How are e-wallets safeguarded?
E-Wallets are safeguarded under the Payment Services Act (PSA) which requires e-wallet providers in Singapore to be licensed as payment service providers.
E-Wallets are safeguarded under the PSA which sets out the regulatory framework for payment services in Singapore. The PSA adopts an activity-based and risk-focused licensing framework for different types of payment services.
The provider of an e-wallet conducts the following payment services and will have to obtain a licence from the MAS for the same.
- An account issuance service through the creation of the e-wallet to store value.
- A merchant acquisition service which enables usage of the stored value in e-wallets for the purchase of goods and services.
- Potentially, an e-money issuance service which allows users to pay merchants or transfer e-money to other individuals.
There are 3 classes of licenses under the PSA – a money-changing licence, standard payment institution licence and the major payment institution licence. These are intended to deal with different combinations of payment services which a provider may offer, and each provider needs to hold only one of the 3 classes of licenses.
The provider of an e-wallet who provides the payment services mentioned will have to obtain a standard payment institution licence or major payment institution licence depending on whether their transaction flow or e-money float thresholds are below or exceed the following thresholds:
- S$3 million monthly transactions for any payment service (other than e-money account issuance and money-changing services).
- S$6 million monthly transactions for two or more payment services (other than e-money account issuance and money-changing services).
- S$5 million of daily outstanding e-money.
Licensees are required to comply, on an ongoing basis, with all applicable requirements under the PSA and other relevant legislation. They are expected to put in place systems, policies and procedures to ensure that they meet all ongoing obligations, including certain key areas, as follows:
- Comply with anti-money laundering and countering financing of terrorism requirements set out in the Notices on Prevention of Money Laundering and Countering the Financing of Terrorism [PSN01 and PSN02] and Notice on Reporting of Suspicious Activities & Incidents of Fraud [PSN03].
- Submit periodic returns in relation to its payment services activities in accordance with the PSR, as set out in the Notice on Submissions of Regulatory Returns [PSN04].
- Comply with cyber hygiene requirements set out in the Notice on Cyber Hygiene [PSN06] and put in place appropriate safeguards to protect customer information.
- Comply with business conduct requirements in the PSA, the PSR and the Notice on Conduct [PSN07]. the requirements including safeguarding of customers' monies, record of transactions, issuance of receipts, adhering to the prescribed time period for transmission of money, display of exchange rates and fees, and notification of normal business hours. Licensees must also ensure that they comply with all prohibitions and restrictions, including personal payment account stock and flow restrictions, as well as prohibited business activities.
- Make accurate representation on the scope of its licence and provide the disclosures set out in the Notice on Disclosures and Communications [PSN08] where applicable to its business. A licensee must also ensure that customers receive timely updates regarding any material changes to the disclosures.
- On an annual basis, appoint an auditor to carry out audit of its accounts and transactions, and compliance with regulations and requirements.
Licensees are also expected to comply with MAS Guidelines such as the Guidelines on Technology Risk Management and E-payments User Protection Guidelines and keep abreast of regulatory changes.