Compliance obligations under the new Payment Services Act
The Payment Services Act (“the Act”) came into force on 28 January 2020 providing new framework for the regulation of payment systems and payment service providers in Singapore. The Act consolidates the previous Payment Systems (Oversight) Act 2006 and the Money-Changing and Remittance Business Act 1979. The Act recognizes seven types of payment services. The Act also provides for three classes of licences whose regulatory requirements differ according to the risks posed by each services provided under each licenses. All approved holders of widely accepted stored value facilities and licensed remittance agents have been deemed to be major payment institutions under the Act and holders of money-changer’s licences have been deemed to as holders of money-changing licences under the Act. Entities providing new payment services other than digital payment token service providers must submit their licence application before 27 January 2021 and digital payment tokens service providers have to submit by the 27 July 2020. All entities are also required to notify MAS by 27 February 2020 on the date they commenced the business of providing the specific payment services under the Act. Below we discuss key compliance obligations to adhere to:
Financial requirements for PSA
Companies applying under the Standard and Major Payment Institutional Licences are required to maintain minimum base capital requirement. Standard payment institutions and major payment institutions must maintain minimum base capital of S$100,000 and S$250,000 respectively. Entities licensed under money-changers are currently not required to maintain a minimum base capital. Base capital refers to sum of:
- All of the paid-up ordinary share capital and paid-up irredeemable and non-cumulative preference share capital in the latest accounts of the company; and
- Any unappropriated profit or loss in the latest audited accounts of the company,
Less:
- Any interim loss in the latest accounts of the company; and
- Any dividend that has been declared since the latest audited accounts of the company
Major payment institutions are also required to maintain a security deposit of S$100,000 (if the average, over a calendar year, of the total value of all payment transactions that are accepted, processed or executed by the licensee in one month, does not exceed S$6 million of its equivalent in a foreign currency), for any one payment service it provides) or S$200,000 in any other cases. The security deposit is typically required to be provided in the form of cash or bank guarantee.
Filing Requirements for Payment Services Act
All payment service providers who have been conducting payment services prior to commencement of the Act must submit the Notification of Provision of Payment Services for the purposes of Exemption from Holding a Licence under the Payment Services Act 2019 for the Specified Period form. This is to be submitted prior to 27 February 2020. New entities intending to do payment services are required to submit the following forms:
- Form 1 – Application for a Payment Services Provider Licence; and
- Form 3 – Application for Approval of Chief Executive Director or Partner of a Payment Services Provider.
The guide below sets out the high-level summary of ongoing filing obligations applicable to each type of payment activities licensed under the Act
| Licence Activity | Filing Requirement | Period of Filing |
|---|---|---|
| Account issuance service | (a) Form 1A – Account-issuance service (b) Form 1B – Account-issuance service (c) Form 1C – E-money account issuance service |
Monthly Half-yearly Annually |
| Domestic money transfer service | (d) Form 2A – Domestic Money Transfer service (e) Form 2B – Domestic Money Transfer service (semi-annual submission) |
Monthly Half-yearly |
| Cross-border money transfer service | (f) Form 3A – Cross-Border Money Transfer service (g) Form 3B – Cross-Border Money Transfer service (semi-annual submission) |
Monthly Half-yearly |
| Merchant acquisition service | (h) Form 4A – Merchant Acquisition service (i) Form 4B – Merchant Acquisition |
Monthly Half-yearly |
| E-money issuance service | (j) Form 5 – E-money Issuance service | Monthly |
| Digital payment token service | (k) Form 6A – Digital Payment Token service (l) Form 6B – Digital Payment Token service |
Monthly Half-yearly |
| All major payment institutions providing (a) Domestic money transfer service (b) cross-border money transfer service (c) merchant acquisition service (d) an e-money issuance service | (n) Form 8 | Annually |
| All licensee | Form 9 – Annual form | Annually |
| All Licensees | Form 4 – Audited Report | Annually |
Business Conduct Requirements for PSA
All licence holders are required to comply with relevant MAS notices and guidelines to varying degree depending on the specific activities they are conducting. We have broadly described the key ongoing compliance obligations for license holders.
(i) Fit and Proper
All licence holders must ensure that the entity, its senior managers, shareholders and employees meet MAS Guidelines on Fit and Proper.
(ii) AML/CFT Requirements
Licence holders must comply with MAS AML/CFT Notices and Guidelines. These notice and guidelines are similar in nature to the AML/CFT Notices and Guidelines applicable to other licence categories. Licence holders must comply with the key requirements as per below:
- Identify, assess and understand ML/TF risks
- Develop and implement policies and procedures such as conducting customer due diligence checks, transaction monitoring, periodic customer due diligence checks, suspicious transactions and AML screening and record keeping
- Monitoring the implementation of these policies and procedures
- Performing enhanced due diligence checks on higher risk customers
Payment service providers who are deemed to be low risk for ML/TF risks are not required to comply with AML/CFT Notices.
Licence holders must have in place an AML/CFT policy that also addresses enterprise-wide ML/TF risk assessment.
(iii) Compliance Requirements
MAS expects licence holders to have appropriate compliance arrangements that commensurate with the scale, nature and complexity of arrangements. This may be a need to have an independent compliance function with suitably qualified staff or compliance support from holding company or overseas related entity with appropriate oversight from the Singapore office.
MAS permit the use of outsourced service providers to provide compliance function to licence holders pursuant to Appendix 3 of the MAS Guidelines on Licensing for Payment Service Providers. This however must commensurate with scale, nature and complexity of business. Licence holders must provide information on the relationship between the entity and the outsourced service provider, licensing/registration status of outsourced provider and oversight arrangements in place.
(iv) Technology Risk Management
Prior to obtaining licence, payment service providers who are providing online services are required to conduct penetration test of its proposed financial services, remediate risks identified and conduct independent valuation on the effectiveness of the remediation actions. On an ongoing basis, all licence holders must comply with MAS Technology Risk Management Guidelines and Notice on Cyber Hygiene.
Licence holders must put in place appropriate policies and procedures to address various technology risks relevant for their business and document now these risks are mitigated, monitored and controlled within the organisation.
(v) Disclosures and Communications
Licence holders must make accurate representative on the scope of its licence and provide the disclosures set out by MAS in the Notice on Disclosures and Communications. Licence holder must ensure customers receive timely updates regarding any material changes to the disclosures
(vi) Audit Requirements
All licence holders, on an annual basis, appoint an auditor to carry out audits on its accounts and transactions and compliance with applicable regulations. Annual audit reports must be filed with the MAS within stipulated timeline.
(vii) Notification of Changes and Appointments
Appointment of new CEOs and directors/partners require a pre-approval from MAS. Licence holders are also required to notify MAS of any changes pertaining to the entity including its key officers and shareholders within 14 days of change.