23 June, 2019
On 14 January 2019, the Payment Services Act 2019 (“PS Act”), which will consolidate the existing regimes governing the provision of payment services in Singapore, was passed by the Singapore Parliament. More information, please refer to our earlier client updates on the PS Act found here, and details on the draft subsidiary legislation here.
In order to mitigate the potential money-laundering and terrorism financing (“ML/TF”) risks posed by certain payment services, the Monetary Authority of Singapore (“MAS”) has in its consultation paper of 6 June 2019, proposed to impose anti-money laundering and countering the financing of terrorism (“AML/CFT”) requirements on the relevant payment services providers through two sets of notices (“PS Notices”), issued under the MAS Act (Cap. 186) as follows:
(a) Notice to Payment Services Providers (Specified Payment Services) on Prevention of Money Laundering and Countering the Financing of Terrorism (“PS Notice 01”); and
(b) Notice to Payment Services Providers (Digital Payment Token Service) on Prevention of Money Laundering and Countering the Financing of Terrorism (“PS Notice 02”).
This update outlines the key elements in MAS’s public consultation on the proposed PS Notices.
Introduction
Following MAS’s proposals in its 2017 public consultation on the draft PS Act, MAS has said that it will impose AML/CFT requirements on licensees carrying out the following activities below:
-
(a) account issuance services (“Activity A”);
-
(b) domestic money transfer services (“Activity B”);
-
(c) cross-border money transfer services (“Activity C”);
-
(d) money-changing services (“Activity G”); and
-
(e) digital payment token services (“Activity F”).
MAS has clarified that the other activities regulated under the PS Act, such as merchant acquisition (“Activity D”) and e-money issuance (“Activity E”), will not be subject to AML/CFT requirements, in line with existing international practices.
PS Notice 01 will apply to licensees which carry on a business of providing Activity A, Activity B, Activity C or Activity G. When implemented, PS Notice 01 will supersede but remain aligned with the AML/CFT requirements currently in MAS Notice 3001 (for holders of money-changer’s licence and remittance licence) and MAS Notice PSOA-N02 (for holders of stored value facilities).
On the other hand, PS Notice 02 will apply to licensees which carry on a business of providing Activity F. MAS has reiterated that all transactions categorised under Activity F are considered to carry higher inherent ML/TF risks due to the anonymity, speed and cross-border nature of such transactions. Such a view is consistent with the position taken by the Financial Action Task Force (“FATF”), which in October 2018 introduced clarified FATF Standards for virtual asset services providers (“VASPs”). To align with the FATF Standards, MAS has proposed to impose AML/CFT requirements on digital payment token service providers (“DPTS providers”) who deal in or facilitate the exchange of digital payment tokens (“DPTs”) for real currencies where:
-
(a) dealing in DPT includes the buying or selling of DPT. This would typically involve the exchange of DPT for fiat currency or another DPT; or
-
(b) facilitating the exchange of DPT means establishing or operating a DPT exchange which allows the buying or selling of any DPT, in exchange for fiat currency or any DPT (whether of the same or a different type).
DPTS providers who also facilitate the transfer of DPT or provide custodian wallet services as part of their business will be required to apply AML/CFT measures to mitigate the risks posed by such services. As ongoing
revisions are made to the FATF Standards, MAS has said that it expects to make further amendments to the legislation and AML/CFT requirements for DPTS providers at a later stage, and targets to issue a public consultation on the proposed changes by end 2020.
To be clear, where a licensee performs one or more regulated activities (eg Activity A and Activity B) as well as Activity F, the licensee will be required to comply with PS Notice 02 for the aspects of its business operations that relate to DPT services and DPT-related transactions and PS Notice 01 in respect of the other regulated activities.
Scope of AML/CFT obligations under the PS Notices
In general, the AML/CFT requirements on licensees for the relevant activities above mentioned, will be similar to that for existing MAS regulated entities, with the differences as elaborated below.
Simplified customer due diligence (“SCDD”)
In line with the risk-based approach to performing customer due diligence (“CDD”), licensees carrying out Activity A, Activity B, Activity C and Activity F, may perform SCDD measures, without having to seek prior approval from MAS in certain low-risk scenarios where:
-
(a) the licensee is satisfied, upon the overall analysis of risks, that the ML/TF risks are low; or
-
(b) the services provided to such customer are cross-border wire transfers conducted solely for the payment of goods and services to merchants, and the transactions are funded from an identifiable source.
That said, licensees will not be permitted to perform SCDD measures where:
-
(a) the annual cumulative transactions undertaken for a customer exceeds S$20,000;
-
(b) the customer is a person with higher risk characteristics; or
-
(c) there is suspicion of ML/TF involved.
Licensees applying SCDD measures remain obliged to conduct screening and ongoing monitoring of business relations under the relevant PS Notice, as well as to document and maintain records of the SCDD measures adopted. MAS has pointed out that it reserves the right to review all relevant documentation and records as part of its supervisory process.
Third party reliance
MAS has proposed to permit licensees to rely on a third party to perform certain elements of the CDD measures required by the PS Notices, subject to the following requirements being satisfied:
-
(a) the licensee is satisfied that the third party is subject to and supervised for compliance with AML/CFT requirements consistent with standards set by FATF, and has adequate AML/CFT measures in place to comply with those requirements;
-
(b) the licensee takes appropriate steps to identify, assess and understand the ML/TF risks particular to the countries or jurisdictions that the third party operates in;
-
(c) the third party is not one which licensees have been specifically precluded by MAS from relying upon. Taking into account the higher ML/TF risks posed by virtual assets and VASPs, MAS has proposed to preclude licensees from third party reliance on local and foreign VASPs; and
-
(d) the third party is able and willing to provide, without delay, upon the licensee’s request, any data, documents or information obtained by the third party with respect to the measures applied on the relevant holder’s customer, which the relevant holder would be required or would want to obtain.
Correspondent account services
Where a licensee provides correspondent account services to other licensees or financial institutions (“FIs”), or where it engages an FI for correspondent account services, MAS has proposed that the licensee performs, in addition to the normal due diligence measures, risk mitigation measures such as:
-
(a) assessing the suitability of the FI by understanding its AML/CFT controls and that they are adequate and effective;
(b) clearly understanding and documenting the respective AML/CFT responsibilities of each FI; and
(c) obtaining approval from the licensee’s senior management before providing a correspondent account or similar services to a new FI or engaging a new FI for correspondent account services.
Bearer negotiable instruments and cash payouts
MAS has noted that cash and bearer negotiable instruments are anonymous in nature and are thus susceptible to ML/TF abuse. To mitigate the increased ML/TF risk exposure when licensees perform cash-based transactions, MAS has proposed to apply the restrictions under the existing MAS Notice 3006 on “Prohibition on Issuance of Bearer Negotiable Instruments and Restrictions of Cash Payout” (which will subsequently be folded into the PS Notices) by:
-
(a) prohibiting licensees who perform money-changing transactions, inward cross-border money transfers, domestic money transfers, withdrawals from payment accounts, and the purchase or sale of foreign currency without the use of foreign currency notes, from issuing bearer negotiable instruments in any currency to their customers; and
-
(b) requiring licensees who perform inward cross-border money transfers, domestic money transfers, withdrawals from payment accounts, and foreign exchange transactions, to use non-cash settlement methods for payouts of S$20,000 and above (or such equivalent amount in foreign currency) to persons in Singapore.
Where any licensee suspects that two or more payment transactions may be related, linked or the result of a deliberate restructuring of an otherwise single transaction into smaller transactions, in order to evade AML/CFT controls, the licensee shall treat the relevant payment transactions as a single transaction and aggregate their values for the purposes of applying the AML/CFT measures in the PS Notices.
AML/CFT requirements for DPTS providers
In light of the recommendation by FATF for countries to apply the FATF Standards to virtual assets and VASPs (including DPTS providers), MAS has proposed that under PS Notice 02, licensees that facilitate the sending of DPTs be obliged to obtain and hold required and accurate originator information and required beneficiary information on DPT transfers, to immediately and securely submit such information to beneficiary DPTS providers and counterparts (if any), and to make the information available on request to appropriate authorities.
On the other hand, licensees that are the recipients of DPT transfers (whether on behalf of the customer or otherwise), should obtain and hold required originator information as well as required and accurate beneficiary information on DPT transfers, and make these available on request to appropriate authorities. In addition, MAS has proposed that the licensees be required to comply with requirements including: monitoring the availability of information, taking freezing action and prohibiting transactions with designated persons and entities.
In relation to DPT transactions, MAS has noted that FATF has lowered the designated threshold for occasional transactions (ie transactions carried out on a very limited basis and where business relations may not be established as part of the transaction), above which DPTS providers are required to conduct CDD, in view of the ML/TF risks associated with such activities. However, MAS has proposed instead to do away with designating thresholds for DPT transactions, and require that CDD must be conducted from the first dollar of a DPT transaction.
With regard to the collection of certain customer-specific information for conducting CDD, MAS has proposed that other alternative CDD information be collected by DPTS providers, so as to better identify a customer for the DPT sector, as follows:
-
(a) DPT sending/receiving addresses (ie source of funds);
-
(b) receipts/documentation on original purchase of cryptocurrency from an exchange or similar intermediary;
-
(c) transaction details in relation to original purchase of the DPT (ie number of transaction, value of transaction, timestamp, fee, size of transaction, funds balance history in the address, message recorded in transaction);
-
(d) reasons for purchase of the DPT; and
(e) reasons for current transaction (if applicable).
Exemption from AML/CFT requirements under PS Notice 01
Conduct of low-risk activities only
MAS has proposed to exempt licensees who confine their business model to providing only services that meet certain low risk criteria prescribed by MAS (“MAS defined low risk activities”), from having to comply with the AML/CFT requirements in PS Notice 01.
|
Activity |
Low risk criteria |
|
Activity A |
Issuing payment accounts that: (a) do not allow physical cash withdrawal; institution performs identification and verification of the sender; and (c) do not have an e-wallet capacity (i.e. load limit) that exceeds S$1,000. |
|
Activity B |
Services that only allow the user to perform the following transactions:
|
|
Activity C Cross-border money transfer services |
Services where the user is only allowed to pay for goods or services and where that payment is funded from an identifiable source. |
In the event a licensee provides services beyond the MAS defined low risk activities, the licensee would have to ensure that all its activities (including those that are MAS defined low risk activities) comply with the AML/CFT requirements.
Offering of exempted payment services products
Where a licensee, in addition to its existing activities regulated for AML/CFT, offers a product where the activities in relation to such product is confined to MAS defined low risk activities only, MAS has proposed to exempt the licensee from complying with certain sections of PS Notice 01 in relation to that product (“Exempted Product”). The licensee would not be required to comply, in particular, with AML/CFT measures relating to CDD, foreign exchange transactions, issuance of bearer negotiable instruments and cash payouts, agency arrangements, and wire transfers. That said, the licensee will continue to be subject to all other AML/CFT requirements in PS Notice 01 in relation to its regulated activities.
Where a DPTS provider offers an Exempted Product involving Activity A, Activity B, Activity C or Activity G, it must comply with the relevant paragraphs of PS Notice 01 in carrying out its AML/CFT obligations.
Money-changing transactions where CDD is not required
MAS has proposed to maintain existing transaction-level threshold for money-changers, such that money- changers will not need to perform CDD on a customer with a cash transaction of an aggregate value of less than S$5,000. In addition, money-changers will not be required to conduct CDD on a customer for a transaction that does not exceed an aggregate value of less than S$20,000, that is funded from an identifiable source.
AML/CFT Requirements for non-payment services activities by payment service providers
MAS has indicated that it generally does not encourage payment service providers to conduct activities outside of payment services, unless these are incidental to and supportive of their primary business model. As such, MAS has proposed to require licensees to notify MAS when conducting any non-payment services activity. Where any FI conducts a suite of business activities that may be offered to a single customer, including the provision of payment services, MAS has also said that it expects the FI to maintain the capability of holistically monitoring the customer relationship across the entire range of activities being provided, including the mitigation of ML/TF risks.
MAS has also noted that certain types of non-payment services business activities, carried out by payment service providers, may also carry ML/TF risks and hence ought in principle to be subject to AML/CFT regulation. To the extent that such non-payment services activities are not already regulated by a regulatory authority in Singapore, MAS indicated that it will require payment service providers carrying out non-payment services business activities to similarly adopt AML/CFT measures. This will be the subject of a further consultation by MAS in due course.
Consultation Period
The closing date for the consultation is 5 July 2019. The PS Notices are expected to be implemented when the PS Act comes into effect.
A copy of the consultation paper is available here.
