MAS Revises Guidelines on Licensing for Payment Service Providers – New Licence Application Requirements

Executive Summary

 The Guidelines on Licensing for Payment Service Providers (PG-G01) (“Guidelines“) issued by the Monetary Authority of Singapore (“MAS“) were revised recently to include new requirements for licence applications under the Payment Services Act 2019 (“PS Act“), including:

• for all licence applications, a legal opinion assessing how the regulated payment services are applicable to each proposed service or product covered by the applicant’s business model;
• for licence applications for digital payment token (“DPT“) services, an external auditor’s independent assessment of the applicant’s policies, procedures and controls in the areas of anti-money laundering/countering the financing of terrorism (“AML/CFT“) and consumer protection.

The MAS also expressly set out various rules of engagement which applicants should take note of throughout the application process. These may be found in Appendix 5 of the Guidelines.

Background

The PS Act regulates the provision of payment services in Singapore. Seven types of payment services are currently regulated under the PS Act, namely: (1) account issuance service; (2) domestic money transfer service; (3) cross-border money transfer service; (4) merchant acquisition service; (5) e-money issuance service; (6) DPT service; and (7) money‑changing service.

Unless exempted, a person providing payment services (“PS provider“) must be licensed under one of the following three classes of licences provided in the PS Act, with reference to the risks posed by the scale of payment services provided by it:

• Standard Payment Institution (“SPI“) licence;
• Major Payment Institution (“MPI“) licence; or
• Money-changing licence.

Update of the Guidelines

On 26 July 2024, the Guidelines were revised to include, among other things, the following new licensing application requirements for a PS provider:

• Legal Opinion Requirement: An applicant for the following types of applications must submit a legal opinion:
  • All applications for a new SPI licence or MPI licence; and
  • Applications to vary the existing SPI or MPI licence to add a DPT service.

• External Auditor’s Independent Assessment: The following persons must appoint a qualified independent external auditor (“External Auditor“) to perform an independent assessment of their policies, procedures and controls in the areas of AML/CFT and consumer protection:
  • New applicants intending to provide DPT services; and
  • PS Act licensees intending to vary their licences to add DPT services.

• External Audit Attestation: On 4 April 2024, the PS Act was revised to cover the following new activities within the purview of DPT services under the PS Act. As a result, persons who are conducting these activities are regulated under the PS Act and subject to AML/CFT requirements, user protection and financial stability requirements imposed by the MAS. Entities that have notified the MAS that they are carrying the following activities pursuant to the transitional arrangements provided under the PS Act[1] (“Notified Entities“) must submit an external auditor’s attestation as prescribed in the Guidelines before 4 January 2025. In the attestation, an external auditor is required to sign off on the applicant’s business activities and compliance with AML/CFT and user protection requirements.
  • Virtual asset service providers (VASPs) who are conducting the following services:
    • Provision of custodian wallet services for DPTs;
    • Transmit of DPTs (including arranging for the transmission of DPTs); or
    • Active facilitation of the buying or selling of DPTs without possession of monies or DPTs.
  • Service providers that facilitate cross-border money transfers between entities in different countries even if monies are not accepted or received in Singapore.

A summary of the new licensing application requirements relating to legal opinion and external auditor’s independent assessment is set out below.

Legal Opinion Requirement

The legal opinion should:

• be issued by a law firm that has experience advising on the PS Act in Singapore;
• include a clear and concise summary of the applicant’s business model; and
• include an assessment of whether the applicant’s proposed services and/or products are regulated payment services under the PS Act.

The MAS may request for a second legal opinion if the initial legal opinion is unclear.

External Auditor’s Independent Assessment Report

Key requirements with regard to the External Auditor’s independent assessment report include:

• Selection of External Auditors: Applicants are responsible for appointing a suitably qualified External Auditor and may choose more than one to assess different areas. The Institute of Singapore Chartered Accountants provides a list of potential auditors, but the MAS does not endorse any and selection is not limited to this list.
• Assessment Report Must be Current: The External Auditor’s assessment report should be signed off within the last three months from the application date.
• Preparation for Assessment: Applicants should prepare relevant information, such as their business plan and AML/CFT and consumer protection policies, before engaging an External Auditor. The documents reviewed must be the same version as those submitted in the application.
• Auditor Independence: External Auditors must maintain independence and avoid conflicts of interest during the assessment.
• Declaration by Auditors: External Auditors must submit their contact details, track record, and experience via an online form and include a declaration on how the audit was conducted and their experience and expertise.
• Post-Approval Requirements: If an applicant receives in-principle approval, they must appoint an independent External Auditor to assess their Technology and Cybersecurity risk policies, procedures and controls.

The MAS reserves the right to require a re-assessment by another External Auditor if there are concerns about the quality or comprehensiveness of the initial assessment. For further details on the assessment scope and External Auditor criteria, refer to Appendix 6 of the Guidelines.

Notified Entities are not subject to the External Auditor’s independent assessment report.

Rules of Engagement During Application Process

The MAS has also set out various rules of engagement which applicants should bear in mind during the application process. The full details are set out in Appendix 5 of the Guidelines. Some of the key details (although not exhaustive) include the following:

• Applicants should always ensure that their applications meet the admission criteria as set out in the Guidelines, and contain the necessary information as required in Appendix 3 of the Guidelines before submitting the applications. Where submissions are assessed as grossly incomplete or significantly deficient, the MAS reserves the right to reject the applications;
• Applicants must proactively and fully disclose all material information without any suppression to the case officer in a timely manner;
• Applicants should provide responses to the MAS’ queries in a timely manner, but may inform the case officer in advance should they require more time. The MAS highlighted the importance of balancing timeliness considerations against the need to provide an adequate and comprehensive response, as failing to provide a satisfactory and comprehensive response would result in unfavourable consideration of its application;
• After the initial review, the MAS case officer will arrange for an interview with the applicant’s key management personnel and/or the compliance officer. The MAS highlighted that the interview is a key determining factor in the MAS’ assessment of the application;
• During the application process, if there are significant/major changes to an application, such as corporate restructurings, substantial changes to key management personnel (e.g. Chief Executive Officer, Chief Financial Officer, Chief Risk Officer, or Chief Compliance Officer), or material variations in the business model/activities, the MAS may place the application on-hold if the changes are such that the application will not be sufficiently ready for review until the changes are completed/resolved (for a default period of six months which is not extendable), or if more than six months are required, require the applicant to withdraw and resubmit its application.

Further Information

Please click on the links below for more information:

• MAS “Guidelines on Licensing for Payment Service Providers” revised on 26 July 2024
• MAS “Guidelines on Licensing for Payment Service Providers [PS-G01] (Amendment)“

If you have any queries on the above developments, please feel free to contact our team members below who will be happy to assist you.

[1] The Payment Services (Amendment) Act 2021 (Saving and Transitional Provisions) Regulations 2024