The Monetary Authority of Singapore (MAS) recently published its “Guidelines on Licensing for Payment Service Providers.” This crucial document clarifies the rules for businesses operating under the Payment Services Act 2019 (PS Act). Consequently, anyone involved in Singapore’s dynamic payments sector must understand these guidelines thoroughly. This article breaks down the essential requirements for obtaining and maintaining a payment service provider licence.
Understanding the Scope: Who Needs a Licence?
First and foremost, the PS Act mandates licensing for any entity providing specific payment services within Singapore. These services cover a wide range, including account issuance and e-money issuance. Additionally, they encompass domestic and cross-border money transfers, merchant acquisition, and money-changing. Furthermore, the increasingly important digital payment token (DPT) services fall under this regulatory umbrella. Therefore, if your business touches any of these seven areas, you likely need a licence unless specific exemptions apply.
Choosing the Right Licence Type
MAS offers three distinct licence categories tailored to different business scopes. For businesses focused solely on currency exchange, the Money-Changing (MC) licence is appropriate. However, if you plan to offer other payment services below certain transaction thresholds, you should apply for the Standard Payment Institution (SPI) licence. For larger operations exceeding these thresholds, the Major Payment Institution (MPI) licence becomes necessary. Importantly, businesses must apply for a variation if they wish to add services or change their licence type later.
Meeting the Stringent Admission Criteria
MAS sets high standards for applicants seeking a licence. Potential licensees must demonstrate robust governance structures and clear ownership. They must also register with ACRA, Singapore’s business registrar. Equally important is the “fit and proper” test, which applies to the company, its key personnel, and significant shareholders. Furthermore, key individuals need relevant industry experience and regulatory knowledge.
Applicants must also establish a permanent place of business in Singapore. This office needs secure record-keeping and staff available to handle customer queries. Financial stability is another critical factor; SPI and MPI applicants must meet specific base capital requirements. Moreover, MPI applicants need to provide financial security, like a cash deposit or bank guarantee, before starting operations.
Compliance, Risk Management, and Audits are Key
Beyond the basics, MAS scrutinizes an applicant’s operational readiness. You must present solid plans for compliance arrangements, ensuring adequate resources are allocated. For businesses offering online services, completing penetration testing before licensing is mandatory to address technology risks. Applicants also need clear plans for independent audit arrangements to meet ongoing statutory requirements. In some cases, MAS might request additional assurances, such as letters of responsibility from parent companies.
The Application Process: What to Expect
Once you confirm eligibility, the formal application begins with submitting Form 1 and paying the relevant fees. A comprehensive Business Plan is central to the application. This plan should detail your business model, target customers, services, funds flow, and implementation strategy.
Critically, new SPI and MPI applicants usually need a Legal Opinion from a Singapore law firm. This opinion assesses whether the proposed activities constitute regulated payment services under the PS Act. Additionally, applicants intending to offer DPT services must submit an External Auditor’s Independent Assessment. This report evaluates the robustness of AML/CFT and consumer protection controls, ensuring readiness from day one.
Staying Compliant: Ongoing Obligations
Obtaining a licence is just the beginning; maintaining it requires continuous effort. Licensees must rigorously adhere to all AML/CFT requirements, submitting periodic regulatory returns as mandated. Furthermore, compliance with the Notice on Cyber Hygiene is essential for all licensees. Those dealing with DPT services face additional obligations under the Notice on Technology Risk Management.
Licensees must also follow strict business conduct rules. These cover safeguarding customer funds, maintaining transaction records, providing receipts, and ensuring timely fund transmission. Finally, licensees must appoint an auditor annually and submit audit reports to MAS, demonstrating ongoing compliance.
In Conclusion: Fostering Trust in Singapore’s Payment Ecosystem
MAS’s detailed guidelines underscore Singapore’s commitment to a secure and well-regulated payment services landscape. While the requirements are comprehensive, they ultimately aim to protect consumers and maintain financial stability. Therefore, prospective and current payment service providers must diligently follow these guidelines. This ensures they operate responsibly within Singapore’s thriving fintech environment.
If you have questions about Payment Service Providers, our team is here to assist. Contact the Raffles Corporate Services team at [email protected]
Yours sincerely,
The editorial team at Raffles Corporate Services