Written Reply to Parliamentary Question on the implementation progress of Project Ubin
"Payment Services Bill" - Second Reading Speech by Mr Ong Ye Kung, Minister For Education, On Behalf of Mr Tharman Shanmugaratnam, Deputy Prime Minister and Minister-In-Charge of The Monetary Authority of Singapore on 14 Jan 2019
1 Mr. Speaker, I beg to move, “That the Bill be now read a second time.”
2 Technology is transforming the world of payments. In particular, FinTech, or Financial Technology, has opened up opportunities for more convenient, faster and cheaper payments.
3 At the same time, new payment methods give rise to new risks. This has necessitated a review of our regulatory framework. Further, services that were previously provided separately and regulated separately are now merging.
4 MAS currently regulates various types of payment services under the 2006 Payment Systems (Oversight) Act - or PS(O)A - and the 1979 Money-Changing and Remittance Businesses Act - or MCRBA. The Bill combines the PS(O)A and MCRBA into a single Payment Services Act.
5 The Payment Services Bill provides a forward looking and flexible framework for the regulation of payment systems and payment service providers in Singapore. It provides for regulatory certainty and consumer safeguards, while encouraging innovation and growth of payment services and FinTech. In drafting the Bill, MAS has taken reference from regulatory frameworks in various other financial centres – Australia, Hong Kong, Japan, and the United Kingdom.
6 Let me outline the broad approach underpinning the Bill.
7 First, we are adopting a regulatory structure that recognises the growing convergence across payment activities which I just mentioned. For example, payment and remittance services are now often provided as one product to customers.
8 Second, we are expanding MAS’ regulatory scope to include more types of payment services, such as digital payment token services and merchant acquisition. The Bill includes provisions that level the playing field for banks and non-banks, and that enhance user protection.
9 Third, we have adopted a modular and risk-focused regulatory structure, so that our rules are tailored to the scope of services being offered by any provider. A modular approach gives MAS the flexibility to regulate payment service providers that offer one, two or more parts of the payments value chain. It also enables MAS to respond quickly to fast changing payment solutions and business models. A risk-based approach enables MAS to impose proportionate regulatory measures on each type of payment service provider, depending on the scale of their activities.
10 MAS has conducted public consultations on the Bill, and engaged extensively with the industry. It has been well received. MAS has considered all the feedback and, where appropriate, has taken them into account in preparing this Bill. Mr. Speaker, let me now take the Members through the key areas of the Bill.
Regulatory frameworks for designation and licensing
11 The Bill comprises two regulatory frameworks: a designation regime and a licensing regime.
12 The designation regime enables MAS to designate significant payment systems, to ensure the stability and market efficiency of the financial system.
13 Designating payment systems for financial stability reasons is a power that is already provided for in the PS(O)A, and it will be retained. However, the Bill provides for an additional basis for designation, which is to ensure efficiency and competition in the financial system. This is because a payment system that becomes widely used and dominant can be used to shut out competition and new, innovative players. Hence for competition reasons, MAS can designate a payment system if it is widely used in Singapore, or its operations have an impact on the operations of other payment systems in Singapore.
14 The second framework is a licensing regime to allow MAS to regulate a wide range of payment services in a manner that matches the scope and scale of services provided by each provider, and that can respond flexibly to market developments, as I have explained.
15 The services can be grouped into seven types: account issuance, domestic money transfers, cross-border money transfers, merchant acquisition, e-money issuance, digital payment token dealing and exchanges, and money-changing.
16 Service providers may offer different combinations of these services, and the licensing regime will regulate them according to the risks they pose.
Three classes of licences
17 MAS will not impose requirements uniformly across all licensed payment service providers. We will have three classes of licences – a licensee may be a money-changing licensee, a standard payment institution or a major payment institution. These three classes will be broad enough to deal with the different combinations of payment services that a service provider may offer. Each service provider needs to hold only one of the three licences. And in line with our risk-based approach, the regulatory requirements for each class of licence differ according to the risks posed by the scope and scale of services provided by the licensee
18 This is how it will work:
a. First, money-changing licensees can provide only money-changing services. They will continue to be regulated under the Bill in largely the same way as it is under the existing MCRBA, as the attendant risks have not changed. The regulation is quite narrow in scope, as these are over-the-counter services often offered by small businesses such as sole proprietors, with limited risks.
b. Second, standard payment institutions may provide any combination of the seven defined payment services, but below specified transaction flow or e-money float thresholds. They will be regulated more lightly, and the regime mimics a “permanent sandbox” environment to encourage innovation and enterprise.
c. Third, major payment institutions can go above the specified thresholds. As the scale of their operations would pose more risk, they will be subject to more regulation.
19 This new licensing regime is a more comprehensive and robust framework than what current legislation provides. We will be regulating new services, as well as expanding the scope of activities under the services we currently regulate.
20 Services that MAS will now be regulating are domestic money transfers, merchant acquisition, and digital payment token services. We will be among the first few financial services regulators in the world to introduce a regulatory framework for digital payment token services, or what are commonly understood as cryptocurrency dealing or exchange services. As we have stated in Parliament before, while there may be some potential in these digital payment token services, they also carry significant money laundering and terrorism financing risks or ML/TF risks due to the anonymous and borderless nature of the transactions they enable. Under the Bill, all providers of digital payment token dealing or exchange services in Singapore will have to meet anti-money laundering and counter financing of terrorism – or AML/CFT requirements.
21 We are also recognising new activities under the services we currently regulate. The definition of e-money in the Bill will go beyond stored value or pre-paid services, such as public transport cards, to include e-wallets – i.e. any monetary value that is held for future payment transfers between individuals or with corporates. This means that e-money issuers have an obligation to protect the value held in major e-wallets for consumers and merchants.
22 Further, under the Bill, we will regulate inward remittance services in addition to outbound remittance services that are currently regulated.
23 The Bill will also clarify that a person will be presumed to carry on a business of providing a payment service even where the payment service is only incidental to the person’s primary business. The intent is to disapply the 2017 Singapore High Court decision in Chinpo Shipping Co (Pte) Ltd v. Public Prosecutor, which suggests that the undertaking of remittances that are purely incidental to a primary business of ship agency and ship chandelling would not have constituted the carrying on of a remittance business under the MCRBA.
Mitigating key risks in payment services
24 Mr. Speaker, I will now elaborate how the Bill will mitigate the four key risks that are common across many payment services: loss of customer monies; ML/TF risks; fragmentation and lack of interoperability across payment solutions; and technology risks including cyber risks. Proper oversight of these risks will both protect the public and facilitate a vibrant payment services sector.
25 One key risk is that customer monies entrusted to payment service providers may be lost, such as when the service provider becomes insolvent. The Bill requires major payment institutions to safeguard customer monies from loss through the institutions’ insolvency using any of the following means:
a. An undertaking or guarantee by any bank in Singapore or prescribed financial institution to be fully liable to the customer for such monies;
b. A deposit in a trust account; or
c. Safeguarding in such other manner as may be prescribed by MAS.
26 However, we also want to ensure that measures are not too onerous or stifling. That is why we adopted three classes of licences. For example, standard payment institutions are not subject to the safeguarding requirements for major payment institutions, but they must disclose this to their customers so that the customers can make informed decisions on which payment service or provider best suits their needs.
27 The second risk is that payment services may be used for ML/TF, such as through illicit cross border transfers, anonymous cash-based payment transactions, structuring of payments to avoid reporting thresholds or the raising or layering of assets or funds for ML/TF purposes. MAS studies the business model of each payment service to determine where regulatory measures should be imposed. The appropriate AML/CFT requirements will be imposed on relevant licensees through Notices issued under the MAS Act. MAS will also provide guidance to the industry.
28 A third risk is that payment solutions in Singapore become fragmented. We have deliberately allowed many e-payment solutions to come on stream in Singapore. This provides choice for consumers but the downside is that it can also be confusing. MAS has been persuading the industry to undertake various measures to ensure that the solutions are interoperable, within an open architecture. For example, we worked with the banks to implement PayNow, to make instant payment transfers more convenient for consumers and businesses. So today I can use the PayNow feature from the app of one bank to pay someone who is banking with a different institution. We also worked with the industry to introduce SGQR, which allows different e-payment schemes to be accepted via a single standardised and unified QR code.
29 This Bill will give MAS formal powers to ensure interoperability of payment solutions, in the interests of consumers and market development. The Bill will provide MAS with the powers to mandate the following outcomes:
a. One, a designated payment system operator or major payment institution must allow third parties to access any payment system it operates, and the access regime imposed must be fair and not discriminatory;
b. Two, a major payment institution must participate in a specified common platform or equivalent arrangement to achieve interoperability of payment accounts; and
c. Three, a major payment institution must adopt a common standard to make widely-used payment acceptance methods interoperable.
30 MAS will exercise these powers judiciously. MAS will continue to employ its powers of persuasion with the payment players, before using its interoperability powers as a last resort.
31 Finally, technology risk. The Bill will give MAS powers to impose technology risk management requirements, including cyber security risk management requirements, on all licensees. We will require payment service providers to ensure there is adequate risk governance and implementation of adequate controls, particularly in areas such as user authentication, data loss protection and cyber-attack prevention and detection.
Right-sizing permissible activities
32 Mr. Speaker, this Bill right-sizes regulations depending on the risks posed by the payment service provider. This means tailoring our regulations to the activities of the licensees, such as opening accounts, issuing e-money, transferring money within Singapore and overseas and providing e-payment solutions to consumers and merchants.
33 It must follow that if the licensees wish to do more, then they must be subject to more regulatory measures. Licensees therefore cannot engage in consumer lending or banking activities such as accepting deposits and granting loans, unless they hold the appropriate licence under the Banking Act or the Moneylenders Act.
34 Banks perform a vital economic function of intermediating savings. They take in deposits and on-lend these funds back into the economy to help it grow. To protect depositors’ interests, banks are subject to much more stringent prudential regulation and supervision, such as on the amount of capital and liquid assets they must hold, how much concentration risk they can take, and how they manage repayment risks and make provisions against these risks.
35 Non-bank payment service licensees do not perform similar economic functions, and do not face similarly stringent regulations. Accordingly, e-money issuers will not be allowed to on-lend any customer money or use any customer money to materially finance their own business activities.
36 Additionally, withdrawals of Singapore dollars will not be allowed from e-money accounts held by Singapore residents. This is consistent with the objective of the Bill, which is to promote greater adoption of electronic payments, in lieu of cash services. It will also preserve the privileges of our Free Trade Agreement partners, whose banks have been accorded access to ATMs and cashback services.
37 Finally, personal payment accounts will be subject to a stock cap, which is the maximum amount of funds that can be held in a personal payment account at any given time. They will also be subject to an annual flow cap. This is the maximum cumulative amount of yearly outflows from the personal payment account, other than to the user’s designated bank accounts. The stock and flow caps were calibrated with due regard to consumer needs and existing industry practices, and will be set initially at $5,000 and $30,000 respectively. These caps will not apply to merchant payment accounts that cater to business uses.
38 These caps help to further protect customers by limiting a customer’s potential loss from his e-money account. This also enables the e-money safeguarding measures to be simple and low-cost, different from deposit insurance that banks have to undertake.
39 More importantly, the caps will ensure continued stability of the financial system, by reducing the risk of significant outflows from banks deposits to non-bank e-money which can undermine the stability of our banks.
40 The Bill is a necessary piece in Singapore’s Smart Nation journey. It will help us build a technologically robust smart financial centre, that preserves stability while facilitating innovation and growth in the payments landscape.
41 Mr. Speaker, I beg to move.