Singapore
Financial Sector Assessment Program-Technical Note-Fintech: Implications for the Regulation and Supervision of the Financial Sector

This technical note examines the implications of fintech for the regulation and supervision of the Singaporean financial services sector. It provides an overview of the financial system with a focus on fintech developments. The note looks at not only fintech developments but also the institutional setup as well as Monetary Authority of Singapore’s (MAS) approach to fintech. The MAS has so far managed to strike the right balance between innovation and safety and soundness. MAS has responded quickly to the challenges of fintech. The impact of fintech on the financial services sector has largely been internalized by financial institutions (FI). FIs are swiftly digitizing and modernizing their systems, products and business models. Because of their market knowledge and higher investment capacities, incumbent FIs are getting better at providing services and products by adopting new technologies or improving existing ones. The note also recommends that it is imperative to develop a cyber network map that considers both financial linkages and Information and Communications Technology connections and use it for cyber risk surveillance.

Abstract

This technical note examines the implications of fintech for the regulation and supervision of the Singaporean financial services sector. It provides an overview of the financial system with a focus on fintech developments. The note looks at not only fintech developments but also the institutional setup as well as Monetary Authority of Singapore’s (MAS) approach to fintech. The MAS has so far managed to strike the right balance between innovation and safety and soundness. MAS has responded quickly to the challenges of fintech. The impact of fintech on the financial services sector has largely been internalized by financial institutions (FI). FIs are swiftly digitizing and modernizing their systems, products and business models. Because of their market knowledge and higher investment capacities, incumbent FIs are getting better at providing services and products by adopting new technologies or improving existing ones. The note also recommends that it is imperative to develop a cyber network map that considers both financial linkages and Information and Communications Technology connections and use it for cyber risk surveillance.

Executive Summary

Fintech developments hold the promise of having a far-reaching impact on the Singaporean financial services sector, bringing both opportunities and new risks. Technological innovation is one of the most influential developments affecting the financial sector. While fintech promises opportunities for new entrants and incumbents, innovation and change introduce new risks for clients, financial institutions (FIs) and the system. Early indications suggest that while a significant amount of activity has taken place across the financial services landscape, the impact is largely characterized as helping incumbents deliver financial services in a more efficient manner as opposed to disrupting existing business models. Nonetheless, disruption could be around the corner.

The Monetary Authority of Singapore (MAS) has so far managed to strike the right balance between innovation and safety and soundness. MAS has responded quickly to the challenges of fintech. Regionally, MAS is seen as a leading example in its approach to fintech, contributing to emerging policy discussions such as the ethical use of artificial intelligence (AI) and data analytics. MAS is among several authorities globally to design and implement a regulatory sandbox. Nonetheless, experience to date shows that fintech has the potential to test the boundaries of regulation. New technologies develop rapidly outside of traditional regulatory barriers, as seen in the case of crypto-assets and new payment solutions developed by non-financial firms. In the absence of internationally-agreed standards, regulators globally are challenged to develop an appropriate response. The highly dynamic nature of fintech requires ongoing refinements to regulations and supervision to ensure an appropriate balance between opportunities and risks.

The potential medium-term efficiency-stability trade-offs associated with fintech is one example where a balanced approach is needed. On the one hand, technology adoption in the financial sector can lower the cost of financial intermediation, the unit cost of which is around 1.5 to 2 percent in Singapore. Fintech development has the potential to lower it further. The government can play a role in supporting fintech development as Singapore already has a high level of financial development and further innovation by FIs may occur slowly. On the other hand, fintech adoption can have financial stability implications through its impact on the market structure of the financial sector. Together with uncertainty surrounding technology, competition between FIs may hypothetically induce more risk-taking behavior and pose challenges to maintaining a low-risk profile of the financial sector. There is a dual role that MAS needs to play, and the challenge is to strike the right balance between encouraging innovation and enhancing stability.

The impact of fintech on the financial services sector has largely been internalized by FIs. FIs are swiftly digitizing and modernizing their systems, products and business models. Because of their market knowledge and higher investment capacities, incumbent FIs are getting better at providing services and products by adopting new technologies or improving existing ones. Enabling technologies such as cloud computing, big data, AI and distributed ledger technology (DLT) are being adopted or actively considered as a means of enhancing their current products, services and operations. Established market players are mostly partnering with fintech firms to digitize and modernize their operations.

The main risks to the financial sector emanating from fintech are operational and technology-related risks. Fintech developments have spurred a rapid and accelerating adoption of technology. While direct competition from new fintech entrants is muted, established FIs are competing to retain market share and protect margins, with innovation capacity one of the leading factors driving success. Incumbent FIs are quickly digitizing and modernizing their front, middle and back-end information technology (IT) architectures. Execution risks to implement new strategies and manage business and technology risks are increasingly top risk priorities. Yet a complicating factor are banks’ legacy systems with older, slower, and less agile systems increasing banks’ inherent risk profile. Additionally, an increasing use and reliance on third-party service providers is evident in the sector.

Operational and technology-related risks deserve heightened supervisory intensity. The role of technology is becoming more pervasive in the delivery of financial services. MAS recognizes that IT risk is becoming more prominent and has made several revisions to its regulations to encourage better risk management and resilience. Cyber and third-party risk management are two areas that deserve ongoing attention. MAS should consider formalizing and clarifying that it may require pre-notification of material outsourcing arrangements where MAS is not satisfied that a bank has managed its outsourcing risk adequately.

The potential for reputational risk from the regulatory sandbox needs to be monitored. The sandbox is new, and MAS noted its benefits of facilitating innovation in a controlled environment. The main challenge is to strike a balance between the benefits of fintech firms experimenting in a live environment while mitigating potential downside risks.

The potential expansion of digital token services will require ongoing monitoring, flexible use of current supervisory powers, and readiness for regulatory change, if warranted. While financial stability risks from digital token trading appear limited, the number of Singapore-based crypto-exchanges may increase following the enactment of the new Payment Services Act (PS Act). Although the Act enhances MAS’ powers over crypto-exchanges trading digital payment tokens, they focus on financial integrity and do not provide MAS with the same type of prudential, investor protection or market integrity powers as currently applied to crypto-exchanges trading securities tokens. Many crypto-exchanges operate through a global network of affiliated entities and are quick to change their structures to react to regulatory developments. Any hack, failure or other incident in their systems may create a reputational risk to MAS despite its specific regulatory focus.

Addressing the money laundering and terrorist financing (ML/TF) risks has been a key part of MAS’ regulatory approach to digital tokens. That approach is broadly in line with the current Financial Action Task Force (FATF) standard. Anti-money laundering and combating the financing of terrorism (AML/CFT) requirements apply to reporting entities regardless of whether the transactions are conducted in fiat currency or digital tokens. All providers of services in digital securities and payment tokens will shortly be subject to MAS’ AML/CFT purview, except standalone custodian wallet providers, which Singapore intends to cover in the next legislative phase. While comprehensive, Singapore’s approach nevertheless requires some further adjustments in light of the ongoing FATF discussions, which Singapore is committed to undertake.

Table 1.

Singapore: Main Recommendations on Fintech

article image

C = continuous; I (immediate) = within one year; ST = Short Term (within 1- 2 years); MT = Medium Term (within 3–5 years)

Introduction and Background

1. This technical note (TN) examines the implications of fintech for the regulation and supervision of the Singaporean financial services sector.1 The TN is divided into three sections. The first section provides an overview of the financial system with a focus on fintech developments. In this section, the TN looks at not only fintech developments but also the institutional set-up as well as MAS’ approach to fintech. The second section examines the medium-term financial stability efficiency trade-offs from fintech. In this section, the TN conducts an original analysis of the mechanisms through which fintech may change financial intermediation and affect financial stability. The last section will build upon the analytical framework and dive deep into the main findings relating to the implications for the regulation and supervision of fintech.

2. While the descriptive section of the TN will take a broad view of fintech developments, the subsequent analytical sections will be more focused. Fintech developments are impacting all segments of the financial system. The Financial Stability Board (FSB) developed a framework to categorize fintech developments into five categories by economic function, including: (i) payments, clearing and settlement; (ii) deposits, lending and capital raising; (iii) insurance; (iv) investment management; and (v) market support. While the description of the Singaporean financial system will cover all five categories, the respective analytical sections will omit insurance and payments, clearing and settlement.

3. The mission has opted to use the Financial Stability Board’s working definition for fintech as “technologically enabled financial innovation that could result in new business models, applications, processes, or products with an associated material effect on financial markets and institutions and the provision of financial services.”2

4. The TN will use this assessment as well as recently completed peer assessments conducted by the BCBS, FSB and FATF as inputs. The 2013 FSAP undertook a comprehensive assessment of Singapore’s financial system and its oversight and found MAS’ supervision and regulation to be highly compliant with internationally agreed standards. Singapore’s AML/CFT framework also underwent a mutual evaluation by the FATF and the Asia/Pacific Group on Money Laundering (APG) in 2016.

5. The TN draws upon guidance developed by global standard-setting bodies to support the analysis and policy recommendations. Unlike topics such as capital adequacy, liquidity, investor protection and the like, no formally binding standards exist for fintech with the exception of the October 2018 FATF standard related to virtual asset service providers.3 That being said, a lot of guidance has been issued (e.g., by standard setting bodies, IMF, FSB, etc.). The TN anchors views and recommendations using international standards, guidance and relevant frameworks (e.g., FSB publications, BCBS guidance, Bali FinTech Agenda, FATF Recommendations, etc.).

A. Overview of the Singaporean Financial Sector

6. Singapore is a very open economy and its financial system is developed, inclusive, and dominated by banks. As a highly open economy, the large financial system has significant cross-border linkages (notably, dollar funding) and exposures, especially to China and ASEAN countries. Branches and subsidiaries of international banks have a large presence. Bank assets equal about 600 percent of GDP (see Table 2). Though less systemically important than banks, insurance companies have grown in recent years and their assets equal 56 percent of GDP, and Singapore is an important regional center for reinsurance. The asset management industry is also very large (assets under management equal 729 percent of GDP), but it caters mainly to foreign investors and invests mostly outside of Singapore. The financial inclusion is very high in Singapore.4

Table 2.

Singapore: Financial Sector Structure (2013–2018Q2)

(In billions of Singapore dollars)

article image
Sources: MAS; Haver; and IMF staff calculations.

Data from the Central Provident Fund.

Data for 2017.

Based on annual Singapore Asset Management Survey for 2013 and 2017. Financial Institutions surveyed and responded include Banks, Capital Markets Services licensees and other financial sector entities conducting asset management activities.

AUM = Assets under management.

As at March 31, 2013.

Registered and licensed fund managers.

Other holders of CMS license comprise real estate investment trust managers, credit rating agencies, and corporate finance advisers.

The MAS has designated three local banking groups and four foreign banking groups as D-SIBs in April 2015, which comprise twelve individual D-SIB entities.

Foreign banks include foreign D-SIBs.

Data not available.

Not reported.

7. The three largest banks are locally-headquartered but foreign banks have a significant presence. In April 2015, MAS designated seven banking groups as domestic systemically important banks (D-SIBs), including the three local banking groups (DBS Bank, Oversea-Chinese Banking Corporation, and United Overseas Bank) and four foreign banking groups. The local D-SIBs provide a full range of financial services in retail and institutional banking as well as wealth management. They represent only 30 percent of all financial sector assets but account for about 60 percent of domestic loans to non-banks and over 80 percent of mortgage loans. They also have significant cross-border lending to China and ASEAN countries (25 percent of their lending to non-banks), which picked up strongly in 2017–18. In recent years, their reliance on fee income from wealth and fund management increased substantially.

8. The asset management industry channels funds from around the world to the region. As of end-2017, there were 715 licensed and registered fund managers in Singapore. Financial institutions’ assets under management (AUM)5 grew by 15 percent per year in the last five years to reach approximately 701 percent of GDP in 2017 (Table 2).6 Even though it is large, its links to the economy are limited because most of its activity is cross-border. Some 78 percent of assets under management are sourced from abroad, and 67 percent are invested outside Singapore in the Asia-Pacific region. Resident collective investment schemes, which intermediate savings of Singaporean individuals, are significantly smaller at 23 percent of GDP.7 Asset managers comprise about 23 percent of all securities financing activity in Singapore, against which banks are the primary counterparty. In addition to GIC and Temasek, seven large foreign public investors maintain offices in Singapore.

B. Market Developments and Trends

9. Singapore’s fintech ecosystem is thriving. Fintech developments in Singapore may be classified as either: (a) the use of existing and new technologies that have spurred innovation that could transform the provision of financial services by incumbent FIs, or (b) new financial services offered by technology firms. Fintech has brought about lower costs, enhanced capabilities and improved customer experiences. As of November 2018, Singapore boasted approximately 564 fintech start-ups and more than 30 innovation labs (see SFA and singaporefintech.org). A number of factors have helped support the flourishing fintech ecosystem in Singapore (see Box 1).

10. Fintech developments are impacting each segment of the financial sector. To understand fintech developments, we have divided the financial sector into six sub-categories: payments, clearing and settlement; deposits, lending and capital raising; insurance; investment management; crypto-assets, and market support8

  • Payments, clearing and settlement. Singapore’s payments sector has been one of the most active markets for fintech developments and it is an area where new entrants are competing head-to-head with incumbent payment service providers. This trend is expected to continue, with the number of adopters both on the consumer and merchant front increasing. Remittance businesses—which have traditionally accepted cash at a physical storefront—have evolved to conducting businesses online. Payments is also an area where competition from big technology (Bigtech) firms is possible e.g., Alipay, Google Pay etc. In this regard, there is a movement in other regional markets (notably China) to financial services being delivered via platform-based providers.

  • Deposits, lending and capital raising. Established banks continue to dominate this market and fintech developments in this category have occurred largely through collaboration between incumbents and fintech players (business-to-business, B2B). Alternative sources of financing are nascent (see Appendix I).9 Banks in Singapore approach fintech as an opportunity for collaborative partnerships (such as by setting up innovation labs), rather than a disruptive threat However, disruption cannot be ruled out Further rapid digitization of main business lines is expected. Incumbents are seeing strong growth of customer base. Currently, there are no digital-only fintech banks operating in Singapore.10

  • Insurance. Similar to the banking sector, there has been rising interest to leverage on technological advancements to improve the customer experience and revamp existing manual processes within the insurance sector. Arising from this, some insurers have set up innovation hubs in Singapore to experiment with incorporating technological solutions into existing business models. Several new start-ups have entered the market to develop solutions targeted at improving specific segments of the insurance value chain, e.g., adoption of digital distribution channels, use of connected devices to facilitate more granular data collection, and automation/digitalization of manual processes for efficiency gains.

  • Investment management. The most significant use of fintech in investment management is the development of digital advisers (also known as robo-advisers). In terms of product offerings, digital advisers typically offer model portfolios comprising ETFs and low-cost diversified investment products such as indexed funds. Various digital financial planning solutions are also provided.

  • Crypto-assets. The market for crypto-assets (digital tokens) is small but growing. There are several crypto-exchanges and crypto-derivatives exchanges in Singapore. Collective investment schemes (CIS) or funds offered to retail investors in Singapore can only invest in securities tokens that meet the requirements for transferable securities under the Code on CIS,11 but not other digital tokens.

  • Market support. Cloud services are increasingly adopted by financial institutions in Singapore as part of their workflows.12 The applications utilized include cloud-based office productivity suites, customer relationship management, and treasury management solutions to price and value financial instruments for risk management By and large, financial institutions are not moving their core banking systems to the cloud yet, however, one domestic bank has made significant progress toward use of a private cloud solution. Open banking (Open API) is another key consideration in the use of third-party service providers.

Five Factors Crucial to Success of Fintech Five factors are crucial to the success of fintech developments:1/

Government support. Singapore’s Smart Nation Agenda has been instrumental in enabling innovation that underlies new frontiers for financial services.

Conducive regulatory framework. MAS has been active in the fintech space from both a regulatory standpoint and as a collaborator promoting actions that are conducive to fintech development.

Developed markets. Singapore is a preferred location in the ASEAN region for fintech start-ups to develop a proof-of-concept. Singapore boasts a variety of successful fintechs that have migrated from incubator to fully-fledged businesses.

Availability of capital. MAS has been instrumental in supporting innovation financially as a part of the S$225 million Financial Sector Technology and Innovation (FSTI) funding scheme.2/ To complement this, the Intellectual Property Office of Singapore (IPOS) has launched a new fintech Fast Track Initiative which aims to shorten the patent application time for fintech companies from two years to six months.

Talent. The Singaporean government has invested heavily in developing requisite skills and competencies to support the growth of fintech. For example, the IMDA and MAS, together with SkillsFuture Singapore, six local universities, and five financial associations launched the TechSkills Accelerator to strengthen Singapore’s fintech talent pool. MAS also agreed on a framework to review and enhance the polytechnics curricula to better prepare and equip graduates with skills needed to fill new fintech-related jobs. It is estimated by the Singapore Fintech Association that Singapore boasts some 3,000 trained fintech professionals and a further 7,500 students currently in training.

1/ Global FinTech Hubs Federation, Deloitte ‘Connecting Global FinTech report’ in April 2017. See http://Deloitte.co.uk/fintechhubs.2/ The FSTI scheme supports (a) the establishment of innovation labs in Singapore, (b) innovation projects by FIs e.g., in the areas of AI and data analytics, (c) industry-wide technology infrastructure or utility projects for delivery of new and integrated services, (d) early stage development of innovative projects, and (e) development of advanced cybersecurity functions in Singapore based FIs

C. Forward Looking Scenarios of the Impact of Fintech

11. The impact of fintech on the financial services sector has largely been internalized within the regulatory perimeter, called “the better bank.”13 Incumbent FIs are swiftly digitizing and modernizing themselves to retain the customer relationship and core banking services, leveraging enabling technologies to change their current business models. Because of their market knowledge and higher investment capacities, incumbent FIs are getting better at providing services and products by adopting new technologies or improving existing ones. Enabling technologies such as cloud computing, big data, AI and DLT are being adopted or actively considered as a means of enhancing their current products, services and operations. Established market players are mostly partnering with fintech firms to digitize and modernize their front and back-end operations. Incumbents are adopting technology at a faster pace than in previous periods. Using these five scenarios, the impact of fintech on the financial services sector is most closely aligned with the ‘the better bank” scenario (see also Appendix II). Singapore fintech—and more broadly the ASEAN region—is dominated by financial services provided directly to consumers by established FIs. In this scenario, new channels/products will complement existing ones which is largely reflective of the experience in Singapore presently.

Potential Scenarios for Fintech Developments

The five scenarios are:

The better bank. Modernization and digitization of incumbent players;

The new bank. Replacement of incumbents by challenger banks;

The distributed bank. Fragmentation of financial services among specialized fintech firms and incumbent banks;

The relegated bank Banks become commoditized service providers and customer relationships are owned by new instruments; and,

The disintermediated bank. Banks have become irrelevant as customers interact directly with individual financial service providers.

12. While partnership between fintech firms and established players in Singapore is likely to improve economic efficiency, future disruption is possible especially when fintech development begins to change the market structure. Innovation is occurring at a fast pace and new technologies, products, and channels are being created quickly. The payments sector and SME lending are two segments where fintech firms are entering financial service which is occurring globally and in Singapore. In these areas, innovation and market penetration by several Bigtech firms could potentially disrupt established channels, e.g., global and regional players including Google, Amazon, Alibaba, Grab and others through their payment and other financial services. In the medium term, fintech development can have significant implications for financial stability through its impact on the market structure of financial services.

13. The key risks under the ‘better bank’ scenario focus on the execution risk related to the implementation of the new strategy (banks’ ability to manage and effectively implement both the technology and business process changes) and the strategic and profitability risks. While some aspects of operational risk management may benefit from improved and more efficient banking processes, operational risk may increase because of the further development of cyber-risks and increased reliance on outsourcing. Indeed, the incumbent banks, which still carry legacy technologies and premises, are likely to accelerate the transition from legacy environments to new digital platforms. The new digitized environment may raise cyber-security risk in its various forms. This scenario also raises issues about the supervisory authorities’ ability to effectively supervise the new technologies and products.

D. Institutional Setting

14. MAS is an integrated risk-based regulator with responsibility for approximately 1,200 institutions consisting of: banking, finance companies, insurance companies and insurance brokers, holders of capital markets services licenses, holders of financial advisers’ licenses, and licensed trust companies. MAS operates on a single agency model – it is the central bank, integrated financial supervisor as well as financial sector developer. MAS is responsible for both prudential and conduct regulation of financial services.

15. The focus of MAS’ regulation and supervision is on the safety and soundness of financial intermediaries in Singapore. MAS’ principal objective is to “foster a sound and reputable financial center” set out in section 4 of the MAS Act. The functions of MAS are to conduct integrated supervision of financial services and financial stability surveillance, as also enshrined in the same section of the Act.

Technologies Driving Innovation There are three technologies that are currently shaping fintech developments globally and locally within Singapore:1/

DLT. Distributed Ledger Technology has brought about significant changes to financial services. Some DLT developments focus on facilitating value transfer exchanges between parties without the need for intermediation by traditional financial sector participants (such as central counterparties and central securities depositories), while others target the efficiency of the intermediary functions (without challenging the role of intermediaries), by reducing settlement times or improving the transparency of recordkeeping and reporting. Depending on the DLT solution, other benefits could include eliminating data duplication and reducing maintenance costs to support different databases.

AI/ML/data analytics. AI makes possible advanced analytical tools that, by leveraging the capability to process large volumes of data, support innovative solutions for business needs. This capability enables the development of multichannel customer access, increased self-service by customers, ability to gain greater insight into customer needs and the provision of more tailored or customized services. There is an increasing use of AI/ML for the determination of credit limits, although the accuracy and validity of these models is as yet unproven. Many fintech companies have leveraged these capabilities to provide data collection, aggregation and storage services advanced data analytics and personal finance management directly to customers.

Cloud. Cloud computing allows the sharing of on-demand computer processing resources in a way that promotes efficiencies and economies of scale. While potential cost savings is one benefit, computing power is another and also security. Many banks are experimenting with cloud solutions (e.g., public, private and hybrid) mainly for non-mission critical applications such as HR.

One technology is emerging that may shape the future:

Open Banking. The use of Open APIs enables third-party developers to build applications and services around financial institutions. There are several jurisdictions that have implemented a version of Open Banking including the EU (via GDPR), the United Kingdom, and Australia. It allows access to data which is a cherished commodity in financial services, potentially allowing fintechs to access financial data and develop solutions to capture the customer relationship.

1/ See BCBS, Sound Practices: “Implications of fintech developments for banks and bank supervisors,” February 2018.

E. Recent Regulatory Initiatives

16. MAS is active at seeking ways to optimize the use of technology in its supervisory approach. Over several years MAS has made considerable progress to embrace fintech in its supervisory processes. Highlights include:

  • SupTech. MAS is investing heavily in systems, people and processes internally to improve efficiencies in regulatory reporting and analytical capabilities.

  • Data analytics and AI. MAS is a leader in developing guidance for the responsible and ethical use of AI and data analytics by financial institutions.

  • Global collaboration. MAS collaborates globally, signing MoUs with a wide-range of regulators.

  • Monitoring. MAS has extended its surveillance and market intelligence gathering to include emerging lines of business and technologies (e.g., securities crowd funding and crypto-assets) to help monitor market developments.

17. One of the initiatives to foster development of fintech is the establishment of a regulatory sandbox (see Box 4). MAS launched a regulatory sandbox in 2016 with the objective of enabling firms to experiment with innovative financial products or services in a safe environment. A regulatory sandbox usually refers to live testing of new products or services in a controlled environment. Sandbox approaches aim at encouraging fintech experimentation, especially with technologies that do not fit easily into the current regulatory framework. Sandboxes often involve a temporary and risk-proportionate relaxation of certain regulatory or licensing requirements to enable firms to test new financial services and products in a live environment but within acceptable boundaries and safeguards—which is the approach adopted by MAS.

Medium-Term Efficiency-Stability Trade-Off of Fintech

A. Global Fintech Market Structure14

18. Financial innovation can influence the market structure of financial sector. The market structure of financial services includes market characteristics such as the number and size of incumbent financial institutions, pricing power of these institutions, barriers of entry and exit, and access to new technologies among other factors. There are also demand considerations such as the degree of financial inclusion and the price elasticity of demand for financial services. Several technologies have the potential to reshape the supply and demand for financial services. For example, the penetration of smart phones globally has enabled financial institutions to offer new convenient, free mobile banking services and have gradually changed customer behavior and expectations. The use of APIs has become the standard for sharing data which offers platforms for third parties to innovate. Cloud computing provides financial institutions with solutions to achieving scalable, flexible and cost-effective operations.

MAS’ Regulatory Sandbox

MAS’ sandbox allows live experiments within boundaries. The concept is to enable financial institutions (as well as fintech players) to experiment with innovative financial products or services in the production environment but within a well-defined space and duration. It includes appropriate safeguards to contain the consequences of failure and maintain the overall safety and soundness of the financial system. The regulatory sandbox relies on existing regulations that are administered by MAS and provides a platform for both regulated and unregulated firms to experiment with innovative ideas and proposals. The majority of entities admitted into the sandbox are adopting a business-to-consumer (B2C) product or service offering. As of July 2018, five entities had been admitted to the sandbox, of which three were licensed and two exempted from licensing during the sandbox period.

Entry into the sandbox needs to satisfy seven evaluation criteria, including:

  • The proposed financial service includes new or emerging technology or uses existing technology in an innovative way.

  • The proposed financial service addresses a problem or brings benefits to consumers or the industry.

  • The applicant has the intention and ability to deploy the proposed financial service in Singapore on a broader scale after exiting the sandbox.

  • The test scenarios and expected outcomes of the sandbox experimentation are clearly defined, and the sandbox entity reports to MAS on the test progress based on an agreed schedule.

  • The appropriate boundary conditions are clearly defined.

  • Significant risks arising from the proposed financial service are assessed and mitigated.

  • An acceptable exit and transition strategy is clearly defined.

While the regulation and supervisory approach for entities in the sandbox are technically the same as for other regulated firms, some rules are earmarked for relaxation. The exact authorization/registration criteria will differ depending on the type of activity each firm is undertaking. The criteria MAS applies include: a good track record and reputation of the applicant; sound financials; management competency and expertise; a well-developed business strategy, and the adequacy of risk management systems. In addition to the assessment criteria, the guidelines identify aspects of the regulatory framework MAS is prepared to consider relaxing for the duration of the sandbox. Examples of “possible to relax” requirements include:

  • Minimum paid-up capital

  • Management experience

  • Board composition

  • Track record

  • Relative size

The guidelines also identify requirements that MAS intends to maintain. These relate to the confidentiality of customer information, fit and proper criteria particularly on honesty and integrity, handling of customers money and assets by intermediaries, and AML/CFT. Maintaining these requirements is clearly beneficial in protecting customers of sandbox firms from undue risks. Similarly, ensuring that AML/CFT measures must always be complied with is essential in ensuring financial integrity.

19. Fintech can have implications for financial stability through its impact on the market structure of financial services. Fintech development can change the competition between fintech and financial institutions and that among financial institutions. Numerous studies have shown that the relationship between competition in the financial sector and financial stability is non-linear.15 Due to implicit or explicit government guarantees, the moral hazard problem exists when there are a few dominant players in the financial sector or when competition is so high that banks with low franchise values would engage in riskier investment. Fintech can influence systemic risk in the financial system through its impact on the market structure of the financial sector.

20. Direct competition between fintech firms and incumbent financial institutions can encourage innovation and improve efficiency but could also affect the risk-taking behavior of financial institutions. New fintech firms may have an advantage in direct competition with the incumbent because they do not have a legacy system. Fintech credit and P2P lending platforms that operate independently from financial institutions are often seen as direct competitors to bank lending. Such direct competition between fintech and incumbents may enhance the efficiency of financial services but would also erode the profitability of incumbent institutions. Financial institutions with heavy legacy systems and less expertise in technology would likely lose from direct competition. With a lower franchise value and profitability, these weaker financial institutions may have the incentive to take on more risk, posing challenges to maintaining financial stability.

21. Potential entry of Bigtech firms into financial services could alter the landscape, business model, and risk aspects of financial services significantly. Bigtech firms with established customer relationship, networks and data are able to offer various financial services at low costs. The potential entry of Bigtech firms could alter the market structure of financial services fundamentally. In some jurisdictions, Bigtech firms partner with incumbents and provide complementary financial services (Table 3). For example, in China, technology firms (such as Alibaba and Tencent) partner with incumbents to offer a range of financial services such as credit, payments, insurance and wealth management services. While fintech’s financial stability concerns in many countries are still small due to its current small size, competition and the risk implications in the financial sector can quickly change with the potential entry of Bigtech firm players.

Table 3.

Singapore: Technology Firms Providing Financial Services

article image

22. Tradeoff between efficiency and stability of fintech can also arise with increasing reliance of financial services on big data. The use of big data has the potential to significantly lower the cost of financial intermediation through reducing the information asymmetry between providers and receivers of funds. On the one hand, a few financial institutions and service providers with the most data are naturally able to provide most accessible and affordable financial services. On the other hand, having fewer players in the financial sector may also slow down innovation. Therefore, the use of big data can affect the optimal market structure of financial services and the tradeoff between efficiency and stability could arise.

23. The financial stability implications of the collaboration between fintech and incumbents depends crucially on how the collaboration changes the market structure of the financial sector. When serving as pure solution-providers to banks, fintech can improve bank efficiency and profitability without changing the market structure of the banking system. However, if a fintech firm provides complementary services to those provided by incumbents and quickly and successfully acquires a large retail customer base, incumbents would need to compete with each other for business with the fintech firm. In this case, although the fintech firm does not directly compete with incumbents, competition among incumbents is intensified due to the change in market structure. Greater competition in the market would lower the franchise value of incumbents and potentially encourage more risk-taking behavior. In many countries, the current collaboration between fintech and incumbents has largely enabled incumbents to improve efficiency. However, financial stability concerns can quickly arise if the dependencies on fintech services begin to significantly change the market structure of the financial sector.

B. Fintech Market Structure and Singapore16

24. The financial sector in Singapore has played an increasingly significant role in supporting economic activities. The total assets of banks and insurance companies have reached over 600 percent of GDP in Singapore. New issuance of financial contracts has also risen relative to the size of the Singapore’s economy. The total quantity of intermediated assets by the financial sector, following the definition in Philippon (2015), has been increasing in Singapore and reached 700 percent of GDP (Figure 1). The growth of the financial sector in Singapore has supported economic growth in Singapore as well as in other Asian countries over the past decade.

Figure 1.
Figure 1.

Growth in Financial Intermediation

Citation: IMF Staff Country Reports 2019, 229; 10.5089/9781498325882.002.A001

Sources: MAS, Philippon (2015), and IMF staff calculation.

25. Financial institutions in Singapore are rewarded for providing various financial services to the economy. Financial institutions channel sources of funds to users of funds by overcoming information asymmetries and managing the associated credit, liquidity and other risks. For example, banks collect, verify and evaluate information of borrowers and assess and manage the associated credit and liquidity risks. Insurance companies provide insurance services by collecting policyholders’ information and assessing their risks. The provision of financial services is costly and requires expertise, and financial institutions are rewarded for providing these services. The total cost of financial intermediation in a country can be measured as the value-added of the financial sector (Philippon, 2015). In Singapore, the total cost of financial intermediation, which includes costs of labor and capital, is around 10 to 12 percent of GDP.

26. The unit cost of financial intermediation in Singapore has been around 1.5 to 2 percent, similar to that of the United States. The total quantity of financial intermediation, defined similarly as in Philippon (2015) to be the sum of new issuance of financial contracts, existing financial contracts and provision of liquid assets, has been growing rapidly in Singapore. The unit cost of financial intermediation is estimated as the ratio between the total cost and the quantity of financial intermediation. In Singapore, the unit cost of financial intermediation has been around 1.5 to 2 percent for the past decade, a level similar to the United States and slightly lower than a sample of peer ASEAN countries.17

27. Fintech has the potential to lower the cost of financial intermediation in Singapore and thus further improve economic efficiency. Financial institutions and fintech firms in Singapore use digitized solutions and smartphone-based applications to reduce the cost of new customer acquisition. Big data analytics are used to more efficiently and accurately assess credit risk of borrowers. Automated algorithms are used by robo-advisers to reduce labor costs and minimize human errors. New technologies and big data analytics can help reduce information asymmetries by improving financial institutions’ capacity to acquire information, assess different sources of risks, and manage these risks. In Singapore, incumbent financial institutions have increasingly emphasized technology and financial innovation. For example, in recent years, Singaporean banks have included more technology-related terms and strategies in their annual reports than before (Figure 3).

Figure 2.
Figure 2.

Cost of Financial Intermediation in Singapore

Citation: IMF Staff Country Reports 2019, 229; 10.5089/9781498325882.002.A001

Sources: Philippon (2015); Haver; MAS; and IMF staff calculations.Note: ASEAN covers Indonesia and Malaysia.
Figure 3.
Figure 3.

Emphasis of Fintech by Financial Institutions

Citation: IMF Staff Country Reports 2019, 229; 10.5089/9781498325882.002.A001

Sources: DBS, OCBC, UOB, and IMF staff calculation.Note: This figure plots the number of times that “digital”, “technology”, “fintech”, and “mobile banking” are mentioned in the annual reports of Singaporean banks.

28. In countries with a high level of financial development and inclusion, further innovation by financial institutions may naturally occur slowly; therefore, the government can play a role in supporting fintech development. In Singapore, financial services are highly accessible. In the presence of entry barriers in the financial sector, further lowering the cost of financial services might not increase the demand for new financial services and products significantly. As a result, financial institutions may have the incentive to delay the costly adoption of new technologies. The reason is that, under such market structure, the best strategy for each financial institution is to adopt new technologies only when other competitors have already done so. In equilibrium, all financial institutions may delay innovation jointly as a result. While lowering cost of financial services can improve social welfare in many cases, active innovation might not be a competitive equilibrium in the banking sector, and the government can play a role to support technology adoption in the financial sector, which Singapore has done.

29. There can be an efficiency-stability tradeoff of fintech development in the medium term, especially when new technologies change the market structure (Box 5). Many technologies used by fintech firms and financial institutions are still at very early stages and involve a certain degree of uncertainty in efficiency. While successful fintech deployment can increase banks’ capacity to manage risky assets, uncertainty surrounding technology has the possibility to result in a “winners-take-all” situation in the medium term. Faced with uncertainty in technology and implicit government guarantees, financial institutions, especially those with legacy systems and that lack expertise in technology, may have the incentive to invest in more risky assets ex-ante by shifting the risks associated with technology to their debtholders. This is because, with limited liability, banks only care about the upside—and disregard the costs of a potential failure—and will benefit more from the new technology if they buy more risky assets. This is tantamount to an ex-ante increase in risk appetite and higher systemic risk in the financial sector. The possible impact of technology on market structure could pose challenges to maintaining a low-risk profile of the financial system in the medium term.

30. This points to the dual role that the MAS plays, and the challenge is to strike the right balance between encouraging innovation and ensuring stability. On the one hand, the MAS has adopted various measures of supporting fintech development in Singapore, including providing grants to fintech startups and encouraging collaboration between fintechs and incumbent financial institutions. On the other hand, monitoring systemic risk that originates from new business models and technologies is needed. MAS has set up the Fintech and Innovation Group in 2015 with the overall responsibility for regulatory policies and development strategies related to fintech in Singapore. The policy challenge in the medium term is to strike the right balance between encouraging financial innovation and maintaining a low-risk profile of the financial system in Singapore.

Medium-Term Efficiency-Stability Tradeoff of Financial Innovation

This box provides a stylized model analyzing the general determinants and financial stability implications of financial innovation by incumbent financial institutions in the medium term which are also applicable for Singapore…

Consider N incumbent banks making asset allocation decisions between a risky asset (such as risky customer loans) and a riskless asset (such as government bonds that yield r0) in each period. In the risky asset market, banks face a downward sloping demand function where the return of the risky asset is determined by r = R(Q) in which R’ < 0 and Q is the total demand for the risky asset. Assume that monitoring the risky asset involves a unit cost of γ using the current technology and the total asset to be allocated by each bank is normalized to be 1. Assuming that banks are symmetric, the risky asset allocation q* in each period equals the solution to each individual bank’s profit maximization problem given by maxqi(R(qi;qi)γ)+(1qi)r0.

Suppose that there is a one-time opportunity for each bank to innovate in a new technology that costs C and lowers the unit cost of monitoring of the risky asset in each period to γc μ γ. One can interpret the investment in the new technology either as in-house R&D by the incumbents or collaboration between fintechs and the incumbents where incumbents must pay a fee to utilize the technology. When the price elasticity of demand for financial services is low (e.g., R-1 is small, high degree of financial development) and the cost of innovation C is high, incumbents may jointly delay innovation in equilibrium. This is because, under these assumptions, the best response of each bank is to innovate only if its competitors have innovated in the previous period. This points to the role of the government to support innovation by, for example, lowering the cost of innovation, if innovation is determined to be the socially optimal decision. When incumbents innovate in the new technology, the risky asset allocation in equilibrium qc* is greater than without the new technology, i.e., qc*>q* indicating better financial inclusion.

… Uncertainty surrounding technology can change the ex-ante risk appetite of incumbents…

Now suppose that there is uncertainty surrounding the actual efficiency of the innovation, and that if a bank invests in the technology, it draws from a uniform distribution γi ~ U(γcε,γc + ε) after making the asset allocation decision. Assume further that each bank has limited liability and their liabilities are guaranteed by the government. When uncertainty in technology ε is sufficiently high, the allocation to the risky asset in equilibrium qϵ* is higher than the case without uncertainty, i.e., qϵ*>qc*. The intuition behind this result is that uncertainty in technology increases the probability of losing to competitors and potentially resulting in a bank failure ex post. Given limited liability, this increases the ex-ante risk appetite in the risky asset for each bank, posing challenges to maintaining a low-risk profile of the financial sector even before the uncertainty in technology materializes. This points to an important role that the government needs to play in monitoring incumbents’ technology adoption and risk-taking behavior.

Main Findings for Regulation and Supervision of Fintech

A. Operational and Technology-Related Risks and Fintech Firms

31. One of the leading success factors for Singaporean FIs is the capacity to innovate. Incumbent FIs are quickly moving toward digitization and modernizing their product offerings. At the forefront of the technology strategy is the digitization of the front-end platforms for customer-centric interface for a more seamless experience. Yet a complicating factor for some FIs are legacy systems with older, slower and less agile middle and back-end systems (e.g., mainframes).

32. Many of the risks to Singapore’s FI emanating from innovation relate to operational and technology-related risks. Fintech developments have spurred a rapid adoption of technology. While direct competition from new fintech entrants is muted, established financial institutions are competing heavily to retain market share and protect margins. While there are benefits of the greater adoption of technology (e.g., improved efficiency, cost savings and potentially improved security), there are also operational risks including: change management, more and faster new product approvals, increased reliance on outsourcing, and heightened exposure to cyber risks.

33. Execution risks to implement new strategies and manage business and technology risks are increasingly top risk priorities. Additionally, an increasing use and reliance on third-party service providers is evident in the sector. Indeed, the incumbent banks, which still carry legacy technologies and premises, are likely to accelerate the transition from legacy environments to new digital platforms. The new digitized environment may carry cyber-security risk in its various forms. This scenario also raises issues about the supervisory authorities’ ability to effectively supervise the new technologies and products.

34. Recognizing heightened operational and technology-related risk, MAS has revised its regulations covering aspects of operational risk. MAS recognizes information technology risk as a significant threat that is growing in prominence, evidenced by (i) the additional guidance issued on outsourcing and technology risk management and (ii) the organizational change that created the “Technology Risk and Payments Department”. Additionally, a consultation paper for banks’ outsourcing has been issued for comment. A key feature of the new outsourcing guideline is to expand the definition of material outsourcing to include data which will likely capture more outsourced service providers.

35. Operational and technology-related risks deserve heightened supervisory attention. The main risk categories include: higher operational risk (both idiosyncratic and system-wide); cyber risk; and third-party vendor management. Fintech innovations create a competitive environment forcing traditional service providers such as banks to adopt technology at a fast pace. The tension between protecting traditional revenue streams and risk management may result in inadequate change management. Even in the case of quality change management, new risks are going to emerge which have not been anticipated in the product development phase.

Outsourcing and Third-party Risk Management

36. FIs are increasingly relying on third-party service providers for operational support of technology-based financial services. FIs are increasingly using cloud-based services. Cloud-based services offer benefits and opportunities in meeting evolving customer expectations, allowing greater innovation, security and cost efficiencies. It also introduces a set of new and often unique set of risks, such as concentration and dependency risk, portability, the lock in effect, and the inability to audit. MAS’ technology standards do not prohibit the migration to cloud and many FIs have already migrated their non-mission critical systems to the cloud, however no banks have yet moved their critical systems (e.g., core banking platforms).

37. Operational risk regulation is keeping pace with changes in the market place and regulatory standards but also has been streamlined to place more reliance on banks’ own due diligence in limited cases. The authorities have kept pace with market developments through the updating of the Outsourcing Guidelines, for example the emerging risks of third-party cloud outsourcing, while at the same time moving to an ex post notification of outsourcing arrangements concluded by banks. The absence of pre-notification of outsourcing of critical control functions is less desirable where compliance with outsourcing guidelines at an individual bank is not robust. The absence of pre-notification in these limited circumstances may hamper timely supervisory response given the time lines for on-site inspections. In the near term, the MAS should consider formalizing and clarifying that it may require pre-notification of material outsourcing arrangements where MAS is not satisfied that a bank has managed its outsourcing risk adequately.

38. For supervision of operational and technology risks, the highest priority is third-party risk management. Considering the nature of fintech developments where incumbent FIs are adopting new technology at a faster pace than historically, this is likely to result in higher operational risk. Much of the technology is being delivered by third-party service providers. As a consequence, it becomes important for banks to continually improve controls for change management, product approval processes and third-party risk management. In recognition of the need for enhanced third-party risk management, MAS recently revised its guidance. MAS’ approach is to ensure that incumbents’ due diligence is satisfactory. MAS has also undertaken a thematic review of outsourced service providers to identify concentration risks and potential over reliance on certain providers.

Cyber

39. Attacks against Information and Communication Technology (ICT) systems have the potential to disrupt financial services, undermine security and confidence, and endanger financial stability. According to a recent report,18 global cybercrime costs businesses close to USD600 billion, up from USD445 billion in 2014. An IMF staff modeling exercise published in 2018 estimates that annual losses to financial institutions from cyber-attacks could reach several hundred billion dollars a year in a worst-case scenario, eroding bank profits and potentially threatening financial stability.19 The extensive use of outsourcing by the financial sector creates an additional layer of complexity and increases overall risk. The proliferation of cloud services,20 has given rise to significant concentration risks, as the industry is dominated by a few global providers. Given the inherent interconnectedness between financial sector participants, disruption to the payment, clearing, or settlement systems or theft of confidential information can result in widespread spillovers and threaten financial stability.

40. There are three key transmission channels through which cyber risk can impact financial stability:

  • Loss of confidence – Hackers often target customer account information and financial assets. Wide-reaching data theft, prolonged unavailability of services, loss of data integrity, or large thefts of funds could cause a broader loss of confidence that under extreme scenarios could precipitate creditor runs from specific firms and start a broader crisis;

  • Lack of substitutability – This is relevant to both technologies and services. Essential financial services, such as payment, clearing, settlement, exchanges, or even bank account management use ICT systems that may be extremely difficult to replace with alternatives in case of disruptions. Further, the services themselves often have no alternatives either, for example, there is only one way to do payments on a real time gross settlement basis in most jurisdictions and certain functions in the financial sector are only provided by one or very few firms; and,

  • Interconnections – ICT systems in the financial sector and beyond are deeply interconnected in ways that are challenging to fully and accurately map. Even isolated (“air-gapped”) systems have proved to be vulnerable to sophisticated cyber-attacks involving social and physical vectors. Organizational and financial interconnections between participants are important factors when assessing interconnections. This complex and intricate web of connections spanning technological, organizational and financial planes represents an important and unpredictable cyber risk transmission channel.

41. Cyber mapping is one approach to assess interconnectedness of the financial system network by developing an analytical framework to map cyber vulnerabilities. The aim is to identify the relevant cyber network for the financial system as well as its inherent transmission channels and the main potential cyber risks. At a conceptual level, the approach aims to better understand the financial and ICT connections of firms in the financial system (including financial market infrastructures) to identify interconnectedness, potential risk concentrations and common dependencies. The concept builds on traditional supervisory approaches to identify concentration risks in the financial network at a system level and adds to this view the cyber network e.g., those elements of ICT that form the underlying infrastructure for all operational processes in the financial network.

42. The process of mapping the cyber network will help deepen supervisors’ understanding of ICT at both a firm and system-wide level. This mapping exercise begins at a macro or system-wide level, providing an aggregate view of the relevant cyber-interdependencies between the individual financial sectors, before gradually narrowing in to analyze these interrelationships at a more granular level. By integrating cyber and financial maps, this analysis can help study the effects of concentrations and interconnections and their potential role in spreading contagion during financial crises, or a cyber-attack. In building the map, supervisors will need to develop their firm-specific knowledge of the role of technology which will help enhance macroprudential supervision. MAS has already undertaken considerable work on understanding FIs’ technology maps including third-party service providers.

43. MAS should make an effort to develop a cyber network map that integrates technology and financial interconnections as well as continuing to monitor cybersecurity risks from third-party service providers. MAS has been monitoring interconnectedness via financial exposures and cyber-interdependences in the financial system separately. Taking a holistic approach will help MAS better understand the financial and ICT connections between firms (including financial market infrastructures and third-party service providers) to identify interconnectedness, potential risk concentrations and common dependencies. The concept builds on traditional supervisory approaches to identify concentration risks in the financial network at a system level and adds the cyber network. The authorities already supervise third-party providers that are financial firms, and they have a framework for engaging with non-financial third-party providers that are separately regulated. Nevertheless, the stress tests showed banks’ vulnerability from this source, which MAS should enhance monitoring.

Recommendations

44. To complement MAS’ emphasis on operational risk the mission recommends the following:

  • Conduct more thematic reviews of operational risk heavy activities across the entire banking sector with a view to benchmarking leading-edge best practice and communicating this benchmarking publicly – to the benefit of the industry and to the benefit of consistency of communication by supervisors on the same risk across different significant activities;

  • Develop a full picture of the supervised firms and their ICT systems by mapping financial and technology connections across the sector to help identify potential systemic risks from interconnectedness and concentrations in third-party service providers;

  • MAS should consider formalizing and clarifying that it may require pre-notification of material outsourcing arrangements where MAS is not satisfied that a bank is managing its outsourcing risk adequately; and

  • Operational and technology-related risks deserve heightened supervisory attention especially in the area of supervision of third-party service providers. MAS should consider increasing the frequency and intensity of supervision including through the prior notification arrangements.

B. Regulatory Sandbox

45. There are three discrete stages of MAS’ regulatory sandbox: application, evaluation and experimentation phase. During the application phase MAS assesses the firm to ensure it meets criteria regarding innovation and to ensure the firm will ultimately need a license. The assessment at this stage of entry to the sandbox is mainly of the innovation-related criteria led by MAS’ fintech specialists (FTIG). The next stage is the evaluation stage where inputs from line supervision departments will also determine appropriate safeguards to mitigate risk and limit impact in the case of failure. The final stage is the experimentation phase where fintech firms gain access to a live environment to test their product/systems within well-defined parameters e.g., customer and value limits. During this stage, firms are subject to regular reporting requirements to allow monitoring by MAS on how the technology is performing and how the business is meeting targets as well as meeting compliance obligations (e.g., KYC, CDD). The experimentation phase ends with an exit where MAS will apply a standardized license assessment.

46. MAS relaxes certain regulatory/licensing requirements for firms that enter the sandbox, applying necessary safeguards. During the experimentation phase MAS relaxes its normal licensing criteria to allow firms to enter the sandbox and to innovate. The relaxations are intended to remove disincentives and encourage innovation. Examples of what standards may be relaxed include: minimum base capital requirements, arrangements in relation to compliance, governance, internal audit and personal indemnity insurance. MAS applies safeguards to firms entering the sandbox to mitigate risks. At the time of entry, MAS makes a risk assessment and will applies boundary conditions which are designed to minimize negative impacts and externalities and reflect the potential risks to consumers and potentially broader spill-over risks.21 Safeguards are typically a mix of measures to mitigate risk and limit impact, while minimizing the burden on firms in terms of resource requirements for risk or compliance. For example, limiting the number of retail investors and imposing a maximum investment limit for such retail investors in the case of a fund manager in the sandbox.

47. MAS recently consulted on a process to expedite entry into the sandbox (“Sandbox Express”). The objective of this approach would be to enable firms perceived as low-risk to embark on their experiments more quickly through the use of predefined sandboxes for certain regulated activities (initially insurance broking, recognized market operators (RMOs), and remittances) instead of the standard sandbox process. The consultation paper proposed that applicants to Sandbox Express would be subject to an assessment by MAS on the fitness and propriety of the key stakeholders and the technological innovativeness of their product or service. Boundary conditions are proposed to be imposed on all the Sandbox Express entities as an additional safeguard within the Sandbox Express to ensure that the entities would indeed pose low risk.22 Entities not meeting these requirements would not qualify for the Sandbox Express and would have to apply under the regular sandbox regime. MAS may exempt some Sandbox Express entities from licensing. Other Sandbox Express entities that would be licensed may also not be subject to on-site supervision during the sandbox period. Notwithstanding this, Sandbox Express entities would be required to submit a progress report to MAS every two months and provide specific disclosures to their clients.

48. A standardized risk assessment is conducted for firms seeking to graduate from the sandbox and become licensed. At exit, MAS applies a standardized risk assessment of the entity for the specific regulated activity, in effect treating the firm as it would any firm seeking a regular license. At this juncture, any safeguards implemented during the sandbox are taken away.

49. MAS has formalized and implemented processes to assess and approve entry and exit from the sandbox after an initial period of ‘learning by doing’. The FTIG has the responsibility for assessing the business and technology whereas line supervision departments assess other, more “traditional” risks. After early experience, the division of responsibilities among various MAS functions was further formalized to avoid conflicts of interest. The separation of responsibilities recognizes the need for technology experts to assess aspects of firms when they seek access to enter the sandbox as well as drawing upon line supervisors’ expertise assessing license applications.

50. MAS requires all applicants to apply AML/CFT policies that comply with MAS AML/CFT rules and follows up with the applicants with face-to-face discussions of these rules. If necessary, guidance is provided to bring the policies in line with Singapore’s AML/CFT requirements, and in at least one instance, applicants have been required to undergo AML/CFT training before being authorized to enter the sandbox. The implementation of the AML/CFT requirements is discussed on a regular basis during the course of the experimentation phase of the sandbox. The frequency of the interaction varies from a monthly to quarterly basis, notably in light of the firms’ understanding of the AML/CFT requirements, with more time dedicated to firms that require additional advice on their correct implementation. The lack of or insufficient implementation of these requirements are causes for termination of the sandbox. MAS continues to engage the firms in AML/CFT related issues when they have successfully completed their testing and obtained a regular license. This may include the conduct of onsite inspections to assess the continued implementation of the AML/CFT rules after their exit from the sandbox.

51. The sandbox approach is novel and a balance between innovation and safety and soundness is needed. The sandbox is new, and many regulators are innovating (see Appendix III for a cross-country comparison of approaches). The main challenge is to strike a balance between the benefits of fintech and mitigating potential downside risks. Too much emphasis on innovation could run the risk of being overly accommodating of potential fintech benefits without sufficient attention on the assessment of risk. The following are high-level principles that can help guide regulators strike the right balance between the benefits of fintech and innovation, while maintaining the safety and soundness of FIs and the financial system:23

Table 4.

Singapore: Guiding Principles for Supervision of Entities in a Sandbox

article image

52. MAS has implemented a sandbox approach that has several demonstrated benefits. MAS has positioned itself to embrace the benefits of fintech, supporting a broader government strategy to promote innovation in the economy. By communicating a clear and transparent approach, MAS has provided certainty regarding regulatory treatment and the fintech ecosystem is thriving in Singapore with positive impacts for the economy, consumers and the financial system at large. Internally, closer relationship with technology firms allows supervisors to increase their knowledge of how technology is impacting financial services. Additionally, the sandbox has helped MAS identify aspects of the regulatory framework that may need to be reviewed in light of fintech developments.

53. There are, however, new risks from the sandbox including reputational risk to MAS. Firms entering the sandbox are typically highly innovative, experimenting with new technologies, platforms and business models. These firms are also often new to financial services and less familiar with governance and risk management standards. If firms in the sandbox fail or customers are negatively impacted (e.g., through disruptions caused by operational and technology-related risks or failure of the firm’s business model or the firm itself), during the sandbox period or shortly after, this could expose MAS to reputational risk, especially if there is a perception that firms in the sandbox are granted lower standards than other regulated entities.

54. To mitigate potential reputational risks from the sandbox, there is scope for MAS to place increased emphasis on verifying firms are meeting their risk management and compliance obligations. Typical fintech firms entering the sandbox do not meet standard license conditions and are running higher business and technology risks which warrant emphasis on verification. Experience shows that fintech firms entering the sandbox typically exhibit: lower levels of management experience; lower levels of financial resources and lower capitalization; and less experience in risk management. Fintech firms also have a higher business risk given that many are often start-ups. While boundary conditions mitigate risks to some extent, heightened supervisory intensity may be needed during each stage of the sandbox period compared to a normal supervisory stance.

Recommendation

55. To ensure that the right balance between innovation and mitigating risk, the mission recommends:

  • Within a risk-based framework, place emphasis on verification of compliance with risk management and other minimum standards, overlaid with a judgement of the residual risks posed during the experimentation phase in the sandbox to mitigate potential reputational risk.

C. Digital Token Services

56. Various terms can be used for digital token services, but this note relies primarily on the terminology used by MAS. Therefore, the term digital token is used for crypto-assets and they are discussed under three categories: securities, payment, and utility tokens.24 As in other markets, hybrid types combining features of two or three types of token exist and new token types are emerging. This note focuses on the use of the three main types as potential investment instruments rather than their other potential uses. The term initial coin offering (ICO) refers here to an initial offering of any type of token, including securities token.25 References to crypto-exchanges cover any type of trading service providers in digital tokens, whether the “exchange” operates a matching platform or trades as a counterparty to its clients (or both).

57. Singapore ranks high in various global statistics on ICO activity. While the statistics apply different methodologies and rely to various extents on self-reporting by ICO issuers, they tend to uniformly rank Singapore among the top four jurisdictions in the world in terms of number and value of launched or closed ICOs. The number of closed ICOs and the value of funds raised in those ICOs in 2016–2018 is presented in Table 5. There are no reliable statistics on the breakdown of the Singapore ICO activity between various types of digital tokens. However, according to anecdotal evidence the ICO activity is increasingly transitioning from utility tokens to securities tokens. So far MAS has not registered any prospectus for securities token ICOs to retail investors in Singapore. Singapore securities token ICOs may rely on certain exemptions from the requirement to prepare a prospectus, such as exemptions for small offers, private placements, and offers to institutional or accredited investors.

Table 5.

Singapore: Number and Value of Closed Singapore ICOs1

article image
Sources: MAS estimates, ICOBench

References to Singapore in the ICOBench data may refer to the self-reported (i) country of operations or (ii) domicile of the offering vehicle. The offering may or may not have been made in that country. These numbers are also subject to revision by issuers and should thus be viewed as a fairly rough proxy for ICO activity.

58. Several crypto-exchanges operate in Singapore or provide trading and other services accessible to Singaporean investors. Many of these exchanges run operations from several other countries in addition to Singapore. They provide trading between fiat currencies and digital tokens and/or between digital tokens. All of them currently trade only payment tokens (e.g., Bitcoin) and/or utility tokens, whereas none enables trading in security tokens by Singaporean investors. Some of them also provide wallet services to the clients, storing clients’ private keys that enable access to and control of clients’ digital tokens. Singapore also hosts a number of crypto-derivatives exchanges and some spot crypto-exchanges have announced their plans to start crypto-derivatives trading in Singapore.

59. MAS uses advanced approaches to try to gather information on and analyze digital token trading and investments. Its techniques and data sources include (i) crypto-exchanges’ APIs; (ii) transaction information from public crypto-blockchains; and (iii) aggregating information from online ICO portals. Information has been gathered particularly on trading between Singapore dollar and Bitcoin.

60. Based on MAS’ analysis, Singaporean investors’ holdings of digital tokens and trading activity remain relatively low. MAS estimates that by end-January 2019 the total volume of Bitcoins traded against Singapore dollar since 2013 had reached around S$9.3 billion, which implies monthly trading volumes of less than 1 percent of those on Singapore Exchange (SGX). At the same time, cumulative net inflows of Singapore dollars for crypto-exchange Bitcoin trades were about S$400 million according to MAS’ estimates. This compares to Singaporean household assets of S$2.2 trillion as at Q3 2018.

61. According to MAS, Singaporean financial institutions’ exposures to digital tokens are very limited. They do not currently engage in proprietary trading of digital tokens or their derivatives. At end-2018, four fund managers had launched funds that invest in digital tokens and/or their derivatives, targeted at accredited or institutional investors. These funds’ end-2018 investments in digital tokens were approximately S$5 million, while their exposures to digital token derivatives stood at S$3 million.

62. MAS’ approach to regulation of digital tokens has focused on enforcing compliance with securities legislation, warning investors on the risks of digital token investments, and addressing money laundering/terrorist financing (ML/TF) risks. MAS has warned both ICO issuers and crypto-exchanges about the need to comply with Singaporean securities legislation.26 To alert customers about the risks of digital tokens, MAS has issued advisories and undertaken consumer outreach efforts through the website MoneySENSE, which is the Singaporean government’s national financial education program. MAS has also listed ICOs on its investor alert list if they could have been misperceived as having been approved by MAS. MAS plans to continue to educate and caution the public on the risks of digital tokens and the rationale for limiting its regulatory ambit during its public engagements. Addressing ML/TF risks has been a key part of MAS’ regulatory approach to digital tokens and is discussed in Box 6.

63. With the passing of the new PS Act, MAS’ regulatory and supervisory reach will expand. The current regulatory and supervisory approaches and the expected changes under the PS Act are described below for each type of digital token: securities, payment, and utility tokens.

Securities Tokens

64. The Securities and Futures Act (SFA) and Financial Advisers Act (FAA) apply to digital tokens that qualify as capital markets products. MAS has confirmed this in its Guide to Digital Token Offerings (updated in November 2018), according to which MAS may regulate offers or issues of digital tokens if the tokens are capital markets products under the SFA.27 This means that the regulatory requirements applicable to securities tokens and their offerors and intermediaries are the same as those applicable to “traditional” securities. Similarly, the SFA would apply to derivatives with securities tokens as underlying instruments.

65. The type of license needed by firms providing securities token services depends on the type of service they provide. MAS has clarified the licensing requirements in its Guidelines on Digital Token Offerings. A person who operates a platform on which offerors of securities tokens may make primary offers or issues of securities tokens (primary platform) needs to, unless exempted, hold a capital markets services license. A person who provides any financial advice in Singapore in respect of a securities token must be licensed as a financial advisor or be an exempt financial adviser.28 Finally, a person who establishes or operates a trading platform in Singapore for securities tokens must—depending on how trading is organized—be approved as an approved exchange, recognized as an RMO or hold a capital markets services license, unless exempted. .

66. Since the SFA applies fully to service providers in securities tokens, MAS would be well equipped to supervise crypto-exchanges that organize securities token trading. The full suite of MAS’ prudential, investor protection, market integrity and financial integrity requirements would apply to such exchanges. From the perspective of crypto-exchanges’ global, technology-dependent business, key regulatory requirements relate to fair, orderly and transparent trading, segregation of client assets, outsourcing, and technology risk management. For the crypto-exchanges that also trade on own account, conflict of interest management and conduct of business requirements are particularly relevant. Crypto-exchanges licensed under the SFA would also be subject to the AML/CFT requirements referred to in Box 6 and further detailed in MAS’ AML/CFT notices.

67. The SFA also provides MAS with powers over foreign crypto-exchanges that solicit clients in Singapore to trade in securities tokens, but so far there has been no need to use these powers. The SFA’s extraterritorial powers are based on Section 339, according to which the SFA may apply to a primary platform or trading platform operated partly in and partly outside of Singapore or wholly outside of Singapore, if the act of operating the platform has a “substantial and reasonably foreseeable effect in Singapore”. This could be the case if persons in Singapore trade directly through a foreign intermediary and the latter has solicited clients in Singapore. By targeting such clients, the foreign intermediary’s act would have a reasonably foreseeable effect in Singapore. The act would also have a substantial effect, given that investor protection issues arise in respect of the clients in Singapore. However, if the foreign intermediary responds to and accepts unsolicited applications from persons in Singapore, its acts would be outside the scope of the SFA.29 MAS has so far not applied this provision to foreign crypto-exchanges.

68. Market participants indicated that there is increasing interest in securities token offerings and establishment of crypto-exchanges trading securities tokens in Singapore. According to market participants, one reason for Singapore’s attractiveness is the clarity of the definition of securities. Therefore, it is likely to be only a matter of time before MAS will get its first formal application from a crypto-exchange interested in providing services in securities tokens and becoming an approved exchange, an RMO or a holder of a capital markets services license. In the future, RMO applicants may benefit from the new Sandbox Express (see paragraph 48).

Payment Tokens

69. The entry into force of the PS Act will mean that Singapore-based crypto-exchanges trading digital payment tokens must apply for a payment institution license. Broadly speaking, the PS Act defines a digital payment token as a digital representation of value that (i) is not denominated in any fiat currency, (ii) is accepted by the public as a medium of exchange to pay for goods or services or discharge a debt, and (iii) can be transferred, stored or traded electronically. A person that carries on a business of dealing in or facilitating the exchange of digital payment tokens (either between a fiat currency and digital payment token or between payment tokens) in Singapore must be licensed as a payment institution (digital payment token service provider). This means that the current Singapore-based crypto-exchanges will need to apply for a license under the PS Act if they plan to continue their current trading services in digital payment tokens. However, other services that they may provide in digital payment tokens, such as custodian wallet services, are currently not covered by the PS Act and can be continued in an unregulated entity. However, MAS intends to regulate standalone custodian wallet services in its next phase of legislative changes to align to the recent clarification of the FATF standards.

70. The prohibition against solicitation included in the PS Act may oblige some foreign crypto-exchanges to establish a presence and apply for a license in Singapore or stop soliciting clients in Singapore. Solicitation under the PS Act refers to offers or invitations to provide to the public in Singapore any type of payment service (including digital payment token service) or issuance of advertisements containing such offers or invitations. Solicitation is permitted only for licensed or exempted payment institutions. MAS will further define in its regulations considerations to which regard must be had in determining whether an offer, invitation or advertisement is made or issued to the public (or any section of it) in Singapore. MAS noted that one relevant consideration is whether the offer, invitation or advertisement is for dealing in or facilitating the exchange of digital payment tokens in exchange of Singapore dollars. Therefore, at least some foreign crypto-exchanges will likely need to establish a presence in Singapore and apply for a payment institution license.

71. While the PS Act will extend MAS’ regulatory reach to crypto-exchanges trading payment tokens, MAS intends to focus on AML/CFT requirements. Payment institutions must be licensed by MAS. A licensed payment institution must have a permanent place of business or a registered office in Singapore where at least one person must be present during times specified by MAS. MAS must also approve the “20 percent controllers”30 and the chief executive officer (or equivalent) of each payment institution. Payment institutions are subject to certain reporting requirements and the obligation to provide information to MAS. MAS also has the standard right to request information from and conduct inspections and investigations in all payment institutions on matters that are within its mandate under the PS Act. Finally, all payment institutions are subject to the same AML/CFT requirements as other entities supervised by MAS (see Box 6). No other significant regulatory requirements apply to digital payment token services. This means that no investor protection or market integrity provisions apply to such services, whether payment tokens are used as investment instruments or not. For example, there are no requirements for safeguarding or segregating clients’ digital payment tokens.31

72. The full regulatory framework under the PS Act is expected to come into force by the end of 2019. MAS intends to consult on all the regulations and the AML/CFT notice in spring 2019 and on the other notices during summer 2019. Guidelines will likely be published for consultation later in the year. MAS has also publicly stated its intention to undertake the necessary legislative adjustments to bring its approach in line with the latest FATF standards.

Other Tokens and Derivatives on Digital Tokens

73. Other types of digital token are currently not regulated. This means that utility tokens do not fall under MAS’ current regulatory remit. The same would apply to any other token type that could not be categorized as a securities or payment token.

74. Regulation of derivatives on digital tokens currently covers derivatives on underlying things as defined in the SFA. This applies to cases where such underlying things are represented in the form of digital tokens. An underlying thing includes a unit in a collective investment scheme, a commodity, a financial instrument (including securities), and the credit of any person (SFA Section 2(1)). Derivatives on payment or utility tokens not representing such underlying things are currently not subject to MAS’ regulation.

75. However, MAS has the discretion to extend the application of the SFA to utility tokens and other derivatives on payment and utility tokens. These extensions would be possible under the power granted to MAS in the SFA to expand certain definitions (e.g., capital markets product, derivatives contract, or underlying thing) through MAS regulations. So far MAS has not considered applying the SFA beyond its current scope.

Application of AML/CFT Requirements to Digital Token Service Providers

Singapore has taken an incremental approach to address ML/TF risks related to digital tokens, notably in light of ongoing discussions in the FATF on “virtual assets” and regulation of “virtual asset service providers.”1 As part of its efforts to warn consumers of the risks of digital tokens, MAS has reminded the public that ICOs are vulnerable to ML/TF risks and communicated in its March 2014 media release that while “virtual currencies” per se were not regulated, intermediaries in virtual currencies would be regulated for ML/TF risks. Singapore has subsequently clarified further, including through additional legislation (in particular the PS Act) and MAS Notices, the application of AML/CFT measures with respect to transactions in various types of digital token.

Financial institutions operating in Singapore are required to implement AML/CFT measures regardless of whether they are involved in fiat currencies or digital tokens. In line with the MAS Act, this applies to a range of financial institutions, notably banks, money changers, intermediaries in the securities and futures markets, as well as other persons licensed under the relevant acts.2 The AML/CFT requirements include assessing and mitigating ML/TF risks, applying customer due diligence measures (including with respect to beneficial owners), maintaining records, monitoring transactions and reporting suspicious transactions to the financial intelligence unit (the Suspicious Transaction Reporting Office). They also include implementing United Nations’ targeted financial sanctions related to TF and proliferation financing.3 AML/CFT requirements are imposed on all financial institutions operating in Singapore and are independent of whether fiat currencies or digital tokens are used in a transaction—although the presence of digital tokens may prompt additional due diligence measures in light of the higher risks resulting from the anonymous nature of digital tokens.4 MAS has a broad range of powers to supervise and monitor financial institutions’ compliance with the AML/CFT requirements, as well as to sanction failure to comply.5

Digital token service providers addressed in the FATF standard are or will be covered by Singapore’s AML/CFT framework. That framework already applies to digital securities token service providers, and will become fully operational with respect to those dealing in or facilitating the exchange of digital payment tokens (either fiat to digital, digital to fiat or digital to digital) by the end of 2019 (when the PS Act framework will be fully operational). MAS’ regulatory hold applies to persons carrying out a business of providing digital payment token services in Singapore. While useful, this does not necessarily include corporate entities that are merely created (as the FATF standard requests) in Singapore. In addition, the standalone custodian wallet service providers are currently not subject to AML/CFT requirements and monitoring. MAS clarified that, so far, wallet services in Singapore appear to be provided by crypto-exchanges, rather than on a standalone basis, and that addressing them specifically did not appear necessary considering that crypto-exchanges are already subject to the AML/CFT framework. In light of the new FATF standard (which notably includes certain wallet providers), however, MAS plans to include custodian wallet service providers in its regulatory fold as part of the next phase of legislative changes.

Service providers of non-tradeable and non-transferable tokens that cannot be used for payment or investment purposes (also referred to as non-convertible utility tokens) are not covered by the AML/CFT framework, as the authorities consider such tokens to present low ML/TF risks. This approach is aligned with the FATF’s current discussions. The basis on which the risks of non-convertible tokens were deemed to be low in all cases is, nevertheless, unclear.

While comprehensive, the current framework still needs further adjustments to implement fully the new FATF standard on virtual asset service providers (VASPs). In light of the rapidly changing fintech environment, custodian wallet services may become available on a standalone basis and, as such, should be subject to AML/CFT requirements and monitoring; corporate digital token service providers that are legally created in Singapore should be regulated for AML/CFT purposes, as per the new FATF standard regarding legal entities which focuses on the place of creation (regardless of where the activities are conducted). Finally, the ongoing FATF discussions on VASPs (notably in the context of wire transfers), may require further changes to the current framework. The exclusion, from the AML/CFT framework, of providers of services related to non-convertible utility tokens may also require an appropriate risk assessment to establish whether the exclusion is justified.

1 The FATF amended the AML/CFT standard in October 2018 with the addition of new definitions of “virtual assets” and “virtual asset service providers” (VASPs) in the FATF Glossary and of a second paragraph to Recommendation 15 requiring countries to ensure that VASPs are licensed or registered and monitored for AML/CFT purposes. Further work to elaborate on effective implementation of the new requirements is ongoing at the FATF. This work will result in an Interpretative Note and Guidance which are targeted for issue by June 2019.2 Section 27A of the MAS Act. Additional relevant acts include the Banking Act, Money Changing and Remittance Business Act, Insurance Act, FAA and SFA.3 In line with Section 27B of the MAS Act, Section 39(1) of the Corruption, Drug Trafficking and other Serious Crimes (Confiscation of Benefits) Act, and the MAS Notices on the Prevention of Money Laundering and Countering the Financing of Terrorism (AML/CFT Notices).4 In his reply to a parliamentary question on banning the trading of Bitcoin or cryptocurrency, Tharman Shanmugaratnam, the Deputy Prime Minister and the Minister in charge of MAS, noted that when it comes to ML and TF, “Singapore’s laws do not make any distinction between transactions effected using fiat currency, virtual currency or other novel ways of transmitting value. Hence, MAS’ AML/CFT requirements apply to all activities of financial institutions, whether conducted in fiat or virtual currencies.”5 The FATF/APG 2016 evaluation found the preventive framework to be relatively strong. Singapore was rated fully compliant with FATF Recommendations (R.) 10–13, 15–18, and 21and 27 , and largely compliant with R. 14, 19 and 20 (due to the low level of fines imposed on non-licensed money value transfer services, concerns about the range of required enhanced CDD measures, and some uncertainty about the promptness of suspicious transaction reports filing. It was rated largely compliant with R. 6 and 7 (due to minor deficiencies that are unrelated to the financial sector), and with R. 26 (due to a lack of clarity on some aspects of implementation).

Conclusions and Recommendations

76. Financial stability risks arising from digital token trading and investments seem currently contained. Singaporean financial institutions and other Singaporean investors have limited digital token investments and MAS has adopted advanced monitoring approaches to identify changes in trading patterns and investor exposures, particularly in relation to trading between Singapore dollar and the most liquid payment tokens.

77. MAS’ approach to the regulation of securities token services is in line with practices adopted elsewhere, even though the definitions of securities differ to some extent between jurisdictions. MAS’ full securities regulatory powers apply to crypto-exchanges trading securities tokens. However, MAS has not yet tested in practice how well the current securities regulatory framework can be applied to securities token services, given the specific characteristics of the technology used, the trading models, and the way tokens are safekept. Going forward, MAS may permit crypto-exchanges trading securities tokens to enter the market through the planned Sandbox Express for RMOs.

78. Similar to many other countries, services in utility tokens are not regulated in Singapore and only AML/CFT regulation will apply to digital payment token services under the PS Act. MAS has justified this approach by noting that it does not want to legitimize payment and utility token services by applying securities type regulation to them. However, many regulators recognize that investor protection and market integrity risks exist with regard to all transferrable and/or tradeable tokens. Some consider that regulating services in payment tokens, such as Bitcoin, would be justified by the fact that they are primarily used for investment purposes rather than as a means of payment or store of value. However, few have acted, and international regulatory consensus does not appear to be emerging. MAS is therefore not out of line in limiting its regulatory reach to services in securities tokens and, to a limited extent, payment tokens.

79. MAS’ regulatory ambit over crypto-derivatives is currently limited to derivatives on securities tokens and derivatives on tokens representing an underlying thing as defined in the SFA, which is narrower than in the case of some other leading regulators. No uniform regulatory approaches have been taken in relation to crypto-derivatives. Some regulators (e.g., the United States Commodity Futures Trading Commission) have approved futures on payment tokens, while the United Kingdom Financial Conduct Authority is considering prohibiting the sale to retail consumers of derivatives referencing certain types of digital token (for example, payment tokens).32

80. MAS’ current powers must be weighed against the potential changes in the Singaporean market. One of the key drivers for some crypto-exchanges’ decisions on their legal structures seems to have become optimizing the costs and benefits of regulation. Establishing operations in Singapore is seen to bring many benefits, including an approval by a respected, but flexible regulator. Early signs indicate that the number of crypto-exchanges falling under MAS’ supervision is likely to be relatively high after the entry into force of the PS Act, which may also lead to increasing trading volumes in Singapore. This development is likely to be combined with the emergence of crypto-exchanges trading securities tokens. At the same time, unregulated activities relating to utility tokens, wallets, and crypto-derivatives may also increase.

81. MAS’ supervisory challenge will be compounded by the scope and global nature of crypto-exchanges’ businesses. The same crypto-exchange group is likely to run operations in all token types, all of which would be subject to differing regulatory frameworks. Some are planning to launch crypto-derivatives business. Many crypto-exchange groups also operate through a global network of affiliated entities and are quick to change their structures to react to regulatory and market developments. In addition, some may want to limit their activities in each country by appropriately structuring their operations across multiple countries. At the same time, the group entities share the same technology across all operations. While this may be sensible from business perspective, it entails challenges to the regulator.

82. Against these developments, it may be challenging for MAS to effectively communicate its limited supervisory reach. Any hack, failure or other incident in the systems used by the Singapore-based crypto-exchanges—whether they trade securities, payment or utility tokens—or their affiliated crypto-derivatives exchange may create a reputational risk to MAS despite it regulating such exchanges primarily only for AML/CFT purposes and its continuous investor education efforts. The same applies to suspicions of fraud or market misconduct.

83. However, MAS’ challenges may be more manageable than those of its peer regulators, given its relatively broad ability to extend its powers to new services. This enables it to react to emerging risks from digital token activities more quickly than most regulators. Extending the regulatory framework may become particularly relevant in certain cases. For example, this may be needed if Singaporean crypto-exchange groups start trading all three types of token on the same platform. In such cases, it may become increasingly difficult to inform investors of the different regulatory requirements applicable to various token types. Similar challenges would relate to explaining the differences for the safeguarding and segregation requirements between securities tokens and other tokens.

84. Pending any further regulatory changes, effective supervision using the current powers is fundamental. Important gatekeeping decisions will be made already at the licensing stage and the use of any expedited process should be carefully considered, given the novel risks of the business. The responsibilities for the supervision of various aspects of digital token services are spread across various MAS’ departments, calling for ongoing cooperation and readiness to apply the existing powers in a flexible manner. At the same time, MAS has a good basis for building effective supervision of digital token services, given its broad, cross-sectoral mandate combined with its technological expertise.

85. On this basis, it is recommended that MAS:

  • Further enhances its investor education efforts to highlight risks to investors arising from differing regulatory frameworks for various types of digital token.

  • Prepares to apply a cross-organizational supervisory approach over the expanding crypto-exchange sector to effectively address risks specific to the sector.

  • Stands ready to expand MAS’ regulatory reach promptly, if warranted by market and industry developments in digital token services.

AML/CFT

86. Singapore’s AML/CFT approach to digital tokens is broadly in line with the current (and still evolving) FATF standard but nevertheless requires further adjustments. The authorities are to be commended for their efforts to mitigate the ML/TF risks related to digital tokens. The enactment of the PS Act, in particular, is a welcome development as it brings digital payment token service providers that were not already captured by the existing AML/CFT framework into MAS’ regulatory fold. Going forward, MAS is encouraged to pursue efforts to bring standalone custodian wallet service providers within its AML/CFT purview, ensure that the AML/CFT framework also applies to corporate digital token service providers created in Singapore, and issue the implementing regulations, notices and guidelines under the PS Act. Singapore is also encouraged to ensure that the risk-based approach to AML/CFT regulation of providers of services related to digital tokens relies on a sound risk assessment, continue to follow the developments of the FATF standard related to VASPs and, if necessary, adjust the AML/CFT framework to the outcome of the FATF discussions.

D. Digital Advice

87. The terms digital advice and digital advisers are used in this note to refer only to firms that provide digital advisory services directly to clients. Digital advice is sometimes also referred to as automated advice or robo-advice, but this note uses digital advice following MAS’ practice. MAS defines digital advisers as financial institutions that provide advice on investment products through direct access by clients to automated, algorithm-based tools (client-facing tools), with limited or no human interaction. In industry terminology, such digital advisers are often referred to as business-to-consumer (B2C) digital advisers. The term digital advice in this note does not cover tools that do not provide advice on specific investments, for example, tools used to assist in the client’s financial planning.

88. MAS’ definition of digital advisers does not cover third-party providers that provide digital advisory technology and related services for use by digital advisers. Such third party providers are often referred to as B2B or B2B2C digital advisers, depending on whether the technology and services they provide are used only to support financial institutions’ human advisers (B2B) or in the financial institutions’ client-facing digital advisory tool (B2B2C). This note refers to such firms simply as third-party providers instead of using the industry terminology that may be confusing from a regulatory perspective. In Singapore, financial institutions can use third-party providers’ digital advice tools on a white-labeling or tailored basis,33 provided that they subject the third-party providers to appropriate due diligence process and have assessed the risks associated with such outsourcing arrangement. The third-party providers are often themselves not licensed financial institutions, but non-regulated firms to which financial institutions have outsourced the development and maintenance of the client facing tools relating to the provision of their digital advisory services.

89. The value of assets under management (AUM) and assets under advice (AUA) by digital advisers based in Singapore is still very small. MAS estimates that the digitally managed AUA and AUM had reached about S$335 million at end-2018. This is about 0.01 percent of the total asset management industry AUM. In Singapore, digital advice is currently provided primarily by non-bank specialized advisers, but two banks (OCBC and UOB) have also recently launched their digital advisory services to targeted client groups. In addition, some banks use digital advisory tools to support the investment advice their human advisers provide to clients. However, there is no data on the extent to which digital advice tools are used to support human advisers.

90. Singapore-based digital advisers currently provide access to a limited range of products. They typically offer model portfolios comprising exchange-traded funds and low-cost diversified investment products such as index funds. In Singapore, most digital advisers use relatively simple decision-tree based algorithms, but some firms are developing tools that utilize artificial intelligence and machine learning.

91. Digital advisers need to be licensed under the SFA and/or FAA, unless they are already licensed financial institutions. More specifically, firms seeking to provide digital advice must be licensed for fund management or dealing in capital markets products under the SFA and/or providing financial advisory services under the FAA. The type of license depends on the digital adviser’s business model. An already licensed firm does not need to notify MAS if it only starts providing its already licensed services in digital format without adding any new services. According to MAS, in practice, firms do approach MAS in advance before implementing any significant changes to their business models.

92. Subject to certain safeguards, digital advisers that are applying for a license can benefit from certain exemptions that are tailored to digital advisers’ typical business models. Digital advisers that intend to apply for a retail fund management license can be exempted from certain corporate track record and minimum AUM requirements. However, such exemptions are conditional on the adviser complying with additional safeguards relating to the experience of the key management staff, restrictions on the products offered for investment, compulsory post-authorization audit by an independent third party, and requirement for a fully automated client-facing tool to avoid undue influence from an individual. It is also possible for digital advisers to apply for entry into MAS’ regulatory sandbox and, if approved, benefit from the temporary relaxation of some licensing criteria.

93. Banks, insurers, and other financial institutions can provide portfolio management and advisory services, including digital advice, under their financial institution licenses. They are required to submit a notification to MAS, if they wish to expand into new regulated activities. The notification will provide them the relevant regulatory status as exempt financial advisers or exempt capital markets services entities.34 Exempt firms are subject to the same business conduct requirements as firms licensed under the SFA or FAA. Like a licensed firm, an exempt financial adviser or an exempt capital markets services entity does not need to notify MAS when it starts to provide digital advisory services, although they are subject to MAS’ ongoing supervision and would typically approach MAS in advance on any changes to their business models.

94. In October 2018, MAS issued guidelines on the provision of digital advisory services. They provide guidance on regulatory requirements applicable to digital advisers, including licensing, AML/CFT, disclosure of information, and suitability assessments. While the guidelines describe the standard requirements that apply to any type of financial advice/portfolio management, they also highlight certain elements that are particularly relevant for digital advice:

  • Algorithms: Comprehensive requirements apply to the governance and supervision of algorithms by the Board and senior management of the firm as well as to the information on the algorithms that needs to be disclosed to clients.

  • Technology risk management: Given the heightened risk of cyber-attacks, digital advisers are reminded to adhere to MAS’ notices and guidelines on technology risk management and perform a gap analysis prior to the launch of the algorithm-based tools and when changes are made to the tools.

  • AML/CFT: The guidelines emphasize the need for digital advisers to take steps to address the specific risks associated with non-face-to-face business relations, referring to MAS’ Circular on use of MyInfo and customer due diligence measures for non-face-to-face business relations.

  • Disclosure: The guidance on disclosure requirements focuses on information to be provided to clients or prospective clients on algorithms and conflicts of interest.

  • Suitability: Subject to compliance with specific conditions set in the guidelines, some digital advisers are exempted from the requirement to collect full information on the client’s financial circumstances and are instead required only to collect information on the client’s financial objectives and risk tolerance. This possibility applies only to fully-automated advice where there is no human adviser intervention in the advisory process and where the advice is limited to simple collective investment schemes, i.e., those that are in substance excluded investment products (EIPs).35,36 MAS is of the view that the fuller suite of (prescriptive) information is more relevant when it is to guard against the higher risk of mis-selling during a face-to-face interaction but is less relevant over a digital channel.37 If a digital adviser provides services in specified investment products (SIPs) (i.e., complex products), it is required to collect full information on clients and assess their knowledge and experience and appropriately warn them and/or offer to provide advice to them.

  • Advertisements and marketing: Given the requirement to conduct a suitability assessment before recommending any model portfolio to a client, the guidelines remind digital advisers that they should not advertise specific model portfolios.

95. The regulatory treatment of third-party providers to which the digital advisers outsource the development and maintenance of their digital advice tools is specifically covered in the guidelines. The guidelines emphasize that such third-party provider does not need to be licensed, as it does not deal directly with investors. However, digital advisers are required to subject the third-party provider to appropriate due diligence to assess the risks associated with the outsourcing arrangement. MAS holds the client facing intermediary responsible for the provision of digital advice, regardless of whether the algorithm and advisory tool is developed in-house or procured from a third party. There are no specific requirements that would apply if a third party only provides a tool that a financial adviser’s human advisers use when providing advice to clients. If any third party has access to customer information, its use will typically be considered as material outsourcing under MAS’ Guidelines on Outsourcing.38

96. MAS monitors the development of digital advice markets and has designed a new questionnaire requiring financial institutions to submit to MAS yearly information on their digital advisory services. Currently the monitoring takes place through regular dialogue with other central banks and regulators and engagement with industry players. The new questionnaire will cover information on financial institutions’ digital advisory services, including any third-party involvement in the development of the algorithm, AUM, fee structure, clientele, and classes of products invested in. This is intended to enable MAS to understand the development of both B2C and B2B markets, including any potential concentration risk.

97. MAS started thematic reviews on digital advisers in September 2018. The reviews examine key risk areas of digital advisers, such as the governance of the algorithm, technology risk management, suitability of advice (including the functioning of the knock-out questions), sales and marketing practices, and controls over portfolio rebalancing and monitoring. MAS will send letters to the reviewed advisers and assess the need to provide guidance to the industry after the reviews have been completed.

98. The financial stability risks arising from digital advice are insignificant at the moment, but the market is continuously developing. While the estimates on the future growth potential of digital advice vary widely, the AUA/AUM are likely to continue to grow, potentially at an accelerating pace. Globally, the expectation is that the hybrid model where digital advice is complemented with the ability for the client to access a human adviser has the most significant growth potential. It is also expected that the digital advisory tools will be increasingly provided by third-party providers rather than built in-house to enhance cost effectiveness.

99. MAS has recently taken two important steps to enhance its monitoring and supervision of digital advice. The decision to start requiring digital advisers to submit an annual report on their digital advisory services, including the use of third-party providers, will enable MAS to conduct systematic monitoring of both firm level and industry developments. The ongoing thematic review of digital advisory services is also important in enabling MAS to deepen its understanding of the business and to assess the appropriateness of its current policy. MAS is encouraged to remain open to policy adjustments, if warranted by the findings of its monitoring and supervisory activities.

100. The anticipated growth in the use of third-party digital advice tools may open certain new risks. Such risks include the inability of the digital adviser to sufficiently oversee the third party that develops, owns or manages the algorithmic code or software utilized by the digital adviser. Increasing use of white-labeling services may also lead to the blurring of the line between the regulated entity and the service provider, raising questions of the point at which it may become necessary to require the third-party provider to be licensed for investment advice. Given its leading role in fintech and proximity to innovative local providers of digital advice tools, MAS is well positioned to enhance its understanding of their business models and how their tools incorporate the local regulatory requirements. Since some of these firms have a global clientele, they are also likely to be useful sources of information on trends in other jurisdictions. Enhanced interaction with these providers would help MAS anticipate market developments and proactively adjust its regulatory framework, where appropriate.

101. While other MAS regulatory requirements are broadly in line with the approaches elsewhere, MAS has allowed digital advisers certain discretion on the information they are required to collect in their suitability assessments. Even though such digital advisers are required to meet a list of conditions, MAS’ approach to apply different requirements to digital and human advisers differs from practices in some other jurisdictions. In the European Union (EU), digital advisers are subject to the same suitability assessment requirements as traditional investment advisers and portfolio managers. Suitability must be assessed against clients’ knowledge and experience, financial situation, and investment objectives. In the United Kingdom, the Financial Conduct Authority recently reminded that automated investment services must meet the same regulatory standards as traditional discretionary or advisory services.39

Recommendations

102. On this basis, it is recommended that MAS:

  • Continues its monitoring of potential risks related to the use of third-party digital advice tools and adjust regulations, if warranted.

  • Reconsiders whether the discretion on the collection of information permitted for certain digital advisers in their suitability assessments sufficiently protects clients from unsuitable advice.

Singapore: Financial Sector Assessment Program-Technical Note-Fintech: Implications for the Regulation and Supervision of the Financial Sector
Author: International Monetary Fund. Monetary and Capital Markets Department