SINGAPORE, 12 April 2024 — On 2 April 2024, MAS introduced amendments to the Payment Services Act 2019 of Singapore (PS Act) and its subsidiary legislation. Generally, these amendments seek to (1) expand the scope of payment services regulated by MAS which will take effect from 4 April 2024 and (2) impose user protection requirements on digital payment token (DPT) service providers which will take effect from 4 October 2024.
These amendments will be discussed below.
Background to the PS Act
The PS Act came into force on 28 January 2020 and seeks to set up a single regulatory framework for payment services in recognition of the fact that there is growing convergence across various types of payment activities.
Under the PS Act, there are two regulatory regimes:
-
- The designation regime: Entities may be designated for supervision under the PS Act if they play an important role in the financial system of Singapore; and
- The licensing regime: Entities are required to obtain a license if they provide specified payment services under the PS Act. There are currently three types of licences under the PS Act: (a) the money-changing licence, (b) the standard payment institution licence and (c) the major payment institution licence.
Expansion of the Scope of Payment Services Regulated by MAS
The amendments expand the scope of the PS Act regulation to now include the following activities:
-
-
- Provision of custodial services for DPTs;
- Facilitation of the transmission of DPTs between accounts and facilitation of the exchange of DPTs, even where the service provider does not come into possession of the moneys or DPTs; and
- Facilitation of cross-border money transfer between different countries, even where moneys are not accepted or received in Singapore.
-
Transitional arrangements are provided for entities which are currently conducting activities under the PS Act’s expanded scope pursuant to the Payment Services (Amendment) Act 2021 (Saving and Transitional) Regulations 2024. Should these entities wish to continue their activities on a temporary basis while making a licence application to MAS, they must:
-
-
- Within 30 days (e., 4 May 2024), make a notification to MAS in the form and manner specified on MAS’s website;
- Within six months (e., 4 October 2024), submit a licence application; and
- Within nine months (e., 4 January 2025), submit to MAS an attestation report of the entity’s business activities and compliance with anti-money laundering and countering the financing of terrorism requirements, duly completed by a qualified external auditor.
-
Entities that do not fulfil the requirements above will have to cease the activities when the regulations come into effect.
User Protection Requirements
The Guidelines on Consumer Protection Measures by DPT Service Providers issued pursuant to section 101 of the PS Act will take effect from 4 October 2024. These guidelines seek to promote the adoption of sound and robust practices for DPT service providers and include measures such as (1) segregating customers’ assets and placing them in a trust account for the benefit of customers, (2) maintaining proper books and records, and (3) ensuring that effective systems and controls are in place to protect the integrity and security of customers’ assets.
Each of these measures are discussed below.
Segregating customers’ assets and placing them in a trust account for the benefit of customers
Where customers entrust their DPTs and other assets to DPT service providers, effective and robust arrangements must be put in place by the respective DPT service providers to mitigate the risk of loss or misuse of customers’ assets during the ordinary course of business, as well as facilitate the return of customers’ assets in the event of the DPT service provider’s insolvency.
In this regard, a DPT service provider may choose to maintain the trust account for safeguarding customers’ assets itself or engage the services of another person (the safeguarding person) to maintain the trust account. MAS does not mandate that the trust account must be maintained with another person. Nonetheless, a DPT service provider may choose to do so, as a means of segregating customers’ assets from its own assets and ensuring effective controls that mitigate potential conflicts of interest arising from the arrangement in safeguarding of customers’ assets.
In addition, a DPT service provider should periodically review its arrangements for safeguarding customers’ assets, including the degree to which the safeguarding person (if any) should be independent from the DPT service provider.
Maintaining proper books and records
In the interests of accountability, a DPT service provider should, on a monthly basis, furnish to each customer a statement of account containing, where applicable, the following particulars:
-
- Transactions to purchase or sell assets entered into by the customer and the price at which the transactions are entered into;
- The status of every asset in the DPT service provider’s custody held for the customer, including any asset deposited with a safeguarding person;
- The movement of every asset of the customer, the date of and reasons for such movement, and the amount of the asset involved;
- The movement and balance of relevant money received from, or on account of, the customer in respect of the provision of a DPT service; and
- A detailed account of all financial charges and credits to the customer’s account during the monthly statement period, unless the detailed account of financial charges and credits has been included in any contract note or tax invoice issued by the DPT service provider to the customer.
Ensuring that effective systems and controls are in place to protect the integrity and security of customers’ assets
A DPT service provider should put in place proper risk management systems to safeguard customers’ assets and these systems should be managed by senior managers who have the requisite expertise and experience to oversee, operate and maintain the systems, as well as manage technology risks.
At a minimum, the risk management systems should be able to:
-
- Restrict any individual from being able to solely authorise and effect the movement, transfer or withdrawal of customers’ assets;
- Control the movement or transfer of customers’ assets between the DPT service provider’s storage systems and devices; and
- Prevent unauthorised access to or loss of the DPT instruments associated with the customers’ assets that are held or managed by the DPT service provider.
Other measures that a DPT service provider should adopt include disclosing to customers its policy on storage arrangements for customers’ assets as well as disclosing in writing to customers its processes for handling any losses of customers’ assets arising from fraud or negligence on the part of the DPT service provider.
Conclusion
With Singapore positioned to be among the world’s leading financial centres, modern payments services are an important and rapidly growing sector. These amendments to the PS Act are a step in the right direction to bring under regulation the number of services related to DPT service providers and improve user protection.
However, with the rapid advancement of technology in this sector, further amends to the PS Act are likely needed in the future in order to maintain the level of protection afforded to customers. One such measure which could be introduced is that DPT service providers offering custodial services to retail investors should be subject to minimum statutory ratios similar to those imposed on banks which are subject to minimum liquid assets and liquidity coverage ratios. This is to protect investors and ensure that DPT service providers have enough liquid assets to withstand sudden shocks to the financial system.
As DPTs become more mainstream in Singapore’s financial system, DPT service providers should also be subject to the same or greater liquidity requirements.
For More Information
If you have any questions about this article, please contact Duane Morris & Selvam Chairman Leon Yee or Associate Yeo Ming Ze if you would like to discuss this update.