The Gatekeeper Gap: Why Criminals Bypass Banks

S$2.79 billion.

That's the total value of assets now surrendered to the Singapore state from its largest money laundering case.

10 convicted, 17 on the run.

9 financial institutions penalised, 3 law firms fined. 2 property agents sanctioned. 1 former bank relationship manager jailed for helping clients forge documents.

For Compliance professionals, the real lesson isn't the scale of the crime. It's the nature of the oversight.

The Real Story: A Systemic Breakdown

Contrary to social media myths, these funds weren't "lost" or "unaccounted for". They were identified as proceeds from illegal remote gambling and unlicensed moneylending operations targeting punters in China.

The assets - properties, luxury cars, watches, Bearbricks, country club memberships, cryptocurrency, are being liquidated into Singapore's consolidated fund.

As of December 2024, 54 properties, 33 vehicles, and 11 country club memberships had been sold.

But here's what should keep regulators, law enforment agencies and Compliance professionals awake at night:

The scheme didn't rely on sophisticated hacking or insider banking connections. It exploited the gaps in the gatekeeper ecosystem.

The criminals didn't need to break into the bank. They walked through the front doors of law firms, property agencies, and corporate service providers, and by the time the money reached the banking system, it had already been "cleaned."

The Failure of Banking Controls

In mid 2025, the Monetary Authority of Singapore (MAS) penalised 9 financial institutions a combined S$27.45 million, the largest collective penalty since the 1MDB case.

The lineup included global giants and local leaders: Credit Suisse, UOB, UBS, Citibank, Julius Baer, and LGT Bank, alongside UOB Kay Hian, Blue Ocean Invest, and Trident Trust.

MAS identified "serious lapses" in core duties:

MAS also took action against 18 individuals, including CEOs and Relationship Managers, issuing prohibition orders and reprimands for their roles in these failures.

The Human Element

The risks aren't just systemic; they're personal.

In October 2025, Wang Qiming, a former Citibank relationship manager, was sentenced to 24 months' imprisonment - the longest term in the entire S$3 billion investigation.

His actions were a masterclass in "insider threat" tactics:

• Forged loan agreements to help clients bypass due diligence

• Personally collected S$481,678 in suspicious cash

• Attempted to obstruct justice by deleting WhatsApp messages as police arrived

As David Chew, Director of the Commercial Affairs Department, stated: "We take a zero-tolerance stance against financial professionals who knowingly abet their clients to abuse Singapore's financial system."

The "human element" remains the most unpredictable link in the compliance chain.

The Gatekeeper Gap

The enforcement data tells a sobering story across the professional services sector:

Legal Sector: 3 law firms penalised for AML breaches (fines up to S$100,000). 5 lawyers referred for disciplinary action. 11 more firms under investigation.

Real Estate: 2 property agents fined by the Council for Estate Agencies for significant CDD failures, including failure to screen against sanctions and terrorism financing lists.

Corporate Services: Shell companies were used to obtain work passes and legitimise the criminals' presence in Singapore.

ACRA has since proposed requiring all corporate service providers to register and face fines up to S$100,000 for AML breaches.

Banking Enablers: 2 former relationship managers charged - 1 from Julius Baer for helping forge tax documents, 1 from Citibank for laundering cash and forging loan documents.

These professionals weren't bystanders. By failing to corroborate Source of Wealth or ignoring red flags, they provided the layering and integration mechanisms that moved billions through the system.

What Are DNFBPs?

The Financial Action Task Force (FATF) defines Designated Non-Financial Businesses and Professions as non-financial entities vulnerable to exploitation for money laundering and terrorist financing.

Under FATF Recommendations 22 and 23, these professionals must conduct Customer Due Diligence, maintain records, and file Suspicious Transaction Reports:

The requirements exist. The question is whether they're being implemented, and whether they're working.

The Bank Fortress Problem

For decades, we've built AML fortresses around banks. Transaction monitoring. KYC protocols. Dedicated compliance teams. Billions in technology investment.

And it's worked ... until ... Banks have become harder to exploit directly.

So criminals adapted. They walked around the fortress.

In Singapore's case:

• Law firms facilitated property purchases without adequate due diligence

• Property agents failed to conduct proper customer checks

• Corporate service providers helped set up shell companies

• Even golf club memberships became vehicles for parking illicit wealth

The money was already "cleaned" through real estate, shell companies, and professional services before it touched the banking system in ways that triggered meaningful scrutiny.

We're only as strong as our weakest gatekeeper.

The Integration Problem

Banks are designed to detect suspicious transactions. But what if the transaction isn't suspicious?

When a law firm's client account transfers funds for a property purchase, the bank sees a legitimate legal transaction. When a corporate service provider's client opens a business account, the bank sees a registered company with proper documentation. When a property settlement completes, the bank sees a real estate transaction.

The laundering happened before the bank touchpoint. The professionals who could have stopped it, who saw the client, who knew the source of funds didn't add up, who noticed the complexity without logic, didn't act.

That's the gatekeeper gap.

The FATF 5th Round: No More "Business as Usual"

The regulatory pressure on DNFBPs isn't just increasing; it's being codified. In 2024, the FATF commenced its 5th Round of Mutual Evaluations with a revised methodology designed to close the gaps that cases like Singapore's S$3 billion scandal exploit.

The New Rules

A Shorter 6-Year Cycle: Moving from a 10-year average to 6 years means the "honeymoon period" after an evaluation is gone. Scrutiny is now constant.

The 3-Year "Fix It" Clock: Countries now have a strict 3-year window to remediate deficiencies. Failure to show results leads to rapid escalation toward the Grey List, with direct consequences for every business in that jurisdiction.

Effectiveness Over Paperwork: Assessment teams are now instructed to prioritise outcomes over legislation. Laws on the books are meaningless if they don't lead to asset recovery and enforcement.

The Spotlight on DNFBPs: For the first time, non-financial gatekeepers are being evaluated as independent risk centres, not just secondary players.

FATF's July 2024 Horizontal Review of Gatekeepers found that cornerstone obligations - CDD, internal controls, and risk-based supervision, consistently lag in DNFBP sectors. 7 FATF member jurisdictions representing more than half of the world's GDP scored below 50% on gatekeeper compliance.

Singapore's updated National Risk Assessment now explicitly lists DNFBPs as "higher risk." Many jurisdictions are doing the same.

The Capacity Gap

DNFBPs face the same regulatory expectations as banks, with a fraction of the resources.

Banks had decades to build their infrastructure - enterprise systems, dedicated teams, billions in investment.

A solo-practice lawyer doesn't have a compliance department. A family-run jewellery business doesn't have transaction monitoring software. A boutique real estate agency doesn't have a dedicated MLRO.

Same expectations. Wildly different capacity to meet them.

The gap isn't about capability. It's about capacity.

This isn't an excuse.

It's a reality that must be addressed.

Regulators are raising expectations. Criminals are exploiting gaps. And the professionals caught in the middle - lawyers, accountants, property agents, jewellers, are being asked to build the plane while flying it.

The Human Cost

Behind the S$2.79 billion in seized assets are real victims.

The gambling addicts: The illegal remote gambling operations targeted vulnerable individuals. Families destroyed. Savings lost. Lives ruined by addiction that these criminals deliberately cultivated and exploited.

The moneylending victims: Unlicensed moneylending - loan sharking preys on the desperate. Extortionate interest rates. Harassment. Violence. The proceeds laundered through Singapore's property market came from human suffering.

The market distortion victims: When S$370 million in illicit funds flows into property, it inflates prices. Legitimate buyers are priced out. Young Singaporeans trying to purchase their first home compete against laundered money.

The reputational victims: Singapore's financial centre status, built over decades, was damaged. Every legitimate business in Singapore pays a price when the jurisdiction's integrity is questioned.

The professional victims: The 2 property agents fined S$5,000 and S$2,000? They're now publicly associated with Singapore's largest money laundering case. Their names appear in enforcement records.

Their professional reputations are marked for failing to ask questions they may not have known to ask.

The chain of harm extends far beyond the criminals themselves. Every gatekeeper who failed to act, whether through complicity or incapacity became a link in that chain.

What Went Wrong - And What Should Have Happened

The Law Firms

What happened: Firms facilitated property purchases without adequate source of wealth verification. They accepted client explanations without corroboration. They processed transactions that should have triggered questions.

What should happen: When a client with no apparent legitimate income purchases multiple properties worth millions, that's not a transaction to process. It's a conversation to have. Source of wealth isn't a box to tick; it's a question to answer.

The Property Agents

What happened: Agents failed to conduct proper customer due diligence. They didn't screen against sanctions lists. They processed transactions for buyers whose profiles didn't match their purchases.

What should happen: When a buyer's stated occupation can't possibly support a multi-million dollar purchase, ask why. When urgency and overpayment combine, ask why. When complexity obscures rather than facilitates, ask why.

The Corporate Service Providers

What happened: Shell companies were established without adequate beneficial ownership verification. These entities obtained work passes, opened bank accounts, and provided the veneer of legitimacy.

What should happen: Every company has a real person behind it. Finding that person and understanding why they need this structure, is the job. "The client said so" isn't verification.

The Banks

What happened: Despite sophisticated systems, red flags were missed or ignored. Relationship managers prioritised client relationships over compliance obligations. Some actively facilitated the laundering.

What should happen: Technology is only as good as the humans who respond to its alerts. A culture that celebrates "knowing your client" must mean actually knowing them, not just having their documents on file.

The Path Forward

This isn't about blame. It's about building something better.

Educate

Share knowledge across sectors. Make guidance practical, not theoretical. A law firm doesn't need a 200-page manual written for global banks. They need clear, actionable guidance relevant to their practice.

Typologies should flow between sectors. When banks see patterns, DNFBPs should learn from them. When property agents spot new techniques, that intelligence should reach lawyers and accountants.

Equip

Make tools accessible. Name screening and basic monitoring are within reach for firms of all sizes. Free sanctions lists are available. PEP databases exist. The technology gap is real, but it's not insurmountable.

Supervisors should provide resources, not just requirements. Template risk assessments. Sector-specific red flag guides. Practical training that acknowledges capacity constraints.

Empower

Trust the gatekeepers. Give DNFBPs the autonomy and support to act on what they see — not just check boxes.

When a lawyer declines a suspicious client, that should be celebrated, not second-guessed. When a property agent walks away from a commission because something doesn't add up, that's the system working.

Connect

Build networks that mirror criminal networks. Criminals share information, techniques, and access. The professionals trying to stop them often work in silos.

Public-private partnerships. Cross-sector working groups. Information sharing that respects confidentiality while enabling collective defence.

Our Vision at JFourth

Imagine a financial ecosystem where:

• A law firm flags suspicious source of funds before money touches a bank

• A real estate agent recognises a structuring pattern and asks the right questions

• A corporate service provider declines to set up a shell company because beneficial ownership doesn't add up

• A jeweller questions a cash purchase that doesn't match the customer's profile

• A bank shares typologies with DNFBP clients, building capacity instead of cutting ties

We've spent decades building walls around banks. Criminals simply walked around them.

---

The Bottom Line

The S$3 billion case wasn't a failure of one sector. It was a failure of the ecosystem.

Banks can have the most sophisticated controls in the world. But if illicit funds are already "cleaned" through real estate, shell companies, and professional services ... what are we really detecting?

Criminals see our financial system as one connected network. They exploit the seams between sectors. They find the gatekeepers with the least capacity and the most access. They build relationships with professionals who ask fewer questions.

The enforcement actions are just beginning. Singapore has shown what accountability looks like: S$27.45 million in bank penalties. Individual prohibition orders. Criminal charges for enablers. Professional sanctions across sectors.

Other jurisdictions are watching. FATF's 5th Round will ask whether they're doing the same.

The fines were significant this time. Under the "per-breach" penalty structures now being adopted globally, they'll be larger still. And the reputational consequences, for individuals and institutions, will be career-defining.

The criminals have networks. They have advisors who help them find the path of least resistance. They have systems designed to exploit every gap in our defences.

It takes a network to defeat a network.

The lawyer who asks hard questions about source of wealth. The property agent who walks away from a suspicious commission. The corporate service provider who verifies beneficial ownership. The banker who escalates despite relationship pressure. The compliance professional who builds capacity, not just checks boxes.

That's how we close the gatekeeper gap.

Are you part of the defence?

---

This is Part 1 of our DNFBP series.

Coming Next: AML for Real Estate Agents: Property as the Path of Least Resistance

---

𝗥𝗲𝗹𝗮𝘁𝗲𝗱 𝗥𝗲𝗮𝗱𝗶𝗻𝗴:

- The 2026 Compliance Landscape (Part 1)

- The 2026 Compliance Landscape (Part 2)

- The 2026 Compliance Landscape (Part 3)

𝗙𝗔𝗧𝗙 𝗥𝗲𝘀𝗼𝘂𝗿𝗰𝗲𝘀:

- FATF Mutual Evaluations

- 5th Round Procedures

---

Work With Us

JFourth works at the intersection of compliance, governance, and financial inclusion. We help DNFBPs build the capability to navigate AML/CFT requirements without losing sight of their missions.

If your organisation is grappling with these challenges, get in touch. We'd love to help.