← Back to Insights

Singapore’s MAS releases circular on enhancing AML/CFT in the VCC sector

14 September 2022

The Monetary Authority of Singapore ("MAS”) has released a circular setting out key observations and expectations for effective anti-money laundering (“AML”) and countering the financing of terrorism (“CTF”) frameworks and controls following an industry-wide survey of Variable Capital Companies (“VCCs”) and a series of thematic engagements of eligible financial institutions (“EFIs”) to assess the effectiveness of their AML/CFT risk management and controls.

MAS released circular supplements MAS Notice VCC-N01[ 1] and Guidelines to Notice VCC-N01[ 2].

Insufficient oversight by VCCs of appointed EFIs

Insufficient oversight by VCCs of appointed EFIs


Fund management companies (“FMCs”) which managed the VCCs as investment vehicles were also commonly appointed as their EFIs

No EFI appointed

In some cases, an EFI was not appointed even though this is a requirement.

Duties of VCCs with regards to AML/CTF

VCCs remain ultimately responsible for fulfilling their AML/CFT obligations and need to exercise adequate oversight over their relationship with their EFIs.

This includes:

  • conducting adequate due diligence over EFIs
  • formally appointing them before the commencement of business operations and activities by the VCCs.
  • VCCs should also ensure that the AML/CFT policies and procedures (“P&Ps”) implemented by their EFIs to mitigate money laundering and terrorism financing (“ML/TF”) risks are appropriate and subjected to the approval of the directors of the VCCs.

Recurring weaknesses in VCC AML/CTF oversight

VCCs failed to put in place arrangements to oversee the ongoing implementation of AML/CFT controls by their VCCs – specifically:

  • Absence of agreed escalation process between its mandated EFI and the VCC to ensure pertinent issues were escalated to the VCC in a timely manner;
  • Where there was an escalation process, VCCs failed to specify sufficient details in the P&Ps – e.g., on the type of issues that should be escalated, the frequency of such updates, and the persons to be updated to assess needful mitigation measures.
  • VCC escalation process lacked detail - for example in relation to pertinent issues that were escalated to VCCs, the VCCs did not require proper documentation of escalations of issues detected by EFIs.

The lack of a defined escalation process for an EFI to surface pertinent ML/TF issues may result in the VCC failing to take timely and adequate risk mitigation measures.

Inadequate customer ML/TF risk assessment frameworks and processes

Inadequate ML/TF frameworks

VCCs need to conduct robust customer risk assessments to properly identify, understand and assess the ML/TF risks of their customers, so that they can apply the appropriate customer due diligence and ongoing monitoring measures. However, there were a number of key control lapses relating to VCCs’ conduct of customer risk assessments.


Lack of a robust framework for assessing customers’ ML/TF risks where there was no guidance on the ML/TF risk factors that should be considered in practice, and how the ML/TF risk profile of customers would be determined, such as complex ownership structures nor guidance on how their risks should be assessed.

Failure to consider relevant risk factors in assessing country or geographic risks. Some VCCs only considered countries that the FATF had identified to have weak measures to combat ML/TF risks when determining higher risk countries or jurisdictions.

This was inadequate as the VCCs did not consider other country risk factors such as corruption, tax evasion, terrorism financing, etc.

Customer risk assessments were not adequately documented. The failure to ensure such documentation by some VCCs raised concern, reflecting a lack of attention to record keeping that a proper risk assessment had been conducted as the due basis and trigger of needful risk mitigation measures

Failures to implement enhanced customer due diligence (“ECDD”) measures


VCCs should perform enhanced customer due diligence (“ECDD”) measures on all customers who are identified to pose higher ML/TF risks so as to mitigate and manage those risks.

VCCs should conduct robust corroboration of their customers’ source of wealth (“SOW)” and source of funds (“SOF”) for higher risk customers, including customers who are politically exposed persons (“PEPs”).

Ongoing monitoring is key to detecting customers that present higher ML/TF risks post-onboarding. In this regard, VCCs should have the relevant P&Ps in place for ongoing monitoring, as well as ECDD, to ensure that appropriate and timely risk mitigating measures are taken, should any customer’s risk become elevated.

The lack of the requisite attention to higher risk accounts exposed VCCs to heightened ML/TF risks.

Apex Group’s Compliance Solutions experts offer VCC compliance services and AML services, including technology-enabled due diligence services incorporating broader country risk diligence considerations. Contact us to find how we can support your business.


Get in touch with our team

Contact Us