IPPC (Internal Policies, Procedures and Controls)

Definition

In the context of Singapore’s ACRA-regulated Corporate Service Providers (CSPs), IPPC refers to the mandatory internal framework of policies, procedures, and controls designed to address and mitigate risks related to Money Laundering (ML), Terrorist Financing (TF), and Proliferation Financing (PF). This framework is a fundamental component of Customer Due Diligence (CDD) and ongoing AML/CFT compliance for CSPs.

ACRA IPPC Compliance Requirements

1. Presence of IPPC
   • CSPs must have a documented IPPC framework.
   • Lack of an IPPC—or having one that is incomplete—constitutes non-compliance.
2. Strict Implementation
   • All policies and controls defined in the IPPC must be fully enforced in daily operations.
   • Partial or lax implementation is considered a breach of ACRA rules.
3. Periodic Updates
   • The IPPC must be reviewed and updated at least annually.
4. Monitoring Regulatory Updates
   • CSPs are required to monitor and incorporate updates from bodies like FATF and MAS (e.g., updates to country risk lists, blacklists, or grey-lists).
5. Enhanced CDD (ECDD)
   • CSPs must define criteria that automatically trigger enhanced due diligence, such as:
     • Clients from high-risk jurisdictions
     • Politically Exposed Persons (PEPs)
     • Adverse media or negative public information
     • Relevant sanctions or criminal records
6. STR Escalation Protocols
   • Clear procedures must exist for when, how, and why a Suspicious Transaction Report (STR) is lodged.
   • If an STR is not filed despite suspicion, a documented rationale must be retained.
7. Employee Training
   • CSPs must conduct AML/CFT training at least once per year for relevant staff.
   • Training scope and frequency must be documented and archived as evidence.

Importance in CDD Framework

IPPC ensures that CSPs uphold robust KYC/CDD standards, identifying and managing client risk from initial onboarding through ongoing engagement. By strictly enforcing, updating, and operationalizing IPPC—alongside clear protocols for ECDD and STR—the CSP demonstrates compliance with both ACRA and global AML/CFT expectations.