Knowledge Highlights 17 December 2019
The key provisions of the Payment Services Act 2019 (“PS Act”), which provides a new framework for the regulation of payment systems and payment service providers in Singapore, will come into force on 28 January 2020. With this, the regulation of payment services, currently provided under the Payment Systems (Oversight) Act (“PS(O)A”) and the Money-changing and Remittance Businesses Act (“MCRBA”), will be streamlined and combined into the PS Act, and the PS(O)A and MCRBA will be repealed.
Briefly, the new framework:
- provides a regulatory structure that recognises the growing convergence across payment activities;
- expands the regulatory scope of the Monetary Authority of Singapore (“MAS”) to include more types of payment services, such as digital payment token services and merchant acquisition; and
- adopts a modular and risk-focused regulatory structure, allowing rules to be tailored to the scope of services being offered by the provider.New subsidiary legislation and MAS Notices and Guidelines in furtherance of the new framework were published on 5 December 2019. MAS also released responses to feedback received on draft versions of the subsidiary legislation, Notices and Guidelines which it had consulted on earlier this year.
Overview of PS Act
Two parallel regulatory frameworks
The PS Act introduces two regulatory frameworks: a designation regime and a licensing regime.
The designation regime allows MAS to designate significant payment systems to ensure the stability and market efficiency of the financial system. Designating payment systems for financial stability reasons is a power that is already provided for in the PS(O)A, and has been retained in the PS Act. The PS Act provides for an additional basis for designation, which is to ensure efficiency and competition in the financial system.
The licensing regime enables MAS to regulate a wide range of payment services in a manner that matches the scope and scale of services provided by each provider, and that can respond flexibly to market developments. The services can be grouped into seven types:
- Activity A: account issuance;
- Activity B: domestic money transfers;
- Activity C: cross-border money transfers;
- Activity D: merchant acquisition;
- Activity E: e-money issuance;
- Activity F: digital payment token dealing and exchanges; and
- Activity G: money changing.
Three classes of licences
The PS Act provides for the following three classes of licences whose regulatory requirements differ according to the risks posed by the scope and scale of services which the licensee provides:
- Money-changing licensee: Money-changing licensees can provide only money-changing services. They will continue to be regulated under the PS Act in largely the same way as they are under the existing MCRBA.
- Standard payment institution: Standard payment institutions may provide any combination of the seven defined payment services, but below specified transaction flow or e-money float thresholds set out in the PS Act.
- Major payment institution: Only major payment institutions can carry out payment services above the specified transaction flow or e-money float thresholds. As the scale of their operations would pose more risk, they will be regulated more comprehensively.
This new licensing regime is a more comprehensive and robust framework than what current legislation provides in the following ways:
- New services: The PS Act introduces a regulatory framework for digital payment token services, or what are commonly understood as cryptocurrency dealing or exchange services. Under the PS Act, all providers of digital payment token dealing or exchange services in Singapore will have to meet anti-money laundering and counter financing of terrorism (“AML/CFT”) requirements. MAS will also regulate domestic money transfers and merchant acquisition.
- Expanded scope of activities: New activities under the services that are currently regulated will also be recognised. The definition of e-money in the PS Act will go beyond stored value or pre-paid services, such as public transport cards, to include e-wallets, namely, any monetary value that is held for future payment transfers between individuals or with corporates. This means that e-money issuers have an obligation to protect the value held in major e-wallets for consumers and merchants.
Four risk mitigating areas
The new framework will mitigate the following four key risks that are common across many payment services:
- User protection: The PS Act will require major payment institutions to safeguard customer monies from loss through the institutions’ insolvency by using any of the following means:
- an undertaking or guarantee by any bank in Singapore or prescribed financial institution to be fully liable to the customer for such monies;
- a deposit in a trust account; or
- safeguarding in such other manner as may be prescribed by MAS.
- AML/CFT: Payment services may be used for money laundering or terrorism financing (“ML/TF”). The appropriate AML/CFT requirements will be imposed on relevant licensees through Notices issued under the Monetary Authority of Singapore Act. MAS will also provide guidance to the industry.
- Interoperability: Payment solutions in Singapore may become fragmented. The PS Act will give MAS formal powers to ensure interoperability of payment solutions, in the interests of consumers and market development.
- Technology risk management: The PS Act will give MAS powers to impose technology risk management requirements, including cyber security risk management requirements, on all licensees. Payment service providers will be required to ensure that there is adequate risk governance and implementation of adequate controls, particularly in areas such as user authentication, data loss protection and cyber-attack prevention and detection.
With the repeal of the PS(O)A and MCRBA at the commencement of the PS Act and the introduction of new payment services, the PS Act provides transitional arrangements for existing regulated entities and powers to make transitional arrangements for entities currently providing the new payment services but are not regulated.
Payment Services Regulations and related subsidiary legislation
The main regulations for licensees and other regulated persons under the PS Act are the Payment Services Regulations (“PS Regulations”). Key provisions of the PS Regulations include:
- Requirements for licensees: These include control of provision of payment services, financial requirements and business conduct requirements that will apply to licensees where relevant.
- Requirements for designated payment system (“DPS”) entities: These requirements are largely similar to those currently imposed on DPS operators, settlement institutions and participants under the PS(O)A.
- Exemptions and other requirements: These are exemptions and also general requirements that apply to licensees and DPS entities.
In addition to the PS Regulations, other subsidiary legislation regulating specific aspects of the new framework, such as the Payment Services (Exemption for Specified Period) Regulations 2019, the Payment Services (Singapore Dollar Cheque Clearing System and Inter-bank GIRO System) Regulations 2019 and the Payment Services (Saving and Transitional Provisions) Regulations 2019, have also been issued.
These Regulations will come into operation together with the PS Act on 28 January 2020.
MAS Notices and Guidelines
MAS has also issued new AML/CFT Notices for payment service providers regulated under the PS Act. Other MAS Notices on matters such as reporting of suspicious activities and incidents of fraud, technology risk management, and cyber hygiene have also been published. There will also be amendments to the Guidelines for E-Payments User Protection and Guidelines on Fit and Proper Criteria.