Digital Tokens and Customer Protections (Part 1)

I.   Introduction

The global regulatory environment governing the sale, purchase, exchange, transfer and custody of cryptocurrencies is changing. The nature of this regulation, by the competent authorities in a given jurisdiction, and the requirements with which entities subject to it must comply, depends primarily upon the characterisation of such assets, and the risks arising out of providing such services. In the specific context of cryptocurrencies, along with risks related to money-laundering and terrorism-financing (“ML/TF”), the proliferation of trading and speculation in relation to cryptocurrencies the world over has given rise to customer protection concerns, the need to guard against risks arising out of the insolvencies of cryptocurrency service providers, and to prevent market abuse and unfair dealing in relation to cryptocurrencies.

In May 2023, the International Organization of Securities Commissions (“IOSCO”) released its Policy Recommendations for Crypto and Digital Asset Markets Consultation Report (CR01/2023), where it is stated that regulatory frameworks for virtual assets should seek to achieve regulatory outcomes for investor protection and market integrity that are the same as, or consistent with, those required in traditional financial markets. In line with these global developments, the Monetary Authority of Singapore (“MAS”) has been in the process of, among other things, consulting on proposed regulatory measures addressing customer protection and market integrity.

This article is the first of a two-part article. Part 1 will focus on regulatory developments in Singapore specific to “cryptocurrencies” — under Singapore law, generally “digital payment tokens” (“DPT”) — including recent proposals by the MAS relating to customer protection requirements and the integrity of the DPT market. In Part 2 of the article next month, we will delve deeper into MAS’ proposals in relation to the stablecoin regulatory framework in Singapore, and the operation of the Financial Services and Markets Act 2022.

II.   The Current State of Play

In Singapore, the MAS regulates the provision of “payment services”—including “DPT services”—under the Payment Services Act 2019 (“PS Act”). The PS Act came into force on 28 January 2020, prior to which DPT services were not regulated by MAS.

Under the PS Act, the distinguishing characteristics of “DPT” are: (a) DPT is not denominated in or pegged by its issuer to any fiat currency; and (b) DPT is, or is intended to be, a medium of exchange accepted by the public or a section thereof as payment for goods or services or for the discharge of a debt (e.g. Bitcoin, Ether, and certain single-currency-stablecoins such as USDT and USDC).

Under the current scope of the PS Act, a person must obtain a licence and comply with ongoing compliance obligations where they carry on a business in the following two activities —

• “Dealing in” DPTs (i.e. buying or selling DPTs); or
• “Facilitating the exchange of” DPTs (i.e. operating a platform allowing persons to buy or sell DPT on a centralised basis).

III.   Expanded Regulation – the Near Future

1.       Under amendments to the PS Act

In June 2019, the Financial Action Task Force (“FATF”) adopted the enhanced Recommendation 15 in the FATF Standards.[1] Following this, MAS issued a consultation paper stating its express intention to introduce amendments to the PS Act to align with the enhanced FATF Standards applicable to DPT service providers (i.e. virtual asset service providers, or “VASPs”).[2]

In light of broad support from respondents,[3] the Payment Services (Amendment) Act (“PS(A)A”) was passed on 4 January 2021, but has not yet come into force. Its commencement is expected in the near future, after MAS has consulted and responded to feedback on corresponding subsidiary legislation.

There are three new key activities falling under the expanded scope of “DPT services”.

First, where a service provider facilitates the transfer of DPT, this would likely be regulated once the PS(A)A comes into force. Such businesses (if not regulated) “could be used by bad actors to move or layer the proceeds of illicit assets by transferring value in the form of DPTs from one person to another”.[4]

Second, where a service provider provides a service custodising DPT where they have control over or possession of such DPT, this would likely be regulated once the PS(A)A comes into force. The custody of DPT (if not regulated) “could be used to safekeep illicit assets or assets for illicit actors, and in some cases, act as an additional layer or front”.[5]

Third, where a service provider assists its client in buying and selling DPT (e.g. brokerage activities), this would likely be regulated once the PS(A)A comes into force, even if the service provider does not come into possession of moneys or DPTs. The “active facilitation” of the buying and selling of DPT could (if not regulated) facilitate ML/TF activities.

2.       Recent proposals — a focus on customer protection

The initially envisioned risks arising out of providing DPT services were primarily those relating to ML/TF and technology risk. Having said that, the PS(A)A addresses the possibility of an expansion of the risks arising out of providing DPT services. Such risks are not only limited to ML/TF and technology risk, but also the risk of inadequate user protection and the need for safeguarding of customer DPT.

On 26 October 2022, MAS set out proposed regulatory measures to reduce the risk of consumer harm from trading DPTs (the “Consumer Protection Consultation Paper”). The consultation closed on 21 December 2022; and on 3 July 2023, MAS responded in part to the safeguarding proposals in the Consumer Protection Consultation Paper (“Part 1 Response”) and published a further consultation paper on proposed amendments to the Payment Services Regulations, setting out its detailed proposals in relation to the customer asset segregation and safeguarding requirements, with a draft of the proposed amendments annexed (the “Safeguarding Consultation Paper”).

Broadly, licensed and exempt DPT service providers (including those that are not licensed now but are relying on transitional exemptions under the PS Act) will be required to:

• segregate customers’ DPT from its own DPT and hold such customer DPT in trust;
• safeguard customers’ moneys received from or on account of “DPT services” provided;
• conduct daily reconciliation of customers’ DPT and keep proper books and records;
• maintain access and operational controls to customers’ DPTs in Singapore;
• ensure that the custody function is operationally independent from other business units; and
• provide clear disclosures to customers on the risks involved in having their DPT held by the DPT service provider.

The Part 1 Response also contained confirmation from MAS that it will proceed with its proposals to: (a) prohibit regulated DPT service providers from lending or staking DPT belonging to retail customers; and (b) permit lending or staking of DPT belonging to non-retail customers, but subject these arrangements to prescribed disclosure and customer consent requirements.

Also on 3 July 2023, MAS issued a separate consultation paper on proposed measures on market integrity in DPT services (the “Market Integrity Consultation Paper”). This consultation paper sets out proposed regulatory measures for DPT service providers, and prohibitions against unfair trading practices that are generally applicable to all market participants, to address market integrity risks in DPT services.

This further consultation follows from the Consumer Protection Consultation Paper, where most respondents agreed with MAS’ observations on good industry practices to address market integrity risks, and some respondents suggested that MAS should impose further measures to prevent market abuse and unfair trading practices such as wash trading, pump-and-dump schemes, cornering, trade spoofing, and insider trading.

More broadly speaking, MAS’ recent proposals are generally aimed at mitigating the risk of loss or misuse of customers’ DPT, and facilitating the recovery of such customers’ assets in the event of a DPT service provider’s insolvency.

3.       Implementation and other anticipated developments

The consultation periods for both the Safeguarding Consultation Paper and Market Integrity Consultation Paper have closed as of 3 August 2023. MAS is currently in the midst of considering the feedback to such consultations and would be expected to publish a response to such feedback over the next few months. In particular relation to the Safeguarding Consultation Paper, MAS has stated that it intends to effect the proposed amendments to the Payment Services Regulations by October 2023 (and publish a set of corresponding Guidelines on or around such time as well); and in any case, expects DPT service providers to prepare to comply with its policy positions by October 2023.

As for the Market Integrity Consultation Paper, while no timeline has been provided, MAS has stated that it intends to implement the proposed regulatory measures relating to addressing market integrity risks by DPT service providers through Guidelines, to set out its expectations for DPT service providers as regards market integrity risks, as a first step to implementing the proposals. Thereafter, details on the regulatory requirements and subsidiary legislation will be separately published for consultation in due course. Separately, MAS intends to implement the proposed prohibitions against unfair trading practices through amendments to the PS Act or other Acts administered by MAS, as appropriate. The Act amendments will be separately published for consultation in due course.

MAS is also expected to separately publish its response to the remaining regulatory measures (aside from customer asset and money safeguarding; e.g. customer access safeguards) proposed in the Consumer Protection Consultation Paper. These include responses relating to feedback on MAS’ proposals to:

• Implement certain consumer access measures such as (a) implementing customer risk assessment or knowledge assessments for retail customers; (b) restrictions on offering incentives (whether monetary or non-monetary) to retail customers to participate in a DPT service, or to any person (e.g. an existing customer or a celebrity) to refer a DPT service to retail customers; and (c) restrictions on debt-financed and leveraged DPT transactions for retail customers trading DPTs;

• Implement business conduct measures such as (a) implementing measures to identify and mitigate conflicts of interest where a DPT service provider engages in multiple business activities (e.g. as a trading platform, broker-dealer and proprietary trader), including making adequate disclosure to customers; (b) requiring DPT trading platform operators (i.e. DPT exchanges) to publish their policies and procedures on the process for selecting, listing and reviewing DPTs, and the relevant governance policies; and (c) implementing complaints handling policies and procedures;

• Mandate that the requirements in the Notice on Technology Risk Management (which currently applies to other types of financial institutions such as banks) also be applicable to DPT service providers.

IV.   Concluding Remarks

The amendments to the PS Act and MAS’ recent proposals, in particular relating to segregation and safeguarding of customer assets and the application of market integrity provisions to the trading of DPT, are aimed at promoting customer protection objectives, and the fair, orderly, and transparent trading of DPT in Singapore.

Through the amendments to the PS Act, service providers that may not have been previously subject to regulation are brought into the fold of regulation. This means that such service providers will be required take steps to mitigate against ML/TF risks arising out of DPT (e.g. implementation of the “travel” rule. This would assist in providing greater assurance to Singapore customers (and the market at large) that DPT being handled are not linked to the proceeds of, used to facilitate, or otherwise related to, ML/TF activities.

Further, subjecting service providers to the licensing regime under the PS Act means that such service providers need to comply with other general ongoing compliance obligations applicable to licensees (e.g. base capital, expertise, track record of key personnel). These obligations are geared toward ensuring that service providers are duly equipped to provide DPT services to their customers. By buttressing these ongoing compliance obligations with MAS’ proposals in relation to the segregation and safeguarding of customer assets, customers of DPT service providers may reasonably have more assurance that the service providers with whom they deal are legitimate enterprises with protections and mitigating measures to guard against insolvency risks.

MAS’ broad push also to apply similar market integrity provisions, as currently found in the context of the Securities and Futures Act 2001, to the trading of DPT under the Payment Services Act 2019, also exemplifies the push toward discouraging speculation in DPT by clamping down on market manipulation, abuse, and other unfair practices which may present themselves in DPT markets.

 

AUTHOR INFORMATION

Adrian Ang is a Partner and Co-Head of Allen & Gledhill’s FinTech Practice, and also Co-Head of the Public Policy Practice.
Email: adrian.ang@allenandgledhill.com

Alexander Fong is an Associate in the FinTech Practice and Financial Regulatory Practice at Allen & Gledhill.
Email: alexander.fong@allenandgledhill.com

 

REFERENCES

[1] Recommendation 15 provides, inter alia, that “countries should apply a risk-based approach to ensure that measures to prevent or mitigate money laundering and terrorist financing are commensurate with the risks identified”. In addition, it was also provided that countries and financial institutions should identify and assess such ML/TF risks in relation to “(a) the development of new products and new business practices, including new delivery mechanisms, and (b) the use of new or developing technologies for both new and pre-existing products”; see paragraph 2 of the Interpretative Note to Recommendation 15, found in FATF, Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers, Annex A, p 55.

[2] MAS, Consultation Paper on the Payment Services Act 2019: Proposed Amendments to the Act, 23 December 2019, paragraph 2.1.

[3] MAS, Response to Feedback Received on Proposed Amendments to the Payment Services Act 2019, 4 November 2020.

[4] MAS, Consultation Paper on the Payment Services Act 2019: Proposed Amendments to the Act, 23 December 2019, paragraph 2.4.

[5] MAS, Consultation Paper on the Payment Services Act 2019: Proposed Amendments to the Act, 23 December 2019, paragraph 2.6.