You are here

MAS extends AML/CFT requirements to Payment Service Providers

24 June 2019 | Singapore
Legal Briefings – By Natalie Curtis, Kenneth Lo and Sandra Tsao

Share

On 6 June 2019, the Monetary Authority of Singapore (MAS) issued a Consultation Paper on proposed anti-money laundering and countering the financing of terrorism (AML/CFT) requirements which will apply to most payment service providers (PS Providers). Submissions close on 5 July 2019. The relevant AML/CFT requirements are set out in the following Notices (AML/CFT Notices) to be issued by MAS and come after the passing of the Payment Services Act (PS Act) on 14 January 2019 (see our bulletin here):

a. Notice to Payment Services Providers (Specified Payment Services) on Prevention of Money Laundering and Countering the Financing of Terrorism (applies to all activities that carry money laundering/financing of terrorism (ML/FT) risks except digital payment token (DPT) services); and

b. Notice to Payment Services Providers (Digital Payment Token Service) on Prevention of Money Laundering and Countering the Financing of Terrorism (applies to DPT services).

Regulated activities that carry money-laundering/terrorism financing (ML/TF) risks

Providers of the following services will be required to comply with the AML/CFT Notices, subject to certain exceptions (see below):

  • account issuance services;

  • domestic money transfer services;

  • cross-border money transfer services;

  • money-changing services; and

  • DPT services.

Key requirements under the AML/CFT Notices

The key AML/CFT requirements that PS Providers will have to comply with include:

  • identifying, assessing and understanding their ML/TF risks;

  • developing and implementing policies, procedures and controls such as conducting customer due diligence (CDD), transaction monitoring, screening, suspicious transaction reporting and record keeping;

  • monitoring the implementation of those policies, procedures and controls; and

  • performing enhanced measures where higher ML/TF risks are identified.

Exceptions

A PS Provider is not required to comply with the AML/CFT Notices if it only provides services that meet certain low risk criteria for ML/TF as set out in the table below.

Regulated activity Low risk criteria
Account issuance services

Issuing payment accounts that:

(a) do not allow physical cash withdrawal;
(b) do not allow physical cash refunds above S$100, unless the payment institution performs identification and verification of sender; and
(c) do not have an e-wallet capacity (i.e. load limit) that exceeds S$1,000.

Domestic money transfer services

Services that only allow the user to perform the following transactions:

(a) payment for goods or services and where payment is funded from an identifiable source (being an account with a financial institution regulated for AML/CFT);
(b) payment for goods or services and where the transaction is under S$20,000; or
(c) payment is funded from an identifiable source and where the transaction is under S$20,000.

Cross-border money transfer services Services where the user is only allowed to pay for goods or services and where that payment is funded from an identifiable source.

DPT services

Current consultation

All DPT transactions are considered by MAS to carry higher inherent ML/TF risks. As such, MAS proposes to introduce AML/CFT requirements on licensees that are DPT service providers (DPTS Providers) who deal in or facilitate the exchange of DPT for real currencies where:

  • dealing in DPT includes the buying or selling of DPT. This would typically involve the exchange of DPT for fiat currency (eg Bitcoin for USD, or USD for Ether) or another DPT (eg Bitcoin for Ether); and

  • facilitating the exchange of DPT means establishing or operating a DPT exchange which allows the buying or selling of any DPT, in exchange for fiat currency or any DPT (whether of the same or a different type).

In addition to always carrying out CDD (including in the case of occasional transactions), licensees that facilitate the sending of DPT will be required to:

a. obtain and hold required and accurate originator information and required beneficiary information on DPT transfers;

b. immediately and securely submit the above information to beneficiary DPTS providers and counterparts (if any); and

c. make the information available on request to appropriate authorities.

Licensees that are the recipients of DPT transfers (whether on behalf of a customer or otherwise) will be required to:

a. obtain and hold required originator information and accurate beneficiary information on DPT transfers; and

b. make the information available on request to appropriate authorities.

Future consultation

MAS expects to undertake a further public consultation on the proposed legislative and Notice amendments relating to DPTS Providers by end-2020 so as to fully align with ongoing revisions to the Financial Action Task Force Standards.

What should PS Providers do to prepare

Currently-regulated PS Providers will need to assess whether their existing AML/CFT policies, procedures and processes will continue to meet the new AML/CFT requirements and any identified gaps will need to be addressed.

Newly- regulated PS Providers will need to consider matters such as the following:

a. policies and compliance frameworks:

  • implementing a robust risk-based AML/CFT framework, which is set out in a well-defined AML/CFT policy;
  • implementing appropriate CDD frameworks for on-boarding customers;

  • implementing a data protection framework backed by a comprehensive data protection policy so as to ensure the security of customer data collected during the CDD process, among other data;

  • implementing robust transaction screening, periodic review and suspicious transaction reporting frameworks; and

  • ensuring proper record keeping;

b. investment in compliance:

  • whether there is a need to hire skilled compliance staff; and

  • what technology solutions may be available to assist with compliance;

c. staff training: ensuring that staff understand their AML/CFT obligations and responsibilities; and

d. senior management engagement: ensuring the right ‘tone from the top’.

Assistance

We have been working with a number of PS Providers to implement the appropriate frameworks and policies required to comply with the AML/CFT Notices. We also provide training for PS Providers’ staff to ensure that they are aware of and understand their responsibilities.

Should you have any questions or require any assistance, please contact us.

See how we help our clients in

Fintech

Learn More