7 Things You Need to do to Comply with ACRA AML/CFT Requirements

Share...Share on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn1

With effect from 15 May 2015, ACRA has implemented an enhanced regulatory framework for corporate services providers (CSPs) to combat money laundering (ML) and the terrorism financing (TF). Under the enhanced regulatory framework, persons who wish to provide corporate services will need to register as Filing Agents (FAs) or Qualified Individuals (Qis). The new framework seeks to ensure that CSPs which help to setup companies conduct the required due diligence checks and have robust policies, procedures and controls in place to prevent abuse of such companies for criminal or other illegitimate purposes.

How can you as a corporate service provider comply with the new ACRA regulatory requirements?

You need to:

1.  Establish AML Policy

  • Establish appropriate policies, procedures and controls in the form of an anti-money laundering (AML) policy. The AML policy should contain sections including a policy statement, senior management oversight, risk assessment of customers, customer due diligence (CDD) procedures, enhanced CDD procedures, record keeping, on-going monitoring of customers, reporting of suspicious transactions, audit and compliance, and hiring and training of staff.

2.  Establish Customer Due Diligence Procedures

  • Establish customer due diligence and enhanced due diligence procedures and train the staff on the new procedures. CDD entails identifying customers and verifying their identities on the basis of documents, data or information obtained from reliable and independent sources. This is best done in filling up CDD forms. These forms need to be created if not already available. Screening of customers against sanctioned lists and politically exposed persons (PEPs) is required. Signing up for MAS website alerts on AML/CFT and Targeted Financial Sanctions is almost mandatory and subscription to a comprehensive blacklist and PEP search database is recommended.

3.  Perform Risk Assessment

  • Perform a risk assessment of your customers as soon as practicable and document it. You need to identify and assess the ML/TF risks in relation to your customers, the countries or territories where your customers are from, and the services they provide, and ensuring that controls commensurate with the level of risk.

4.  Conduct On-going Monitoring

  • Conduct on-going monitoring of your business relationship with your customers based on the level of risk. CSPs need to scrutinise transactions undertaken through the course of the relationship to ensure consistency of transactions with the customer’s business and risk profile, keep CDD information up-to-date, review every business relationship based on risk assessment and take appropriate after-action review.

5.  Sign up STROLLS

  • Know how to file a suspicious transaction report (STR). If you have not done this before, you will need to at least know how to do it. Filing an STR is best done through the Suspicious Transaction Report Online Lodging System or STROLLS. STROLLS is an online e-service setup by the Commercial Affairs Department. You should sign up for a STROLLs account by email to STRO@spf.gov.sg.

6.  Appoint a Compliance Officer and Internal Auditor

  • Appoint a Compliance Officer and Internal Auditor. A Compliance Officer should be a person in the senior management and is the authority for AML/CFT related matters like approving the on-boarding of a high-risk customer and lodging of an STR. It is also recommended that you also appoint a deputy Compliance Officer. An Internal Auditor is one who will regularly review and assess the effectiveness of the internal policies, procedures and controls and its compliance. This person should not be the Compliance Officer or deputy Compliance Officer for the sake of independence.

7.  Train your Staff

  • Train your staff. It is recommended that you train all new staff within 3 months of joining your company and subsequent to train them on an annual basis. You should setup a training record to document the dates and attendance of the training sessions. Training can be done internally and may cover topics like CDD procedures, AML/CFT policy (updates or highlight of changes), news and updates on prevailing techniques, methods and trends in ML/TF, etc.