FinTech regulations & compliance in Singapore.

There are no direct regulations or laws that apply to fintech companies in Singapore, however, companies must comply with regulations and compliance that apply to the financial industry. What are these regulations, and how can fintech companies meet them? Let’s find out.

Compliance for anti-money laundering and countering the financing of terrorism

Singapore issued the Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) guidelines to combat money laundering and terrorism financing, which applies to financial services, including fintech businesses.

To ensure fintech companies comply with the AML/CFT guidelines, companies must:

• Assess and mitigate the risks of money laundering (ML) and terrorist financing (TF)
• Conduct customer due diligence (CDD) and know your customer (KYC) procedures
• Conduct enhanced customer due diligence when necessary (EDD)
• Conduct regular account reviews
• Monitor and report any suspicious transaction

Assess and mitigate risks of money laundering and terrorist financing

The guidelines for assessing and mitigating risks include identifying ML and TF risks in the company, reassessing ML and TF risks before launching new products or technologies, appointing a qualified office who is in charge of AML/CF compliance, ensuring executive and BOD under the ML and TF risks, creating policies and procedures for screening new and existing staff and implement ongoing employee training programs so staff are up-to-date on AML/CFT procedures and policies.

Customer due diligence (CDD) and know your customer (KYC) procedures

CDD guidelines that fintech companies should follow include:

• Consider the customer’s background, business activity, source of income, country of origin, products used, nature and purpose of their accounts and any linked accounts and occupation.
• Obtain unique identifying information about the customer, such as date of birth, nationality, residential or business address, date of incorporation and place of incorporation.
• Determine whether the customer is from a high-risk jurisdiction.
• Determine if the customer is a Politically Exposed Person (PEP), such as heads of state and government, senior politicians and government officials, judicial or military officials, political party politicians and family members or close associates of PEPs.

KYC guidelines fintech companies should comply with are:

• Verify the identity of customers, beneficial owners or other individuals acting on their behalf.
• Create a customer profile

Enhanced customer due diligence procedures

EDD must be conducted when customers have been identified as having high-risk for ML and FT. These customers include PEPs and customers from high-risk jurisdictions.

The suggested guidelines for EDD from the Monetary Authority of Singapore (MAS) are:

• Receive approval from senior management
• Require a credit reference agency search and reference from a previous bank
• Verification of the customer’s income source
• Identify the customer’s source of funds
• Request a personal reference

Conduct regular account reviews

To comply with the AML/CL guidelines, fintech businesses must keep customer information up-to-date, ensure CDD information complies with the Personal Data Protection Act, frequently review customers who are considered as high-risks for ML and TF and implement rules for customer records that must be kept.

Monitor and report suspicious transactions

In the case that a transaction is suspicious, it must be reposted via a Suspicious Transaction Report to the Commercial Affairs Department of Singapore.

Personal data protection act compliance

Fintech companies that collect and use data are required to follow eight obligations under PDPA.

These obligations include:

• Consent, purpose limitation and notification obligation
• Access and correction obligation
• Accuracy obligation
• Protection obligation
• Retention limitation obligation
• Transfer limitation obligation
• Openness obligation
• Do not call provisions

Consent, purpose limitation and notification obligation

Fintech companies must notify their customers of the purpose of the data collected and how the data will be used or disclosed. Before any data is collected, the customer must first give their consent.

Access and correction obligation

Fintech companies must give customers access to personal data and how their data has been used. Companies must also change a customer’s personal data when requested.

Accuracy obligation

Fintech companies must verify that the customer’s personal data collected is correct.

Protection obligation

Companies should make reasonable security measures to protect personal data in order to prevent any unauthorised access, collection, disclosure, modification or disposal.

Retention limitation obligation

Once the purpose of the personal data collection has been fulfilled, fintech companies are required to dispose of the data.

Transfer limitation obligation

Personal data must not be transferred to a country outside of Singapore.

Openness obligation

Fintech companies must develop and implement policies to meet the eight obligations under the PDPA.

Do-not-call-provisions

If the fintech company intends to send marketing material to a phone number, they first must ensure that the number has not been registered on the do-not-call register or receive consent from the customer to send marketing material.

Fintech business licenses

Fintech businesses in Singapore are required to obtain licenses that are governed by the following acts:

1. Fintech companies that provide any of the following services must obtain a Capital Markets Services (CMS) License under the Securities and Futures Act (SFA)
   1. Dealing securities
   2. Trading futures contract
   3. Leveraged foreign exchange trading
   4. Advising on corporate finance
   5. Fund management
   6. REIT management
   7. Securities financing
   8. Providing custodial services for securities
   9. Providing credit rating services
2. Financial advisors (FA) license under the Financial Advisors Act (FAA)
   1. This license applies to fintech businesses that give advice on investment products, issue and promote reports on investment products, market collective investment schemes and set up life insurance policies
   2. Exemptions of this license applies to Singapore residents who provide advice on financial products (except life insurance policies) and serve less than 30 accredited investors and corporations who give advice or analysis on financial products to accredited investors.
3. Finance companies license under the Finance Companies Act (FCA)
   1. Financial companies include companies that accept fixed and saving deposits and lend money to the public or companies
4. Moneylenders license under the Moneylenders Act
   1. Moneylenders refers to any company that lends a sum of money with the expectation of a larger sum being repaid
   2. Moneylenders that do not require a moneylender license are:
      1. Credit societies
      2. Corporations that lend money to employees as a part of employee benefits

• Moneylenders who lend to accredited investors, corporations, limited liability partnerships, trustee or trustee managers and trustees of REITs

1. Money-changers license under the money-changing and remittance business act
   1. This license is issued to companies that buy or sell foreign currency notes
2. Insurance license under the Insurance Act (IA)
   1. Insurance businesses receive proposals and issue insurance policies and collect or receive premiums on policies.
3. Banking license under the Banking Act. (BA)
   1. A banking business:
      1. Receives money on current or deposit accounts
      2. Pays and collects cheques drawn or paid in by customers

Conclusion

Fintech companies must comply with the current financial regulations and laws, which include meeting the obligations under the PDPA and AML/TF guidelines. Fintech companies are also required to register with the Accounting and Corporate Regulatory Authority (ACRA). To ensure you are up-to-date with the regulations, we recommend engaging with Acclime’s professional services.