FinTech regulations & compliance in Singapore.
Posted in Corporate governance

There are no direct regulations or laws that apply to fintech companies in Singapore, however, companies must comply with regulations and compliance that apply to the financial industry. What are these regulations, and how can fintech companies meet them? Let’s find out.
Singapore issued the Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) guidelines to combat money laundering and terrorism financing, which applies to financial services, including fintech businesses.
To ensure fintech companies comply with the AML/CFT guidelines, companies must:
The guidelines for assessing and mitigating risks include identifying ML and TF risks in the company, reassessing ML and TF risks before launching new products or technologies, appointing a qualified office who is in charge of AML/CF compliance, ensuring executive and BOD under the ML and TF risks, creating policies and procedures for screening new and existing staff and implement ongoing employee training programs so staff are up-to-date on AML/CFT procedures and policies.
CDD guidelines that fintech companies should follow include:
KYC guidelines fintech companies should comply with are:
EDD must be conducted when customers have been identified as having high-risk for ML and FT. These customers include PEPs and customers from high-risk jurisdictions.
The suggested guidelines for EDD from the Monetary Authority of Singapore (MAS) are:
To comply with the AML/CL guidelines, fintech businesses must keep customer information up-to-date, ensure CDD information complies with the Personal Data Protection Act, frequently review customers who are considered as high-risks for ML and TF and implement rules for customer records that must be kept.
In the case that a transaction is suspicious, it must be reposted via a Suspicious Transaction Report to the Commercial Affairs Department of Singapore.
Fintech companies that collect and use data are required to follow eight obligations under PDPA.
These obligations include:
Fintech companies must notify their customers of the purpose of the data collected and how the data will be used or disclosed. Before any data is collected, the customer must first give their consent.
Fintech companies must give customers access to personal data and how their data has been used. Companies must also change a customer’s personal data when requested.
Fintech companies must verify that the customer’s personal data collected is correct.
Companies should make reasonable security measures to protect personal data in order to prevent any unauthorised access, collection, disclosure, modification or disposal.
Once the purpose of the personal data collection has been fulfilled, fintech companies are required to dispose of the data.
Personal data must not be transferred to a country outside of Singapore.
Fintech companies must develop and implement policies to meet the eight obligations under the PDPA.
If the fintech company intends to send marketing material to a phone number, they first must ensure that the number has not been registered on the do-not-call register or receive consent from the customer to send marketing material.
Fintech businesses in Singapore are required to obtain licenses that are governed by the following acts:
Fintech companies must comply with the current financial regulations and laws, which include meeting the obligations under the PDPA and AML/TF guidelines. Fintech companies are also required to register with the Accounting and Corporate Regulatory Authority (ACRA). To ensure you are up-to-date with the regulations, we recommend engaging with Acclime’s professional services.
We are a premier provider of professional formation, accounting, tax, HR & advisory services in Singapore, focusing on providing high-quality outsourcing and consulting services to our international clients in Singapore and throughout the region.