Compliance Hub

Unearthing the Secrets: Shedding Light on Money Laundering Techniques in the Digital Age

Tookitaki

19 May 2020

10 min

read

Money laundering, a practice deeply rooted in history, persists as a persistent menace to the worldwide economy. It erodes the very foundations of financial systems, empowering illicit enterprises to flourish. With the relentless march of technology, money laundering has undergone a metamorphosis, aligning itself with the digital era. As a result, there is an urgent need for advanced detection techniques and preventive measures.

This comprehensive article ventures into the labyrinthine intricacies of money laundering, illuminating its methodologies, and strategies for detection and emphasising the utmost importance of unwavering vigilance in protecting against this nefarious activity.

What is Money Laundering?

Money laundering stands as a sophisticated method employed to veil the true source of unlawfully obtained funds, camouflaging them to appear lawful. It encompasses a series of intricate manoeuvres aimed at converting ill-gotten gains, often stemming from illicit activities like drug trafficking, fraud, or corruption, into seemingly legitimate assets.

The multifaceted nature of this process unfolds in three distinct stages: placement, layering, and integration, each playing a crucial role in obfuscating the illicit origins and seamlessly integrating the funds into the legitimate financial system.

Money Laundering Techniques

Structuring

Structuring, alternatively referred to as smurfing or the practice of structuring deposits, encompasses the meticulous process of fragmenting substantial sums of illicit funds into smaller, more inconspicuous transactions. The primary objective of this technique is to cunningly sidestep financial reporting obligations and mitigate the level of scrutiny imposed by vigilant authorities. By adopting this approach, money launderers strive to remain under the radar and elude the prying eyes of regulatory entities.

Bulk Cash Smuggling

Bulk cash smuggling encompasses the illicit practice of physically conveying significant volumes of currency across borders or regions, deftly evading the watchful eyes of regulatory controls and sophisticated detection systems. In pursuit of their nefarious objectives, criminals frequently exploit susceptible transportation avenues, skillfully manoeuvring to transport their unlawfully acquired funds discreetly.

Cash-Intensive Businesses

Money launderers strategically capitalize on cash-intensive enterprises, encompassing establishments such as bustling casinos, thriving restaurants, and bustling retail stores, wherein substantial cash transactions are commonplace. With finesse, they intermingle their illicitly acquired funds with the lawful revenue generated by these businesses, cunningly shrouding the dubious origins of their monetary gains.

Investments in Commodities

By engaging in investments within the realm of commodities, encompassing valuable assets like precious metals, exquisite gemstones, or captivating artwork, money launderers skillfully exploit an avenue to imbue their ill-gotten gains with an aura of legitimacy. These alluring assets, prized for their inherent value, boast the advantage of portability, easy storage, and seamless saleability, rendering the task of tracing the funds' initial source a perplexing challenge.

Trade-Based Laundering

Trade-based laundering encompasses the deceptive manipulation of international trade transactions, artfully obfuscating the authentic value attributed to the goods or services being traded. Through crafty schemes involving misrepresenting prices, quantities, or even the commodities' quality, criminals ingeniously navigate the intricate realm of cross-border transactions. This intricate web of deceit enables them to clandestinely move funds across borders, seamlessly camouflaging the illicit origins of their monetary dealings.

Shell Companies and Trusts

Shell companies and trusts serve as instrumental tools utilised to weave an intricate tapestry of interrelated transactions, deliberately adding layers of complexity that pose significant hurdles to tracing the flow of funds. The crafty stratagem employed by money launderers involves the establishment of entities devoid of any genuine business purpose, enabling them to cloak the authentic ownership and control of their assets in a shroud of ambiguity.

Round-Tripping

Round-tripping encompasses the deceptive practice of artificially magnifying transactions, artfully crafting a mirage of bona fide economic activity. Crafty criminals deftly navigate a labyrinthine path, skillfully manoeuvring funds through a convoluted network of intermediaries or jurisdictions. In doing so, they adeptly cloak the funds' true origins and intended purpose, casting a veil of opacity over their illicit endeavours.

Bank Capture

Bank capture pertains to the malevolent infiltration of financial institutions by criminals who skillfully exploit vulnerabilities inherent within the intricate fabric of the banking system. Through cunning manipulation of internal processes or clandestine collusion with complicit bank employees, these unscrupulous actors navigate the institution's inner workings, covertly channelling illicit funds through seemingly legitimate avenues, evading detection and raising minimal suspicion.

Casinos

Money launderers frequently seize upon the abundant opportunities presented by casinos, enticed by the sheer magnitude of cash transactions and the relatively restricted regulatory oversight. Skillfully leveraging this environment, they ingeniously convert their illicit funds into casino chips, engaging in a transient period of gambling to give an illusion of legitimacy to their tainted wealth.

Subsequently, these astute criminals proceed to redeem their chips, obtaining a check in return. This clever manoeuvre effectively conceals the illicit origins of the funds and grants an appearance of lawful validation.

Other Gambling

In addition to casinos, money launderers may readily exploit an array of alternative gambling avenues, spanning from online gambling platforms and sports betting to the realm of lottery systems. Within these diverse domains, characterized by substantial cash flow and an inherent cloak of anonymity, money launderers find alluring opportunities to cleanse their illicit funds. The enticing amalgamation of considerable monetary transactions and the veiled nature of gambling activities renders it an enticing choice for those seeking to obscure the origins of their ill-gotten gains.

Black Salaries

Black salaries denote the illicit practice of remunerating employees through covert means, operating outside the boundaries of official documentation and legitimate record-keeping. This clandestine technique provides a cloak for criminals, enabling them to seamlessly blend their ill-gotten funds into the fabric of the lawful economy, masquerading as bona fide salary disbursements.

Tax Amnesties

Money launderers, on occasion, capitalize on the availability of tax amnesty programs or voluntary disclosure initiatives extended by governmental bodies. By subjecting previously undisclosed funds to tax payment, these unscrupulous individuals can manipulate the system to bestow a cloak of legitimacy upon their ill-gotten riches, effectively sidestepping intensified scrutiny.

Business Email Compromise

In this era of rapid digital advancements, criminals have honed their skills in the realm of money laundering, employing intricate methodologies such as the notorious business email compromise (BEC). This sophisticated technique entails assuming the identity of a genuine business entity through deceptive email communications, cunningly manipulating unsuspecting individuals into unknowingly transferring funds to fraudulent accounts, thereby facilitating the illicit flow of money.

Transaction Laundering

Transaction laundering revolves around the devious art of camouflaging illicit transactions within the guise of a lawful stream of payments. Crafty money launderers skillfully exploit legitimate platforms or businesses as conduits to process their nefarious transactions, effectively concealing the underlying illegal activity and rendering detection a formidable challenge.

Cyber-laundering

In the wake of the burgeoning prominence of cryptocurrencies and the emergence of online financial systems, money laundering has expanded its horizons through the realm of cyber-laundering. Astute criminals harness the power of digital currencies, leverage anonymous online transactions, and navigate intricate webs of financial networks, deftly obscuring the true origins and destinations of their illicit funds.

Money Laundering in the Digital Age

The digital age has presented both challenges and opportunities in the realm of money laundering. The rapid advancement of technology has facilitated the movement of funds across borders, increased anonymity, and provided innovative means for concealing illegal activities. Virtual currencies, online payment systems, and decentralised platforms have become attractive tools for money launderers.

Financial institutions and law enforcement agencies must adapt their detection methods and employ advanced technologies to track illicit transactions in the digital landscape to combat this evolving threat.

Detecting Digital Money Laundering

In order to proficiently identify instances of digital money laundering, institutions must harness the power of cutting-edge analytics, machine learning, and artificial intelligence algorithms. These innovative technologies possess the capability to scrutinize vast quantities of data, unveil intricate patterns, and expose irregularities that serve as red flags for money laundering activities.

Establishing and implementing robust Know Your Customer (KYC) procedures, fortified transaction monitoring systems, and fostering collaborative data-sharing initiatives between institutions and regulatory bodies emerge as pivotal measures in the relentless fight against digital money laundering.

Ways to Prevent Money Laundering

The prevention of money laundering necessitates adopting a comprehensive approach encompassing robust regulatory frameworks, stringent enforcement mechanisms, and proactive measures undertaken by financial institutions. Deploying a wide array of effective strategies, some notable approaches include:

Enhanced Due Diligence: Instituting comprehensive measures for customer due diligence, encompassing meticulous verification of customer identities, diligent assessment of their risk profiles, and continuous monitoring of transactions to identify any signs of suspicious activity.
Regulatory Compliance: Ensuring unwavering adherence to anti-money laundering (AML) and counter-terrorism financing (CTF) regulations prescribed by regulatory authorities while perpetually updating internal policies and procedures to stay abreast of ever-evolving threats.
Training and Awareness: Regularly equipping employees with tailored training sessions to hone their ability to identify telltale indicators, comprehend intricate money laundering techniques, and diligently report any suspicious activities to the appropriate authorities.
Collaboration and Information Sharing: Actively fostering a culture of collaboration among financial institutions, law enforcement agencies, and regulatory bodies, promoting the seamless exchange of valuable intelligence and reinforcing collective efforts to combat the insidious practice of money laundering.
Technological Solutions: Making strategic investments in state-of-the-art technological solutions, harnessing the power of cutting-edge systems powered by artificial intelligence, blockchain analytics, and advanced transaction monitoring tools. This proactive approach enhances detection capabilities, elevates risk assessment processes, and fortifies the collective arsenal against the pervasive threat of money laundering.

Final Thoughts

Money laundering continues to pose a formidable challenge to the global financial system, exerting profound threats upon the integrity and stability of economies spanning the globe. Recognizing and comprehending the diverse array of techniques employed by money launderers, particularly in the era of digital advancements, assumes paramount importance in formulating robust strategies for detection and prevention. Embracing cutting-edge technologies, fostering collaborative endeavours, and implementing stringent compliance measures serve as the pillars upon which we can bolster our ability to identify and deter money laundering activities effectively.

In this age of unparalleled digital transformation, maintaining unwavering vigilance and agile adaptability to the ever-evolving landscape of money laundering emerge as indispensable imperatives. By steadfastly embracing a proactive stance and incessantly refining our detection methodologies, we fortify the bulwarks that safeguard our financial systems, shield legitimate enterprises, and contribute resolutely to the global crusade against illicit activities.

Let us always bear in mind that the battle against money laundering demands an unwavering collective effort. Financial institutions, regulatory bodies, law enforcement agencies, and individuals must join forces, hand in hand, in the tireless pursuit of exposing the shadows, unearthing illicit funds, and forging a financial environment that radiates transparency and security for the welfare of all.

FAQs (Frequently Asked Questions)

Q: What is the primary goal of money laundering?

A: The primary goal of money laundering is to make illegally obtained funds appear legitimate by disguising their true origins and integrating them into the legal economy.

Q: How does money laundering in the digital age differ from traditional methods?

A: Money laundering in the digital age takes advantage of technological advancements, such as cryptocurrencies and online platforms, to facilitate illicit transactions. It allows criminals to exploit the speed, anonymity, and global reach of digital financial systems.

Q: How do criminals use shell companies and trusts for money laundering?

A: Criminals establish shell companies and trusts to create a complex web of transactions, making it difficult to trace the flow of funds. These entities provide a façade of legitimacy, allowing money launderers to obscure the true ownership and control of their assets.

Q: What are some effective methods for detecting digital money laundering?

A: Detecting digital money laundering involves leveraging advanced technologies like artificial intelligence and machine learning algorithms. Apart from analysing sizable amounts of data, these technologies can identify patterns and detect anomalies that can indicate money laundering activities.

Q: How can financial institutions prevent money laundering?

A: Financial institutions can prevent money laundering by implementing enhanced due diligence measures, complying with regulatory frameworks, providing comprehensive employee training, promoting collaboration and information sharing, and investing in advanced technological solutions for transaction monitoring and risk assessment.

Q: What role do regulatory bodies and law enforcement agencies play in combating money laundering?

A: Regulatory bodies and law enforcement agencies play a crucial role in setting and enforcing anti-money laundering regulations, conducting investigations, sharing intelligence, and collaborating with financial institutions to detect and prevent money laundering activities.

Q: Why is it important for individuals to report suspicious activities related to money laundering?

A: Individuals play a vital role in the fight against money laundering by being vigilant and reporting any suspicious activities they come across. Reporting such activities can help authorities uncover illicit transactions, disrupt criminal networks, and safeguard the integrity of the financial system.

Q: How can technology contribute to the prevention of money laundering?

A: Technology can contribute to the prevention of money laundering by providing advanced analytics, transaction monitoring tools, and blockchain analytics. These technologies enhance detection capabilities, improve risk assessment processes, and enable more effective identification of suspicious transactions.

Q: What are the potential consequences of failing to prevent money laundering?

A: Failing to prevent money laundering can have severe consequences, including reputational damage, financial losses, legal repercussions, regulatory sanctions, and the facilitation of criminal activities such as drug trafficking, terrorism financing, and corruption.

Q: Why is collaboration between different stakeholders crucial in combating money laundering?

A: Collaboration between financial institutions, regulatory bodies, law enforcement agencies, and individuals is crucial in combating money laundering. It facilitates the sharing of information, intelligence, and best practices, strengthens detection capabilities, and enhances the overall effectiveness of anti-money laundering efforts.

Experience the most intelligent AML and fraud prevention platform

Talk to an expert

Experience the most intelligent AML and fraud prevention platform

Download Now

Experience the most intelligent AML and fraud prevention platform

Download Now

Top AML Scenarios in ASEAN

Download Now

The Role of AML Software in Compliance

Download Now

The Role of AML Software in Compliance

Download Now

Talk to an Expert

Ready to Streamline Your Anti-Financial Crime Compliance?

Get Started

Our Thought Leadership Guides

Compliance Hubs

22 May 2026

6 min

read

Best AML Software for Singapore: What MAS-Regulated Institutions Need to Evaluate

“Best” isn’t about brand—it’s about fit, foresight, and future readiness.

When compliance teams search for the “best AML software,” they often face a sea of comparisons and vendor rankings. But in reality, what defines the best tool for one institution may fall short for another. In Singapore’s dynamic financial ecosystem, the definition of “best” is evolving.

This blog explores what truly makes AML software best-in-class—not by comparing products, but by unpacking the real-world needs, risks, and expectations shaping compliance today.

The New AML Challenge: Scale, Speed, and Sophistication

Singapore’s status as a global financial hub brings increasing complexity:

More digital payments
More cross-border flows
More fintech integration
More complex money laundering typologies

Regulators like MAS are raising the bar on detection effectiveness, timeliness of reporting, and technological governance. Meanwhile, fraudsters continue to adapt faster than many internal systems.

In this environment, the best AML software is not the one with the longest feature list—it’s the one that evolves with your institution’s risk.

What “Best” Really Means in AML Software

1. Local Regulatory Fit

AML software must align with MAS regulations—from risk-based assessments to STR formats and AI auditability. A tool not tuned to Singapore’s AML Notices or thematic reviews will create gaps, even if it’s globally recognised.

2. Real-World Scenario Coverage

The best solutions include coverage for real, contextual typologies such as:

Shell company misuse
Utility-based layering scams
Dormant account mule networks
Round-tripping via fintech platforms

Bonus points if these scenarios come from a network of shared intelligence.

3. AI You Can Explain

The best AML platforms use AI that’s not just powerful—but also understandable. Compliance teams should be able to explain detection decisions to auditors, regulators, and internal stakeholders.

4. Unified View Across Risk

Modern compliance risk doesn't sit in silos. The best software unifies alerts, customer profiles, transactions, device intelligence, and behavioural risk signals—across both fraud and AML workflows.

5. Automation That Actually Works

From auto-generating STRs to summarising case narratives, top AML tools reduce manual work without sacrificing oversight. Automation should support investigators, not replace them.

6. Speed to Deploy, Speed to Detect

The best tools integrate quickly, scale with your transaction volume, and adapt fast to new typologies. In a live environment like Singapore, detection lag can mean regulatory risk.

Why MAS Compliance Requirements Change the Evaluation

Singapore's AML/CFT framework is more prescriptive than most compliance teams from outside the region expect. MAS Notice 626 sets specific requirements for banks and merchant banks: risk-based transaction monitoring with documented calibration, explainable detection decisions for examination purposes, and typology coverage aligned to Singapore's specific ML threat profile. For a full breakdown of what MAS Notice 626 requires from banks and how those requirements translate to monitoring system specifications, see our MAS Notice 626 guide.

For payment service providers licensed under the Payment Services Act 2019, MAS Notice PSN01 and PSN02 set equivalent CDD, transaction monitoring, and STR filing obligations. Software that meets European or US regulatory requirements may not generate the alert documentation, investigation trails, or STR workflows that MAS examiners look for.

The practical evaluation question is not which vendor ranks highest on global analyst lists — it is which solution can demonstrate, in an MAS examination, that:

Alert thresholds are calibrated to your customer risk profile, not vendor defaults
Every alert has a documented investigation and disposition decision
STR workflow meets the "as soon as practicable" filing obligation
Detection scenarios cover Singapore-specific typologies: mule account networks, PayNow pre-settlement fraud, shell company structuring across corporate accounts

The Role of Community and Collaboration

No tool can solve financial crime alone. The best AML platforms today are:

Collaborative: Sharing anonymised risk signals across institutions
Community-driven: Updated with new scenarios and typologies from peers
Connected: Integrated with ecosystems like MAS’ regulatory sandbox or industry groups

This allows banks to move faster on emerging threats like pig-butchering scams, cross-border laundering, or terror finance alerts.

Case in Point: A Smarter Approach to Typology Detection

Imagine your institution receives a surge in transactions through remittance corridors tied to high-risk jurisdictions. A traditional system may miss this if it’s below a certain threshold.

But a scenario-based system—especially one built from real cases—flags:

Round dollar amounts at unusual intervals
Back-to-back remittances to different names in the same region
Senders with low prior activity suddenly transacting at volume

The “best” software is the one that catches this before damage is done.

A Checklist for Singaporean Institutions

If you’re evaluating AML tools, ask:

Can this detect known local risks and unknown emerging ones?
Does it support real-time and batch monitoring across channels?
Can compliance teams tune thresholds without engineering help?
Does the vendor offer localised support and regulatory alignment?
How well does it integrate with fraud tools, case managers, and reporting systems?

If the answer isn’t a confident “yes” across these areas, it might not be your best choice—no matter its global rating.

For a full evaluation framework covering the criteria that matter most for AML software selection, see our Transaction Monitoring Software Buyer's Guide.

What Singapore Institutions Should Prioritise in Their Evaluation

Tookitaki’s FinCense platform embodies these principles—offering MAS-aligned features, community-driven scenarios, explainable AI, and unified fraud and AML coverage tailored to Asia’s compliance landscape.

There’s no universal best AML software.

But for institutions in Singapore, the best choice will always be one that:

Supports your regulators
Reflects your risk
Grows with your customers
Learns from your industry
Protects your reputation

Because when it comes to financial crime, it’s not about the software that looks best on paper—it’s about the one that works best in practice.

Best AML Software for Singapore: What MAS-Regulated Institutions Need to Evaluate

Compliance Hubs

20 May 2026

5 min

read

KYC Requirements in Singapore: MAS CDD Rules for Banks and Payment Companies

Singapore's KYC framework is more specific — and more enforced — than most compliance teams from outside the region expect. The Monetary Authority of Singapore does not publish voluntary guidelines on customer due diligence. It issues Notices: binding legal instruments with criminal penalties for non-compliance. For banks, MAS Notice 626 sets the requirements. For payment service providers licensed under the Payment Services Act, MAS Notice PSN01 and PSN02 apply.

This guide covers what MAS requires for customer identification and verification, the three tiers of CDD Singapore institutions must apply, beneficial ownership obligations, enhanced due diligence triggers, and the recurring gaps MAS examiners find in KYC programmes.

The Regulatory Foundation: MAS Notice 626 and PSN01/PSN02

MAS Notice 626 applies to banks and merchant banks. It sets out prescriptive requirements for:

Customer due diligence (CDD) — when to perform it, what it must cover, and how to document it
Enhanced due diligence (EDD) — specific triggers and minimum requirements
Simplified due diligence (SDD) — the limited circumstances where reduced CDD applies
Ongoing monitoring of business relationships
Record keeping
Suspicious transaction reporting

MAS Notice PSN01 (for standard payment licensees) and MAS Notice PSN02 (for major payment institutions) under the Payment Services Act 2019 set equivalent obligations for payment companies, e-wallets, and remittance operators. The CDD framework in PSN01/PSN02 mirrors the structure of Notice 626 but calibrated to payment service business models — including specific requirements for transaction monitoring on payment flows, cross-border transfers, and digital token services.

Both Notices are regularly updated. Institutions should refer to the current MAS website versions rather than archived copies — amendments following Singapore's 2024 National Risk Assessment update guidance on beneficial ownership verification and higher-risk customer categories.

When CDD Must Be Performed

MAS Notice 626 specifies four triggers requiring CDD to be completed before proceeding:

Establishing a business relationship — KYC must be completed before onboarding any customer into an ongoing relationship
Occasional transactions of SGD 5,000 or more — one-off transactions at or above this threshold require CDD even without an ongoing relationship
Wire transfers of any amount — all wire transfers require CDD, with no minimum threshold
Suspicion of money laundering or terrorism financing — CDD is required regardless of transaction value or customer type when suspicion arises

The inability to complete CDD to the required standard is grounds for declining to onboard a customer or for terminating an existing business relationship. MAS examiners check that institutions apply this requirement in practice, not just in policy.

Three Tiers of CDD in Singapore

Singapore's CDD framework has three levels, applied based on the customer's assessed risk:

Simplified Due Diligence (SDD)

SDD may be applied — with documented justification — for a limited category of lower-risk customers:

Singapore government entities and statutory boards
Companies listed on the Singapore Exchange (SGX) or other approved exchanges
Regulated financial institutions supervised by MAS or equivalent foreign supervisors
Certain low-risk products (e.g., basic savings accounts with strict usage limits)

SDD does not mean no due diligence. It means reduced documentation requirements — but institutions must document why SDD applies and maintain that justification in the customer file. MAS does not permit SDD to be applied as a default for corporate customers without case-by-case assessment.

Standard CDD

Standard CDD is the baseline requirement for all other customers. It requires:

Customer identification: Full legal name, identification document type and number, date of birth (individuals), place of incorporation (entities)
Verification: Identity documents verified against reliable, independent sources — passports, NRIC, ACRA business registration, corporate documentation
Beneficial owner identification: For legal entities, identify and verify the natural persons who ultimately own or control the entity (see below for the 25% threshold)
Purpose and intended nature of the business relationship documented
Ongoing monitoring of the relationship for consistency with the customer's profile

Enhanced Due Diligence (EDD)

EDD applies to higher-risk customers and situations. MAS Notice 626 specifies mandatory EDD triggers:

Politically Exposed Persons (PEPs): Foreign PEPs require EDD as a minimum. Domestic PEPs are subject to risk-based assessment. PEP status extends to family members and close associates. Senior management approval is required before establishing or continuing a relationship with a PEP. EDD for PEPs must include source of wealth and source of funds verification — not just identification.
Correspondent banking relationships: Respondent institution KYC, assessment of AML/CFT controls, and senior management approval before establishing the relationship
High-risk jurisdictions: Customers or transaction counterparties connected to FATF grey-listed or black-listed countries require EDD and additional scrutiny
Complex or unusual transactions: Transactions with no apparent economic or legal purpose, or that are inconsistent with the customer's known profile, require EDD investigation before proceeding
Cross-border private banking: Non-face-to-face account opening for high-net-worth clients from outside Singapore requires additional verification steps

EDD is not satisfied by collecting more documents. MAS examiners look for evidence that the additional information gathered was actually used in the risk assessment — source of wealth narratives that are vague or unsubstantiated are treated as inadequate EDD, not as EDD completed.

Beneficial Owner Verification

Identifying and verifying beneficial owners is one of the most examined areas of Singapore's KYC framework. MAS Notice 626 requires institutions to identify the natural persons who ultimately own or control a legal entity customer.

The threshold is 25% shareholding or voting rights — any natural person who holds, directly or indirectly, 25% or more of a company's shares or voting rights must be identified and verified. Where no natural person holds 25% or more, the institution must identify the natural persons who exercise control through other means — typically senior management.

For layered corporate structures — where ownership runs through multiple holding companies across different jurisdictions — institutions must look through the structure to identify the ultimate beneficial owner. MAS examiners consistently flag beneficial ownership documentation failures as a top finding in corporate customer reviews. Accepting a company registration document without looking through the ownership chain does not satisfy this requirement.

Trusts and other non-corporate legal arrangements require identification of settlors, trustees, and beneficiaries with 25% or greater beneficial interest.

Digital Onboarding and MyInfo

Singapore's national digital identity infrastructure supports MAS-compliant digital onboarding. MyInfo, operated by the Government Technology Agency (GovTech), provides verified personal data — NRIC details, address, employment, and other government-held data — that institutions can retrieve with customer consent.

MAS has confirmed that MyInfo retrieval is acceptable for identity verification purposes, reducing the documentation burden for individual customers. Institutions using MyInfo for onboarding must document the verification method and maintain records of the MyInfo retrieval.

For corporate customers, ACRA's Bizfile registry provides business registration and officer information that can be used for entity verification. Beneficial ownership still requires independent verification — Bizfile shows registered shareholders but does not always reflect ultimate beneficial ownership through nominee structures.

Ongoing Monitoring and Periodic Review

KYC is not a one-time onboarding requirement. MAS Notice 626 requires ongoing monitoring of established business relationships to ensure that transactions remain consistent with the institution's knowledge of the customer.

This has two components:

Transaction monitoring — detecting transactions inconsistent with the customer's business profile, source of funds, or expected transaction patterns. For the transaction monitoring requirements that feed into this ongoing CDD obligation, see our MAS Notice 626 guide.

Periodic CDD review — customer records must be reviewed and updated at intervals appropriate to the customer's risk rating. High-risk customers require more frequent review. The review must check whether the customer's profile has changed, whether beneficial ownership has changed, and whether the risk rating remains appropriate.

The trigger for an out-of-cycle CDD review includes: material changes in transaction patterns, adverse media, connection to a person or entity of concern, and changes in beneficial ownership.

Record-Keeping Requirements

MAS Notice 626 requires institutions to retain CDD records for five years from the end of the business relationship, or five years from the date of the transaction for one-off customers. Records must be maintained in a form that allows reconstruction of individual transactions and can be produced promptly in response to an MAS request or court order.

The five-year clock runs from the end of the relationship — not from when the records were created. For long-term customers, this means maintaining KYC documentation, transaction records, SAR-related records, and correspondence for the full relationship period plus five years.

Suspicious Transaction Reporting

Singapore uses Suspicious Transaction Reports (STRs) filed with the Suspicious Transaction Reporting Office (STRO), administered by the Singapore Police Force. There is no minimum transaction threshold — any transaction, regardless of amount, that raises suspicion must be reported.

STRs must be filed as soon as practicable after suspicion is formed. The Act does not set a specific deadline in days, but MAS examiners and STRO guidance indicate that delays of more than a few business days without documented justification will attract scrutiny.

The tipping-off prohibition under the Corruption, Drug Trafficking and Other Serious Crimes (CDSA) Act makes it a criminal offence to disclose to a customer that an STR has been filed or is under consideration.

For cash transactions of SGD 20,000 or more, institutions must file a Cash Transaction Report (CTR) regardless of suspicion. CTRs are filed with STRO within 15 business days.

Common KYC Failures in MAS Examinations

MAS's examination findings and industry guidance consistently flag the same recurring gaps:

Beneficial ownership not traced to ultimate natural persons. Institutions stop at the first layer of corporate ownership without looking through nominee shareholders or holding company structures to identify the actual controlling individuals.

EDD documentation without substantive assessment. Files contain EDD documents — source of wealth declarations, bank statements, company accounts — but no evidence that the documents were reviewed, assessed, or used to update the risk rating.

PEP definitions applied too narrowly. Institutions identify foreign government ministers as PEPs but miss domestic senior officials, senior executives of state-owned enterprises, and immediate family members of identified PEPs.

Static customer profiles. CDD completed at onboarding is never updated. Customers whose transaction patterns have changed significantly since onboarding retain their original risk rating without periodic review.

MyInfo used as a complete KYC solution. MyInfo satisfies identity verification for individuals but does not substitute for source of funds verification, purpose of relationship documentation, or beneficial ownership checks on corporate structures.

STR delays. Suspicion forms during transaction review but is not escalated or filed for days or weeks. Case management systems without deadline tracking are the most common operational cause.

For Singapore institutions evaluating whether their current KYC and monitoring systems can meet these requirements, see our Transaction Monitoring Software Buyer's Guide for a full framework covering the capabilities MAS-regulated institutions need.

KYC Requirements in Singapore: MAS CDD Rules for Banks and Payment Companies

Compliance Hubs

20 May 2026

5 min

read

Transaction Monitoring in New Zealand: FMA, RBNZ and DIA Requirements

New Zealand sits under less external scrutiny than Singapore or Australia, but its domestic enforcement record tells a different story. Three supervisors — the Reserve Bank of New Zealand, the Financial Markets Authority, and the Department of Internal Affairs — run active examination programmes. A mandatory Section 59 audit every two years creates a hard compliance deadline. And the AML/CFT Act's risk-based approach means institutions cannot rely on vendor defaults or generic rule sets to satisfy supervisors.

For banks, payment service providers, and fintechs operating in New Zealand, transaction monitoring is the operational centre of AML/CFT compliance. This guide covers what the Act requires, how the supervisory structure affects monitoring obligations, and where institutions most commonly fail examination.

The AML/CFT Act 2009: New Zealand's Core Framework

New Zealand's AML/CFT framework is governed by the Anti-Money Laundering and Countering Financing of Terrorism Act 2009. Phase 1 entities — banks, non-bank deposit takers, and most financial institutions — came into scope in June 2013. Phase 2 extended obligations to lawyers, accountants, real estate agents, and other designated businesses in stages from 2018 to 2019.

The Act operates on a risk-based model. There is no prescriptive list of transaction monitoring rules an institution must run. Instead, institutions must:

Conduct a written risk assessment that identifies their specific ML/FT risks based on customer type, product set, and delivery channels
Implement a compliance programme derived from that assessment, including monitoring and detection controls designed to address identified risks
Review and update the risk assessment whenever material changes occur — new products, new customer segments, new channels

This principle-based approach gives institutions flexibility but removes the ability to claim compliance by pointing to a vendor's default configuration. If your monitoring is not designed around your assessed risks, supervisors will find the gap.

Three Supervisors: FMA, RBNZ and DIA

New Zealand's supervisory structure is unusual among APAC jurisdictions. While Australia has AUSTRAC and Singapore has MAS, New Zealand has three supervisors, each with jurisdiction over distinct entity types:

Each supervisor publishes its own guidance and runs its own examination priorities. The practical implication: guidance from AUSTRAC or MAS does not map directly onto New Zealand's framework. Institutions need to engage with their specific supervisor's published materials and annual risk focus areas.

For most banks and payment companies, RBNZ is the relevant supervisor. For digital asset businesses and VASPs, DIA is the supervisor following the 2021 amendments.

Who Must Comply

The Act applies to "reporting entities" — a defined category covering most financial businesses operating in New Zealand:

Banks (including branches of foreign banks)
Non-bank deposit takers: credit unions, building societies, finance companies
Money remittance operators and foreign exchange dealers
Life insurance companies
Securities dealers, brokers, and investment managers
Trustee companies
Virtual asset service providers (VASPs) — brought in scope June 2021

The VASP inclusion is significant. The AML/CFT (Amendment) Act 2021 extended reporting entity obligations to crypto exchanges, digital asset custodians, and related businesses. DIA supervises most VASPs, with specific guidance on digital asset typologies.

Transaction Monitoring Obligations

The AML/CFT Act does not use "transaction monitoring" as a defined technical term the way MAS Notice 626 does. What it requires is that institutions implement systems and controls within their compliance programme to detect unusual and suspicious activity.

In practice, a compliant transaction monitoring function requires:

Documented risk-based detection scenarios. Monitoring rules or behavioural detection scenarios must be designed to detect the specific ML/FT risks identified in your risk assessment. A retail bank serving Pacific Island remittance customers needs different scenarios than a corporate securities dealer. Supervisors check the alignment between the risk assessment and the monitoring controls — generic vendor defaults that have not been configured to your institution's risk profile will not satisfy this requirement.

Alert investigation records. Every alert generated must be investigated, and the investigation and disposition decision must be documented. An alert closed as a false positive requires documentation of why. An alert that escalates to a SAR requires the full investigation trail. Alert backlogs — alerts generated but not reviewed — are among the most common examination findings.

Annual programme review with board sign-off. The Act requires the compliance programme, including monitoring controls, to be reviewed annually. The compliance officer must report to senior management and the board. Evidence of this reporting chain is a standard examination request.

Calibration and effectiveness review. Supervisors look for evidence that monitoring scenarios are reviewed for effectiveness — whether they are generating useful alerts or producing excessive false positives without adjustment. A monitoring programme that has not been reviewed or calibrated since deployment will attract scrutiny.

Reporting Requirements: PTRs and SARs

Transaction monitoring outputs feed two mandatory reporting obligations:

Prescribed Transaction Reports (PTRs) are threshold-based and mandatory — they do not require suspicion. PTRs must be filed with the New Zealand Police Financial Intelligence Unit (FIU) via the goAML platform for:

Cash transactions of NZD 10,000 or more
International wire transfers of NZD 1,000 or more (in or out)

The filing deadline is within 10 working days of the transaction. PTR monitoring requires specific detection for transactions at and around these thresholds, including structuring patterns where customers conduct multiple sub-threshold transactions to avoid PTR obligations.

Suspicious Activity Reports (SARs) — New Zealand uses "SAR" rather than "STR" (Suspicious Transaction Report). SARs must be filed as soon as practicable, and no later than three working days after forming a suspicion. The threshold for suspicion is lower than many teams assume: reasonable grounds to suspect money laundering or financing of terrorism are sufficient — certainty is not required.

SARs are filed with the NZ Police FIU via goAML. The tipping-off prohibition under the Act makes it a criminal offence to disclose to a customer that a SAR has been filed or is under consideration.

The Section 59 Audit Requirement

The most operationally distinctive element of New Zealand's framework is the Section 59 audit. Every reporting entity must arrange for an independent audit of its AML/CFT programme at intervals of no more than two years.

The auditor must assess whether:

The risk assessment accurately reflects the entity's current ML/FT risk profile
The compliance programme is adequate to manage those risks
Transaction monitoring controls are functioning as designed and generating appropriate outputs
PTR and SAR reporting is accurate, complete, and timely
Staff training is adequate

The two-year cycle creates a hard deadline. Institutions with monitoring gaps, stale risk assessments, or unresolved findings from the previous audit cycle will face those issues again. The audit is also a forcing function for calibration: institutions that have not reviewed their detection scenarios or addressed alert backlogs before the audit will have those gaps documented in the audit report — which supervisors can and do request.

How NZ Compares to Australia and Singapore

For compliance teams managing obligations across multiple APAC jurisdictions, the structural differences matter:

The wire transfer threshold is the most operationally significant difference. New Zealand's NZD 1,000 threshold for international wires generates substantially more PTR volume than Australian or Singapore equivalents. Institutions managing cross-border payment flows into or out of New Zealand need PTR-specific monitoring that can handle this volume.

Common Transaction Monitoring Gaps in NZ Examinations

Supervisors across all three agencies have documented recurring compliance failures. The most common transaction monitoring gaps are:

Risk assessment not driving monitoring design. The risk assessment identifies high-risk customer segments or products, but the monitoring system runs generic rules that do not target those specific risks. Supervisors treat this as a material failure — the Act requires the programme to be derived from the risk assessment, not run alongside it.

PTR monitoring gaps. Institutions with strong SAR-based monitoring often have inadequate controls for PTR-triggering transactions. Structuring below the NZD 10,000 cash threshold requires specific detection scenarios that standard bank rule sets do not include.

Alert backlogs. Alerts generated but not reviewed within a reasonable timeframe are a consistent finding. Unlike some jurisdictions with prescribed investigation timelines, the Act does not specify deadlines — but supervisors expect evidence of timely review, and large backlogs indicate the monitoring system is generating more output than the team can process.

Stale risk assessments. The Act requires risk assessments to be updated when material changes occur. Institutions that have launched new products, added new customer segments, or changed delivery channels without updating their risk assessment are out of compliance with this requirement.

VASP-specific coverage gaps. For DIA-supervised VASPs, standard bank-oriented monitoring rule sets do not address digital asset typologies: wallet clustering, rapid conversion between asset types, cross-chain transfers, and structuring patterns in low-value token transactions. VASPs need detection scenarios specific to their product and customer risk profile.

What a Compliant NZ Transaction Monitoring Programme Requires

For institutions operating under the AML/CFT Act, a compliant monitoring programme requires:

A current, documented risk assessment aligned to your actual customer base and product set
Monitoring scenarios designed to detect the specific risks in that assessment, not vendor defaults
Alert investigation workflows with documented disposition for every alert
PTR-specific detection for cash and wire transactions at and around the NZD 10,000 and NZD 1,000 thresholds
SAR workflow with a three-working-day filing deadline built into case management
Annual programme review with board sign-off documentation
Section 59 audit preparation: calibration review, rule effectiveness documentation, and remediation of any open findings before the audit cycle closes

For institutions evaluating whether their current monitoring system can support these requirements across New Zealand and other APAC markets, see our Transaction Monitoring Software Buyer's Guide.

Transaction Monitoring in New Zealand: FMA, RBNZ and DIA Requirements

Blogs

22 May 2026

6 min

read

Best AML Software for Singapore: What MAS-Regulated Institutions Need to Evaluate

“Best” isn’t about brand—it’s about fit, foresight, and future readiness.

This blog explores what truly makes AML software best-in-class—not by comparing products, but by unpacking the real-world needs, risks, and expectations shaping compliance today.

The New AML Challenge: Scale, Speed, and Sophistication

Singapore’s status as a global financial hub brings increasing complexity:

More digital payments
More cross-border flows
More fintech integration
More complex money laundering typologies

Regulators like MAS are raising the bar on detection effectiveness, timeliness of reporting, and technological governance. Meanwhile, fraudsters continue to adapt faster than many internal systems.

In this environment, the best AML software is not the one with the longest feature list—it’s the one that evolves with your institution’s risk.