The Payment Services Act (“PS Act”) came into effect on January 28, 2020. The PS Act adopts the activity-based licensing framework in view of the different kinds of activities and new developments in payment token services.
PS Act will enhance the regulatory framework for payment services, strengthen consumer protection and promote the confidence in the use of e-payments. The Money-Changing and Remittance Businesses Act (“MCRBA”) and the Payment Systems (Oversight) Act (“PS(O)A”) will be repealed with the commencement of the PS Act.
PS Act regulates the following payment services:
Payment Services that are excluded from the PS Act:
Types of licenses:
A business holding a major payment institution licence will be regulated more comprehensively.
An applicant of SPIL / MPIL licence should:
An applicant of Money-changing licence should:
For all the 3 licences, MAS must be satisfied:
For Account Issuance Service
For e-Money Issuance Service
Existing Store Value Facility (SVF) licence-holder or a remittance licence-holder under the PS(O)A or MCRB have 6 months from the commencement of the PS Act to inform MAS in writing of the specific payment services that you are conducting. Re-application for a licence under the PSA is not required.
Variation / Changes of Licence
Exempt Service Provider
Exemption applies to any holder of money-changing licence whose provision of money-changing services is solely incidental to its business of keeping or managing a hotel.
Risk Mitigating Measures
There are four key risks common across many payment services. The PS Act aims to mitigate risks while facilitating growth and innovation.
The PS Act has implemented the following controls to further enhance protection offered by responsible financial institutions to individuals and sole proprietors from losses arising from unauthorised transactions or erroneous transactions.
With the controls in place, should a MPIL surrender its licence or have its licence revoked, MAS may enforce the security to the extent required to pay any sums outstanding and claimed by payment service users who are customers of the MPIL. As such, customers may recover part of the sums outstanding claimed against the MPIL. But it is not intended to nor can it insure customers against all losses.
The PS Act imposes AML/CFT measures on persons carrying on a business in providing payment services that have been assessed to pose Money Laundering (“ML”)/Terrorist Financing (”TF”) risks.
All payment service providers should abide by the prescribed principles in the MAS Notices relating to AML and CFT when conducting their operations and business activities, exercise due diligence when dealing with customers, conduct its business in conformity with high ethical standards, guard against facilitating money laundering or terrorism financing, cooperate and assist the law enforcement authorities in Singapore to prevent ML and TF.
The payment service provider shall assess the AML/CFT risks and take appropriate measures to mitigate the risks when developing new products, business practices, delivery mechanisms and technologies.
In general, the AML/CFT measures will include requirements to conduct customer due diligence, monitor transactions, perform screening, report suspicious transactions and keep adequate records. The requirements may differ depending on the risk profiles of the customers or transactions.
There are many e-payment solutions in Singapore, but they may not necessarily interoperate with each other. Consumers may not be able to make payments directly to each other or to merchants if both parties use and accept different payment methods. One way to tackle this issue is to encourage the interoperability of payment acceptance solutions so that consumers and merchants have a simple and standardised payments experience.
In order to achieve the objective stated above, MAS may impose an access regime on a designated payment system operator or major payment institution to mandate that these entities allow third parties to access their system. In addition, MAS may mandate any MPIL to participate in a common platform to facilitate the interoperability of widely used payment accounts, including large e-wallets and bank accounts. Finally, MAS may require any MPIL to adopt common standards to make widely used payment acceptance methods, such as QR codes.
MAS Guidelines on TRM will apply to all licensees. These Guidelines set out IT risk management principles and best practices to guide financial institutions in establishing a robust TRM framework, strengthening of cybersecurity controls, enhancing system resiliency, and implementing strong authentication measures to protect customer data, transactions and systems. These are best practices which the payment institutions are expected to adopt.
Reach out to us:
RHT Compliance Solutions