Financial Services and Markets Bill

Order for Second Reading read.

7.03 pm

The Minister of State for Trade and Industry (Mr Alvin Tan) (for the Prime Minister): Mr Speaker, Sir, on behalf of the Prime Minister, I beg to move, "That the Bill be now read a Second time".

Sir, the financial sector is dynamic and rapidly evolving, driven by innovation, digitalisation and the design of new products and services. The sector has transformed significantly in recent years, in terms of the types of transactions and the persons, institutions and technology conducting these transactions.

We must ensure that the Monetary Authority of Singapore (MAS) keeps abreast of these developments and that we equip it with the necessary tools to facilitate the development of these new products and services, while managing the risks involved. There are two key angles in this Bill that will improve MAS' effectiveness in doing this. First, it enhances MAS' regulatory and enforcement framework across the financial sector, besides the rules designed for each segment of the sector.

[Deputy Speaker (Ms Jessica Tan Soon Neo) in the Chair]

We will consolidate some of MAS' powers on similar issues, which are currently spread across various Acts into one single Bill. For instance, the proper management of technology risk and measures to instill proper conduct amongst professionals in the financial sector. Second, it addresses regulatory challenges presented by the digitalisation and transformation of financial markets.

Let me speak briefly on why these are needed and important improvements.

First, the need to enhance sector-wide regulatory effectiveness. MAS presently regulates the financial sector through various Acts, each of which focuses on specific sectors and activities. For example, the Securities and Futures Act regulates the capital markets and its participants, while the Insurance Act deals with the activities of insurance firms and agents, amongst others.

And because the regulatory framework is structured in this manner, certain MAS powers, such as the power to issue prohibition orders, or POs, or the power to impose technology risk management requirements, can be found in the different Acts, sometimes in differing forms.

They may also not be found in all of the MAS-administered Acts. For instance, the current powers to issue POs only apply to persons who provide capital markets services, financial advisory services or insurance services. And this is clearly not comprehensive enough, as it leaves out other traditional sectors, such as banking, as well as newer ones, like payment services.

There are also other powers in the MAS Act which cut across the different sectors within the financial sector. These include: one, those relating to anti-money laundering and the countering of financing of terrorism (AML/CFT); and two, the resolution of financial institutions (FIs) in distress and financial industry dispute resolution schemes. These powers will now be housed under the Financial Services and Markets (FSM) Bill, which acts as an omnibus Bill.

Madam, as I mentioned, the second key angle of the Bill is digitalisation, which is fundamentally transforming the financial sector. For example, vastly more financial transactions are now conducted digitally through mobile applications and virtual assets, such as bitcoins and non-fungible tokens (NFTs) are becoming more common globally. MAS is committed to facilitating growth opportunities presented by digital finance and the cheaper and more convenient services it often brings for consumers, while guarding against new risks involved.

These digital transformations could disrupt and challenge existing regulatory frameworks, which were designed for more traditional forms of financial transactions and services. For example, digital tokens service providers, or DT service providers, could easily structure their businesses to evade regulation in any one jurisdiction as they operate mainly online. And we could be exposed to reputational risks brought by DT service providers created in Singapore and which provide services relating to virtual assets, such as bitcoin, outside of Singapore. So, this FSM Bill seeks to mitigate such risks by licensing these players and imposing AML/CFT requirements on them. The Bill also enhances MAS' powers to ensure that FIs bolster their security and resilience of digital services.

In short, to continue safeguarding Singapore's financial stability and maintaining public confidence in our financial sector, we must update our regulatory and enforcement framework to plug existing gaps and keep up with new risks emerging from an increasingly integrated, digitised and complex financial market.

MAS has consulted both the industry and the public and received broad support for the FSM Bill. MAS has then incorporated the feedback received into the FSM Bill, where appropriate. Sir, I will now go through each of the four key aspects of the FSM Bill, starting with the power to issue POs.

The FSM Bill provides MAS with broad powers to impose POs against persons who have shown themselves to be unfit to perform key roles, activities and functions in the financial industry. POs are issued in cases of serious misconduct, such as to individuals who have been convicted of fraud or dishonesty in respect of their dealings with customers. The issuance of such POs can also deter others from committing similar lapses.

However, there are limitations to MAS' current PO powers. MAS can only issue POs to certain specified persons under the Financial Advisors Act, or FAA, the Securities and Futures Act (SFA) and the Insurance Act (IA), such as trading representatives and insurance agents. However, there are people who work in the financial industry who do not fall within these existing categories. For example, it would not be possible to issue a PO to a bank manager, unless he is also a person to whom POs may be issued under any of the three previously mentioned Acts.

Furthermore, while MAS has been decisive in issuing POs to individuals who have committed serious misconduct, such as in the 1MDB case, its powers have only enabled it to prohibit individuals from carrying out key regulated activities under the three Acts, such as providing financial advisory services. MAS' existing powers do not extend to prohibiting persons from carrying out other activities, including providing payment services or conducting other important functions in the financial industry, such as risk management or compliance and the administration of critical systems.

The FSM Bill broadens the categories of persons who may be subject to POs, rationalises the grounds for issuing POs, from a list of specific criteria to a single fit and proper test, and widens the scope of prohibition to cover functions that are critical to the integrity and functioning of financial institutions. The revised PO powers are broadly aligned with those in Australia, Hong Kong, the UK and the US.

MAS will continue to exercise its PO powers judiciously, taking into account the nature and severity of each misconduct and its actual and potential impact on trust in our financial sector. Existing checks and balances will continue to apply. Before MAS issues a PO to any person, the person has an opportunity to make representations to MAS and, if MAS proceeds with issuing a PO, the person has the right to appeal to the Minister.

Madam, I will next speak on the enhanced regulation of DT service providers for money laundering and terrorist financing, or ML/TF risks. The Financial Action Task Force (FATF) has strengthened international standards for virtual assets service providers, or VASPs, in June 2019, for this purpose. We have already made amendments to existing legislation to implement these enhanced standards. VASPs are termed as digital token service providers for the purpose of the FSM Bill and I shall refer to them as DT service providers.

Entities that conduct the business of providing DT services in Singapore are subject to current legislation, regardless of where they are established. However, DT service providers created in Singapore, but without providing any DT services in Singapore, are currently unregulated for AML/CFT.

Further, these entities may claim to be headquartered here to take advantage of Singapore's global reputation, and this creates reputational risks for Singapore. This regulatory lacuna is global. Where a DT service provider established in one jurisdiction does not provide services in that jurisdiction, but offers its services digitally to other markets, the gap in the current global regulatory framework leads to no single jurisdiction having sufficient regulatory hold over the DT service provider for its ML/TF controls.

To close this gap, the enhanced FATF standards require DT service providers to be at least licensed or registered in the jurisdiction, or jurisdictions, where they are created.

Persons that provide DT services in Singapore will continue to be regulated under existing MAS administered Acts. The FSM Bill will regulate all persons in Singapore who conduct a business of providing DT services purely outside of Singapore, if they are created in or operate their businesses from Singapore. The FSM Bill will regulate such DT service providers a new class of FIs, primarily for ML/TF risks.

The FSM Bill will introduce licensing requirements and general powers over DT service providers, including powers for MAS to conduct AML/CFT inspections and to render assistance to domestic authorities and MAS' foreign AML/CFT supervisory counterparts.

MAS will also impose other requirements on DT service providers, such that they have a meaningful presence in Singapore and MAS has adequate supervisory oversight over them. The AML/CFT requirements imposed on DT service providers will be aligned with the requirements imposed on digital payment token service providers regulated under the Payment Services Act.

Madam, I will now speak on the harmonised power to impose requirements in technology risk management (TRM). The Bill consolidates existing TRM requirements made under various MAS-administered Acts by introducing powers within the FSM Bill that apply to any FI or class of FIs. The powers will enable MAS to impose requirements in TRM, as well as in the safe and sound use of technology to deliver financial services and to protect data.

As I mentioned earlier, FIs today rely heavily on technology to deliver financial services. However, the current maximum penalties that can be imposed for breaches of TRM requirements are not commensurate with the potential widespread impact to FIs' customers and the financial industry that could result from such breaches. With the passing of the FSM Bill, the maximum penalty for each breach of a TRM requirement will be raised to $1 million. A technology event which impacts an FI's customers or other industry participants could involve breaches of several TRM requirements. So, this means that an FI could face a much higher than $1 million financial penalty for a serious cyber attack or disruption to essential financial services where multiple breaches of TRM requirements are established, for example, an ATM network disruption or online trading disruption.

The quantum proposed is intended to underscore the critical importance of TRM to FIs' operations and the sound functioning of our financial system. The quantum was derived after considering existing penalty regimes of various other jurisdictions and Singapore Government agencies. For example, a contravention of the relevant provisions in the Telecommunications Act and Personal Data Protection Act can attract a financial penalty of $1 million. In Hong Kong, a breach of data protection requirements can result in a financial penalty of HK$1 million. In addition to the penalty imposed for a breach of TRM requirements, MAS is empowered to take other supervisory actions, such as requiring FIs to set aside additional regulatory capital until MAS is satisfied that adequate technology risk control measures have been put in place to address deficiencies.

Lastly, let me speak on the statutory protection from liability for mediators, adjudicators and employees of an operator of an approved dispute resolution scheme.

Presently, an adjudicator, employee, officer or representative of the Financial Industry Disputes Resolution Centre, or FIDREC, which operates an approved financial dispute resolution scheme, is contractually conferred certain protection from claims by a complainant or an FI.

The FSM Bill will provide statutory protection for such persons. This will strengthen the confidence and autonomy of these individuals when they carry out their duties and align the level of protection for them more closely with that of other public dispute resolution bodies in Singapore and internationally.

They will be protected from liability if they acted with reasonable care and in good faith in the course of mediating or adjudicating a dispute. They will, however, continue to be liable for acts involving wilful misconduct, negligence, fraud or corruption.

Mdm Deputy Speaker, in conclusion, the FSM Bill will enable and empower MAS to respond more effectively to the opportunities and challenges posed by a dynamic and rapidly evolving financial sector. It will also position Singapore to strengthen our role and reputation as a safe, trusted and innovative global financial centre that creates good jobs and opportunities for our people. Madam, I beg to move.

Question proposed.

7.19 pm

Mr Saktiandi Supaat (Bishan-Toa Payoh): Mdm Deputy Speaker, first, I would like to declare that I am employed by an MAS-licensed bank in Singapore.

On this Bill, I would like to raise some clarifications and suggestions on managing the regulatory costs or burden on market participants. These are grouped into three main areas – the need for a coherent and consistent regulatory framework, avoiding over-regulation and guarding against unintended burdens on entities or individuals.

The first area is the continuing push for a coherent and consistent regulatory framework. Our regulatory requirements should be easy to understand so that market participants do not have to waste time and costs trying to figure them out, or to "over-comply" on the safe side.

I, therefore, applaud the efforts to adopt a financial sector-wide regulatory approach in the consolidation of some of MAS' regulatory powers into this one Bill. My first question is whether this Bill is merely the first step in a broader exercise to rationalise our regulations on a financial sector-wide basis. Will we gradually see the transposition of more pieces of our regulatory fabric into this FSM Bill, if passed? This could allow us to surface and harmonise the possible inconsistencies in related regulations or how they are implemented.

There is one part of this Bill that seems to cut against a financial sector-wide regulatory approach. In Part 9 of the Bill, MAS seeks to introduce a regime to license and regulate digital token service providers based in Singapore but who provide digital token services outside Singapore. As I understand it, digital token service providers who are providing such services in Singapore will continue to be licensed and regulated under the more extensive requirements in the Payment Services Act, the Securities and Futures Act and/or the Financial Advisers Act.

I support the implementation of the Financial Action Task Force's (FATF) recommendation to ensure that virtual asset service providers are at least regulated in their home jurisdiction for money laundering and terrorist financing (ML/TF) risks.

At the same time, we should also consider other regulatory aims, such as consumer protection, prudential safety and anti-market manipulation, even for those "export" service providers who only provide their digital token services outside of Singapore. Even if a particular digital token service is being provided abroad, Singaporeans and Singapore may still be exposed to that digital token and its risks.

For example, we may wish to subject Singapore token advertisers who advertise outside of Singapore to the same restrictions that had recently been issued to Digital Payment Token service providers regulated under the Payment Services Act. The high level of Internet accessibility and connectivity that Singaporeans enjoy means that we can no longer so clearly separate what is inside and outside of Singapore.

Subjecting regulated digital token service providers to the same rules, regardless of whether they are providing digital token services inside or outside Singapore, would simplify compliance for them. It would avoid the situation where a single digital token service provider is potentially subject to different legislation and regimes. However, that probably turns on the following deeper questions. Has MAS studied crypto and virtual assets sufficiently to rationalise the piecemeal guidance it has issued to respond to specific issues and to articulate its holistic strategy to regulate such assets?

Another question that I have is whether MAS has considered carving out such "export" service providers from licensing and regulation under the FSM Act if they are already being regulated in another jurisdiction which enforces the FATF Standards at the minimum, for example, where their services are being provided. This would prevent duplicative compliance costs from having to comply with the multiple regulatory regimes but still meet the FATF's intent to mitigate the risk of regulatory arbitrage.

Mdm Deputy Speaker, the second area is to be careful not to over-regulate and stifle the financial industry. Excessive compliance burdens can cause market participants to re-evaluate whether they should continue operating out of Singapore. Such "offshoring" not only reduces jobs and opportunities, but also hinders the development of an ecosystem in budding areas like fintech.

Clause 29 of the Bill empowers MAS to impose requirements of TRM on any FI it regulates. Importantly, the maximum penalty for non-compliance with such TRM requirements is proposed to be $1 million plus $100,000 for every day that the offence continues after conviction, to signal the importance of TRM in light of the serious effects of any potential disruption.

This high penalty might have the chilling effect of discouraging FIs from working with fintech startups which typically have small operations and may not be able to invest in layered and complex cybersecurity defences. As we are recovering from the effects of the COVID-19 pandemic, some have also opined that MAS should take a more supportive and facilitative approach by helping FIs scale up on TRM, instead of threatening FIs with a big stick.

Considering Singapore's aim to nurture a wider fintech ecosystem, including for startups, could MAS perhaps instead consider requiring any prospective licensees to present adequate cybersecurity plans as a condition for granting or renewing licences? This was a suggestion which I had mooted in this House last year. Such cybersecurity plans could include risk management measures, such as security audits of systems and servers and regular bug bounty programmes, to identify gaps ahead of malicious hackers, facilitating job and development opportunities for local white hat hackers and other cybersecurity talents.

Like the Personal Data Protection Commission, MAS could stipulate the existence and extent of such voluntary plans and undertakings as an additional factor to mitigate any penalty that is imposed on a regulated entity if a breach or disruption event occurs.

Finally, the third area is to guard against the unintended effects of our regulation, especially as the market participants find ways to "shift" or "pass on" the regulatory burden.

Part 3 of the Bill proposes to introduce a single, harmonised power to issue Prohibition Orders, or POs, to persons to prevent them from performing particular functions in Singapore's financial sector. This will replace the MAS' existing powers to issue POs to different individuals on different grounds under different legislation. As a preliminary question, when will this new PO regime be brought into effect? And MAS' consultation response suggests that sufficient notice will be given before the PO provisions are brought into effect, even after this Bill passes into law.

A key change is the broadened categories of persons who may be subject to POs, beyond employees of FIs performing regulated functions and including the service providers of FIs. Importantly, it will be a criminal offence for the FI itself, if it were to employ, or use the services of, a person against whom a PO is made.

Would the defence of taking all reasonable steps to ensure compliance and reasonable belief of compliance allow FIs to simply "shift" the regulatory burden to its service providers? It would not seem fair to allow a bigger and better-resourced FI to rely on its service provider's contractual warranties and covenants, and effectively pass the regulatory burden to a smaller service provider who might not primarily operate in the regulated financial sector.

Is MAS intending to create and maintain a public register of POs beyond the current publication of formal regulatory and enforcement actions taken by MAS on its "Enforcement Actions" webpage? This would make it easier for all FIs and/or their service providers to comply with the PO regime.

We must also be conscious of the impact caused to individuals who have been, or may in the future be, issued with a PO. Given the expanded scope for which POs may be issued, FIs may require some clarity in the form of MAS' guidance on the specific scope of POs issued in the newly-extended areas. Any ambiguity could create employee deployment issues for FIs and may drive them to terminate or refrain from hiring persons who have been issued with a PO entirely. Is there any data or study on the number of persons who had previously been issued with a PO and who have, thereafter, returned to the financial sector?

As MAS has explicitly noted, POs materially affect individual livelihoods and we must calibrate the impact of POs precisely. While it is important to prevent unfit persons from performing specific roles in the financial sector and to deter others from committing similar misconduct, we should ensure that those who have made mistakes are punished adequately for their errors, and no more. In that vein, can I ask the Minister if an individual's previous PO can be purged from the records after a specific period of time?

In conclusion, Mdm Deputy Speaker, our continued success as a financial hub will depend on how we balance the strict enforcement of integrity, competence and financial soundness standards with the management of compliance costs. We must constantly revisit this balance to stay ahead of rapid technological and other developments and to keep our lead as a market-leading and trusted financial centre. I support the Bill.

7.29 pm

Assoc Prof Jamus Jerome Lim (Sengkang): Those of us who have travelled or lived in the US may be aware that if we open a bank or credit card statement and we notice an unrecognised transaction, we would simply call the financial institution, report the incident and, in most instances, the customer service officer will, eventually, remove the error transaction, often after some investigation.

I used to view this as an anomalous luxury, the sort of sociocultural exceptionalism that only a global financial superpower like the US will be able to conjure. But I now understand that, much like the ability to return goods, no questions asked, within a stipulated timeframe or the ability to access long-term fixed-term mortgages, these features of economic life result from regulatory and legislative choices that the US has chosen. Indeed, many other OECD economies have weaved together laws and regulations that afford much more financial protection for the average consumer than we have been able to muster.

Mdm Deputy Speaker, the FSM Bill of 2022 brings together a host of hitherto disparate financial sector requirements that fall under MAS into a single piece of legislation. Such consolidation is welcomed, of course, not least because it renders transparent the full scope of rules and regulations MAS oversees.

The omnibus Bill is wide-ranging and touches on matters as diverse as anti-money laundering (AML) and combating financing of terrorism (CFT) provisions, requirements for technology risk management and statutory protection for financial dispute resolution agents.

While I support the Bill, I will focus my remarks on Part 5, which have to do with technology risk management. I will do so through the lens of the consumer and, in particular, consumer protection.

Before I proceed, I declare that I am the Chief Economist Emeritus of a wealth management advisory outfit.

Banking-related fraud is pervasive in Singapore. In 2020, there were 893 reported cases of banking-related phishing activities, costing victims at least $3.3 million. And in the first half of 2021, excluding the $13.7 million loss from the OCBC episode, already 535 cases were reported, tallying at least $2.1 million. The number of scam cases has steadily risen and this trend is unlikely to retreat.

I am certain that many of us have had residents come to us for help with banking scams. For the recent OCBC phishing scam alone, I had two different residents wo reached out to me. The scams had wiped out their life savings. And I felt helpless – not as helpless as they did – but I certainly felt helpless that I could not offer more than to reach out to the banking institutions to share their side of the story, reassure them that the Police were working on resolving their cases and offer to follow up with agencies that they felt were not being responsive. But I could not tell them that Parliament was working to better protect them and others like them with the specific force of law.

As online services become increasingly the norm in Singapore, the opportunities and incentives for bad actors will increase. While banking scams are impossible to completely eradiate, we can better manage the acceptable level of risk. But our legislative efforts have largely been cautionary, by encouraging individuals to exercise the appropriate cyber-hygiene, as if we needed another type of hygiene situation to worry about; or reactive, when the Police force is mostly left with belated attempts to track down and apprehend perpetrators, many of whom will never ever be found, or will fall beyond the reach of our current laws.

The banking sector, to date, has appealed to the viability of self-regulation. Indeed, on paper, some of these additional protections may have helped prevent some instances of fraud, had they been operative. But many were not.

As I shared with this House in February, my Sengkang colleague, Louis Chua and I conducted a simple experiment where we tested PayNow safeguards by transferring sums in excess of $1,000, the stated maximum daily transfer limit allowed without requiring token authentication. As I shared then, we were able to do so without any two-factor authentication (2FA), beyond the PIN. We have since repeated the experiment – all good science must be replicable – and I can confirm that we were still able to breach the stated limits without a token.

Mdm Deputy Speaker, Part 9 of the Bill exhaustively deals with aspects of digital token service providers. However, even the most finely-tuned stipulations will be of limited efficacy if the tokens themselves are not deployed as intended.

Moreover, lapses of this nature are not isolated. Another customer shared about how her mother's credit card limit was breached by almost two times, without any alert or the credit line being frozen.

I have had residents share with me about how, after they had inadvertently released their banking information to the scammer, they realised their mistake and, within the following hour, called the bank to request forfeiting of further transactions. But the long hold times and, ironically, security verification procedures meant that the fraudulent transfers could take place in the interim.

As experts in the financial world, banks and their staff hold a duty of care to their customers. They hold a far greater knowledge of the inner workings of illegal modus operandi – money mules, laundering, impersonation, scam rings – than the average customer. Moreover, they have access to the customer's banking history, which can be used to detect anomalies or deviations in their regular behaviour. Scams and phishing operations have grown so sophisticated that the average layperson – not to mention those who are not comfortable with technology – cannot always be reasonably expected to routinely identify and proactively avoid them.

To be fair, such due diligence is already exercised in limited form today, which means that it is clearly doable. Software-led detection of anomalous transactions has been employed by American credit card companies for decades.

More recent advances in big data and machine learning have refined such techniques even further. These have been deployed to help thwart scam attempts even here. But absent stricter legislative consequences that would spread the costs of breaches and establish a minimum standard of care for retail banking customers, the effects of the inevitable lapses will continue to mainly be borne by the end-user. This still leaves enormous leeway for how banks currently choose to handle scam cases, with very limited recourse for the consumer. As a nation, we have never shied away from complementing regulation with legislation. There is little reason for us to revise this now.

In principle, the Government has already tools to enforce greater discipline on banks to ensure that consumers are better protected. But there are reasons why the banking regulator, MAS, has been a little more reactive than proactive.

First, banking regulation is but one of many, many hats that MAS wears. MAS is, simultaneously, the lender of last resort, banker to the Government, guardian of inflation, executor of exchange rate policy, promoter of financial development, overseer of financial stability and financial sector regulator. Setting aside how such a multiplicity of objectives may occasionally come into conflict, the many objectives make it difficult for a single regulator to monitor and ensure coherence between them.

Second, in its efforts to foster greater financial sector development, MAS may be more comfortable with allowing banks to experiment with innovations. This is not an issue, on its face, but the risk is that the costs of such innovations end up being disproportionately borne by the end user. Admittedly, supporting banking innovation and entrepreneurship requires some degree of regulatory forbearance, but, by the same token, this may, in turn, foster an aversion towards excessive or overzealous enforcement.

Third, the proof of the pudding truly is in the eating. MAS has not always appeared to be aware of the blind spots, or, if it has, it has been reticent to act quickly and decisively.

In the recent OCBC fiasco, MAS only announced possible supervisory actions against the bank, well after the fact, and in the wake of a public outcry over the matter. And despite well-known security vulnerabilities associated with SMS technology, MAS had continued to permit its use for sensitive functions, such as OTPs or requesting information from customers, and has only advocated the removal of clickable links thus far.

Even if we wish for MAS to retain overall oversight responsibility over the financial sector, as implied by the consolidations weaved into this Bill, it is still reasonable to have an independent consumer financial protection arm, operating within the broader ambit of MAS.

The financial protection arm would receive complaints from the public on consumer finance, such as deposits, mortgages, credit cards, an auto and education loans. It would also examine compliance with regulations, from the standpoint of end-user. In this manner, we will have distinct departments addressing concerns raised by the consumer and producer which, in this case, is the banking sector. A Chinese wall could then shield this body from the various prudential supervision departments.

In the past, there was a market and business conduct department, which ostensibly served the, and I quote, "interests of depositors, investors and policyholders". This may have since been enfolded into the corporate finance and consumer department. In either case, however, these appear to work more with market professionals and possibly sophisticated investors, rather than the retail consumer, nor does the department appear to be empowered to advocate on behalf of the consumer.

But we can go beyond regulation, even the beefed-up kind I have suggested, to introduce outright consumer financial protection legislation. This can be independent of existing regulatory and consumer education efforts.

Some see regulation and legislation as essentially two sides of the same coin. At risk of seeming pedantic, this is a distinction with a difference. Regulation is a function of Government agencies and the domain of bureaucrats, while legislation is debated, deliberated and realised in this House.

Regulation has one clear advantage over legislation: because it falls under the purview of a governmental agency – in this case, MAS – it does not have to undergo the Bills process, it can be more nimble than full-bore legislation. By the same token, however, codifying essential principles into legislation enshrines the doctrines that we wish to remain inerrant and allows them to remain invariant to the vagaries of specific implementation. Just as important, laws embed the democratic process in the way that regulatory machinations never quite can.

Many other jurisdictions have specific consumer protection laws. In the US, the Fair Credit Billing Act was enacted as far back as 1974 and requires prompt written acknowledgement of billing disputes and the investigation of billing errors by creditors. In 2010, the Consumer Financial Protection Act was passed, establishing an independent agency within the Federal Reserve to regulate the offering and provision of consumer financial products. The United Kingdom Consumer Credit Act provides a number of comparable protections and, in the European Union, the Revised Directive on Payment Services encapsulates a number of regulations governing financial service providers, including requiring strong customer authentication for the majority of electronic payments.

Implementing legislation for stronger consumer protection does not absolve individuals of their responsibility to practise good cyber-hygiene. But, at the very least, it will shift the burden of defending against such unscrupulous behaviour away from resting almost entirely on the shoulders of the household and bring businesses, in particular, banks, into the risk-sharing picture as well.

Back in January, MAS announced a framework for the equitable sharing of losses arising from scams. This is surely welcomed and will provide additional clarity on apportioning fraud-related losses. But the framework is far from comprehensive and does not yet address aspects of consumer protection that go beyond scams. And just as we do not rely solely on mediation mechanisms, such as TADM and TAFEP, to fully govern our labour disputes, we can further support consumer rights in finance with appropriate legislation.

If the experience of the United States is any indication, passing a consumer financial protection law would likely lead to financial institutions taking much more care to detect and pre-emptively stamp out instances of phishing and fraud, since losses cannot be immediately foisted off to the customer. Financial institutions would also be more inclined to pursue unauthorised purchases with the merchant and, these merchants, in turn, would be more careful in accepting potentially fraudulent payments, else they lose their right to accept that mode of payment. Rudimentary small-claims insurance schemes would also emerge, with costs often absorbed by the financial institutions themselves.

Will this increase the cost of doing business? Of course. But the point is that the cost of policing e-commerce fraud and theft was always there; it was simply absorbed almost entirely by the consumer. Such a law would spread the risk among all actors in the economy: the buyer, the seller and the financial intermediary. It is an idea whose time has come.

Mdm Deputy Speaker: Mr Derrick Goh.

7.45 pm

Mr Derrick Goh (Nee Soon): Mdm Deputy Speaker, Singapore has established itself as a leading global financial centre. Global reputation aside, our financial sector provides good jobs for over 170,000 residents and has led to many spin-off benefits in our local economy.

With digitalisation speeding up the pace of Financial Sector transformation, it is important for MAS to continue to refresh our regulations to preserve trust and confidence in Singapore’s financial industry. Given the above, I believe that the new provisions contained in the Financial Services and Markets Bill are timely and sound.

It is on this basis that I would like to seek some clarifications on how this Bill will be implemented for the clarity of the public and those in the industry.

On the Harmonised and Expanded Power of MAS to Issue Prohibition Orders (POs) to bar persons in the financial industry. One, presumably, POs will, generally, be issued only if a person has a former, existing or prospective nexus to the financial industry. As the provision of financial services is complex, with many ecosystems, partners, how will proximity be assessed to define nexus? For example, will staff from a financial institutions' (FIs) service providers such as IT vendors, and ecosystem partners, such as e-commerce platforms, be subjected to a PO?

Two, while the basis for streamlining the disparate grounds for issuing POs under the Security and Futures Act (SFA), Financial Advisors Act (FAA) and Insurance Act (IA) into a single fit-and-proper test under section 188 of the Bill is sound, the effectiveness of such a test hinges on how it will be applied. On this note, can the Minister clarify if there will be a retrospective application of such assessments for persons with past misconduct that might not have been caught under the three statutes, but who may be deemed as not fit and proper under the new test? If so, will prohibitions commence from the point of misconduct?

In addition, Singapore has a considerable number of foreign talents partnering our local workforce to deliver cutting-edge financial products and services. Given this, can the Minister clarify if existing and incoming foreign talent will also be subjected to the same due diligence as that for local staff? If so, will there be clearer guidelines on how background checks will be conducted? The reason for this question is that since the misconduct in critical functions could be non-regulated activities, it, therefore, may not be captured in overseas registries. This could impact the effectiveness of the fit-and-proper test for foreign talents.

Three, this Bill has broadened the scope of MAS to issue POs covering activities beyond MAS-administered Acts. This would now include serious misconduct in activities, such as funds management, risk and technology management per section 7(2) of the Bill, which were previously not covered, and for all roles beyond senior management or material risk takers. This puts the Bill and, therefore, all on notice that everyone has a role to play in managing risks. Can the Minister clarify the severity thresholds of a misconduct and how proportionality of misconduct and the prohibitions will apply, since this can be subjective, given different activities? As the risk of any activity is a collective effort of everyone in the value chain from junior staff to senior management, how will MAS assess culpability of a misconduct across the ranks?

I am encouraged that this Bill has instituted safeguards to balance MAS' increased powers. As a person’s appeal must be referred by the Minister to an Advisory Committee selected from a Panel, can the Minister clarify the considerations for independence of the Committee and/or Panel? I ask this as those in the financial industry often share close networks. And section 14 of the Bill provides for panel members to be eligible for re-appointment. Also, in addition to the right of appeal to the Minister, may a person who has been issued with a PO bring his or her appeal case to Court?

Mdm Deputy Speaker, I will now move to the second key aspect of this Bill related to technology risk management. Given the intense competition from fintechs, FIs have themselves been transforming and digitalising their businesses by a combination of outsourcing as well as adopting cutting-edge technologies, such as Software as a Service. In cases where third party cloud-based solutions, such as Amazon Web Services or Google Cloud, are being adopted, it is known as an industry norm that FIs have no ability to conduct independent audits on such providers despite these services being critical. Given these limitations, how will MAS weigh the accountability on FIs should negligence fall on the part of such providers?

On the enhanced regulation for Virtual Asset Service Providers (VASPs), the Bill will plug the gap in regulating entities created in Singapore but providing VA services overseas. I agree that this is important to align our regulations with the standards set by the Financial Action Task Force (FATF) to guard against money laundering and terrorism financing risks.

MAS had in response to a recent Parliamentary Question stated that non-fungible tokens (NFTs) are currently not regulated by MAS, given that the underlying assets are predominantly art and other collectibles, with MAS taking a technology-neutral stance as it “looks through” to the underlying characteristics. Nevertheless, given the rising popularity of NFTs as a store of money and, hence, its susceptibility to being a vehicle for money laundering, such risks can tarnish Singapore’s reputation as a financial hub if uncurbed. Therefore, will MAS consider having oversight of NFTs in this Bill or other existing legislation soon?

Mdm Deputy Speaker, in conclusion, the success of our financial sector is premised upon its integrity and resilience, upheld by sound regulatory oversight. In building a strong local banking system, MAS has adopted a pragmatic approach to manage risks and to foster trust without stifling innovation.

I am confident that this Bill will continue to strengthen oversight of our financial sector. I stand in support of this Bill.

Mdm Deputy Speaker: Mr Louis Chua.

7.53 pm

Mr Chua Kheng Wee Louis (Sengkang): Mdm Deputy Speaker, I would first like to declare my interest as an employee of a financial institution here in Singapore and I also hold a diversified portfolio which includes cryptocurrencies.

One of the key aspects of the Financial Services and Markets Bill relates to enhancing the regulation of virtual asset service providers for money laundering and terrorist financing. In my speech today, I would like to touch on the topic of virtual assets and how this rapidly evolving area of finance is increasingly gaining prominence and relevance globally and, therefore, how Singapore can continue to evolve our approach to stay ahead as a key financial centre of the world.

Two years ago, in late 2020, I spoke about the Payment Services (Amendment) Bill, where I noted then that bitcoin was at a record high of around US$34,000, having risen almost fourfold over the course of 2020, far surpassing the previous high of around $19,800 set around December 2017, just before its precipitous crash in the months after. Many have called bitcoin and cryptocurrencies a massive bubble then and some still do now.

Fast forward to today, bitcoin is now at or around US$46,000 but not without reaching an all-time high of almost $69,000 and a low of $29,000 just within the last 52 weeks alone. Just as how cryptocurrencies are not solely about bitcoin and its rise and fall, virtual assets are not just about cryptocurrencies, and blockchain technology does not just apply to virtual assets. The term "virtual" conveys the sense that it is somehow not as real as, say, physical assets. But today, one's digital identity and persona are perhaps even more significant than those in the physical world. Just ask any influencer who spends most of his or her time in the digital world, be it Facebook, Instagram or even TikTok.

Virtual assets are not solely about individuals buying an NFT to display on their personal social media profiles, however. The chairman of BlackRock, the world's largest asset manager, noted in his recent letter to shareholders that "BlackRock is studying digital currencies, stablecoins and the underlying technologies to understand how they can help us serve our clients". This was also the same person who called bitcoin "an index of money laundering."

At the same time, the Ukraine-Russia conflict also saw the Ukraine government conducting fundraising via cryptocurrencies and NFTs and with Russia also supposedly considering accepting bitcoin as payment for its oil and gas exports. The bottom line is that in the modern world, purely virtual creations can, indeed, have value, so long as enough people accept that to be the case.

If 2020 was seen by the industry players as the year cryptocurrencies were institutionalised, then 2022 is perhaps the year when there is growing recognition of the trajectory of growth in the interconnectedness and skill of digital assets and, certainly, its corresponding implications for global financial stability.

So, the first point I would like to raise is that Singapore and, by extension, MAS as the financial regulator, should strive to take a market leadership role and move expeditiously to facilitate the responsible development of the still nascent but rapidly growing virtual assets industry.

By and large, I do agree that MAS has been proactive in studying the development of this industry very early on. Project Ubin, for example, was announced all the way back in November 2016 to explore the use of blockchain and distributed ledger technology. The final phase of the project concluded in July 2020, but, as pointed out by my colleague, Assoc Prof Jamus Lim during the Committee of Supply debates earlier this year, after expending significant effort and resources to better understand the nature, function and practical operation surrounding the possibility of a digital currency issued by our central bank, the conclusion is that there is no pressing need for its issuance at this time. This was despite several advantages to moving early on the issuance, such as crowding out alternatives, such as unbacked and inherently volatile digital private currencies, through stable, well-designed Central Bank Digital Currencies (CBDCs), allow for the application of more innovative monetary policy, especially with regard to disinflation, and help reduce the incidence of counterfeiting and illicit activities.

As noted in the White House factsheet on US President Biden's Executive Order on ensuring responsible development of digital assets, over 100 countries today are exploring or piloting CBDCs. And, in China, after launching the digital Yuan domestically, such digital Yuan payment services were also introduced to visitors of the recent Beijing Winter Olympics. Given the early stages of most central banks' work into CBDCs, this should be one area in which Singapore can demonstrate global leadership in.

A related point is one which I have raised back in 2020 about the progress made in assessing payment service provider applications and the slow pace at which approvals were given. Subsequently, in response to my Parliamentary Question in July 2021, it was noted that since the commencement of the Payment Services Act, MAS had received over 480 licence applications. However, back then, MAS had not issued any licence to Digital Payment Tokens (DPT) service providers. I note several in-principle approvals since then, such as that for DBS, Independent Reserve, FOMO Pay, Coinhako, TripleA, Paxos, BTC and Hodlnaut. At last count though, I still see 163 companies that are currently on the exemption list. What then is holding the MAS back on approvals or rejections given their wealth of experience gained over the last two years?

The world's largest crypto exchange, Binance, announced in December last year that it has withdrawn its licence application to operate here in Singapore and has since shut down its operations here in February. Shortly after, in March last month, the company was awarded a virtual asset licence from Dubai's recently formed virtual asset regulatory authority and will be helping to set up an international virtual asset ecosystem in Dubai and assist with the development of virtual asset regulations. While it is debatable whether it is a loss for Singapore per se, to be clear, I am not calling for licences to be hastily awarded, but we also need to recognise that there are firms still allowed to operate under a transitional exemption, regardless of their merits, until their applications are approved or rejected. Hence, getting their applications approved or rejected expeditiously not only gets rid of potential bad actors, but allows responsible market players to move forward with their business plans, entrench their operations here in Singapore for the long term and contribute to the vibrancy and innovation in the sector here.

In the MAS 2020 Licencing and Registration Report for Capital Markets Intermediaries, I note that MAS is committed to a four-month timeframe for processing corporate licence and registration applications with the mean and median time taken not too far off from the four-month service standard. Similarly, I hope more resources can be devoted to ensuring that we help to support and facilitate the responsible development of the virtual asset industry in Singapore.

Next, I would like to touch on the ban on marketing and advertising by service providers of DPTs as announced by MAS in January this year. I wonder whether an outright ban unique to DPTs is an appropriate means of protecting consumers and consistent with the approach in which MAS regulates the advertising of other investment products and services.

I acknowledge and agree with MAS' view that the trading of cryptocurrencies is highly risky and not suitable for the general public per se. However, single stock investing is also highly risky in my view. Grab and SEA, for example, among Singapore’s largest companies by market cap, saw their share prices decline 40% to 50% in the year-to-date alone, with SEA down 60% to 70% from its 52-week high.

What I am most concerned with, however, are complex derivative products available to retail investors that even I myself struggle to understand, such as Contracts for Difference (CFDs), which, in itself, is an instrument which is banned for sale to retail investors in the United States and Hong Kong. I recall hearing ads for CFDs on the radio just a few months ago and even reading branded content on The Straits Times about how these products can supposedly allow investors to manage trading risks. Ironic in my view, given that it can be a product with 10 times leverage, with risks of a complete wipe-out of the investment within a short period of time and which is significantly riskier than an equivalent unleveraged financial instrument.

I do not think that having a standard boiler plate, “this advertisement has not been reviewed by the Monetary Authority of Singapore” and long paragraphs of text in fine print are sufficient measures for financial institutions to absolve themselves of their responsibilities towards retail investors. But perhaps advertising by DPT service providers could also come within the scope of the fair and balanced advertising and other advertising restrictions, as covered under the securities and futures regulations and financial advisers’ regulations, with the rules holistically reviewed and finetuned collectively to ensure that all financial market participants do not merely present a one-sided view of potential investment products in their advertisements.

Importantly, more should be done in terms of continuing financial education and improving the financial literacy of the population at large and to help everyone understand the underlying risks and rewards of their investments, be it in Ethereum or equities.

Lastly, no discussion on cryptocurrencies is complete without an appreciation of the money laundering and terrorist financing risks it presents. To this end, I note that the Bill will align the scope of digital token services to the enhanced Financial Action Task Force (FATF) standards. MAS has already implemented the so-called “travel rule” since early 2020, and even though many DPT service providers may still be operating under an exemption, many have already progressively requested for originator and beneficiary information to be provided.

However, I note that under the MAS Notice PSN02 Prevention of Money Laundering and Countering the Financing of Terrorism – Digital Payment Token Service, value transfers exceeding S$1,500 would require personally identifiable information, such as residential addresses, identity card numbers and so on. Would MAS end up being inundated with transactional data, given the low threshold, and how would MAS manage the risks of having questionable transactions slip through the cracks versus being overwhelmed with data which could end up expending resources to investigate too many suspicious transactions which were flagged out, which could otherwise turn out to be legitimate?

To further clarify, would major payment institutions licensed and regulated under the Payment Services Act be required to be separately licensed once again, now that the FSM Bill will regulate all virtual asset service providers created in Singapore that provide such services outside of Singapore?

At the Singapore FinTech Festival in November last year, MAS Managing Director Ravi Menon spoke about crypto-based activities, noting that “not to get into this game, I think risks Singapore being left behind. Getting early into that game means we can have a headstart and better understand its potential benefits as well as its risks.”

I would argue that we had a head start, but many other financial centres across the world are fast catching up or arguably have already caught up. It is thus important that we remain open-minded and forward-looking in addressing the opportunities and risks in this rapidly evolving area of finance, facilitate the responsible development of the industry here in Singapore while proactively addressing any threats to financial stability. With that, I support the Bill.

Mdm Deputy Speaker: Prof Hoon Hian Teck.

8.05 pm

Prof Hoon Hian Teck (Nominated Member): Mdm Deputy Speaker, through their role in financing new ideas, the development of sound financial markets plays a central role in supporting a dynamic economy that is capable of delivering good jobs with good pay. However, fundamental to the development of sound financial markets is the maintenance of integrity of institutions and the personnel supporting these institutions in the face of technological disruptions and extensive cross-border capital flows.

Concerning personnel, the Financial Services and Markets (FSM) Bill introduces a harmonised and expanded power to bar persons from holding key roles and conducting certain activities in financial institutions for a period of time in cases of serious misconduct.

Concerning cross-border activities, the FSM Bill will regulate all virtual asset service providers created in Singapore that provide virtual asset services outside of Singapore.

Concerning technology risk management, the FSM Bill sets a maximum penalty amount for breaches to IT systems that lead to disruptions in the provision of financial services.

Finally, the FSM Bill provides statutory protection to mediators, adjudicators and employees of an approved dispute resolution operator in the execution of its duties.

The question is: why does it matter that we have a fit-for-purpose regulatory framework that supports integrity of personnel and financial institutions and is resilient to technological disruptions and increased cross-border activities? I suggest that there are two reasons that it matters.

First, a regulatory framework that supports the integrity of personnel and financial institutions leads to trust. The facilitation of financial intermediation that will benefit both customers and investors in the modern economy requires a system of secure property rights that remains appropriate under different circumstances.

In the current era, digital transformation has the potential to disrupt the way businesses are conducted even while it provides new opportunities for customers. While there exist incentives for private enforcement when parties that are engaged in financial transactions have repeated interactions over time, the new digital world of more anonymous transactions may require public enforcement, such as through financial sector-wide regulation encapsulated in the FSM Bill, to protect the rights of parties to a financial contract.

Investments, typically, carry a degree of uncertainty. In order to attract funds to risky ventures, individuals or firms undertaking them have to promise their investors a risk premium. The FSM Bill, in seeking to develop an appropriate financial system to suit current circumstances, enables financiers operating from Singapore to reduce the risk premium required of a borrower by spreading the risk across a larger number of investors.

The problems of adverse selection and moral hazard inherent in financing can be mitigated by the wider availability of information that investors have about borrowers, leading to the wider availability of credit at lower risk premiums. To achieve this, it is necessary that managers and personnel working in the financial industry be trustworthy.

Second, with extensive cross-border capital flows, maintaining a good international reputation delivers important benefits. Having foreign capital and financial institutions in Singapore can help to lower the cost of capital. By promoting competition with the domestic financial sector, it can also improve the allocation of capital to productive uses. In addition, firms that serve overseas customers and investors reap the benefits of economies of scale. Establishing a good reputation shapes the expectations of market participants and increases their confidence in making financial transactions across international borders.

With the end of what is called the first Age of Globalisation that coincided with World War I, there followed a period of disruption to international capital flows and global trade in goods and services. However, there soon emerged a second Age of Globalisation that started roughly in 1960 and has continued to the present. While the emerging geopolitical tensions may, ultimately, lead to a new international economic order, it seems fair to say that our existing law and institutions should still be structured to harness the advantages that financial globalisation can deliver.

The provision in the FSM Bill to regulate all virtual asset service providers created in Singapore that provide virtual asset services outside of Singapore helps us to maintain a strong international reputation as a financial centre.

Mdm Deputy Speaker, financial institutions connect savers to borrowers and are essential to a well-functioning economy. For people to be willing to participate in a financial market, they must perceive it to be safe and secure. Regulators of the financial system must, therefore, make and enforce the rules to protect both customers and investors. The FSM Bill seeks to ensure this through maintaining the integrity of institutions and the personnel supporting these institutions in the face of technological disruptions and extensive cross-border capital flows. I support this Bill.

Mdm Deputy Speaker: Mr Don Wee.

8.12 pm

Mr Don Wee (Chua Chu Kang): Mdm Deputy Speaker, I would like to focus on how the regulation of Virtual Asset Service Providers (VASPs) will be enhanced.

Considering the potential of a virtual asset to be used for money laundering or terrorism financing (ML/TF) due to its anonymous nature, I strongly support the measures to strengthen regulation of this asset class for Anti-Money Laundering and Combating Financing of Terrorism (AML/CFT). These steps are necessary. MAS’ future strategies will be informed by the close supervisory interactions with stakeholders in a rapidly evolving sector.

The measures proposed in the Bill should be implemented quickly so that potential investors in our market will not be in a position of jurisdictional arbitrage which may be disadvantageous to the Singapore market. Investors and talent will be drawn to countries seen to be more accepting and supportive of this asset category, such as Estonia, Germany or the United Kingdom.

Presently, entities in the business of VAs here are subject to the Payment Services Act where the VAs are considered digital payment tokens. VAs are subject to the Securities and Futures Act or the Financial Advisers Act where the products are capital market products. The Bill seeks to plug the gap of regulating entities created in Singapore while providing VA services overseas as a new class of financial institutions.

Moving forward, would the Ministry or MAS consider setting up a new category of market licence for VASPs and digital currency exchanges? Their regulatory standards should be comparable to those for licensed securities brokers and automated trading venues. This is in order to build a simple, secure and accessible digital assets ecosystem that will support VA investment in Singapore, while mitigating potential risks.

I propose a risk-based approach for the regulatory framework to identify digital asset services that pose sufficient risk to warrant regulation and where such risks are crucial to address.

Issues, such as the safe custody of assets, know-your-client (KYC) requirements, AML/CFT, market manipulation, accounting and auditing, risk management, conflicts of interest and the acceptance of virtual assets for trading, must be addressed.

MAS should require VA trading platforms to adopt an operational structure and use technology to offer client protection which is equivalent to traditional financial institutions in the securities sector.

On the other hand, the market licence specifically for those service providers should not impose onerous obligations that might cause these businesses to be forced out by larger international operators which have services provided both physically and virtually.

We need to be mindful of ensuring a level playing field for VASPs. For example, any application of the existing financial services regulatory regime to digital asset businesses that would require compulsory professional indemnity insurance should take into account the current lack of availability of such insurance for digital asset service providers. That is, implementation of a regulatory regime where compliance is not possible, has the same effect as an outright ban on these activities.

As virtual asset trading platforms interface directly with the Singaporean public, MAS should, therefore, accept licensing applications from platform operators who are committed to and capable of complying with the expected licensing criteria and continuing conduct requirements. In addition, the licensee must obtain MAS' prior written approval for any plan or proposal to introduce or offer a new or incidental product, service or activity, or to make a material change to an existing service or activity.

MAS should require a platform operator to establish and implement written internal policies and governance procedures to ensure compliance with requirements concerning the custody of virtual assets. A platform operator should also have adequate processes in place for handling requests for deposits and withdrawals of clients' virtual assets to guard against loss arising from theft, fraud and other dishonest acts, professional misconduct or omissions.

Singaporean consumers require confidence that they are able to access the products and services they desire at home, via legally regulated and compliant professionals, rather than by seeking out risky services in unregulated locations.

Any regulation of virtual asset service providers should be designed to ensure the following points are considered: minimum capital requirements; audit certificate/external assurance of custodial procedures; segregation of customer and operational funds; annual compliance requirements; being managed by a responsible person with adequate experience; proper segregation of participants' assets and private keys from the marketplace's own assets; appropriate record keeping; maintenance of policies and procedures.

Other considerations. The development of VAs will provide many new opportunities, including those in Singapore's technological sector, which can translate into more high-skilled jobs and growth-oriented investments, if the right balance is struck by the Government in approaching regulation.

There are opportunities for the larger accounting or audit firms, too. Established insurers and their brokers also need to be more open to providing insurance coverage and services for the virtual asset industry. Furthermore, a number of traditional financial institutions are seeking to develop their own cryptocurrencies on private blockchains to enable the instantaneous and cross-border transfer of payments.

To support Singapore Green Plan 2030, I suggest that businesses conducting digital asset "mining", or similar activities, should receive some form of tax incentives if they source their own renewable energy for their activities. Such tax incentives will enable Singapore to become a global leader in green crypto-asset mining. Mdm Deputy Speaker, in Mandarin.

(In Mandarin): [Please refer to Vernacular Speech.] Lastly, our Singapore Police Force must be well-situated to understand law enforcement priorities and strategic objectives in this area. Its collaborative relationship with MAS is a key strength. Our authorities should upgrade their IT analytical tools to better exploit the potential of financial artificial intelligence to detect criminal activity by persons who are not already of interest to law enforcement, and to take advantage of reports on international funds transfers and large cash transactions.

(In English): I support the Bill.

8.19 pm

Ms Janet Ang (Nominated Member): Mdm Deputy Speaker, Singapore is the fifth most competitive financial centre in the world after New York, London, Shanghai and Hong Kong, according to the 2021 Global Financial Centre Index. Singapore ranked highly in all five areas of competitiveness: business environment, human capital, infrastructure, financial sector development and reputational metrics. The International Monetary Fund (IMF) reaffirmed in 2019 Singapore's financial sector oversight to be "among the best globally" and noted that MAS has struck a good balance in fostering financial innovation while strengthening regulatory oversight.

The exciting development since 2015 has been in the space of fintech. Singapore has a vibrant fintech ecosystem with over 1,100 fintech firms serving consumers, businesses, and financial institutions across the different asset classes. Global financial institutions have also set up innovation labs in Singapore to tap on the ecosystem here. And fintech investments in Singapore also increased nearly six-fold year-on-year since 2015. I congratulate MAS and our financial services institutions for enabling Singapore to "punch above our weight".

It is, therefore, imperative for Singapore, as a leading financial services centre, to be plugged in, into the latest developments, including digital currencies, crypto, digital tokens, NFTs, metaverse and the like. These technologies disrupt but also offer immense opportunities for the industry and the markets at large.

With the proliferation of these technologies, there are risks of money laundering, terrorism funding, corruption and fraud, black market money supply and scams.

In view of the changing landscape in the financial services and market space, it is important that the Singapore financial sector oversight consider the proliferation of fintech and non-traditional financial institutions and service providers and include their activities under MAS' regulatory ambit.

The industry, including the Singapore FinTech Association, welcomes the FSM Bill. They participated in the consultation and are supportive of this Bill and welcome the increase in transparency and accountability of all players, whose activities fall under the prescribed MAS' activities regulated or to be regulated. They would like to request that MAS publish the clarifications from the consultation as frequently asked questions, or FAQs, on the website so that they can all refer to it.

In relation to the proposal to regulate digital token service providers created in Singapore but carrying on a business of providing any type of digital token service outside Singapore, we understand that these digital payment token service providers must be licensed or registered in the jurisdiction where they are created and that "without imposing this requirement globally, regulatory arbitrage could occur where no single jurisdiction has sufficient regulatory hold over a specific digital payment token service provider". We do seek clarification as to how a digital token service provider that falls within this category but is, in fact, already licensed and regulated in its overseas jurisdiction of operations, will be regulated by MAS. There is a concern that such double-regulation by two regulators may result in excessive compliance obligations and costs.

In addition, we note that the activity of providing advisory services relating to the offer or sale of digital tokens will be covered by the new legislation. The definition of "digital tokens" covers, one, both digital payment tokens, for example, bitcoin and ether; and, two, digital representations of a capital market product, that is, tokenised shares and bonds.

Following from this, digital token service providers created in Singapore but carrying on a business of providing advisory services relating to the offer or sale of digital payment tokens outside Singapore, will need to be licensed in Singapore, pursuant to the FSM Bill.

However, would digital token service providers created in Singapore and undertaking the same business in Singapore need to be licensed in Singapore? I ask this question as the provision of advisory services relating to digital payment tokens is not currently regulated under the Payment Services Act 2019 or under the Financial Advisers Act 2001. These Acts would apply to businesses carrying on the business of providing regulated services in Singapore.

On the other hand, the FSM Bill appears to cover Singapore businesses carrying on the business of providing regulated activities outside Singapore. There appears to be a regulatory gap where a Singapore-incorporated entity carrying on a business of providing advisory services relating to the offer or sale of digital payment tokens outside of Singapore needs to be regulated under the FSM Bill but a Singapore-incorporated entity doing exactly the same activity but carrying on the business in Singapore, need not be licensed. Can MAS please clarify?

Technology will continue to transform the financial services sector, affecting how organisations operate and how consumers conduct banking and financial activities. New advancements in the banking and fintech industries will also impact the type of skills, talents and job roles needed. Skills across the board will need to be upgraded, both on the operations side as well as the governance and compliance side. What are MAS' plans to enhance the skills and competencies of the financial services industry as well as the skills required in the ecosystem, from auditing to risk compliance to legal and insurance?

With the FSM Bill, MAS will have oversight of entities that deal with any potential alternative to the fiat currencies and "money supply". This is a welcome move as we have witnessed the speculative nature of bitcoins and cryptocurrencies. How will MAS ensure that the general public in Singapore do not fall prey to scams involving bitcoins and the like?

Bitcoins and cryptocurrencies are built on blockchain technology. Blockchain technology innovation offers the fidelity and security of data records and there are many useful use cases beyond cryptocurrencies and digital tokens for payments, for example, digitised bills of lading, certificates of origin and so on. Implementation of these use cases have the potential of reinventing supply chains and dramatically taking productivity to a different level. It is good to see that MAS continues on the twin pursuit of strong regulatory oversight and excellence in innovation for the sector. Initiatives like DBS' Digital Exchange (DDEX) and SGX's Climate ImpactX are all to be applauded. There will be new skills and new capabilities built in the industry even as we continue to exercise prudence in technology risk management.

Mdm Deputy Speaker, I stand in support of the Financial Services and Markets (FSM) Bill.

Mdm Deputy Speaker: Mr Alvin Tan.

Resumption of Debate on Question [4 April 2022], "That the Bill be now read a Second time." – [Prime Minister].

Question again proposed.

Mr Speaker: Mr Yip Hong Weng.

11.30 am

Mr Yip Hon Weng (Yio Chu Kang): Mr Speaker, Sir, as a global financial hub, Singapore must stay abreast of the rapidly evolving financial landscape. Today, technology has led to a rapid increase and innovation in new financial products and assets. Conversely, the risks and challenges of managing these products and assets as well as the financial institutions and persons involved have also heightened.

I support the consolidation and enhancement of the regulatory powers under this Bill to address the challenges. I believe that this will lead to a more holistic and comprehensive management of the financial services sector. I have several queries on the Bill.

First, Mr Speaker, Sir, can the Minister provide further clarification on the Harmonised and Expanded Powers to Issue Prohibition Orders (PO)?

If a person has been placed on a watchlist or issued something of equivalence to our PO by an overseas jurisdiction, would they be issued a PO here by default? This will facilitate various national regulators to better work together to maintain the integrity of global markets.

The Bill also states that persons who have been issued a PO may be, amongst other things, prohibited from becoming a substantial shareholder of a financial institution. Will it be an offence to wilfully assist the PO individual to evade the PO?

Even with the PO, it is not difficult for seasoned fraudsters to set up their theatre here, with actors and props in tow. Take, for example, the recent case of a blockchain company that is being investigated for cheating offences. One of the key personnel was previously convicted for commercial crimes.

Usually, these cases only come to light after some of our citizens are cheated by these individuals. Such incidents would make a mockery of our regulators in the way we oversee such theatrics.

More than just putting up regulations and by-laws, we should look at the gaps in how we allow businesses to get registered. Ever so often, we hear of bank account holders being flagged up and put through a lot of queries over the sources of funds in their own bank accounts while the real sharks swim away after gnawing an arm or a leg.

In sum, we need a more proactive enforcement of our laws and licensing conditions. This has to be in addition to more effective oversight and not just closer monitoring of our financial institutions.

Notwithstanding the above, I am pleased that the Bill, in its provisions, for example, clause 174, expressly allows for the prosecution of directors and individuals involved in the management of the corporation for offences committed by corporations. This is a clear signal to fraudsters that there is no hiding behind the corporate veil. It is also broad enough to prosecute fraudsters who often avoid registering themselves as officers of corporations.

Second, Mr Speaker, Sir, can we further enhance and streamline the regulation of virtual asset service providers (VASPs) to better manage money laundering and terrorists financing risks, or AML/CFT?

I note that MAS does not intend to regulate non-fungible tokens (NFTs) for now. However, the NFT market is vulnerable to money laundering activities.

In a recent study, the US Treasury Department revealed that NFTs may become a tool for money laundering in the high-value art market. Recent sales of high-profile art pieces involving NFTs have sold for millions, indicating that this art sector has reached similar valuations as traditional art mediums.

These art sectors using NFTs are popular vehicles for illicit financial flows. NFTs can even be used to conduct self-laundering. In this scenario, criminals may purchase a NFT with illicit funds and proceed to transact with themselves to create records of sales on the blockchain and wash the cash clean.

I have asked several NFT-related Parliamentary Questions previously, given these concerns. Member Derrick Goh had also spoken about this yesterday.

Can the Ministry clarify how the possible risks of AML/CFT through NFTs are addressed under this Bill? Can NFTs be brought into the definition of virtual assets so that the new rules will be applied equally to NFTs?

I note the specification that the Bill covers VASPs created in Singapore or carrying on business of providing digital token services from a place of business in Singapore. What about foreign digital token services which provide virtual assets activities within Singapore?

I would also propose that we further streamline the capture of licensees under this Bill. MAS has explained that if a VASP is already licensed, exempted from licensing or required to be licensed under the relevant provisions in the Securities and Futures Act, Financial Advisers Act or Payment Services Acts, then it need not be licensed under the Financial Services and Markets Act (FSMA). Is it not possible to consolidate all of these licences under one omnibus Act?

Third, Mr Speaker, Sir, how often will the maximum penalty of $1 million be meted out for technology risk management lapses?

The technology sector progresses rapidly and funds flow in copious amounts daily. A 2018 International Monetary Fund (IMF) report stated that projected cyber attacks were costing financial institutions at least $100 billion globally on an annual basis. This figure would likely have risen with the sharp rise in technology progression and cybersecurity breaches in recent years.

In this connection, financial institutions often have significant funds. Also, inflation would degrade the deterrent effect of a fixed financial penalty. As such, how often will the range of financial penalties set out in the Bill be amended?

Lastly, Mr Speaker, Sir, will there be exceptions where the statutory protection will not be in effect, even with the absence of wilful misconduct, negligence, fraud or corruption?

I support the provision of Statutory Protection from Liability clauses in the Bill. This will encourage mediators, adjudicators and dispute resolution employees to conduct their duties with greater confidence and autonomy, which are important for successful mediation.

In conclusion, Mr Speaker, Sir, as a top financial services centre and fintech innovation hub, we must stay ahead of the various challenges and developments in the industry. Singapore has built up a strong global reputation for reliability and resilience. This remains unwavering even in the face of recent global crises.

Swarths of capital and data from all over the world flow through our nation every day. We must continue to review our legislation on a regular basis to ensure that they remain robust and adequately comprehensive to support developments in our finance sector. I support the Bill.

Mr Speaker: Mr Louis Ng Kok Kwang.

11.37 am

Mr Louis Ng Kok Kwang (Nee Soon): Sir, this Bill consolidates and increases MAS' powers. In doing so, it empowers MAS to take a comprehensive sector-wide approach to risk management and enforcement action.

I thank MAS for holding a public consultation in preparation for this Bill in January 2020 and for incorporating some of the feedback into the Bill. I have three points of clarification to raise.

My first point is on the checks and balances against MAS' issuance of prohibition orders (POs). The Bill allows MAS to issue POs to persons based on MAS' fit and proper criteria. POs are extremely powerful. They restrict things as significant as shareholdings and as granular as business activity. They can end livelihoods and shut down companies. Given the drastic nature of this enforcement action, it seems fair that MAS should, at least, explain the basis of such actions.

My question is this: why does the Bill not require MAS to publish an explanation for its imposition of POs? Clause 11 requires MAS to only give notice for and publish the PO. But it is entirely optional for MAS to explain its decision. In my view, MAS should be required to explain the rationale of its decision. It should, at least, state the category of fit and proper test criteria that the person has failed. To begin with, it seems only fair that we tell people why they are being punished. In addition, it would strengthen the mechanisms of accountability.

The Bill imposes two checks on MAS' issuance of POs. First, MAS is obligated to hear out the subject of the PO. Second, the person can write an appeal to the Minister for Finance. In both cases, the process of justice would be strengthened if the person knows what he is being punished for. For example, if MAS explains that its PO is being issued due to a person's lack of financial soundness rather than due to dishonesty, that person could then present relevant evidence to the contrary.

My second point is also about accountability in the issuance of POs. Appeals are one key accountability mechanism for POs. The Bill requires that the Minister considers the written report of the appeal advisory committee when deciding on these appeals. Can the Minister share why the committee's written report is not required to be published for the public?

The committee has broad disruptive powers. They can summon anyone to give evidence on oath and to produce any documents deemed necessary. The committee's work thus affects not only the person issued the PO but also, potentially, a whole array of other people. Given the extensive impact of the committee's work, it is not clear why their report should be shrouded in secrecy. Publication of their written report would provide important context on the Minister's decision and ensure that these inquiries are held in a professional and appropriate way.

My final point is on notices provided to financial institutions for POs issued and varied. MAS has stated that it will directly notify a person who is subject to the PO as well as the person's employer of the PO issued. Can the Minister clarify whether MAS will also notify the individual's employer if the individual's PO is later varied?

In addition, how will MAS help ensure that financial institutions are notified in a timely manner when their service providers are issued a PO or have their PO varied? After all, financial institutions, typically, conduct due diligence checks on their service providers only at specific junctures. Until they conduct such checks, they may not know that their service providers have been issued POs or have had their POs varied. It will be helpful to financial institutions if MAS can ensure PO issuances and variations are promptly communicated to financial institutions.

Sir, notwithstanding these clarifications, I stand in support of the Bill.

Mr Speaker: Minister of State Alvin Tan.

11.41 am

The Minister of State for Trade and Industry (Mr Alvin Tan): Mr Speaker, Sir, I thank the Members who have shared their views on the Bill and for their support for it. Members' comments and queries can be categorised into a few buckets and I will address them in turn.

Mr Don Wee, Mr Saktiandi Supaat, Mr Yip Hon Weng and Ms Janet Ang have raised questions on the scope of regulation of digital assets. Let me deal with these collectively.

MAS adopts a technology-neutral regulatory approach that focuses on the nature of the activity and the risks involved. VASPs, or what we term as digital token service providers in Singapore, DT service providers, are, therefore, regulated, based on the type of activity they conduct.

Correspondingly, where DT service providers deal in digital payment tokens, this could be a payment activity under the Payment Services Act. Where they deal in or provide financial advice on capital market products, their activity would fall under the Securities and Futures Act (SFA) or the Financial Advisers Act (FAA).

These Acts are periodically reviewed to ensure that they remain fit-for-purpose and are in line with international norms.

In most cases, DT service providers that incorporate or establish a place of business in Singapore do so to provide DT services in Singapore. They will be subject to the laws in Singapore. Similarly, foreign DT service providers that provide DT services in Singapore will also be subject to the laws in Singapore.

Some of these businesses may also provide services in foreign markets and they would be expected to adhere to the rules that apply in the foreign markets where they operate. For instance, DT service providers that provide services in relation to capital market products in foreign countries would be subject to the rules imposed by the capital market regulators in the foreign countries concerned.

MAS has cooperation arrangements with foreign regulators to ensure effective cross-border regulation. This approach is similar to the regulation of traditional capital market products that are not tokenised. It is, generally, not necessary to impose additional requirements on a business that is created and operating in Singapore if it does not provide services in Singapore.

Nonetheless, we recognise that there may be reputational risks to Singapore in respect of DT service providers created in Singapore but that provide DT services overseas – for instance, those involved in digital payment token or cryptocurrency activities, if they are found to facilitate money laundering activities.

It is for this reason that the new rules, which primarily relate to anti-money laundering and counter-terrorism financing requirements, are proposed in the FSM Bill. I would highlight that the FSM Bill also contains provisions that enable MAS to impose requirements across the financial sector to address money laundering and terrorism financing (ML/TF) risks.

Mr Saktiandi Supaat asked whether MAS has considered carving out DT service providers from licensing and regulation under the FSM Bill if they are already regulated in another jurisdiction which enforces the FATF standards. Ms Janet Ang raised a similar question as well. There may be differences in the implementation and enforcement of these standards even as countries accept and adopt the enhanced FATF standards. DT service providers created in Singapore but providing their services outside of Singapore still pose reputational risks to Singapore. Hence, regulating this group of DT service providers under the FSM Bill for ML/TF risks will mitigate these reputational risks.

Nonetheless, in response to comments made by Mr Saktiandi Supaat, Ms Janet Ang as well as Mr Louis Chua who had also asked about the scope of regulation, it is not the intention of MAS to subject a DT service provider who is regulated under another Act administered by MAS, to regulation under the FSM Bill, in respect of the same DT services. Where the DT service provider is already regulated by MAS under the Payments Services (PS) Act, the SFA or the FAA, for provision of DT services, such an entity does not need to be additionally licensed under the FSM Bill.

Mr Saktiandi Supaat spoke also on the need to protect local consumers and markets from risks stemming from digital tokens, including those provided abroad, other than ML/TF risks. Ms Janet Ang also raised concerns over the speculative nature of digital tokens and the need to educate the public. These are all valid concerns.

MAS has repeatedly warned the public on the risks of investing in digital tokens, such as digital payment tokens or cryptocurrencies, which would include the commonly known Bitcoin, for example. The prices of such digital payment tokens are not anchored on any economic fundamentals and are subject to sharp speculative swings.

Nonetheless, MAS is aware that there will continue to be people who choose to take these risks. MAS is monitoring the adoption of digital payment tokens in Singapore and will consider if user protection measures are needed. However, even with user protection measures, it is just not possible for laws to protect against investment losses, especially for consumers who choose to seek investment opportunities overseas or online.

Thus, consumer education and awareness remain key, as the best defence is a discerning public. MAS and relevant Government agencies have been and will continue to raise public awareness, including advising the public to not deal or invest with unregulated entities or investment products.

On Mr Louis Chua's suggestions relating to marketing activities of digital payment token service providers, MAS has issued guidelines in January this year outlining that digital payment token service providers should not market their services in public areas in Singapore, or engage third parties, such as social media influencers, to do so. They can continue, however, to promote their services on their own corporate website, mobile applications, or official social media accounts. However, they must not portray the trading in digital payment tokens in a manner that trivialises the associated risks. And this complements our continued consumer education efforts I mentioned earlier.

Mr Derrick Goh and Mr Yip Hon Weng asked if MAS will consider regulating non-fungible tokens (NFTs) given its rising popularity and its susceptibility as a vehicle for money laundering. NFTs, in its current form, are often digital representations of arts and other collectibles, which are not financial products subject to MAS regulation. As I have earlier mentioned, the FSM Bill will cover digital tokens that are either: one, a digital payment token; or two, a digital representation of a capital markets product. So, any digital token that meets the characteristics of a digital payment token or a capital market product could be subjected to regulation by MAS.

In response to Mr Don Wee's point on the need for agencies to better identify criminal activity in this space, MAS has increased surveillance of the digital tokens sector, to identify suspicious networks and higher-risk activities for further supervision, and they have established clear procedures with the Singapore Police Force (SPF) for collaborative enforcement action. All DT service providers must monitor transactions and file suspicious transaction reports with the Suspicious Transaction Reporting Office.

To more effectively combat cryptocurrency scams and crimes, the SPF established the Cryptocurrency Task Force in 2018 to monitor the cryptocurrency landscape and also to develop and improve operational procedures in the investigation and seizing of cryptocurrencies and establish working relationships with overseas law enforcement agencies, industry professionals and academic experts in cryptocurrencies. The Cryptocurrency Task Force works closely with MAS and has links with the Association of Crypto Currency Enterprises and Start-ups Singapore (ACCESS), which is a Cryptocurrency and Blockchain Industry Association.

SPF also works with the various cryptocurrency exchanges based locally and abroad to investigate cryptocurrency crimes. SPF takes a serious stance against any person who may be involved in cryptocurrency scams and crimes and perpetrators will be dealt with in accordance with the law.

Mr Louis Chua then also asked about the progress of licence applications for digital payment token (DPT) service providers under the PS Act. MAS has received over 580 licence applications to date and has completed the review of close to half of these applications thus far.

All applications go through a rigorous application process. Applicants will know that MAS sets a high entry bar and commits time and resources to engage the applicants and scrutinise the applications, making sure that they are able to meet the required standards for managing ML/TF and technology risks before we approve their applications. Applications that do not meet the standards or are incomplete will, naturally, need more time to review.

Mr Louis Chua also asked about the travel rule or the value transfer requirements in MAS' Notice PSN02 applicable to DPT service providers. MAS will impose similar AML/CFT requirements to a DT service provider licensed under the FSM Bill.

Mr Louis Chua asked whether MAS would be inundated with transaction data, given the threshold of $1,500 to obtain certain information of the originator and beneficiary in a value transfer. Contrary to Mr Louis Chua's understanding of the travel rule, there is actually no requirement for the originating DPT service providers to report this information to MAS. Rather, they are required to relay the information to the beneficiary DPT service providers, for them to also conduct necessary screening for nefarious actors. The threshold of $1,500 is also aligned to the international standards for such cross-border transfers.

Ms Janet Ang also asked if there is a regulatory gap, as financial advisory services related to digital payment tokens offered outside of Singapore will be regulated under the FSM Bill, but the same service offered in Singapore is not regulated under the PS Act. These financial advisory services are provided more often for capital market products and, in this respect, the FSM Bill places the same AML/CFT requirements on them as if they had been offered in Singapore. As for digital payment tokens, we will continue to study whether there is a meaningful presence of service providers that solely provide these advisory services. Where entities provide these services along with other regulated services, such as dealing in, or facilitating the exchange of DPTs, they are already scoped into the PS Act.

I will next move on to the second bucket which is questions that Members raised related to technology risk management (TRM).

Mr Derrick Goh asked how MAS will weigh the accountability on FIs should negligence fall on the part of their cloud service providers, considering that many FIs have no ability to audit such providers. MAS expects FIs to perform adequate due diligence on all third parties they engage. FIs remain responsible for any disruption that results from their service providers' negligence. And in determining the action to take against an FI, MAS will assess the impact of the breach, the extent to which necessary controls had been implemented to manage the outsourcing risk as well as to comply with MAS' requirements and remediation efforts.

Mr Yip Hon Weng asked how often the maximum penalty of $1 million per breach of a TRM requirement will be meted out for TRM lapses. He mentioned that, with inflation, a fixed financial penalty might not be a good deterrent. He also asked how often the financial penalties would be amended.

In the event of a breach of TRM requirements, MAS will assess the breach to determine the appropriate course of action. A maximum of $1 million could be imposed by the Courts for each breach of MAS' TRM requirements. This means that where there are multiple breaches, the penalty that could be imposed by the Courts on the FI could be higher. This new maximum penalty is a significant increase from the current penalties under the various Acts administered by MAS.

In addition, MAS has the powers to take other supervisory actions, including requiring FIs to set aside additional regulatory capital until adequate measures have been put in place to address the control lapses or deficiencies. The financial penalty, coupled with the flexibility to impose additional supervisory actions, strikes a balanced approach which signals the importance of having robust TRM without being overly excessive for smaller FIs which Members have also asked about. As with other Acts which MAS administers, MAS will review and adjust the penalty framework under the FSM Bill, as necessary.

Mr Saktiandi Supaat suggested that MAS consider requiring prospective licensees to present adequate cybersecurity plans as a condition for granting licences.

Currently, when MAS assesses an application for a licence, MAS already considers factors, such as the adequacy of the applicant's cyber hygiene measures, data protection controls and the level of compliance with MAS' TRM guidelines. Applicants that do not meet the requisite requirements will be rejected or given a conditional approval and such applicants will, eventually, still need to meet the requirements before they are allowed to offer their services.

Mr Saktiandi Supaat also referred to the PDPC's regulatory approach which considers the culpability of the offender when determining the appropriate enforcement actions. In accordance with MAS' current practice, MAS will take into account the nature of the breach of the TRM requirement, the specific circumstance of each case, the culpability of the offender and then calibrate supervisory action to ensure that they are appropriate and fair.

Assoc Prof Jamus Lim cited the rising trend of scams and the need for a consumer protection law to ensure that FIs do more to protect consumers. The points he raised are not directly related to the Bill but I will briefly address them here.

On the issue of combating scams, MAS, MCI and MHA have made three Ministerial Statements on 15 February this year to explain how the Government is undertaking a comprehensive approach to counter the threat of phishing scams.

For the financial sector, Minister Lawrence Wong had elaborated at length on the measures by MAS and the banking industry, including measures that retail banks had implemented immediately and further measures which would be implemented to strengthen banks' ability to deter, detect and combat phishing scams. Minister Lawrence Wong also highlighted that MAS was working with the industry to review the use of SMS to deliver one-time-passwords (OTPs) and also develop a loss-sharing framework to ensure an equitable sharing of losses for scams, based on the extent to which parties have fulfilled their responsibilities. For the sake of time, I will not repeat the points here.

On the experiment relating to PayNow, it is stated in the PayNow scheme rules that transaction signing, through the use of OTPs or other two-factor authentication methods, is required for transactions above $1,000. All banks offering PayNow are required to adhere to this. Where a customer has installed and then activated a digital token in his or her mobile banking application, the digital token performs transaction signing in the background of the application, a process that is not obvious to the customer. MAS will reach out to Assoc Prof Jamus Lim to seek clarity on the facts relating to the PayNow experiment and the instance of the credit card limit being exceeded.

On Assoc Prof Jamus Lim's points in support of a consolidated legislation to address consumer protection, let me clarify that there is no conflict between MAS' supervisory mandate and its role in consumer education and protection. MAS recognises that the core role of the financial sector is to serve the economy, businesses and consumers. To do so, public confidence in financial services and FIs must be safeguarded. MAS sets out both prudential and business conduct standards for FIs, and expect them to operate safely and deal fairly with their customers. Both reinforce public confidence in FIs and the services that they provide.

MAS has been able to effectively implement these standards and expectations through a mix of legislation, legally binding regulations and notices, as well as guidelines that are specific to the activities and risks in the different segments of the financial sector. This approach ensures that the requirements are relevant for the said regulated activities. For instance, banks are required to implement IT controls to protect customer information from unauthorised access and also the contravention of which can attract penalties.

Where consumers find themselves in a dispute with an FI that cannot be settled, MAS has provided consumers an avenue to seek recourse at a low-cost independent dispute resolution body – I mentioned yesterday in the FSM Bill – the Financial Industry Disputes Resolution Centre Ltd (FiDReC). Given these, there is no need to have a single consumer protection law for financial services.

But I want to assure the Member that MAS continues to place a high priority on consumer education and protection. The functions that Assoc Prof Jamus Lim spoke of under the Market and Business Conduct Department continue to be taken up by the Market Conduct Policy and Consumer Issues Divisions.

I will next move on to the prohibition order (PO) framework, of which we received many questions from Members.

Mr Derrick Goh asked how proximity will be assessed in determining whether a person has a nexus to the financial industry and whether staff from an FI’s service provider will be subject to a PO. Proximity will be assessed in light of the policy objectives of this new PO powers, namely, to protect the financial industry, customers and investors against persons who have demonstrated, by their misconduct, that they have the potential to cause harm to, or are unsuitable to take up certain roles, activities and functions in the financial industry for which they are prohibited. In response to the example raised by Mr Derrick Goh, outsourced service providers who are individuals, such as those who work for IT vendors and ecosystem partners such as e-commerce platforms, may be subject to a PO.

MAS recognises that outsourcing arrangements are becoming increasingly prevalent, but also complex, and MAS must be able to issue POs to service providers who have demonstrated by their misconduct that they have the potential to cause harm to the financial industry. Whether a PO will be issued or not always depends on the specific circumstances of a case.

Mr Derrick Goh acknowledged that the basis for streamlining the disparate grounds for issuing POs under the SFA, FAA and Insurance Act into a single fit and proper test is sound – so, thank you for that. But he also sought clarification on whether there will be retrospective application of the single fit and proper test for persons with past misconduct that might not have been caught under the three Acts. If so, Mr Derrick Goh also asked whether the PO would commence from the point of misconduct.

Under this Bill, the new PO powers can be applied to misconduct that took place before the Bill comes into effect. However, the single fit and proper test is not, in substance, a new test but rather, as Mr Derrick Goh acknowledges, streamlines the existing disparate grounds under the three Acts into one single test, based on MAS' guidelines on fit and proper criteria. Thus, if a person's past misconduct would not have been caught under any of the three Acts, it is unlikely that MAS would assess that that person is not fit and proper under the new powers.

MAS will also continue to apply the old PO powers to cases where Notices of Intent to issue the prohibition order have already been given to the individual. In response to the second question, the present position and the position under the Bill is that a PO will take effect on the date the PO is issued by MAS. A PO will not commence from the point of misconduct.

Mr Louis Ng asked why the Bill does not require MAS to publish an explanation for the imposition of POs, as it is only fair that people are being told why they are being punished. To clarify, before issuing any PO, MAS will always issue a Notice of Intention to a person informing them that MAS intends to issue a PO against him or her. This Notice of Intention will set out all the material facts and grounds on which MAS has determined that a person is not fit and proper. There is, hence, no unfairness as the person will be fully aware of the basis for which MAS intends to issue a PO against him or her. In any case, the person is given the opportunity to respond by sending representations to MAS. MAS will carefully consider such representations before making its decision whether to issue a PO against the person.

Mr Saktiandi Suppat asked if an individual's previous PO can be purged from the records after a specific period of time. Currently, the only public "record" of POs issued may be found on MAS' "Enforcement Actions" webpage, where all enforcement actions are published for a period of five years, except POs that are of a longer duration than five years. Therefore, where POs are of a shorter duration, the information on the PO will remain on the webpage for a period of five years from the date of publication. Where the PO is longer than five years, the information on the PO will be removed when the PO expires. Effectively, this means that information on POs will not remain on MAS' "Enforcement Actions" webpage forever and will be removed from the webpage after five years for POs with a duration shorter than five years, or after the PO expires, where the PO is longer than five years.

The minimum duration for enforcement actions to remain on the "Enforcement Actions" webpage is, therefore, five years. And the duration is fair, because it takes into account: one, the need to send a deterrent message to others that the misconduct justifying the enforcement action – for example, for breaching MAS-administered laws – is a grave matter; and two, the period of five years is also broadly consistent with the period after which a conviction for an eligible crime could also be spent under the Registration of Criminals Act.

Mr Yip Hon Weng asked if a person has been placed on a watchlist or issued something of equivalence to our PO by an overseas jurisdiction, would they be issued a PO here by default. A PO will not be issued by default. While this is a factor that MAS will consider in applying the fit and proper test, MAS will consider all the circumstances of the case, including the facts surrounding why such a person has been placed on a watchlist or the equivalent of a PO, before deciding whether to issue a PO.

Mr Yip Hon Weng also mentioned that a person issued with a PO may be prohibited from becoming a substantial shareholder of an FI. In this context, he also asked whether it will be an offence to wilfully assist the PO individual to evade the PO. The answer is: this could amount to an offence. And to be clear, it is an offence for a person who has been issued a PO to contravene the PO. If a third party assists this person to contravene the PO, then the third party could also be liable for abetting the commission of the offence.

Mr Louis Ng has sought clarification on whether MAS will notify the individual's employer if his PO is varied and how MAS will help to ensure that FIs are notified in a timely manner if their service providers are issued a PO, or have their PO varied. MAS will notify the individual's employer if a PO is issued, and then, correspondingly, also notify an individual's employer if their PO has been varied. MAS will send out these notifications concurrently with the issuance of a PO or a varied PO. This is to ensure that the individual's employer is informed in a timely manner. MAS will consider whether and how to notify FIs if their service providers have been issued a PO or have their POs varied.

Mr Derrick Goh asked if existing and incoming foreign talent will be subject to the same due diligence as that of local staff and, if so, whether clearer guidelines on the background checks for foreign talent would be issued. This is because misconduct in non-regulated but critical functions may not be captured in overseas registries.

Insofar as POs are concerned, the "due diligence" and "background checks" that would have to be conducted by an FI, whether under the current framework or the new framework, is to ensure that they do not hire individuals who have been issued a PO by MAS to perform the roles or activities that have been prohibited. This applies to both foreign and local employees. FIs can check the MAS' "Enforcement Actions" webpage or write to MAS to enquire whether a particular individual has been issued a PO by MAS.

Mr Derrick Goh also mentioned that the Bill has broadened the scope for MAS to issue POs covering activities beyond MAS-administered Acts, including serious misconduct in activities, such as fund management, risk and technology management, which were previously not covered.

To this end, Mr Derrick Goh has also asked what the severity thresholds for misconduct are, how proportionality of prohibitions is assessed and how culpability for misconduct would be assessed across the ranks, from junior staff to senior management. To clarify, while the Bill does broaden the scope for MAS to issue POs, handling of funds, risk management and administration of critical systems are areas that have an important impact on the soundness and integrity of our financial sector and MAS does exercise regulatory oversight over such areas. MAS has set standards of practice for these functions through the issuance of regulations, notices and guidelines.

On the question of what the threshold of severity is, or how serious the misconduct must be before a PO is issued, MAS will, generally, take into account factors, such as: one, the harm caused or risks posed by the misconduct; two, whether the misconduct was one-off or continued over a period; three, the reasons why the person carried out the misconduct; and four, public interest and policy considerations.

On how proportionality of the prohibition is assessed, if Mr Derrick Goh is asking how the duration and scope of a PO is determined, one can expect that the more serious the misconduct is, the longer the duration and wider the scope of the PO are likely to be. Ultimately, each case will be assessed on its own merits, its own facts, taking into account factors that I mentioned previously.

Finally, being in senior management would not automatically mean a longer or shorter PO period, though, in some cases, the fact that a person was in a senior position and, therefore, a position of higher authority and greater responsibility, may increase his culpability and, therefore, the duration of a PO.

To respond to Mr Saktiandi Supaat's question on whether an FI would be able to "shift" the regulatory burden to its service providers when employing the defence to show that it had taken all reasonable steps to ensure compliance that it has not employed, directly or indirectly, or used the services of a person against whom a PO has been made, there will be no "shift" in the regulatory burden as FIs are still, ultimately, responsible for checking that their service providers' relevant employees, who directly or indirectly undertake key functions for or on behalf of the FIs, have not been issued with POs prohibiting them to do so. For an FI to avail itself of the defence, the FI must, minimally, show that they have performed due diligence checks on the employees of its service providers, for example, again, checking the MAS' "Enforcement Actions" webpage.

Mr Yip Hon Weng also shared that it is not difficult for seasoned fraudsters to set up businesses here and cheat customers, which calls for a more proactive enforcement of our laws. This is in line with what the PO powers are trying to achieve, by pre-emptively and comprehensively keeping known bad actors out of our financial industry.

Mr Saktiandi Supaat then asked whether, in addition to the current publication of formal regulatory and enforcement actions taken by MAS on its "Enforcement Actions" webpage, MAS intends to create and maintain a public register of POs. This is something that MAS could consider implementing in future, once the new PO powers take effect under the Financial Services and Markets Act. For now, the search function on the "Enforcement Actions" webpage may be used by any FI or its agent, to check if a PO is currently in effect against a person. Alternatively, there is also an option for the FI or its agent to contact MAS to obtain records of the POs issued against the person, upon payment of a fee. There is, hence, sufficient means for an FI to determine if an individual has been issued with a PO.

Mr Saktiandi Supaat then spoke on the need for clarity in the form of MAS guidance on the specific scope of POs issued in the newly-extended areas. He also asked for data on the number of persons who had previously been issued with a PO and who have thereafter returned to the financial sector. Clauses 6 and 7 of the Bill sets out clearly the scope of POs which may be issued, which are to prohibit unsuitable persons from certain roles, activities and functions. There is no ambiguity here on the maximum possible scope of a PO.

In summary, the more serious the misconduct is, the longer the duration, the wider the scope of the PO is likely to be. Nevertheless, as MAS has mentioned before in its response to the public consultation, MAS will be issuing guidelines to provide greater clarity on how the new PO powers will be used. MAS does not monitor whether persons who have previously been issued with a PO return to the financial sector after the PO expires.

To be clear, a PO only bars an individual from taking up specified roles, functions and activities in the financial industry. An individual is free to take up employment in the financial industry in areas or activities that are not covered by the PO or even outside the financial industry. An individual may choose to find employment in the areas prohibited by the PO when the PO expires. And in such a scenario, it is then up to their prospective employers to determine independently whether or not to hire such a person.

Mr Derrick Goh has noted that an appeal to the Minister on MAS' decision to issue a PO must be referred to an Appeal Advisory Committee selected from an Appeal Advisory Panel (AAP). He asked about the considerations for ensuring the independence of the AAP and Committee. He also asked whether, in addition to the right of appeal to the Minister, a person may bring his appeal to the Court. On the first question, the members of the AAP will be appointed by the Minister from the financial industry and the public and private sectors, and will have strong credentials which attest to their good judgment and ability to discharge their duties professionally.

The AAC will comprise any three members from this panel. Under the existing regulations governing appeals to the Minister for PO purposes, the AAC is obliged to declare the nature and extent of all of their conflicts of interest or potential conflicts of interest to the Minister. If the Minister is satisfied that any AAC member is unable to discharge his duties effectively because of any conflict of interest or potential conflict of interest, the Minister may replace the AAC member. This will also be the process in appeals to the Minister under the new Act.

On the second question, a person will be afforded the right to appeal to the Minister under the new Act. This avenue of appeal under the new Act is consistent with the existing practice under the SFA, FAA and IA. However, if a person has exhausted his right of appeal to the Minister and remains unsatisfied with the results, he may still pursue other legal processes which he may be entitled to.

Mr Louis Ng asked why the AAC's reports are not published publicly. He suggests that, first, this would provide important context on the Minister's decision and, secondly, ensure that the AAC exercises its powers professionally and appropriately.

On the first aspect, the Minister is not bound by the recommendations in the AAC's report but, rather, exercises his own discretion in deciding on the appeal. The Minister may agree with some of the AAC's assessments while disagreeing with other aspects. He may consider other factors outside the AAC's report. Thus, publishing the AAC's report may not be all that helpful and may even be an inaccurate reflection of the Minister's considerations.

On the second aspect, as mentioned in response to a previous question by Mr Derrick Goh, the members of the AAP, from which the AAC is constituted, will be appointed by the Minister and will have strong credentials which will attest to their good judgement and ability. If the AAC in any way exercises its powers improperly, the parties can always include this in their submissions, which the Minister will consider.

Mr Saktiandi Supaat also asked when the new PO regime under the FSM Bill will be brought into effect. This is a matter which MAS is considering carefully. MAS is, currently, preparing for the new PO regime to commence and also intends to give the industry time to prepare for the new PO regime, which includes understanding how the new provisions will be applied. MAS will announce the specific date in due course.

My third bucket is a short one. It is on the provision of statutory protection for personnel of the operator of an approved dispute resolution scheme. Mr Yip Hon Weng asked if there will be exceptions to this.

For statutory protection to be accorded, the mediator, adjudicator or employee must have acted with reasonable care and in good faith. This will have to be determined, based on the facts and circumstances of each case.

Finally and lastly, there are a whole host of different inquiries which I will bucket into this last segment. Ms Janet Ang asked broadly about MAS' plans to enhance the skills and competencies required in the financial services ecosystem.

MAS works closely with the industry, such as the Institute of Banking and Finance, to develop the workforce in the financial sector. To seize opportunities for growth, we are always on the lookout for new growth drivers, including from the digitalisation wave. To meet the new job demands, we also have multiple training pathways to reskill and upskill our financial sector talent.

Ms Janet Ang and Mr Louis Chua asked broadly about central bank digital currencies (CBDCs).

As Ms Janet Ang mentioned, MAS recently collaborated with the BIS Innovation Hub Singapore Centre and several other central banks on a project known as Project Dunbar to explore a common platform for cross-border interbank payments using CBDCs. Very briefly, Project Dunbar proved that financial institutions (FIs) could use CBDCs issued by participating central banks to transact directly with one another on a shared platform.

This has the potential to reduce reliance on intermediaries and, correspondingly, the costs and time taken to process cross-border transactions, and is part of the journey that MAS has been embarking on with the industry and other central banks over the few years to explore the potential benefits and feasibility of adopting wholesale CBDC for global payments.

12.20 pm

Mr Speaker: Order. Minister of State, may I ask if you will be going on further?

Mr Alvin Tan: Just a few more lines, Mr Speaker.

Mr Speaker: You have one and a half minutes left. If you can wrap up within one and a half minutes, then I will not ask the Leader to extend.

Mr Alvin Tan: Yes, I will wrap up within one and a half minutes.

Mr Speaker: Thank you.

Mr Alvin Tan: The details and conclusions of the project, you can find on the BIS website.

Ms Janet Ang also mentioned that it would be useful for MAS to publish the clarifications and discussions that arose during the consultation process. MAS has published on its website the responses of the feedback. So, you can find them on our website.

Finally, Mr Saktiandi Supaat asked whether the FSM Bill is the first step in a broader exercise to rationalise Singapore's regulations on a financial sector-wide basis. MAS regularly reviews its Acts to ensure —

Mr Speaker: Order. Leader. Just on the safe side, let us extend.

Debate resumed.

Mr Speaker: Minister of State Alvin Tan.

The Minister of State for Trade and Industry (Mr Alvin Tan): Thank you, Leader. Thank you, Mr Speaker. It is a chunky Bill; I am almost at the end.

I was about to say that the MAS regularly reviews its Acts to ensure that the regulation of the financial sector continues to be efficient and effective. It is possible that some of the existing powers in various MAS-administered Acts may be harmonised in the FSM Bill in the future if MAS is of the view that such an approach would enable it to address financial sector-wide risks more effectively. With this, I beg to move, Sir.

Mr Speaker: Any clarifications?

Question put, and agreed to.

Bill accordingly read a Second time and committed to a Committee of the whole House.

The House immediately resolved itself into a Committee on the Bill. – [Mr Alvin Tan].

Bill considered in Committee; reported without amendment; read a Third time and passed.