A financial adviser should establish policies for periodic AML/CFT internal audits covering areas such as:
1. The adequacy of the financial adviser’s AML/CFT policies, procedures, and controls in identifying ML/TF risks, addressing the identified risks, and complying with laws, regulations, and notices.
2. The effectiveness of the financial adviser’s employees, officers, and representatives in implementing the financial adviser’s policies, procedures and controls.
3. The effectiveness of the compliance oversight and quality control including parameters and criteria for transaction alerts.
4. The effectiveness of the financial adviser’s training of relevant employees, officers and representatives.

Legal Arrangements:
In relation to the definition of “legal arrangement” in the Notice, examples of legal arrangements are trust, fiducie, treuhand, and fideicomiso.

Legal Persons:
In relation to the definition of “legal person” in the Notice, examples of legal persons are companies, bodies corporate, foundations, anstalt, partnerships, joint ventures or associations.

A financial adviser should assess the effectiveness of its risk mitigation procedures and controls by monitoring the following:
1. The financial adviser’s ability to identify changes in a customer profile (e.g. Politically Exposed Persons status) and transactional behaviour observed in the course of its business.
2. The potential for abuse of new business initiatives, products, practices and services for ML/TF purposes.
3. The compliance arrangements (through its internal audit or quality assurance processes or external review).
4. The balance between the use of technology-based or automated solutions with that of manual or people-based processes, for AML/CFT risk management purposes.
5. The coordination between AML/CFT compliance and other functions of the financial adviser.
6. The adequacy of training provided to employees, officers and representatives, and awareness of the employees, officers and representatives on AML/CFT matters.
7. The process of management reporting and escalation of pertinent AML/CFT issues to the financial adviser’s senior management.
8. The coordination between the financial adviser and regulatory or law enforcement agencies.
9. The performance of third parties relied upon by the financial adviser to carry out CDD measures.

Documentation:
The documentation should include:
1. The enterprise-wide ML/TF risk assessment by the financial adviser.
2. Details of the implementation of the AML/CFT risk management systems and controls as guided by the enterprise-wide ML/TF risk assessment.
3. The reports to senior management on the results of the enterprise-wide ML/TF risk assessment and the implementation of the AML/CFT risk management systems and controls.
4. Details of the frequency of review of the enterprise-wide ML/TF risk assessment.

Examples of trigger events are when:
1. A significant transaction takes place.
2. A material change occurs in the way the customer’s business relations are managed.
3. The financial adviser’s policies, procedures, or standards relating to the documentation of CDD information change substantially.
4. The financial adviser becomes aware that it lacks sufficient information about the customer concerned.

In determining what would constitute a suspicious, complex, unusually large, or unusual pattern of transactions, a financial adviser should consider, amongst others, international typologies and information obtained from law enforcement and other authorities that may point to jurisdiction-specific considerations. As part of ongoing monitoring, a financial adviser should pay attention to transaction characteristics, such as:
1. The nature of a transaction (e.g. abnormal size or frequency for that customer or peer group).
2. Whether a series of transactions is conducted with the intent to avoid reporting thresholds.
3. The geographic destination or origin of a payment (e.g. to or from a higher risk country).
4. The parties concerned (e.g. a request to make a payment to or from a person on a sanctions list).

A financial adviser should note that applications and transactions undertaken across the internet may pose greater risks than other non-face-to-face business due to the following
factors:
1. The ease of unauthorized access to the facility, across time zones, and location.
2. The ease of making multiple fictitious applications without incurring the extra cost or the risk of detection.
3. The absence of physical documents.
4. The speed of electronic transactions.
that may, taken together, amplify the ML/TF risks.

Where verification of identity is performed without face-to-face contact (e.g. electronically), a financial adviser should apply additional checks to manage the risk of impersonation. The additional checks may consist of robust anti-fraud checks that the financial adviser routinely undertakes as part of its existing procedures, which may include:
1. Telephone contact with the customer at a residential or business number that can be verified independently.
2. Confirmation of the customer’s address through an exchange of correspondence or other appropriate method.
3. Subject to the customer’s consent, telephone confirmation of the customer’s employment status with his employer’s human resource department at a listed business number of the employer.
4. Confirmation of the customer’s salary details by requiring the presentation of recent bank statements, where applicable.
5. Provision of certified identification documents by lawyers or notaries public.
6. Requiring the customer to make an initial deposit into the account with the financial adviser from funds held by the customer in an account with a bank in Singapore.

Timing for Verification:
1. The completion of verification should not exceed 30 business days after the establishment of business relations.
2. The financial adviser should suspend business relations with the customer and refrain from carrying out further transactions (except to return funds to their sources, to the extent that this is possible) if such verification remains uncompleted 30 business days after the establishment of business relations.
3. The financial adviser should terminate business relations with the customer if such verification remains uncompleted 120 business days after the establishment of business relations.
4. The financial adviser should factor these time limitations in its policies, procedures and controls.

Examples of possible Simplified Customer Due Diligence(SCDD) measures include:
1. Reducing the frequency of updates of customer identification information.
2. Reducing the degree of ongoing monitoring and scrutiny of transactions, based on a reasonable monetary threshold.
3. Choosing another method to understand the purpose and intended nature of business relations by inferring this from the type of transactions or business relations to be established, instead of collecting information as to the purpose and intended nature of business relations.

Examples of potentially lower ML/TF risk situations of customer risk includes:
1. A Singapore Government entity.
2. Entities listed on a stock exchange and subject to regulatory disclosure requirements relating to adequate transparency in respect of beneficial owners.
3. An FI incorporated or established outside Singapore that is subject to and supervised for compliance with AML/CFT requirements consistent with standards set by the FATF.

Examples of potentially higher risk categories of customer risk includes:
1. Customers from higher-risk businesses/activities / sectors identified in Singapore’s NRA, as well as other higher-risk businesses/activities / sectors identified by the financial adviser.
2. The ownership structure of the legal person or arrangement appears unusual or excessively complex given the nature of the legal person’s or legal arrangement’s business.
3. Legal persons or legal arrangements that are personal asset holding vehicles.
4. The business relations are conducted under unusual circumstances (e.g. significant unexplained geographic distance between the financial adviser and the customer).
5. Companies that have nominee shareholders or shares in bearer form.
6. Cash-intensive businesses.

Politically exposed person:
Examples of appropriate and reasonable means of establishing a source of wealth are information and documents such as evidence of title, copies of trust deeds, audited accounts, salary details, tax returns, and bank statements.

For a higher-risk business which inherently presents higher ML/TF risks, a financial adviser should, regardless of the financial adviser’s internal risk classification of the customer, refer to the sound practices highlighted in the MAS Information Paper, “Guidance on Private Banking Controls”5. Such practices include ensuring that:
1. Information obtained on the source of wealth of the customers and beneficial owners should be independently corroborated against documentary evidence or public information sources.
2. Parties screened should include operating companies and individual benefactors contributing to the customer’s and beneficial owner’s wealth/funds.
3. The financial adviser conducts periodic reviews of such customers.
4. Where the financial adviser is aware of customers having a common beneficial owner or a customer having multiple accounts with the financial adviser, the financial adviser should scrutinize transactions of these customer accounts holistically to better identify suspicious, complex, unusually large or unusual patterns of transactions, and perform periodic reviews on a consolidated basis.

The financial adviser may take a variety of measures, where applicable, to satisfy the requirements in the third party reliance scenario including:
1. Referring to any independent and public assessment of the overall AML/CFT regime to which the third party is subject, such as the FATF’s or FSRBs’ Mutual Evaluation reports and the IMF / World Bank Financial Sector Assessment Programme Reports / Reports on the Observance of Standards and Codes.
2. Referring to any publicly available reports or material on the quality of that third party’s compliance with applicable AML/CFT rules.
3. Obtaining professional advice as to the extent of AML/CFT obligations to which the third party is subject to respect to the laws of the jurisdiction in which the third party operates.
4. Examining the AML/CFT laws in the jurisdiction where the third party operates and determining its comparability with the AML/CFT laws of Singapore.
5. Reviewing the policies and procedures of the third party.

Suspicious Transactions Reporting:
A financial adviser should ensure that the internal process for evaluating whether a matter should be referred to the Suspicious Transaction Reporting Office (“STRO”) via an STR is completed without delay and should not exceed 15 business days of the case being referred by the relevant employee, representative or officer, unless the circumstances are exceptional or extraordinary. A financial adviser should note that an STR filed with STRO would also meet the reporting obligations under the TSOFA.

Group Policy:
Examples of the types of information that should be shared within the financial group for risk management purposes are positive name matches arising from screening performed against ML/TF information sources, a list of customers who have been exited by the financial adviser, its branches and subsidiaries based on suspicion of ML/TF and names of parties on whom STRs have been filed. Such information should be shared by a branch or subsidiary of a financial adviser incorporated in Singapore with the financial adviser’s group level compliance, audit, and AML/CFT functions (whether in or outside Singapore), for risk management purposes.

The responsibilities of the AML/CFT compliance officer should include:
1. Carrying out, or overseeing the carrying out of, ongoing monitoring of business relations and a sample review of accounts for compliance with the Notice and these Guidelines.
2. Promoting compliance with the Notice and these Guidelines, as well as MAS Regulations issued under Section 27A of the MAS Act, and taking overall charge of all AML/CFT matters within the organization.
3. Informing employees, officers, and representatives promptly of regulatory changes.
4. Ensuring a speedy and appropriate reaction to any matter in which ML/TF is suspected.
5. Reporting, or overseeing the reporting of, suspicious transactions.
6. Advising and training employees, officers, and representatives on developing and implementing internal policies, procedures, and controls on AML/CFT.
7. Reporting to senior management on the outcome of reviews of the financial adviser’s compliance with the Notice and these Guidelines, as well as MAS Regulations issued under Section 27A of the MAS Act and risk assessment procedures.
8. Reporting regularly on key AML/CFT risk management and control issues, and any necessary remedial actions, arising from audit, inspection, and compliance reviews, to the financial adviser’s senior management, and in the case of locally incorporated financial advisers, to the board of directors, at least annually and as and when needed.

Employee and Representative Hiring:
The screening procedures applied when a financial adviser in Singapore hires employees and appoints representatives and officers should include:
1. Background checks with past employers.
2. Screening against ML/TF information sources.
3. Bankruptcy searches.

Potential Indicators of Proliferation Financing:
A financial adviser should develop indicators that would alert it to customers and transactions (actual or proposed) that are possibly associated with proliferation financing-related activities, including indicators such as whether:
1. The customer is vague and resistant to provide additional information when asked.
2. The customer’s activity does not match its business profile or the end user information does not match the end-user’s business profile.
3. The transaction involves designated persons.
4. The transaction involves higher risk countries or jurisdictions which are known to be involved in the proliferation of weapons of mass destruction or proliferation financing activities.
5. The transaction involves other FIs with known deficiencies in AML/CFT controls or controls for combating proliferation financing.
6. The transaction involves possible shell companies (e.g. companies that do not have a high level of capitalization or display other shell company indicators).

Examples of CDD Information for Clubs, Societies and Charities:
1. Full name of the entity.
2. Business address or principal place of business.
3. Information about the purpose and intended nature of business relations with the financial adviser.
4. Information about the nature of the entity’s activities and objectives.
5. Names of all trustees (or equivalent), names of all natural persons who act on behalf of the entity.
6. Names of all connected parties.
7. Names of all beneficial owners.
8. Information about the source of funds.
9. A report of the financial adviser’s visit to the customer’s place of business, where the financial adviser assesses it as necessary.
10. Ownership and control structure.
11. Constitutional document.
12. Certificate of registration.
13. Committee/Board resolution authorizing the opening of the customer’s account with the financial adviser.
14. Records in a relevant and independent registry in the country of establishment.

Transactions Which Do Not Make Economic Sense:
1. Transactions that cannot be reconciled with the usual activities of the customer, for example, switching from investing predominantly in blue-chip stocks to penny stocks.
2. A customer relationship with the financial adviser where the customer carries out frequent large transactions that are beyond the customer’s apparent financial means (for example, customer requests for a single premium contract with a large sum assured).
3. Transactions where nature, size, or frequency appears unusual, for example, a sudden request for a significant purchase of a lump sum contract from an existing customer whose current contracts are small and of regular payment only.
4. Transactions in which funds are received by way of a third party cheque, especially where there is no apparent connection between the third party and the customer.
5. Transactions which, without plausible reason, result in the intensive use of what was previously a relatively inactive account.
6. Request by a customer for financial advisory services where the source of funds is unclear or not consistent with the customer’s apparent standing.

Transactions Involving Large Amounts of Cash:
Payments made via large amounts of cash. A guideline to what constitutes a large or substantial cash amount would be a cash amount exceeding S$20,000 (or its equivalent in any currency).

Transactions Involving Accounts of the Customer with the Financial Advisers:
1. Paying in large third party cheques endorsed in favour of the customer in settlement for investment services rendered, or for other financial services provided.
2. Substantial increases in deposits of cash or negotiable instruments by a professional firm or company, using customer accounts or in-house company or trust accounts, especially if the deposits are promptly transferred between other customer company and trust accounts.
3. An account operated in the name of an offshore company with the structured movement of funds.
4. Transfers of funds from various third parties into an account, which is inconsistent with the nature of the customer’s business.

Transactions Involving Unidentified Parties:
1. A customer, who is a natural person, for whom verification of identity proves unusually difficult and who is reluctant to provide details.
2. A customer, which is a corporation, where there are difficulties and delays in obtaining copies of the financial accounts or other documents of incorporation.
3. Assignment of a policy to unidentified third parties and for which no plausible reasons could be ascertained.
4. A number of policies taken out by the same customer for low premiums, each purchased with cash and then cancelled with the return of premiums to a third party.

Tax Crimes Related Transactions:
1. Negative tax-related reports from the media or credible information sources.
2. Unconvincing or unclear purpose or motivation for having accounts opened in Singapore.
3. Reinvestment of funds back into the original country or jurisdiction after being transferred to another country or jurisdiction, often a tax haven with a poor track record on CDD or recordkeeping requirements.
4. Life insurance solutions used for illegal purposes.
5. Accounts managed by external asset managers who may not be adequately regulated and supervised.
6. Purchase or sale of large amounts of precious metals by a customer which is not in line with his business or background.
7. Purchase of bank cheques on a large scale by an interim customer.

Report on Suspicious Activities and Incidents of Fraud:
A licensed financial adviser shall lodge with the Monetary Authority of Singapore (the “Authority”), a report in the form, manner, and within time, upon discovery of any suspicious activities and incidents of fraud where such activities or incidents are material to the safety, soundness or reputation of the licensed financial adviser. For the avoidance of doubt, a licensed financial adviser shall still file suspicious transaction reports to the Suspicious Transaction Reporting Office, Commercial Affairs Department of the Singapore Police Force, as required under the various Prevention Of Money Laundering and Countering The Financing Of Terrorism Notices applicable to it. For incidents of fraud, a licensed financial adviser should lodge a police report and submit to the Authority a copy of the report. Where the licensed financial adviser has not lodged a police report, it should notify the Authority of the reasons for its decision.

Technology Risk Management:
A licensee shall put in place a framework and process to identify critical systems. A licensee shall make all reasonable efforts to maintain high availability for critical systems. The licensee shall ensure that the maximum unscheduled downtime for each critical system that affects the licensee’s operations or service to its customers does not exceed a total of 4 hours within any period of 12 months.

Technology Risk Management:
A licensee shall submit a root cause and impact analysis report to the Authority, within 14 days or such longer period as the Authority may allow, from the discovery of the relevant incident. The report shall contain:
1. An executive summary of the relevant incident.
2. An analysis of the root cause which triggered the relevant incident.
3. A description of the impact of the relevant incident on the licensee’s compliance with laws and regulations applicable to the licensee, operations, and service to its customers.
4. A description of the remedial measures taken to address the root cause and consequences of the relevant incident.