What MAS Expects from Transaction Monitoring
MAS Notice 626 (paragraph 15) requires banks and payment service providers to monitor customer transactions for suspicious activity. MAS does not prescribe specific rules or thresholds — but examiners do assess whether your monitoring is commensurate with your risk profile, customer base, and product types. A payment firm with high cross-border volume that uses only two generic rules will not survive an MAS AML inspection.
Core Rule Categories
| Category | Example rule | Risk it targets |
|---|---|---|
| Velocity | >10 outgoing transfers in 24 hours | Structuring / layering |
| Amount threshold | Single cash deposit >SGD 20,000 | Cash-based ML |
| Dormancy spike | Account inactive 90 days, then >SGD 50,000 transferred out | Account takeover / mule accounts |
| High-risk jurisdiction | Transfer to FATF high-risk country | Sanctions evasion / terror financing |
| Counterparty concentration | >80% of transactions to single counterparty | Layering / related-party transactions |
| Round-number pattern | 3+ transactions of exactly SGD 4,999 within 7 days | Structuring below reporting threshold |
| New account spike | Account <30 days old with >SGD 100,000 turnover | New mule accounts |
| Time-of-day anomaly | Transfers at 2–4am for customers without prior after-hours activity | Account takeover |
Threshold Calibration: The MAS Expectation
MAS examiners will ask how you set your thresholds. "Industry standard" is not an acceptable answer. Your thresholds must be calibrated to your specific customer population. The calibration process MAS expects:
- Baseline analysis: Run proposed rules against 12 months of historical transaction data. Calculate false positive rate, false negative rate, and alert volume.
- Risk appetite decision: Determine acceptable false positive rate (typically 90–95% is the starting point) and document senior management sign-off.
- Periodic tuning: Review rules quarterly. Document why thresholds changed and what data supported the change.
- Backtesting on SARs: Verify that historical Suspicious Activity Reports (SARs) would have been caught by current rules. If they would not have been, investigate why.
Model Risk Management
MAS has increasing expectations around model risk for AML systems — particularly for firms using ML-based behavioural monitoring. Requirements:
- Model documentation: Describe the model, its purpose, training data, key assumptions, and limitations
- Validation: Independent validation (by a team or person not involved in model development) before deployment
- Ongoing monitoring: Track model performance metrics (alert rate, SAR conversion rate, false negative rate) monthly
- Revalidation trigger: Revalidate if customer mix changes materially, a new product is launched, or regulatory requirements change
What MAS AML Examiners Actually Check
Based on MAS enforcement actions and industry experience, examiners focus on:
- Whether rules cover all product types (not just one channel)
- Alert disposition documentation — do analysts document their reasoning or just close alerts?
- SAR filing timeliness — MAS expects SARs within 15 business days of suspicion forming
- Whether high-risk customers get enhanced monitoring beyond the standard rule set
- Threshold change history — can you show why thresholds changed and that they were not just raised to reduce volume?
Key Takeaways
- MAS does not prescribe specific rules — but your rule set must match your risk profile and product mix
- Calibrate thresholds against your own historical data, not industry benchmarks
- Document all threshold decisions with data support and senior management sign-off
- Alert disposition documentation is as important as the rule set — analysts must record their reasoning
- File SARs within 15 business days of suspicion forming; late SARs are a common MAS finding