MAS Notice 626: AML/CFT Requirements for Singapore Banks and Financial Institutions

MAS Notice 626 — "Prevention of Money Laundering and Countering the Financing of Terrorism — Banks" — is the primary AML/CFT compliance instrument for banks licensed under the Banking Act in Singapore. It sets the obligations that MAS examines against, the standard against which deficiencies are cited, and the benchmark that the compliance function at every Singapore-licensed bank is built around.

The Notice applies to all banks licensed by MAS, including full banks, wholesale banks, and merchant banks operating in Singapore. Related notices extend equivalent obligations to other regulated entities: MAS Notice 1014 for merchant banks and MAS Notice 3001 for finance companies operate on the same framework. This guide focuses on Notice 626 and the bank-specific compliance obligations it creates.

Notice 626 was substantially updated in 2021 to align with revised FATF standards, including updates to beneficial ownership requirements, correspondent banking obligations, and wire transfer rules. Banks operating on older compliance programmes should treat the 2021 revision as the baseline — MAS examinations reference the current version, not the pre-revision text.

Who Notice 626 applies to

Notice 626 applies to banks licensed under the Banking Act and their branches and subsidiaries operating in Singapore. This includes:

• Full banks (retail and wholesale)
• Wholesale banks conducting non-retail banking business
• Merchant banks holding a merchant bank approval

Foreign bank branches operating in Singapore are subject to the same obligations as locally incorporated banks in respect of their Singapore business. A foreign bank cannot rely on its home-country AML programme to satisfy Notice 626 — the Singapore operations must independently meet the Notice's requirements, subject to MAS's branch-specific guidance on programme documentation.

Core obligations under Notice 626

Customer due diligence

Notice 626 requires banks to conduct CDD for all customers and to understand the nature and purpose of each business relationship. The standard CDD obligation applies at onboarding and on an ongoing basis.

For occasional transactions — transactions conducted outside an established business relationship — CDD is required when the transaction value reaches or exceeds SGD 5,000 (or its equivalent in foreign currency) for a single transaction or a series of linked transactions.

CDD must cover:

• Identity verification for individuals, using reliable and independent documents
• For corporate customers: identity of the entity, its legal structure, and the identity and verification of beneficial owners holding 25% or more of the entity
• Understanding the nature and purpose of the business relationship
• Ongoing monitoring to keep the customer's risk profile current

Banks must also identify and verify the identity of persons purporting to act on behalf of customers, and satisfy themselves that those persons are authorised to do so.

Enhanced due diligence

Enhanced due diligence is required for customers and transactions assessed as higher risk. Notice 626 specifies the categories that trigger EDD:

Politically exposed persons (PEPs): Foreign PEPs require EDD at onboarding and throughout the relationship. Domestic PEPs require a risk assessment, with EDD applied where the assessment indicates elevated risk. PEP status extends to immediate family members and close associates.

Correspondent banking: EDD applies to all correspondent banking relationships. Banks must assess the AML/CFT controls of the correspondent institution, satisfy themselves that the correspondent is not a shell bank, and understand the nature of the correspondent's customer base and the jurisdictions it operates in. Nested correspondents — where the correspondent provides services to other financial institutions through the relationship — require specific identification and assessment.

Customers from high-risk jurisdictions: Customers whose funds originate from or are destined for FATF grey or black-listed jurisdictions require EDD. The applicable list reflects FATF's current public statements, which MAS expects banks to monitor and incorporate into their risk assessments without waiting for formal guidance updates.

Any customer or transaction assessed as high-risk: Beyond the specified categories, banks must apply EDD wherever their risk assessment identifies elevated ML/TF risk, regardless of whether the customer or transaction falls into one of the named categories.

EDD requires obtaining additional information on the customer, the source of funds, and the intended nature of the relationship, and obtaining senior management approval before establishing or continuing the relationship.

Transaction monitoring

Notice 626 requires ongoing monitoring of customer transactions to detect patterns inconsistent with the customer's known profile or the stated purpose of the relationship. The monitoring obligation is not satisfied by periodic manual review — it requires a systematic process capable of identifying suspicious patterns across the full transaction population.

MAS's supervisory expectations on transaction monitoring are detailed in its published guidance and examination findings. The key requirements are:

• Alert rules calibrated to the bank's specific customer base and risk profile, not generic industry-standard rules applied without adaptation
• Investigation workflows that produce documented analysis of each alert reviewed, including the basis for closing an alert without filing an STR
• Audit trails that allow MAS to reconstruct the investigation path from alert to disposition
• Regular tuning of alert rules to address new typologies and to eliminate rules that consistently produce false positives without generating genuine suspicious activity

For a detailed breakdown of MAS's transaction monitoring requirements and calibration expectations, see our transaction monitoring in Singapore guide.

Wire transfer requirements

Following the FATF Recommendation 16 framework, Notice 626 requires banks to collect, retain, and transmit originator and beneficiary information for wire transfers. For transfers above SGD 1,500, the ordering bank must obtain and verify originator information and include it in the transfer message. Beneficiary banks must verify that transfer messages contain complete originator information and take appropriate action — including filing an STR — when information is missing or incomplete.

For cross-border transfers, the travel rule obligation extends to every leg of the transaction. Correspondent banking chains that pass through intermediary institutions must preserve originator and beneficiary information throughout.

Suspicious transaction reporting

The STR obligation under Notice 626 derives from section 39 of the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act (CDSA). Banks must file with STRO — the Suspicious Transaction Reporting Office under the Commercial Affairs Department — when they know or have reasonable grounds to suspect that a transaction or attempted transaction involves proceeds of any serious crime, or is connected to terrorism financing.

There is no minimum value threshold. The obligation arises at the point of suspicion, not after investigation is complete. MAS examination findings consistently identify two failures in STR practice: delayed filing (where investigation is used to delay rather than inform the filing decision) and incomplete narratives (where the filing documents that suspicion existed but not what the specific indicators were or what investigation steps were taken before filing).

The tipping-off prohibition applies: banks must not disclose to the customer or any other person that an STR has been filed or is being considered.

Record keeping

All CDD documents, transaction records, and investigation files must be retained for a minimum of five years from the date the transaction was conducted or the date the business relationship ended, whichever is later. Records must be maintained in a form that allows MAS to reconstruct individual transactions and produce them promptly on request.

What MAS examines

MAS's examination programme for banks under Notice 626 focuses on five areas where documentation gaps and operational failures are most commonly found:

CDD quality at onboarding: Examiners pull samples of new accounts and check whether verification was performed correctly, whether beneficial ownership was identified for corporate customers, and whether the relationship purpose was documented in a form that could inform monitoring. A signed form with "general banking" as the relationship purpose does not satisfy this requirement.

EDD for PEPs and high-risk customers: Examiners check whether PEP screening is running at onboarding and on a triggered basis, whether EDD was obtained for all customers meeting the threshold, and whether senior management approval was documented before EDD-triggered accounts were onboarded.

Transaction monitoring calibration: Examiners request the bank's alert rule documentation and compare it to the institution's customer profile and risk assessment. Rules that are generic, untuned, or copied from a prior system without adaptation are a recurring finding. MAS also examines the false positive rate and whether the bank has a process for tuning rules based on investigation outcomes.

STR narrative quality: Examiners review a sample of filed STRs for narrative completeness. A compliant STR filing documents the specific behaviour that triggered suspicion, the investigation steps taken, and the evidence reviewed. MAS does not evaluate STR quality only by filing volume or timeliness.

Correspondent banking due diligence: For banks with correspondent relationships, examiners check whether correspondent assessments were conducted, documented, and updated. A correspondent onboarded before the 2021 Notice revision may not have been assessed against current standards.

How Tookitaki’s FinCense supports MAS Notice 626 compliance

FinCense's transaction monitoring module is built for the specific requirements MAS sets in Notice 626. Scenario-based detection draws on typology intelligence from the Anti Financial Crime (AFC) Ecosystem — a federated network of 30+ APAC financial institutions — so alert logic reflects current financial crime patterns rather than static rules. Automated Threshold Tuning calibrates monitoring thresholds to distinct customer segments within the bank's portfolio, addressing the calibration standard MAS examiners test directly.

FinCense's case management environment connects alert, investigation, and STR reporting in a single view. AI-generated investigation notes document the specific indicators of suspicion and the steps taken for each case, directly improving the narrative quality of STRs filed with STRO. The investigation record provides the audit trail MAS expects to find when examining the bank's monitoring programme.

For a full overview of how FinCense supports AML compliance for Singapore banks, see our Singapore AML compliance guide. For KYC and CDD specifics under MAS's framework, see our KYC requirements in Singapore guide.

To see how FinCense handles Notice 626 compliance in practice, book a demo with our Singapore team.

Frequently asked questions

What is MAS Notice 626?

MAS Notice 626 is the primary AML/CFT regulatory notice for banks in Singapore, issued under the Banking Act. It sets out the obligations for customer due diligence, enhanced due diligence, transaction monitoring, wire transfer compliance, suspicious transaction reporting, and record keeping that MAS-licensed banks must meet.

Who does MAS Notice 626 apply to?

Notice 626 applies to full banks, wholesale banks, and merchant banks licensed by MAS under the Banking Act. Foreign bank branches operating in Singapore must comply with Notice 626 for their Singapore operations. Related notices (MAS Notice 1014 and Notice 3001) extend equivalent obligations to merchant banks and finance companies.

What is the CDD threshold under MAS Notice 626?

For occasional transactions — those outside an established business relationship — Notice 626 requires CDD when the transaction value reaches SGD 5,000 or above. For customers in an established relationship, CDD applies at onboarding and on an ongoing basis regardless of individual transaction values.

When must a bank file an STR under Notice 626?

An STR must be filed with STRO when the bank has reasonable grounds to suspect that a transaction involves proceeds of a serious crime or is connected to terrorism financing. There is no minimum value threshold. The obligation arises at the point suspicion forms, not after investigation is complete.

How long must records be kept under Notice 626?

All CDD documents and transaction records must be retained for at least five years from the date of the transaction or the end of the business relationship, whichever is later.

What triggers enhanced due diligence under Notice 626?

EDD is required for foreign PEPs and their family members and close associates, all correspondent banking relationships, customers from FATF grey or black-listed jurisdictions, and any customer or transaction the bank's risk assessment classifies as higher risk.