How FailSafe Can Be Your Trusted Partner in AML/CFT Compliance for Web3 (Singapore)

FailSafe is a comprehensive security and compliance solution for blockchain enterprises. By aligning closely with MAS regulatory requirements, FailSafe assists currently licensed companies and those seeking licensing in meeting their AML/CFT compliance needs effectively.

The digital payments arena is increasingly being regulated. Ensuring compliance with anti-money laundering (AML) and counter-financing of terrorism (CFT) regulations is now non-negotiable for blockchain enterprises. 

In Singapore for instance, the Monetary Authority of Singapore (MAS) has recently on 2 April 2024, announced the introduction of amendments to the Payment Services Act (PS Act) and its subsidiary legislation to expand the scope of payment services regulated by MAS, and to impose user protection and financial stability-related requirements on digital payment token (DPT) service providers. These amendments will take effect in stages from 4 April 2024.

Understanding FailSafe Protocol

FailSafe Protocol offers a comprehensive suite of security tools—FailSafe Radar, FailSafe Guard, and FailSafe Interceptor—that not only bolster security but also facilitate compliance with MAS regulatory requirements.

In a recent event hosted at Amazon Web Services in Singapore, Jesslyn Zeng, FailSafe’s Head of Growth, presented a framework for how Web3 enterprises and projects could utilize FailSafe to facilitate their compliance needs in accordance with MAS guidelines.

How FailSafe Works

FailSafe Protocol is a blockchain security protocol that provides composable security for Blockchain Enterprises through three primary tools:

• FailSafe Radar: AI/ML-powered threat detection and real-time intelligence to mitigate AML/CFT issues.

• FailSafe Guard: Multi-sig and configurable policies for robust smart contract and blockchain native token protection.

• FailSafe Interceptor: Automated, low-latency responses to thwart attacks in real-time.

Defense-in-depth achieved through 3 core security tools: FailSafe Radar, FailSafe Guard, and FailSafe Interceptor

Aligning with MAS Notice PSN02

MAS Notice PSN02 outlines the requirements for digital payment token (DPT) service providers regarding AML/CFT compliance. FailSafe Protocol’s tools are designed to meet these requirements effectively.

FailSafe Radar: Supporting AML/CFT Efforts

The primary focus of FailSafe Radar is on compliance and risk management. It provides a risk score for any given wallet address, supporting AML/CFT efforts by identifying high-risk activities. Key areas where Radar aligns with MAS guidelines include:

• Risk Assessments and Policies (Notice Section 4): It helps to identify potential risks associated with wallet addresses by assigning risk scores based on transaction history and other relevant factors.

• Ongoing Monitoring (Notice Paras 6.25 to 6.33): By continuously evaluating wallet addresses and their activities, it assists in detecting suspicious transactions and flagging potential AML/CFT concerns.

• Internal Compliance Support (Notice Section 13): It supports internal compliance teams by providing data and insights necessary for audits and training on AML/CFT best practices.

FailSafe Guard: Ensuring Robust AML/CFT Protection

FailSafe Guard is designed to protect smart contracts and blockchain-native tokens, meeting several MAS requirements for securing customer assets:

• Configurable Policies: Firms can set and enforce specific rules such as time-based constraints, whitelists, and transaction policies, aligning with MAS’s requirements for identifying and periodically reviewing suspicious transaction patterns.

• Geofencing and Device Intelligence: Its geofencing prevents transactions from high-risk areas, and its device intelligence assesses device risk levels before allowing transactions, enhancing monitoring for high-risk scenarios.

• Smart Contract Access Control: It protects smart contracts from unauthorized access through user-defined policies, ensuring transaction security and compliance with MAS’s risk management tools.

FailSafe Interceptor: Automated Threat Response

FailSafe Interceptor provides real-time threat responses, ensuring rapid action against suspicious activities, thus fulfilling several MAS requirements:

• Automated Threat Response: It monitors transaction feeds and counters malicious transactions with protective actions, meeting MAS requirements for rapid response to suspicious activities.

• Visibility and Dedicated Contracts: By monitoring all types of transactions and providing dedicated smart contracts, Interceptor ensures thorough oversight and clear audit trails, complying with value transfer requirements.

• Self-Custody Security: It secures funds through approvals to self-custody smart contracts and enterprise-level encryption, addressing risks associated with unhosted or unregulated wallets as outlined by MAS.

FailSafe Radar: Fraud and Internal Risk Scoring

FailSafe Radar helps to monitor and address the risk of on-chain fraud—a red flag for AML/CFT systems. It can be further developed to enhance its compliance capabilities:

• Customer Due Diligence (CDD) (Notice Section 6): It can perform CDD on a wider range of transactions and integrate with other tools to verify user identities associated with wallet addresses.

• Simplified CDD (Notice Section 7): Implementing features to streamline the CDD process for lower-risk scenarios, making it easier for compliance teams to manage.

Enhancing AML/CFT Compliance with MAS Guidelines

FailSafe Protocol’s tools are designed to help DPT service providers comply with specific sections of MAS Notice PSN02 and related guidelines:

• 3.4.5 to 3.4.7: Require risk management tools to safeguard customer assets.

• 3.4.5: Specifically mentions controls to secure the storage and transmission of customer assets, which FailSafe’s multi-party computation and key management processes address 

FailSafe assists currently licensed companies and those seeking licensing in meeting their compliance needs effectively by aligning closely with MAS regulatory requirements. By integrating FailSafe’s suite of modular tools tools, digital payment token service providers can ensure robust security measures, ongoing risk management, and rapid response to threats all at once, thereby enhancing their overall compliance posture.

Download our free mini-guidebook to navigating the new regulations for Singapore payment service providers.

Disclaimer: Any details provided in this article are for educational and informational purposes only. This does not constitute legal or financial advice in any way, shape, or form.