Internal audit and independent assessment for Payment Services Licence holders


      New Payment Services Act (“Act”) came into effect 28 January 2020. Along with the Act, the Monetary Authority of Singapore (“MAS”) has introduced several notices and guidelines to be adhered to by Payment Services Licence Holders (“regulated entities”). The Notices PSN01 and PSN02  Prevention of Money Laundering  and Countering of Terrorism specifically carries important requirements for Payment Services Licence Holders (PSLH) to abide by.


      Non-face-to-face Know-Your-Customer Requirements (NFTF)

      PSLH who are conducting NFTF transactions or business relations with customers are required to put in place policies and procedures to address any specific risks associated with the process. Policies and procedures are also required to be implemented when conducting periodic due diligence checks on customers who were originally onboarded using NFTF manner. Where PSLH conducts its first NFTF business contact, must appoint an external auditor or an independent qualified consultant to assess the effectiveness of any the technology solutions used to manage impersonation risks. The report must be submitted to MAS no later than one year after conduct of the first NFTF business.

      PSLH are also required to appoint an external auditor or an independent qualified consultant to carry out assessment of their policies and procedures when there has been substantial changes in relation to NFTF process. Similarly, within one year, the report must be submitted to MAS.


      Internal Audit Requirements

      PSLH are required to have in place adequate independent audit arrangements to regularly assess the adequacy and effectiveness of the policies, controls and compliance with regulatory requirements. This audit may be conducted by an internal audit function within the company, independent audit team from head office or can be outsourced to a third party service provider.


      Key Takeaways

      PSLH who are especially conducting NFTF are expected to have policies and procedures that are at least as stringent as those that would be required to be performed if there was face-to-face contact. Generally, NFTF customer onboarding process is deemed to hold greater anti-money laundering and terrorism financing risks. Increasing technology sophistication presents new threats in terms of identity theft and conducting NFTF certainly exposes financial institutions to higher risks.

      PSLH should review their policies and procedures and ensure the technology solutions embedded within the customer onboarding process is sophisticated enough to address impersonation risks. Additional processes to be considered includes conducting real time video conference, requesting for certified true copies of identification and verification documents, using biometric facial recognition, and technology solutions to confirm authenticity of government issued documents.

      PSLH should not assume that doing the internal audit process would be sufficient to address the need to provide an independent report to MAS on the effectiveness of NFTF customer onboarding process. PSLH should be reminded that internal audit can be done by the internal team or head office team. However, the independent NFTF report to MAS has to be conducted only by independent external auditors or qualified consultants.

      Waystone’s Payment Services Act Solutions

      Previous post Next post

      More like this

      Payment Services Act updates - Payment Services Bill

      Strengthening AML/CFT Controls of Digital Payment Token (DPT) Providers The Monetary Authority of Singapore (MAS) recently released an infographic setting…
      Read more

      Licensing Guide - Payment Services Act (PSA)

      The Payment Services Act (PSA) came into effect in Singapore on 28 January 2020 and it streamlines payment services regulatory…
      Read more

      Response to feedback received on MAS consultation paper - Payment Services Act 2019

      The Monetary Authority of Singapore (“MAS”) released a consultation paper on 23 December 2019 on proposed changes to the Payment…
      Read more

      Payment Services (Amendment) Bill

      The Payment Services Act came into force in January 2020. It was released on 4th January 2021 that the Payment…
      Read more

      Strengthening AML/CFT controls of Digital Payment Token (DPT) providers

      The Monetary Authority of Singapore (MAS) recently released an infographic setting out recent international developments and MAS’ supervisory expectations on…
      Read more

      Payment Services Act updates

      As Singapore's new Payment Services Act came into effect in January 2020, Argus Global hosted a timely event to discuss…
      Read more