On 3 July 2023, the Monetary Authority of Singapore (MAS) announced a series of investor protection measures for Digital Payment Token (DPT) services. The more significant changes are that DPT service providers (DPTSP) hold customer assets under a statutory trust before the end of the year, rather than lending or placing their retail customers’ DPTs.
Two documents released as part of the announcement – ​​the first tranche of MAS’s response to its public consultation last October and a consultation document on proposed amendments to the Payment Services Regulation (PSR) to implement key segregation and custody requirements – provide more insight into the thinking regulator behind these changes.
Support for new save requests
According to the MAS, there was broad support for detention measures affecting DPTSP in the following areas:
-
Segregation of Customer Assets: DPTSP must ensure proper segregation of its customers’ assets from its own assets and such assets cannot be commingled (even with the user’s consent). However, individual client assets are allowed to be commingled in the same trust account.
-
Protection of client money: Client money will need to be held in Singapore financial institutions to facilitate recovery in the event of insolvency.
-
Daily reconciliation and proper record keeping: Reconciliation of customer assets will be done daily at the entity level with appropriate records for each customer, and account statements will be provided to clients in accordance with requirements for capital market intermediaries.
-
Access and operational control over client DPTs: DPTSPs will maintain robust systems and processes to ensure the integrity and security of client assets, including operational controls for cryptographic keys held or managed by them, which need not be located in Singapore. In addition, 90% of customers’ DPT must be held in cold wallets with security controls to minimize the risk of loss.
-
Custodial Function Independence: DPTSPs are not required to hold client assets with independent third-party custodians, but each internal custodial function must be separate and operationally independent from other business units to reduce the risk of internal fraud and embezzlement.
-
Disclosures to clients: DPTSPs must disclose terms and conditions, applicable fees and charges, separation of customer assets from their own assets, any commingling of customer assets and associated risks, consequences in the event of insolvency and arrangements made to protect customer assets.
Ban on lending and investing in retail cryptoassets
MAS also made it clear that licensed DPTSP will not be able to lend and mortgage the property of individuals, although respondents to the October consultation generally did not support this restriction. Instead, they suggested that DPTSPs could facilitate lending and investment services, provided they clearly disclose risks, obtain express consent from retail customers and impose transaction limits.
Respondents also warned that the restriction could cause retail customers to turn to unregulated platforms compared to safer DPTSPs. Several distinguished investing from lending as less credit risk and contributing to the proper functioning of proof-of-stake blockchain networks.
In its responses, MAS focused on investor protection and shared its reasoning:
-
The recent collapses of lending and investment services show that they continue to be a source of significant harm to consumers because assets of individuals that were expected to be recovered could not be recovered.
-
In most cases, such assets that have been loaned or invested may no longer belong to or be under the control of the retail customer who is not protected by the requirements imposed by DPTSPs.
-
Retail customers are generally less savvy, less able to sustain large losses and may not be able to understand the risks involved when they enter into such services through regulated DPTSPs.
-
Given the conflict of interest for PTSD, risk disclosure is insufficient and a more cautious approach is needed.
-
Investing, while different from lending, did not necessarily seem safer because it often involves intermediaries and other risks that may not be lower.
Comparison with Hong Kong’s new crypto-asset regime
Experts may bemoan the restrictions, but it should be noted that the Hong Kong Securities and Futures Commission (SFC) – citing similar concerns as the MAS – has banned licensed virtual asset trading platform (VATP) operators from providing such services to their clients (retail or others).
In fact, if you were to examine the requirements for segregation and custody between the two, the MAS proposals appear more lenient than the SFC’s. For example, sole guardianship by the same entity (with safeguards) is possible in Singapore compared to an affiliated entity in Hong Kong.
In Singapore, 90% of customers’ digital assets should be kept in cold wallets, compared to 98% in Hong Kong. Private keys do not need to be stored in Singapore, but must be in Hong Kong for VATP.
The different nuances are likely due to the different maturity of crypto regulation in the two cities, given that Hong Kong has just introduced its licensing regime for VATPs. Importantly, both regulators are monitoring industry developments and said regulations will continue to evolve.
If you would like to learn more about MAS’s new investor protection measures and their impact on AML/CFT compliance in Singapore, please contact us to speak to one of Elliptic’s experts.
Financial Services Regulation APAC