KYC.IO

Global Regulations and Requirements for KYC Onboarding
(powered by KYC-Chain)

KYC to onboard domestic persons

nameaddressdate of birthsignature specimennationality

KYC to onboard international persons

addressnamedate of birthidentification numberresidential address nationality

National ID card name

NRIC, or colloquially IC (Singapore national ID card)

National ID Photo

back of national id photo back

Does the country have Esignature Laws?

Electronic Transactions Act in Singapore

E-sig law files

singapore.pdf

What year did the relevant AML laws and regulations become effective?

2015

Further details on AML regime

MAS 262 in 2015

Who is the regulator for AML controls for Banking

Monetary Authority of Singapore (“MAS”)

Link to site

http://www.mas.gov.sg/Regulations-and-Financial-Stability/Anti-Money-LaunderingCountering-The-Financing-Of-Terrorism-And-Targeted-Financial-Sanctions.aspx

Other financial Services

AML controls are regulated by the Monetary Authority of Singapore (“MAS”)

Website of Regulator

http://www.mas.gov.sg/Regulations-and-Financial-Stability/Anti-Money-LaunderingCountering-The-Financing-Of-Terrorism-And-Targeted-Financial-Sanctions.aspx

Financial Sector regulator

http://www.cra.gov.sg/cra/regulations.aspx/93 , http://www.cad.gov.sg/aml-cft/suspicious-transaction-reporting-office

Practical Guidance for AML

Practical guidance PDF's

notices-and-guidelines.aspx

Is there a requirement to verify the identity of customers retroactively?

YES

Retroactive details

Yes. Financial Institutions (“FIs”) are required to perform customer due diligence measures in relation to their existing customers before the introduction of the new AML regime according to regulatory requirements, based on their own assessment of materiality and risk, taking into account any previous measures applied, the time when the measures were last applied to such existing customers and the adequacy of data, documents or information obtained

Has the country been the subject of FATF mutal evaluation in the last 3 years?

yes

PDF of FATF review

Are there minimum transaction thresholds (Y/N)

Yes

More details on minimum transaction thresholds.

Customer due diligence is required. However the extent of due diligence performed may vary based on the risk. For example, in respect of simplified customer due diligence, the regulation states that a bank may perform such simplified customer due diligence measures as it considers adequate to effectively identify and verify the identity of the customer, a natural person appointed to act on the customer’s behalf and any beneficial owner, if it is satisfied that the risks of money laundering and terrorist financing are low (certain conditions apply).

What are the requirements for customer identification information for individuals

Requirement to identify and verify customers, natural persons appointed to act on a customer’s behalf and beneficial owners. This includes: a) identifying each natural person who acts or is appointed to act on behalf of the customer by obtaining at least the following information of such natural person: a. full name, including any aliases; b. unique identification number (such as an identity card number, birth certificate number or passport number); c. residential address; d. date of birth; and e. nationality. b) verifying the identity of each natural person using reliable, independent source data, documents or information. c) verifying the due authority of each natural person appointed to act on behalf of the customer by obtaining at least the following: a. the appropriate documentary evidence authorising the appointment of such natural person by the customer to act on his or its behalf; and b. the specimen signature of such natural person appointed. d) inquiring if there exists any beneficial owner in relation to a customer; e) where there is one or more beneficial owner in relation to a customer, identifying the beneficial owners and taking reasonable measures to verify the identities of the beneficial owners using the relevant information or data obtained from reliable, independent sources; and f) retaining copies of all reference documents used to verify the identity of these persons

Details to be Collected on Corporates

N/A

What are the high level requirements around beneficial ownership (identification and verification)?

There are requirements to take reasonable measures to enquire if any beneficial owner exists in relation to a customer. Where there is one or more beneficial owner(s) in relation to a customer, the FI needs to take reasonable measures to obtain information sufficient to identify and verify the identities of the beneficial owner(s), by identifying the beneficial owners and taking reasonable measures to verify the identities of the beneficial owners using the relevant information or data obtained from reliable, independent sources. The FI shall: a) for customers that are legal persons: a. identify the natural persons (whether acting alone or together) who ultimately own the legal person; b. to the extent that there is doubt under subparagraph (i) as to whether the natural persons who ultimately own the legal person are the beneficial owners or where no natural persons ultimately own the legal person, identify the natural persons (if any) who ultimately control the legal person or have ultimate effective control of the legal person; and c. where no natural persons are identified under subparagraph (i) or (ii), identify the natural persons having executive authority in the legal person, or in equivalent or similar positions; b) for customers that are legal arrangements: a. for trusts, identify the settlors, the trustees, the protector (if any), the beneficiaries (including every beneficiary that falls within a designated characteristic or class), and any natural person exercising ultimate ownership, ultimate control or ultimate effective control over the trust (including through a chain of control or ownership); and b. for other types of legal arrangements, identify persons in equivalent or similar positions, as those described under subparagraph a. Where the customer is not a natural person, the FI shall understand the nature of the customer’s business and its ownership and control structure.

What circumstances are enhanced customer due diligence measures required?

Enhanced customer due diligence measures are required to be taken in situations such as: a) when dealing with PEPs; b) when dealing with types of customers, business relations or transactions the FI assesses to present a higher risk for money laundering and terrorist financing; and c) when dealing with business relations and transactions with any person originating from or based in countries and jurisdictions known to have inadequate AML/CFT measures, or in a country or jurisdiction in relation to which the FATF has called for countermeasures.

How should FI's deal with Politically exposed persons

A bank may adopt a risk-based approach in determining whether to perform enhanced CDD measures or the extent of enhanced CDD measures to be performed for: a) domestic politically exposed persons, their family members and close associates; b) international organisation politically exposed persons, their family members and close associates; or c) politically exposed persons who have stepped down from their prominent public functions, taking into consideration the level of influence such persons may continue to exercise after stepping down from their prominent public functions, their family members and close associates. Except in cases where their business relations or transactions with the bank present a higher risk for money laundering or terrorism financing.

What enhanced due diligence must be performed for correspondent banking relationships?

Generally, a bank shall satisfy itself of the money laundering risks and perform the following, in addition to CDD measures, when providing correspondent banking or other similar services: a) assess the suitability of the respondent FI by taking the following steps; a. gather adequate information about the respondent FI to understand fully the nature of the respondent FI’s business, including making appropriate inquiries on its management, its major business activities and the countries or jurisdictions in which it operates; b. determine from any available sources the reputation of the respondent FI and the quality of supervision over the respondent FI, including whether it has been the subject of money laundering or terrorism financing investigation or regulatory action; and c. assess the respondent FI’s AML/CFT controls and ascertain that they are adequate and effective, having regard to the AML/CFT measures of the country or jurisdiction in which the respondent FI operates; b) clearly understand and document the respective AML/CFT responsibilities of each FI; and c) obtain approval from the bank’s senior management before providing correspondent banking or similar services to a new FI.

Are relationships with banks who might be considered a 'shell' and without substance permitted?

It is prohibited to enter into or continue correspondent banking relations with a shell bank.

In what circumstances is additional due diligence required for non face-to-face transactions and/or relationships?

Where there is no face-to-face contact, the FI is required to carry out customer due diligence measures that are as stringent as those that would be required to be performed if there were face-to-face contact

To whom are SAR's made? (suspicious activity reports)

Suspicious Transaction Reports (“STRs”) are reported to the Suspicious Transactions Reporting Office (“STRO”) of the Commercial Affairs Department of Singapore (http://www.cad.gov.sg/amlcft/suspicious-transaction-reporting-office),

Link to website of SAR reporting

http://www.cad.gov.sg/amlcft/suspicious-transaction-reporting-office

Other Suspicious or unusual transactions obligations.

Reports to the STRO must be made if there is any suspicion of money laundering or terrorist financing. A FI should consider if the circumstances are suspicious so as to warrant the filing of an STR and document the basis for its determination, including where: a) the FI is for any reason unable to complete customer due diligence measures as required by regulations; or b) the customer is reluctant, unable or unwilling to provide any information requested by the FI, decides to withdraw a pending application to establish business relations or a pending transaction, or to terminate existing business relations.

Are there any de-minimis thresholds below which transactions do not need to be reported?

There is "no" de-minimis threshold. The emphasis is on the suspicious nature of the transaction rather than the quantum.

Are there any penalties for non compliance with reporting requirements e.g. tipping off?

"Yes". Under Section 39 of the Corruption, Drug Trafficking and other Serious Crimes (Confiscation of Benefits) Act (Cap. 65) (“CDSA”), it is mandatory for any person to lodge an STR as soon as is reasonably practicable if he knows or has reason to suspect that any property may be connected to a criminal activity. The failure to do so may constitute a criminal offence, and is liable on conviction to a fine not exceeding SGD20,000 (approx. USD13,870). Under Section 48 of the CDSA, tipping-off is a criminal offence punishable by on conviction to a fine not exceeding SGD30,000 (approx. USD20,800) or to imprisonment for a term not exceeding three years or to both.

Are there any requirements (legal or regulatory) to use automated Suspicious Transaction monitoring technology?

Is there a requirement to obtain authority to proceed with a current/ongoing transaction that is identified as suspicious?

Yes. Under the Terrorism (Suppression of Financing) Act (Chapter 325), every person who provides financial services, knowing or having reasonable grounds to believe that they will be used, for the purpose of facilitating or carrying out any terrorist act, or for benefiting any person who is facilitating or carrying out such activity, shall be guilty of an offence. FIs may apply to the Minister for an exemption, subject to various conditions being met.

Does the local legislation allow transactions to be monitored outside the jurisdiction?

Yes but subject to compliance with conditions and restrictions.

Is there a legal requirement for a bank’s external auditor/other external organisation to report on the bank’s AML systems and controls?

No. However, banks are required to maintain an audit function that is adequately resourced and independent, and that is able to regularly assess the effectiveness of the bank’s internal policies, procedures and controls, and its compliance with regulatory requirements. A bank’s AML/CFT framework should be subject to periodic audits (including sample testing). Such audits should be performed not just on individual business functions but also on a bank-wide basis. Auditors should assess the effectiveness of measures taken to prevent ML/TF. The frequency and extent of the audit should be commensurate with the ML/TF risks presented and the size and complexity of the bank’s business.

If an external report on the bank’s AML systems and controls is required: a) how frequently must the report be provided?

No specific requirement.

To whom should the report on AML systems be submitted?

No specific requirement.

Is an AML system part of the financial statement audit?

No specific requirement.

What are the requirements for the content of this external report on a bank’s AML systems and controls? Does it require: a) sample testing of KYC files? b) sample testing of SAR reports? c) examination of risk assessments?

No specific requirement.

Data Protection Laws And Personal Data

data protection laws were introduced in 2012 under the Personal Data Protection Act (“PDPA”). The PDPA protects “personal data” in relation to individuals. As such, personal data would cover

Data Protection for Corporate Data

All customer data, including corporate data, are subject to banking secrecy laws and regulations;

Data protection for "sensitive Data" and additional protections.

however, our AML laws on suspicious reporting to the designated authority overrides secrecy provisions under PDPA and banking secrecy laws.

Do any restrictions on the transfer of credit reports exist?

There are banking confidentiality provisions under MAS requirements which protect customers’ information. Customers’ information may only be disclosed to specified parties under certain conditions. For example, to auditors in their annual audit of the bank, and under Singapore’s Exchange of Information framework with its tax agreement partners etc.

Regulator Acronym

MAS

Year of last FATF mutual evaluation

2013, 2011

Verification of docs (domestic individual)

LawyerNotary PublicCPA

Field 67

DD must be as stringent

National ID card details

It is compulsory for all citizens and permanent residents to apply for the NRIC from age 15 onwards, and to re-register their cards for a replacement at age 30.

Compulsory?

National ID source

http://www.perthmintbullion.com/How-To-Trade/Customer-Identification-Documents/Singapore.aspx

Passport Photo

Is there a risk based approach

Legal Requirement

Regulator allows for monitoring transactions outside jurisdiction

Requirement to proceed

Yes

requirement to use automated suspicious transaction tools

Who are SARS made to?

STRO

shell banks

Yes

EDD for correspondent banking

Yes

Personal Data protection

Personal Data Protection Act

http://statutes.agc.gov.sg/aol/search/display/view.w3p;page=0;query=DocId%3Aea8b8b45-51b8-48cf-83bf-81d01478e50b%20Depth%3A0%20Status%3Ainforce;rec=0

key restrictions

The law excludes wills, negotiable instruments, powers of attorney and some real estate transactions.

Summary

Section 8 states that one can meet the legal requirement for a handwritten signature by using an electronic signature or communication. Summary of law Singapore is considered a two-tier jurisdiction because it gives digital signatures the same status as handwritten signatures but also recognizes simple electronic signatures as legal and enforceable. Countries that follow this model give companies the opportunity to select different forms of signatures and customize their business processes based on the form that is most convenient and appropriate for each use case. Under the law, the signature method used must be either “(i) as reliable as appropriate for the purpose for which the electronic record was generated or communicated, or (ii) proven in fact to have identified the signatory and to indicate signatory’s intention with respect to the information by itself or together with further evidence.”

Are e-signatures acceptable

If the AML laws and/or regulations became effective in the last 2 years, what were the requirements of the previous AML regime?

N/A

Non financial sector (e.g. casinos, high value goods etc.)

AML is regulated by the Casino Regulatory Authority for casinos, and generally, by the Commercial Affairs Department of Singapore.

Does the country have a risk based approach?

Yes. FIs are required to conduct an enterprise wide risk assessment to identify, assess and understand, their money laundering and terrorism financing risks in relation to a) their customers; b) the countries or jurisdictions its customers are from or in; c) the countries or jurisdictions the FI has operations in; and d) the products, services, transactions and delivery channels of the FI. FIs are also required to: a) document their risk assessments; b) consider all the relevant risk factors before determining the level of overall risk and the appropriate type and extent of mitigation to be applied; c) keep their risk assessments up-to-date; and d) have appropriate mechanisms to provide its risk assessment information to the Authority. Additionally, FIs are required to: a) develop and implement policies, procedures and controls, which are approved by senior management, to enable the FI to effectively manage and mitigate the risks that have been identified by the FI or notified to it by the Authority or other relevant authorities in Singapore; b) monitor the implementation of those policies, procedures and controls, and enhance them if necessary; c) perform enhanced measures where higher risks are identified, to effectively manage and mitigate those higher risks; and d) ensure that the performance of measures or enhanced measures to effectively manage and mitigate the identified risks address the risk assessment and guidance from the Authority or other relevant authorities in Singapore.

Where copies of identification documentation are provided, what are the requirements around independent verification or authentication?

Where the customer is unable to produce an original document, FIs may consider accepting a copy of the document: a) that is certified to be a true copy by a suitably qualified person (e.g. a notary public, a lawyer or certified public or professional accountant); or b) if a member of the FI’s staff independent of the customer relationship has confirmed that he has sighted the original document.

Is there case law, other constitutional law or any other laws or regulations that may impact upon the transfer of information to this jurisdiction?

Singapore’s legal system is based on the English common law system. Apart from referring to written laws, the Courts may refer to case law or decisions, including taking guidance from those of Commonwealth jurisdictions such as Australia and Canada.

List of case law, constitutional law or any other laws or regulations that may impact upon the transfer of information.

Yes. As stated above, there are banking confidentiality provisions under MAS requirements which protect customers’ information