Over the course of the past three to four years, the Singapore government and related statutory boards identified fintech as a potential growth area for the Singapore economy. Following on from this, a not insignificant amount of resources have been channelled into the space. By way of example, in August 2015, the Monetary Authority of Singapore (MAS) formed a Financial Technology and Innovation Group within MAS to drive such initiatives. In addition, Singapore offers an open banking platform via application programming interfaces for faster innovation and integration of new and legacy IT systems within the sector. MAS also launched a 'sandbox' as a safe space for fintech companies to experiment and roll out innovative products and solutions within controlled boundaries.
In conjunction with the above, there are several schemes aimed at supporting fintech innovation such as:
- the Technology Enterprise Commercialisation Scheme;
- the Financial Sector Technology and Innovation (FSTI) scheme; and
- the Capabilities Development Grant – Technology Innovation.
For the FSTI scheme, which is intended to support the creation of a vibrant ecosystem for innovation, MAS has committed S$225 million over a five-year period to help financial institutions set up innovation labs in Singapore, fund technology infrastructure to deliver fintech services, and provide support for early-stage development of innovative projects through the FSTI proof of concept initiative.
Other Singapore government initiatives that aim to deepen know-how in fintech and related areas include:
- AI.SG, a national programme to boost Singapore's artificial intelligence capabilities, which will initially focus on finance, city management solutions and healthcare. The National Research Foundation is expected to invest up to S$150 million in AI.SG over the next five years;
- Accreditation@SGD, through which the Info-Communications Media Development Authority independently evaluates Singapore-based technology product start-ups on whether their product functions in accordance with claims and provides an independent assessment of their ability to deliver, team, processes, and financial sustainability; and
- the Singapore Data Science Consortium, established as the key platform in Singapore for industry to access data science technologies, applications and expertise from academia.
i Licensing and marketing
Fintech-related legal work regularly covers a broad range of topics and typical topics include:
- financial regulatory and compliance (e.g., the type of licence that will need to be issued by the relevant authority or licensing exemptions that may be applicable to a fintech product or service);
- data protection (e.g., the obligations imposed on fintech companies in relation to personal data or personally identifiable information that they may handle);
- intellectual property issues (e.g., intellectual property protection and management); and
- financings (e.g., venture capital investments in fintech companies).
A fintech company should consider whether a licence from a regulatory authority is required (i.e., regulatory licensing issues) as a priority. This is to reduce the risk of a potential licence application procedure holding back the roll-out of a fintech product or service. Fintech products and services come in a variety of forms and there is no one 'fintech licence' that applies to all fintech products and services. Different pieces of legislation may apply to different fintech products and services depending on the scope of the product or service being offered. The specific regulatory authority that regulates the activities of the fintech product or service will vary depending on the scope of such product or service. From experience, the regulatory authorities that oversee fintech-related activities will typically be MAS, the Registry of Moneylenders and International Enterprise Singapore.
If the fintech product or service requires a licence from an authority, it will likely take months before a particular licence is issued. The speed of the grant of a licence will depend (among other things) on the quality and completeness of the application and the level of regulatory comfort that the fintech company provides to the authority. The authority will typically require some time to consider the details of the licence application and the fintech company may also need some time to respond to questions from the authority on the specifics of the product or service.
Depending on the specific scope of activities of the fintech product or service, the following (non-exhaustive) issues may need to be considered:
- licensing requirements for regulated activities under the Securities and Futures Act (SFA) (e.g., 'dealing in capital markets products' and 'fund management');
- prospectus requirements for the offer of securities to persons in Singapore under the SFA;
- licensing requirements for regulated activities under the Financial Advisors Act (FAA) (e.g., providing financial advisory services);
- licensing requirements for moneylending under the Moneylenders Act;
- licensing requirements for operating a remittance business under the Money-changing and Remittance Business Act; and
- regulatory requirements imposed on the operator of a 'payment system' or the holder of a 'stored value facility' under the Payment Systems (Oversight) Act.
Prior to undertaking any marketing of a fintech product or service, a fintech company should determine if it is undertaking a regulated activity and whether a licence is required for it to operate. There may be restrictions as to the scope of marketing activities that a fintech company can undertake and this will typically revolve around the issue of whether (and how) the activities of the fintech company is regulated. By way of example, a fintech company that operates a securities crowdfunding platform may hold a capital markets services licence for 'dealing in capital markets products (securities)' under the SFA. In facilitating the offer of shares to persons in Singapore, prospectus registration requirements under the SFA will be triggered. It is possible that reliance is placed on a specific prospectus registration exemption for such purposes and the invocation of such prospectus registration exemption carries with it advertising restrictions (i.e., restrictions on marketing the specific share). To use another example, an automated digital advisory or asset management company may be construed to be providing financial advisory services under the FAA or undertaking fund management under the SFA. It is possible that the fintech company had proposed (in its licence application to an authority) to only deal with 'sophisticated investors' (i.e., accredited investors and institutional investors as such terms are defined under the SFA). Following on from this, the relevant licence granted to the fintech company may have a condition that restricts the dealings of such automated digital advisory or asset management companies to 'sophisticated' investors. Such a restriction would restrict the ability of the fintech company to market its services to retail investors.
ii Cross-border issues
There is no concept of passporting of a fintech product or service under Singapore law. The fact that a fintech company is licensed in a foreign jurisdiction does not allow it to undertake regulated activities in Singapore on the basis that it is licensed in such jurisdiction. As such, the offering of fintech products and services to persons in Singapore may trigger licensing requirements in Singapore on the part of the offeror, regardless of its licensing status in another jurisdiction. This will depend on the actual type and scope of the products and services being offered.
What happens if a fintech company does not specifically target persons in Singapore in respect of its fintech product or service? The licensing requirements under the FAA and the SFA have extraterritorial effect. In this regard, 'where a person does an act partly in and partly outside Singapore which, if done wholly in Singapore, would constitute an offence under this Act, that person shall be guilty of that offence as if the act were carried out by that person in Singapore wholly in Singapore, and may be dealt with as if the offence were committed wholly in Singapore'. Where an act is done entirely outside of Singapore, licensing requirements would apply, where such conduct has a 'substantial and reasonably foreseeable' effect in Singapore. There is no bright line test as to when conduct will be seen to have a 'substantial and reasonably foreseeable' effect in Singapore and such an analysis should be undertaken on a case-by-case basis. The lack of marketing to persons in Singapore should be one of many factors to be considered.
iii DIGITAL IDENTITY AND ONBOARDING
For access to electronic services provided by the Singapore government and its statutory boards, such as filing of income taxes and paying parking fines, the Government Technology Agency (GovTech) issues and manages a national digital identity for individuals known as the 'SingPass'. Currently, Singapore citizens and permanent residents, as well as holders of certain documents that permit residency in Singapore (e.g., holders of employment passes and dependent passes), are eligible to register for a SingPass account.
SingPass also controls access to the MyInfo service, which is a store of their personal data either retrieved from Singapore government sources, or provided directly by that individual. While MyInfo was first designed for use by the Singapore government and its statutory boards, over 90 private-sector services including several financial service providers have now been permitted to use MyInfo to do away with the need for users to submit supporting documents when opening new bank accounts, applying for credit cards, purchasing life insurance or carrying out certain property transactions.
GovTech also issues and manages a corporate digital identity known as 'CorpPass'. Both locally and foreign registered entities are eligible to register for a CorpPass account, which in 2019 became the only login method for corporate transactions with the Singapore government.
A new national digital identity (NDI) system is presently being developed by the GovTech as part of the Singapore Smart Nation initiative, and it is expected to become operational in 2020. It is reported that GovTech will work with the private sector to develop services that make use of the NDI, which include the signing of digital agreements and secure storage of digital documents.
It is potentially possible for financial service providers to carry out fully digitised onboarding of clients. However, they would need to consider (and accept) electronic risk such as the following:
- integrity: the integrity of the electronic record (i.e., that the electronic record has not been altered or tampered with);
- identity: the identity of the parties involved, including whether they are authorised to issue such electronic records; and
- authority: where a client is a corporate entity, there is the additional risk of proving that the party issuing the electronic record or carrying out the electronic transaction has the requisite authority to transact on behalf of the client.
Depending on the particular type of financial services being provided, the provider would also need to consider relevant regulatory licensing issues.
IV DIGITAL MARKETS, FUNDING AND PAYMENT SERVICES
The marketing and management of collective investment schemes, the provision of equity crowdfunding platforms, peer-to-peer lending platforms and payment services will typically fall within the scope of regulated activities in Singapore. Fintech companies that intend to offer such products and services should consider whether they will require a licence and whether licensing exemptions may be relied on (if so desired).
V CRYPTOCURRENCIES AND INITIAL COIN OFFERINGS
There is no specific regulation of blockchain technology on its own. However, the manner in which blockchain technology is used and the product or service that is offered (based on blockchain technology) may be construed as a regulated activity.
MAS has indicated in a statement released on 1 August 2017 that the offer or issue of digital tokens in Singapore will be regulated by MAS if the digital tokens constitute products regulated under the SFA. Depending on the characteristics of the digital token, digital tokens could be construed as a form of security such as a debenture or share, a unit in a collective investment scheme or even a derivatives contract. If the digital tokens issued in an initial coin offering fall within the definition of securities, a collective investment scheme or derivatives contracts under the SFA (or display characteristics similar to such capital markets products), it will raise potential financial regulatory issues under the SFA and other laws pertaining to financial regulation in Singapore. These include (among other things) prospectus registration requirements on the issuer for an offer of securities, units in a collective investment scheme or securities based derivatives to persons in Singapore; and possibly licensing issues such as those for dealing in capital markets products by the issuer or intermediaries. In addition, platforms facilitating secondary trading of such digital tokens may also have to be approved or recognised by MAS as an approved exchange or recognised market operator respectively under the SFA.
In general anti-money laundering and combating the financing of terrorism (AML and CFT) rules apply to financial institutions that deal in cryptocurrencies and tokens and financial institutions that have customers that deal in cryptocurrencies and tokens. The relevant notices and guidelines that are imposed on financial institutions provide that financial institutions will need to identify the AML and CFT risks in relation to new products and new business practices, including new delivery mechanisms and new or developing technologies, that favour anonymity. Given that cryptocurrency transactions often involve anonymous transactions at some level, we would expect MAS to require financial institutions to pay particular attention to cryptocurrency-related transactions or transactions arising from cryptocurrency-related transactions.
VI OTHER NEW BUSINESS MODELS
There is no mandatory Singapore law that disqualifies self-executing contracts or 'smart contracts' (i.e., those that automatically self-execute if certain conditions are met), from being valid and enforceable under Singapore law.
There is no special legal framework that applies specifically to such contracts. These contracts would, of course, need to be valid under general law (e.g., the contract must fulfil the key elements for the formation of contract under Singapore law, including: offer and acceptance; consideration; and intention to create legal relations).
It is possible to enter into contracts electronically under Singapore law. Subject to exceptions,2 the general rule under the Electronic Transactions Act (ETA) is that information shall not be denied legal effect, validity or enforceability solely on the ground that it is in the form of an electronic record.3 The ETA also provides that in the context of the formation of contracts, an offer and the acceptance of an offer may be expressed by means of electronic communications.4 Where an electronic communication is used in the formation of a contract, that contract shall not be denied validity or enforceability solely on the ground that an electronic communication was used for that purpose.5 A correction mechanism such as arbitration and mediation can be made available – the dispute resolution method could be encoded into the contract.
A fully automated investment process (e.g., 'robo-advice') and third-party websites comparing products or providing information about financial products will typically fall within the scope of regulated activities in Singapore, although the precise scope of the investment process and the particular financial products being offered will affect the analysis. Fintech companies that intend to offer such products and services should consider whether they will require a licence and whether licensing exemptions may be relied on (if so desired). Both of these models will also be subject to intellectual property and data protection considerations, as further discussed in Section VII below.
Some fintech products and services that are relatively new in Singapore include various products built in reliance on blockchain, products that purport to have deep or self-learning or artificial intelligence aspects, and alternative authentication methods (replacing hardware security tokens). The regulatory and legal issues that they raise are dependent on the precise scope of the product or service being offered as well as the method through which the product is made available to the market. As an example, some products are developed for provision to 'traditional' financial institutions, where that financial institution maintains the client relationship. With this model, different MAS requirements may be relevant – for example, the fintech company may wish to engage the financial institution on the basis that its solution is compliant with Guidelines on Outsourcing Risk Management.
VII INTELLECTUAL PROPERTY AND DATA PROTECTION
Fintech business models and related software may be protected by various intellectual property rights in Singapore. Patent protection may be available, and the Intellectual Property Office of Singapore recently launched a new FinTech Fast Track initiative that facilitates a faster patent application-to-grant process for fintech inventions. Alternatives to patent protection include copyright or protection as trade secrets or confidential information, depending on the nature of the business model. Software would generally be protected by copyright. It is not necessary to carry out any registration in Singapore to obtain copyright protection.
If an employee develops an original work in pursuance of the terms of his or her employment, the default rule is that ownership of the copyright in the original work vests in the employer. If a contractor develops an original work, the default rule is that the contractor continues to own the original work. However, it is common for employees and contractors to be bound by written contractual obligations that specify ownership of the intellectual property they develop, and these default rules may be overridden. Fintech companies should ensure that their employees and contractors enter into such agreements.
The Personal Data Protection Act 2012 (No. 26 of 2012) (PDPA) would apply to client data to the extent that it comprises personal data, which is defined as 'data, whether true or not, about an individual who can be identified (a) from that data, or (b) from that data and other information to which the organisation has or is likely to have access'. In brief, there are two key parts of the PDPA:
- protection of an individual's personal data, including in relation to requiring consent, granting access and correction rights, requiring reasonable security, and limiting transfers overseas; and
- establishment of a do-not-call registry for individuals to opt out from receiving certain types of marketing messages addressed via Singapore telephone numbers.
Internet protocol solutions may still be subject to the do-not-call registry (e.g., one such solution subject to this regime is WhatsApp).
Client data will also be protected by the common-law obligations of confidentiality. A recipient of data would be subject to confidentiality restraints where data or information in question is:
- confidential as regards the giver of the data or information; and
- imparted under circumstances where the recipient knew or ought to know that the data or information in question was confidential.
If confidential information is disclosed without consent, there is a risk that such disclosure would be in breach of confidence.
Singapore also has banking secrecy and trust secrecy regimes. While there are no special rules specifically focused on regulating the digital profiling of clients, it would be relevant to consider the PDPA and the various other data protection and privacy-related regimes in the implementation of a profiling solution, especially for companies providing financial services.
VIII YEAR IN REVIEW
The current legal framework governing payment services in Singapore is found in different pieces of legislation and certain parts of such legislation may not be easily applicable to an online context. In 2016, MAS embarked on a review of the regulatory framework governing payment services in Singapore with a view to modernising and streamlining the existing frameworks to encourage the wider adoption of electronic payments (e-payments) in Singapore. Arising from this review, MAS consulted twice on the proposed activity-based Payment Services Bill (the Bill) in August 2016 and November 2017. MAS also consulted on a set of guidelines to standardise and enhance the protection given to users in the context of unauthorised or mistaken payment transactions. On 14 January 2019, the Bill was passed in Parliament. The Payment Services Act has not, however, come into effect. Once the Act comes into effect, it may be the case that there may be more e-payment companies entering the Singapore market.
IX OUTLOOK AND CONCLUSIONS
When we first started advising on fintech-related matters, many of the fintech companies were not looking to be licensed and wanted to structure their product or service to rely on available licensing exemptions. Subsequently, as certain models of fintech products and services became more common (e.g., peer-to-peer lending and equity crowdfunding models), MAS provided greater guidance on the regulatory treatment of these models. Following on from this, there was a shift towards fintech companies seeking to be licensed. We believe that the current models of fintech companies will probably persist but the manner in which they will be operationalised will change. In this respect, we believe that many of these models will utilise blockchain technology in their products or services. It is also likely that other models leveraging blockchain technology will appear in the market (e.g., tokenised assets).
1 Adrian Ang V-Meng and Alexander Yap Wei-Ming are partners at Allen & Gledhill LLP.
2 Section 4(1) of the ETA, read together with the First Schedule to the ETA, provides that the entirety of Part II of the ETA does not apply to the following categories of documents: (1) the creation or execution of a will; (2) negotiable instruments, documents of title, bills of exchange, promissory notes, consignment notes, bills of lading, warehouse receipts or any transferable document or instrument that entitles the bearer or beneficiary to claim the delivery of goods or the payment of a sum of money; (3) the creation, performance or enforcement of an indenture, declaration of trust or power of attorney with the exception of constructive and resulting trusts; (4) any contract for the sale or other disposition of immovable property, or any interest in such property; and (5) the conveyance of immovable property or the transfer of any interest in immovable property.
3 'Electronic record' is defined very broadly as 'a record generated, communicated, received or stored by electronic means in an information system or for transmission from one information system to another'. 'Information' includes 'data, text, images, sound, codes, computer programs, software and databases'.
4 'Electronic communication' is defined as 'any communication that the parties make by means of electronic records'.
5 Section 11 of the ETA.