Since the implementation of the ACRA (Amendment) Act in 2014, ACRA has engaged audit firms to conduct independent AML/CFT reviews for registered filing agents (RFAs) or corporate service providers (CSPs). Under the new AML/CFT framework, it is a requirement for CSPs to develop and implement internal policies, procedures and controls to comply with Financial Action Task Force (FATF) recommendations on combating of money laundering and terrorism financing.
So how can CSPs (or similarly in the same manner for professional firms, e.g. auditors, accountants, lawyers, etc.) prepare themselves for the AML/CFT review?
CSPs should take a closer look at and comply with the following regulations:
- Part II, First Schedule of the ACRA (Filing Agents and Qualified Individuals) Regulations, for the prevention of money laundering and financing of terrorism (download here).
- Guidelines for Registered Filing Agents (download here).
From these regulations, we summarise the key areas where a CSP should prepare for the AML/CFT review.
First and foremost, CSPs should have adequate anti money laundering and counter financing of terrorism risk management internal policies, procedures and controls. Hence, CSPs should establish a policy document which we called the AML/CFT Policy.
This policy should contain:
- Customer Due Diligence (CDD) measures and on-going monitoring
- making of suspicious transaction reports
- risk assessment and management
- audit of the internal policies, procedures and controls
- monitoring and management of compliance with, and the internal communication of, the internal policies, procedures and controls
- hiring and training of employees
ACRA is kind enough to give a sample AML/CFT policy in Annex A of the Guidelines for Registered Filing Agents. However, CSPs should not just use this per se but customise it according to its own existing procedures.
What are the roles and responsibilities of the sole proprietor/partners/board of directors and management in preventing money laundering and terrorism financing?
It is recommended that the CSP establish an organisational and reporting structure in relation to AML/CFT. The reporting structure should include a Compliance Officer, preferably also a Deputy Compliance Officer and an Internal Auditor. These are key persons who are responsible for AML/CFT and they should be named in the reporting structure as well as mentioned in the AML/CFT policy.
The role of the Compliance Officer is to keep management informed of compliance and risk management matters as and when they deal with customers that are seemingly suspicious. Any suspicious trade should be reported to the Compliance Officer and he or she will escalate to management if approval is required.
The audit function of a CSP should be independent and adequately resourced, and be able to assess the effectiveness of its internal policies, procedures and controls periodically.
We recommend CSPs perform an overall risk assessment of its clients. CSPs can assess clients’ risks based on the type of customers, type of services provided, types of transactions that the client engages in or the countries or jurisdictions where the customers are from or in.
- List down all the risk categories that are relevant to you. For example, (i) type of customer – money changers, (ii) type of service provided – acting as nominee director.
- For each specific risk category, give a risk rating to it. You may want to rate, for each risk category, simply as Low Risk, Medium Risk or High Risk. CSPs need to pay particular attention to those risk categories that they rate as High Risk because these risk categories will need to be mitigated with enhanced due diligence procedures and these procedures should be documented.
- For each risk category, produce a set of risk mitigation procedures.
Up until this stage, the CSPs should go through their client lists and classify their clients based on the risk categories defined. As ACRA requires all CSPs to conduct CDD on their high risk clients by 15 May 2015, it is recommended that CSPs complete the following for all the high risk clients:
- Ensure that CDD and Enhanced CDD forms are completed and signed by the customers.
- Ensure that copies of identification documents are available and verified.
- Perform screening on the customers to ensure that they are not blacklisted or Politically Exposed Persons (PEPs), relatives or close associates of PEPs. This can be done either by doing Google searches or searching vendor provided AML/CFT databases like SentroWeb-DJ. All search results must be retained as documentary proof.
Suspicious Transaction Reporting
Based on suspicious transactions reporting statistics from Commercial Affairs Department (CAD), CSPs is one of industries who has the least number of suspicious transaction report (“STR”) reported.
- If a CSP has not reported an STR before, it should at least know how to report one if such an occasion arise. CSPs should have proper escalating procedures being documented in the AML Policy. CSPs should sign up for an account for Suspicious Transaction Report Online Lodging System (“STROLLS”). You can visit STRO here to sign up for a STROLLS account.
- CSPs should also subscribed to AML/CFT and Targeted Financial Sanctions section of the Monetary Authority of Singapore (MAS) website, so as to receive alerts and updates on AML/CFT requirements and changes to the relevant lists of UN-designated individuals and entities. By subscribing to the website, the Company will stay abreast of other AML/CFT announcements, such as high risk jurisdictions identified by the Financial Action Task Force (FATF). You can visit MAS website here to subscribe.
Every business dreads the news that the auditors or regulators are coming. CSPs can manage the AML/CFT review process proactively and reduce surprises when they cover the major areas mentioned above. An important thing to do is also to train and brief your staff of all the policies and procedures before the inspectors arrive. The goal of the review is to understand what the inspectors want and to give them the assurance that you have done your best and what is required according to the regulations. The approach to the review is to be truthful. If there is any shortcomings, work out the remedial actions with the inspectors.