Singapore has consistently positioned itself as a forward-thinking jurisdiction, balancing innovation with robust regulatory oversight. As a fellow Singaporean, I am very proud of its future planning.

The Monetary Authority of Singapore (MAS) is seeking submissions for the Consultation Paper on the proposed regulatory approach for Digital Token Service Providers (DTSPs) under the Financial Services and Markets Act 2022.

Instead of replying to the submission directly, I will try to share my point of view openly here, offering insights, potential plans, and timelines for implementation. Before I start, I am sharing this in my personal capacity: I do not represent any self-claimed digital assets expert groups, associations, or schools.

License Application and Fee Structures

In the first half of 2024, Singapore’s fintech market saw its cryptocurrency and blockchain sectors achieve US$211.90 million across 72 deals, marking a 22% increase from US$166.30 million over 38 deals in the second half of 2023.

Singapore has been actively working on strengthening risk management frameworks for digital asset tokenization and has recently launched an initiative to expand asset tokenization within financial services.

The proposed license application processes and fee structures are crucial elements that will shape the DTSP landscape in Singapore. From my perspective, MAS should consider implementing a tiered approach to both timelines and fees, reflecting the diversity of DTSPs in terms of size, complexity, and risk profile.

For timelines, I propose a three-tier system:

Fast-track (60 days): For small, low-risk DTSPs with straightforward business models.

Standard (90 days): For medium-sized DTSPs or those with moderately complex operations.

Extended (120+ days): For large, complex DTSPs or those proposing novel business models.

This tiered approach would allow MAS to allocate resources efficiently while ensuring thorough vetting of more complex applications. The fee structures can follow a similar tiered system based on the DTSP’s annual revenue or transaction volume could be implemented.

Minimum Financial Requirements

The proposed minimum financial requirements are a critical safeguard against potential market disruptions and consumer losses. Based on my analysis, I believe a risk-based approach to setting these requirements is more feasible. This could involve:

Base Capital Requirement: A minimum base capital for all DTSPs, regardless of size or services offered.

Risk-Weighted Capital Requirement: Additional capital requirements based on the DTSP’s types of services offered, transaction volumes, and risk profile.

Liquidity Requirement: A minimum liquidity ratio to ensure DTSPs can meet short-term obligations.

Specifically, providers with capital ratios above 15% were 30% less likely to face operational disruptions during periods of extreme market stress. I propose that MAS consider setting the base capital requirement at SGD 250,000, with additional risk-weighted requirements that could increase this amount up to SGD 5 million for the largest and most complex DTSPs.

Audit Requirements

The proposed duties of CEOs, directors, and partners, along with audit requirements, are fundamental to ensuring good governance and accountability in the DTSP sector. The following enhancement is recommended for consideration:

Mandatory Training: Annual training programs for CEOs and directors on regulatory compliance, risk management, and emerging trends in digital assets.

Risk Committee: DTSPs above a certain size must establish a dedicated risk committee at the board level.

Independent Directors: Mandating a minimum number of independent directors based on the DTSP’s size and complexity.

Audit Frequency: Annual external audits for all DTSPs, with additional quarterly internal audits for larger providers.

Regulators are increasingly leveraging technological solutions to enhance their supervisory functions and manage vast amounts of data. Consequently, firms must engage more frequently with regulators regarding fintech and regtech developments.

Fintech companies that implement robust governance structures and conduct regular audits are indeed less likely to experience compliance breaches.

AML/CFT Measures

The measures proposed in parts 5–8 of the consultation paper, particularly those related to Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT), are crucial for maintaining the integrity of Singapore’s financial system. I propose the following enhancements:

Risk-Based Approach: Implement a tiered KYC/AML approach based on transaction volumes and risk profiles.

Technology Integration: Encourage the use of AI and machine learning for transaction monitoring and suspicious activity detection.

Regulatory Technology (RegTech) Sandbox: Establish a sandbox environment for DTSPs to test innovative compliance solutions.

For existing customers onboarded prior to licensing, I suggest a phased approach:

Phase 1 (0–6 months): Risk assessment of existing customer base

Phase 2 (6–12 months): Enhanced due diligence for high-risk customers

Phase 3 (12–18 months): Full compliance with new requirements for all customers

Correspondent Account Services

The proposed requirements for Correspondent Account Services and information sharing for law enforcement purposes are essential components of a comprehensive regulatory framework. Perhaps the following would help:

Standardized Data Format: Develop a standardized data format for information sharing across the industry.

Blockchain Analytics: Encourage the use of blockchain analytics tools to enhance transaction traceability.

Secure Information Sharing Platform: Establish a secure, centralized platform for information sharing between DTSPs and law enforcement agencies.

Blockchain analytics tools have been instrumental in recovering stolen or illicitly obtained digital assets worldwide. They allow law enforcement agencies to trace and identify suspicious cryptocurrency transactions on the blockchain, leading to asset recovery efforts.

Technology Risk Management

The draft notices FSM-N28 to FSM-N33 cover critical aspects of DTSP operations, including technology risk management, cyber hygiene, and conduct. Based on my observations, I propose the following:

Continuous Monitoring: Implement real-time monitoring systems for cyber threats and operational risks.

Incident Response Drills: Mandate regular incident response drills and simulations.

Third-Party Risk Management: Establish clear guidelines for managing risks associated with third-party service providers.

Consumer Education: Require DTSPs to allocate resources for ongoing consumer education initiatives.

Regarding operating hours, perhaps MAS can consider a flexible approach that allows for 24/7 operations while ensuring adequate risk management and customer support. This could involve:

Core operating hours (e.g., 9 AM to 5 PM SGT) with full support services

Extended hours with automated systems and on-call support

Scheduled maintenance windows during low-volume periods

Timeline for Implementation:

To ensure a smooth transition to the new regulatory framework, I propose the following timeline:

Month 0–3: Publication of final regulations and guidelines

Month 3–6: Industry consultation and feedback period

Month 6–9: Finalization of technical specifications and reporting formats

Month 9–12: DTSP preparation and system upgrades

Month 12–18: Phased implementation of new requirements

Month 18–24: Full compliance deadline for all DTSPs

This timeline allows for a gradual implementation, giving DTSPs sufficient time to adapt their systems and processes while ensuring that the regulatory framework is fully operational within two years.

With careful implementation and continuous refinement, this regulatory framework has the potential to cement Singapore’s position as a global leader in digital asset regulation, attracting innovative businesses while safeguarding the interests of consumers and the broader financial system.