2. In the Financial Services and Markets Act 2022 (called in this Act the principal Act), after Part 4, insert —“PART 4A | information sharing scheme for prescribed financial institutions |
28A.—(1) The purpose of this Part is to permit the disclosure, publication and sharing of certain information (despite any restriction against the disclosure, publication or sharing of that information imposed by law, contract or rules of professional conduct) between or amongst the persons mentioned in subsection (2), for any of the following purposes: | (a) | the prevention and detection of money laundering; | | (b) | the prevention and detection of terrorism financing; | | (c) | the prevention and detection of the financing of proliferation of weapons of mass destruction. |
(2) The persons mentioned in subsection (1) are any of the following:| (a) | any bank in Singapore or financial institution (other than a bank), to which this Part applies; | | (b) | the Authority; | | (c) | any STRO; | | (d) | any person specified in the second column of Part 1 or 2 of the Third Schedule. |
|
| (3) Any information disclosed, published or shared under this Part may only be used for a purpose mentioned in subsection (1), except as otherwise provided for in this Part. |
|
| Interpretation of this Part |
28B. In this Part —| “bank in Singapore” has the meaning given by section 2(1) of the Banking Act 1970; |
“beneficial owner”, in relation to a relevant party of a prescribed financial institution, means —| (a) | an individual who ultimately owns or controls the relevant party; | | (b) | an individual who exercises ultimate effective control over the relevant party; or | | (c) | an individual on whose behalf the relevant party carries out any transaction, or establishes any relationship, with the prescribed financial institution; |
|
“beneficiary institution” —| (a) | in relation to a wire transfer, means the bank in Singapore or other financial institution that receives the wire transfer from the ordering institution, directly or through an intermediary institution, and makes the funds available to the wire transfer beneficiary; and | | (b) | in relation to a value transfer, means the bank in Singapore or other financial institution that receives the value transfer from the ordering institution, directly or through an intermediary institution, and makes one or more digital tokens available to the value transfer beneficiary; |
|
| “capital markets products” has the meaning given by section 2(1) of the Securities and Futures Act 2001; |
| “cover payment chain” means a chain of wire transfers each of which combines a payment message sent directly by the ordering institution to the beneficiary institution with the routing of the funding instruction from the ordering institution to the beneficiary institution through one or more intermediary institutions; |
| “digital payment token” has the meaning given by section 2(1) of the Payment Services Act 2019; |
“digital token” means —| (a) | a digital payment token; or | | (b) | a digital representation of a capital markets product which —| (i) | can be transferred, stored or traded electronically; and | | (ii) | satisfies such other characteristics as the Authority may prescribe, |
|
| but does not include an excluded digital token; |
|
| “excluded digital token” means a digital token that is prescribed by the Authority as an excluded digital token; |
| “high-risk indicators” has the meaning given by section 28G(7); |
“identifying information” means any of the following information:| (a) | full name, including any alias used; | | (b) | date of birth, for an individual; | | (c) | date of incorporation or registration, for a body corporate or unincorporate; | | (d) | address or addresses, which must be —| (i) | for an individual, the address of the individual’s usual place of residence; or | | (ii) | for a body corporate or unincorporate, the address of its registered office, the address of its principal place of business, or both; |
| | (e) | contact details; | | (f) | nationality, for an individual, or place of incorporation or registration, for a body corporate or unincorporate; | | (g) | identification number, which must be —| (i) | for an individual —| (A) | an identity card number; | | (B) | a passport number; | | (C) | a taxpayer identification number; or | | (D) | the number of any other document of identity issued by any government as evidence of the individual’s nationality or residence and bearing a photograph of the individual; or |
| | (ii) | for a body corporate or unincorporate —| (A) | a registration number; or | | (B) | the number of any other document issued by any government certifying the incorporation, registration or existence of the body corporate or unincorporate; |
|
| | (h) | the type of identifying document referred to in paragraph (g) and the expiry date (if any) of the identifying document; | | (i) | occupation, for an individual, or business, for a body corporate or unincorporate; | | (j) | any other information that the Authority may prescribe; |
|
“intermediary institution” —| (a) | in relation to a wire transfer, means the bank in Singapore or other financial institution in a serial payment chain or cover payment chain that —| (i) | on behalf of an ordering institution —| (A) | receives a wire transfer from the ordering institution; and | | (B) | transmits the wire transfer to —| (BA) | the beneficiary institution; or | | (BB) | another intermediary institution; |
|
| | (ii) | on behalf of a beneficiary institution —| (A) | receives a wire transfer from —| (AA) | the ordering institution; or | | (AB) | another intermediary institution; and |
| | (B) | transmits the wire transfer to the beneficiary institution; or |
| | (iii) | on behalf of an intermediary institution (A) —| (A) | receives a wire transfer from A; and | | (B) | transmits the wire transfer to —| (BA) | the beneficiary institution; or | | (BB) | another intermediary institution; and |
|
|
| | (b) | in relation to a value transfer, means the bank in Singapore or other financial institution that —| (i) | on behalf of an ordering institution —| (A) | receives a value transfer from the ordering institution; and | | (B) | transmits the value transfer to —| (BA) | the beneficiary institution; or | | (BB) | another intermediary institution; |
|
| | (ii) | on behalf of a beneficiary institution —| (A) | receives a value transfer from —| (AA) | the ordering institution; or | | (AB) | another intermediary institution; and |
| | (B) | transmits the value transfer to the beneficiary institution; or |
| | (iii) | on behalf of an intermediary institution (A) —| (A) | receives a value transfer from A; and | | (B) | transmits the value transfer to —| (BA) | the beneficiary institution; or | | (BB) | another intermediary institution; |
|
|
|
|
| “limited liability partnership” has the meaning given by section 4(1) of the Limited Liability Partnerships Act 2005; |
| “manager”, in relation to a limited liability partnership, has the meaning given by section 2(1) of the Limited Liability Partnerships Act 2005; |
“officer” —| (a) | in relation to a body corporate, includes —| (i) | a director, a secretary or an employee of the body corporate; | | (ii) | a receiver or manager of any part of the undertaking of the body corporate appointed under a power contained in any instrument; and | | (iii) | the liquidator of the body corporate appointed in a voluntary winding up; and |
| | (b) | in relation to a body unincorporate (other than a partnership), means the president, the secretary, or any member of the committee of the body unincorporate, and includes —| (i) | any person holding a position analogous to that of president, secretary or member of a committee of the body unincorporate; and | | (ii) | any person purporting to act in any such capacity; |
|
|
“ordering institution” —| (a) | in relation to a wire transfer, means the bank in Singapore or other financial institution that, upon receiving a request for a wire transfer by the wire transfer originator, initiates the wire transfer and transfers the funds on behalf of the wire transfer originator; and | | (b) | in relation to a value transfer, means the bank in Singapore or other financial institution that, upon receiving a request for a value transfer by the value transfer originator, initiates the value transfer and transfers the digital tokens on behalf of the value transfer originator; |
|
| “partner”, in relation to a limited liability partnership, has the meaning given by section 2(1) of the Limited Liability Partnerships Act 2005; |
“prescribed financial institution” means any of the following:| (a) | a bank in Singapore prescribed by regulations made under section 192 read with section 28C(a); | | (b) | a financial institution (other than a bank) prescribed by regulations made under section 192 read with section 28C(b); |
|
| “relationship”, in relation to a prescribed financial institution and a person, means the relationship between the prescribed financial institution and the person in the person’s capacity as a customer of the prescribed financial institution; |
“relevant party”, in relation to a prescribed financial institution, means a person who —| (a) | is a customer, seeks to be a customer or has been a customer of the prescribed financial institution; and | | (b) | is either —| (i) | prescribed by regulations made under section 192 as a relevant party of that prescribed financial institution; or | | (ii) | a member of a class of persons prescribed by regulations made under section 192 as relevant parties of the prescribed financial institution; |
|
|
“risk information”, in relation to a relevant party of a prescribed financial institution, means any of the following information or documents:| (a) | any particulars of the relevant party, including any identifying information of —| (i) | the relevant party; | | (ii) | the authorised signatory or signatories of the relevant party; | | (iii) | the beneficial owner or owners of the relevant party; | | (iv) | any officer of the relevant party; | | (v) | where the relevant party is a partnership, any partner of the relevant party; and | | (vi) | where the relevant party is a limited liability partnership, any partner or manager of the relevant party; |
| | (b) | any particulars of the relationship between the relevant party and the prescribed financial institution; | | (c) | any particulars of any transaction the relevant party is a party to; | | (d) | any particulars of the high‑risk indicators in relation to the relevant party that the prescribed financial institution knows of; | | (e) | the prescribed financial institution’s analysis of the high‑risk indicators mentioned in paragraph (d); | | (f) | any other information that the prescribed financial institution has obtained, or any other analysis that the prescribed financial institution has performed, for the purpose of assessing whether the relevant party may have been or may be concerned in money laundering, terrorism financing, or the financing of proliferation of weapons of mass destruction; | | (g) | any documents evidencing any of the matters in paragraphs (a) to (f); | | (h) | any other information or documents that the Authority may prescribe; |
|
| “serial payment chain” means a direct sequential chain of payment where the wire transfer and accompanying payment message travel together from the ordering institution to the beneficiary institution, directly or through one or more intermediary institutions; |
| “STRO” means any Suspicious Transaction Reporting Officer as defined in section 2(1) of the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act 1992; |
| “threshold criteria”, in relation to a prescribed financial institution, means the criteria issued by the Authority under section 28G(1)(a) to the prescribed financial institution; |
| “value transfer” means any transaction carried out on behalf of a value transfer originator through a financial institution by electronic means with a view to making one or more digital tokens available to a value transfer beneficiary, irrespective of whether the value transfer originator and the value transfer beneficiary are the same person; |
| “value transfer beneficiary” means the person who is identified by the value transfer originator as the receiver of the digital tokens to be transferred in a value transfer; |
“value transfer originator” means —| (a) | a person who holds an account containing digital tokens with a financial institution and who allows a value transfer from that account; or | | (b) | a person who does not hold an account containing digital tokens with a financial institution, but who requests the financial institution to initiate a value transfer; |
|
| “wire transfer” means any transaction carried out on behalf of a wire transfer originator through a financial institution by electronic means with a view to making an amount of funds available to a wire transfer beneficiary, irrespective of whether the wire transfer originator and the wire transfer beneficiary are the same person; |
| “wire transfer beneficiary” means the person who is identified by the wire transfer originator as the receiver of the funds to be transferred in a wire transfer; |
“wire transfer originator” means —| (a) | a person who holds an account containing funds with a financial institution and who allows a wire transfer from that account; or | | (b) | a person who does not hold an account containing funds with a financial institution, but who requests the financial institution to initiate a wire transfer. |
|
|
| Prescribed financial institutions |
28C. For the purposes of this Part, the Authority may by regulations made under section 192 prescribe —| (a) | a bank in Singapore as a bank in Singapore to which this Part applies; and | | (b) | a financial institution (other than a bank) as a financial institution to which this Part applies. |
|
| Division 2 — Disclosure of risk information |
| Request for risk information |
28D.—(1) Subject to this section, a prescribed financial institution (called in this section the requester) may request from another prescribed financial institution (called in this section the discloser) any risk information relating to —| (a) | a relevant party of the requester which the requester knows or has reason to believe is a relevant party of the discloser; | | (b) | a relevant party of the requester, where the requester knows that the relevant party is a party to a wire transfer or value transfer in respect of which the discloser is —| (i) | the ordering institution; | | (ii) | the intermediary institution; or | | (iii) | the beneficiary institution, the wire transfer beneficiary or the value transfer beneficiary; |
| | (c) | a relevant party (A) of the discloser, where the requester knows that a relevant party of the requester and A are counterparties to a wire transfer or value transfer in respect of which the discloser is —| (i) | the ordering institution; or | | (ii) | the beneficiary institution; |
| | (d) | a relevant party of the requester, where the requester knows that the relevant party is a party to a series of wire transfers or value transfers in respect of which for any wire transfer in the series of wire transfers or value transfer in the series of value transfers (as the case may be), the discloser is —| (i) | the ordering institution; | | (ii) | the intermediary institution; or | | (iii) | the beneficiary institution, the wire transfer beneficiary or the value transfer beneficiary; or |
| | (e) | a relevant party (B) of the discloser, where the requester knows that a relevant party of the requester and B are counterparties to a series of wire transfers or value transfers in respect of which for any wire transfer in the series of wire transfers or value transfer in the series of value transfers (as the case may be), the discloser is —| (i) | the ordering institution; or | | (ii) | the beneficiary institution. |
|
(2) A requester must be satisfied of the following before making a request under subsection (1):| (a) | the threshold criteria for the request applicable to the requester are satisfied; | | (b) | in the case of a request under paragraph (b) or (c) of subsection (1), that at least one high‑risk indicator of the requester’s relevant party considered by the requester in determining that the threshold criteria are satisfied relates to the wire transfer or value transfer in respect of which the request under that paragraph was made; | | (c) | in the case of a request under paragraph (d) or (e) of subsection (1), that at least one high‑risk indicator of the requester’s relevant party considered by the requester in determining that the threshold criteria are satisfied relates to the series of wire transfers or value transfers in respect of which the request under that paragraph was made. |
|
(3) A request mentioned in subsection (1) must —| (a) | disclose the threshold criteria applicable to the requester and identify the high‑risk indicators of the requester’s relevant party that the requester has considered in determining that the threshold criteria applicable to the requester are satisfied; | | (b) | contain a statement to the effect that the requester is satisfied that the threshold criteria applicable to the requester are satisfied; and | | (c) | explain how the risk information requested would assist the requester in assessing whether the relevant party of the requester mentioned in subsection (1) may have been or may be concerned in money laundering, terrorism financing, or the financing of proliferation of weapons of mass destruction. |
|
(4) A requester may, in making a request under subsection (1), disclose any risk information that the requester considers necessary to —| (a) | comply with subsection (3); or | | (b) | enable the discloser to identify the risk information that is being requested and to comply with the request. |
|
| (5) Subject to subsection (6), a discloser that has the risk information requested may disclose that risk information. |
(6) Before disclosing any risk information under subsection (5), the discloser must be satisfied of all of the following:| (a) | the threshold criteria applicable to the requester are satisfied; | | (b) | the risk information requested is necessary to assist the requester to assess whether the relevant party of the requester mentioned in subsection (1) may have been or may be concerned in money laundering, terrorism financing, or the financing of proliferation of weapons of mass destruction, as explained by the requester under subsection (3)(c); | | (c) | the kind and amount of risk information requested for is proportionate, having regard to the likelihood that the relevant party of the requester mentioned in subsection (1) may have been or may be concerned in money laundering, terrorism financing, or the financing of proliferation of weapons of mass destruction, as explained by the requester under subsection (3)(c). |
|
| (7) A discloser that declines to disclose the risk information requested because the discloser is not satisfied of one or more of the matters referred to in subsection (6), must notify the requester of the discloser’s decision and the discloser’s reasons for the decision. |
| (8) A discloser may disclose any other risk information that it has if the discloser is satisfied that the other risk information is related to the requester’s request and will assist the requester to assess whether the relevant party of the requester mentioned in subsection (1) may have been or may be concerned in money laundering, terrorism financing, or the financing of proliferation of weapons of mass destruction. |
|
| Provision of risk information |
28E.—(1) Subject to this section, a prescribed financial institution (called in this section the discloser) may on its own motion disclose to another prescribed financial institution (called in this section the recipient) any risk information relating to —| (a) | a relevant party of the discloser which the discloser knows or has reason to believe is a relevant party of the recipient; | | (b) | a relevant party of the discloser, where the discloser knows that the relevant party is a party to a wire transfer or value transfer in respect of which the recipient is —| (i) | the ordering institution; | | (ii) | the intermediary institution; or | | (iii) | the beneficiary institution, the wire transfer beneficiary or the value transfer beneficiary; |
| | (c) | a relevant party (A) of the recipient, where the discloser knows that a relevant party of the discloser and A are counterparties to a wire transfer or value transfer in respect of which the recipient is —| (i) | the ordering institution; or | | (ii) | the beneficiary institution; |
| | (d) | a relevant party of the discloser, where the discloser knows that the relevant party is a party to a series of wire transfers or value transfers in respect of which for any wire transfer in the series of wire transfers or value transfer in the series of value transfers (as the case may be), the recipient is —| (i) | the ordering institution; | | (ii) | the intermediary institution; or | | (iii) | the beneficiary institution, the wire transfer beneficiary or the value transfer beneficiary; or |
| | (e) | a relevant party (B) of the recipient, where the discloser knows that a relevant party of the discloser and B are counterparties to a series of wire transfers or value transfers in respect of which for any wire transfer in the series of wire transfers or value transfer in the series of value transfers (as the case may be), the recipient is —| (i) | the ordering institution; or | | (ii) | the beneficiary institution. |
|
(2) A discloser must be satisfied of the following before making a disclosure under subsection (1):| (a) | the threshold criteria for the disclosure applicable to the discloser are satisfied; | | (b) | in the case of a disclosure under paragraph (b) or (c) of subsection (1), that at least one high‑risk indicator of the discloser’s relevant party considered by the discloser in determining that the threshold criteria are satisfied relates to the wire transfer or value transfer in respect of which the disclosure under that paragraph was made; | | (c) | in the case of a disclosure under paragraph (d) or (e) of subsection (1), that at least one high‑risk indicator of the discloser’s relevant party considered by the discloser in determining that the threshold criteria are satisfied relates to the series of wire transfers or value transfers in respect of which the disclosure under that paragraph was made. |
|
|
| Publication on electronic information sharing system |
28F.—(1) Subject to this section, a prescribed financial institution (called in this section a lister) that —| (a) | has made a suspicious transaction report in respect of any property; and | | (b) | has —| (i) | declined to establish a relationship, or decided to decline to establish a relationship, with a relevant party connected to the property; or | | (ii) | terminated a relationship, or decided to terminate a relationship, with a relevant party connected to the property, |
|
| may publish any risk information that the Authority may specify relating to the relevant party connected to the property to all prescribed financial institutions on the electronic information sharing system established under section 28N(1). |
| (2) Before making a publication under subsection (1), the lister must be satisfied that the threshold criteria for publication applicable to the lister are satisfied. |
| (3) Any prescribed financial institution may access the risk information published by the lister under subsection (1). |
(4) For the purposes of this section, a relevant party is connected to a property if —| (a) | the property is owned or controlled, directly or indirectly, by the relevant party; or | | (b) | where the property is —| (i) | the subject of a transaction that is a wire transfer, the relevant party is the wire transfer originator or wire transfer beneficiary; and | | (ii) | the subject of a transaction that is a value transfer, the relevant party is the value transfer originator or value transfer beneficiary. |
|
|
| (5) In this section, “suspicious transaction report” means a disclosure under section 45(1) of the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act 1992. |
|
| Threshold criteria and high-risk indicators |
28G.—(1) The Authority must issue to each prescribed financial institution (A) —| (a) | the criteria applicable to A for determining whether —| (i) | risk information relating to a relevant party may be requested by A under section 28D; and | | (ii) | risk information relating to a relevant party may be disclosed by A under section 28E, or published by A under section 28F; and |
| | (b) | the high‑risk indicators of relevant parties of A that must be considered in determining whether the threshold criteria applicable to A are satisfied. |
(2) Subject to subsection (3) —| (a) | the criteria mentioned in subsection (1)(a) must not be divulged by A or any officer of A except —| (i) | as permitted by section 28D, 28E or 28F; | | (ii) | as required by a written notice issued under section 28H to correct an error or omission in risk information disclosed under section 28D or 28E, or published under section 28F; or | | (iii) | as expressly permitted by the Authority; and |
| | (b) | the high‑risk indicators mentioned in subsection (1)(b) must not be divulged by A or any officer of A except —| (i) | as permitted by section 28D, 28E or 28F; | | (ii) | as required by a written notice issued under section 28H to correct an error or omission in risk information disclosed under section 28D or 28E, or published under section 28F; or | | (iii) | as expressly permitted by the Authority. |
|
|
(3) The criteria and high‑risk indicators mentioned in subsection (1) may be divulged —| (a) | by A to any officer of A solely in connection with the performance of the duties of the officer in A; and | | (b) | by any officer of A to any other officer of A, solely in connection with the performance of their duties in A. |
|
| (4) The Authority may issue the criteria under subsection (1)(a) or the high‑risk indicators under subsection (1)(b) (or both) to a class of prescribed financial institutions and if so, the Authority is to inform each prescribed financial institution of that class of that fact and the identity of the members of that class. |
| (5) The obligation under subsection (2) applies to any officer of the prescribed financial institution despite the officer’s subsequent cessation of appointment or employment as an officer of the prescribed financial institution. |
(6) A person that contravenes subsection (2) shall be guilty of an offence and shall be liable on conviction —| (a) | in the case of an individual, to a fine not exceeding $125,000 or to imprisonment for a term not exceeding 3 years or to both; or | | (b) | in any other case, to a fine not exceeding $1 million. |
|
(7) In this section, “high‑risk indicators”, in relation to a relevant party of a prescribed financial institution, means —| (a) | any behaviour of the relevant party of the prescribed financial institution; or | | (b) | any circumstance, |
| that indicates a high risk that the relevant party of the prescribed financial institution may have been or may be concerned in money laundering, terrorism financing, or the financing of proliferation of weapons of mass destruction. |
|
|
| Power of Authority to issue written notice |
28H.—(1) The Authority may, if it thinks it necessary or expedient for the effective administration of this Part, issue a written notice, either of a general or specific nature, to any prescribed financial institution or any class of prescribed financial institutions, to comply with any requirement that the Authority may specify in the notice, relating to any request for, access to, disclosure of or publication of any risk information under section 28D, 28E or 28F. (2) Without limiting subsection (1), such a notice may be issued —| (a) | with respect to —| (i) | the measures to be taken to ensure the accuracy and completeness of any risk information requested for, accessed, disclosed or published under section 28D, 28E or 28F (called in this section specified risk information), including the measures to be taken to correct any error or omission in any specified risk information and a requirement to notify the Authority as soon as practicable after any such error or omission comes to the knowledge of the prescribed financial institution; | | (ii) | the protection of specified risk information from unauthorised use and disclosure, including the systems and processes to be established to keep any specified risk information confidential; | | (iii) | the form and manner of any disclosure or publication of risk information under section 28D, 28E or 28F; and | | (iv) | the records to be kept in relation to any request for, access to, disclosure of or publication of any risk information under section 28D, 28E or 28F; and |
| | (b) | to require any person that contravenes, has contravened, or is likely to contravene any provision of this Part, the contravention of which is an offence, to implement, within the time frame specified in the notice, the measures specified in the notice for the purpose of rectifying, remediating or mitigating the consequences of the contravention or to prevent the contravention of that provision, as the case may be. |
|
| (3) It is not necessary to publish any written notice issued under subsection (1) in the Gazette. |
| (4) The Authority may at any time vary, rescind or revoke any written notice issued under subsection (1). |
(5) A prescribed financial institution that fails to comply with any requirement applicable to it specified in a written notice issued under subsection (1) shall be guilty of an offence and shall be liable on conviction —| (a) | to a fine not exceeding $1 million; and | | (b) | in the case of a continuing offence, to a further fine of $100,000 for every day or part of a day during which the offence continues after conviction. |
|
|
| Immunity and negation of secrecy obligations |
28I. A prescribed financial institution or an officer of a prescribed financial institution authorised to act for the prescribed financial institution, or both —| (a) | may —| (i) | in accordance with the provisions of section 28D, 28E or 28F; or | | (ii) | as required by a written notice issued under section 28H, for the purpose of correcting an error or omission in risk information —| (A) | disclosed under section 28D or 28E; or | | (B) | published under section 28F, |
|
| disclose or publish (as the case may be) any risk information relating to any relevant party despite any obligation as to secrecy or other restrictions upon the disclosure of information imposed by any written law, rule of law, contract or rule of professional conduct; and |
| | (b) | is or are not liable for any loss arising out of the disclosure or publication, or any act or omission in consequence of the disclosure or publication if the disclosure or publication was —| (i) | made or published (as the case may be) with reasonable care and in good faith; and | | (ii) | made or published (as the case may be) either —| (A) | in accordance with section 28D, 28E or 28F; or | | (B) | as required by a written notice issued under section 28H, for the purpose of correcting an error or omission in risk information —| (BA) | disclosed under section 28D or 28E; or | | (BB) | published under section 28F. |
|
|
|
|
| False or misleading disclosures |
28J. A prescribed financial institution, or an officer of the prescribed financial institution, that knowingly or recklessly —| (a) | discloses any risk information under section 28D or 28E; | | (b) | publishes any risk information under section 28F; or | | (c) | makes any correction to the risk information mentioned in paragraph (a) or (b), |
| that is false or misleading in a material particular, shall be guilty of an offence and shall be liable on conviction — |
| (d) | in the case of an individual, to a fine not exceeding $125,000 or to imprisonment for a term not exceeding 3 years or to both; or | | (e) | in any other case, to a fine not exceeding $1 million. |
|
| Division 3 — Access to and use of risk information disclosed |
| Use of disclosed risk information by prescribed financial institution |
28K.—(1) A prescribed financial institution must not disclose any risk information that it receives or accesses under this Part to any other person except as expressly provided for in subsection (2) or (3).(2) A prescribed financial institution may, for a purpose specified in the first column of Part 1 of the Third Schedule, disclose —| (a) | any risk information that the prescribed financial institution receives under section 28D or 28E; | | (b) | any risk information that the prescribed financial institution accesses under section 28F; or | | (c) | any correction to any risk information mentioned in paragraph (a) or (b), |
| to a person or class of persons specified in the second column of Part 1 of the Third Schedule. |
|
(3) A prescribed financial institution may, for a purpose specified in the first column of Part 2 of the Third Schedule, disclose —| (a) | any risk information that the prescribed financial institution receives under section 28D or 28E; | | (b) | any risk information that the prescribed financial institution accesses under section 28F; or | | (c) | any correction to any risk information mentioned in paragraph (a) or (b), |
| to a person specified in the second column of Part 2 of the Third Schedule but subject to the restrictions and conditions specified in the third column of that Part of that Schedule. |
|
| (4) A person in Singapore that is specified in the second column of Part 2 of the Third Schedule must not disclose any risk information that the person receives from a prescribed financial institution under this Part unless the person is required to do so by an order of court. |
(5) In this section and the Third Schedule —| (a) | where disclosure of risk information is authorised under the Third Schedule to be made to any person that is a body corporate, risk information may be disclosed to any officer of the body corporate as may be necessary for the purpose for which the disclosure is authorised under that Schedule; | | (b) | the obligation under subsection (1) —| (i) | applies to any officer of the prescribed financial institution who received the risk information mentioned in that subsection for the prescribed financial institution or had access to the risk information; and | | (ii) | continues despite the officer’s subsequent cessation of appointment or employment as an officer of the prescribed financial institution; and |
| | (c) | the obligation under subsection (4) —| (i) | applies to any officer in Singapore of a person in Singapore that is a body corporate, who received the risk information mentioned in that subsection for the body corporate or had access to the risk information; and | | (ii) | continues despite the officer’s subsequent cessation of appointment or employment as an officer of the body corporate. |
|
|
(6) A person who contravenes subsection (1), subsection (1) (as applied by subsection (5)(b)), subsection (4) or subsection (4) (as applied by subsection (5)(c)) shall be guilty of an offence and shall be liable on conviction —| (a) | in the case of an individual, to a fine not exceeding $125,000 or to imprisonment for a term not exceeding 3 years or to both; or | | (b) | in any other case, to a fine not exceeding $250,000. |
|
|
| Use of disclosed risk information by Authority and STROs |
28L.—(1) The Authority is entitled —| (a) | to a copy of every disclosure of risk information made by a prescribed financial institution under section 28D or 28E, including any correction to such risk information; and | | (b) | to access every publication of risk information by a prescribed financial institution under section 28F, including any correction to such risk information. |
(2) The Authority may only use the risk information mentioned in subsection (1) for the purpose of detecting and preventing —| (a) | money laundering; | | (b) | terrorism financing; or | | (c) | the financing of proliferation of weapons of mass destruction. |
|
| (3) Without limiting subsection (2), the Authority may disclose any risk information mentioned in subsection (1) to another prescribed financial institution for the purpose of detecting and preventing any of the matters specified in subsection (2)(a), (b) or (c). |
| (4) The Authority may give any STRO access to all or any risk information disclosed or published (including any correction to such risk information) on the electronic information sharing system established and maintained under section 28N(1), for the purpose of detecting and preventing any of the matters specified in subsection (2)(a), (b) or (c). |
| (5) To avoid doubt, subsections (2) and (4) do not prevent the disclosure of any information by the Authority under and in accordance with Division 2 of Part 4. |
|
| Application of sections 21 and 22 of Personal Data Protection Act 2012 |
28M. Sections 21 and 22 of the Personal Data Protection Act 2012 do not apply to a prescribed financial institution in relation to any personal data about an individual that is in the possession or under the control of the prescribed financial institution if —| (a) | the personal data was risk information received by the prescribed financial institution under section 28D or 28E, including any correction to such risk information; or | | (b) | the personal data was risk information accessed by the prescribed financial institution under section 28F, including any correction to such risk information. |
|
| Division 4 — Electronic information sharing system |
| Establishment of electronic information sharing system |
28N.—(1) The Authority must establish and maintain an electronic information sharing system for the purpose of —| (a) | enabling requests for risk information under section 28D to be made by prescribed financial institutions; | | (b) | enabling disclosures of risk information under sections 28D and 28E to be disclosed and received by prescribed financial institutions; | | (c) | enabling disclosures of risk information under section 28F to be published and accessed by prescribed financial institutions; | | (d) | enabling corrections to any error or omission in the risk information mentioned in paragraph (b) or (c) to be made; and | | (e) | keeping a record of the requests, disclosures and corrections mentioned in paragraphs (a) to (d). |
(2) Subject to subsection (3), any request for risk information made under section 28D, any disclosure of risk information made under section 28D or 28E, any publication of risk information under section 28F, and any correction to any error or omission in such risk information, must be made —| (a) | using the electronic information sharing system established under subsection (1); and | | (b) | in accordance with the rules for use of the electronic information sharing system established under subsection (1) published by the Authority. |
|
(3) If —| (a) | any request for risk information under section 28D; | | (b) | any disclosure of risk information under section 28D or 28E; | | (c) | any publication of risk information under section 28F; or | | (d) | any correction to any error or omission in the risk information mentioned in paragraph (b) or (c), |
| cannot be made using the electronic information sharing system established under subsection (1) (whether because of a failure or unavailability of or interruption to the electronic information sharing system or otherwise), the prescribed financial institution may make the request, disclosure, publication or correction in the manner specified in any direction published by the Authority. |
|
| (4) If any publication of risk information under section 28F (including any correction to any error or omission in such risk information) cannot be accessed by any prescribed financial institution, the Authority must provide reasonable alternative means by which the risk information may be accessed by the prescribed financial institution. |
| (5) Where a prescribed financial institution informs the Authority that the prescribed financial institution refuses to comply with any rules for use of the electronic information sharing system mentioned in subsection (2)(b), the Authority may refuse to grant the prescribed financial institution access to the electronic information sharing system. |
| (6) Where a prescribed financial institution fails to comply with any rules for use of the electronic information sharing system mentioned in subsection (2)(b), the Authority may terminate, suspend or restrict the prescribed financial institution’s access to the electronic information sharing system. |
(7) To avoid doubt, the Authority may —| (a) | use the electronic information sharing system established under subsection (1) to disseminate any risk information mentioned in section 28L(1) to another prescribed financial institution for the purpose of detecting or preventing any of the matters specified in section 28L(2)(a), (b) or (c); | | (b) | allow a prescribed financial institution to use the electronic information sharing system established under subsection (1) to communicate with another prescribed financial institution in relation to —| (i) | any request for risk information under section 28D; | | (ii) | any disclosure of risk information under section 28D or 28E; | | (iii) | any publication of risk information under section 28F; or | | (iv) | any correction to any error or omission in the risk information mentioned in sub‑paragraph (ii) or (iii); or |
| | (c) | use the electronic information sharing system established under subsection (1) to analyse any risk information mentioned in section 28L(1) for the purpose of detecting or preventing any of the matters specified in section 28L(2)(a), (b) or (c).”. |
|
|
|
|
|
