Singapore intended regulating virtual assets since 2014 to confront money laundering and terrorist financing. Six years later, the Monetary Authority of Singapore (MAS) published the Payment Services Act (PSA). In particular, the Act regulates provisions of Digital Payment Token (DPT) services, commonly known as “crypto services”. Amendments to the PSA were passed in 2021, expanding the scope of regulated DPT services. However, it’s not yet clear when the amendments will come into effect.
Which DPT services are affected?
Below is a detailed list of all affected services in line with Payment Service Act 2019:
- any service of facilitating the exchange of digital payment tokens, namely establishing or operating a DPT exchange, where the person that establishes or operates that DPT exchange comes into possession of any money or DPT;
- any service that deals with digital payment tokens—namely buying or selling DPTs in exchange for money or any other DPT (either the same or a different type).
However, the services dealing in DPT does not include:
- facilitating the exchange of DPTs;
- accepting DPTs as a means of payment for the provision of goods or services;
- using DPTs as a means of payment for the provision of goods or services.
The definition of “DPT services” will be expanded when amendments to the PSA take effect. The new definition will include services involved in the transfer of DPTs, provision of custodian wallet services for DPTs, and facilitating the exchange of DPTs without possession of money or DPTs.
According to the Guide to Digital Token Offerings, intermediaries who facilitate offers or issue digital tokens are also regulated by MAS. Such intermediaries include the primary platform, trading platform, and any person who provides financial advice in respect of any digital tokens.
It should be noted that the businesses should assess their services to determine whether they qualify as DPT service providers or intermediaries who facilitate offers or issue digital tokens.
According to the PSA, any company that provides DPT services in Singapore needs to be licensed. There are three types of licenses a company can get, depending on their business type:
- Money-changing licenses apply to companies that solely provide money-changing services. However, this license is not applicable for DPT services;
- Standard payment institution licenses apply to companies that provide any of the seven specific types of payment services (including DPT services) as long as they don’t exceed the thresholds;
- Major payment licenses allow companies exceeding the thresholds for standard payment institutions to provide any of the seven particular types of services, including DPT services.
Unless an exception is applied, all companies, that facilitate the offering or issuing of digital tokens can apply for three types of licenses:
- Capital markets services licenses apply to persons who operate a primary platform in Singapore in relation to digital tokens which constitute any type of capital markets products and carrying on business in one or more regulated activities under the Securities and Futures Act or provide custodial services for securities in relation to digital tokens;
- Financial adviser’s licenses apply to persons who provide any financial advice in Singapore in respect of any digital token that is an investment product;
- Approved Exchange (AE) or Recognised Market Operator (RMO) Licenses apply to persons who establish or operate a trading platform in Singapore for digital tokens which constitute securities, derivatives contracts, or units in a collective investment scheme.
There may be some additional authorization/recognition requirements in relation to businesses offering digital tokens.
How to get a license
Applicants need to submit the required documents to MAS (documents listed in the Application Checklist to Form 1). There are different sets of requirements for each type of PSA license.
Standard payment institution license
To be eligible for the payment institution license, an applicant needs to be a Singapore-incorporated company or be registered in Singapore. In addition, the company needs to have a permanent place of business in Singapore, such as an office, and minimum base capital of S$100,000 (approximately $74,180).
Companies should also have at least one executive director who is either a Singapore citizen or has a residency permit. Alternatively, there can be one executive director who has a Singapore Employment Pass and a non-executive director who is either a Singapore citizen or has a residency permit.
Eligible applicants get examined by MAS on several factors, including, among other things:
- fitness and propriety of controllers and directors;
- governance structure;
- qualifications and experience;
- financial conditions;
- business plan and model.
In addition, applicants get examined on their level of commitment to operating in Singapore (for a holding company).
The license fee varies depending on the type of services provided by the company. For DPTs, the application fee is S$1,000 ($740) and the annual license fee is S$5,000 (approximately $3,700).
Major payment institution license
Eligibility requirements for the major payment institution license are the same as for the standard payment institution license, except that the minimum base capital should be S$250,000 (approximately $185,500). Admission criteria are also the same as for the standard license.
The application fee for the major payment institution license is S$ 1,500 ($1.115). The annual fee is S$10,000 ($7,400).
Anti-money laundering (AML) requirements
DPT services in Singapore must implement AML/CFT procedures and policies that include:
- Risk assessment and risk mitigation which includes assessing the possibility of engagement in ML/TF activities by their clients and ways to prevent it;
- Customer due diligence (CDD), which includes collecting and verifying information about a customer during onboarding;
- Enhanced measures for higher-risk ML/TF scenarios includes checking for politically exposed persons (PEPs), collecting additional information, etc.;
- Transaction monitoring for assessing criteria such as the trajectory of the movement of assets, the size of the assets, frequency, patterns, etc.;
- Screening to check if customers are present on sanction lists, banned, wanted, etc.;
- Suspicious transaction reporting in which payment service providers promptly submit reports on suspicious transactions (including attempted transactions), regardless of the amount of the transaction, to the Singapore Police Force and extend a copy to the MAS for information.
- Recordkeeping, under which the payment service provider is required to retain information for a specified period.
Additionally, payment service providers shall develop and implement adequate internal policies, procedures, and controls to help prevent money laundering and terrorist financing and communicate these to their employees.
Payment service providers shall develop appropriate compliance management arrangements, which at the least includes appointing an AML/CFT compliance officer at the management level.
Payment service providers shall maintain an audit function that is adequately resourced, independent, and able to regularly assess the effectiveness of the payment service provider’s internal policies, procedures, controls, and compliance with regulatory requirements.
Payment service providers shall take all appropriate steps to ensure that their employees and officers (whether in Singapore or elsewhere) are regularly and appropriately trained on AML/CFT regulations, internal policies, procedures and controls on AML/CFT.
Additionally, payment service providers must comply with Travel Rule obligations imposed by the MAS in accordance with FATF requirements.
The Travel Rule requires financial institutions and crypto companies to collect and share the personal information of clients when sending one or more DPTs by value transfer or when receiving one or more DPTs by value transfer on the account of originator or beneficiary. Therefore, DPT service providers must provide sender and recipient data to each other during transactions.
The scope of information that ordering providers are required to share with the beneficiary provider depends on the transaction amount. If the amount of transaction is less than S$1,500 (approximately $1,112), then the provider should collect and share the following information:
- the name of the value transfer originator;
- the value transfer originator’s account number (or unique transaction reference number where no account number exists);
- the name of the value transfer beneficiary;
- the value transfer beneficiary’s account number (or unique transaction reference number where no account number exists).
If the transaction amount exceeds S$1,500, any of the following information may be required:
- the value transfer originator’s residential address, or registered/business address;
- the value transfer originator’s unique identification number (such as an identity card number, birth certificate number or passport number, or where the value transfer originator is not a natural person, the incorporation number or business registration number); or
- the date and place of birth, incorporation or registration of the value transfer originator (as may be appropriate).
Complete information on the Travel Rule regulation can be found here.
The PSA amendments are supposed to come into force, but the particular date is still not determined by the Minister.
Additionally, the MAS Consultation Paper on a Proposed New Omnibus Act for the Financial Sector, which sought input on the regulation of virtual asset service providers (VASPs) created in Singapore, was closed. However, the feedback from MAS is still to be due.
We’ll continue to track AML changes for DPT services in Singapore and will update this article on an ongoing basis. Save it to your reading list, so you don’t miss any important news.