POLICY REFINEMENTS ON SINGAPORE’S PAYMENT SERVICES ACT

POLICY REFINEMENTS ON SINGAPORE’S PAYMENT SERVICES ACT

Here are some policy refinements issued by the Monetary Authority of Singapore through its response documents to feedback received from the public during the consultation exercises in connection with the Payment Services Act (PSA).

As the PSA comes into force on 28 Jan 2020, it is important for payment services firms to take note of these.

Duties of the CEO, Directors and Partners & Fit and Proper Issues

MAS will be setting out a set of guidelines to set out the criteria where it will consider, in determining whether a CEO, director or partner of a licensee has failed to discharge the duties of his office or employment.

MAS will also issue a further set of fit and proper guidelines for persons regulated under the PSA.

Ethikom Comment: These guidelines should be welcome by the industry, given the potential personal liability on such persons.

The current fit and proper guidelines issued by the MAS is already very comprehensive. It will be interesting to anticipate the further guidance that MAS will issue.

Safeguarding Requirements and Security Deposit for Merchant Acquirers

MAS will exempt merchant acquirers from the requirement to safeguard relevant money owing to foreign merchants.

Ethikom Comment: This should be a welcome move for merchant acquirers.

Transitional Arrangements — Notification Period to MAS

MAS will provide payment services providers one more month (i.e. up to 27 Feb 2020) to inform MAS of their existing business.

MAS has already published these forms (which appears to be quite straightforward) but will only accept electronic submission on 28 Jan 2020.

Ethikom Comment — The key impact existing unregulated businesses (e.g. cryptocurrency exchanges/dealers and merchant acquirers). These forms are key in order not to be deemed as conducting regulated activities without a licence.

Technically, the last day that an entity can commence business in Singapore (to enjoy the transitional arrangements) is 27 Jan 2020.

Third Parties Soliciting Payments for Licensed Payment Entities

MAS has clairified that it will allow third parties to solicit business for licensed payment entities, provided that disclosures are made in every advertisement or marketing documents to make clear that the third parties are acting on behalf of the Licensees

MAS will amend the Notice on disclosures and communications (MAS Notice PSN08) to prescribe disclosure of the requisite information.

Residency, SG citizen/PR Requirement

Despite feedback obtained to the contrary, MAS will retain the requirement that an applicant applying for a licence must have an executive director who is a Singapore citizen or Singapore permanent resident.

Alternatively, where the institution has at least one director who is a Singapore citizen or Singapore permanent resident, the executive director can be an employment pass holder.

MAS also provided a friendly warning that it may revoke a licence if a licensee ceases to have executive directors fulfilling the above requirements.

Stock and Flow Caps

Several respondents had commented that the stock cap of $5,000 and annual flow cap of $30,000 would inhibit customers’ use of their personal payment accounts, in particular for large cross-border remittances, cross-border commerce, overseas travel, and online spending. Some therefore suggested that the caps to be removed or raised.

Having considered feedback, MAS will retain the stock and flow caps at $5,000 and $30,000 respectively.

MAS’ rationale is to preserve stability of the financial system by reducing the risk of significant outflows from bank deposits to non-bank e-money. They also protect customers by limiting a customer’s potential loss from his e-money account.

Having said that, MAS stressed that these are initial limits, which can be reviewed over time.

MAS recognised that some customers might need to make large and regular transfers overseas, and some payment institutions may offer competitive e-wallet solutions for such transfers.

MAS clarified that does not intend to impede access to such a use-case. MAS will accordingly introduce the following exemptions to facilitate such transactions:

Flow cap exemption: A licensee will be permitted to exclude from the annual flow cap computation, transfers from a customer’s personal payment account to his own overseas personal bank deposit account. This is in response to industry feedback that some customers may use e-wallets to make regular overseas remittances to meet financial commitments, such as paying rent, mortgages or financial support to family members.

Stock cap exemption: A licensee will be able to hold balances in personal payment accounts exceeding the $5,000 stock cap, provided all sums above $5,000 are transferred out of the personal payment account by the end of the day. This will allow customers to make occasional large payment transactions and transfers via their personal payment accounts.

Payments vs Non-Payments Businesses

Where a MAS regulated payment services provider performs non-payment related business activities that carry money laundering and terrorism financing (“ML/TF”) risks, MAS will consider the need to regulate and impose AML/CFT requirements on the payment services provider for such non-payment related activities.

An example of a non-payment services activity which MAS intends to regulate is the dealing in precious stones and precious metals (“PSPM”). MAS intends to propose AML/CFT requirements on PSPM transactions conducted by payment services providers and other MAS regulated financial institutions. MAS will consult on the requirements to be imposed in due course.

In relation to the lower AML/CFT expectations for payment for goods and services, a payment services provider should be able to ascertain to a high degree of certainty that the transactions are being made only for the intended purposes of such payments, and not for peer-to-peer transactions.

Payments made to individuals, whether local or foreign, will not qualify under the “payment for goods and services” low-risk exemption.

Alignment with FATF Standards

In connection with cryptocurrencies, MAS agrees with the approach of the Financial Action Task Force (FATF), the global standard-setting body.

MAS will implement the enhanced FATF Standards applicable to digital payment token services (“DPTS”) providers.

MAS will amend the PS Act and PS Notices to scope in the service providers that conduct any of the following activities for AML/CFT requirements — (i) transfer of DPTs; and (ii) provision of custodian wallets for or on behalf of customers .

In line with the FATF Standards, MAS also intends to set out that any entity which offers DPT services (whether offered in Singapore or otherwise) and is incorporated in Singapore will require a licence under the PS Act, and consequently be subject to AML/CFT requirements under our PS Notices.

MAS has just issued the public consultation (in Dec 2020) on the proposed legislative amendments to effect the above by end-2020.

Simplified Due Diligence (SCDD)

To perform SCDD, licensees must be able to adequately assess that the ML/TF risk associated with the business relations is low.

MAS will not permit Licensees to perform SCDD on customers that are payment services providers at this point in time.

MAS notes that the level of AML/CFT controls across the payments sector is uneven, which could also be the result of the varied risk profiles of the entities. This presents practical difficulties for a Licensee to be able to determine whether its counterparty payment services provider(s) are sufficiently low risk to justify the application of SCDD.

MAS will maintain a S$20,000 cumulative threshold for SCDD to be performed on customer wallets operated by Licensees.

Ethkom Comment: This will be a disappointment to the industry — as the message is the industry’s AML/CFT practices is not good enough, at least for now. It seems incongruous for entities licensed under the PSA — as the messaging from MAS is that AML/CFT will be one of the key risks that the PSA will address.

Third Party Reliance

Under MAS’ AML/CFT requirments generally, a financial institution may be able to rely on AML/CFT CDD checks done by other financial instituitons in certain instances.

MAS, has however, made it clear that it will not allow Licensees to rely on other PS Act Licensees or any foreign payment services provider to perform certain specified CDD measures, at this point in time.

MAS’ rationale is that it would be challenging for Licensees to be able to determine whether its counterparty payment services providers have in place adequate controls for the mitigation of risks in order to permit the application of third party reliance.

Licensees will nonetheless be permitted to rely on other (non-payments) FIs that are: (i) regulated by MAS in Singapore, or (ii) regulated and supervised by a foreign authority for AML/CFT requirements consistent with the FATF standards.

MAS reminds that despite reliance upon a third party, the Licensee shall remain responsible for its AML/CFT obligations.

MAS explaine that third party reliance is different from an outsourcing arrangement, for which there are separate expectations as set out in MAS’ Guidelines on Outsourcing.

In an outsourcing or agency scenario, the outsourced entity will be applying the AML/CFT measures on behalf of the Licensee, in accordance with the Licensee’s procedures, and will be subject to the Licensee’s control of the implementation of those procedures.

Ethikom Comment: This will be a disappointment to the industry — as the message is the industry’s AML/CFT practices is not good enough, for now. Technically, a payments firm can rely on a third party financial institution (e.g. a broker-dealer) that comes from another jurisdiction, but NOT a payment firms regulated in Singapore.

Non Face to Face KYC

MAS has expressly stated that it will allow non-face-to-face (“NFTF”) CDD measures, so long as the FI has assessed it to be appropriate to mitigate its ML/TF risks.

The principle is that NFTF measures are as robust as those performed with face-to-face contact. Where identity is obtained electronically through other NFTF means, including through transmission of scanned or copy documents, Licensees should apply additional checks to mitigate the risk of impersonation.

Licensees should also put in pace a once-off independent assessment from a suitably qualified professional to certify, at the first year mark after implementation, the effectiveness of the new technology solution in managing impersonation risk (see MAS Circular No: AMLD 01/2018 on the Use of MyInfo and CDD Measures for Non-face-to-face Business Relations)

MAS issued a reminder that where the customer of a DPTS provider is another DPTS provider (for instance, standalone wallet service providers), CDD should be performed on that DPTS provider.

Correspondent Account Services

MAS has considered the feedback and agrees that the ML/TF risks where a Licensee engages the services of a bank or merchant bank in Singapore (which is regulated by MAS for AML/CFT requirements) could be generally lower.

Bearer Instruments and Cash Payouts

MAS will maintain the restrictions on cash payouts, which currently exist under MAS Notice 3006.

DPTS as Cross-border Transfer

In line with the FATF standards, MAS will treat all Digital Payment Token (“DPT”) transfers as cross-border in nature.

In coming the above position, MAS did consider the scenarios in which transfers of DPT could be considered to be domestic. The following scenarios were cited:

1. Transfers between wallet addresses held by the same customer

2. Transfers between customers of the same MAS-regulated local exchange

3. Transfers from a MAS-regulated local exchange to a local individual custodial wallet

4. Transfers between MAS-regulated local exchanges

5. Where all parties of the DPT transaction are of the same nationality and reside within the same country

Wire Transfer Requirements for DPT Services

Licensees engaged in DPT services will be required to comply with value transfer requirements, which are similar to wire transfer requirements currently applicable to cross-border transfers in fiat currency.

MAS noted the risks of anonymity, speed and cross-border nature of DPT transactions mean that such activities have a higher risk of abuse for ML/TF.

The FATF’s Standards in relation to the transmission of wire transfer information (also commonly known as the “Travel Rule”) are intended to mitigate the risks posed, by obligating regulated entities to obtain, transmit, retain, and screen wire transfer information against relevant ML/TF information sources to ensure that bad actors cannot freely utilise DPT services to launder funds.

There is a variety of solutions that are available or being developed. To remain technology neutral, MAS does not intend to prescribe how Licensees should comply with the value transfer requirements in PS Notice 02.

MAS notes that the DPTS industry is currently exploring the development of solutions that could be applied across the industry in a coordinated manner, and commend the ongoing efforts. In the interim, MAS will not prohibit the conduct of DPT services where Licensees are able to comply with the value transfer requirements, i.e. as long as these requirements are carried out immediately and securely. Licensees who are recipients of DPT transfers should ensure that value transfer information is received and screened before customers can be granted access to the DPT transferred.

Simplified CDD

Licensees may apply SCDD measures if they assess customer relationships and transactions to be low risk for ML and TF. A Licensee’s decision to apply SCDD measures should be supported by a risk assessment that is properly documented. MAS will provide further clarification on the appropriate application of SCDD measures for DPT value transfers in the Guidelines that will be published in due course.

Occasional Transaction

MAS will not specify a threshold for occasional transactions and will maintain the requirement for CDD to be conducted on all DPT transactions regardless of the amount. The rapid nature of DPT transactions makes it easy for large transactions to be structured into multiple smaller amounts that fall below the thresholds set by regulatory authorities.

MAS notes that there are limited use-cases where customer accounts are not established and therefore where the occasional transaction threshold would apply. In such cases, we observe that the NFTF nature of the DPT transactions poses added risks as it makes deliberate structuring of transactions very difficult to detect. As such, MAS has made a considered decision not to apply any occasional transaction threshold for DPT transactions at this time. Licensees will be required to assess the ML/TF risks of the customer and perform the appropriate CDD measures based on the risk profile of the customer.

MAS is prepared to review this position in future, as the sector matures and where it is observed over the course of MAS’ licensing and supervision that DPTS providers have put in place adequate AML/CFT controls to mitigate the attendant ML/TF risks.

Ethikom Comment: The above is a departure from FATF requirements and this means that even if a DPT exchange were to deal with S$10 worth of fiat currency, it has to put in place full CDD measures.

Collection of Alternative CDD information

In its Consultation Paper, MAS sought feedback whether instead of the usual information that financial institutions obtain from clients for CDD, there may be alternative CDD information that payment firms could obtain from crypto-related clients.

Proposed Alternative CDD Information to be Collected:

DPT Sending/ Receiving Addresses (“Source of funds”)

Receipts/documentation on original purchase of cryptocurrency from an exchange or similar intermediary

Transaction details in relation to original purchase of DPT — i.e. number (hash) of transaction, value of transaction (e.g. 2 Bitcoins), timestamp, fee (cost of transaction), size of transaction (in bytes), funds balance history in the address, message recorded in transaction

Reasons for purchase of DPT.

Reasons for current transaction, if applicable.

MAS now agrees with the broad feedback that alternative CDD information should supplement rather than substitute the existing required CDD information, and will provide further guidance on the appropriate use of alternative CDD information in the Guidelines to PSN02.

MAS also agrees with the feedback that alternative CDD information should be collected in instances where additional verification measures are required, or where enhanced measures are appropriate in view of risks of the customer profile or relationship.

MAS reminded Licensees that they should take note of the higher risks associated with DPT transactions, given the cross-border nature and where there is a lack of transparency, including from the use of unregulated wallets, Bitcoin ATMs, mixers/tumblers, ATMs and privacy tokens.

The collection of alternate CDD information can therefore be helpful to assess and mitigate such heightened ML/TF risk exposure.

Published at Mon, 23 Dec 2019 06:57:56 +0000

{flickr|100|campaign}