The Singapore Financial Services and Markets Bill (FSM Bill) was introduced for reading in the Singapore Parliament on 14 February 2022. Simultaneously, the Singapore Monetary Authority (MAS) released an explanation brief and a response to industry responses about its consultation on the proposed FSM Bill (originally titled the proposed Omnibus Act).
The Monetary Authority of Singapore Act now vests the MAS with supervisory authority over Anti-money Laundering and Counter-terrorism Financing (AML/CFT), financial institution supervision, and financial sector dispute resolution systems.
Recognizing the growing importance of a financial sector-wide regulatory approach, the FSM Bill was introduced to strengthen the MAS’ agility and effectiveness in addressing financial sector-wide risks in an ever-changing and increasingly integrated world.
The financial services and markets bill‘s key aspects
(A) Streamlined and extended prohibition powers
Currently, the MAS can issue prohibition orders (POs) barring particular persons from engaging in specific activities or holding crucial positions in Financial institutions (FIs). These POs help maintain trust in Singapore’s financial system by deterring severe misbehavior.
But the MAS’s present PO authority is restricted. Individuals governed by other MAS-administered statutes are not eligible for POs. Other reasons for issuing POs are confined to a list of precise criteria established in the applicable acts, and restrictions are generally related to holding designated positions, such as directorships and engaging in regulated activities.
The FSM Bill consolidates and enhances the MAS’s ability to prohibit unfit persons from participating in any MAS-controlled activity. A PO will only be issued if the requirement is met. The MAS can issue more POs and potentially cover more activities with this new flexibility.
Despite the MAS’s enlarged power to issue POs, they will mostly go to people connected to the financial sector. The MAS will also use its power in proportion to the risk, type, and degree of the misbehavior and the impact on the financial industry. Those advised of the MAS’s purpose or issued POs may also appeal to the minister or defend themselves before the MAS.
(B) Stricter regulation of virtual asset service providers to address the concerns of money laundering and terrorist financing
Providers of virtual asset services
Virtual asset service providers (VASPs) must be licensed or registered in the jurisdictions in which they are created under the enhanced Financial Action Task Force (FATF) standards adopted in June 2019.
The FSM Bill will regulate any VASPs established in Singapore that provide virtual asset services outside of Singapore under the upgraded FATF criteria. Outside of Singapore, such VASPs that provide digital token (DT) services will be regulated as a new class of FIs, subject to license and ongoing requirements. This helps limit the reputational risks associated with money laundering and terrorism financing (ML/TF) while ensuring that the MAS has proper supervisory oversight of such VASPs.
Scope of DT services
The FSM Bill will bring DT services into line with the FATF’s upgraded criteria. DT services that include and go beyond the present definition of ‘DPT services’ under the Payment Services Act 2019.
AML/CFT supervisory oversight
Given the inherent ML/TF concerns associated with anonymous and fast-moving DT services, the FSM Bill will focus on VASPs. The FSM Bill will confer broad authority on VASPs, including imposing licensing requirements and conducting AML/CFT inspections, and providing support to domestic authorities and the MAS’ international AML/CFT supervisory counterparts.
Such anti-money laundering/counter-terrorism financing standards imposed on VASPs will be consistent with those imposed on DPT service providers registered under the Payment Services Act 2019.
Also Read: The necessity of a data protection plan for businesses in Singapore
(C) Harmonized authority to impose standards on risk management in technology
To safeguard the safety and soundness of the information technology systems used by financial institutions to supply financial services, the FSM Bill consolidates the MAS’ authority to impose technology risk management standards on any FI or class of FIs. The maximum penalty for violations of any issued regulations or notices will be S$1 million, consistent with other government agencies’ existing penalty systems.
(D) Statutory immunity for mediators, adjudicators, and staff of an authorized dispute resolution scheme operator
The FSM Bill will offer statutory protection against responsibility or claims by a complainant or FI for mediators, adjudicators, and employees of an operator of a recognized dispute resolution scheme. This builds their confidence and autonomy, enabling them to do their jobs to their best abilities.
The proposed amendment will bring the proposed level of protection in line with that provided by other public dispute resolution bodies in Singapore and elsewhere. Notably, the legislative immunity would apply only to activities performed with reasonable care and good faith, not to those involving willful wrongdoing, negligence, fraud, or corruption.
Financial services and markets bill: A higher penalty for Institutions
Financial institutions could face higher penalties for a cyber attack or disruption to essential services if a new Bill is passed in Parliament. This is considered a good thing for ordinary consumers or clients as this will ensure stricter compliance for institutions with regard to their cybersecurity hygiene.
The passage of the Bill increases the maximum penalty for violating a technology risk management requirement to $1 million.
However, a technology event that affects a financial institution’s customers or other industry participants may involve violations of several of these requirements, meaning that the financial penalty for a serious cyber-attack or disruption of an essential financial service could be much more than $1 million. These situations include disruptions to the ATM network and internet trading.
“The quantum proposed is intended to underscore the critical importance of technology risk management to FIs’ operations and the sound functioning of the financial system,” said Alvin Tan, Minister of State for Trade and Industry, and Culture Community, and Youth.
“This will strengthen the confidence and autonomy of these individuals when they carry out their duties and align the level of protection for them more closely with that of other public dispute resolution bodies in Singapore and internationally,” he added.
How a DPO can help organizations
A Data Protection Officer (DPO) oversees data protection responsibilities and ensures that organizations comply with the Personal Data Protection Act (PDPA). Every Organization’s DPO should be able to curb any instances of cyber threats as it is the officer responsible for maintaining the positive posture of an organization’s cybersecurity.
For instance, at Privacy Ninja, we randomly conduct simulated email phishing to clients to see if there are any vulnerabilities present that a bad actor can exploit and patch them to ensure that the client will never be a victim of such a scam.
DPOs complement the efforts of Organizations in battling scams as DPOs ensure that when there is an instance of a cyberattack, a protocol for dealing with it has been established and can be employed to protect the personal data of clients. DPOs play a crucial role when an organization is hit with phishing attacks as they ensure safeguards are put in place to combat it when it happens.
As a consumer who provides my very own sensitive information to each Organization I encounter or have a transaction with, I would feel safe if an organization would take an extra mile to protect my data to avoid a higher penalty.
Also Read: Guarding against common types of data breaches in Singapore