Crypto AML - Singapore take action
On 2 November, the Singaporean government introduced its Payment Services (Amendment) Bill to the national parliament designed to expand the scope of AML/CFT laws and regulations for VASPs in the jurisdiction.
The bill is intended to bring Singapore into line with changes agreed by the international AML/CFT standard setter, the Financial Action Task Force (FATF), made in June 2019.
Under the current Payment Services Act (PSA), passed in January 2019, a financial services provider that provides payment services in Singapore needs a license endorsed by Singapore’s central bank and financial regulator, the Monetary Authority of Singapore (MAS). The business is also required to follow MAS-issued AML/CFT guidelines.
The PSA mentions VASPs (or what it calls ‘Digital Payment Token’ (DPT) service providers, a roughly equivalent term), and under the current rules, those dealing in VAs or facilitating their exchange are covered. But gaps and ambiguities remain in the original legislation, especially over whether it covers activity that facilitates VA trade, but does not involve their direct possession or handling by an entity based in Singapore. The new bill tackles this and other issues, and under its proposed terms, the following areas of activity will be explicitly covered:
- The transfer of VAs;
- The provision of custodian wallet services for VAs; and
- The facilitation of the exchange of VAs withoutpossession of moneys or VAs by the VASP.
The new bill also seeks to broaden the definition of ‘cross-border money transfer services’ to include businesses that facilitate cross-border money transfers between originators and beneficiaries in different countries, without the funds flowing through, or being received in, Singapore.
The bill also notes that “the DPT sector continues to evolve,” and that “the development of new DPTs, including stablecoins, could lead to user adoption of some DPTs gaining traction quickly.” As a response, the bill will empower MAS to implement new measures without parliamentary action, and would provide the regulator with tools to impose customer protection measures or launch enforcement actions which it deemed to be in the public interest, or the stability of the financial system in Singapore.
The bill appears unlikely to be controversial, and could pass the Singaporean legislature within a few months. This would follow the example of the original PSA, which was introduced in November 2018, and enacted two months later.
Such a speedy outcome would reflect Singapore’s desire to be seen as a world leader in financial innovation, in what has become a highly competitive arena. The jurisdiction’s government has stated that it will make Singapore an “electronic payments society,” but in the most recent FinTech Index of the Global Financial Centres Index (GFCI), released in September 2020, the jurisdiction had fallen from fifth to ninth place behind the Chinese city of Guangzhou.
The reasons for the city-state’s decline in precedence in the index are multiple, but there continue to be concerns about the quality of AML/CFT implementation at a firm level.
A recent report from crypto threat intelligence CipherTrace identified Singapore as one of the three jurisdictions along with the US and UK, with the highest number of VASPs with CDD/KYC controls judged to be “weak or porous.”
The report noted that “although these regions host a higher volume of VASPs in general, the large count of VASPs in these countries that require little to no KYC demonstrates the ease and volume of potential off-ramps for money launderers.”
Singapore’s move to update its laws on VASPs reflect the increasing seriousness with which leading governments and regulators are taking the potential AML/CFT risks around cryptocurrencies and other VAs, as also noted in our European story above. The critical element is the addition of greater powers for MAS in the area, which recognises how quickly the sector is moving, and the need for agile responses without recourse to legislative processes. This suggests that MAS is going to become even more proactive around VAs and VASPs in the near future.
Although this is good news – regulatory clarity and a ‘clean’ market always nurture growth – it should also indicate to those providing VA services in the jurisdiction that they need to be ready for a tougher and more intrusive approach. If CDD/KYC problems are as widespread as the recent CipherTrace report suggests, that means taking action now.