A new Payment Services Bill tabled in Parliament sets out the MAS’s proposed licensing framework for providers of payment service activities. The three categories are: Money-Changing Licensee, Standard Payment Institution and Major Payment Institution. They will need to implement AML/CFT measures and user protection measures. AML/CFT measures apply to all three types of licensees. The user protection measures apply only to Major Payment Institutions.

A Payment Services Bill (PSB) was introduced in Parliament on 19 November 2018. When passed and in force, the PSB will regulate the following types of payment service activities:

• Account issuance services: Issuing, maintaining or operating a payment account in Singapore, such as an e-wallet or a non-bank credit card.
• Domestic money transfer services: Providing local funds transfer services in Singapore, including payment gateway services and payment kiosk services.
• Cross-border money transfer services: Providing inbound or outbound remittance services in Singapore.
• Merchant acquisition services: Providing merchant acquisition services in Singapore. This is where the service provider contracts with a merchant to accept and process payment transactions, which results in a transfer of money to the merchant. Usually the service includes providing a point of sale terminal or online payment gateway.
• E-money issuance: Issuing e-money in Singapore to allow the user to pay merchants or transfer e-money to another individual (with a carve-out for e-money used for certain specified limited purposes).
• Digital payment token services: Buying or selling digital payment tokens, or providing a platform to allow persons to exchange such tokens in Singapore (with a carve-out for digital payment tokens used for certain specified limited purposes).
• Money-changing services: Buying or selling foreign currency notes in Singapore.

Regulation applies not only where the services provided are the person’s primary business but also where they are secondary to the person’s primary business. Accordingly, online marketplace operators offering payment services to facilitate transactions in the marketplace will also be required to hold a licence.

Licence to carry out payment service activities

A licence will be required to carry out any of these services. Three classes of licences are proposed:

• A licence to be a Money-Changing Licensee, which will only allow the licence holder to carry out money-changing services;
• A licence to be a Standard Payment Institution, which will allow the licence holder to carry out any payment service activity below specified threshold limits; and
• A licence to be a Major Payment Institution, which will allow the licence holder to carry out any payment service activity above the specified threshold limits.

Where the services provided are other than money-changing services or e-money account issuance services, the threshold limits are as follows:

• In respect of any one service, the average, over a calendar year, of the total value of all payment transactions that are accepted, processed or executed by the entity in one month is SGD3 million; or
• In respect of two or more services, the average, over a calendar year, of the total value of all payment transactions that are accepted, processed or executed by the entity in one month is SGD6m.

Where the service provided is an e-money account issuance service, the threshold limit is an average daily e-money float of SGD5m in a calendar year.

A licence to carry out the payment service activity will not be needed for the following persons:

• Deposit taking institutions already licensed under the Banking Act, the Monetary Authority of Singapore Act or the Finance Companies Act; and
• A person regulated or exempt under the Securities and Futures Act, the Financial Advisers Act, the Trust Companies Act or the Insurance Act if the provision of that activity is solely incidental or necessary for the carrying on of its regulated activity.

To apply for a licence, the applicant must:

• Be a company (whether incorporated in Singapore or overseas);
• Have a permanent place of business or a registered office in Singapore;
• Have at least one executive director that is a Singapore citizen, a Singapore permanent resident or meet such other criteria that the Monetary Authority of Singapore (MAS) may prescribe; and
• Comply with the capital and security deposit requirements.

It should be noted that a licensee must not lend money to its customers or use customer money to finance any of its business activities. This is to maintain a distinction between payment institutions and deposit taking institutions.

Risk mitigation measures

The providers of payment service activities will need to implement risk mitigation measures. These are broadly divided into measures against anti-money laundering / countering the financing of terrorism (AML/CFT measures) and user protection measures. AML/CFT measures apply to all three types of licensees, while the user protection measures apply only to Major Payment Institutions. The details of the requirements will be set out in subsidiary legislation.

The table below, based on the measures proposed in the Consultation Paper on the Proposed Payment Services Bill (Consultation Paper), sets out what types of measures are required to be adopted in respect of each payment service activity. What the measures entail are set out below the table.

AML/CFT requirements would include the following:

• Identification and verification of customers and beneficial owners;
• Ongoing monitoring including transactions monitoring;
• Screening of customers for money laundering / terrorism financing concerns; and
• Suspicious transaction reporting and record keeping.

User protection measures comprise the following:

• Safeguarding of e-money float / funds in transit:
  • The float / funds is covered by an undertaking by any bank in Singapore (including wholesale banks), merchant bank, or finance company.
  • The float / funds is guaranteed by any bank in Singapore, merchant bank, finance company or insurer approved to issue financial guarantee insurance policies.
  • The float / funds is held on trust in a segregated account with any bank in Singapore, merchant bank or finance company.
  • As set out in the Consultation Paper, the float / funds is deposited in a trust account with an authorised custodian specified or prescribed by the MAS.
  • As set out in the Consultation Paper, the float / funds is invested in any secure, liquid, and low risk assets as the MAS may prescribe and the assets are deposited in a trust account with an authorised custodian prescribed or specified by the MAS.

• Protection of personal use wallets:
  • The maximum personal e-wallet load capacity will be set at SGD5,000.
  • E-wallet issuers must not allow the user of a personal e-wallet to transfer more than SGD30,000 out of his e-wallet on a 12-month consecutive basis. Transfers to certain personal bank accounts held in Singapore do not count towards the SGD30,000 restriction.
  • These limits will be applied on a per user, per payment institution basis. Accordingly, where a customer has multiple accounts with the same payment institution, all of his accounts (with some limited exceptions) will need to be aggregated for the purpose of complying with the limits.
  • Protection of access to funds: These measures will be set out in guidelines to be consulted on later.

The PSB empowers the MAS to mandate interoperability.

The existing guidance on technology risk management will be extended to licensees. Accordingly, only designated payment systems will be required to adopt technology risk management requirements.

Transitional arrangements

The transitional arrangements will vary depending on the specific payment service provided. In general, the following transitional arrangements will be provided:

• Persons already licensed under the Money-changing and Remittance Businesses Act and the Payment Systems (Oversight) Act will be grandfathered under the PSB. They will be given a grace period of 12 months to comply with the obligation to safeguard funds in transit.
• Except for digital payment token services, the other payment services not currently regulated under the Money-changing and Remittance Businesses Act and the Payment Systems (Oversight) Act will be given a grace period of 12 months to apply for a licence. Digital payment token services will be given a grace period of six months.

It should be noted that there will be no grace period for compliance by existing licensees with the requirements for AML/CFT measures.

Further details will be set out in subsidiary legislation, which will be consulted on by the MAS in due course.

Next steps

After the PSB has been passed by Parliament, various aspects of implementation of the payment services regulatory framework will need to be set out in subsidiary legislation. For this purpose, the MAS will be consulting on the subsidiary legislation required for the implementation of the following:

• Whether any exemptions are needed for the application of the cash withdrawal prohibition to e-money accounts used for money-changing services and cross-border money transfer services;
• As noted above, transitional arrangements and grace periods for compliance with the new regime;
• Disclosure requirements for Standard Payment Institutions, including a requirement for licensees to notify customers that the e-money float and funds processed by a Standard Payment Institution are not safeguarded under regulations;
• Disclosure requirements for Major Payment Institutions, including a requirement to notify customers of the options being employed to safeguard the e-money float or funds in transit;
• Executive director nationality requirements; and
• Details on AML/CFT measures.