Simplified Due Diligence by Dealers in Precious Stones and Precious Metals in Singapore
Simplified Due Diligence by Dealers in Precious Stones and Precious Metals in Singapore
The AML regulations in Singapore provide for adopting a risk-based approach to mitigate the identified money laundering and terrorism financing risk. In this reference, the Precious Stones and Precious Metals (Prevention of Money Laundering and Terrorism Financing) Regulations 2019 provides a concept – “Simplified Due Diligence”.
In this article, we shall explore the meaning of Simplified Due Diligence (SDD) and when and how the dealers in precious stones and metals can implement the SDD measures while complying with the AML regulations.
What is Customer Due Diligence?
- identification of customers and their beneficial owners before establishing a business relationship (Know Your Customer)
- verification of the customer’s identities using reliable, independent sources
- understanding the nature of the business relationship and the intended purpose of the transaction
- assessing the customer risk profile and determining if any additional information and verification checks are required
- obtaining information about the customer’s source of funds and wealth, in case the risk assessed is high, etc.
What is Simplified Due Diligence?
As the name implies, Simplified Due Diligence (SDD) is a process of carrying out liberal checks on the customer and requesting fewer documents while adequately managing the financial crime risk. SDD is coined to accommodate the risk-based approach, wherein the resources can be optimally allocated between the low and high-risk customers, balancing the operational efficiency and the ML/FT risk.
It is pertinent to note that though SDD suggests a lower level of checks and scrutiny, but the same must not be misinterpreted as a window to avoid compliance measures.
The regulated entities must thoroughly understand the circumstances where simplified checks are permitted and their implementation process.
Circumstances when Simplified Due Diligence can be applied:
PSPM Regulations 2019 allows the performance of SDD when the ML/FT risk assessed for a customer is “low”, and the simplified measures to be applied to the customer can sufficiently manage the assessed risk exposure. The risk categorization as “low” must be based on a thorough evaluation of factors impacting the business relationship, such as the nature of proposed transactions, geographies the customer is associated with, the previous transactions history of the customer, etc., the records around the customer risk assessment must be well documented.
Additionally, for applying SDD measures during the customer onboarding process, the regulated entities must obtain prior written approval from the Registrar. They are required to adhere to the conditions mentioned by the Registrar in such SDD approval.
Circumstances when Simplified Due Diligence cannot be applied:
When assessing the possibility of implementing SDD, the regulated entities must ensure that their Internal Policies, Procedures, and Controls (IPPC) restrict the application of SDD measures when any of the below-mentioned criteria are satisfied:
- the customer is PEP or associated with PEP
- the customer is coming from or is closely connected with a high-risk jurisdiction
- when the risk assessed for a particular customer is “high”
- when any other ML/FT risk indicators have been observed during the pre-onboarding stage
What is Simplified Due Diligence?
Even in Simplified Due Diligence, identification and verification of the customer’s identity is a must.
The regulated entities must apply necessary measures to identify and verify the following parties:
- the customer
- the true owner of the funds involved in the transactions (cash or cash equivalent)
- when the transaction is for the purchase of precious metals or stones, the owner of such PSPM
- the beneficial owners of the corporate customer
- beneficiary or authorised representative on whose behalf the person is acting
The entity must seek details like name, date of birth, citizenship and the unique identification number. Further, to verify the details, the regulated entities must obtain a Passport or any other government-issued identification document bearing the person’s name, nationality and photograph. Such ID must be valid and current as of the date of the business relationship. In exceptional cases where the original document is produced before the entity for verification, a “true copy” of the ID document must be requested (certified by a competent person such as a notary public, a lawyer or a public accountant).
Further, the entities must also screen the customers and the beneficial owners against the sanctions lists (specifically the United Nations Security Council designation and the domestic designations under the Terrorism (Suppression of Financing) Act).
Since the customer’s risk profile is dynamic, it is essential to subject all the customers to ongoing monitoring, including those classified as “low-risk”. The low-risk customer shall be reviewed regularly to ensure that the customer identification information obtained originally is valid and relevant. The frequency and extent of such ongoing reviews can be reduced compared to the one required for high-risk customers.
When the regulated entities adopt SDD, the records about the identification and verification measures applied by the entity must be maintained adequately.
What are the best practices for implementing Simplified Due Diligence?
- The risk classification methodology must be well crafted, considering all the relevant risk factors (customer profile, geographies, nature of business relationship, delivery channels, etc.). The customer risk assessment process must ensure that high-risk customers are mistakenly categorised as low-risk and subjected to SDD. Inadequacy in risk profiling may lead to potential financial crime vulnerabilities and non-compliance consequences.
- The customer risk profiles must be monitored regularly, in line with their transactions, to ensure that the customer still fits into the “low-risk” zone and does not pose any incremental risk to the business.
- Adequate training must be imparted to the Compliance Team and the relevant staff in the entity to create awareness around the SDD process and make them understand that simplified measures must not be employed just for the sake of quick customer onboarding.
- The entities may also consider implementing the AML software to streamline the identification verification, including automated screening against sanctions lists. This can bring efficiency to overall customer information collection and documentation activities.
How can AML Singapore assist you in simplifying your Simplified Due Diligence process?
Simplified Due Diligence does not suggest doing away with the customer identification process and obligates the regulated entities to perform certain mandatory checks. Moreover, it is associated with other compliance-related tasks – pre- and post-SDD processes. This includes designing the SDD process as part of IPPC, assessing customer risk, and ongoing monitoring.
Let AML Singapore be your AML Compliance partner and handhold you in the end-to-end AML journey. We can assist in conducting the Enterprise-Wide Risk Assessment and customizing the Internal AML Policies, Procedures, and Controls, including defining the Simplified Due Diligence and Enhanced Due Diligence requirements.
About the Author
Jyoti Maheshwari
CAMS, ACA
Jyoti has over 7 years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.