Compliance Hub

Transaction Monitoring in Singapore: MAS Requirements and Best Practices

Site Logo
Tookitaki
14 Apr 2026
5 min
read

In August 2023, Singapore Police Force executed the largest money laundering operation in the country's history. S$3 billion in assets were seized from ten foreign nationals who had moved funds through Singapore's financial system for years — through banks, through licensed payment institutions, through corporate accounts holding everything from luxury cars to commercial property.

For compliance teams at Singapore-licensed financial institutions, the question that followed was not abstract. It was: would our transaction monitoring have caught this?

MAS has been examining that question across the industry since, through an intensified supervisory programme that has put transaction monitoring under closer scrutiny than at any point in the past decade. This guide covers what Singapore law requires, what MAS examiners actually check, and what a genuinely effective transaction monitoring programme looks like in a Singapore context.

Talk to an Expert

Singapore's Transaction Monitoring Regulatory Framework

Transaction monitoring obligations in Singapore flow from three regulatory instruments. Understanding the differences between them matters — particularly for payment service providers, whose obligations are sometimes confused with bank requirements.

MAS Notice 626 (Banks)

MAS Notice 626, issued under the Banking Act, is the primary AML/CFT requirement for Singapore-licensed banks. Paragraphs 19–27 set out monitoring requirements: banks must implement systems to detect unusual or suspicious transactions, investigate alerts within defined timeframes, and document monitoring outcomes in a form that MAS can review.

The full obligations under Notice 626 are covered in detail in our [MAS Notice 626 Transaction Monitoring Requirements guide](/compliance-hub/mas-notice-626-transaction-monitoring). What matters for this discussion is that Notice 626 sets a floor, not a ceiling. MAS expectations in examination have consistently run ahead of the minimum text.

MAS Notices PSN01 and PSN02 (Payment Service Providers)

Since the Payment Services Act (PSA) came into force in 2020, licensed payment institutions — standard payment institutions and major payment institutions — have had AML/CFT obligations that mirror the core requirements of Notice 626, adapted for the payment services context.

A cross-border remittance operator has the same obligation to monitor for unusual activity as a bank. The typologies look different — faster transaction cycling, higher cross-border transfer volumes, shorter customer history — but the regulatory requirement is equivalent.

This matters because some licensed payment institutions still treat their monitoring obligations as lighter than bank-grade. MAS examination findings published in the 2024 supervisory expectations document specifically noted that AML controls at payment institutions were "less mature" than at banks — which means this is now an examination priority.

MAS AML/CFT Supervisory Expectations (2024)

The 2024 MAS supervisory expectations document is the most direct signal of what MAS is looking for. It followed the 2023 enforcement action and a broader review of AML/CFT controls across supervised institutions.

Transaction monitoring appears in three of the five priority areas in that document:

  • Alert logic that is not calibrated to the institution's specific risk profile
  • Insufficient monitoring intensity for high-risk customers
  • Weak documentation of alert investigation outcomes

None of these are technical failures. They are process and governance failures — which is what makes them significant. An institution can have sophisticated monitoring software and still fail on all three.

What MAS Examiners Actually Check

Notice 626 describes what is required. MAS examinations test whether requirements are met in practice. Based on examination findings and regulatory guidance, MAS reviewers focus on four areas in transaction monitoring assessments.

Alert calibration against actual risk

MAS does not expect every institution to use the same alert thresholds. It expects every institution to use thresholds that reflect its own customer risk profile.

An institution whose customers are predominantly high-net-worth individuals with complex cross-border financial structures should have monitoring rules calibrated for that population — not rules designed for retail banking that happen to flag some of the same transactions.

In practice, examiners ask: how were these thresholds set? When were they last reviewed? What changed in your customer book since the last calibration, and how did the monitoring reflect that? Institutions that cannot answer these questions specifically — with dates, documented rationale, and sign-off from a named senior officer — are likely to receive findings.

Alert investigation documentation

This is where most examination failures occur, and it is not because institutions failed to review alerts.

MAS expects a written record for each alert: what the analyst found, why the transaction was or was not considered suspicious, and what action was or was not taken. A disposition of "reviewed — no SAR required" without supporting rationale does not satisfy this requirement. The expectation is closer to: "reviewed the customer's transaction history, the stated purpose of the account, and the counterparty profile. The transaction pattern is consistent with the customer's documented business activities and does not meet the threshold for filing."

Institutions that have good detection logic but poor investigation documentation often present worse in examination than institutions with simpler detection that document everything carefully.

Coverage of high-risk customers

FATF Recommendation 10 and Notice 626 both require enhanced monitoring for high-risk customers. MAS examiners check whether the monitoring programme reflects this operationally — not just in policy.

A specific check: do high-risk customers generate more alerts per capita than standard-risk customers? If not, one of two things is happening: either the monitoring programme is not applying enhanced measures to high-risk accounts, or it is applying enhanced measures but they are not generating additional alerts — which means the enhanced measures are not actually detecting more.

Either way, the institution needs to be able to explain the distribution clearly.

The audit trail

When MAS examines a monitoring programme, examiners review a sample of alerts from the past 12 months. For each sampled alert, they should be able to see: which rule or model triggered it, when it was assigned for investigation, who reviewed it, what the disposition decision was, the written rationale, and whether an STR was filed.

If any of these elements cannot be produced — because the system does not log them, or because records were not retained — the examination finding is straightforward.

Post-2023: What Changed

The 2023 enforcement action changed the operational context for transaction monitoring in Singapore in three specific ways.

Typology libraries need to reflect the patterns that were missed. The S$3 billion case involved specific patterns: shell companies receiving large transfers followed by property purchases, multiple entities with overlapping beneficial ownership, cash-intensive businesses used to layer funds into the formal banking system. These are not novel typologies — FATF and MAS had documented them before 2023. The question is whether monitoring rules were actually in place to detect them.

MAS has increased examination intensity. Following the 2023 case, MAS publicly committed to strengthening AML/CFT supervision, including more frequent and more intrusive examinations of systemically important institutions. Compliance teams that previously experienced relatively light-touch monitoring reviews should expect more detailed examination engagement going forward.

The reputational context for non-compliance has shifted. Before 2023, AML failures in Singapore were largely a technical compliance matter. After an enforcement action that received global coverage and led to diplomatic implications, the reputational consequences of a significant AML failure for a Singapore-licensed institution are much more visible.

Transaction Monitoring for PSA-Licensed Payment Institutions

For firms licensed under the PSA, there are specific practical considerations that bank-focused guidance does not address.

Shorter customer history. Payment service firms typically have shorter customer relationships than banks — sometimes months rather than years. ML-based anomaly detection models need historical data to establish baseline behaviour. When that history is limited, rules-based detection of known typologies needs to carry more weight in the alert logic.

Cross-border transaction volumes. PSA licensees handling international remittances have inherently higher cross-border exposure. Monitoring typologies must specifically address: structuring across multiple corridors, unusual shifts in destination country distribution, and dormant accounts that suddenly receive high-volume cross-border inflows.

Account lifecycle monitoring. New accounts that begin transacting immediately at high volume, or accounts that show no activity for an extended period before suddenly becoming active, are specific patterns that PSA-specific monitoring rules should address.

MAS has stated directly that it expects payment institutions to "uplift" their AML/CFT controls to a level closer to bank-grade. For transaction monitoring specifically, that means investment in calibration, documentation, and governance — not simply deploying a vendor system and assuming requirements are met.

Focused professional in modern office setting

What Effective Transaction Monitoring Looks Like in Singapore

Across MAS guidance, examination findings, and the post-2023 supervisory environment, an effective Singapore TM programme has six characteristics:

1. Documented calibration rationale. Alert thresholds are set with reference to the institution's customer risk assessment and reviewed when the customer book changes. Every threshold has a documented basis.

2. Coverage of Singapore-specific typologies. Beyond generic AML typologies, the monitoring library includes patterns documented in Singapore enforcement actions: shell company structuring, property-linked layering, cross-border transfer cycling across high-risk jurisdictions.

3. Alert investigation documentation that can survive examination. Every alert has a written disposition, not a checkbox. High-risk customer alerts have enhanced documentation. STR filings link back to specific alerts.

4. Defined escalation process. When an analyst is uncertain, there is a clear path to the Money Laundering Reporting Officer. Escalation decisions are recorded.

5. Regular calibration review. The monitoring programme is tested — whether through independent review, internal audit, or structured self-assessment — at least annually. Results and follow-up actions are documented.

6. Model governance for ML components. Where ML-based detection is used, model performance is tracked, validation is documented, and retraining triggers are defined. The validation record sits with the institution.

Taking the Next Step

If your institution is preparing for a MAS examination, reviewing its monitoring programme post-2023, or evaluating new transaction monitoring software, the starting point is a clear-eyed assessment of where your current programme sits against MAS expectations.

Tookitaki's FinCense platform is used by financial institutions across Singapore, Malaysia, Australia, and the Philippines. It is pre-configured with APAC-specific typologies — including patterns documented in Singapore enforcement actions and produces alert documentation in the format MAS examiners review.

Book a discussion with Tookitaki's team to see FinCense in a live environment calibrated for your institution type and region.

For a broader introduction to transaction monitoring requirements across all five APAC markets — Singapore, Australia, Malaysia, Philippines, and New Zealand — see our [complete transaction monitoring guide].

Talk to an Expert

Ready to Streamline Your Anti-Financial Crime Compliance?

Our Thought Leadership Guides

Blogs
10 Jul 2026
6 min
read

Sanctions Screening for Fintechs in APAC: What MAS, BNM and BSP Require

PSPs, e-wallets, and digital banks in Singapore, Malaysia, and the Philippines face the same sanctions screening obligations as traditional banks. This guide covers what MAS, BNM, and BSP require, and the specific compliance challenges fintechs face at scale.

Sanctions Screening for Fintechs in APAC: What MAS, BNM and BSP Require
Blogs
09 Jul 2026
5 min
read

Sanctions Screening in Australia: Obligations for Banks and Financial Institutions

Sanctions compliance in Australia sits across two regulatory frameworks: DFAT's sanctions legislation and AUSTRAC's AML/CTF program requirements. This guide covers what financial institutions must screen against, who enforces what, and where compliance programmes commonly fall short.

Sanctions Screening in Australia: Obligations for Banks and Financial Institutions
Blogs
09 Jul 2026
5 min
read

Sanctions Screening in Malaysia: What BNM Requires from Banks and Fintechs

BNM requires all licensed financial institutions and payment service providers in Malaysia to screen customers and transactions against targeted financial sanctions lists. This guide covers the legal obligations, required lists, operational standards, and common examination findings.

Sanctions Screening in Malaysia: What BNM Requires from Banks and Fintechs