ACRA’s AML Compliance Review and Best Practices for RFAs

Registered Filing Agents in Singapore must comply with AML/CFT obligations as provided in the ACRA (Filing Agents and Qualified Individuals) Regulations 2015. As a supervisory authority, the AML/CFT function of these Registered Filing Agents (RFAs) is subject to compliance review by the Accounting and Corporate Regulatory Authority (ACRA).

During this review process, ACRA assesses the compliance practices implemented by the registered filing agents licensed in Singapore. After this review, a Compliance Assessment Report is prepared, capturing the findings and observations around the RFA’s AML/CFT compliance measures. To meet the ACRA (Filing Agents and Qualified Individuals) Regulations 2015 compliance requirements and successfully demonstrate the RFA’s commitment to AML compliance, the RFA must adopt best practices in AML compliance.

RFA’s compliance with ACRA Guidelines and compliance review by ACRA

ACRA (Filing Agents and Qualified Individuals) Regulations 2015 apply to the RFAs in Singapore. Per these regulations, you must make every effort to follow the requirements. To check whether you comply or not with the provisions, ACRA conducts reviews.

ACRA may itself conduct the compliance review of the RFA or may appoint independent professional experts to review your compliance procedures and recommend remedial actions. The appointed reviewer shall make an on-site visit, accompanied by an ACRA officer, and shall study the following:

Overall business profile, activities undertaken, compliance functions set up by the RFA and the AML compliance officer
ML/FT exposure of the business by reviewing the outcome and methodology used by the RFA for conducting the enterprise-wide risk assessment
Scope and effectiveness of the RFA’s Internal Policies, Procedures, and Controls (IPPC)
Degree and nature of measures applied by the RFA as part of the customer due diligence and enhanced customer due diligence processes
RFA’s approach to obtaining or determining the customer’s beneficial ownership
Mechanism followed for identifying and reporting the suspicious transaction
Internal communication for AML IPPC amongst the team members
The scope, frequency and adequacy of the AML training program
Analysis of remediation actions executed by the RFA towards the findings made during previous compliance review or inspection

Before visiting the RFA’s premise of detailed review, the ACRA or the reviewer requests the RFA to complete the self-assessment and submit necessary documents pertaining to the following:

Risk-based approach adopted by the RFA and the details of the ML/FT business risk assessment conducted by the RFA
Implementation of the IPPC
RFA’s confirmation on various CDD measures adopted by the RFA for identifying the customers, beneficial owners, etc. and verifying their identities
Details around the red flags list maintained by the RFA and the process followed for timely reporting of the suspicion
Information on compliance with AML training and AML audit requirements

Along with these details in the self-assessment form, the RFA must attach a copy of the latest IPPC adopted by the RFA.

Upon consolidated review of the self-assessment form filed by the RFA and the review of the documents during the on-site visit, the reviewer shall prepare a report on the observations and findings around the RFA’s AML/CFT compliance, highlighting the gaps and the recommendations to remediate these gaps in accordance with the applicable AML regulations and ACRA regulations.

Best practices around AML compliance to adequately address the AML review by ACRA

To ensure compliance with the ACRA guidelines and successfully address the compliance review initiated by ACRA, RFA needs to develop and maintain a robust ML/Ft risk management framework.

Here are the best practices you must adopt for effective AML compliance and avoid non-compliance penalties:

Ensure the quality of business risk assessment

One critical reason for inaccuracies in AML measures is wrong or incomplete assessments. Identify the threats to your business. Only with awareness of the ML/FT risk the business may face can you customise the AML/CFT framework and make it more effective and relevant to your business activities.

You must periodically review the quality and validity of your business risk assessments. Ensure that it covers all the risk factors impacting the business, such as the nature of the customer, the geographies you do business with, the nature of the services you offer, delivery channel, complexity and type of the transactions executed, etc.

Once you know them, you can develop and implement AML measures against these risks. Enhance the quality of your risk assessments to create a direction for your AML measures. Use the risk criteria mentioned in ACRA’s guidelines while assessing risks. Also, consider the outcome of Singapore’s latest National Risk Assessment.

Track the internal policies, procedures, and controls (IPPC)

As a measure against money laundering and terrorism financing, you must ensure a well-defined and customised AML framework comprising internal policies, procedures, and controls. A comprehensive and up-to-date IPPC will guide you in identifying and managing the risk at each aspect of your business, be it launching a new business practice, onboarding a new customer or executing a transaction with an existing customer.

Ensure your IPPC helps you stay compliant with the regulatory landscape while safeguarding the business.

Check the quality and effectiveness of customer due diligence measures

An essential element of the AML compliance program is knowing your customer and conducting an adequate due diligence. You must invest your time and effort in periodically reviewing the adequacy and efficacy of the customer due diligence (CDD) measures.

Check out the following to make sure your customers do not stand a chance of misusing your services for any financial crime:

Robustness of the process used for identifying the customers and verifying their identities
Adequacy of the process followed for determining the beneficial owners of the customers
Compliance with the ACRA’s guidelines around customer acceptance
Reliability of the independent sources used for customer identity verification
Identification of the politically exposed persons (PEPs)
Compliance with sanctions screening requirements and the technology adopted for the same
Methodology followed for conducting the customer risk assessment
Quality of the enhanced customer due diligence (ECDD) measures applied when a customer is identified as high-risk
Timeliness of applying and concluding the CDD and ECDD measures
Ongoing monitoring process deployed for keeping the customer’s risk profile in sync with the RFA’s risk appetite

Ensure that the CDD measures empower you to apply a risk-based approach and adequately identify and assess the customer risk.

Assess the suspicious transaction identification and reporting procedures

Having well-defined procedures for monitoring business relationships and transactions and flagging suspicious or unusual activities is a best practice for AML compliance.

Ensure that your list of red flags is up-to-date and relevant to the nature of your business activities. You can refer to the ACRA’s guidelines on indicators of suspicious transactions for defining these risk indicators. If not done, set up a mechanism and system for timely and efficient reporting of the identified red flags from the front-line employees to the AML compliance officer. A process that enables the comparison officer to investigate the detected suspicion and decide on its final report with the suspicious transaction reporting office must be developed.

Check the quality of the suspicious transaction reports (STRs) filed with STRO.

Investigate employees’ AML training and knowledge

Employees’ knowledge of AML measures is essential for AML compliance. AML training ensures the seamless process of complying with AML regulations. So, you must check all your employees and senior management’s understanding of the following:

Importance of AML for the business
AML measures necessary to comply
Internal policies, procedures and controls
Awareness about their AML responsibility

Conduct relevant training for each level of participants for their job-specific topics and general AML awareness.

Ensure Adequate Recordkeeping

Recordkeeping for any entity is useful. Even the AML laws in Singapore mandate you to maintain records of your AML processes for at least five (5) years. Maintaining all the relevant AML records in an organised manner is one of the best practices for RFAs.

You must retain the following records:

Records about customer due diligence applied (identification records, details around customers’ risk profiles, screening outcome, etc.)
Suspicious transactions identified and reported
Transactional details and documents
Business risk assessment
Training records

You might need these records for future reference. Authorities would also ask for them during AML compliance reviews or inspections.

Introduce an AML audit process to reduce the possibilities of regulatory actions

One best practice after implementing the AML compliance function is an AML audit. Periodic AML audit allows you to identify deficiencies in your AML compliance beforehand. You can improve upon them and make them efficient and productive. Thus, you can achieve accuracy and completeness in your AML compliance initiatives.

So, you are already compliant whenever the regulatory authorities audit or investigate your AML compliance.

Handle ACRA compliance review transparently and confidently

You must maintain complete transparency while presenting the details and information to the reviewer during the ACRA lead compliance review. With the best practices adopted in the AML function, give the reviewer a clear and complete picture of your compliance. Be open to receiving feedback from the reviewer and effectively implementing the remediation actions suggested by the reviewer or ACRA.

Make a plan to put into practice the compliance enhancement recommendation captured in the review report, including identifying the responsible person and setting stringent timelines for the same.

These are some of the best practices to be adopted by RFA to ensure effective compliance and successful compliance review by ACRA.

AML Singapore – your partner for professional AML consulting services

AML Singapore dedicates itself to helping entities adhere to the AML regulations in Singapore. You can trust us to strengthen your guarding measures against financial crimes. Our consultants, policymakers, and analysts help you with various AML compliance services. We prepare you for the AML compliance reviews by ACRA or other authorities. We help you fill out the self-assessment form and prepare the documents. You can also trust us to improve actions after compliance reviews. We understand the gaps, strategise actions, and execute them to enhance compliance. So you know whom to call for any queries or support in AML compliance.

About the Author

Linkedin-in

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 25 years of experience in compliance management, Anti-Money Laundering, tax consultancy, risk management, accounting, system audits, IT consultancy, and digital marketing.

He has extensive knowledge of local and international Anti-Money Laundering rules and regulations. He helps companies with end-to-end AML compliance services, from understanding the AML business-specific risk to implementing the robust AML Compliance framework.

ACRA’s AML Compliance Review and Best Practices for RFAs