The release of the 2026 FATF Mutual Evaluation Report (“MER”) in Singapore marks a significant development for Regulated Financial Institutions (“RFIs” or “Institutions”) operating within Singapore’s financial ecosystem. While Singapore continues to maintain a strong AML/CFT framework and achieved largely positive ratings across multiple Immediate Outcomes, the report also highlights critical gaps and evolving regulatory expectations. These are areas that will likely attract heightened supervisory scrutiny in the coming years.

For regulated entities such as Capital Markets Services Licence holders (“CMSLs”), Venture Capital Fund Managers (“VCFMs”), Payment Service Providers, Digital Payment Token Service Providers (“DPTSPs”), Trust Companies, and even Corporate Service Providers, the report is not merely a benchmarking exercise; it is a clear signal of where Monetary Authority of Singapore (“MAS”) and the Financial Action Task Force (“FATF”) expect firms to strengthen controls, governance, and operational effectiveness.

For many RFIs, FATF Singapore 2026 will likely influence future supervisory priorities, inspection focus areas, and regulatory remediation expectations.

What Changed Under FATF Singapore 2026

The 2026 MER operates on a six-year cycle, significantly shorter than earlier FATF mutual evaluation rounds. The revised approach also emphasises time-bound Key Recommended Actions. FATF has moved away from merely assessing whether laws exist and now focuses on whether Institutions are operationalising those laws effectively to mitigate major risks.

Key Enhancements Since the Previous Evaluation:

• Intelligence & Automation: Massive investment in technology and data integration to produce actionable financial intelligence.
• Whole-of-Government Coordination: Highly effective cross-agency platforms like the AML/CFT Steering Committee and AML Case Co-ordination and Collaboration Network.
• Public-Private Partnerships: Stronger tactical collaboration through the AML/CFT Industry Partnership.
• Agile Risk Monitoring: A dynamic approach allowing Singapore to pivot quickly toward emerging threats like virtual assets.

Importantly, FATF repeatedly emphasised that Singapore’s AML/CFT system must now produce “demonstrable and consistent risk-based results.” These developments further reinforce the heightened supervisory expectations emerging from FATF Singapore 2026.

Key FATF Singapore 2026 Supervisory Focus Areas

The 2026 MER highlights several strategic risk areas that MAS and FATF are increasingly prioritising as part of Singapore’s evolving AML/CFT and Countering Proliferation Financing (“CPF”) framework.

Cross-Border Financial Crime

Singapore is a globally significant International Financial Centre (“IFC”). Its strong reputation, political stability, mature financial sector, and global connectivity may make it attractive to criminals seeking to launder proceeds from foreign predicate offences. FATF identifies cyber-enabled fraud, corruption, tax crimes, and trade-based money laundering as the highest priority threats. RFIs should strengthen controls over Source of Wealth and Source of Funds, especially for offshore structures and foreign Politically Exposed Persons.

Virtual Assets and Digital Payment Tokens

Singapore has developed into one of the world’s most significant virtual asset hubs, increasing regulatory focus on DPTSPs. Key priorities include consistent implementation of the “Travel Rule” for value transfers and the proactive use of blockchain analytics to detect suspicious wallet activities. FATF noted that while understanding is solid at a sectoral level, RFIs must improve the detection of funds transiting through Singapore via crypto assets.

Beneficial Ownership (BO) Transparency

A central theme is the transparency and accessibility of BO information, particularly involving Variable Capital Companies (“VCCs”), Single Family Offices, and Unregistered Foreign Companies (UFCs). The Accounting and Corporate Regulatory Authority (“ACRA”) maintains a central BO registry covering all domestically created legal persons. Basic information is publicly accessible for a fee, while law enforcement agencies receive full direct access. However, FATF noted that VCCs are exempt from filing BO information with ACRA. Instead, RFIs acting as fund managers maintain the relevant BO information. Similarly, the central registry does not fully capture UFCs in all cases. These structural exclusions create significant transparency gaps. Access to BO information for these entities depends on identifying and approaching the relevant FI or competent authority, a process that is not always timely or guaranteed.

Beyond these structural exclusions, limited mechanisms exist to ensure the accuracy and verification of BO information filed within the registry. Singapore does not verify BO information at the point of filing into the central BO registry. Instead, it relies on Corporate Service Providers to conduct proper Customer Due Diligence (“CDD”), identify BOs, and ensure the accuracy of filed information. These gaps may increase the risk of misuse of complex legal structures such as VCCs and multi-layered ownership arrangements. RFIs should therefore strengthen measures to identify and verify the natural persons behind complex ownership arrangements, particularly those involving VCCs, UFCs, and layered structures.

Proliferation Financing (PF)

PF remains a key supervisory focus given Singapore’s status as an international financial, trade, and maritime hub. FATF acknowledged that Singapore has established a strong legal and regulatory framework for PF controls. This is particularly evident in relation to Democratic People’s Republic of Korea (“DPRK”)-related typologies, ship-to-ship transfers, and the movement of dual-use goods. However, the MER highlights the need for stronger risk-based supervisory coverage and engagement across higher-risk sectors. This includes enhanced awareness among representation offices of foreign flag States. RFIs should therefore continue strengthening trade finance controls, sanctions screening, and PF risk monitoring frameworks.

Practical Considerations RFIs Should Start Preparing For

Practical implications arising from FATF Singapore 2026 are expected to shape future supervisory engagements, inspection priorities, and remediation expectations across higher-risk sectors.

Strengthen Customer Risk Assessment Frameworks

What FATF said: FATF emphasised the importance of robust, risk-based controls and customer risk assessment frameworks, particularly in higher-risk areas such as cross-border transactions, complex ownership structures, and legal arrangements. The report noted that Singapore could strengthen its overall AML/CFT framework through more consistent, risk-based supervisory approaches and stronger identification and mitigation of higher-risk scenarios.

What RFIs must do: Ensure that customer risk assessments remain dynamic, evidence-based, and tailored to the institution’s business activities. RFIs should apply enhanced scrutiny to complex structures, trusts, and customers whose profiles include higher-risk characteristics. These may include a foreign dimension, such as foreign-sourced funds or foreign business dealings, where they elevate the overall risk assessment. A foreign nexus alone does not automatically render a customer higher risk; institutions must weigh it alongside other relevant risk factors as part of a holistic assessment.

Source of Wealth Verification (SOW)

What FATF said: FATF highlighted the elevated money laundering risks associated with Singapore’s role as an international financial and wealth management centre. These risks are particularly relevant in relation to foreign-sourced funds, complex ownership structures, and higher-risk customers. The report emphasised the importance of robust, risk-based controls and enhanced due diligence measures in mitigating these risks.

What RFIs must do: Adopt a more evidence-based approach to SOW assessments, particularly for higher-risk customers. This includes obtaining reliable supporting documentation, assessing consistency with the customer’s profile and transaction activity, and escalating material discrepancies for further review. RFIs should also conduct periodic reviews to ensure SOW information remains current and aligned with the customer’s evolving risk profile.

Enhance Transaction Monitoring and Sanctions Controls

What FATF said: Institutions were not effectively identifying or escalating suspicious patterns, a deficiency that MAS inspection findings have repeatedly highlighted. Monitoring systems were inadequately configured, insufficiently resourced, or generating alerts that were not properly reviewed or investigated. While institutions were able to generate data, they failed to act on it in a timely and appropriate manner. The report also noted that most institutions relied primarily on adverse news or outreach from authorities as triggers for filing STRs. FATF observed insufficient proactive detection measures.

What RFIs must do: Ensure monitoring systems are capable of identifying unusual patterns, such as pass-through transactions or complex payment routing that may be intended to circumvent sanctions. Institutions should move beyond reactive, adverse-news-triggered reporting toward proactive and pre-emptive surveillance. This includes the ability to identify potential risks that have not yet attracted external attention, such as terrorist financing networks that may not yet be publicly known.

Refresh Enterprise-Wide Risk Assessments (“EWRA”)

What FATF said: Singapore’s 2024 PF National Risk Assessment (“NRA”) would benefit from more granular, context-specific data. It also found limited risk-based mitigation measures within the PF NRA. FATF further identified higher-risk areas where mitigation measures were absent or negligible.

What RFIs must do: Update EWRAs to incorporate specific PF-risk assessments and account for the institution’s exposure to cross-border flows and higher-risk jurisdictions. Regulators increasingly expect assessments tailored to each institution’s specific risk profile, not generic or defensive responses. Institutions should guard against applying boilerplate risk classifications or mischaracterising their actual risk exposure.

Utilise New Data Sharing and Technology Platforms

What FATF said: The report recognised Collaborative Sharing of ML/TF Information & Cases (“COSMIC”), a centralised platform co-developed by MAS and six major commercial banks, as a positive development in Singapore’s AML/CFT framework. In its first year of operation, COSMIC led to an additional 461 STRs filed, covering over S$1.6 billion in suspicious transactions, and resulted in the closure of over 1,100 suspicious customer accounts.

What RFIs must do: Prepare for the broader rollout of COSMIC beyond the current participating institutions. Leverage data analytics and network analytical tools to improve the detection of suspicious networks that may not be visible through traditional, manual screening approaches.

Address Vulnerabilities in High-Value and Specialised Sectors

What FATF said: Singapore is exposed to key PF threats, including the misuse of legal persons, ship-to-ship transfers, movement of dual-use goods, export of luxury goods, and misuse of virtual assets. It further noted limited risk-based mitigation measures in place, particularly for institutions with exposure to DPRK-related risks.

What RFIs must do: For institutions operating in the maritime or luxury goods sectors, deepen context-specific understanding of sanctions evasion techniques. This includes strengthening awareness of risks associated with DPRK-related financial flows, complex PF sanctions evasion methods, and ship-to-ship transfers.

Improve Governance and Documentation

What FATF said: MAS requires institutions under its Supervisory Uplift programme to develop effectiveness indicators, such as the number of STRs filed and customers exited relative to key risks identified, and monitors these on an ongoing basis.

What RFIs must do: Senior management should actively oversee these effectiveness indicators and ensure regular reviews at the Board level. Institutions must adequately resource and empower internal audit functions to conduct regular, independent assessments of AML/CFT controls.

Conclusion

The 2026 FATF Mutual Evaluation Report reaffirms Singapore’s standing as a premier global financial hub with a robust AML/CFT framework. However, the report signals a shift toward a more demanding supervisory era. The focus is no longer just on policy, but also on operational effectiveness and demonstrable outcomes.

A key practical consequence of the FATF report is the likelihood of increased supervisory and inspection activity. RFIs highlighted in MAS’ inspection reports are already undertaking remediation efforts. Other RFIs with similar structural weaknesses, who may not yet have been specifically identified, will likely face increased regulatory scrutiny. The FATF report has also strengthened Singapore’s position. It provides both regulatory justification and an internationally recognised benchmark for heightened supervisory expectations and enforcement focus.

For CMSLs, VCFMs, PSPs, DPTSPs, Trust Companies, and other regulated entities, MAS and FATF expectations are now centred on risk-based implementation that yields measurable results. Regulators expect institutions to move beyond “paper compliance”. Institutions must demonstrate that their controls, particularly regarding Beneficial Ownership transparency, Source of Wealth verification, and Proliferation Financing, can effectively detect and disrupt complex financial crime.

An Institution’s ability to maintain strong governance, robust documentation, and effective AML/CFT controls will remain a key determinant of its regulatory standing and ability to meet its obligations. Institutions that proactively refresh their risk management frameworks and embrace technology-driven surveillance will be better positioned to navigate this evolving enforcement landscape. This requires a rigorous assessment of existing controls and a commitment to strengthening areas where institutions identify deficiencies.

Preparing for FATF Singapore 2026 will require RFIs to reassess governance arrangements, AML/CFT controls, and operational effectiveness frameworks.

How Curia Regis Can Support

Navigating Singapore’s evolving AML/CFT regulatory landscape requires a proactive and disciplined approach to compliance. Curia Regis provides specialised advisory support to assist RFIs in aligning with evolving FATF standards and MAS supervisory expectations:

• Risk Assessment Optimisation: We help develop sufficiently comprehensive EWRAs that meet regulatory expectations.
• Beneficial Ownership Verification: When faced with complex or convoluted client structures, we assist RFIs in understanding the extent of their obligations relating to BO verification requirements.
• Reporting Excellence: We support RFIs in implementing timely escalation and reporting mechanisms, both internally and externally, to effectively meet regulatory obligations.
• Supervisory Readiness: We conduct independent audits and gap analyses to prepare RFIs for regulatory examinations and supervisory engagements involving MAS, ACRA, MinLaw, and other competent authorities.

To find out how we can support your organisation, please contact us.