Monetary Authority of Singapore (MAS) Guidelines: Understanding the Implications for Blockchain Payment Service Providers

The Monetary Authority of Singapore (MAS) is phasing out its previous regulatory regime for payment services, making it necessary for payment service providers to adjust their risk management systems, AML/CTF measures, consumer protection standards, and reporting practices in line with the new rules. This article provides a comprehensive outline of the relevant compliance actions and key dates for affected stakeholders, such as stablecoin issuers and blockchain payment facilitators.

New Compliance Requirements for Payment Service Providers in Singapore

Singapore’s apex financial regulatory body has reinforced its stance on digital resilience and effective consumer protection by phasing in a fresh set of rules that affect designated payment service providers in the country. Among the affected entities, specific requirements have been laid out for digital payment token (DPT) providers, domestic money transfer (DMT) providers and cross-border money transfer (CBMT) providers.

Phase 2 of the Singapore payment services regime will see a fresh roster of regulations taking effect between May 3, 2024 and January 3, 2025. These new rules include:

• Amendments to the Payment Services Act
• Payment Services Act Regulations
• Guidelines for Digital Payment Token Service Providers
• Payment Services Notice (PSN) 01
• Payment Services Notice (PSN) 02
• Payment Services Notice (PSN) 04
• Monetary Authority of Singapore (MAS) Notice FSM-13
• Payment Services Notice (PSN) 07
• Payment Services Notice (PSN) 08

A provider is deemed to be affected by the new scope of regulations (“Affected Person”) where the following criteria are met:

• It provides a service under any of the New Scopes; and 
• It is not currently licensed or exempted under the Payment Services Act, nor operating under the Payment Services (Exemption for Specified Period) Regulations 2019 as an exempt entity (“Existing Notified Entity”), in respect of the payment service that relates to the New Scope.

Timeline of Key Dates and Actions for MAS Compliance

MAY 3, 2024

Payment service providers in Singapore may wish to provide or carry on services that fall within the scope of the new regulations. The deadline to give notice to the MAS of their intent to provide such services was set for May 3, 2024.

OCTOBER 3, 2024

Entities relying on temporary exemption must submit their license applications no later than October 3, 2024. The application procedure varies depending on whether or not the applicant is an existing Payment Services Act licensee.

OCTOBER 4, 2024

Amendments to the Payment Services Regulations and Guidelines will take effect on October 4, 2024. This introduces a new set of standards on consumer protection by DPT service providers, including:

• A model for assessing and valuing Digital Payment Tokens (DPTs)
• Policies and procedures to opt-in Accredited Investors (AIs)
• Disclosures and acknowledgements from non-retail clients for staking/lending

The amendments also create new obligations for both licensed and exempt DPT service providers to safeguard consumers, including:

• Evaluating safeguarding providers and establishing terms and conditions
• Providing disclosures on safeguarding and statements of accounts to customers
• Implementing systems and controls for safeguarding of assets
• Developing a policy to manage conflicts of interest

The amended version of the PSN07 Notice on Conduct also becomes enforceable on this date. This notice is applicable to all PSA license holders from January 1, 2025.

NOVEMBER 6, 2024

Digital token payment service providers (DPTSPs) will be required to comply with the new Technology Risk Management measures outlined in the new Monetary Authority of Singapore (MAS) Notice FSM-N13. This includes a mandate for DPT providers to ensure operational resilience of critical systems, as well as to comply with specific reporting obligations.

JANUARY 1, 2025

Amendments to the PSN04 Notice on Regulatory Returns take effect on January 1, 2025. This notice is applicable to all PSA license holders from January 1, 2025.

JANUARY 3, 2025

Affected persons are required to submit an attestation report duly completed by an external auditor that meets the following minimum criteria:

• The external auditor must be a company, firm or limited liability partnership approved or deemed to be approved as an accounting corporation, accounting firm or accounting limited liability partnership, respectively, under the Accountants Act (2004);
• This external auditor must have made at least one report in respect of a reasonable assurance audit conducted on a financial institution regulated or authorised by MAS; 
• The specific partner of the external auditor must be an individual who is registered or deemed to be registered under the Accountants Act (2004) as a public accountant; and 
• This specific partner must have conducted at least one reasonable assurance audit on a financial institution regulated or authorised by MAS.

It is advisable for Affected Persons to engage external auditors early in order to ensure there is sufficient time for the assessment to be completed. The deadline for this key compliance action is January 3, 2025.

Mitigating Technological Risks with FailSafe

Technology risk considerations are a key component in Phase 2 of the Singapore Payment Services Regime. In order to remain compliant, blockchain payment service providers must put in place risk management systems and controls to safeguard customers’ assets. Payment service providers, such as stablecoin issuers and blockchain-enabled payment facilitators now need to implement enterprise-grade security and monitoring systems that meet the regulatory standards.

Amidst these regulatory shifts, FailSafe occupies a strategic position as a cybersecurity partner equipped to assist entities in complying with the new Monetary Authority of Singapore requirements. We are the only blockchain security provider offering holistic security and real-time threat response against exploits, hacks, and suspicious activities as they’re happening.

Currently protecting over $300M in digital assets, FailSafe closely collaborates with the Singapore government and stablecoin issuers to stop exploits in real-time, preventing total loss of funds and de-pegging events. Our modular tools supercharge the security of blockchain enterprises with cutting-edge capabilities like smart contract defence, fraud detection and internal risk scoring, programmable multi-sig wallet security, SDK integrations, advanced threat intelligence, and recovery of at-risk crypto assets.

Download our free mini-guidebook to navigating the new regulations for Singapore payment service providers.

Disclaimer: Any details provided in this publication are for educational and informational purposes only. This does not constitute legal or financial advice in any way, shape, or form.