What Singapore should do for Token Regulation: My Suggestions for MAS’s Proposed DTSPs Framework
Singapore has consistently positioned itself as a forward-thinking jurisdiction, balancing innovation with robust regulatory oversight. As a fellow Singaporean, I am very proud of its future planning.
The Monetary Authority of Singapore (MAS) is seeking submissions for the Consultation Paper on the proposed regulatory approach for Digital Token Service Providers (DTSPs) under the Financial Services and Markets Act 2022.
Instead of replying to the submission directly, I will try to share my point of view openly here, offering insights, potential plans, and timelines for implementation. Before I start, I am sharing this in my personal capacity: I do not represent any self-claimed digital assets expert groups, associations, or schools.
License Application and Fee Structures
In the first half of 2024, Singapore’s fintech market saw its cryptocurrency and blockchain sectors achieve US$211.90 million across 72 deals, marking a 22% increase from US$166.30 million over 38 deals in the second half of 2023.
Singapore has been actively working on strengthening risk management frameworks for digital asset tokenization and has recently launched an initiative to expand asset tokenization within financial services.
MAS today published business conduct and consumer access measures for Digital Payment Token services in Singapore to limit potential consumer harm. They will be implemented through regulations and guidelines, which will take effect in phases from mid-2024. https://t.co/laevvAlW0a pic.twitter.com/kxBLRQG0az
— MAS (@MAS_sg) November 23, 2023
The proposed license application processes and fee structures are crucial elements that will shape the DTSP landscape in Singapore. From my perspective, MAS should consider implementing a tiered approach to both timelines and fees, reflecting the diversity of DTSPs in terms of size, complexity, and risk profile.
For timelines, I propose a three-tier system:
Fast-track (60 days): For small, low-risk DTSPs with straightforward business models.
Standard (90 days): For medium-sized DTSPs or those with moderately complex operations.
Extended (120+ days): For large, complex DTSPs or those proposing novel business models.
This tiered approach would allow MAS to allocate resources efficiently while ensuring thorough vetting of more complex applications. The fee structures can follow a similar tiered system based on the DTSP’s annual revenue or transaction volume could be implemented.
Singapore expands regulations for digital payment token service providers https://t.co/xbJBsBSjHz
— The Register (@TheRegister) April 3, 2024
Minimum Financial Requirements
The proposed minimum financial requirements are a critical safeguard against potential market disruptions and consumer losses. Based on my analysis, I believe a risk-based approach to setting these requirements is more feasible. This could involve:
Base Capital Requirement: A minimum base capital for all DTSPs, regardless of size or services offered.
Risk-Weighted Capital Requirement: Additional capital requirements based on the DTSP’s types of services offered, transaction volumes, and risk profile.
Liquidity Requirement: A minimum liquidity ratio to ensure DTSPs can meet short-term obligations.
📣 #ESMA is seeking input on Liquidity Management Tools for funds under the revised AIFMD and the #UCITS Directive.
🗓️ Send your input by 8 Octoberhttps://t.co/LxNEEX7i2O pic.twitter.com/6G2K4CVVim
— ESMA – EU Securities Markets Regulator 🇪🇺 (@ESMAComms) July 8, 2024
Specifically, providers with capital ratios above 15% were 30% less likely to face operational disruptions during periods of extreme market stress. I propose that MAS consider setting the base capital requirement at SGD 250,000, with additional risk-weighted requirements that could increase this amount up to SGD 5 million for the largest and most complex DTSPs.
Audit Requirements
The proposed duties of CEOs, directors, and partners, along with audit requirements, are fundamental to ensuring good governance and accountability in the DTSP sector. The following enhancement is recommended for consideration:
Mandatory Training: Annual training programs for CEOs and directors on regulatory compliance, risk management, and emerging trends in digital assets.
Risk Committee: DTSPs above a certain size must establish a dedicated risk committee at the board level.
Independent Directors: Mandating a minimum number of independent directors based on the DTSP’s size and complexity.
Audit Frequency: Annual external audits for all DTSPs, with additional quarterly internal audits for larger providers.
Financial markets are shifting towards asset tokenization, revolutionizing asset management and investment.#Chainlink emphasizes interoperability and data integration, echoing #TokenFi’s vision of a future where tokenized assets reshape finance.
📰👇https://t.co/87Qp3ufa3X pic.twitter.com/BGSfD8E2ss
— TokenFi (@tokenfi) April 26, 2024
Regulators are increasingly leveraging technological solutions to enhance their supervisory functions and manage vast amounts of data. Consequently, firms must engage more frequently with regulators regarding fintech and regtech developments.
Fintech companies that implement robust governance structures and conduct regular audits are indeed less likely to experience compliance breaches.
AML/CFT Measures
The measures proposed in parts 5–8 of the consultation paper, particularly those related to Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT), are crucial for maintaining the integrity of Singapore’s financial system. I propose the following enhancements:
Risk-Based Approach: Implement a tiered KYC/AML approach based on transaction volumes and risk profiles.
Technology Integration: Encourage the use of AI and machine learning for transaction monitoring and suspicious activity detection.
Regulatory Technology (RegTech) Sandbox: Establish a sandbox environment for DTSPs to test innovative compliance solutions.
For existing customers onboarded prior to licensing, I suggest a phased approach:
Phase 1 (0–6 months): Risk assessment of existing customer base
Phase 2 (6–12 months): Enhanced due diligence for high-risk customers
Phase 3 (12–18 months): Full compliance with new requirements for all customers
Correspondent Account Services
The proposed requirements for Correspondent Account Services and information sharing for law enforcement purposes are essential components of a comprehensive regulatory framework. Perhaps the following would help:
Standardized Data Format: Develop a standardized data format for information sharing across the industry.
Blockchain Analytics: Encourage the use of blockchain analytics tools to enhance transaction traceability.
Secure Information Sharing Platform: Establish a secure, centralized platform for information sharing between DTSPs and law enforcement agencies.
Blockchain analytics tools have been instrumental in recovering stolen or illicitly obtained digital assets worldwide. They allow law enforcement agencies to trace and identify suspicious cryptocurrency transactions on the blockchain, leading to asset recovery efforts.
Technology Risk Management
The draft notices FSM-N28 to FSM-N33 cover critical aspects of DTSP operations, including technology risk management, cyber hygiene, and conduct. Based on my observations, I propose the following:
Continuous Monitoring: Implement real-time monitoring systems for cyber threats and operational risks.
Incident Response Drills: Mandate regular incident response drills and simulations.
Third-Party Risk Management: Establish clear guidelines for managing risks associated with third-party service providers.
Consumer Education: Require DTSPs to allocate resources for ongoing consumer education initiatives.
Bitcoin Heist Hits Japanese Exchange DMM Bitcoin https://t.co/RPT9Vxhsnf pic.twitter.com/HCXDznWG2o
— CySecurity News (@EHackerNews) June 6, 2024
Regarding operating hours, perhaps MAS can consider a flexible approach that allows for 24/7 operations while ensuring adequate risk management and customer support. This could involve:
Core operating hours (e.g., 9 AM to 5 PM SGT) with full support services
Extended hours with automated systems and on-call support
Scheduled maintenance windows during low-volume periods
Timeline for Implementation:
To ensure a smooth transition to the new regulatory framework, I propose the following timeline:
Month 0–3: Publication of final regulations and guidelines
Month 3–6: Industry consultation and feedback period
Month 6–9: Finalization of technical specifications and reporting formats
Month 9–12: DTSP preparation and system upgrades
Month 12–18: Phased implementation of new requirements
Month 18–24: Full compliance deadline for all DTSPs
This timeline allows for a gradual implementation, giving DTSPs sufficient time to adapt their systems and processes while ensuring that the regulatory framework is fully operational within two years.
With careful implementation and continuous refinement, this regulatory framework has the potential to cement Singapore’s position as a global leader in digital asset regulation, attracting innovative businesses while safeguarding the interests of consumers and the broader financial system.