Singapore CDD: Comprehensive Guide

Performing Customer Due Diligence (CDD) in Singapore is a critical requirement for businesses, especially those in regulated sectors like financial services, real estate, and corporate service providers. This is to combat money laundering (ML), terrorism financing (TF), and proliferation financing (PF). The Monetary Authority of Singapore (MAS) and other relevant authorities enforce stringent regulations.

Here's a comprehensive overview of how to perform CDD in Singapore:

I. Regulatory Framework and Key Principles

• Primary Laws:

  • Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act (CDSA)

  • Terrorism (Suppression of Financing) Act (TSOFA)

  • Prevention of Proliferation Financing and Other Matters Act

• Regulatory Bodies:

  • Monetary Authority of Singapore (MAS): Central bank and financial regulator, responsible for formulating and enforcing AML/CFT policies, issuing regulations and guidelines, and conducting inspections.

  • Commercial Affairs Department (CAD) of the Singapore Police Force: Specializes in investigating white-collar crimes, including financial crimes like money laundering. The Suspicious Transaction Reporting Office (STRO) within CAD is Singapore's Financial Intelligence Unit (FIU).

• Risk-Based Approach: Singapore's AML regulations adopt a risk-based approach, meaning the intensity of CDD measures should be commensurate with the assessed ML/TF/PF risk of the customer and the business relationship.

• Ongoing Monitoring: CDD is not a one-time process. Businesses must continuously monitor customer activity and keep information up-to-date.

• Record Keeping: All CDD records and supporting documents must be retained for at least five years from the end of the business relationship or the final transaction.

II. Steps to Perform Customer Due Diligence

1. Customer Identification:

   • For Individuals: Obtain full name (including aliases), residential address, contact numbers, email addresses, place and date of birth, gender, marital status, nationality, race, government-issued identification number (NRIC, passport), and occupation.

   • For Entities/Legal Arrangements (e.g., Companies, Trusts):

     • Verify the company's existence (e.g., ACRA business profile, certificate of incorporation).

     • Understand the company's ownership and control structure.

     • Identify the natural persons appointed to act on the customer's behalf.

     • Identify all Ultimate Beneficial Owners (UBOs) – individuals who ultimately own or control more than 25% of the shares or voting rights, or otherwise exercise control over the management.

     • Obtain information on the nature of the business and the purpose of the business relationship.

       
       

2. Identity Verification:

   
   

   • Verify the collected identification information using reliable and independent sources.

   • For Individuals: Government-issued photo identification (NRIC, passport), bank statements, utility bills.

   • For Entities: Business profiles from government regulators, certificates of incorporation, articles of association, memorandum of association.

   • Retain copies of all documentation used for verification.

     
     

3. Understanding the Nature of the Business Relationship and Source of Funds/Wealth:

   
   

   • Obtain information on the purpose and intended nature of the business relationship.

   • Understand the source of the customer's funds and, for higher-risk cases, the source of their wealth. This helps ensure the legitimacy of transactions.

     
     

4. Customer Screening:

   
   

   • Screen the customer, beneficial owners, senior management, and any other relevant parties against:

     • Sanctions lists: (e.g., UN Security Council (UNSC), OFAC, HMT, EU, DFT).

     • Terrorist designation lists.

     • Politically Exposed Persons (PEPs) lists: Identify if the customer, their family members, or close associates are PEPs. Enhanced Due Diligence (EDD) is required for PEPs.

     • Adverse media: Check for any negative news or involvement in illicit activities.

   • This screening helps identify heightened risks.

     
     

5. Risk Assessment:

   
   

   • Assess the ML/TF/PF risk posed by each customer based on:

     • Nature of the customer (individual vs. entity, type of entity).

     • Geographic risk (e.g., high-risk jurisdictions).

     • Nature of the products/services involved.

     • Delivery channels.

     • Screening results (PEPs, sanctions, adverse media).

   • Assign a risk rating (e.g., low, medium, high).

     
     

6. Enhanced Customer Due Diligence (ECDD) - for High-Risk Customers:

   
   

   • Apply EDD measures when the customer is identified as high-risk, including:

     • PEPs: Obtain senior management approval to establish or continue business relations. Establish the source of wealth and source of funds. Conduct enhanced ongoing monitoring.

     • High-risk jurisdictions.

     • Complex ownership structures.

     • Unusual transactions without a clear purpose.

   • ECDD generally involves more extensive information gathering and verification, including establishing the legitimacy of the customer's income level and a deeper understanding of the transaction's purpose.

     
     

7. Ongoing Monitoring:

   
   

   • Continuously monitor customer transactions and account activities to detect any suspicious behavior that deviates from the expected profile.

   • Keep CDD data, documents, and information relevant and up-to-date by regularly reviewing and updating customer information.

   • Investigate any red flags that may arise.

     
     

8. Record Keeping:

   
   

   • Maintain comprehensive records of all CDD measures performed, including:

     • Customer identification documents.

     • Verification documents.

     • Risk assessment findings.

     • Rationale for risk ratings.

     • Ongoing monitoring activities.

     • Any suspicious transaction reports (STRs) filed.

   • These records are crucial for demonstrating compliance to regulators.

     
     

9. Reporting Suspicious Transactions (STRs):

   
   

   • If any suspicious activity indicative of ML/TF/PF is identified, a Suspicious Transaction Report (STR) must be promptly submitted to the STRO.

   • It is crucial not to tip off the customer about the STR.

III. Important Considerations:

• Training: Adequately train all relevant staff on CDD procedures, AML/CFT regulations, and how to identify and report suspicious activities.

• Compliance Officer: Appoint a compliance officer with clearly defined roles and responsibilities for managing the AML compliance program.

• Technology: Leverage technology solutions (e.g., identity verification platforms, screening tools) to streamline CDD processes and enhance accuracy.

• Before Agreement Signing: For many sectors (e.g., real estate), CDD checks must be completed BEFORE any property agreement is signed.

By adhering to these rigorous CDD requirements, businesses in Singapore contribute to safeguarding the integrity of the financial system and preventing financial crime.

How Bestar can Help

While businesses in Singapore are ultimately responsible for their own Customer Due Diligence (CDD) obligations, leveraging professional expertise can significantly enhance compliance, efficiency, and risk mitigation. Here's how professionals can help with CDD in Singapore:

I. AML/CFT Compliance Consultants:

• Policy and Procedure Development: Consultants can help design, develop, and implement robust AML/CFT policies and CDD procedures tailored to your specific business model, industry, and risk profile, ensuring compliance with MAS and other relevant regulations. They can ensure your framework is risk-based.

• Risk Assessment: They assist in conducting comprehensive business risk assessments to identify the overall ML/TF/PF risks your business is exposed to, and help develop a framework for assessing individual customer risk.

• Regulatory Interpretation and Advisory: Singapore's AML/CFT landscape is dynamic. Professionals stay up-to-date with evolving regulations, guidelines, and industry best practices, providing accurate interpretation and advice on how they impact your operations.

• Training: They can develop and deliver customized training programs for your staff on CDD requirements, red flags, suspicious transaction reporting, and overall AML/CFT awareness.

• Independent Audits and Reviews: Consultants can conduct independent reviews or audits of your existing AML/CFT program and CDD processes to identify gaps, weaknesses, and areas for improvement, helping you prepare for regulatory inspections.

• Remediation Support: If your business has identified compliance deficiencies or received regulatory findings, consultants can assist in developing and implementing remediation plans.

• MAS Licensing Applications: For new entities entering regulated sectors, consultants can guide them through the MAS licensing application process, which often requires a well-defined AML/CFT framework, including CDD.

II. Technology Providers (RegTech/AML Software Solutions):

• Automated Identity Verification: CDD software can automate the verification of customer identities using government databases, biometrics, and other reliable sources, speeding up the onboarding process and reducing manual errors.

• Sanctions and PEP Screening: These solutions automatically screen customers, beneficial owners, and other associated parties against global sanctions lists, Politically Exposed Persons (PEPs) databases, and adverse media, providing real-time alerts.

• Beneficial Ownership Identification: Advanced tools can help untangle complex ownership structures of entities to accurately identify ultimate beneficial owners (UBOs), a crucial part of CDD.

• Risk Scoring and Assessment: Software can implement risk matrices to automatically assign risk scores to customers based on pre-defined criteria, facilitating a consistent and data-driven risk-based approach.

• Ongoing Monitoring: Automated systems can continuously monitor customer transactions and activities for suspicious patterns or changes in risk profiles, alerting compliance teams to anomalies.

• Digital Record Keeping: CDD software provides a secure, centralized digital repository for all customer information, due diligence documents, risk assessments, and audit trails, crucial for compliance and ease of access during inspections.

• Automated STR Reporting: Some solutions can streamline the generation and submission of Suspicious Transaction Reports (STRs) to the Suspicious Transaction Reporting Office (STRO), reducing manual effort and ensuring timely reporting.

• Enhanced Due Diligence (EDD) Support: Software can facilitate the collection and management of additional information required for EDD, such as source of wealth and source of funds.

III. Corporate Service Providers and Law Firms:

• Corporate Secretarial Services (with CDD support): Some corporate service providers offer assistance with initial CDD checks as part of their company incorporation and secretarial services, particularly for identifying UBOs for newly established entities.

• Legal Advice: Law firms specializing in financial regulations and AML/CFT can provide legal opinions on complex CDD matters, assist in drafting compliance policies, and represent businesses in regulatory investigations or enforcement actions.

• Outsourced KYC/CDD Services: Some providers offer managed KYC/CDD services, where they take on the operational burden of performing CDD checks, allowing businesses to focus on their core activities. This can be particularly useful for businesses with high volumes of customer onboarding or limited in-house resources.

Benefits of Engaging Professionals:

• Expertise and Specialization: Professionals bring deep knowledge of Singapore's specific AML/CFT regulations and best practices.

• Efficiency: Automation and streamlined processes reduce manual effort and accelerate CDD completion.

• Cost Savings: Outsourcing or using specialized software can be more cost-effective than building and maintaining an extensive in-house compliance team and infrastructure.

• Risk Mitigation: Enhanced CDD processes reduce the risk of inadvertently facilitating financial crime, thus protecting the business from reputational damage, heavy fines, and legal penalties.

• Consistency and Accuracy: Standardized procedures and automated checks ensure consistency and accuracy in CDD performance.

• Focus on Core Business: By offloading complex CDD tasks, businesses can dedicate more resources to their primary operations.

In essence, engaging professionals, whether consultants, technology providers, or specialized service firms, allows businesses in Singapore to navigate the intricate CDD landscape more effectively, ensuring robust compliance while optimizing operational efficiency.