New KYC Regulations for Corporate Service Providers
The Accounting and Corporate Regulatory Authority for Singapore (ACRA) has instituted an Enhanced Regulatory Framework that took effect on 15th May 2015. The Framework includes regulations for Corporate Service Providers (CSPs) that perform functions such as company incorporation and on-going corporate filings for their customers. The primary objective of the regulations is to combat money laundering and the financing of terrorism. As part of the new regulations, CSPs now must register with ACRA as a Filing Agent, and follow the provisions of the new Framework. Failure to follow the regulations can result in penalties and disbarment for the CSP. If you are registering a company in Singapore through a CSP, you should make sure that your provider is in compliance with the new regulations otherwise you run the risk of disruption to your business due to legal problems of your CSP.
Money laundering and the financing of terrorism are major concerns for international law enforcement authorities including those in Singapore. There has been increased international focus on combating these activities by implementing consistent regulations across international jurisdictions. The Financial Action Task Force (FATF) has lead the way in this effort and Singapore has followed its lead.
The new ACRA regulations aim to protect corporate service providers in Singapore from unwittingly facilitating illegal activities of a few “bad apple” clients. Along with the new regulations, ACRA has also released a set of guidelines for Corporate Service Providers. These guidelines are designed to help CSPs reduce compliance risks by establishing internal policies that will monitor and mitigate these risks. Any company that provides corporate services for other businesses – such as statutory filing or incorporation of new companies – must ensure that it follows the guidelines below and establishes internal policies in areas including customer risk assessment and due diligence. If you are hiring a Corporate Service Provider (CSP) to incorporate and administer your Singapore company, you must make sure that the CSP is in compliance with these regulations and guidelines. If you hire a non-compliant firm, it is likely to be disbarred by ACRA and face penalties; in such a situation, all clients of such disbarred firm will face serious disruption to their business and may be tainted in the eyes of ACRA due to their association with that CSP.
Why the New Regulations?
The new enhanced framework has been developed by Singapore in accordance with the recommendations of the Financial Action Task Force (“FATF”). FATF is the premier international organization that coordinates international standards for safeguarding against money laundering and terrorist financing.
The Financial Action Task Force (FATF) is an inter-governmental body whose objectives are to “set standards and promote effective implementation of legal, regulatory and operational measures for combating money laundering, terrorist financing and other related threats to the integrity of the international financial system”. FATF has developed a series of recommendations that are the international gold standard for combating of money laundering and the financing of terrorism. FATF monitors the progress of its members in implementing these recommendations and promotes the adoption and implementation of appropriate measures globally with the aim of protecting the international financial system from misuse.
Historically, Singapore has demonstrated a strong willingness to protect its financial and business systems from money laundering and terrorist risks. It implemented a rigorous legal and regulatory money laundering (ML) and terrorist financing (TF) regime per FATF guidelines. In 2015, Singapore further strengthened these safeguards by bringing its Corporate Service Providers (CSPs) into a regulatory framework that obligates them to monitor and report any ML or TF activities.
Who is Covered?
The new regulations cover Corporate Service Providers (CSPs). CSPs are firms that provide various corporate services to other businesses (to both local and foreign clients) and file transactions on their behalf with Singapore’s ACRA. Typically, these services include:
- The incorporation of local companies and registration of foreign companies in Singapore.
- Provision of Registered Address service for the client company.
- Acting as company secretary for the client company.
- Provision of local resident director for the client company.
- Filing of annual returns with ACRA for the client company.
- Filing of changes to corporate structure for the client company such as changes in directors, shareholders, share capital, etc.
Overview of Requirements
You should ensure that you select a Corporate Service Provider who is in compliance with the new regulations, otherwise you run a serious risk of disruption to your business.
REGISTRATION AS FILING AGENT (FA)
As part of the new regulations, firms who intend to provide CSP services and carry out filing transactions using ACRA’s electronic system must be registered as Filing Agents (the “FAs”). A registered FA can carry out a transaction with the ACRA only if he acts by or through a registered Qualified Individual (the “QI”). Employees who do not qualify as QIs can carry out transactions with the ACRA under the QIs’ supervision.
In case of a violations of the regulations, the registration of the involved FA or the QI can be terminated; in addition, the FA and QI can face penalties. Furthermore, the Chief Executive of ACRA can reject an application to be a registered FA or a registered QI if the “fit and proper” requirements or any of the other requirements imposed by the Chief Executive are not met by the applicant.
IMPLEMENTATION OF INTERNAL PROCEDURES
The CSP must have policies in place to guard against facilitating money laundering or the financing of terrorism. These policies should be recorded electronically or on paper, and they should document the steps that will be taken to ensure that the CSP exercises due diligence of clients in its business relationships. The guidelines apply a risk-based approach, in which risk factors for money laundering are identified, and an overall level of risk is determined for each customer. Higher risk customers should be subjected to greater degree of scrutiny in order to mitigate the risks associated with them.
ACRA has provided a guide to drafting such internal policies in their guidelines in Annex A. These policies can be used as a template for CSPs to ensure that they meet the requirements of the new framework. The Annex also includes a template for a customer acceptance form which collects the information required for the CSP to perform its due diligence.
ASSESSMENT OF RISK
When a CSP acquires a new customer, the customer must be screened to determine the risk of money laundering; and this screening must be documented. The guidelines give a full listing of risk factors to consider, which include customer factors (such as non-resident customers, an overly complex ownership structure, or businesses which do a lot of their trade in cash). Further factors to be considered include country or territory risk factors (such as whether the country in which the customer is based is subject to sanctions or embargoes from the UN), and service risk factors (for example, business transactions which are not made face-to-face). The guidelines also specify factors which indicate the a customer is low risk, such as being a public company listed on the stock exchange, and hence being subject to disclosure requirements. Such circumstances imply that the risk of the customer being involved in money laundering is low.
Once these factors have been considered, the customer can be designated as either high risk, in which case full due diligence must be performed, or low risk, in which case simplified due diligence measures may be used.
INITIAL DUE DILIGENCE
Due diligence must be performed on customers in any of the following situations: when a new business relationship is established, when the CSP has reason to suspect that the customer may be laundering money, or when the CSP has doubts about the authenticity or accuracy of documents used to identify the customer.
To fulfil the requirements of due diligence, customers and agents must be identified, and their identities verified. If the company has a beneficial owner who is someone other than the customer (i.e. an individual who owns the assets and/or has authority over the customer), then the CPS must identify and verify the beneficial owner too. Finally, as a CPS, you must obtain information about the purpose of the intended business relationship.
Identification of customers must be performed before a business relationship is established, by collecting and recording information about the customer such as their full name, identity card or passport number, residential address, date of birth, and nationality. This information must then be verified based on reliable documents and sources.
Once due diligence has been performed and a business relationship with the customer has been established, the CSP must continue to monitor the customer. Transactions passing between the customer and CSP should be scrutinised to ensure that the transactions (including the source of funds) are in line with known information about the customer and their risk profile. The documents used in this monitoring must be kept up to date, and the risk profile of the business relationship should be reviewed where necessary. The degree to which ongoing monitoring is conducted should be determined as described under “Risk assessment” – those customers which are deemed to be the highest risk should be monitored the closest.
It is important to keep records of all due diligence and monitoring information of customers, including risk assessment and screening, sufficient for an audit to be performed on those records, if necessary. The records should include copies of information about the customer’s identity, and all supporting documents.
The records should be kept for the duration of the business relationship, and for at least five years from the date of the end of the business relationship. The records can be kept as original documents, as photocopies, on microfiche, or in an electronic format.
The CSP must establish and maintain an audit function which regularly assesses the effectiveness of the “internal procedures” described above. While the audit may be performed by either an internal or an external auditor, it is against the regulations for the same person to be both the compliance officer and the internal auditor.
EMPLOYEE HIRING AND TRAINING
The CSP should also consider its policies regarding the hiring and training of new employees. There must be a screening procedure in place for hiring new employees, to discover whether the potential employees have any convictions involving fraud or dishonesty, if they are an undischarged bankrupt in Singapore, and, if they have previously been in an role as a registered filling agent, whether their performance in that role was satisfactory.
Once the employee has been screened and hired, they must be trained on the laws for the prevention of money laundering, on the methods of money laundering which are commonly used, and on the internal policies which are in place for the prevention of money laundering. The individual laws which they must be trained on include:
- The ACRA Act and Regulations.
- The Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act.
- The Terrorism (Suppression of Financing) Act.
- Other legislation concerning the prevention of money laundering or financing of terrorism.
Penalties for Non-compliance
If there is a suspected breach in the fulfillment of the ACRA regulations, ACRA can investigate the CSP and its policies regarding the prevention of money laundering. If the investigation finds non-compliance, then the filing agent at the CSP as well as the qualified individuals will face penalties, which can include cancellation or suspension of their registration with ACRA, denial of the use of ACRA’s Bizfile business portal, and the imposition of financial penalties. A CSP who is facing such penalties will not be able to perform any functions for its clients and the client’s business functions will be disrupted. Therefore, entrepreneurs should choose their CSP very carefully.
By following the ACRA Guidelines described above and using the template policies and customer acceptance form from the Annex, filing agents can make sure that their businesses are guarding against the facilitation of money laundering or the financing of terrorism. CSPs must meet the ACRA requirements under the Enhanced Regulatory Framework. More information about the Enhanced Regulatory Framework can be found on the ACRA website.