Singapore’s MAS seeks expanded powers

The Monetary Authority of Singapore has issued a proposal seeking new powers to regulate crypto-asset providers and cybersecurity risks, and to expand its ability to issue prohibition orders.

MAS issued the proposals in a consultation paper on 21 July.

The consultation proposes a new omnibus bill, which would move existing statutory provisions governing MAS’s regulatory oversight powers into a single statute.

It would give MAS new powers to regulate virtual asset service providers created in Singapore for anti-money laundering and countering the financing of terrorism (AML/CFT) purposes, and harmonise its powers to impose requirements on technology risk management and issue prohibition orders (POs).

It also adds to Singapore’s dispute resolution framework for financial services providers, by granting a liability shield for mediators, adjudicators and employees of dispute resolution operators.

MAS’s current powers to issue POs against individuals for misconduct, barring them a range of activities in the financial sector, only exist in three statutes – the Securities and Futures Act, Financial Advisers Act, and the Insurance Act. The regulator says this means it cannot prohibit individuals regulated under other acts, including the Banking Act, “even if they have committed serious misconduct in the financial industry”.

It proposed introducing a “harmonised and expanded” power to issue POs, and also reduces the various criteria currently available for a PO down to a single “fit and proper” test. MAS says its new POs would be analogous to those issued by its counterparts in the UK and Australia.

MAS also laid out its case for new powers to mitigate the AML/CFT risks from cryptocurrencies and other virtual asset service providers (VASPs). The changes would implement recent guidelines issued by the Financial Action Task Force (FATF), the intergovernmental body tasked with setting global AML/CFT standards.

The new FATF standards require VASPs to be licensed or registered in the jurisdictions where they are created – avoiding regulatory ambiguity for entities incorporated in one jurisdiction but operating in others.

MAS says that many VASPs’ operating models do not “fall neatly” within many jurisdictions’ criteria to determine regulatory capture. The updated FATF standard “provides a new bright line based on where the VASP is created”, it says.

The expansion of MAS’s cybersecurity oversight powers, meanwhile, would allow it to target systems posing contagion cyber risks even if they do not directly support regulated activities. It would also increase the maximum penalty MAS can impose for breaching cybersecurity risk requirements to S$1 million (US$710,000).

“These reforms are particularly timely,” Allen & Gledhill partner Adrian Ang tells GBRR. He says the expansion to MAS’s power to issue POs is a “good idea”, and says the new “fit and proper” criteria is suitable. “If you’re not a fit and proper person to be doing the activity, you shouldn’t be doing it.”

Ang says the reforms to VASP oversight correct a potential “lacuna” in the current framework. “The concern is that you could be in a situation where a digital token service provider is incorporated in Singapore, but all their digital token activities, which would otherwise be regulated in Singapore, are conducted overseas,” he says.

“If it turns out that you fall between the cracks and are not regulated in any jurisdiction but represent to your customers that you are a Singapore entity, there might be a misconception that you are in fact regulated in Singapore. That is not good for Singapore – we have earned a reputation as a well-regulated jurisdiction, and we wouldn’t want such reputation to be adversely affected.”

Lena Ng, partner at Clifford Chance in Singapore, says the proposal is "in a way not a complete surprise". She says that while MAS has recently issued a number of POs against individuals for serious misconduct, the new act "will allow for a more harmonised approach".

She adds that the consultation's proposals for enhanced regulation of VASPs follow proposals MAS made in December to amend the Payment Services Act in line with FATF standards applicable to digital payment token service providers. "I think this shows how important it is for legislation to be introduced that will allow Singapore's regulatory framework to be in line with the FATF standards," she says.

The consultation is open until 20 August.

Get unlimited access to all Global Banking Regulation Review content