MAS updates the licensing guidelines for payment service providers by clarifying the eligibility criteria and imposing additional application requirements.

Insights

MAS Updates Guidelines on Licensing for Payment Service Providers

Date
August 2, 2024
August 02, 2024
Author
OrionW

On 26 July 2024, the Monetary Authority of Singapore (MAS) published the amended Guidelines on Licensing for Payment Service Providers (Guidelines).  The Guidelines clarify the licensing procedure and eligibility criteria, and impose additional application requirements, for payment service providers seeking to be licensed under the Payment Services Act 2019 (PS Act).  The changes introduced by the Guidelines will take effect on 26 August 2024.

Requirements for Associated Persons

The Guidelines now expressly state that a PS Act licence applicant must prove that its directors, chief executive officer (CEO), shareholders and employees are fit and proper to the satisfaction of MAS.  In determining whether someone is fit and proper, MAS will look into any conflicts of interest and whether relevant persons are able to commit sufficient time to manage or oversee the applicant, apart from considering their honesty, integrity, reputation, competence, capability and financial soundness.  The Guidelines also require that executive directors and the CEO of the applicant have sufficient understanding of the payment service regulatory framework in Singapore.

Base Capital Requirements

MAS also clarifies that an applicant should ensure that its base capital can cover at least 6 to 12 months of its operating expenses and that it has an effective monitoring process to ensure continuous compliance with the base capital requirements, such as implementing a regular reporting process or having a specified capital buffer.

Compliance Resources

In addition to having effective compliance arrangements in place, applicants are now likewise required to have adequate compliance resources that are commensurate to the scale, nature and complexity of their businesses.  This includes:

  • having a proper governance structure to oversee compliance and anti-money laundering/countering the financing of terrorism (AML/CFT) issues; and
  • for entities providing digital payment token (DPT) services, appointing an in-house local compliance officer, notwithstanding that such entities may obtain compliance support from a related company overseas. 

New Application Requirements

Apart from explaining the licence application review process, the Guidelines set out additional requirements for new licence applicants or licensees seeking to add a DPT service to their existing licence.

Legal Opinion

MAS now requires all applicants for new licences or, for variation of existing licences to add a DPT service, to submit a legal opinion issued by a law firm that has experience advising on the PS Act in Singapore.  The legal opinion should include a clear and concise summary of the applicant’s business model and an assessment of whether the applicant’s proposed services and/or products are regulated payment services under the PS Act.  Other applicants may also be required to submit a legal opinion if MAS deems it necessary. 

External Auditor’s Assessment

Generally, an applicant intending to provide DPT services or to vary its licence to add DPT services is now required to submit an independent assessment report from a suitably qualified independent external auditor regarding the applicant’s policies, procedures and controls in AML/CFT and consumer protection.  More than one external auditor may be appointed to perform the independent assessment of each area as appropriate, depending on the external auditor’s expertise, experience and track records in the field.  

The external auditor must be a recognised accounting corporation, accounting firm, or accounting limited liability partnership under the Accountants Act 2004, and it, as well as its lead engagement partner, must have made at least one report in respect of a statutory audit pursuant to MAS regulations on a financial institution regulated or authorised by MAS, or at least one independent review/assessment commissioned by MAS in the area of AML/CFT on a financial institution regulated or authorised by MAS.  In addition, the external auditor must have no conflicts of interest arising from its ongoing business relationships with the applicant, its group or group companies, up to the conclusion of its engagement. 

Entities that have notified MAS pursuant to the Payment Services (Amendment) Act 2021 (Saving and Transitional Provisions) Regulations 2024 (Transitional Regulations 2024) are now required to submit an attestation signed off by an external auditor on the applicant’s business activities and compliance with AML/CFT and user protection requirements before 4 January 2025, in lieu of the independent assessment.  Under the Transitional Regulations 2024, providers of previously unregulated domestic money transfer services, cross-border money transfer services and DPT services are given a timeframe within which to obtain relevant PS Act licences for the newly regulated services.  

Consumer Protection Measures

Applicants for a DPT service licence should provide information regarding their compliance with consumer protection requirements, including consumer access measures, business conduct procedures for safeguarding and segregating customers’ assets, maintenance of access and operational controls to customers’ DPTs in Singapore, risk management controls, complaints handling and mitigation of conflicts of interest, among others.  For more information on this topic, please refer to our article here.  

Technology Risk Management

From 6 November 2024, DPT service licensees must comply with MAS’s Notice on Technology Risk Management [FSM-N13].  Other licensees are also directed to refer to MAS’s Guidelines on Risk Management Policies – Technology Risk. 

Conclusion

The Guidelines have clarified expectations for PS Act licence applicants and introduced additional requirements for applications for new or varied PS Act licences, particularly for those wishing to provide DPT services.  In particular, the Guidelines provide details on AML/CFT and consumer protection requirement and oblige DPT service licensees to comply with technology risk management requirements.  Therefore, both applicants and existing licensee sunder the PS Act should be aware of the changes introduced by the Guidelines.

For More Information

OrionW regularly advises clients on the PS Act and fintech matters.  For more information about the PS Act and fintech regulatory compliance, or if you have questions about this article, please contact us at fintech@orionw.com.

Disclaimer: This article is for general information only and does not constitute legal advice.

Newsletter

Subscribe to
our newsletters

To subscribe, select the newsletter options that interest you (TMT, FinTech or DPC - Data Protection and Cybersecurity) and provide your details.

  • TMT - Technology, Media and Telecommunications
  • FinTech
  • DPC - Data Protection & Cybersecurity
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.