7 REPORTING OF SUSPICIOUS TRANSACTIONS

7.1 Clear guidance should be provided to all officers, employees and agents as to what constitutes a “suspicious transaction” that warrants escalation and reporting.

7.2 There should be well-defined guidelines and procedures in place for escalating, investigating, reporting and acting on suspicious transactions. The channels for reporting suspicious transactions should be clearly specified in writing and communicated to all personnel.

7.3 A clear internal reporting channel should be set up for the escalation of suspicious transaction reports from the officer, employee or agent making the report. The insurer should establish a single reference point (e.g. Chief Executive, Head of Compliance) within the organisation to whom all transactions suspected of being connected to ML/TF activity should be referred to.

7.4 The onus is on the insurer to identify and assess red flag indicators of suspicious transactions. The insurer should determine what constitutes a suspicious transaction which warrants escalation and reporting based on the scale, complexity, and inherent risk of its business. In terms of determining and assessing suspicious activity exhibited by customers, examples of suspicious circumstances that may warrant the filing of an STR may include the following:

(a) where the customer is reluctant, unable or unwilling to provide any information requested by the insurer;

(b) where the customer, without reasonable grounds, decides to withdraw a pending application to establish business relations with the insurer;

(c) where the customer, without reasonable grounds, decides to suddenly terminate existing business relations with the insurer;

(d) abnormal settlement instructions, including payment to apparently unconnected parties; or

(e) frequent changes to the customer’s address or to authorised signatories.

7.5 STRs should be filed on all suspicious transactions and cases. Where an insurer decides not to file an STR for a case that was initially thought to be suspicious, the basis for doing so should be documented, and the decision made by the initial assessor of the case should be raised to a higher authority for review and approval.

7.6 An STR should be filed within 15 business days of the case being referred by the relevant officer, employee or agent, if the insurer has assessed that the matter should be referred to the STRO, unless the circumstances are exceptional or extraordinary. The decision as to whether to refer the matter to the STRO should be regardless of the amount of the transaction, if any.

7.7 STR reporting templates are available on the Commercial Affairs Department’s website. However, insurers are strongly encouraged to use the online system provided by STRO to lodge STRs, as this also enables reporting entities to be kept apprised of STRO’s advisories. In the event that an insurer is of the view that STRO should be informed on an urgent basis, including where a transaction is known to be part of an ongoing investigation by the relevant authorities, the insurer should give initial notification to STRO by telephone or email and follow up with such other means of reporting as STRO may direct.

7.8 Under exceptional circumstances, (e.g. if the online system is down) and the insurer files an STR manually with the STRO (i.e. not through the STRO Online Notices and Reporting Platform (SONAR)), a copy of the report should be extended to the Authority for information.

6 RECORD KEEPING AND DOCUMENTATION

6.1 There should be adequate documentation by the insurer for the basis of clearing or dismissing hits arising from its screening procedures (i.e. false positive hits). As a good practice, additional parameters such as date of birth and nationality should minimally be used to establish and dismiss false hits.

6.2 There should be documentation and maintenance of proper records by the insurer as to when screening was performed, the results of the screening and the assessment of screening results for all policies.

6.3 A record of all transactions referred to the Suspicious Transaction Reporting Office (“STRO”) should be maintained by an insurer, including the relevant internal findings and analysis.

6.4 In cases where an insurer maintains an internal database containing the list of designated individuals and entities for the purpose of screening, there should be clear documentation of when the internal database was most recently updated, as well as of the name of the person who carried out the update.

5 CUSTOMER DUE DILIGENCE AND SCREENING PROCEDURES

5.1 Screening of customers11 should be carried out against relevant ML/TF information sources, which include designated names of individuals and/or entities within:

(a) the lists and information provided by the Authority or other relevant authorities in Singapore in relation to ML/TF risks;

(b) the First Schedule of the TSOFA; and

(c) the MAS TFS Regulations.

5.2 In the context of direct insurance business, the screening of customers should include the screening of policy owners, insureds and claimants. In cases where an insurer has assessed the policy owner or insured to be of a higher ML/TF risk, the insurer should also screen the substantial shareholders (direct and indirect), beneficial owners, natural persons appointed to act on behalf of the customer and directors, if any, of the policy owner or insured.

5.3 In the context of reinsurance business, the screening of customers should include the screening of cedants and claimants12. Underlying insureds should also be screened in cases where they are made known to the reinsurers. In cases where a reinsurer has assessed the cedant or underlying insured to be of a higher ML/TF risk, the reinsurer should also screen the substantial shareholders (direct and indirect), beneficial owners and directors, if any, of the cedant or underlying insured.

5.4 Screening of customers should be conducted at the following points in time:

(a) before establishing business relations for new customers, otherwise as soon as reasonably practicable thereafter;

(b) prior to renewing business relations with existing customers;

(c) on a regular basis after the establishment of business relations13;

(d) when there are changes made to the lists14 mentioned in paragraph 5.1 above;

and

(e) before making claim payments to claimants15.

5.5 For the purposes of screening, the insurer should minimally, either:

(a) subscribe to a commercial sanctions database; or

(b) maintain an internal database containing the names of designated individuals

and entities.

5.6 The screening database(s) (i.e. commercial sanctions database and/or internally-

maintained database) and procedures adopted by an insurer should be effective in identifying individuals and entities with adverse information, as well as designated individuals and entities as defined in the First Schedule of the TSOFA and the MAS TFS Regulations, or as informed by the relevant authorities in Singapore.

5.7 In view of system limitations in screening capability, some insurers may not be able to effectively detect designated individuals or entities if they were to perform screening based on a full/exact match logic instead of a partial/fuzzy16 match logic for name searches. A full/exact name match for screening should not be used, as this will likely result in missed sanctions or adverse comments hits. In addition, the screening filters used by the insurer should not be limiting17 and should take into account the various permutations of a person’s first and last names.

5.8 Insurers are reminded that where screening results in a positive hit against the lists mentioned in paragraph 5.1, an insurer shall freeze without delay and without prior notice, the funds or other assets of designated persons and entities that it has control over, so as to comply with applicable laws and regulations in Singapore. This would include both the TSOFA and the MAS TFS Regulations relating to sanctions and freezing of assets of persons. Any such assets shall be reported promptly to the relevant authorities and an STR shall be filed.

5.9 Insurers should also have in place screening procedures when hiring employees, officers18 and agents19, and when establishing business relationships with offshore intermediaries. This should include, where applicable:

6

(a) background checks with past employers;

(b) credit history checks;

(c) screening against ML/TF information sources; and

(d) bankruptcy searches.