defence consists of the business units, which are crucial for identifying, controlling, and assessing money laundering/terrorism financing risks. This is because they directly interact with customers
  • The second line encompasses AML/CFT compliance and support functions, such as operations and human resources, who should work collaboratively to ensure the ongoing effectiveness of AML/CFT controls. 
  • The third line constitutes internal audit, which provides an independent evaluation of the organisation’s AML/ CFT framework for compliance with regulatory requirements, as well as internal policies and procedures. 

Organisations must establish and implement an AML/ CFT policy along with operating procedures governing customer due diligence, screening and transaction monitoring. These policies and procedures serve to instruct and guide employees to ensure adherence to established policy standards. The AML/CFT policy and procedures should also align with and comply with relevant regulatory requirements. It will also need to be clearly articulated and communicated across the organisation.

The board of directors should have a clear understanding of their company’s AML/CTF risks. Hence, an enterprisewide risk assessment (EWRA) forms a proactive evaluation of an organisation’s inherent risks associated with its business activities, such as the products and services offered, distribution channels and the locations of customers. Although inherent risks cannot be eliminated, they can be mitigated through implementing controls.

An effective EWRA framework gauges an organisation’s inherent risks, evaluates the effectiveness of its mitigating controls, and determines the residual risks that persist despite control measures.

Before establishing business relations with a natural person, the organisation must identify and verify the individual’s identity. For legal persons, the organisation must identify and verify the identities of the ultimate beneficial owners and connected parties. Where the customer presents higher risks, the organisation should also understand the source of the customer’s wealth and funds.

Customer due diligence should not only be performed at onboarding. Rather, information should be updated for changes periodically at a frequency reflective of the customer’s risk rating. Boards should check with senior management on the onboarding process of new customer types with high-risk profiles. 

To understand risk factors associated with new customers, third-party vendors, or business partners, such as Politically Exposed Persons (PEPs), targeted financial sanctions and adverse information, the organisation should screen customers, ultimate beneficial owners and connected parties against lists provided by the Monetary Authority of Singapore. They should also perform Internet searches. 

In addition, screenings should be conducted during onboarding and at regular intervals thereafter, as there may be changes to a profile post-onboarding. For instance, there may be the emergence of adverse news or situations that involve an individual meeting the criteria as a PEP or being placed under financial sanctions. 

Organisations should monitor customer transactions for suspicious activities, and be aware of any red flags relevant to the nature of their business relations with customers. If transactions appear inconsistent with customers’ profiles, the organisation should seek clarification and assess the reasonableness of explanations provided by the customers. It is important to assess if monitoring thresholds have been statistically calibrated.

Existing legislations make it mandatory that everyone – including, but not limited to, landlords, property developers, financial institutions and corporate service providers – report suspicious transactions.

In cases where an organisation has established that the transactions undertaken by a customer are suspicious, it will need to promptly file a Suspicious Transaction Report (STR) with the Suspicious Transactions Reporting Office, which is part of the Commercial Affairs Department, within the stipulated timeline. An organisation should designate a Money Laundering Reporting Officer to oversee and facilitate the filing of STRs.

Additionally, it is worth highlighting that reporting cash transactions is mandatory for precious stones, precious metals dealers, and pawnbrokers in Singapore.

Regular training related to AML/ CFT will also be key. The board, senior management and other employees of the organisation should undergo training for AML/CFT compliance to ensure that they are updated on any changes in requirements, current regulatory expectations and emerging trends. Employees should also have access to tailored AML/CFT training in relation to their functional areas.

During the hiring of new employees, background checks, screening and bankruptcy searches should be performed. Companies should consider whether they have an employee due diligence programme that documents how employees and contractors will be screened and rescreened for money laundering/terrorism financing risks.

Singapore under scrutiny

As a financial hub, Singapore seeks to offer a pro-business environment, excellent infrastructure and international connectivity. The country also prides itself on its political and economic stability, robust rule of law and transparency. However, these same attributes that make Singapore appealing as a financial hub could also expose it to money laundering risks. This vulnerability is not unique to Singapore, as many major financial hubs are also susceptible to such illicit activities.

Singapore is an active member of the Financial Action Task Force (FATF), the global money laundering and terrorist financing watchdog that sets international standards to prevent money laundering and terrorist financing activities. The country has committed to implementing the FATF’s standards as part of a coordinated global response against organised crime, corruption and terrorism.

According to information on the FATF website, Singapore is potentially scheduled for its next mutual evaluation in August 2025. The results of the previous evaluation in 2016 revealed areas of partial compliance with FATF’s 40 recommendations, notably in customer due diligence and other measures for designated non-financial businesses and professions, as well as transparency and beneficial ownership of legal persons and legal arrangements. Singapore also underwent an assessment of the effectiveness of its AML/CFT regime in 11 areas. The assessment revealed a low level of effectiveness for the investigation and prosecution of terrorist financing and a moderate level of effectiveness for the investigation and prosecution of money laundering.

The FATF conducted a follow-up review in 2019 where Singapore successfully demonstrated improvements, which led to the reclassification of three out of the initial six areas assessed, from Partially Compliant to Largely Compliant or Compliant.

Mutual evaluations are crucial, as countries identified with strategic deficiencies in countering money laundering, terrorist financing, and financing of proliferation may face inclusion in the “black” or “grey” list. High-risk countries may also be subject to enhanced due diligence and countermeasures to safeguard the international financial system.

With global attention on AML/CFT compliance intensifying, the Singapore government has taken decisive steps in recent years to ensure that the country does not become a safe haven for money launderers and terrorist financiers.

For example, other than financial institutions, AML regulations are now in place for real estate agents and developers, precious metals and stones dealers, and corporate service providers. Going forward, this could potentially be expanded to other types of organisations. 

Implications for boards

The board and senior management are responsible for establishing and maintaining an effective risk framework within the organisation to address all kinds of risks, including money laundering and terrorism financing risks.

Against the backdrop of increasing focus on AML/ CFT by the authorities, it is crucial for boards and senior management of all organisations to understand the regulatory requirements and step up their efforts in evaluating and mitigating money laundering and terrorism financing risks within their organisations.

The box, “Pillars of Effectiveness”, shows the AML/ CFT focus areas that are aligned with the FATF’s methodology. 

  1. Governance by the board of directors and senior management involves setting the tone from the top and defining the risk appetite of the organisation. The board and senior management are responsible for establishing and maintaining an effective AML/CFT framework within the organisation.
  2. Fostering a risk culture where businesses are accountable for risk-taking activities is crucial. Compliance should be able to express opinions and perspectives that may not always align with commercial decisions while ensuring a balanced approach to risk management. 
  3. In addition, implementing AML/CFT policies and procedures is vital to effectively operationalising controls. The organisation must establish monitoring mechanisms to guarantee the continuous effectiveness of AML/CFT controls.

Source: Q2 2024 issue of the SID Directors Bulletin published by the Singapore Institute of Directors

Get in touch

Jason Tan

Partner, Forensic, Advisory
KPMG in Singapore


Connect with us

Related content