Fintech compliance singapore

For fintech companies to start on the right foot in Singapore, it’s imperative to comply with the financial services specific regulations in addition to Singapore’s company laws.

This post provides an overview of the regulations that directly affect FinTech companies in Singapore; these include:

  • Standard Incorporation Regulations
  • Financial Services specific licenses
  • The Personal Data Protection Act and how to stay compliant
  • Anti Money Laundering and Countering the Financing of Terrorism Guidelines
  • Relaxed Regulation within the Singapore FinTech Sandbox

Standard Singapore Company Incorporation Compliance

According to the Ministry of Finance (MAS) “All [fintech] businesses must be registered with the Accounting and Corporate Regulatory Authority (ACRA). This includes any individual, firm or corporation that carries out business for a foreign company.”

The most popular incorporation structure for both local and foreign companies is the private limited company. The minimum requirements to set up a private limited company in Singapore are as follows:

  • 1 shareholder
  • 1 Director who is a local resident in Singapore
  • 1 company director who is a local resident in Singapore
  • S$1 in share capital
  • A local address in Singapore

For more information on the requirements, see our article how to register a new Singapore Private Limited Company.

Fintech companies are not limited to the private limited company structure. For further information on other business structures available in Singapore, refer to the business structures guide.

Financial services specific licenses

To date, there are no fintech specific licenses; however, to comply with Singapore Law, fintech companies must acquire the correct licenses that correspond to their business model. For instance, a company that falls under the description of a financial advisor is required to hold a Financial Advisor License. Note that certain fintech business models can require multiple licenses based on the service(s) they offer.

Below is a list of the different licenses that may be required under Singapore law.

Capital Markets Services (CMS) Licence under the Securities and Futures Act (SFA)

Issued by MAS

How Singapore defines companies requiring a CMS

According to the SFA “a person who wishes to carry on a business in any regulated activity is required to hold a capital markets services CMS licence for that regulated activity [and] is only awarded to a corporation.

FinTech companies that provide any of the services below must hold a CMS license:

  • Dealing securities
  • Trading futures contracts
  • Leveraged foreign exchange trading
  • Advising on corporate finance
  • Fund management
  • REIT management
  • Securities financing
  • Providing custodial services for securities
  • Providing credit rating services.

Financial Advisors (FA) License under the Financial Advisers Act (FAA)

Issued by MAS

How Singapore defines a Financial Advisor business

  • Advising others concerning any investment products other than advising on corporate finance
  • Issuing and promoting analyses or reports on any investment product
  • Marketing any collective investment scheme including unit trusts
  • Setting up life insurance policies

Exemptions

  • A Singapore resident who provide advice on financial products (except life insurance policies) and serves less than 30 accredited investors;
  • Corporations who give advice or analysis on financial products to accredited investors. This includes banks, merchant banks, finance companies, insurance companies, insurance brokers and holders of a CMS Licence.

Finance Companies Licence under Finance Companies Act (FCA)

Issued by MAS

How Singapore defines a Finance Company

  • Accepts fixed and savings deposits
  • Lends money to the public or companies

Moneylenders Licence under the Moneylenders Act

Issued by The Insolvency and Public Trustee’s Office–Ministry of Law and the Registry of Moneylenders

How Singapore defines a moneylender

  • Any company, unless deemed an excluded moneylender, who lends a sum of money with the expectation of a larger sum being repaid.

Excluded money lenders that do not require a Moneylenders License:

  • Credit Societies
  • Any corporation that lends money to employees as a part of employee benefits
  • Moneylender who lend solely to:
    • Accredited investors
    • Corporations
    • Limited Liability Partnerships
    • Trustee or Trustee Managers
    • Trustees of REITs

Money-Changers Licence under the Money-Changing and Remittance Business Act

Issued by MAS

How Singapore defines a money-changing business

  • Companies that buy or sell any foreign currency notes

Insurance Licence under the Insurance Act (IA)

Issued by MAS

How Singapore defines an insurance business

  • Assumes risk or undertaking liability in Singapore under policies;
  • Receives proposals for policies in Singapore;
  • Issues policies in Singapore and
  • Collects or receives premiums on policies in Singapore

Banking Licence under Banking Act (BA)

Issued by MAS

How Singapore defines a banking business

  • A company that receives money on current or deposit account;
  • Pays and collects cheques drawn by or paid in by customers and
  • Makes advances to customers

Personal Data Protection Act (PDPA)

The Personal Data Protection Act 2012 (PDPA) governs the collection, use and disclosure of personal data by organisations. Due to Know Your Customer compliance in Singapore, financial services companies, including fintech companies, must collect personal data in order to verify the identity of their customers. Therefore, fintech companies are required to comply with PDPA regulations.

Under the PDPA fintech companies are required to comply with eight obligations:

  • Consent, Purpose Limitation and Notification Obligation: Fintech companies must notify their customers of the purpose for which their data is being disclosed and they must receive consent.
  • Access and Correction Obligation: Fintech companies must allow their customers to access their personal data as well as inform the customer how their data has been used or disclosed. Finally, fintech companies are required to correct or update personal data upon request from a customer.
  • Accuracy Obligation: fintech companies should take reasonable steps to verify the accuracy of the personal data they use or disclose.
  • Protection Obligation: Fintech companies are required to take reasonable security measures to to prevent unauthorised access, collection, use, disclosure, copying, modification or disposal of personal data.
  • Transfer Limitation Obligation: Fintech companies cannot transfer personal data outside of Singapore.
  • Openness Obligation: Fintech companies are required to implement policies and procedures that meet all eight PDPA obligations and are required to make such policies available to the public.
  • Do Not Call Provisions: If a fintech company wishes to send marketing material to a Singapore telephone number they must first verify that the number not been registered on a Do-Not-Call list or receive clear and unambiguous consent from the customer to send marketing messages direct to their phone.

For fintech companies, it’s imperative to comply with PDPA obligations. To learn more on how your company can stay compliant, refer to our guide on complying with the Personal Data Protection Act.

Compliance for Anti Money Laundering and Countering the Financing of Terrorism

With the continual threat of money laundering and terrorist financing, Singapore has put in place Anti Money Laundering and Countering the Financing of Terrorism (AML/CFT) guidelines for the financial services, which includes fintech.

According to MAS “Financial institutions operating in Singapore are required to put in place robust controls to detect and deter the flow of illicit funds through Singapore’s financial system”.

To comply fintech companies are must:

  • Access and mitigate money laundering and terrorist financing risks;
  • Identify and know their customers;
  • Conduct regular account reviews, and
  • Monitor and report any suspicious transaction.

If a fintech company fails to meet the AML/CFT guidelines they face a fine not exceeding S$ 1 million. To learn more about how to stay in compliance with with AML/CFT guidelines refer to our guide on complying with Anti Money Laundering and Countering the Financing of Terrorism Regulations.

Regulations within the FinTech Sandbox are Temporarily Relaxed

To encourage fintech innovation in Singapore, MAS has created the FinTech Sandbox. The aim is to provide fintech companies room to experiment with products and services with a well defined space for a limited duration.

Not all fintech companies are suited for the sandbox, especially for companies that specialize in services that are already offered in Singapore.

Furthermore, MAS requires fintech companies to have already conducted their own due diligence and tested their proposed services or products in a laboratory environment.

The FinTech Sandbox does allow for more relaxed regulations; however, it is not intended as a means for companies to circumvent legal and regulatory requirements.

Conclusion

Although there is no fintech specific legislation in Singapore, fintech companies must comply with the existing regulations that oversee the financial services industry. These include securing the correct licenses,maintain personal data standards und PDPA and adhering to AML/CFT notices. Keep in mind that as fintech continues to innovate, Singapore legislators will continue to keep pace in order to protect companies and consumers. The key to compliance is to remain informed as this new industry continues to evolve.