Who supervises FATCA/CRS compliance in Singapore?

For financial institutions in Singapore, FATCA and CRS due diligence and reporting obligations are administered by the Inland Revenue Authority of Singapore (IRAS). The Monetary Authority of Singapore (MAS) supervises prudential matters, governance, risk management and AML/CFT controls for banks and other licensed entities, while the IRS supervises the QI regime and FATCA from the US perspective under the Singapore–US Model 1 IGA.

What sanctions can apply for non-compliance with FATCA, CRS or QI requirements?

IRAS may impose administrative penalties and additional daily fines for late, non- or incorrect filing of FATCA/CRS returns or other breaches of AEOI obligations. MAS can take supervisory and enforcement actions, including financial penalties, directions, licence conditions and prohibition orders, especially where control weaknesses are significant or repeated. From the US side, non-compliance with QI or FATCA can lead to remediation obligations, potential termination of QI status and, in severe cases, 30% withholding on certain US-source payments.

How can Singapore financial institutions reduce supervision and enforcement risk?

Key elements include an integrated FATCA/CRS/QI compliance framework aligned with MAS expectations, robust onboarding and KYC/AML processes that capture and maintain required tax information, strong data governance and reconciliations between KYC, AML and reporting systems, periodic testing and sample reviews, and timely remediation with clear audit trails for IRAS, MAS and IRS reviews.

Singapore — Supervision & Enforcement (FATCA, CRS/AEOI & QI)

Last updated: 24 Nov 2025

Singapore — Supervision & Enforcement

Who checks what? Inland Revenue Authority of Singapore (IRAS) for FATCA/CRS reporting, the Monetary Authority of Singapore (MAS) for prudential and AML/CFT supervision, and the IRS for the QI regime and FATCA from the US perspective – a high-level overview of review focus areas, possible measures, typical findings and sanction risks for financial institutions in Singapore.

1) Who supervises what in Singapore?

Authority / Body	Primary focus	Examples of review areas
IRAS	FATCA & CRS/AEOI reporting	Registration and classification of Reporting SGFIs, implementation of due diligence procedures, accuracy and completeness of FATCA/CRS XML filings, collection and validation of US TINs and foreign TINs, consistency between account classification and reporting, timeliness of filing and corrections, internal controls around AEOI processes.
MAS (prudential & conduct)	Prudential supervision, governance, risk management and market conduct	Board and senior management oversight of regulatory and tax reporting, integration of FATCA/CRS/QI risks into enterprise-wide risk management, implementation of MAS notices and guidelines on risk management and governance, internal control frameworks, outsourcing and third-party risk, IT and data governance supporting AEOI and QI.
MAS (AML/CFT)	AML/CFT supervision for banks and other FIs	Application of MAS AML/CFT notices (e.g. for banks and merchant banks), customer due diligence and ongoing monitoring, assessment of customer risk and source of wealth/funds, transaction monitoring, suspicious transaction reporting, sanctions and proliferation financing screening, remediation of deficiencies identified in previous MAS inspections and thematic reviews.
IRS	QI regime & FATCA (US perspective)	Compliance with the QI Agreement, W-8/W-9 documentation and “reason-to-know” reviews, US withholding and reporting on Forms 1042/1042-S, adherence to the Singapore–US FATCA Model 1 IGA, periodic certifications and reviews, scope and quality of remediation for material failures.

2) Possible measures and supervisory responses

IRAS (FATCA/CRS) Desk reviews and on-site visits focused on FATCA/CRS implementation; written queries and requests for additional documentation; requirements to file corrected or late returns; administrative penalties for late or non-filing of FATCA/CRS returns and for non-compliance with AEOI obligations, including fixed fines and additional daily amounts where an offence continues.
MAS (prudential & conduct) Supervisory findings communicated through inspection reports or letters, requirements for formal remediation plans and progress updates, heightened supervisory intensity and additional reporting, conditions on licences or approvals, and in serious cases restrictions on activities or directions to strengthen governance and risk management.
MAS (AML/CFT) Thematic and institution-specific inspections, detailed remediation expectations, composition penalties and financial penalties for breaches of AML/CFT requirements, prohibition orders against individuals, and, where appropriate, public enforcement statements – as seen in recent large money-laundering cases involving multiple financial institutions.
IRS (QI/FATCA) Remedial obligations (e.g. curing documentation, performing additional withholding and re-reporting), expansion of sample reviews, enhanced reporting or documentation expectations, and in severe or persistent cases the risk of QI Agreement termination or non-compliant FATCA status with associated 30% withholding on certain US-source payments.

3) Typical findings (examples)

Documentation and TIN gaps: Missing or invalid US TINs or foreign TINs, incomplete or out-of-date self-certifications, weak follow-up processes to cure undocumented accounts, lack of evidence of reasonable efforts to obtain AEOI information.
Misclassification of accounts and entities: Incorrect classification of entities (e.g. Reporting vs. Non-Reporting SGFI, FI vs. active/passive NFE), incorrect residence or tax status, misapplication of indicia and cure procedures, inconsistencies between onboarding/KYC data and FATCA/CRS reporting records.
Data and systems inconsistencies: Breaks between customer master data, AML systems, tax reporting systems and QI documentation; absence of clear data lineage and mappings; limited reconciliations between source data and returns filed with IRAS.
Governance and control weaknesses: No clearly designated owner for cross-border tax reporting and AEOI, insufficient three-lines-of-defence structure, limited management information on error rates and remediation progress, outdated policies that do not reflect current IRAS, MAS or IRS guidance.
Process and technical issues: Errors in FATCA/CRS XML files (schema and business-rule failures), late or failed submissions, inadequate testing after system changes, reliance on manual workarounds without documented controls and review evidence.
QI-specific deficiencies: Sample reviews revealing under-withholding or incorrect application of treaty benefits, insufficient “reason-to-know” checks for documentation red flags, late or incomplete Forms 1042/1042-S, and remediation steps not documented in a way that supports the Responsible Officer’s certifications.

4) Sanction risks (high-level)

Singapore tax / reporting penalties: Administrative penalties for late, non- or incorrect filing of FATCA/CRS returns with IRAS, with potential fines of several thousand Singapore dollars and further daily penalties for continuing offences, as well as broader penalties under the Income Tax Act where inaccurate or misleading information is provided.
Prudential and conduct consequences: MAS findings that impact an institution’s overall supervisory assessment, strengthened expectations around risk management and governance, increased supervisory intensity and, in serious cases, directions or conditions that restrict business activities until deficiencies are remediated.
AML/CFT enforcement risk: Significant civil penalties for breaches of AML/CFT requirements, enforceable undertakings or detailed remediation orders, prohibition orders against individuals, and public enforcement statements – with recent cases involving multi-million Singapore dollar penalties across several institutions linked to large-scale money-laundering schemes.
US-side QI/FATCA risks: Exposure to 30% FATCA-related withholding on certain US-source payments if an FI is treated as non-compliant, restrictions or conditions under the QI regime, and in the extreme case loss of QI status, with significant impact on US securities business and client servicing.
Reputational impact: Public MAS enforcement outcomes, IRAS penalties, and related media coverage can affect perceptions of the institution’s control environment and governance, with potential knock-on effects on client relationships, funding costs and regional booking-centre strategies.

5) Prevention & remediation

Preventive measures

Maintain an integrated compliance framework for FATCA, CRS and QI that is aligned with MAS expectations on risk management, governance and AML/CFT, and that clearly sets out roles, responsibilities and escalation paths.
Document data lineage and mappings from onboarding and customer master data through to FATCA/CRS reporting systems and IRAS filings; implement reconciliations and quality controls, including test submissions where appropriate.
Operate regular TIN, GIIN and status checks, including validation against IRS lists, reasonableness checks on self-certifications, and structured outreach campaigns to remediate missing or invalid data.
Align KYC/AML and tax documentation so that a single onboarding process supports MAS AML/CFT requirements and IRAS/IRS documentation needs; ensure periodic refresh cycles keep both AML and tax information up to date.
Provide regular training to Front Office, Operations, Tax, Compliance, Risk and IT teams using internal lessons learned and recent IRAS/MAS/IRS enforcement examples relevant to Singapore.

When findings occur

Conduct a structured root-cause analysis for each material issue, identify control, process and data weaknesses, and define a remediation plan with clear owners, milestones and target dates.
Maintain a robust audit trail covering issue identification, analysis, remediation actions, re-testing and closure – with documentation suitable for sharing with IRAS, MAS and the IRS.
Reconcile KYC/AML ↔ FATCA/CRS ↔ QI datasets after corrections to restore consistency, and embed improved controls into business-as-usual processes to prevent recurrence.
Use independent reviews (internal audit or external advisers) to test the design and operating effectiveness of enhanced controls, and to support Board, senior management and Responsible Officer attestations.

6) Related Singapore pages

Singapore hub: US tax for banks in Singapore – overview
Regulatory framework: Legal sources & responsibilities
Reporting & mechanics: Submission & technical aspects (IRAS)

Talk to us Back to Singapore hub page

Disclaimer: Specific supervisory expectations, penalties and measures depend on the facts of each case. The applicable Singapore legislation, IRAS/MAS guidance and – for QI/FATCA – current IRS requirements are decisive. Institutions should monitor updates and, where appropriate, seek professional advice for their particular situation.