When Must KYC Documents be Certified as True?

Share This Post

[UPDATED REFERENCES TO NOTICE 626 IN JULY 2025]

In the current COVID-19 environment, the vast majority of business is conducted on a non-face-to-face (“NFTF”) basis. In many ways, the future of business has been accelerated. However, the Financial Action Task Force (“FATF”) Recommendations continue to identify NFTF relationships and transactions as potentially “higher risk scenarios” for money laundering and terrorism financing. As a result, financial institutions (“FIs”) are still expected to comply with anti-money laundering (“AML”) and countering the financing of terrorism (“CFT”) obligations that are increasingly difficult to implement.

One of the most burdensome compliance issues in today’s environment is the requirement to sight original Know Your Customer (“KYC”) documents or obtain certified true copies (the “Certification Obligation”). This article explores the background of this requirement and how FIs can comply with the relevant notices and guidelines.

REGULATORY FRAMEWORK

The Monetary Authority of Singapore (“MAS”) issues distinct AML/CFT notices for FIs based on the activities they are regulated for, accompanied by corresponding guidelines. For the purpose of this article, we refer to MAS Notice 626 (the “Notice”) and its accompanying guidelines (the “Guidelines”), which apply to banks. The observations herein are broadly applicable across FIs, including capital markets intermediaries, fund management companies, and entities licensed under the Payment Services Act—subject to special considerations for virtual asset service providers (“VASPs”) discussed below.

THE EXPECTATION TO RECEIVE ORIGINAL OR CERTIFIED COPIES

The Notice does not explicitly require FIs to obtain original or certified true copies of documents when onboarding a customer. Paragraph 6.9 of the Notice states that a bank must verify a customer’s identity “using reliable, independent source data, documents or information” (emphasis added).

However, paragraph 6-6-6 of the Guidelines (referred to here as the “MAS Reliability Guidance”) states:

“Where the customer is unable to produce an original document, a bank may consider accepting a copy of the document –
(a) that is certified to be a true copy by a suitably qualified person (e.g. a notary public, lawyer or certified public or professional accountant); or
(b) if a bank staff member independent of the customer relationship has confirmed that he has sighted the original document.”

Thus, the foundational (or academic) position is that AML/CFT policies should aim to obtain original or certified documents, subject to a risk-based approach.

APPLYING A RISK-BASED APPROACH

The Notice categorizes customer due diligence into three levels:

Simplified due diligence (where risks are low);
Regular due diligence; and
Enhanced due diligence (where risks are high).

Under a risk-based approach, FIs often waive the Certification Obligation in simplified due diligence scenarios. In today’s digital environment, many documents—particularly those available from government sources—can reasonably be treated as “originals.”

All stakeholders in the onboarding process (front office, compliance, and the customer) prefer simplified due diligence. However, many customers—whether individuals or corporates—do not qualify due to factors such as:

country of citizenship/incorporation,
country of residence/primary business location,
anticipated transaction volume, and
other risk indicators.

Depending on an FI’s typical client profile, simplified due diligence may rarely be applicable.

For regular and enhanced due diligence, FIs often strictly follow the Guidelines. This is supported by MAS guidance, which warns that the extent of adherence can impact the MAS’s overall risk assessment of a bank, including the quality of board oversight, governance, and risk management.

Rhetorical question: Who wants to be the compliance officer who relaxed requirements for a regular due diligence case that ultimately affected the MAS’s risk assessment?
Answer: Nobody—which is why compliance with the Certification Obligation can be so frustrating in practice.

NON-FACE-TO-FACE (NFTF) KYC

NFTF KYC refers to onboarding a customer without any in-person interaction. MAS’s primary concern in NFTF KYC is impersonation risk. Because of this, FIs must apply due diligence measures that are at least as robust as those used for face-to-face onboarding. In fact, MAS encourages FIs to be even more cautious with unfamiliar or new customers.

As a result, onboarding a customer through NFTF KYC is never presumed low-risk. That said, the FATF has encouraged the responsible use of innovative digital solutions for onboarding and ongoing verification.

Importantly, NFTF KYC risks apply to both individuals and corporates. Many FIs consider corporate KYC to be “face-to-face” if they meet at least one authorised representative. While reasonable, some NFTF risks persist regarding corporate controllers whom the FI never meets.

NFTF KYC AND THE CERTIFICATION OBLIGATION

Paragraph 6-11-3 of the Guidelines lists six possible mitigating measures FIs can use to reduce NFTF risk. One such measure is to obtain certified identification documents from lawyers or notaries public.

From this, we infer that:

MAS recognizes that FIs may not always obtain original or certified documents; and
The Certification Obligation is not mandatory for complying with the NFTF KYC guidelines.

However, this does not relieve FIs from their responsibilities under the MAS Reliability Guidance, which is a separate requirement.

THE ONGOING EXPECTATION TO OBTAIN ORIGINAL OR CERTIFIED DOCUMENTS

The MAS Reliability Guidance does not cite the six mitigating measures under Paragraph 6-11-3. Therefore, addressing NFTF KYC risks through alternative means does not eliminate the expectation to comply with the Certification Obligation under the Reliability Guidance.

The FATF’s May 2020 paper on COVID-19-related money laundering and terrorism financing risks notes that digital copies may be acceptable as an interim measure, but original documents should be “sighted in due course.”

PRACTICAL CHALLENGES OF CERTIFICATION

A certified document is only valid if:

the certifier is suitably qualified; and
the original document was sighted.

To confirm this, FIs must conduct due diligence on the certifier and their process. Without this, bad actors could easily forge certifications. FIs should also consider whether they can rely on a scanned certification or must receive the original document from the certifier directly.

CONSIDERATIONS FOR VASPs

Both MAS and FATF have assessed virtual asset activities to present higher AML/CFT risks. Consequently, it remains unclear whether VASPs can qualify any customers for simplified due diligence.

Although relevant MAS notices and guidelines have been issued, no VASP has yet been licensed under the Payment Services Act. As such, there is no established best practice for applying a risk-based approach or waiving the Certification Obligation in the VASP sector.

CONCLUSION

The Certification Obligation is both nuanced and a nuisance—arguably not even a strict “obligation” in some contexts. That said, there are alternative compliance approaches FIs may explore based on a risk-based framework.

If you would like to discuss your options, we’re happy to speak further—and buy you a coffee, virtual or otherwise.

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

A.I. Regulation in Singapore: A Comprehensive Review

Introduction In recent years, we have witnessed an explosion on an international scale in the development and use of artificial intelligence (“AI”).[i] From the rapid

8 August 2025

The Payment Services Act vs Financial Services and Markets Act Analyzer

CLICK HERE TO TRY THE ANALYZER The application of the Financial Services and Markets Act (the “FSMA”) has been widely discussed in Singapore over the past

15 June 2025



Strengthening Capital Markets Oversight of AML/CFT Outsourcing Arrangements FAST-TRACKING YOUR
FINTECH BUSINESS IN
SINGAPORE