The Monetary Authority of Singapore (MAS) has taken a significant step towards regulating the burgeoning digital asset market by publishing a consultation paper setting out the regulatory regime that will apply to digital token service providers providing services outside of Singapore under the Financial Services and Markets Act (FSMA).
The MAS first consulted on this regulatory regime in 2020. This was, among other enhancements to the existing regulatory framework, a response to the Financial Action Task Force’s enhanced standards for virtual asset service providers (VASP) issued in 2019. The FSMA regime specifically speaks to FATF’s observation that VASPs should at least be licensed or registered in jurisdiction(s) in which they were created to mitigate the risks of regulatory arbitrage. FSMA was passed in Parliament in 2022 but the licensing provisions of this regime have yet to come into effect. This consultation paper now sets out fuller details on how MAS intends for this licensing regime to work.
Scope of Licensing Under FSMA
The MAS already regulates digital assets under two main regulatory regimes:
- broking, exchange, transmission and custodial services provided in Singapore relating to digital payment tokens (DPTs), e.g., BTC and ETH, are currently regulated under the Payment Services Act (PSA); and
- regulated activities relating to security tokens or digital assets which represent capital markets products are regulated under the Securities and Futures Act (SFA), with financial advisory services relating to such products regulated under the Financial Advisers Act (FAA).
What FSMA licensing intends to deal with however are where such regulated activities are carried out in relation to digital tokens (whether they are DPTs or capital markets products) by:
- Individuals and partnerships who, from a place of business in Singapore, carry on a business of providing a digital token service (DT Service) outside Singapore; and
- Singapore corporations that carry on a business, whether from Singapore or elsewhere, of providing a DT Service outside Singapore.
If such persons are already licensed under the existing PSA, SFA, FAA regimes, they will not require a license under this FSMA regime. There are also specific exemptions from licensing similar to those under the PSA, e.g., technical service providers that do not receive any money or DPT would not be subject to licensing.
Licensing Process and Transitional Arrangements
The MAS proposes a perpetual license with an annual license fee, although it may lapse for certain conditions, e.g., not commencing business within six months.
There will be no transitional arrangements and any entities already operating in such manner will need to cease all such activities until it obtains the license from the MAS. However, the MAS will issue the commencement notification four-weeks before the regime comes into force.
Criteria for Licensing
The MAS has indicated that it will only grant the applications in “extremely limited circumstances” and will consider these on a case-by-case basis. Among other requirements, applicants will need to be able to demonstrate a business model that makes economic sense and provide valid reasons for not in fact providing the DT Services in Singapore. They should also assure MAS that there are no concerns with its business structure and that it is not operating in a manner that is of concern and is already regulated and supervised for compliance with relevant internationally agreed standards.
Some minimum criteria include the requirement for at least one local resident director or partner, a permanent place of business in Singapore with at least one person present for more than 10 days a month and more than 8 hours a day and meeting minimum financial requirements, e.g., SGD 250,000 base capital for companies and partnerships and, for individuals, a cash deposit with the MAS of SGD 250,000.
Ongoing Regulatory Requirements
FSMA licensees will be subject to various ongoing regulatory requirements, including AML/CFT requirements which are substantially similar to those applicable to DPT licensees under the PSA. This includes the requirement to conduct customer due diligence (CDD), screening, and transaction monitoring and to comply with value transfer requirements, among others. Similar to the PSA regime, while licensees can rely on certain specified third parties to perform CDD measures, e.g., licensed banks or capital markets intermediaries, they will not be able to rely on CDD measures conducted by DPT service providers (or foreign equivalents). The MAS alluded to differing standards of AML compliance for such entities as the rationale for this requirement. It is, however, worth asking whether this fairly extensive additional layer of compliance obligations for entities already licensed elsewhere are indeed necessary when the services are not being carried out in Singapore.
The FSMA licensees will be required to have a compliance function, but, because this can be outsourced to an overseas entity, as a practical matter, it is possible that the compliance teams of an overseas licensed entity could implement the AML/CFT regime in line with the FSMA requirements for the FSMA licensee. However, with the additional workload, it is worth asking whether these additional processes really help tackle AML risk more effectively, or does it merely create the risk of overloaded compliance teams bogged down with duplicative tasks, making it more likely to miss real AML/CFT threats.
Additional conduct of business requirements applicable to FSMA licensees include submissions of periodic regulatory returns, requirements to display risk warnings, technology risk management, cyber hygiene, business continuity management, risk management and outsourcing requirements.
Concluding Remarks
When this regime was originally proposed, it focused on Singapore corporations (i.e., Singapore incorporated companies carrying on business overseas), but the recent addition of “individuals who from a place of business in Singapore carry on a business of providing digital token services outside of Singapore” introduces some questions particularly around the degree to which individuals are expected to comply with the ongoing regulatory requirements such as CDD, technology risk management and other requirements.
The proposals in this consultation paper are still at the consultation phase and the MAS has asked for feedback by 4 November 2024. If you have any feedback or questions, please reach out.