Singapore’s Payment Services Act 2019 (“PSA”) was passed at the start of this year and will soon come into full effect at the end of this year.
In doing so, the PSA will:
- repeal and replace the Payment Services (Oversight) Act, as well as the Money-Changing and Remittance Businesses Act; and
- bring into place a new regulatory regime for the licensing and regulation of payment service providers and the oversight of payment systems
This article sets out key points about the PSA, and, further, discusses four key points that must be appreciated to tackle compliance.
An overview of the PSA
The PSA was passed with an intention of introducing an activities-based regulatory framework for payment services.
The PSA was passed in response to developments in the industry, particularly the emergence of “third party providers” (“TPPs” in the plural and “TPP” in the singular) in the payment services industry. TPPs are non-traditional participants who compete with traditional participants or payment service providers (“PSPs” in the plural and “PSP” in the singular) in certain segments or in new services. Local examples of TPPs include Razerpay, Alipay, and Grabpay.
Key issues arising from the entry of these TPPs which the PSA seeks to address are:
- Unlike traditional PSPs, the TPPs may not have standards and approaches that execute payment services in a way that reduces anti-money laundering / countering financing of terrorism, technology risks, or risks to consumer funds.
- As more TPPs enter the market, there is a need to provide a more sophisticated licensing and regulatory regime, one that differentiates risks against specified activities.
A central component to the PSA is a fine-tuned classification of payment services and a corresponding activities-based licensing regime, which allows for specific rules to apply to each type of service and bring focus to the applicable regime.
The payment services classifications
There are nuances in the wording and definitions (which is beyond the scope of this article), but the PSA broadly divides payment services into the following categories:
- Account issuance services;
- Domestic money transfer services;
- Cross border money transfer services;
- Merchant acquisition services;
- E-money issuance;
- Digital payment token services; and
- Money changing services.
Equally important are context-specific exclusions from the scope of payment services, and these are not only set out in Part 2 of the First Schedule, there are also nuances and exclusions that can be inferred from definitions and other provisions in the PSA.
It is also significant that this is the first “hard” law which explicitly tackles the application of cryptocurrencies as payment tools (specifically in the concept of “digital payment token services”) – an acknowledgment of the growth of blockchain / distributed ledger based solutions in the arena of payment services.
Risks that the PSA is intended to address
The revised regulatory regime will help the Monetary Authority of Singapore (“MAS”) calibrate risks in the following areas:
- Money-laundering and terrorism financing;
- User protection;
- Interoperability; and
- Technology risks.
This in turn allows MAS to put in place frameworks which are appropriate to each type of payment services.
For example, account issuance service TPPs may face more risk in money-laundering and terrorism financing, whereas this risk may not be as prevalent in merchant acquisition services. User protection, in terms of safeguarding funds in transit or safeguarding a float may be less of an issue for money changers than it would be for fund transfer services or e-money services.
Three things about responding to this new regime
First: Re-examine your products & solutions
“The PSA is a progressive legislative response to the evolving payment services landscape, and is very much welcomed,” says Phyllis Yan, Head, Legal & Compliance NETS. “But it does mean you need to be familiar with your business products and solutions and be disciplined about following up with regulatory requirements”
NETS, short for Network Electronic for Electronic Transfers, is one of Singapore’s largest PSPs.
Ms Yan goes on to say:
“When tackling the application of the PSA to your business, there is no substitute for knowing your business and understanding the intricacies of how your products and services are addressed in the framework of the Act. Break everything down and think through the provisions. It is well worth the investment to take an external view as well, for a fresh perspective.”
A fresh perspective is indeed important. Though there is some continuity between the previous superseded legislation, there are key differences. It may not be strictly business as usual. Regulatory mapping can be enhanced with an alternative perspective.
Second: It is about bridging details
A short anecdote will explain the next point. One client was dealing with the operational implementation of a merger – seldom (if ever) a simple exercise, and one in which there is much more than meets the eye, but one grateful client had this to say about how their trust was won:
“You had me at ‘car park contracts.’”
The point is that the operational impact of any new arrangement requires detail at many levels, ranging from high-management view, middle-management detail, and on-the-ground operational focus. In that anecdote, the merger meant catering to nitty gritty such as consolidating car park space allocation in a building occupied by both merging businesses.
In the different levels of focus each tier brings, it is quite possible for a layer of detail to escape notice, and gap arises. Bridging the gap is important.
In the context of the PSA, bridging the gaps requires attention. Payment services are not necessarily easily slotted into the categories under the PSA. Linkages between activities, the way services are deployed or set up, processes conducted in silo-ed functions – these are all areas which, without sufficient co-ordination and a consistent view, could fall through the cracks.
Third: Know the History
Payment services have gone through a long evolution, and it would be wrong to overlook the history and context behind any industry development when thinking through issues under the PSA.
Take the example of e-money services. As covered elsewhere (this article is dated, but it does cover a part of the evolutionary journey of “e-money”), the evolution of payment systems have long challenged the very notion of money (fiat currency).
The PSA’s latest position on e-money issuance services is only the latest regulatory instalment in a long evolution of electronic payment services.
There will be junctures in your compliance journey where the interpretation of the PSA or subsidiary regulations may raise questions. Where so, having a full knowledge of what preceded the PSA, and how the industry has evolved over time, can provide crucial context in interpreting the provisions.
Past is prologue, and context is king.
Businesses grow organically and their complexities often reflect, and even institutionalise, past wisdom and mistakes, strengths and weaknesses. Legal counsel need to grasp the nuances of running a business and know how that business got to where it is. Additionally, regulatory compliance requires a nose for detail and a sense for what might go wrong or what might go right. The best counsel have what can probably be termed as “business empathy”.
It is this business empathy that will be part of the PSA compliance journey. Invariably there will be some refining of business process, or tightening up of disciplines.
As subsidiary legislation, guidelines, and the notices under the PSA are incrementally rolled out, counsel will need a steady “tuned-in” vision to how the business could achieve compliance and where things could go wrong, knowing what the business can achieve, and what it cannot.