On 26 July 2024, the Monetary Authority of Singapore (“MAS”) published amendments to the Guidelines on Licensing for Payment Service Providers (PS-G01) (“Guidelines”). These amendments affect current and future Standard Payment Institutions (“SPIs”) and Major Payment Institutions (“MPIs”), and will take effect from 26 August 2024.
Among others, there were two key categories of amendments. They relate to additional documents that must accompany a new or variation licence application – (1) a legal opinion; and (2) an external auditor’s independent assessment.
Legal Opinion for Licence Applications
For (1) all new applicants applying for an SPI or MPI licence; and (2) existing Payment Services Act 2019 (“PS Act”) licensees applying to vary their licence to add a digital payment token (“DPT”) service, a legal opinion must be submitted with their applications. Such a legal opinion should:
- be issued by a law firm experienced in advising on the PS Act in Singapore;
- include a clear and concise summary of the applicant’s business model; and
- include an assessment on whether the applicant’s proposed service(s) and/or product(s) are regulated payment services under the PS Act (4.1.1 and 4.1.2, Guidelines).
If the MAS finds the initial legal opinion unclear, the MAS may request for a second legal opinion (4.1.4, Guidelines).
External Auditor’s Independent Assessment for Licence Applications
Every new applicant and existing PS Act licensee that is intending to provide DPT services, except for entities that have notified the MAS pursuant to the Payment Services (Amendment) Act 2021 (Saving andTransitional Provisions) Regulations 2024), is required to appoint a qualified independent External Auditor to perform an independent assessment of its policies, procedures and controls in the areas of antimoney laundering/countering the financing of terrorism (“AML/CFT”) and Consumer Protection (4.1.5, Guidelines).
The independent assessment report must have been issued and signed off by the External Auditor within the last 3 months from the date of application submission, and be submitted together with the applicant’s Form 1 or Form 2 as the case may be (4.1.6, Guidelines).
It must be noted that for the purpose of conducting this independent assessment, the policy and procedures, and other documents to be reviewed by the External Auditor must be the same version submitted by the applicant as part of its application (4.1.7, Guidelines).
The MAS places the onus on applicants to appoint an appropriate and suitably qualified External Auditor to conduct the independent assessment (4.1.8, Guidelines). If the MAS has concerns on the quality and/or the comprehensiveness of the External Auditors’ independent assessment, the MAS may require the applicant to appoint another External Auditor to re-perform the independent assessment (4.1.9, Guidelines).
Applicants may engage more than one External Auditor to perform the independent assessment, such as one for an assessment in the area of AML/CFT and another in the area of Consumer Protection (4.1.8, Guidelines).
After an in-principle approval is granted to the applicant, the applicant is required to appoint a qualified independent External Auditor to perform an independent assessment of its policies, procedures and controls in the areas of Technology and Cybersecurity risks (4.1.14, Guidelines).
Leave a Reply