In Singapore’s financial ecosystem, the regulatory framework around anti-money laundering (AML) and countering the financing of terrorism (CFT) is both mature and rigorous. One of the key pieces of this framework is MAS Notice 626 (“Prevention of Money Laundering and Countering the Financing of Terrorism – Banks”), issued by the Monetary Authority of Singapore (MAS).
This article provides a detailed explanation of Notice 626, its evolution, scope, key requirements, implications for banks (and by extension RegTech firms such as ours) and practical steps for compliance.

What is Monetary Authority of Singapore MAS Notice 626?

MAS Notice 626, also written as MAS 626, is a regulatory notice issued by MAS that sets out AML/CFT obligations specifically for banks in Singapore. These obligations include risk-based measures for customer due diligence (CDD), ongoing monitoring, suspicious transaction reporting (STR), and more. According to MAS’s glossary entry: “MAS Notice 626 requires financial institutions to enforce anti-money laundering measures, including customer-due-diligence, monitoring and suspicious-transaction reporting.”

Key milestones:

The notice was significantly revised around mid-2015 to reflect heightened AML/CFT expectations.
MAS published an amended version of Notice 626 on 30 June 2025, with effect from 1 July 2025.

In short: MAS Notice 626 is a foundational regulatory requirement in Singapore for banks’ AML/CFT frameworks and by extension is highly relevant for any RegTech or FinCrime compliance solution provider.

Who does MAS Notice 626 apply to?

MAS Notice 626 applies to banks licensed under the Banking Act in Singapore. It sets the AML/CFT obligations for banks (rather than other financial institutions).
If we refer to the 30 June 2025 amendment, the notice covers financial institutions that are banks (licensed, approved or otherwise authorised by MAS) and requires them to implement the AML/CFT measures.

In practice:

Any bank with a Singapore banking licence must comply with Notice 626.
While other types of financial institutions (insurers, payment service providers, capital markets intermediaries) have their own Notices, many RegTech/AML vendors (such as ZIGRAM) will need to address cross-sector requirements beyond just banks.
Because banks often have relationships with Fintechs, RegTechs, trust companies and third-party service providers, a robust understanding of the bank obligations under Notice 626 is essential.

Key Requirements under MAS Notice 626

Below are key obligations that banks must observe under Notice 626 (and associated Guidelines). These can map directly into RegTech design and compliance programmes.

Risk-Based Approach

Banks must adopt a risk-based approach in their AML/CFT frameworks. This means banks should:

In practice:

Identify, assess and understand their risks of Money-Laundering (ML), Terrorism Financing (TF), and—following the 2025 amendment—Proliferation Financing (PF).
Tailor their CDD, monitoring and controls proportionate to the level of risk.
Maintain documentation and governance around their enterprise-wide ML/TF (and PF) Risk Assessment.

Customer Due Diligence (CDD) & Beneficial Ownership

Some of the core CDD requirements include:

In practice:

Identifying customers and verifying their identity.
Identifying beneficial owners (BOs) of customers (for example, for corporate customers) and taking reasonable measures to verify them.
Understanding the nature of the customer’s business, purpose of the account/relationship, and expected transaction patterns.
Ongoing monitoring of the business relationship and transactions to ensure they are consistent with the customer’s risk profile and source of wealth/Source of Funds (SoW/SoF).

Monitoring, Suspicious Transaction Reporting & Wire Transfers

Banks must monitor transactions for unusual or suspicious patterns, relative to the risk profile.
Suspicious transactions must be reported to the relevant authorities in line with MAS’s guidelines.
For cross-border wire transfers, Notice 626 requires banks to include full originator information in the payment instruction when sending funds overseas (and to obtain full originator information for incoming transfers). For example, banks must collect the remitter’s name, account number, address (or unique identification number or date & place of birth).
If the required originator information is missing, banks must have procedures to identify the missing data and potentially reject or return the transfer.

Governance, Internal Controls & Audit

Banks must implement internal control systems, policies and procedures to ensure compliance with the notice.
Senior management remains responsible for oversight and accountability.
Internal audit or independent review functions must assess the effectiveness of AML/CFT controls.
Banks must provide training to employees in AML/CFT obligations.
Banks must maintain proper records for a minimum period (for example, customer identification, transaction records).

Enhanced Due Diligence (EDD) for Higher-Risk Customers

For higher-risk customers, banks must apply enhanced due diligence measures. This may include additional information on beneficial ownership, source of wealth and source of funds, increased frequency of monitoring, additional approvals, etc.
Higher-risk categories may include politically exposed persons (PEPs), customers from high-risk jurisdictions, non-face-to-face customers, etc.

Updated Requirements – 2025 Amendments

The latest amendment effective 1 July 2025 includes:

Clarification that “money laundering” risks include proliferation financing (PF) risks.
Institutions must carry out PF risk assessments (either standalone or as part of ML/TF risk assessments).
Strengthened expectations around source of wealth / source of funds verification, third-party funds/gifts, transparency of ownership structures.

ZIGRAM’s Relevance: Implications for RegTech Firms & Financial Crime Risk Solutions

As you work with ZIGRAM’s suite of AML/financial crimes tools (PreScreening.io, Transact Comply, Entity Hero, etc.), the requirements of MAS Notice 626 directly shape the compliance solution ecosystem.
Here are the implications:

Coverage of Beneficial Ownership & PEP/Adverse Media: Notice 626-guided banks require systems that identify and verify BOs, screen for PEPs/adverse media, monitor ongoing relationships. ZIGRAM’s coverage of 4 M+ PEPs, 3000+ watchlists is highly relevant in this context (your product memory).
Risk-Based Customer Segmentation & Monitoring: The risk-based approach demands that banks segment customers by risk and apply enhanced controls. Your solutions must enable dynamic risk scoring, monitoring, alerts for unusual patterns, and flexible workflows for high-risk profiles.
Source of Wealth / Source of Funds (SoW/SoF): Banks must gather and verify SoW/SoF information (particularly for high-risk customers). Your product modules should support ingestion of third-party data, analysis of gifts, assets, non-traditional funding sources, consistent with the regulatory expectations spelled out in the 2025 amendments.
Wire Transfer Monitoring & Cross-Border Controls: With wire transfer obligations (originator information, missing data procedures), banks need systems capable of end-to-end transaction monitoring with full provenance. ZIGRAM’s Transact Comply module (assuming) would need to incorporate rules for missing originator information, unusual transfers, and integration with upstream screening data.
Proliferation Financing (PF) Risk: The inclusion of PF risk in the 2025 amendments means banks (and RegTech providers) need to expand typologies, watchlists, screening logic to incorporate proliferation financing dimensions (e.g., dual‐use goods, sanctions evasion, shell companies). As a RegTech company specialising in “Emerging Threats” and “High-Risk Entities”, ZIGRAM is well positioned.
Audit Trail, Documentation & Flexibility: Compliance with MAS Notice 626 demands documentation of risk assessments, governance, training, internal audit findings. Your platform should provide robust logging, dashboards, report generation, and support configurable policies so that banks can align their frameworks to MAS’s expectations.
Regional / Singapore Focus: Since this is Singapore-specific regulation, RegTech firms servicing banks in the Asia-Pacific region must localise their product/information and regulatory content accordingly. For example, ensuring risk-models, customer data coverage, watchlist screening include Singapore‐domestic entities/entities relevant to Singapore operations.

Practical Compliance Steps for Banks and How RegTech Can Help

Here is a practical checklist that banks (and RegTech vendors) should follow to operationalise compliance with MAS Notice 626.

Enterprise-Wide ML/TF/PF Risk Assessment
1. Conduct a comprehensive risk assessment of Money-Laundering, Terrorism Financing and Proliferation Financing Risks, covering business lines, customer types, products, geographies.
2. Update policies and procedures accordingly, document governance oversight.
3. RegTech support: Ingestion of internal and external data, risk scoring frameworks, dashboards to visualise risk exposures.
Customer Onboarding & CDD Processes
1. Verify identity for customers and beneficial owners; gather relevant information (e.g., full name, date/place of birth, identity number, address).
2. Understand the nature and purpose of the business relationship.
3. For higher-risk customers, collect additional SoW/SoF information.
4. RegTech support: Automated KYC/BO identification, PEP/Adverse Media screening, configurable onboarding workflows, e-document capture.
Transaction Monitoring & Screening
1. Segment customers by risk; apply monitoring rules accordingly—thresholds, typologies, alerts for unusual patterns.
2. Include wire transfer monitoring to ensure originator information is included; if missing, follow up or reject/return.
3. RegTech support: Rule engines, real-time alerting, integration with global payment flows, data enrichment (for missing originator info).
Enhanced Procedures for Higher-Risk & Ongoing Monitoring
1. For customers deemed high risk (PEPs, high-value clients, high-risk jurisdictions), apply enhanced monitoring: more frequent reviews, deeper SoW/SoF checks, senior management approval.
2. RegTech support: Automated flagging of high-risk customers, workflow escalation, analytics for SoW/SoF anomalies.
Governance, Training & Audit
1. Senior management oversight of AML/CFT programme; internal audit must test control effectiveness; employees must receive training on AML/CFT obligations (including updated rules such as PF).
2. RegTech support: Compliance dashboards for senior management, training modules, audit trail logs, reporting tools.
Policy Updates & Change Management
1. Given the 2025 amendments (eg. PF risk inclusion), banks must update their policies and procedures promptly.
2. Communicate changes through training, update systems and controls, monitor implementation.
3. RegTech support: Policy-versioning, change logs, automated impact analysis of regulatory changes on controls.

Challenges & Best Practices For Complete AML Compliance In Singapore

Challenges

Complex Ownership Structures & Beneficial Ownership: Identifying ultimate beneficial owners (UBOs) of corporate customers remains a perennial challenge, especially where ownership layers span multiple jurisdictions.
Source of Wealth / Funds Assertion: Verifying non-traditional sources (e.g., gifts, overseas assets) can be difficult, especially with limited data. The 2025 amendment emphasises more rigorous SoW/SoF checks.
Cross-border Payments Data Gaps: Despite requirements for full originator information in wire transfers, banks often encounter missing or incomplete data from correspondent banks. This is a known friction point.
Proliferation Financing Risk Identification: PF is less well-known (compared to ML/TF), and typologies are evolving. Firms may lack internal expertise or data to properly assess PF risk.
Regulatory Complexity & Overlapping Requirements: Banks subject to multiple notices (not just 626 but others covering insurers, PS providers, etc) must integrate requirements across notices which may differ in nuance.

Best Practices

Use a modular, scalable RegTech platform: Given evolving regulatory requirements, banks should implement flexible systems (like our risk app ecosystem) that allow modular additions (watchlists, adverse media, PF screening) rather than monolithic legacy systems.
Adopt a risk-scored, rather than binary, approach: Instead of “high risk vs standard risk”, a granular risk score enables more precise resource allocation and fewer false positives.
Ensure upstream data quality and enrichment: For cross-border transfers and SoW/SoF checks, banks should enrich missing information as early as possible, and integrate with global data sources.
Frequent review of monitoring rules & typologies: As criminal methods evolve (especially in Asia-Pacific fintech/crypto contexts), banks should update monitoring scenarios, including PF indicators, to stay ahead.
Embed auditability and documentation: Compliance with Notice 626 demands documentation. The system should automatically generate logs, risk-assessment outcomes, decisions, and produce reports for senior management and regulators.
Training and culture: Systems alone are insufficient. Staff at all levels must understand AML/CFT obligations, emerging threats (e.g., proliferation financing, digital assets) and how their day-to-day decisions impact compliance.

Why Singapore’s AML/CFT Framework is Globally Respected?

While the article focuses on MAS Notice 626, it is worth contextualising why Singapore and MAS’s AML/CFT regime are often cited as regional best-practice:

Singapore is a member of the Financial Action Task Force (FATF) and has committed to maintain standards consistent with FATF’s 40 Recommendations.
MAS continues to update its AML/CFT notices and guidelines regularly to address emerging risks. For example, the July 2025 publication of amended notices and guidelines covered a wide array of financial institutions and incorporated PF risk.
The regulatory environment in Singapore combines strict oversight with a pro-innovation stance. This means compliance frameworks must be robust, but also sufficiently agile to support fintech, digital banking, and cross-border flows.

Thus, for RegTech firms and banks operating in the Asia-Pacific region, mastering MAS Notice 626 is not just about local compliance—it contributes to global competitiveness and risk mitigation.

Conclusion

Understanding and implementing the obligations under MAS Notice 626 is vital for banks operating in Singapore’s regulated environment. The risk-based framework—covering customer due diligence, beneficial ownership, transaction monitoring, suspicious reporting, record-keeping and governance—is both demanding and critical. With recent updates (including PF inclusion, trust-arrangement changes and stricter STR timelines) the landscape is evolving rapidly.

Financial Institutions must adopt a proactive stance: assess risks, align policies, invest in appropriate technology, train staff and ensure senior-management oversight. For RegTech and AML/financial crime teams (such as at ZIGRAM) this opens an opportunity to partner effectively in embedding strong controls and enabling compliance.

By doing so, Institutions not only meet regulatory requirements but also strengthen their defences against money laundering, terrorism financing and broader financial crime — thereby preserving trust, protecting their brand—and ultimately enabling growth in the dynamic Singapore-based financial market