Updated Guidelines for RFAs in Singapore and What It Means for Your Business
After the feedback and letters from expert organizations including the Chartered Secretaries Institute of Singapore, Institute of Company Accountants, and the Law Society of Singapore, authorities have updated guidelines for RFAs. According to the ACRA, this has been done for “better guidance for RFAs in complying with regulatory requirements under the enhanced regulatory regime for Corporate Service Providers in Singapore.”
Which Areas Will the Amendment Affect?
The updated guidelines for RFAs will change the following elements of the business:
- Risk Assessment
- Beneficial Owners
- Customer Due Diligence
- the Internal Policies, Procedures, and Control (IPPC), and
- Customer Risk Factors and Customer Acceptance Form
Before establishing a business relationship, an RFA should perform a risk assessment of its prospects. This is mostly to determine risks like Money Laundering and Terrorist Financing. The CSR has to document the observations and conclusions.
The guidelines have advised RFAs to make the process more effective by asking detailed questions like the source of wealth and funds. These measures will help companies avoid the risk of dealing with people in the high-risk category, like Politically Exposed Persons (PEP).
Designated Non-Financial Businesses and Professions
From now on, the Designated Non-Financial Businesses and Professions (DNFBP) are out of the lower risk customer category. This is mainly because of the Financial Action Task Force (FATF’s) evaluation of Singapore’s AML/CTF measures in 2016, which showed some weaknesses of the firms. Also, demographics like country of origin, nationality, the company’s registration address, and the nature of the business may put some customers under a lower risk category.
One can analyze the risk of exposure by looking into the customer company’s structure, country of origin, nature of services, and scale of services. It counts as high-risk if there are any irregularities in these sectors. Examples of these are if the company’s structure is complex or the nature of various services is unrelated or confusing.
In Annex B of the updated guidelines for RFAs, we can see a list of indicators to help find higher risk clients and transactions. Annex C consists of Customer Acceptance and Risk Assessment forms in Part 1 and 2, respectively.
The customer acceptance form helps find personal identification details and information about the entity and the beneficial owners and PEPs. Meanwhile, the Risk Assessment form will help evaluate the nature of services and their risks based on the customer, country, and the transaction.
Depending on the above information, a customer can be low, medium, or high risk. It is up to the RFA to accept or reject them.
Risk Assessment and Customers
As a customer, you will have to be cooperative with the corporate service provider when they ask questions before developing a business relationship. Remember, failure to answer corresponding inquiries can lead to an assumption of attempting to hide sensitive information, which may be subject to unjust/unnecessary investigations. Thus, as a customer, it is your duty to know about the questions your CSP needs to ask you and answer them promptly. Some customer firms can even hire an official to communicate with the CSPs.
If there are changes in the information that you previously submitted to the CSP, make sure you communicate that to them as soon as possible.
Another sector where the updated guidelines for RFAs have affected is beneficial owners. More emphasis has been made to identify the beneficial owners of the RFA’s customer companies.
This also applies to everyone else with executive authority on the company. For limited companies, RFAs can research and verify the identity of the director and other executives. In the case of partnerships, RFAs now can ask for the identity of the company’s partners. The risk management for a beneficial owner and all their connected parties is going to be equally strict with respect to the guidelines.
Beneficiary Owners and Customers
Make sure that the information about beneficial owners and all their connected parties is complete and accurate. Similar to the risk assessment, withholding information can lead to the corporate service provider denying their service and investigations.
Customer Due Diligence
CSPs should conduct Customer Due Diligences for every client that hired them before 15 May 2015. Of course, CSPs have to do this for every new client. If it’s not possible to conduct Due Diligence prior to the relationship, you can still complete it within 14 days of signing the contract.
If even after 14 days, you can’t accomplish CDD, then the contract must be subject to termination. Another thing is to note is that the CSR can perform other CDDs at appropriate times This will depend on the risk assessment and the adequacy of information of the first CDD.
Customer Due Diligence and Customers
Customer Due Diligence is a long process. Keeping that in mind, authorities have managed a 14-day window after the establishment of a business relationship. Thus, as long as the CSP does it work on time, it wouldn’t be a hindrance for client companies to get the service they immediately want. However, client companies should be supportive of their CSP for this matter. Moreover, according to the law itself, CSPs need to end the relationship if the verification couldn’t be completed.
Internal Policies, Procedures, and Control (IPPC)
The updated guidelines have made it mandatory for RFAs to have an IPPC in place. The IPPC will ensure their services are compliant with the AML and CTF regulations. The IPPC may also be customized depending on the nature of the services, and the customer profile of the CSP.
The RFA’s employees should have good knowledge about the AML/ CFT regulations. They should also be familiar with the trends and processes of conducting ML and TF. For this, the RFA will need to train their staff annually. Furthermore, the senior management will need to actively engage themselves in the approval process of the IPPC. Of course, keeping the AML and CTF in check.
When the above is done, RFAs should have procedures that identify and report suspicious transactions of their client. Any kind of suspicious behaviour should be filed with the STR within 15 business days. The Annex B of the updated guidelines for RFAs has the indicators of such behaviours and transactions.
Internal Policies, Procedures, and Control (IPPC) and Customers
Make sure your customer service provider has an IPPC in place. Doing so will ensure you are working with people that know the law which will decrease risks of ML and TF. Make sure that you don’t suppress any required information, and be very communicative with your CSP for this matter. Also, if your Corporate Service Provider wants to know about any behaviour they think is suspicious, remember that they are doing it for everyone’s goodwill and provide the evidence materials.