Strengthening AML/CFT controls and practices to detect and mitigate risks of misuse of legal persons/ arrangements and complex structures

Strengthening AML/CFT controls and practices to detect and mitigate risks of misuse of legal persons/ arrangements and complex structures

The financial sector regulator of Singapore i.e., the Monetary Authority of Singapore (MAS), while carrying out its inspection function in Financial Institutions (FIs) sector came across several instances of misuse of legal persons/ arrangements and complex structures and thus drew up the “STRENGTHENING AML/CFT CONTROLS AND PRACTICES TO DETECT AND MITIGATE RISKS OF MISUSE OF LEGAL PERSONS/ ARRANGEMENTS AND COMPLEX STRUCTURES INFORMATION PAPER August 2023” laying down its supervisory expectations for FIs without imposing any additional/fresh regulatory obligations, which ought to be used/interpreted as the benchmark to be followed by FIs.  

These supervisory expectations are to be dealt with by FIs in a risk-based commensurate manner against its practices. FIs must conduct a gap analysis to compensate for lapses, if any.  

The MAS prescribes/stipulates/advises the FIs to reflect upon its previous information papers, specifically – 

  • Effective Practices to Detect and Mitigate the Risk from Misuse of Legal Persons 
  • Guidance for Effective AML/CFT Transaction Monitoring Controls 
  • Effective Use of Data Analytics to Detect and Mitigate ML/TF Risks from the Misuse of Legal Persons 

Should the FIs encounter gaps/lapses in their framework and controls, specific remediation/enhancement measures should be identified and implemented. Ultimately aiming to ensure stringent anti-money laundering and countering the financing of terrorism (“AML/CFT”) controls.

Areas covered by the information paper.

The Information Paper’s structure encompasses.

  1. Typologies observed and supervisory observations of the MAS.  
  2. Customer Due Diligence (CDD) – including case studies, actions taken to address CDD gaps, and Supervisory expectations. 
  3. Ongoing Monitoring – including case studies, actions taken to enhance AML/CFT controls, and Supervisory expectations. 

The case studies included with the intent to illustrate/demonstrate/give an example of good practices and areas of weaknesses as observed/witnessed by the Regulator/MAS to uplift the industry’s awareness, culminating in gap analysis and risk mitigation. 

Typologies observed and supervisory observations.

  • Typologies observed- Misuse of legal persons/arrangements and complex structures for illicit purposes to –  
    • Facilitate transactions without any clear economic purpose with related entities or entities purporting to be in the same industry to create an illusion of legitimacy. 
    • Multiple and complex layers of ownership are created for no logical or clear reason but with mala-fide intent of masking/shadowing/obscuring true beneficial ownership.
  • Supervisory observations – To facilitate proactive and prompt detection of potential misuse of legal persons/arrangements and to address risks associated with complex structures, the FIs that have been reviewed have installed/established specific policies, procedures, and controls, namely – 
    • use of data analytics (DA) to solidify and strengthen existing ongoing monitoring controls. 
    • Lapses noted during FIs review:  
    • Weak oversight 
    • Lack of risk awareness and vigilance to spot unusual red flags. 

Customer Due Diligence (CDD)

Financial Institutions are required to identify and verify the customer, and in the case of a natural person, FIs shall understand the nature of business and control structure of the customer.  

  • Actions taken by the examples cited in case studies to enhance AML/CFT controls –  
    • Enhanced/intensified training and guidance on the subject matter – i.e., the complex ownership and structures to empower staff to identify/detect red flags on customer information/declarations obtained. 
    • Requesting/initiating further assessment on the use of unusual complex structures and ownership to assess the legitimacy of the customer. 
  • Supervisory expectations – FIs should be alert of the following shell company red flags – 
      • Unusual or rapid changes to corporate structures, including beneficial ownerships, after account opening and  
      • The BO owning a company through a nominee shareholder without a clear economic rationale or purpose. 

The regulator/MAS expects FIs to collect and assess (for the purpose of determining whether enhanced ML/TF Risk Assessment and monitoring is warranted) sufficient information pertaining to complex corporate structures, including beneficial ownerships specifically for bespoke wealth management structures. 

    • FIs must: 
      • Adequately apprise front line staff on red flags relating to the use of complex ownership and control structures to ensure proper follow-up and risk assessments.  
      • Perform further checks or corroboration where there are doubts over the declarations obtained from the customer.  
      • Establish clear accountability and processes to enable timely escalation of concerns about ownership structures or BO information.  
      • Take timely and appropriate risk mitigation measures to address these concerns.  

Ongoing Monitoring

Financial institutions are expected to monitor transactions to ensure that the transactions are aligned with the profile of the customer.  

FIs are required to adequately train staff to identify, scrutinize, and escalate to appropriate internal senior management should any unusual transactions take place; this forms an integral part of transaction monitoring (TM) controls.  

Instances of –  

  • TM involving escrow arrangements– To adequately inquire into scrutiny of transactions to avoid exposure of the FIs to risk of misuse for illicit purposes where gaps arose due to  
    • The transactions were significantly larger in quantum than the past transactions, and 
    • The transaction counterparties were inconsistent with those disclosed to the FI at account opening. 
  • Executional lapses in review of transactions -FIs are required to implement appropriate internal risk management systems, policies, procedures, and controls to determine if business relations with or transactions for any customer present a higher ML/TF risk and trigger reviews of CDD information based on discrepancies observed. 
  • Addressing Information silos to ensure effective and holistic review of customer relationships. It was observed that gaps arose due to –  
    • Concerns over source of wealth (“SOW”) of Customers were not shared across business units (“BUs”) on a timely basis.  
    • Inconsistencies noted across each BU’s respective SOW assessment of the customer were not clarified or followed up on, even after the concerns were made known to the BUs and compliance teams.  
    • Account retention decisions were mainly based on the long tenure of banking relations and lack of adverse news on Customers, without having considered or assessed the materiality of the SOW concerns. 

The gaps arising out of Ongoing Monitoring lapses are derived from three case studies cited in the Information Paper on the basis of which the actions were taken to enhance AML/CFT controls and Supervisory expectations are formulated. 

  • Supervisory expectations : FIs need to be vigilant while dealing with Escrow arrangements and must examine the legitimacy of the parties involved, as the same can be misused/abused for layering/illicit purposes.  


The MAS through its reviews have identified areas where FIs have imbibed the necessary frameworks and controls to identify customers, including BOs, that present shell company characteristics and perform enhanced measures where higher risks are identified with the goal of delivering desired outcomes as illustrated through case studies, actions taken, and supervisory expectations cited in the Information Paper. 

FIs are thus directed to.  

  • assess the effectiveness of their controls against regulator/MAS’ inspection findings and guidance provided in the information paper. 
  • ensure that staff/personnel are apprised of the latest developments, amendments, and updates on risks and typologies on misuse of legal persons/arrangements and complex structures as they evolve, to detect and escalate risk concerns for prompt mitigation. 
  • Enhanced scrutiny and assessment of clients/customers SOW and transactions where risk concerns are observed. 
  • Senior management to ensure effectiveness of controls in place. 
  • Utilize DA to enhance their risk detection capabilities.