AML/CFT for crypto service providers
What are the AML/CFT measures imposed on DPT service providers?
MAS regulates DPT service providers for AML/CFT risks. The Payment Services Act requires DPT intermediaries that buy, sell or facilitate the exchange of DPTs for fiat currencies or other DPTs to identify and verify their customers, monitor transactions, keep records and to report suspicious transactions to the Suspicious Transaction Reporting Office.
Where DPT service providers also facilitate the transfer of DPT or provide custodian wallet services as part of their business, MAS intends to require that they apply AML/CFT measures to mitigate the risks posed by such services.
A person providing DPT services under the Payment Services Act 2019 is subject to AML/CFT risk mitigation measures. These requirements are set out in MAS Notice on Prevention of Money Laundering and Countering the Financing of Terrorism - Holders of Payment Services Licence (Digital Payment Token Service) (PSN02). Failure to comply with the requirements set out in the MAS Notice attracts a fine.
The MAS Guidelines to MAS Notice PSN02 on Prevention of Money Laundering and Countering the Financing of Terrorism – Digital Payment Token Service provide guidance on the requirements in the Notice.
The Notice requires, among other things, a DPT service provider to develop and put in place policies and procedures to assess the money laundering and terrorism financing ("ML/TF") risks presented by each customer. It must also assess the ML/TF risks on enterprise-wide level. This shall include a consolidated assessment of the payment service provider’s ML/TF risks that exist across all its business units, product lines and delivery channels. To assess the ML/TF risks presented by its customer, a DPT service provider must conduct customer due diligence to identify and know its customers (including beneficial owners), conduct regular account review and monitor and report any suspicious transaction.