MAS finalises crypto segregation and custody regulations

With its response to the July 2023 consultation paper, the MAS has now finalised the key segregation and custody requirements for digital payment token services. The amendments are published in the Payment Services Regulations and come into effect alongside the Payment Services (Amendment) Act 2021. The MAS has also issued related guidelines on consumer protection measures in the sector.

Response to Feedback Received on Proposed Amendments to the Payment Services Regulations’, was published on the 2nd April. As well as finalising the amendments to the Payment Services Regulations – or PSR – it provides responses to feedback received during the consultation period. It’s worth familiarising yourself with these details if you operate in the digital payment token (DPT) space, particularly if you’re a DPT service provider (DPTSP).

Requirements for DPT service providers

The paper follows previous publications outlining proposed requirements for segregation and custody of customers’ assets in this area. Following the latest consultation the key areas clarified include the following:

Limited purpose e-money: The safeguarding requirements for customers’ money are intended to apply to any money that falls within the definition of “relevant money” under section 23(14) of the Payment Services Act, regardless of whether money also constitutes limited purpose e-money.

Trust account: The finalised amendments refer to the account as a “trust account” instead of a “custody account”. This is in line with the use of the term “trust account” in other provisions of the Payment Services Act and accompanying subsidiary legislation.

Indemnity: For the indemnity agreed between the safeguarding person and the DPTSP, the safeguarding person may claim a lien, right of retention or sale, provided that the customer had consented in writing to the lien, right of retention or sale, and the DPTSP has notified the safeguarding person in writing of the written consent.

Transition: DPTSPs are encouraged to implement the requirements as soon as practicable.

Guidelines on consumer protection measures

Together with this response paper and the finalised amendments, the MAS has also published its Guidelines on Consumer Protection Measures by Digital Payment Token Service Providers which set out the regulator’s expectations on the measures a DPTSP should have in place to address consumer protection risks.

Opt-in regime: Accredited investors should be given the choice of electing for “retail customer” or “accredited investor” status. This is similar to the opt-in requirements set out in the Securities and Futures (Classes of Investors) Regulations 2018.

Segregation of customers’ assets: The MAS doesn’t mandate that a trust account must be maintained with another person. You should periodically review your arrangements for safeguarding customers’ assets and additional operational controls if you maintain the trust account yourself.

Maintenance of trust account with a safeguarding person: The guidelines provide details on the suitability assessment that needs to be conducted on the safeguarding person, applicable terms and conditions and disclosures to customers.

Risk management controls: Minimum controls for storage, movement, transfer and withdrawal of customers’ assets are all highlighted, including the management of technology risk. Ninety percent of customers’ assets should be stored in systems that aren’t connected to the internet or any other form of wireless  communication, such as cold wallets. You should also disclose in writing your processes for handling any losses of customers’ assets arising from fraud or negligence on the part of the service provider to customers.

Mitigating conflicts of interest: Clear reporting lines for safeguarding personnel should be put in place, up to a Senior Manager who is resident in Singapore. A written policy to manage the risk of conflicts of interest should identify sources of conflicts and address their effects. This should mean there’s no conflict between the duties of safeguarding personnel and those of personnel who make investment decisions, trading decisions or other discretionary decisions resulting in the transfer or disposal of customers’ assets.

Other measures include provision of written disclosures to customers, monthly statements of account and prohibition of mortgaging, hypothecating, lending and staking of retail customers’ assets.

How we can help

We regularly help payment services firms, including those who offer DPTs, with their MAS licence applications, providing regulatory and compliance support and internal audit services.

If you’re keen to expand your business footprint in Singapore, particularly in the digital assets space, we can take you through the MAS’ regulatory landscape.