Legal Profession (Prevention of Money Laundering, Financing of Terrorism and Proliferation Financing) Rules 2015

Statute Details

• Title: Legal Profession (Prevention of Money Laundering, Financing of Terrorism and Proliferation Financing) Rules 2015
• Act Code: LPA1966-S307-2015
• Type: Subsidiary legislation (SL)
• Authorising Act: Legal Profession Act (Cap. 161), section 70H
• Enacting authority: Council of the Law Society of Singapore (with Minister for Law approval)
• Citation: SL 307/2015
• Commencement: 23 May 2015
• Status: Current version as at 27 Mar 2026
• Key amendments (high level): Amended by S 697/2015, S 514/2017, S 992/2020, S 251/2023, S 378/2024, S 636/2024, S 473/2025 (effective 1 Jul 2025)
• Parts: Part 1 (Preliminary); Part 2 (Customer Due Diligence Measures); Part 3 (Keeping of Records); Part 4 (New Technologies, Services and Business Practices); Part 5 (Miscellaneous)
• Notable provisions (from extract): Rule 2 (Definitions); Rule 3 (Prescribed types of advocates/solicitors and foreign lawyers); Rule 12 (Risk-based approach); Rule 13 (Enhanced CDD); Rule 13A (Simplified CDD); Rule 15 (Inability to complete CDD); Rule 16 (Tipping-off); Rule 18/18A (Internal programmes and group policy); Rules 19–22 (Record-keeping and Council access); Rules 23–24 (New technologies risk management); Rules 25–30 (Suspicious transaction reporting basis, Council inspection powers, disciplinary/regulatory actions, practice directions, savings/transitional)

What Is This Legislation About?

The Legal Profession (Prevention of Money Laundering, Financing of Terrorism and Proliferation Financing) Rules 2015 (“ML/TF/PF Rules”) set out Singapore’s anti-money laundering and counter-terrorism financing compliance framework for the legal profession. In plain language, the Rules require legal practitioners and law practices to identify and manage the risks that their services could be used to launder money, finance terrorism, or facilitate proliferation financing (including proliferation of weapons of mass destruction).

Unlike a general “good practice” code, these Rules impose operational duties. They require customer due diligence (“CDD”) when taking instructions, ongoing monitoring of client relationships, enhanced measures for higher-risk situations, and simplified measures only where permitted. They also require record-keeping, internal risk assessment and compliance programmes, and safeguards against “tipping-off” (i.e., warning a client that a suspicious transaction report may be filed or that enforcement action is being considered).

The Rules are designed to align the legal profession’s obligations with broader Singapore and international expectations (including the Financial Action Task Force framework). They also reflect the realities of legal work: legal practitioners often act for clients in contentious and non-contentious matters, and may be involved in transactions where beneficial ownership, control, and source of funds are relevant.

What Are the Key Provisions?

1. Scope and definitions (Part 1)
The Rules begin by defining key terms such as “beneficial owner”, “client”, “close associate”, “foreign politically-exposed individual”, and “higher risk business relationship”. These definitions matter because they determine when enhanced or simplified CDD applies, who must be identified, and what information must be collected.

For example, “beneficial owner” is defined to capture individuals who ultimately own or control an entity or legal arrangement, and individuals on whose behalf a transaction concerning a relevant matter is conducted. The definition also includes those who exercise ultimate effective control—an important concept for trusts, foundations, and complex corporate structures.

2. Prescribed CDD measures and the risk-based approach (Part 2)
Part 2 is the core compliance engine. Rule 4 sets out the “prescribed customer due diligence measures”. While the extract does not reproduce the full text of Rule 4, the structure of the Rules indicates that CDD typically includes identifying the client and beneficial owner (where applicable), understanding the purpose and nature of the business relationship, and conducting due diligence on the transaction or matter where required.

Rule 12 requires a risk-based approach. Practitioners must assess and manage ML/TF/PF risks, and apply measures proportionate to the risk level. The Rules contemplate that some relationships or clients will be “higher risk” (as defined in Rule 12(4) and referenced in the extract), triggering enhanced due diligence.

3. Enhanced and simplified CDD (Rules 13 and 13A)
Where risks are higher—such as involving politically-exposed persons (PEPs), complex ownership structures, or jurisdictions associated with elevated risk—Rule 13 requires enhanced customer due diligence. Enhanced measures may include additional verification steps, more detailed understanding of the source of funds and source of wealth, and heightened scrutiny of transactions.

Conversely, Rule 13A provides for simplified customer due diligence in limited circumstances. Simplified CDD is not a blanket exemption; it is tied to the risk-based approach and must be justified by the risk assessment. Practitioners should be cautious: simplified measures should not be used where the matter presents indicators of elevated risk.

4. Ongoing due diligence, timing, and inability to complete CDD (Rules 9, 11, 14–15)
The Rules require ongoing customer due diligence (Rule 9). This means that due diligence is not a one-off step at onboarding. Practitioners must keep client information and risk assessments current, and respond to changes in the client’s profile, transaction patterns, or other relevant circumstances.

Rule 11 addresses timing of certain CDD measures—important for practice management, especially where instructions are urgent or where documents may not be immediately available. Rule 14 deals with existing clients, ensuring that obligations apply not only to new clients but also to relationships already in place, with appropriate transition and timing.

Rule 15 is particularly practical: it addresses inability to complete customer due diligence measures. If a practitioner cannot obtain required information or cannot satisfy CDD requirements, the Rules require the practitioner to take appropriate steps. In practice, this may include not proceeding with the matter, terminating the engagement, or considering whether a suspicious transaction report is warranted—depending on the circumstances and the practitioner’s legal and ethical duties.

5. Suspicion, suspicious transaction reporting basis, and tipping-off (Rules 5, 16, 25)
Rule 5 addresses situations where a client is suspected of money laundering, financing of terrorism, or proliferation financing. Rule 25 provides the basis for determination whether to file a suspicious transaction report. Together, these provisions require practitioners to evaluate facts and indicators and to escalate concerns in accordance with the Rules.

Rule 16 prohibits tipping-off. This is a critical safeguard: practitioners must not disclose to clients or third parties that a suspicious transaction report has been made (or that reporting is being considered), where such disclosure could prejudice investigations. Practically, this affects how lawyers communicate with clients during compliance processes—especially when requesting additional information or pausing work pending verification.

6. Third-party performance, internal programmes, and group policy (Rules 17–18A)
Rule 17 allows for performance of CDD by third parties in specified circumstances. This can be relevant where law practices rely on external verification services or rely on other entities within a group. However, reliance does not remove the practitioner’s responsibility to ensure compliance.

Rule 18 requires internal programmes and risk assessment. This means law practices must implement systems to manage ML/TF/PF risks, including training, procedures, and governance. Rule 18A adds a group policy for branches and subsidiaries, reflecting that multinational or multi-entity law practices must manage compliance consistently across the group, while still applying local requirements.

7. Record-keeping and Council access (Part 3)
Part 3 requires the keeping of records. Rules 19 and 20 specify the period of maintenance for documents and records relating to relevant matters and records obtained through CDD. Rule 21 addresses sufficiency of documents and records—i.e., records must be adequate to demonstrate compliance and to support any regulatory or enforcement review.

Rule 22 requires that documents and records be made available to the Council (the Law Society of Singapore) upon request. For practitioners, this is a key operational requirement: record retention policies, secure storage, and retrieval processes must be in place.

8. New technologies, services and business practices (Part 4)
Rules 23 and 24 require identification and assessment of risks from new technologies, services and business practices, and the management and mitigation of those risks. This is increasingly important for legal practice models involving remote onboarding, e-signatures, digital identity verification, online client portals, and fintech-adjacent workflows. The Rules expect practitioners to treat technology as a risk factor that must be governed, not merely adopted.

9. Miscellaneous enforcement and governance (Part 5)
Part 5 includes provisions on the basis for suspicious transaction reporting (Rule 25), Council inspection powers (Rule 26), and “prescribed types” of disciplinary proceedings and regulatory actions (Rules 27–28). Rule 29 addresses practice directions, guidance notes and rulings, which practitioners should monitor because they can clarify how the Rules are applied in practice. Rule 30 provides savings and transitional provisions.

How Is This Legislation Structured?

The Rules are organised into five Parts:

Part 1 (Preliminary) contains citation/commencement and definitions, including key concepts such as beneficial owner, client, PEPs, and higher-risk relationships. It also includes Rule 3 on prescribed types of advocates and solicitors and foreign lawyers.

Part 2 (Customer Due Diligence Measures) sets out the CDD framework: prescribed CDD measures, triggers for suspicion, general and specific CDD duties, ongoing monitoring, risk-based approach, enhanced and simplified CDD, treatment of existing clients, what to do when CDD cannot be completed, tipping-off restrictions, third-party reliance, and internal/group compliance programmes.

Part 3 (Keeping of Records) governs retention periods, sufficiency, and Council access.

Part 4 (New Technologies, Services and Business Practices) requires risk identification and mitigation when adopting or using new methods.

Part 5 (Miscellaneous) covers suspicious transaction reporting basis, Council inspection powers, disciplinary/regulatory actions, and guidance instruments, plus transitional/savings provisions.

Who Does This Legislation Apply To?

The Rules apply to legal practitioners—including advocates and solicitors—and also cover foreign lawyers in prescribed circumstances. Rule 3 is designed to specify which categories of practitioners are captured, and Rule 2 includes definitions that tie obligations to the “legal practitioner” concept in the Legal Profession Act.

In terms of client coverage, the Rules apply to both contentious and non-contentious matters. The definition of “client” is broad: it includes persons who retain or employ a legal practitioner (or are about to do so) and, for non-contentious work, persons with power to retain or employ a legal practitioner, including trustees, executors, and administrators. This breadth means that many routine legal engagements can fall within the CDD and record-keeping perimeter, depending on the nature of the matter and whether “relevant matters” are involved.

Why Is This Legislation Important?

For practitioners, the ML/TF/PF Rules are important because they translate Singapore’s AML/CTF/PF policy goals into concrete professional obligations. Non-compliance can expose law practices to regulatory action and disciplinary consequences. The Rules also create a compliance culture: lawyers must document risk assessments, justify CDD decisions, and maintain records that can withstand scrutiny.

From a client-service perspective, the Rules affect how engagements are initiated and managed. Lawyers must build processes for client onboarding, beneficial ownership identification, enhanced scrutiny for higher-risk matters, and ongoing monitoring. They must also manage communications carefully to avoid tipping-off. This can change timelines and documentation requirements, particularly for corporate clients, trusts and legal arrangements, and cross-border matters.

Finally, the Rules’ focus on new technologies and business practices signals that compliance is not static. As legal service delivery evolves—especially through remote onboarding and digital workflows—practitioners must reassess risks and update controls. For a practitioner, this means investing in training, governance, and systems, not just collecting documents at the start of a matter.

Related Legislation

• Legal Profession Act (Cap. 161) (including section 70A(2) and section 70H as the rule-making power)
• Banking Act 1970
• Finance Companies Act 1967
• Financial Act
• Financial Advisers Act 2001

Source Documents

• Official Text — Singapore Statutes Online
• Archived Copy — Litt Law CDN

This article provides an overview of the Legal Profession (Prevention of Money Laundering, Financing of Terrorism and Proliferation Financing) Rules 2015 for legal research and educational purposes. It does not constitute legal advice. Readers should consult the official text for authoritative provisions.