FINTECH 2024
SINGAPORE
FINTECH LANDSCAPE AND INITIATIVES
General innovation climate
- What is the general state of fintech innovation in your jurisdiction?
Singapore provides a conducive fintech ecosystem with supporting regulations, customer demand, strong investments and the potential for high returns. The government considers a vibrant fintech sub-sector key to Singapore’s vision for a Smart Financial Centre – a subset of the Smart Nation initiative.
According to a survey by FinTech Global, funding in Singapore’s fintech sector reached a total of S$2.4bn in 2022, albeit a 29 percent decline from 2021. Nevertheless, Singapore saw their most active year for fintech in 2022 with 232 deals raised by Singaporean companies (representing a 12 percent increase in 2022), which has set a new record for the country.
Based on the Innovation page of the Monetary Authority of Singapore (MAS), there are currently more than 1,000 fintech start-ups operating in Singapore, and there are more than 40 innovation labs in Singapore. The Singapore FinTech Association, the industry association, has enabled the development of the ecosystem by facilitating collaboration between market participants and stakeholders. There are various grants for start-ups looking to start a business in Singapore.
Government and regulatory support
- Do government bodies or regulators provide any support specific to financial innovation? If so, what are the key benefits of such support?
MAS is a member of the Global Financial Innovation Network (GFIN), which was formally launched in January 2019 by an international group of financial regulators and related organizations. The GFIN is committed to supporting financial innovation in the interests of consumers and helping innovative firms navigate between countries as they look to scale new ideas. A cross-border testing pilot program was launched in 2019 to allow firms to simultaneously trial and scale new technologies in multiple jurisdictions, gaining real-time insight into how a product or service might operate in the market.
As of March 2023, MAS had signed 36 fintech cooperation agreements with other countries, including Abu Dhabi, Australia, China, Canada, France, the United Kingdom and the United States, to foster closer cooperation on fintech and to promote innovation in financial services in their respective markets.
MAS released a consultation paper on 14 November 2018 to propose the creation of predefined sandboxes, known as Sandbox Express, to complement the existing FinTech Regulatory Sandbox launched in 2016. The proposed predefined sandboxes would enable firms to embark on experiments more quickly without needing to go through the existing bespoke sandbox application and approval process if the intended activities entail risks that are generally low or could be reasonably contained within the specific predefined sandbox with its predetermined boundaries, expectations and regulatory reliefs. Most recently, MAS has introduced Sandbox Plus, which makes three enhancements:
- expansion of eligibility criteria to include early adopters of technology innovation;
- streamlined application with a financial grant for first movers of technology innovation; and
- participation in the Deal Fridays program, a platform for deal-making opportunities. Sandbox Plus has been effective as of 1 January 2022.
MAS has encouraged engagement with the industry and has been open to discussing the support it can provide in forms such as financial support, training and mentorship. In 2016, MAS opened a fintech innovation lab, Looking Glass@MAS, to provide a platform for the fintech community to connect, collaborate, and co-create with one another, and MAS also regularly publishes sets of data as application programming interfaces on its website to encourage and facilitate development of innovative solutions.
In 2015, MAS launched the Financial Sector Technology and Innovation (FSTI) scheme to support innovation initiatives in the finance industry. Under the scheme, MAS set aside S$225 million over five years for the development of fintech, to attract financial institutions to establish their research and development and innovation hubs in Singapore, to support the construction of industry-wide technological infrastructure to deliver innovative integrated services and to catalyze financial institutions to develop creative solutions promoting growth, efficiency and competitiveness. Following overwhelming applications, MAS has supplemented the FSTI scheme with the enhanced FSTI 2.0 scheme by committing an additional S$250 million over three years.
Under FSTI 2.0, MAS will commit S$42 million towards the Regulatory Technology (RegTech) grant scheme and enhancement of the Digital Acceleration Grant (DAG) scheme to accelerate technology adoption in the financial sector. The RegTech grant scheme aims to promote the adoption and integration of technology solutions in the risk management and compliance functions of Singapore-based financial institutions (FIs). Similarly, the Enhanced DAG aims to supplement the existing DAG scheme to be launched in April 2020 to help smaller FIs and fintech firms adopt digital solutions to better cope with the impact of the covid-19 pandemic. In response to the 1,100 applications for the DAG scheme, MAS will commit an additional S$30 million to the DAG scheme. The FSTI 2.0 scheme is valid until March 2023, and MAS plans to provide a third tranche of funding of S$150 million for the next three years with a stronger focus on areas such as AI, analytics, RegTech, Cyber Security and ESG FinTech. More details will be provided by MAS sometime in the first or second quarter of 2023.
MAS, Singapore Fintech Association and AMTD established a S$6 million MAS-SFA-AMTD FinTech Solidarity Grant during the covid-19 period to support Singapore-based fintech companies amid the challenging business climate caused by the covid-19 pandemic. The Grant will help the fintech firms manage their cashflow better, support them in generating new businesses, and provide greater support for fintech firms to pursue growth strategies.
Additionally, MAS has partnered with ASEAN Financial Innovation Network (AFIN), BCG FinTech Control Tower, and Affinidi to launch ChekFIN, a decentralized credentials platform to support partnerships between financial institutions and fintech firms. ChekFIN launched in December 2021 and seeks to enable financial institutions to obtain verified credentials of fintech firms (e.g, business references, awards they have obtained, and investor funding records). These credentials are immutably stored on a blockchain as a golden source of information. Thus far, 10 global financial institutions have already signed up for ChekFIN.
FINANCIAL REGULATION
Regulatory bodies
- Which bodies regulate the provision of fintech products and services?
Generally, the provision of fintech products and services is predominantly regulated by the Monetary Authority of Singapore (MAS), Singapore’s central bank and financial regulatory authority. Particular aspects relating to competition and data privacy issues may be specifically regulated by the Competition and Consumer Commission of Singapore and the Personal Data Protection Commissioner. The Intellectual Property Office of Singapore has also launched a fintech fast-track initiative to expedite the file-to-grant process for fintech patent applications.
MAS has launched various initiatives pertaining specifically to fintech, such as the FinTech and Innovation Group and FinTech Regulatory Sandbox. MAS has also promulgated regulations relating to aspects of fintech. Many payment companies, digital asset exchanges and other fintech ecosystem entities also fall within the scope of the Payment Services Act 2019 (the PS Act), which is regulated by MAS.
Regulated activities
- Which activities trigger a licensing requirement in your jurisdiction?
Depending on the nature and scope of services or products offered, licensing requirements under the Securities and Futures Act 2001 (SFA) or the Financial Advisers Act 2001 (FAA), or both, may apply.
The following activities are regulated under the SFA:
- dealing in capital markets products;
- advising on corporate finance;
- fund management;
- real estate investment trust management;
- product financing;
- providing credit rating services; and
- providing custodial services for specified products.
The following activities are regulated under the FAA:
- advising others, either directly or through publications or writings, and whether in electronic, print or other form, concerning any investment product, other than:
- in the manner set out in (2); or
- advising on corporate finance within the meaning of the SFA; and
- advising others by issuing or promulgating research analyses or research reports, whether in electronic, print or other form, concerning any investment product; and
- arranging any contract of insurance in respect of life policies, other than a contract of reinsurance.
The licensing requirements under the SFA and the FAA have extraterritorial effect. Section 339 of the SFA and section 90 of the FAA provide that where a person does an act partly in and partly outside Singapore, which, if done wholly in Singapore, would constitute an offence against any provision of the SFA or the FAA (as the case may be), that person shall be guilty of that offence as if the act were carried out by that person wholly in Singapore, and may be dealt with as if the offence was committed wholly in Singapore. In addition, section 339 of the SFA also provides that where a person does an act outside Singapore that has a substantial and reasonably foreseeable effect in Singapore and that act would, if carried out in Singapore, constitute an offence under the relevant provisions of the SFA, that person shall be guilty of that offence as if the act were carried out by that person in Singapore, and may be dealt with as if the offence were committed in Singapore.
The activity most relevant to fintech businesses is likely to be ‘dealing in capital markets products’ under the SFA. ‘Dealing in capital markets products’ means (whether as principal or agent) making or offering to make with any person, or inducing or attempting to induce any person to enter into or to offer to enter into any agreement for or with a view to acquiring, disposing of, entering into, effecting, arranging, subscribing for, or underwriting any capital markets products. ‘Capital markets products’ means any securities, units in a collective investment scheme, derivatives contracts, spot foreign exchange contracts for the purposes of leveraged foreign exchange trading, and such other products as MAS may prescribe as capital markets products.
In addition to the above licensing requirements, where a fintech business undertakes banking business, such as receiving money on current or deposit accounts, this business is required to be licensed as a bank by MAS pursuant to the Banking Act 1970 (BA). Similarly, if the fintech business undertakes the business of moneylending or promotes doing so, it will require a license pursuant to the Moneylenders Act 2008 (MLA), unless it is an excluded moneylender or an exempt moneylender.
Since 28 January 2020, the PS Act has come into force. Under the PS Act, where a fintech business carries on a business of providing any type of payment service in Singapore, it must have a license that entitles it to do so in respect of that type of payment service or be an exempt payment service provider with respect to that type of payment service. Each of the following services is a payment service for the purposes of the PS Act:
- account issuance service;
- domestic money transfer service;
- cross border money transfer service;
- merchant acquisition service;
- e-money issuance service;
- digital payment token service; and
- money changing service.
In general, licensing requirements may differ depending on the nature and scope of activities contemplated, and advice should be sought on the specific circumstances of any particular case.
Consumer lending
- Is consumer lending regulated in your jurisdiction?
Under Singapore law, the offering and provision of consumer lending is not distinguished from primary lending. Lending (consumer lending and primary lending) is a regulated activity in the jurisdiction and is governed by the MLA.
The MLA requires that all loans made available in Singapore are by licensed moneylenders or excluded moneylenders. Examples of excluded moneylenders are:
- any person regulated by MAS under any other written law who is permitted or authorized to lend money or is not prohibited from lending money under that other written law;
- any person who lends money solely to his or her employees as a benefit of employment;
- any person who lends money solely to accredited investors within the meaning of section 4A of the SFA of Singapore; and
- any person carrying on any business not having as its primary object the lending of money in the course of which and for the purposes whereof he or she lends money.
Secondary market loan trading
- Are there restrictions on trading loans in the secondary market in your jurisdiction?
The acquisition of a (funded) loan receivable and the holding of that loan receivable does not constitute moneylending unless, following the acquisition, additional loans are extended.
Secondary market loan intermediation is not a regulated activity, provided that it does not involve any lending or deposit taking and provided that loans are not in the form of securities.
Collective investment schemes
- Describe the regulatory regime for collective investment schemes and whether fintech companies providing alternative finance products or services would fall within its scope.
Broadly, ‘collective investment schemes’ are arrangements in respect of any property that exhibit the following features:
- the participants do not have day-to-day control over the management of the property (Control Limb);
- the property is managed as a whole by or on behalf of a manager (Management Limb) or the contributions of the participants, or both, and the profits or income out of which payments are to be made to the participants are pooled (Pooling Limb); and
- the purpose or effect (or purported purpose or effect) of the arrangement is to enable participants to participate in or receive profits, income, or other payments or returns arising from the acquisition, holding, management, disposal, exercise, redemption or expiry of, any right, interest, title, or benefit in the property or any part of the property or to receive sums paid out of such profits, income, or other payments or returns (Purpose Limb).
Previously, it was a requirement that both the Management Limb and the Pooling Limb be satisfied. However, following certain amendments to the laws in October 2018, arrangements can now qualify as a ‘collective investment scheme’ if they fulfil either the Management Limb or the Pooling Limb, or both, in addition to the Control Limb and Purpose Limb.
Generally, unless an exemption applies, it is an offence to make an offer of units in a collective investment scheme to the Singapore public unless the scheme is authorized or recognized by MAS and the offer is made in or accompanied by an SFA-compliant prospectus.
It is possible that certain fintech activities could involve a collective investment scheme where the business concerned is managing assets on behalf of participants who have invested through a fintech platform. Careful analysis of the specific circumstances and the way in which the platform permits investors to participate will be required to determine whether it constitutes a collective investment scheme.
Alternative investment funds
- Are managers of alternative investment funds regulated?
Managing the property of or operating a collective investment scheme or undertaking on behalf of a customer (whether on a discretionary authority granted by the customer or otherwise) is regulated as ‘fund management’ under the SFA if it involves:
- the management of a portfolio of capital markets products; or
- the entry into spot foreign exchange contracts for the purpose of managing the customer’s funds, but not including real estate investment trust management.
Accordingly, unless an exemption applies, managers of alternative investment funds generally require a license to conduct business involving these activities.
Peer-to-peer and marketplace lending
- Describe any specific regulation of peer-to-peer or marketplace lending in your jurisdiction.
There are no specific regulations applicable to peer-to-peer or marketplace lending in Singapore. Fundraising from the public through lending-based crowdfunding, or peer-to-peer lending, is regulated by MAS under the SFA and the FAA. Therefore, such activity might constitute a regulated activity that requires a license, but much will depend on the precise model.
Further, in Singapore, any invitation to lend money to an entity is deemed to be an offer of debentures, which is a type of security. The entity offering the debentures is required to prepare and register an SFA-compliant prospectus with MAS unless an exemption applies.
Crowdfunding
- Describe any specific regulation of crowdfunding in your jurisdiction.
There are specific regulations applicable to crowdfunding in Singapore. These regulations apply to securities-based crowdfunding operators (both equity-based crowdfunding and lending-based crowdfunding).
Generally, securities-based crowdfunding is regulated by MAS under the SFA and the FAA, and would likely constitute a regulated activity that requires a license.
As for lending-based crowdfunding in particular, guidance has been provided under MAS’s FAQ on Lending-Based Crowdfunding (issued on 8 October 2018). While the FAQs do not introduce new rules, the FAQs do clarify the applicability of the SFA or the FAA to lending-based crowdfunding.
If applicable, the SFA would require a lending-based crowdfunder to register a prospectus with MAS, unless exempted. It would only be exempted if the crowdfunding offer is:
- a personal offer (made only to pre-identified persons) of no more than S$5 million within a 12-month period;
- a private placement to no more than 50 investors within a 12-month period; or
- an offer made only to institutional investors, or accredited investors but subject to certain conditions.
These are no unique exemptions and generally exist under the SFA in respect of security offerings.
Separately, if the operator provides financial advice to interested investors, the operator would also need to comply with the requirements of the FAA.
Invoice trading
- Describe any specific regulation of invoice trading in your jurisdiction.
To the extent that an invoice is purchased, without risk of being recharacterized as a loan for the purposes of the MLA, with true sale there is no specific regulation on the buying and selling of invoices. This is common in factoring and invoice discounting arrangements.
However, if invoices are opened to the public and crowdfunded, then depending on the precise nature of the crowdfunding scheme and the manner in which it is carried out (specifically if such invoices are structured as debt securities), then the operator of the trading platform will likely need to abide by the usual provisions under the SFA and the FAA (if applicable).
Payment services
- Are payment services regulated in your jurisdiction?
Payment services include a wide range of activities, such as taking cash deposits, making cash withdrawals, executing payment transactions, issuing or acquiring payment instruments, issuing and administering means of payment, money remittance, making payments sent through the intermediary of a telecoms, IT system or network operator, or even providing stored value facilities.
Since 29 January 2020, seven payment services are now regulated in Singapore under the PS Act:
- account issuance service;
- domestic money transfer service;
- cross border money transfer service;
- merchant acquisition service;
- e-money issuance service;
- digital payment token service; and
- money changing service.
To carry on the business of providing any of the above-mentioned payment services, the entity will require one of three types of licenses: a money-changing license, standard payment institution license or major payment institution license.
Different regulatory conditions apply to each type of license, with the extent of regulatory conditions increasing from standard payment institutions to major payment institutions. For instance, major payment institutions must safeguard customer money with an undertaking by a bank or prescribed financial institution, a guarantee by a bank or prescribed financial institution or segregate customer money in a trust account maintained by a bank or prescribed financial institution. On the other hand, standard payment institutions are not subjected to these safeguarding measures, although they must alert customers so they can make informed decisions.
Correspondingly, each of these licenses authorizes the licensee to conduct different types and transaction volumes of each type of payment service. For example, standard payment institutions may carry on business so long as the monthly transactions for any activity type do not exceed S$3 million, the monthly transactions for two or more activity types do not exceed S$6 million and, where relevant, the total amount of daily outstanding e-money does not exceed S$5 million. In contrast, the quantum limits applicable to standard payment institutions do not apply to major payment institutions.
The PS Act includes provisions to mitigate the risks of loss of customer monies, money laundering and terrorism financing risks, fragmentation and lack of interoperability across payment solutions, and technology risks including cyber risks. MAS has also proposed technology risk management requirements, including cybersecurity risk management guidelines.
Under the Payment Services (Amendment) Bill 2021 passed on 4 January 2021, amendments relating to anti-money laundering and countering terrorist financing (AML/CTF), cross-border money transfer services and digital payment token (DPT) services have been introduced. The scope of DPT services has been significantly increased to address Singapore’s commitment to the Financial Action Task Force standards. MAS has stated that it intends to grant a six-month exemption to entities that are newly regulated under the PS Act, as well as to existing PS Act-licensed entities that have to change their licenses as a result of the amendments.
Open banking
- Are there any laws or regulations introduced to promote competition that require financial institutions to make customer or product data available to third parties?
MAS has published a comprehensive application programming interface (API) playbook in its bid to encourage more banks to participate in open banking. This document outlines and standards framework for:
- API governance;
- API lifecycle governance;
- governance of API risk; and
- regulatory considerations for partner API operating models.
The result of MAS’s push towards open banking can be clearly seen with businesses such as Citibank, DBS, OCBC, Standard Chartered and payments service provider NETS running their own Open API portals comprising over 272 API sets.
MAS has also implemented the Financial Industry API Register, which is updated semi-annually and designed to serve as the initial landing site for Open APIs in the Singaporean finance industry. These APIs fall under the following functional categories:
- product APIs that provide information on financial product details, rates and branch or automatic teller machine locations;
- sales and marketing APIs for product sign-ups, sales or cross-sales and leads generation;
- servicing APIs for managing customer profiles or account details and customer queries or feedback;
- transaction APIs that support customer instructions for payments, funds transfers, settlements, clearing, trade confirmations and trading;
- other APIs for common services, such as authentication, authorization, reporting, market data and compliance; and
- regulatory APIs that enable extraction of data sets related to the financial industry as a whole.
On 14 May 2020, the Personal Data Protection Commission and the Ministry of Communications and Information launched a public consultation paper where it proposed to introduce a new Data Portability Obligation to give individuals greater choice and control over their personal data, prevent consumer lock-in and enable switching to new services. Data portability allows individuals to request an organization to transmit a copy of their personal data to another organization.
Robo-advice
- Describe any specific regulation of robo-advisers or other companies that provide retail customers with automated access to investment products in your jurisdiction.
Robo-advisers and other companies that provide retail customers with automated access to investment products in Singapore are regulated under the SFA or the FAA, or both, and must adhere to MAS’s Guidelines on Provision of Digital Advisory Services (CMG-G02) (the Advisory Guidelines), including the requirement to be appropriately licensed unless they qualify for relevant exemptions.
However, as MAS is keen not to stifle digital innovation, the Advisory Guidelines provide for a lower bar for licensing in certain circumstances. For example, digital advisers that seek to offer fund management services to retail investors will be eligible for licensing even if they do not meet the SFA corporate track record requirements, provided they meet other specified safeguards.
Under the Advisory Guidelines, digital advisers will be exempted from the FAA requirement to collect the full suite of information on the financial circumstances of a client, such as income and financial commitments. This is on the condition that they put in place measures to mitigate the risks of providing unsuitable investment recommendations owing to limited client information.
While MAS is making it easier for digital advisers to set up in Singapore, the business model carries unique risks, such as faulty algorithms and cyber threats. To mitigate these risks, the Advisory Guidelines set out MAS’s expectations for digital advisers to establish robust frameworks to govern and supervise their algorithms, as well as to manage technology and cyber risks.
Insurance products
- Do fintech companies that sell or market insurance products in your jurisdiction need to be regulated?
The marketing and sale of insurance products are regulated under the Insurance Act 1966 and the FAA.
Credit references
- Are there any restrictions on providing credit references or credit information services in your jurisdiction?
Credit bureaus are recognized by MAS under the BA to collect and disclose credit data to their members. On 31 May 2021, the Credit Bureau Act 2016 (CBA) came into effect, under which there is a framework in place to subject credit bureaus to formal supervision by MAS, as credit bureaus collect increasing (and more specifically detailed) amounts of data to facilitate more comprehensive credit assessments by their members. The CBA also allows consumers the right to access, review and rectify their credit records. The provision of credit ratings (opinions primarily regarding the creditworthiness of entities other than individuals, governments or securities) is also regulated under the SFA.
CROSS-BORDER REGULATION
Passporting
- Can regulated activities be passported into your jurisdiction?
No.
Requirement for a local presence
- Can fintech companies obtain a license to provide financial services in your jurisdiction without establishing a local presence?
There is no general approach towards fintech companies, and it depends on exactly what type of financial service is being provided by the company, and the requirements under the corresponding legislation (e.g, Securities and Futures Act 2001, Payment Services Act, Banking Act 1970, et cetera).
SALES AND MARKETING
Restrictions
- What restrictions apply to the sales and marketing of financial services and products in your jurisdiction?
This will depend on many factors, including but not limited to the regulatory status of the financial institution (eg, whether the financial institution is licensed or exempt and the type of license held or exemption being relied upon) and the types of services and products being marketed. Depending on the facts, different rules and restrictions may need to be taken into account, including, for example, clientele restrictions.
Advice should be sought on the specific circumstances of any particular case.
CRYPTOASSETS AND TOKENS
Distributed ledger technology
- Are there rules or regulations governing the use of distributed ledger technology or blockchains?
There are no specific regulations or guidelines in relation to the use of distributed ledger technology (DLT) in Singapore. However, the Monetary Authority of Singapore (MAS), has been encouraging the industry to look at DLT in relation to the financial system in Singapore. For example, in early 2017, MAS announced the successful conclusion of the proof-of-concept project to conduct domestic interbank payments using DLT, and in late 2017, an industry consortium led by MAS and the Association of Banks in Singapore released source codes of successful DLT prototypes publicly to encourage innovation in interbank payments.
The most relevant legislation in respect of DLT and (or) blockchain technology would be the PS Act, under which digital payment token (DPT) service providers (such as traders and exchanges) would require a license.
Cryptoassets
- Are there rules or regulations governing the promotion or use of cryptoassets, including digital currencies, stablecoins, utility tokens and non-fungible tokens (NFTs)?
Generally, whether a particular cryptoasset is regulated, and how it would be regulated, would depend on the nature and characteristics of such cryptoasset. For example, if a cryptoasset is a security, it would likely fall within the scope of the Securities and Futures Act 2001 (SFA); if a cryptoasset is a DPT (such as stablecoins), it would likely fall within the scope of the PS Act.
In many cases, the PS Act applies, which currently regulates the dealing in (buying and selling) DPTs, and facilitating the exchange of DPTs. However, under the Payment Services (Amendment) Bill 2021, which was passed on 4 January 2021 but has yet to come into force, the scope of DPT services will be expanded to capture a few more types of regulated activities in relation to DPTs. In this regard, MAS has stated that any entities that are already carrying on such business activities will be given six months, after the Payment Services (Amendment) Act 2021 comes into force, to make the necessary license applications.
In January 2022, MAS issued guidelines to discourage cryptocurrency trading by the general public. The new guidelines clarify MAS’ expectations that DPT service providers should not engage in marketing or advertising of DPT services:
- in public areas in Singapore such as through advertisements on public transport, public transport venues, public websites, social media platforms, broadcast and print media, or provision of physical automated teller machines; or
- through the engagement of third parties, such as social media influencers, to promote DPT services to the general public in Singapore.
DPT service providers are limited to marketing and advertising their services on their own corporate websites, mobile applications or social media accounts. These guidelines emphasize MAS’ stance that ‘the trading of cryptocurrencies is highly risky and not suitable for the general public’.
Token issuance
- Are there rules or regulations governing the issuance of tokens, including security token offerings (STOs), initial coin offerings (ICOs) and other token generation events?
There are no specific rules or regulations governing the issuance of digital tokens per se. Whether a particular cryptoasset is regulated, and how it would be regulated, would depend on the nature and characteristics of such cryptoasset. In the case of security token offerings, the SFA would apply where such digital tokens are security tokens, which would likely give rise to a licensing obligation and (or) the need to register a prospectus.
ARTIFICIAL INTELLIGENCE
Artificial intelligence
- Are there rules or regulations governing the use of artificial intelligence, including in relation to robo-advice?
Strictly speaking, there are no hard rules or regulations specific to artificial intelligence (AI). However, the Monetary Authority of Singapore (MAS), has issued various publications aimed at fostering the development of AI innovation, as well as addressing potential issues.
For example, MAS has published a set of principles to promote fairness, ethics, accountability and transparency (FEAT) in the use of AI and data analytics in finance. Known as the FEAT Principles, the document provides guidance to firms offering financial products and services on the responsible use of AI and data analytics, to strengthen internal governance around data management and use.
MAS has said that this is intended to foster greater confidence and trust in the use of AI and data analytics, as firms increasingly adopt technology tools and solutions to support business strategies and in risk management.
With regard to robo-advice, robo-advisers are not regulated separately. Depending on the scope of the service being provided (e.g, whether the digital adviser exercises active discretion, as opposed to mere automated portfolio rebalancing, and (or) whether the digital adviser actually provides advice and (or) recommendations on investment decisions), a robo-adviser may need to be licensed under one or more of the existing licensing regimes (eg, as a fund manager, as a financial adviser, et cetera)
While MAS is making it easier for digital advisers to set up in Singapore, the business model carries unique risks, such as faulty algorithms and cyber threats. To mitigate these risks, the Guidelines on Provision of Digital Advisory Services (the Advisory Guidelines) set out MAS’s expectations for digital advisers to establish robust frameworks to govern and supervise their algorithms, as well as to manage technology and cyber risks.
In May 2020, MAS announced the first phase of its Veritas initiative, which is a framework for the responsible adoption of AI and data analytics by financial institutions. Phase 1 of Veritas was concluded in January 2021, which concerned the development of the fairness metrics, and Phase 2 was concluded in February 2022 with the issuance of five whitepapers that included a FEAT checklist for financial institutes to adopt for software development, and the assessment methodologies regarding enhanced fairness, ethics and accountability and transparency.
CHANGE OF CONTROL
Notification and consent
- Describe any rules relating to notification or consent requirements if a regulated business changes control.
Different consent requirements apply to the acquisition of different types of regulated businesses. In general, where a person is to become a holder of a specified percentage of a regulated entity or will control a specified percentage of voting rights of that entity, prior consent must be obtained from the relevant regulatory authority.
In all cases, advice should be sought as to the applicable requirements and the process for obtaining consent.
FINANCIAL CRIME
Anti-bribery and anti-money laundering procedures
- Are fintech companies required by law or regulation to have procedures to combat bribery or money laundering?
Under the PS Act, digital payment token service providers will have to be licensed, and will have to abide by their anti-money laundering and countering the financing of terrorism (AML/CFT) obligations under the PSA.
Such AML/CFT requirements oblige licensees to take appropriate steps to identify, assess and understand their money laundering and terrorism financing (ML/TF) risks, and develop and implement policies, procedures and controls for the effective management of these risks.
This includes policies, procedures and controls in relation to customer due diligence, transaction monitoring, screening, suspicious transactions reporting and record-keeping. Enhanced measures should be performed where higher ML/TF risks are identified.
The requirements also include monitoring the implementation of policies, procedures and controls, and enhancing them if necessary.
Guidance
- Is there regulatory or industry anti-financial crime guidance for fintech companies?
There is no specific guidance for fintech companies, but there is guidance for regulated companies and banks that would apply to fintech businesses that are regulated similarly.
Specifically for digital asset exchanges, the Association of Cryptocurrency Enterprises and Start-ups Singapore has developed a Code of Practice under its Standardization of Practice In Crypto Entities initiative.
DATA PROTECTION AND CYBERSECURITY
Data protection
- What rules and regulations govern the processing and transfer (domestic and cross-border) of data relating to fintech products and services?
There are no legal requirements or regulatory guidance relating to personal data that are specifically aimed at fintech businesses. However, fintech companies must have regard to Chapter 6 on Online Activities of the Personal Data Protection Commissioner’s (PDPC) Advisory Guidelines on the Personal Data Protection Act (PDPA) for Selected Topics.
The PDPC has announced different initiatives to facilitate the movement and use of data to support innovation and strengthen accountability among organizations. The first is the PDPC’s response note to the public consultation on proposed data portability and data innovation provisions, as part of the review of the PDPA. The data portability provision provides individuals with greater control over their personal data and enables greater access to more data by organizations to facilitate data flows and increase innovation, while the data innovation provision makes it clear that organizations can use data for appropriate business purposes without individuals’ consent.
The second is the PDPC’s introduction of a series of guides, such as:
- the Guide on Active Enforcement, as part of its drive for organizations to shift from compliance to accountability;
- an updated Guide to Managing and Notifying Data Breaches under the PDPA, to help organizations manage and respond to data breaches more effectively; and
- the Guide to Notification, which illustrates good notification practices for organizations to comply with their Notification Obligations under the PDPA.
On 1 February 2021, certain key amendments to the PDPA, as well as accompanying subsidiary regulations, came into force. This round of amendments will introduce significant change to the existing data protection regime in Singapore, which bring it closer in line with higher global standards.
Examples of amendments include:
- an increase in financial penalty for breaches of the PDPA to S$1 million;
- the introduction of a mandatory data breach notification requirement;
- new exceptions to consent – legitimate interests and business improvement;
- expanded scope of deemed consent; and
- new personal liability for mishandling of personal data.
Cybersecurity
- What cybersecurity regulations or standards apply to fintech businesses?
While there is a cybersecurity law, the Cybersecurity Act 2018, that came into force in August 2018, it is unlikely to directly affect unregulated fintech start-ups as it is intended to regulate systems involved in the provision of essential services within Singapore. The Cybersecurity Act provides an overarching legislative framework for the regulation of owners of critical information infrastructure and cybersecurity service providers.
In September 2018, the Monetary Authority of Singapore (MAS), sought to strengthen the rules on cyber security through its Notice on Cyber Hygiene in view of the deepening cyber threat landscape and to further strengthen the overall cyber resilience of financial institutions. It intends to eventually prescribe a set of legally binding essential cyber security practices that financial institutions must put in place to manage cyber threats, which could include:
- addressing system security flaws in a timely manner;
- establishing and implementing robust security for systems; and
- deploying security devices to secure system connections.
With regard to regulated fintech companies, MAS also expanded the Technology Risk Management Guidelines following a consultation in March 2019, and added the following guidance:
- technology risk governance and oversight;
- best practices for software development;
- additional guidance for new technologies (namely, application programming interfaces, smart electronic devices and virtualization); and
- effective cyber surveillance, secure software development, adversarial attack simulation and management of cyber risks posed by the internet of things.
OUTSOURCING AND CLOUD COMPUTING
Outsourcing
- Are there legal requirements or regulatory guidance with respect to the outsourcing by a financial services company of a material aspect of its business?
On 5 October 2018, the Monetary Authority of Singapore (MAS), issued revised Guidelines on Outsourcing. Various industry guidelines on outsourcing have also been issued by the Investment Management Association of Singapore and the Association of Banks in Singapore.
MAS Guidelines on Outsourcing set out risk management practices to be complied with when a regulated entity has entered into any outsourcing or is planning to outsource its business services to a service provider (whether this outsourcing is done on an intra-group or a third-party basis, or a material or non-material basis). Certain key requirements in the Outsourcing Guidelines include maintaining an Outsourcing Register and ensuring that all outsourcing contracts are written agreements containing the minimum prescribed clauses. The Outsourcing Guidelines also detail the responsibilities of the board and senior management in this regard (e.g, approving a risk evaluation framework, setting a suitable risk appetite statement, laying down appropriate approval authorities, assessing management competencies to develop sound and responsive outsourcing risk management policies and procedures that are commensurate with the nature, scope and complexity of the outsourcing arrangements).
Cloud computing
- Are there legal requirements or regulatory guidance with respect to the use of cloud computing in the financial services industry?
On 5 October 2018, the Monetary Authority of Singapore (MAS), issued revised Guidelines on Outsourcing. Various industry guidelines on outsourcing have also been issued by the Investment Management Association of Singapore and the Association of Banks in Singapore.
MAS Guidelines on Outsourcing set out risk management practices to be complied with when a regulated entity has entered into any outsourcing or is planning to outsource its business services to a service provider (whether this outsourcing is done on an intra-group or a third-party basis, or a material or non-material basis). Certain key requirements in the Outsourcing Guidelines include maintaining an Outsourcing Register and ensuring that all outsourcing contracts are written agreements containing the minimum prescribed clauses. The Outsourcing Guidelines also detail the responsibilities of the board and senior management in this regard (e.g, approving a risk evaluation framework, setting a suitable risk appetite statement, laying down appropriate approval authorities, assessing management competencies to develop sound and responsive outsourcing risk management policies and procedures that are commensurate with the nature, scope and complexity of the outsourcing arrangements).
INTELLECTUAL PROPERTY RIGHTS
IP protection for software
- Which intellectual property rights are available to protect software, and how do you obtain those rights?
Computer programs (and preparatory design materials for computer programs) are protected by copyright as literary works under the Copyright Act (Chapter 63). Copyright arises automatically as soon as the computer program is recorded. Registration of copyright is not required and is not possible in Singapore.
If the software code has been kept confidential it may also be protected as confidential information. No registration is required.
Patents for software (source code) are not currently applicable for patent registration and protection. The Intellectual Property Office of Singapore (IPOS) has issued the Examination Guidelines for Patent Applications at IPOS, which takes the view that ‘claims to software that are characterized only by source code, and not by any technical features, is unlikely to be considered an invention on the basis that the actual contribution would be a mere presentation of information’
IP developed by employees and contractors
- Who owns new intellectual property developed by an employee during the course of employment? Do the same rules apply to new intellectual property developed by contractors or consultants?
Copyright created by an employee in the course of his or her employment is automatically owned by the employer unless otherwise agreed.
An invention made by an employee belongs to the employer if it was made in the course of the normal duties of the employee or in the course of duties falling outside his or her normal duties, but specifically assigned to him or her, and the circumstances, in either case, were such that an invention might reasonably be expected to result from the carrying out of his or her duties; or if the invention was made in the course of the duties of the employee and, at the time of making the invention, because of the nature of his or her duties and the particular responsibilities arising from the nature of his or her duties, he or she had a special obligation to further the interests of the employer’s undertaking.
Except in certain narrow circumstances, copyright or inventions created by contractors or consultants in the course of their duties are owned by the contractor or consultant unless otherwise agreed in writing.
Joint ownership
- Are there any restrictions on a joint owner of intellectual property’s right to use, license, charge or assign its right in intellectual property?
Yes, unless amended by agreement, joint owners of a copyright hold their shares as tenants in common. Any use, license, charge or assignment of the copyright must, therefore, be done by the joint owners as a whole or by one of the joint owners with the consent of the other joint owners.
However, this position is different for patents notwithstanding that these co-owners hold the ownership of the patent as tenants-in-common. Except where the statutory provisions have been amended by agreement between the joint owners, the Patents Act provides that a co-owner is entitled to do any otherwise infringing act for his or her own benefit, by him or herself or by his or her agents, without requiring the consent of (or the need to account to) any of the other co-owners.
Nevertheless, a co-owner may not, without the consent of the other co-owners, grant a license under the patent or assign or charge a share in the patent.
Trade secrets
- How are trade secrets protected? Are trade secrets kept confidential during court proceedings?
Confidential information can be protected against misuse, provided the information in question has the necessary quality of confidence, is subject to an express or implied duty of confidence, or no registration is necessary (or possible). Confidential information can be kept confidential during civil proceedings with the permission of the court.
Branding
- What intellectual property rights are available to protect branding and how do you obtain those rights? How can fintech businesses ensure they do not infringe existing brands?
Brands can be protected as registered trademarks in Singapore. A brand can also be protected under the common law tort of passing off if it has acquired sufficient goodwill.
Certain branding, such as logos and stylized marks, can also be protected by design rights and may also be protected by copyright as artistic works.
The IPOS trademark database can be searched to identify potentially problematic trademarks that have been registered or applied for.
It is highly advisable for new businesses to conduct trademark searches to check whether earlier registrations exist that are identical or similar to their proposed brand names. It may also be advisable to conduct internet searches for any unregistered trademark rights that may prevent the use of the proposed mark.
Remedies for infringement of IP
- What remedies are available to individuals or companies whose intellectual property rights have been infringed?
Remedies include:
- preliminary and final injunctions;
- damages or an account of profits;
- delivery up or destruction of infringing products;
- disclosure orders; and
- costs.
COMPETITION
Sector-specific issues
- Are there any specific competition issues that exist with respect to fintech companies in your jurisdiction?
There is a competition regime in Singapore that applies to all entities carrying out business in Singapore unless otherwise exempted. There are no particular aspects of this regime that would affect fintech businesses disproportionately to other businesses.
TAX
Incentives
- Are there any tax incentives available for fintech companies and investors to encourage innovation and investment in the fintech sector in your jurisdiction?
At present, there are no tax incentives specifically targeted at fintech companies. However, new start-up companies in general can benefit from a tax exemption scheme. All companies are eligible for the exemption except companies whose principal activity is investment holding and companies that undertake property development for sale, investment or both. To qualify for the exemption, an eligible company must:
- be incorporated in Singapore;
- be tax-resident in Singapore for the relevant tax year of assessment; and
- have its share capital held by no more than 20 persons (all of whom must be individuals) throughout the period of that tax year of assessment, where at least one shareholder is an individual holding at least 10 percent of the shares in the company, typically a founder.
The exemption applies for the company’s first three consecutive tax years of assessment. With effect from tax year of assessment 2020, companies will benefit from a reduced 75 percent exemption from tax on the first S$100,000 of normal chargeable income and then a 50 percent exemption on the next S$100,000 of normal chargeable income.
Under the Angel Investors Tax Deduction Scheme, investors who are able to commit a minimum of S$100,000 of investment to a qualifying start-up can, subject to approval and satisfaction of certain conditions, benefit from a tax deduction of 50 percent of the amount of their investment at the end of a two-year holding period. This scheme lapsed after 31 March 2020, and investors can no longer obtain new approvals or renewal of the ‘angel investor’ status for any period commencing after 31 March 2020. However, angel investors will continue to enjoy tax deductions in respect of qualifying investments made during the period of the approved status, subject to existing conditions of the scheme.
For institutional investors, section 13H of the Income Tax Act allows approved venture capital and private equity funds to benefit from zero-rated tax relief for up to 10 years in respect of gains from the divestment of approved portfolio holdings, dividend income from approved foreign portfolio holdings and interest income arising from approved foreign convertible loan stock. In addition, the Fund Management Incentive (FMI) gives an approved fund management company tax relief at a concessionary rate of 5 percent for a period of up to 10 years in respect of both management fees and performance bonuses received from an approved venture capital fund. To benefit from both section 13H and the FMI, the venture capital or private equity funds and fund management companies must, at a minimum, be incorporated and based in Singapore and otherwise approved or licensed by the Monetary Authority of Singapore to conduct their activities.
Increased tax burden
- Are there any new or proposed tax laws or guidance that could significantly increase tax or administrative costs for fintech companies in your jurisdiction?
Yes, the Goods and Services Tax Act was amended in 2020 to require overseas digital service providers with a yearly global turnover of more than S$1 million, which sell more than S$100,000 worth of digital services to customers in Singapore in a 12-month period, to register for and charge goods and services tax (GST).
With effect from 1 January 2020, the Inland Revenue Authority of Singapore has required these digital services providers, who are registered under this Overseas Vendor Registration regime, to charge GST on their sale of digital services to Singapore consumers.
IMMIGRATION
Sector-specific schemes
- What immigration schemes are available for fintech businesses to recruit skilled staff from abroad? Are there any special regimes specific to the technology or financial sectors?
The rules on hiring staff from abroad apply to all companies operating in Singapore. Prior to applying for an Employment Pass, companies will need to advertise the vacancy on the National Jobs Bank for at least 14 days unless a specific exemption applies.
The Economic Development Board launched Tech.Pass, a targeted program to attract tech entrepreneurs, leaders and technical experts from around the world with experience in established or fast-growing tech companies, to contribute to the development of Singapore’s tech ecosystem. Tech.Pass will allow passholders flexibility in the participation of activities such as starting and operating one or more tech companies, being an investor, employee or director in one or more Singapore-based companies or a consultant (or) mentor mentoring start-ups and lecturing at local universities.
UPDATE AND TRENDS IN FINTECH IN SINGAPORE
Current developments
- Are there any other current developments or emerging trends to note?
On 28 June 2019, the Monetary Authority of Singapore (MAS) announced that it will issue up to five new digital banking licenses, welcoming applications from both traditional banking groups and non-bank players. The move has been recognized as marking the next chapter in Singapore’s banking liberalization journey.
In early December 2020, MAS announced that four entities were awarded digital banking licenses.
While digital banks offer the same banking services as traditional banks, they operate without a physical setup, enabling customers to control their finances from their computers or smartphones. MAS awarded the licenses to:
- a consortium of Singapore Telecommunications Ltd (Singtel) and Grab Holding Inc (Grab);
- Sea Limited;
- Ant Financial; and
- a consortium of Greenland Financial Holdings Group Co Ltd, Linklogis Hong Kong Ltd, and Beijing Co-operative Equity Investment Fund Management Co Ltd.
There are two types of digital banking licenses – digital full bank license (DFB) and digital wholesale bank license (DWB).
The DFB license enables an entity to offer deposits, loans and investment products through its online platform. DFB license holders can only serve retail and corporate banking services while DWB license holders can only serve businesses, namely small and medium enterprises (SMEs).
MAS expects the four digital banks to commence operations by early 2022. This is the first time Singapore has approved setting up wholly digital banking operations.
On 5 April 2022, Parliament passed the Financial Services and Markets Act 2022 (the FSM Act), although it has yet to come into force. The FSM Act enhances MAS’s regulatory and enforcement framework across the entirety of the financial sector, adding to the rules designed for each specific segment. The FSM Act also ensures that digital token service providers that are Singapore entities, but who wholly operate outside of Singapore, would be captured within the scope of Singapore’s regulatory regime, bringing Singapore’s legal and regulatory framework in respect of virtual asset service providers in line with the Financial Action Task Force standards.
In October 2022, MAS published two consultation papers proposing regulatory measures (which would, if adopted, form part of the PS Act) for DPT services and stablecoins, to reduce the risk of consumer harm from the trading of cryptoassets and to support the development of stablecoins as a credible medium of exchange.
The proposed measures regarding digital payment token (DPT) services would require DPT service providers:
- to provide adequate risk disclosures to help retail consumers to make informed cryptocurrency trading decisions; and
- to implement proper systems to safeguard customers’ assets, mitigate potential conflicts of interest and account for technology risks.
In relation to stablecoins, MAS proposes to regulate the issuance of single-currency pegged stablecoins (SCS) while stablecoins pegged to a basket of currencies or other assets (e.g, commodities) will be subject to the existing DPT regime under the PS Act. Under the proposed regulatory regime, SCS issuers will be subject to higher prudential standards and will be required to make disclosures (or even a key information factsheet as a matter of good practice) on its corporate website, disclosing descriptions of the SCS, rights and obligations of the SCS issuer and holder, as well as risk factors.
MAS is currently processing the feedback from the two consultations and is likely to be issuing new guidelines for the proposed regulatory measures.
* The information in this chapter was accurate as of March 2023.
If you need more consulting, please Contact Us at TNHH NT International Law Firm (ntpartnerlawfirm.com)
You can also download the .docx version here.
“The article’s content refers to the regulations that were applicable at the time of its creation and is intended solely for reference purposes. To obtain accurate information, it is advisable to seek the guidance of a consulting lawyer.”
LEGAL CONSULTING SERVICES
090.252.4567NT INTERNATIONAL LAW FIRM
- Email: info@ntpartnerlawfirm.com – luatsu.toannguyen@gmail.com
- Phone: 090 252 4567
- Address: B23 Nam Long Residential Area, Phu Thuan Ward, District 7, Ho Chi Minh City, Vietnam