When does the licensing requirement under the PS Act take effect?

While the PS Act takes effect on 28 January 2020, temporary exemptions from licensing will apply for firms which, immediately prior to commencement of the PS Act, already carry on a payment service that will be newly licensable under the PS Act. For firms providing any newly licensable payment service other than a DPT service, the exemption applies for 12 months (i.e., until 28 January 2021), and for firms providing a DPT service, the exemption applies for six months (i.e., until 28 July 2020).

Any firm wishing to benefit from such temporary exemption must, between 28 January and 27 February 2020, notify the MAS of its intention to do so, stating the date on which it commenced its relevant payment service(s).

What types of licence are granted under the PS Act?

Different licences are granted to (i) money-changers, (ii) standard payment institutions (SPIs), and (iii) major payment institutions (MPIs). A firm providing any payment service(s) other than money-changing will be an SPI unless its payment transactions exceed certain volume thresholds, as follows (in which case it must be licensed as an MPI):

Certain firms which, prior to commencement of the PS Act, held a licence under the MCRBA, or which were approved by the MAS to hold stored value exceeding S$30 million under the PS(O)A, will automatically transition to a new licensing status under the PS Act. In broad summary, existing licences/approvals will transfer as follows:

Which notification and licence application forms need to be submitted to the MAS?

Key forms for submission to the MAS include:

• The notification form for a firm to inform the MAS of its intention to avail itself of a temporary exemption
• The main licence application form (Form 1)
• The form to apply for a change or variation of an existing licence (Form 2)
• The form to apply for approval of a firm’s CEO, director or partner (Form 3)

An application submitted to the MAS in Form 1 must be accompanied by certain supporting documents, including, for example,  a business plan illustrating the applicant’s compliance with the PS Act and other relevant legislation, organisational and shareholding charts, financial statements, anti-money laundering and countering the financing of terrorism (AML/CFT) policies and procedures and enterprise-wide risk assessment and implementation plans.

Further information on the requirements for licensing applicants are set out in the MAS Guidelines on Licensing for Payment Service Providers [PS-G01].

Which ongoing requirements apply to a PSP under the PS Act?

In general terms, the nature of the PS Act requirements which apply to a PSP depend on the payment services which the PSP provides, and whether the PSP holds a money-changing, SPI or MPI licence. The requirements fall into the following categories:

• Interoperability: To avoid fragmentation of the payments landscape (e.g. due to the use of multiple wallet providers, QR codes, payment terminals, etc.), the MAS may exercise interoperability powers if this should become necessary. This may involve imposing a common standard, requiring PSPs to join a common platform, or imposing an access regime for selected payment systems.
• User protection: The key user protection requirement consists in the safeguarding of customer monies, which may occur by the PSP obtaining a bank undertaking or bank guarantee, or placing the monies in a segregated trust account with a bank or other prescribed institution. This applies to MPIs only.
• AML/CFT: These requirements, aimed at countering money-laundering and terrorist-financing risks, principally comprise customer due diligence (CDD) measures.
  Technology risk management: This consists of a broad set of requirements, ranging from governance and oversight measures to IT security and audit requirements.

We set out below an overview of the activities to which these requirements apply.

Which key eligibility requirements must a PSP meet?

The key requirements which a PSP must meet (at the point of becoming licensed and on an ongoing basis thereafter) are:

• Corporate form: The PSP may be either a Singapore company or a foreign corporation, and must have a permanent place of business or registered office in Singapore.
• Personnel: The PSP must have an executive director who is a citizen or permanent resident of Singapore or who holds an employment pass, although in the latter case, another director of the PSP must be a citizen or permanent resident of Singapore.
• Presence at office: At least one person must be present, at specified times, at the PSP’s permanent place of business or registered office to address queries or compliance issues raised by payment service users or customers.
• Record-keeping: The PSP must ensure that it keeps books of all its payment service transactions at its permanent place of business or registered office.
• Fitness and propriety: The PSP and its directors, CEO, shareholders and employees must be fit and proper (in particular, neither the PSP nor its group should have any adverse reputation, especially with regard to financial crime).
• Experience and competencies: The PSP’s executive directors and CEO should have relevant experience, competencies and influences to allow them to exercise effective oversight and control over the business activities and staff.
• Qualifications: Key individuals should have appropriate educational qualifications and professional certification where relevant.
• Compliance arrangements: The PSP’s compliance arrangements must be commensurate with the nature, scale and complexity of its business. It may maintain an independent compliance function in Singapore or obtain compliance support from an overseas affiliate. A suitably qualified compliance officer must be appointed.
• Penetration-testing: Any proposed online financial services must be penetration-tested so that any identified high risks are remediated, and the effectiveness of the remediation must be independently validated.
• Audit: Audit arrangements must be in place in accordance with the scale, nature and complexity of the PSP’s operations. These must include plans to meet annual audit requirements under the PS Act.
• Letter of responsibility/undertaking:The MAS may require the PSP to provide a letter of responsibility and/or letter of undertaking from the PSP’s majority shareholders, parent company and/or related company.
• Other factors: In considering the PSP’s licensing application, the MAS may also consider various other factors, such as (among others) the track record of the PSP and the commitment of the PSP’s holding company to operations in Singapore.

A PSP must also maintain minimum base capital (plus a sufficient buffer, in accordance with the scale and scope of its operations and the potential for profits and losses), and must provide the MAS with a security deposit (as a cash deposit or bank guarantee), as follows:

Which key instruments issued under the PS Act apply to PSPs?

Key regulatory instruments issued under the PS Act which apply to PSPs include the following (among others):

• Payment Services RegulationsNotices on the Prevention of Money Laundering and Countering the Financing of Terrorism [PSN01 and/or PSN02]
• Notice on Reporting of Suspicious Activities & Incidents of Fraud [PSN03]
• Notice on Submission of Regulatory Returns [PSN04]
• Notice on Cyber Hygiene [PSN06]
• Notice on Conduct [PSN07]
• Notice on Disclosures and Communications [PSN08]
• Guidelines on Technology Risk Management
• E-payments User Protection Guidelines

If you wish to discuss the PS Act requirements and how they may affect you, please do not hesitate to contact us.

Client Alert 2020-024