Regulatory compliance
Mar 26, 2025
8 min read

AML & KYC Regulations in Singapore: A Complete Guide (2025)

This article covers everything you need to know about KYC/AML in Singapore.

Oraz Kereibayev

Oraz Kereibayev

Content Manager

Singapore has a robust and open economy, with reasonable taxes and a well-qualified labor market. The city-state focuses on doing business internationally, which has appealed to companies from all over the world. 

Thus, it’s no surprise that the World Bank ranks the country as the second best in the world for business. However, Singapore’s open economy can attract financial criminals who intend to conceal the source of their income through money laundering or fund terrorism. To mitigate this risk, Singapore has established several governmental authorities and a robust AML regulatory framework. 

Singapore has taken a number of considerable actions to strengthen its AML framework in recent years. This has generated a positive response from international organizations such as the Financial Action Task Force (FATF), which stated in its review that Singapore is steadily developing its AML regulatory framework and sufficiently ensuring that companies implement them. 

Businesses planning to launch in Singapore need to comply with all the relevant regulations and guidelines. To simplify the process, we at Sumsub have prepared this article to explain how companies can stay compliant. 

Who needs to comply with AML & KYC laws in Singapore?

AML regulations in Singapore apply to financial institutions as well as certain designated businesses, including but not limited to: 

  • Banks
  • Casinos
  • Exchange companies
  • Insurance companies
  • Securities firms
  • Brokers
  • Lawyers and accountants
  • Financial advisers
  • Real estate agents
  • Dealers of precious metals
  • Payment service providers
  • Domestic money transfer services
  • Cross-border money transfer services
  • Account issuance services
  • Merchant acquisition services
  • E‑money issuance services
  • Digital payment token services
  • Trust Companies
  • Corporate Service Providers

Who are the regulators?

The Monetary Authority of Singapore (MAS) is Singapore’s central bank and integrated financial regulator. Its focus is regulating and licensing financial institutions, such as banks, crypto-related businesses, and brokers. The MAS also publishes guidelines for other types of financial institutions such as insurance companies.

It should be noted that the MAS is not the only financial regulator in Singapore. Facilities such as casinos are overseen by the Casino Regulatory Authority of Singapore. Meanwhile, real estate agencies have to comply with Council for Estate Agencies regulations. Business entities, public accountants, and corporate service providers are regulated by the Accounting and Corporate Regulatory Authority.

Key AML & KYC laws in Singapore

The main AML regulation in Singapore is the Corruption, Drug Trafficking, and Other Serious Crimes Act 1992 (CDSA). The Act defines the roles of government authorities and imposes rules for money laundering prevention, including reporting procedures and penalties for criminals.

In November 2024, Singapore enacted the Anti-Money Laundering and Other Matters Act. It strengthens law enforcement agencies’ capabilities to prosecute money laundering offenses, clarifies processes for dealing with properties linked to suspected criminal activities, and aligns the AML/CFT framework for casino operators with Financial Action Task Force (FATF) standards.

In addition to these regulations, the National Anti-Money Laundering Strategy was published in October 2024. It outlines Singapore’s approach to addressing money laundering risks. It focuses on prevention, detection, and enforcement of a robust legal framework, and international cooperation.

Some other important AML regulations include: 

To learn more about each of these regulations, you can download our compliance guidelines here.

AML compliance requirements for businesses in Singapore

To stay compliant, companies need to follow the obligations set out by the Corruption, Drug Trafficking and other Serious Crimes (Confiscation of Benefits) Act 1992 (CDSA), which include: 

  • Establishing internal policies and procedures with regard to compliance and AML monitoring based on a risk-based approach, meaning that entities can take into consideration the size and complexity of their business
  • Communicating policies to all new employees and explaining any updates to them to existing employees at least on an annual basis
  • Adequately training staff to identify and tackle suspicious activity and be aware of the consequences of entities violating regulations or not sufficiently monitoring risk
  • Conducting business risk assessment to identify the overall ML/FT risk the business is exposed to, including the risk factors to be considered
  • Appointing a compliance officer and clearly specify their roles and responsibilities in managing the AML compliance program
  • Reporting suspicious transactions to regulatory authorities
  • Conducting Customer Due Diligence (CDD) to verify the identities of their customers, including beneficial owners
  • Inactive companies are now more readily identified and de-registered to prevent the misuse of dormant entities for illicit purposes
  • The threshold for conducting CDD in casinos has been reduced from S$10,000 to S$4,000 in order to tighten controls within the gaming sector

Suggested read: The APAC Sentinel: Effective Transaction Monitoring Tactics

KYC vs. AML: What’s the difference?

Understanding the distinction between Know Your Customer (KYC) and Anti-Money Laundering (AML) is crucial for businesses operating within regulated industries.

AspectKYC (Know Your Customer)AML (Anti-Money Laundering)
ScopeA specific process within AML focused on verifying customer identities.A broad framework of laws, policies, and procedures to fight fraud and financial crime.
ProcessInvolves identity verification, due diligence, and ongoing monitoring of customers.Includes KYC, transaction monitoring, suspicious activity reporting, and regulatory compliance.
Purpose Ensures businesses only deal with legitimate customers and assess their risk levels.Prevents money laundering, terrorism financing, and other financial crimes by enforcing strict compliance measures.
Regulatory requirementMandatory for financial institutions and regulated businesses.Enforced globally by regulators like FATF and MAS through various compliance programs.

Steps to Perform KYC in Singapore

There are certain KYC obligations that businesses in Singapore need to adhere to, in order to comply with the regulations given by MAS.

1. Outsourcing

Financial institutions should establish a risk-based approach to assess the adequacy of the outsourced party’s AML/CFT controls, as ultimate responsibility and liability remain with the financial institution. 

2. Automation

Financial institutions with larger customer volumes are expected to implement automated systems, with the ability to deal with an increased number of requests for CDD and a wide variety of customer transactions.  

Financial institutions should occasionally test and modify their transaction monitoring rules to ensure they can sufficiently identify suspicious transactions and behaviors, even in complex cases. Adjusting transaction monitoring rules is supposed to assist financial institutions to reduce the number of false positives/negatives.

3. Value transfers 

A value transfer refers to “any transaction carried out on behalf of a value transfer originator through a financial institution to make one or more digital tokens available.”

Before conducting a value transfer, an ordering institution shall:

  • “Identify the value transfer originator and take the necessary measures to verify the value transfer originator’s identity, as the case may be 
  • Record all the necessary details of the value transfer, including but not limited to the date of the value transfer, the type and value of digital token(s) transferred, and the value date. The detail requirements differ based on whether the transfer is lower or higher than S$1500.

4. Performing Customer Due Diligence (CDD)

Regulated entities have to establish proper Customer Due Diligence (CDD) procedures, which is the process of collecting and verifying information about a customer during onboarding. CDD includes identification, verification, and ongoing monitoring of information provided by customers. 

Companies should also check customers for presence on sanctions lists (e.g., OFAC, UN, HMT, EU, DFT), Politically Exposed Persons (PEP) lists, and adverse media.  Enhanced Due Diligence (EDD) must be applied to high-risk customers, non-face-to-face clients, or those from high-risk jurisdictions.

5. Provisions for PEPs

Financial institutions should obtain Senior Management approval to establish or continue business relations with Politically Exposed Persons (PEPs) and identify their sources of wealth and funds, including beneficial owners of any related entities. Additionally, they must conduct enhanced monitoring of transactions and report any unusual or suspicious activity without informing the customer.

6. Recordkeeping

Financial institutions are required to keep records of customers and transactions (value transfers and digital tokens included) for at least five years from the end of the business relationship or final transaction. Dealers of precious stones have to keep such records for the same amount of time when transactions exceed S$20,000 (approximately $15,000).

In addition to the above, account files, business correspondence, and the results of any analysis need to be kept for at least five years after the end of the business relationship.

Reporting obligations for AML compliance in Singapore

The Suspicious Transaction Reporting Office (STRO) is the main government institution responsible for receiving and analyzing AML/CFT reports. There are three types of reports that the authority may receive:

  • Suspicious Transaction Reports
  • Cash Transaction Reports
  • Cash Movement Reports

If a regulated entity identifies suspicious activity—such as discovering that a client has a history of drug-related offenses, appears in adverse media, or has conducted an unusual transaction without a clear purpose—it must promptly submit a Suspicious Transaction Report (STR) to the STRO. This report should include all transactions related to the customer in question. It is essential that the subject of the report is not informed, as doing so would be considered a “tipping-off” offense. 

Dealers of precious stones and metals have to report all transactions exceeding S$20,000 (approximately $15,000), while casinos have to report all transactions exceeding S$10,000 (approximately $7,500). Such transactions should be reported within 15 business days.

Financial institutions should engage in extensive ongoing monitoring of suspicious clients by analyzing their transactions and requesting additional information and/or documents. 

Should a financial institution decide to maintain a business relationship with a suspicious client, it should ensure that appropriate measures are taken to mitigate the risks. These measures include subjecting accounts to increased scrutiny, obtaining senior management approval before executing further transactions, and more.

Complete instructions on report submission can be found here.

Penalties for non-compliance with AML & KYC regulations

According to The Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act 1992 (CDSA), the following penalties apply to those convicted of money laundering activities:

  • For individuals: a fine of up to S$500,000 (approximately $375,000) or up to 10 years imprisonment;
  • For companies: a fine of up to S$1,000,000 (approximately $750,000) or double the amount of goods acquired through illegal activity, whichever is higher.

For companies that fail to comply with AML regulations (e.g., don’t report suspicious activities in a timely manner), the following penalties may apply:

  • Official warnings
  • Reprimands
  • Prohibition orders
  • Removal of management from their positions
  • License termination
  • Monetary penalties.

The maximum monetary penalty for financial institutions failing to meet AML obligations cannot exceed S$1,000,000 (approximately $750,000).

Challenges in AML & KYC compliance for businesses in Singapore

Implementing effective AML and KYC measures in Singapore presents several challenges for businesses:

  • Ever-evolving regulatory framework. The Monetary Authority of Singapore continually updates AML/CFT regulations to address new threats. Staying on top of these changes requires significant resources from businesses to stay compliant.
  • Complex transaction monitoring. Developing systems capable of detecting suspicious activities without generating many false positives is intricate and requires sophisticated tech. In 2023, Singapore faced its largest money laundering case involving assets worth over S$3 billion. The operation uncovered a network exploiting the financial system, showing that detecting sophisticated fraud schemes is challenging.
  • Resource constraints. Small and medium-sized enterprises often struggle with limited resources, making implementing comprehensive AML/KYC programs difficult for many.
  • High-profile money laundering cases. Recent incidents, such as the S$3 billion case, have prompted increasing scrutiny from regulators. This means that businesses need to strengthen their AML measures in order to mitigate reputational risks and possible fines.
  • Cross-border operations. Businesses that operate internationally face the challenges of aligning Singapore’s strict AML measures with changing regulations in other countries or jurisdictions. An example is the Kinahan cartel constructing an extensive money laundering network across Southeast Asia, particularly Singapore and Indonesia. The cartel utilized shell companies and complex financial schemes to obscure their fund origins, which shows how easy it is to manipulate international firms without strong AML measures.

Future of AML & KYC regulations in Singapore

Singapore is proactively improving its KYC and AML regulations to help fight evolving financial crime threats and maintain its status as a secure financial hub. One of Singapore’s current focuses is the integration of AI to assist with fraud detection and verification processes.

The Monetary Authority of Singapore is encouraging the adoption of advanced technologies and AI solutions. AI-driven solutions like real-time transaction monitoring, behavioral analysis, deepfake detection, Liveness, and identity verification present several advantages:

  • AI systems can analyze vast amounts of transaction data in real-time to identify unusual patterns and fraudulent activity
  • AI can distinguish between legitimate users and potential fraudsters by assessing user behavior, reducing false positives
  • AI tools are being developed to detect anomalies in video and audio more easily
  • AI-powered platforms streamline and quicken the identity verification process

Singapore is participating in global initiatives and collaborations to strengthen financial security. For example, it plans to use Swift’s AI-Powered Fraud Detection, which is set to launch in 2025. The service utilizes AI to analyze transaction data and flag suspicious activities in real-time.

By integrating AI or infrastructures like Local Data Processing into AML and KYC frameworks, Singapore can create a more resilient financial system that can adapt to emerging threats while keeping up with regulatory compliance.

What the Fraud Summit 2025

Fraud became too easily available. At WTF Summit, industry top dogs from fintech and crypto will share what the new future brings—alongside resilience strategies you can readily act on.

Learn more
What the Fraud Summit 2025

FAQ

  • How often should businesses update KYC information in Singapore?

    Businesses should update KYC information periodically, with the frequency determined by the customer’s risk profile. For instance, higher-risk customers require more frequent reviews.

  • What are the penalties for KYC and AML non-compliance in Singapore?

    Non-compliance can result in large fines, revocation of business licenses, and other legal actions. For example, financial institutions that fail to follow MAS’s AML policies risk penalties of up to S$1 million (approx US$774,000) per offense.

  • Can businesses use third-party KYC providers in Singapore?

    Yes, businesses can engage third-party providers for KYC processes, but they remain responsible for ensuring compliance with regulatory standards.

  • What are the red flags for suspicious transactions under AML laws?

    Indicators include unusual transaction patterns, inconsistencies in customer information, and activities that don’t align with a customer’s known profile.

  • How does MAS monitor and enforce AML & KYC compliance?

    The MAS oversees compliance through regular audits, enforcement actions, and penalties for various violations.

AMLCDDFinancial InstitutionsPenaltiesReportingRisk-Based ApproachSingaporeVirtual Assets

Explore more

AML/KYC Guide to Germany, the World’s Top Crypto Economy
AML/KYC Guide to Germany, the World’s Top Crypto Economy
Daria Sav

Daria Sav

Senior editor

Crypto in Turkey: Is It Legal? Updated Rules and Regulations (2025)
Crypto in Turkey: Is It Legal? Updated Rules and Regulations (2025)
Polina Rebeka

Polina Rebeka

Content Manager

Money Laundering in Malaysia 2025–How to Comply with New AML Regulations
Money Laundering in Malaysia 2025–How to Comply with New AML Regulations
Oraz Kereibayev

Oraz Kereibayev

Content Manager