My Suggestions for MAS’s Proposed DTSPs Framework

Singapore has consistently positioned itself as a
forward-thinking jurisdiction, balancing innovation with robust regulatory
oversight. As a fellow Singaporean, I am very proud of its future planning.

The Monetary Authority of Singapore (MAS) is seeking submissions for the Consultation Paper on the proposed regulatory approach for
Digital Token Service Providers (DTSPs) under the Financial Services and
Markets Act 2022.

Instead of replying to the submission directly, I will
try to share my point of view openly here, offering insights, potential plans,
and timelines for implementation. Before I start, I am sharing this in my
personal capacity: I do not represent any self-claimed digital assets expert
groups, associations, or schools.

License Application and Fee
Structures

In the first half of 2024, Singapore’s fintech market
saw its cryptocurrency and blockchain sectors achieve US$211.90 million across
72 deals, marking a 22% increase from US$166.30 million over 38 deals in
the second half of 2023.

Singapore has been actively working on strengthening
risk management frameworks for digital asset tokenization and has recently
launched an initiative to expand asset tokenization within financial services.

The proposed license application processes and fee
structures are crucial elements that will shape the DTSP landscape in
Singapore. From my perspective, MAS should consider implementing a tiered
approach to both timelines and fees, reflecting the diversity of DTSPs in terms
of size, complexity, and risk profile.

For timelines, I propose a three-tier system:

Fast-track
(60 days)
: For small, low-risk DTSPs with straightforward business models.

Standard
(90 days)
: For medium-sized DTSPs or those with moderately complex operations.

Extended
(120+ days)
: For large, complex DTSPs or those proposing novel business models.

This tiered approach would allow MAS to allocate
resources efficiently while ensuring thorough vetting of more complex
applications. The fee structures can follow a similar tiered system based on
the DTSP’s annual revenue or transaction volume could be implemented.

Minimum Financial Requirements

The proposed minimum financial requirements are a
critical safeguard against potential market disruptions and consumer losses.
Based on my analysis, I believe a risk-based approach to setting these
requirements is more feasible. This could involve:

Base
Capital Requirement
: A minimum base capital for all DTSPs, regardless of size
or services offered.

Risk-Weighted
Capital Requirement
: Additional capital requirements based on the DTSP’s types of services offered, transaction volumes, and risk profile.

Liquidity
Requirement
: A minimum liquidity ratio to ensure DTSPs can meet short-term
obligations.

Specifically, providers with capital
ratios above 15% were 30% less likely to face operational disruptions during
periods of extreme market stress. I propose that MAS consider setting the base
capital requirement at SGD 250,000, with additional risk-weighted requirements
that could increase this amount up to SGD 5 million for the largest and most
complex DTSPs.

Audit
Requirements

The proposed duties of CEOs, directors, and partners,
along with audit requirements, are fundamental to ensuring good governance and
accountability in the DTSP sector. The following enhancement is recommended for
consideration:

Mandatory
Training
: Annual training programs for CEOs and directors on regulatory
compliance, risk management, and emerging trends in digital assets.

Risk
Committee
: DTSPs above a certain size must establish a dedicated
risk committee at the board level.

Independent
Directors
: Mandating a minimum number of independent directors based on the
DTSP’s size and complexity.

Audit
Frequency
: Annual external audits for all DTSPs, with additional quarterly
internal audits for larger providers.

Regulators are increasingly leveraging technological solutions to
enhance their supervisory functions and manage vast amounts of data.
Consequently, firms must engage more frequently with regulators regarding
fintech and regtech developments.

Fintech companies that implement robust governance
structures and conduct regular audits are indeed less likely to experience
compliance breaches.

AML/CFT Measures

The measures proposed in parts 5–8 of the consultation
paper, particularly those related to Anti-Money Laundering (AML) and Countering
the Financing of Terrorism (CFT), are crucial for maintaining the integrity of
Singapore’s financial system. I propose the following enhancements:

Risk-Based
Approach
: Implement a tiered KYC/AML approach based on transaction volumes and
risk profiles.

Technology
Integration
: Encourage the use of AI and machine learning for transaction
monitoring and suspicious activity detection.

Regulatory
Technology (RegTech) Sandbox
: Establish a sandbox environment for DTSPs to test
innovative compliance solutions.

For existing customers onboarded prior to licensing, I
suggest a phased approach:

Phase 1
(0–6 months)
: Risk assessment of existing customer base

Phase 2
(6–12 months)
: Enhanced due diligence for high-risk customers

Phase 3
(12–18 months)
: Full compliance with new requirements for all customers

Correspondent Account Services

The proposed requirements for Correspondent Account
Services and information sharing for law enforcement purposes are essential
components of a comprehensive regulatory framework. Perhaps the following
would help:

Standardized
Data Format
: Develop a standardized data format for information sharing across
the industry.

Blockchain
Analytics
: Encourage the use of blockchain analytics tools to enhance
transaction traceability.

Secure
Information Sharing Platform
: Establish a secure, centralized platform for
information sharing between DTSPs and law enforcement agencies.

Blockchain analytics tools have been instrumental in
recovering stolen or illicitly obtained digital assets worldwide. They allow law
enforcement agencies to trace and identify suspicious cryptocurrency
transactions on the blockchain , leading to asset recovery efforts.

Technology Risk Management

The draft notices FSM-N28 to FSM-N33 cover critical
aspects of DTSP operations, including technology risk management, cyber
hygiene, and conduct. Based on my observations, I propose the following:

Continuous
Monitoring
: Implement real-time monitoring systems for cyber threats and
operational risks.

Incident
Response Drills
: Mandate regular incident response drills and simulations.

Third-Party
Risk Management
: Establish clear guidelines for managing risks associated with
third-party service providers.

Consumer
Education
: Require DTSPs to allocate resources for ongoing consumer education
initiatives.

Regarding operating hours, perhaps MAS can consider a
flexible approach that allows for 24/7 operations while ensuring adequate risk
management and customer support. This could involve:

Core
operating hours (e.g., 9 AM to 5 PM SGT) with full support services

Extended
hours with automated systems and on-call support

Scheduled
maintenance windows during low-volume periods

Timeline for Implementation:

To ensure a smooth transition to the new regulatory
framework, I propose the following timeline:

Month
0–3
: Publication of final regulations and guidelines

Month
3–6
: Industry consultation and feedback period

Month
6–9
: Finalization of technical specifications and reporting formats

Month
9–12
: DTSP preparation and system upgrades

Month
12–18
: Phased implementation of new requirements

Month
18–24
: Full compliance deadline for all DTSPs

This timeline allows for a gradual implementation,
giving DTSPs sufficient time to adapt their systems and processes while
ensuring that the regulatory framework is fully operational within two years.

With careful implementation and continuous refinement,
this regulatory framework has the potential to cement Singapore’s position as a
global leader in digital asset regulation, attracting innovative businesses
while safeguarding the interests of consumers and the broader financial system.

Singapore has consistently positioned itself as a
forward-thinking jurisdiction, balancing innovation with robust regulatory
oversight. As a fellow Singaporean, I am very proud of its future planning.

The Monetary Authority of Singapore (MAS) is seeking submissions for the Consultation Paper on the proposed regulatory approach for
Digital Token Service Providers (DTSPs) under the Financial Services and
Markets Act 2022.

Instead of replying to the submission directly, I will
try to share my point of view openly here, offering insights, potential plans,
and timelines for implementation. Before I start, I am sharing this in my
personal capacity: I do not represent any self-claimed digital assets expert
groups, associations, or schools.

License Application and Fee
Structures

In the first half of 2024, Singapore’s fintech market
saw its cryptocurrency and blockchain sectors achieve US$211.90 million across
72 deals, marking a 22% increase from US$166.30 million over 38 deals in
the second half of 2023.

Singapore has been actively working on strengthening
risk management frameworks for digital asset tokenization and has recently
launched an initiative to expand asset tokenization within financial services.

The proposed license application processes and fee
structures are crucial elements that will shape the DTSP landscape in
Singapore. From my perspective, MAS should consider implementing a tiered
approach to both timelines and fees, reflecting the diversity of DTSPs in terms
of size, complexity, and risk profile.

For timelines, I propose a three-tier system:

Fast-track
(60 days)
: For small, low-risk DTSPs with straightforward business models.

Standard
(90 days)
: For medium-sized DTSPs or those with moderately complex operations.

Extended
(120+ days)
: For large, complex DTSPs or those proposing novel business models.

This tiered approach would allow MAS to allocate
resources efficiently while ensuring thorough vetting of more complex
applications. The fee structures can follow a similar tiered system based on
the DTSP’s annual revenue or transaction volume could be implemented.

Minimum Financial Requirements

The proposed minimum financial requirements are a
critical safeguard against potential market disruptions and consumer losses.
Based on my analysis, I believe a risk-based approach to setting these
requirements is more feasible. This could involve:

Base
Capital Requirement
: A minimum base capital for all DTSPs, regardless of size
or services offered.

Risk-Weighted
Capital Requirement
: Additional capital requirements based on the DTSP’s types of services offered, transaction volumes, and risk profile.

Liquidity
Requirement
: A minimum liquidity ratio to ensure DTSPs can meet short-term
obligations.

Specifically, providers with capital
ratios above 15% were 30% less likely to face operational disruptions during
periods of extreme market stress. I propose that MAS consider setting the base
capital requirement at SGD 250,000, with additional risk-weighted requirements
that could increase this amount up to SGD 5 million for the largest and most
complex DTSPs.

Audit
Requirements

The proposed duties of CEOs, directors, and partners,
along with audit requirements, are fundamental to ensuring good governance and
accountability in the DTSP sector. The following enhancement is recommended for
consideration:

Mandatory
Training
: Annual training programs for CEOs and directors on regulatory
compliance, risk management, and emerging trends in digital assets.

Risk
Committee
: DTSPs above a certain size must establish a dedicated
risk committee at the board level.

Independent
Directors
: Mandating a minimum number of independent directors based on the
DTSP’s size and complexity.

Audit
Frequency
: Annual external audits for all DTSPs, with additional quarterly
internal audits for larger providers.

Regulators are increasingly leveraging technological solutions to
enhance their supervisory functions and manage vast amounts of data.
Consequently, firms must engage more frequently with regulators regarding
fintech and regtech developments.

Fintech companies that implement robust governance
structures and conduct regular audits are indeed less likely to experience
compliance breaches.

AML/CFT Measures

The measures proposed in parts 5–8 of the consultation
paper, particularly those related to Anti-Money Laundering (AML) and Countering
the Financing of Terrorism (CFT), are crucial for maintaining the integrity of
Singapore’s financial system. I propose the following enhancements:

Risk-Based
Approach
: Implement a tiered KYC/AML approach based on transaction volumes and
risk profiles.

Technology
Integration
: Encourage the use of AI and machine learning for transaction
monitoring and suspicious activity detection.

Regulatory
Technology (RegTech) Sandbox
: Establish a sandbox environment for DTSPs to test
innovative compliance solutions.

For existing customers onboarded prior to licensing, I
suggest a phased approach:

Phase 1
(0–6 months)
: Risk assessment of existing customer base

Phase 2
(6–12 months)
: Enhanced due diligence for high-risk customers

Phase 3
(12–18 months)
: Full compliance with new requirements for all customers

Correspondent Account Services

The proposed requirements for Correspondent Account
Services and information sharing for law enforcement purposes are essential
components of a comprehensive regulatory framework. Perhaps the following
would help:

Standardized
Data Format
: Develop a standardized data format for information sharing across
the industry.

Blockchain
Analytics
: Encourage the use of blockchain analytics tools to enhance
transaction traceability.

Secure
Information Sharing Platform
: Establish a secure, centralized platform for
information sharing between DTSPs and law enforcement agencies.

Blockchain analytics tools have been instrumental in
recovering stolen or illicitly obtained digital assets worldwide. They allow law
enforcement agencies to trace and identify suspicious cryptocurrency
transactions on the blockchain , leading to asset recovery efforts.

Technology Risk Management

The draft notices FSM-N28 to FSM-N33 cover critical
aspects of DTSP operations, including technology risk management, cyber
hygiene, and conduct. Based on my observations, I propose the following:

Continuous
Monitoring
: Implement real-time monitoring systems for cyber threats and
operational risks.

Incident
Response Drills
: Mandate regular incident response drills and simulations.

Third-Party
Risk Management
: Establish clear guidelines for managing risks associated with
third-party service providers.

Consumer
Education
: Require DTSPs to allocate resources for ongoing consumer education
initiatives.

Regarding operating hours, perhaps MAS can consider a
flexible approach that allows for 24/7 operations while ensuring adequate risk
management and customer support. This could involve:

Core
operating hours (e.g., 9 AM to 5 PM SGT) with full support services

Extended
hours with automated systems and on-call support

Scheduled
maintenance windows during low-volume periods

Timeline for Implementation:

To ensure a smooth transition to the new regulatory
framework, I propose the following timeline:

Month
0–3
: Publication of final regulations and guidelines

Month
3–6
: Industry consultation and feedback period

Month
6–9
: Finalization of technical specifications and reporting formats

Month
9–12
: DTSP preparation and system upgrades

Month
12–18
: Phased implementation of new requirements

Month
18–24
: Full compliance deadline for all DTSPs

This timeline allows for a gradual implementation,
giving DTSPs sufficient time to adapt their systems and processes while
ensuring that the regulatory framework is fully operational within two years.

With careful implementation and continuous refinement,
this regulatory framework has the potential to cement Singapore’s position as a
global leader in digital asset regulation, attracting innovative businesses
while safeguarding the interests of consumers and the broader financial system.


Credit: Source link

Leave A Reply

Your email address will not be published.