Singapore - Payment Services Bill 2018.
Legal News & Analysis - Asia Pacific - Singapore - Regulatory & Compliance - Banking & Finance
29 December, 2018
The Payment Services Bill (“Bill”) was tabled for First Reading in Parliament on 19 November 2018. The Bill, once passed, represents a significant milestone in consolidating, streamlining and modernising existing payments legislation as part of Singapore's payments roadmap to 2020. Participants in the payment ecosystem should carefully consider the requirements of this new payments framework as the scope of regulated payment activities have been expanded, and certain participants may now require licensing under the new regime. Existing regulated or licensed entities should also be mindful of new compliance requirements intended to address concerns on money laundering, user protection, interoperability and technology risks.
The Bill is the outcome of extensive consultation, with the first consultation undertaken in August 2016 on the proposed payments framework, followed by a second consultation on the draft Bill in November 2017.
The Bill, once passed, represents a significant milestone in consolidating, streamlining and modernising existing payments legislation as part of Singapore's payments roadmap to 2020.
Payments services are currently regulated under two pieces of legislation, the Payment Systems (Oversight) Act (“PSOA”) and the Money-changing and Remittance Businesses Act (“MCRBA”).
The advent and rapid progression of financial technology or “FinTech” has transformed and revolutionised payment services like never before. New business models have emerged which have blurred the lines between activities regulated under these two Acts. At the same time, new payments activities have arisen, together with new risks and vulnerabilities. The Bill thus seeks to empower the Monetary Authority of Singapore (“MAS”) to adopt a calibrated approach in regulating payment services, mainly for the following key risks and concerns:
(a) money-laundering and terrorism financing (“ML/TF”);
(b) user protection (eg loss of funds owed to consumers or merchants due to insolvency); (c) fragmentation and limitations to interoperability; and
(d) technology and cyber risks.
The Bill comprises two parallel frameworks as follows:
Designation framework for payment systems
The first is a designation regime for systemically important payment systems.
This regime will largely be imported and retained from the PSOA to allow MAS to designate payment systems for close supervision, when considered to be of significance at the systemic or system-wide level.
The regime is expanded in the Bill to empower MAS to designate and regulate payment systems for competition or efficiency reasons. Inter-bank payment systems such as FAST, GIRO, and MEPS+ are designated under the PSOA, and are likely to be designated as such under the new Bill.
Licensing framework for payment service providers
The second is a single modular activity-based licensing framework for providers of payment services regulated under the Bill.
The Bill will regulate seven payment services, namely:
Activity A: Account issuance service
- Service of issuing a payment account or any service relating to any operation required for operating a payment account.
- Such as an e-wallet (including certain multi- purpose stored value cards) or a non-bank issued credit card.
Currently: Account issuance services per se are not regulated (unless regulated as part of a regulated activity such as operating a remittance business or certain stored value facilities (“SVFs”) with a float above S$30 million).
Regulation of SVFs under the PSOA will be re- worked and subsumed as account issuance services and e-money issuance services.
Activity B: Domestic money transfer service
- Providing local funds transfer services in Singapore.
- Includes payment gateway services and payment kiosk services.
Currently: Domestic remittance services per se are not regulated, but may be regulated to the extent that this forms part of money-changing and remittance businesses under the MCRBA.
Activity C: Cross-border money transfer service
- Providing inbound and outbound remittance services in Singapore.
Currently: Regulated mainly as remittance businesses under the MCRBA. Regulation of remittances is currently more limited and confined to the business of accepting moneys for the purpose of transmitting moneys outside Singapore.
Activity D: Merchant acquisition service
- Providing merchant acquisition service in Singapore where the service provider processes payment transactions from the merchant and processes payment receipts on behalf of the merchant.
- Examples include providing point-of-sale terminals or operating online payment gateway.
Currently: Merchant acquisition services per se are not regulated (unless regulated as part of a regulated activity such as operating a remittance business).
Activity E: E-money issuance service
- Issuing e-money in Singapore to allow the user to pay merchants or transfer to another individual.
Currently: Regulation comes in the form of regulating SVFs under the PSOA. The concept of “e- money” is, however, broader than SVFs as stored value in the SVF is limited to prepayment for goods and services.
Activity F: Digital payment token service
- Buying or selling digital payment tokens (commonly known as cryptocurrencies), or providing a platform to allow persons to exchange digital payment tokens in Singapore.
Currently: Digital token services per se are not regulated (unless regulated as part of a regulated activity or if the tokens in question attract regulation under a separate regime, such as our securities laws, where the tokens are capable of being construed as securities).
Activity G: Money-changing service
- Buying or selling foreign currency notes in Singapore (ie exchange of physical currency notes)
Currently: Regulated mainly as money-changing businesses under the MCRBA.
In line with the objective of having a calibrated approach in regulating risks associated with prescribed regulated payment services, a service provider will be required to apply for a single licence out of the following three classes, each class commensurate with the risks associated:
(a) money-changing licensee;
(b) standard payment institution (“SPI”); or
(c) major payment institution (“MPI”).
A money-changing licensee will only be permitted to engage in money-changing services.
SPIs and MPIs will be allowed to engage in any combination of the payment services regulated under the Bill.
In general, while SPIs will be required to comply with less onerous requirements as compared to MPIs, they will be subject to certain limitations such as on transaction volume and e-money float. SPIs will be regulated for ML/TF risks, basic corporate governance and other requirements of general application such as cyber hygiene. They will also be required to maintain a base capital that is lower compared to that of MPIs. However, SPIs will not be allowed to have a monthly transaction volume exceeding S$3 million in respect of any one payment service, or S$6 million in respect of two or more payment services, or a daily e-money float exceeding S$5 million, with these limitations computed on an averaged basis over a calendar year.
While MPIs, on the other hand, will not be subject to such limitations, a corresponding higher and more onerous level of regulation will be imposed in line with the risks presented with the funds handled. Each MPI will be required to maintain security of a prescribed amount with MAS for the due performance of its obligations to its users. MPIs engaged in certain regulated payment activities will also be required to comply with user protection measures such as by having customer funds deposited in a trust account when received.
Excluded Payment Activities
The Bill contains a number of exclusions or carve-outs for payment activities that do not pose sufficient risk to warrant regulation under its licensing regime. The three most significant exclusions being:
(a) Limited Purpose E-Money
(b) Limited Purpose Digital Payment Token (c) Regulated Financial Services
The “Limited Purpose E-Money” exclusion is intended to carve-out payment services involving e-money that can only be used for the purchase of a limited range of goods and/or services (eg those provided by the e-issuer, or a merchant within a limited network of merchants that is associated with the issuer, etc.), or in loyalty programmes which are generally of a lower quantum, carry low ML/TF risks and are limited in consumer reach. Likewise, the “Limited Purpose Digital Payment Token” exclusion is intended to carve-out payment services involving non- monetary consumer loyalty or reward points or in-game assets that satisfy the definition and conditions stipulated in the Bill. These can potentially operate to exclude rewards/points cards or paper-based vouchers.
The “Regulated Financial Services” exclusion seeks to exclude payment services conducted by licensed or exempt entities regulated under certain prescribed legislation such as the Financial Advisers Act and the Securities and Futures Act, but only to the extent that such payment services are considered to be solely incidental to or necessary for those licensed or exempt entities to carry out the activity for which it is regulated (or exempt) under those prescribed legislation. While the Bill has provided for some clarity on what constitutes “incidental”, this issue may still be a matter of considerable debate as it is in practice not easy to definitively conclude what constitutes “incidental”.
As the PSOA and the MCRBA will be repealed at the commencement of the Bill, the Bill provides for transitional arrangements for existing regulated entities, as well as powers to make transitional arrangements for entities that are providing regulated payment services, but are currently not regulated.
Transitional arrangements of between six and 12 months will be provided to facilitate a smooth transition of these entities into the new regulatory framework under the Bill, and allow these entities with sufficient lead time to comply with the new requirements.
It would be timely for participants in the payment ecosystem to carefully consider the requirements of this new payments framework given the significant changes entailed. One instance is in relation to operators and holders of SVFs under the current PSOA regime. These service providers would undoubtedly be concerned, for while the “light-touch” regime under the PSOA operates on holders based on stored value of S$30 million or less, there is no direct equivalent under the new regime.
As the operation of SVFs would most likely be classified as “account issuance services” and/or “e-money issuance services” under the new regime, existing operators and/or holders are advised to consider the requirements under this new regime.