In the updated PS Act licensing guidelines, the Monetary Authority of Singapore clarifies the external audit requirements for digital payment token licence applicants.

Insights

MAS Clarifies External Audit Requirements in Updated PS Act Licensing Guidelines

Date
February 3, 2025
Author
OrionW

On 31 January 2025, the Monetary Authority of Singapore (MAS) revised the Guidelines on Licensing for Payment Service Providers (PS Act Licensing Guidelines) further to clarify the external audit requirements for ensuring digital payment token (DPT) licence applicants’ compliance with MAS technology and cybersecurity standards (see our previous article on updates to the PS Act Licensing Guidelines).

External Audit Requirements for Technology and Cybersecurity Risk Assessments

Under the PS Act Licensing Guidelines, a DPT licence applicant that has been granted in-principal approval must appoint an external auditor to perform and independent assessment of the applicant’s technology and cybersecurity risks.

The updated PS Act Licensing Guidelines clarify the criteria that such external auditor must meet to perform the assessment, including that the external auditor must be independent and have a track record of either preparing a statutory audit pursuant to MAS regulations or conducting an independent review of technology and cybersecurity risks on a MAS-regulated financial institution.  Additionally, the external auditor’s engagement leader should be of sufficient seniority, with adequate experience and expertise in technology and cybersecurity risks.

Additional Applicable Guidelines

Moreover, the updated PS Act Licensing Guidelines now require licensees under the Payment Services Act 2019 (PS Act) to understand and implement the Guidelines on Shared Responsibility Framework and the Circular on Anti-scam Measures by Major Payment Institutions, as applicable. Please contact us for additional details on these additional guidelines.

Conclusion

MAS regularly updates the PS Act Licensing Guidelines to address the ever-evolving risks, particularly cyber threats and scams, that could affect PS Act licensees and/or their customers.  Therefore, payment service providers in Singapore should ensure that they continually monitor changes to the PS Act Licensing Guidelines and have mechanisms in place to comply with applicable licensing requirements.

For More Information

OrionW regularly advises clients on the PS Act and FinTech matters.  For more information about the PS Act and FinTech regulatory compliance, or if you have questions about this article, please contact us at fintech@orionw.com.

Disclaimer: This article is for general information only and does not constitute legal advice.

Newsletter

Subscribe to
our newsletters

To subscribe, select the newsletter options that interest you (TMT, FinTech or DPC - Data Protection and Cybersecurity) and provide your details.

  • TMT - Technology, Media and Telecommunications
  • FinTech
  • DPC - Data Protection & Cybersecurity
Please read our Privacy Policy. You can unsubscribe at any time.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
contact us
OrionW LLC
Level 37, 16 Collyer Quay
Collyer Quay Centre
Singapore 049318

OrionW is a boutique law firm specialising in Singapore and cross-border corporate, commercial and regulatory matters, with a focus on technology, media and telecommunications (TMT) and financial technology (FinTech). We are dedicated to providing excellent legal service to clients at the leading edge of their markets.

OrionW LLC (UEN 201505714C) is a Singapore law practice incorporated with limited liability.