What Happened?

• Between early 2023 and early 2025, the Monetary Authority of Singapore (MAS) conducted supervisory examinations of several Financial Institutions (FIs) with connections to “persons of interest” (POIs) involved in a major money-laundering case from August 2023.
• MAS found that many of these institutions, despite having formal AML/CFT policies, had poor or inconsistent implementation in important areas such as customer risk assessment, source of wealth verification, monitoring of transactions, and follow-up on suspicious transaction reports (STRs).

⚠️ Red Flags That Were Missed

1. Incorrect or insufficient risk rating of customers — institutions mis‐rated or under-rated risk associated with some customers, especially POIs, meaning they didn’t apply enhanced monitoring or controls.
2. Weak verification of source of wealth (SOW) / source of funds (SOF) — discrepancies were observed, some documents or claims weren’t corroborated, yet transactions went ahead.
3. Transaction monitoring failures — large or unusual transactions inconsistent with customer profile or showing suspicious patterns were flagged by systems but not followed up adequately.
4. Poor follow‐up after STRs and weak escalation — once suspicious transactions were reported or flagged, follow-through (enhanced monitoring, risk escalation etc.) was not timely or adequate.

⚖️ The Consequences

• MAS imposed composition penalties totalling SGD 27.45 million (~ USD 21.5 million) on nine financial institutions for the breaches.
• The institutions fined include large banks/capital market licensees, trust companies etc.
• In addition, MAS issued prohibition orders (multi-year bans) to some senior managers & relationship managers involved in the weak controls and oversight.

🧠 Lessons for Compliance Teams

• Having policies is not enough — implementation and consistency matter hugely. Weak implementation is often the weak link.
• Risk rating / risk categorization must be done correctly from the start; clients with elevated risk need enhanced measures (EDD, more frequent reviews).
• Source of wealth/source of funds needs proper verification — when there are discrepancies or red flags, ignore them at your peril.
• Monitoring & escalation: flagged transactions need active follow up, not just “automatic reporting,” but also action, especially for high risk or POI-connected clients.
• Senior manager accountability matters: when leadership fails to ensure controls are effective, penalties may follow (and possibly career consequences)

💡 Takeaway:

• Even in well-regulated jurisdictions, big names slip up when the pressure is on or when oversight relaxes. Regulatory enforcement is trending toward not just penalizing controls breakdown, but the individuals responsible.
• Banks need to ensure their AML/KYC programs are not just “on paper,” but truly operational, with strong culture, good data, sound verification, and real risk escalation.