|
11 July 2023
|
Regulatory Update
Regulatory Update
|
26 October 2022
|
MAS Issues Revised Business Continuity Management (“BCM”) Guidelines
Regulatory Update
|
02 August 2022
|
Regulatory Update
|
02 August 2022
|
Regulatory Update
|
29 October 2019
|
HOME > PUBLICATIONS > FAQs on the PSA
|
|
29 OCTOBER 2019
|
|
|
In anticipation of the implementation of the Payment Services Act (the “PSA”), the Monetary Authority of Singapore (“MAS”) on 4 October 2019 released a series of frequently asked questions (the “FAQs”) relating to the PSA. These FAQs were meant to provide guidance on, amongst other things, the licensing and regulation of payment service providers, and oversight of payment systems. This bulletin summarizes the key takeaways from the FAQs.
PART 1: Rationale for Introduction of a New Payment Services Regulatory Framework and Timeline The FAQs provide a summary of the rationale for the PSA, including the consolidation and replacement of the Payment Systems (Oversight) Act ("PS(O)A") and the Money-changing and Remittance Businesses Act ("MCRBA") and expansion of regulatory oversight to include other parts of the payment system. The FAQs also discuss the proposed timeline for the PSA to go into effect, which is currently targeted for the first quarter of 2020. PART 2: Designation Framework The FAQs outlines four MAS’ considerations on what will be trigger designation under the PSA.
The first three were retained from the existing PS(O)A, with the fourth being an additional consideration under the PSA. PART 3: Licensing Framework and Licensable Activities Factors MAS Considered in Drafting the PSA The FAQs provide some guidance on the factors MAS considered in identifying what activities should be regulated under the PSA. These possess the following characteristics.
As such, service providers that process data (e.g., payment instructions) only will not need to be licenced under the PSA. Thus, payment instrument aggregation services and data communication platforms do fall under the scope of the PSA. Loyalty Programmes and Other Limited Purpose E-Money In addition, the PSA carves out certain “limited purpose e-money” or “limited purpose digital payments tokens” that do not pose sufficient risk to warrant regulation, such as loyalty programs. The FAQs provides two factors MAS will likely access (amongst others) in any analysis.
Merchant Acquirers The FAQs note that the service of merchant acquisition (where the entity enters into a contract with a merchant to accept and process payment transactions which results in a transfer of money to the merchant) may possibly overlap with domestic or cross border money transfer (e.g., if it serves the payer as well, which is common for e-money issuers). In such a case, the entity's licence should cover all the payment services the entity provides. The FAQs go on to say that merchant acquisition services usually include providing a point of sale terminal or online payment gateway, which seems to be two factors MAS may consider on this issue. E-Wallet Top Up Services The FAQs note that e-wallet top up services that accept money from a customer that is then sent to an e-wallet operator does not, itself, provide an account issuance service. This clarifies what may be an exemption for domestic transfer services that work with account issuers. MAS also notes that the PSA will regulate entities operating e-wallet services separately from those that issue e-money, given that the e-wallet operators may not always be the e-money issuers. This is also because account issuance services provided by e-wallet service providers are deemed to carry significantly higher ML/TF risks, technology risks, user protection and interoperability concerns. Foreign Payment Service Providers For foreign applicants for a licence under the PSA, the following criteria will have to be met.
PART 4: Regulatory Risk (1) - AML/CFT As with all things, MAS will have a risk-based approach to the PSA, and AML/CFT requirements will be calibrated to the level of risk posed by each service. It bears reminding that the draft Notice PSN02 illustrates this risk based approach by stringent requirements to digital payments tokens (“DPT”) service providers, due to the anonymity, speed, and cross border nature of their services. In line with international standards and guidance, the MAS intends to make legislative amendments by the end of 2020 to include the regulation of service providers who provide, on a standalone basis, the transfer of DPTs or provision of custodian wallets. MAS also intends to have the PSA extend to cover Singapore-incorporated entity that undertakes DPT services outside of Singapore. PART 5: Regulatory Risk (2) - User Protection The FAQs go into detail at several points to explain why MPIs are required to safeguard their e-money float, including a reminder that e-money are not bank deposits and not protected by deposit insurance. MAS also notes that, while a prescribed amount of security must be kept with MAS for the due performance of obligations in case of flight or other events, ’ customers, that sum may not be able to protect customers entirely from losses. The FAQs go on to remind that investors into DPTs are not protected by legislation administered by MAS. PART 6: Regulatory Risk (3) - Fragmentation and Interoperability While MAS continues to push for interoperability, including the introduction of FAST and PayNow and the push for unified point of sale terminals and Singapore Quick Response Code, MAS will only impose the interoperability measures when the circumstances need and not upon the commencement of the PSA. PART 7: Regulatory Risk (4) - Technology and Cyber Risk All licensees are expected to adopt the industry best practices outlined in the MAS’ Guidelines on Technology Risk Management (“TRM”); and ensure adherence to the latest MAS Notice on Cyber Hygiene (which will come into effect on 6 August 2020). Although the requirements set out in the MAS’ Notice on TRM will not be imposed on all licensees, the PSA will accord MAS the authority to impose the TRM requirements on licensees that it deems have become significant players in the payment industry. The FAQs go on to note, however, that the TRM requirements on maintaining high availability, recoverability, data protection, and incident reporting will only be required of Designated Payment Systems. PART 8: Activity Restrictions The FAQs clarify that the PSA prohibits licensees from engaging in consumer lending activities as the regulatory framework has been kept proportionate to the risks they pose (i.e., to only conduct payment-related activities). Related to this, and to the above point under Regulatory Risk (2) – User Protection regarding safeguarding of assets, e-money issuers cannot on-lend customer money or use customer monies to materially finance their business activities. This prohibition does not apply to other payment service providers as, generally, any customer money collected would not reside with them for long periods of time. Finally, the FAQs clarify that to protections for banking services have been implemented into the PSA. The first is a prohibition on e-wallet providers from providing cash withdrawal service. While e-money issuers can work with banks to enable the transfer of funds to bank accounts, this prohibition accords with free trade agreements entered into with other countries to grant banks access to automated teller machines and cash back services. The FAQs do note that MAS may roll out an initiative to allow non-bank e-money issuers to interoperate with banks on this issue. The second is that e-money personal account stock and flow caps (S$5,000 and S$30,000, respectively) are designed to prevent an outflow from bank deposits, which can risk the financial system. The FAQs note that these caps will be reviewed over time as the payment landscape evolves. |
DOWNLOADABLE RESOURCES
|
|
|
|
|
|
|
|
|
|
|
|