ACRA Amendment – Act Things You Need To Know
With the passing of the ACRA (Amendment) Act in Parliament in April 2014, an enhanced regulatory framework for Corporate Service Providers (CSP) came into existence which became effective from 15 May 2015. CSPs now need to be registered with ACRA as Filing Agents (FA) and must also comply with the specific requirements found within this legislation and the subsidiary legislation.
CSPs are under higher risk of being abused by the perpetuators of terrorism financing and money laundering. Often, international criminals engage CSPs to set up complex corporate structures with reduced transparency that are potentially used for illicit purposes. CSPs generally provide services such as company incorporation, opening Singapore bank accounts, as well as providing registered office and nominee director services for international clients. In many cases, the entire transaction is carried out remotely, without the client being present in Singapore. These clients or their employees generally operate their bank account from overseas. Because of such remote control facility, CSPs might lack a comprehensive knowledge of their clients and this leaves a wide gap for nefarious activities to creep in.
Singapore has built a strong reputation as a trusted financial and business centre, with a robust framework to counter money laundering and terrorism financing activity. But as an international financial, transportation and business hub, its exposure to illegal transactions remains high. As a member of the Financial Action Task Force (FATF) – the global standard setter for anti-money laundering and countering the finance of terrorism – Singapore tightened its regulations for CSPs following the FATF recommendations which focussed on lawyers, accountants and CSPs.
CSPs are required to ask for a series of documents and information to verify the identity of shareholders, agents, directors and the ultimate beneficial owners, as well as to scrutinize the customers’ transactions. In doing so, they may ensure that they fully know and understand their customers and their business operations. CSPs may also raise red flags to the authorities if they identify any anomalies. Hence, both clients and the CSPs need to have a clear understanding of the AML and CFT obligations of the CSPs, as well as the need and importance for Customer Due Diligence (CDD). This will help ensure that clients cooperate with the CSPs to fulfil their legal obligations.
Obligations of a CSP
GeneralIn general the CSP (FA) shall exercise due diligence and ensure that its operations are guarded against any potential abuse to conduct money laundering or financing terrorism. It shall cooperate with law enforcement authorities in preventing money laundering and terrorism financing.
Policies, procedures and controls
A CSP is required to have systems and processes in place to ensure that the appropriate anti-money laundering and counter terrorism measures are conducted. Besides providing directions to its employees for the prevention of money laundering (ML) and financing of terrorism (FT), such policies and procedures should also demonstrate how the CSP intends to discharge its duty to prevent such activities. The policies, procedures and controls should address the following matters:
- Risk assessment and management;
- Customer Due Diligence measures (including simplified and enhanced) and on-going monitoring (including enhanced on-going monitoring);
- Record keeping;
- Monitoring and management of compliance with, and the internal communication of, the internal policies, procedures and controls; and hiring and training of employees.
- Audit of the internal policies, procedures and controls;
- Production of suspicious transaction reports.
Assess risk and document the assessment
In order to put an effective system and procedures in place, the CSP must identify its general level of risk to ML and FT exposure.
Deploy appropriate control measures
A CSP must ensure that control measures such as Customer Due Diligence (CDD) and ongoing monitoring procedures are implemented and sound enough to identify the respective level of risk of its customers.
Depending on the risk level, the CSP may:
- Deploy enhanced, normal or simplified control measures of due diligence, including the identification and verification of the beneficial owners,
- Obtain additional information on high risk customers such as Politically Exposed Persons (PEPs),
- Vary the extent of ongoing monitoring of customers’ transactions.
Ongoing monitoring of business relationship
A CSP shall conduct ongoing monitoring of customers by scrutinising transactions undertaken throughout the course of the relationship and by making sure that they are consistent with the customer’s business and risk profile.
Reporting suspicious transactions
If a CSP suspects that a transaction is related to money laundering or terrorism financing, they should evaluate and decide if they are required to report the suspicious activity. Reports can be made to Commercial Affairs Department in writing or via mail addressed to the Head, Suspicious Transaction Reporting Office or via the STR Online Lodging System.
Detailed records of the customers including risk assessment, CDD and the results of ongoing monitoring, must be maintained at all times and for at least five years after the business relationship has ceased. The records should facilitate an audit trail when required by the authorities.
An independent internal or external audit function must be implemented to review and assess the effectiveness of internal policies and procedures.
A person in a managerial position should be appointed as the compliance officer for the monitoring, management and internal communication of the policies, procedures and controls. The compliance officer shall then review, assess and update the adequacy of the policies and procedures.
Screening and training employees
A CSP must recruit fit and proper persons as employees. This requires the CSP to do a thorough background check of the potential employee to know if he/ she has been convicted for fraud or dishonesty, is an undischarged bankrupt or check they have a satisfactory compliance history if they are registered as a FA or Qualified Individual.
The employees must be trained in and be aware of the laws and obligations to prevent money laundering and terrorism financing. They must be aware of the prevailing trends in respect to MA and FT. Employees must also be adequately trained in the internal policies, procedures and controls to prevent risks of MA and FT, as well as be aware of their roles and responsibility in the system.
What The Customers (of CSPs) Should Know
In the course of fulfilling their obligations to prevent ML and FT, CSPs will request for detailed information regarding identities of beneficial owners, shareholders, directors and details of business transactions. The level and extent of information sought and the intensity of the investigation may vary depending on the risk level that has been associated with the entity. The customers should extend their cooperation to their CSPs by sharing relevant information so that the compliance requirements are met.
In order to identify their individual customers and agents, the CSPs may require the following information:
1. Full name, including any alias;
2. Identity card , birth certificate or passport number;
3. Residential address and telephone number;
4. Date of birth;
5. Nationality; and
6. Additional information such as the individual’s source of wealth.
In the case of a customer or agent who is not an individual:
1. Full name;
2. Incorporation number or registration number
3. Address of the place of business, or registered office address and telephone number;
4. The date of incorporation or registration (as the case may be); and
5. The place of incorporation or registration (as the case may be).
The following information may be sought to understand the nature and purpose of the business:
1. Details of the customer’s business or employment;
2. The nature and purpose of the relationship between the customer and its beneficial owners; and
3. The anticipated level, frequency and nature of transactions that are to be performed by the registered FA for the customer, throughout the business relationship.
Once identified, the CSP shall verify the identities of customers by requesting to see documents such as their passport and proof of residential address from individual customers. For corporate customers, they will require to see the incorporation/registration documents as well as other documents to understand the ownership structure, controlling powers and legal arrangements.
If the CSP that you engage with is not asking for such information, then the particular CSP may not be doing the appropriate/required AML or CFT procedures stated by ACRA. Choose to work with professional service providers such as Hawksford Singapore, whose compliance framework and procedures remain up-to-date and compliant.