MAS issues new customer protection guidelines for DPT services which will take effect from 4 October 2024.

Insights

MAS Issues Crypto Customer Protection Guidelines

Date
April 5, 2024
Author
OrionW

The Monetary Authority of Singapore (MAS) has issued the Guidelines on Consumer Protection Measures by Digital Payment Token Service Providers (Guidelines) setting out the consumer protection measures that digital payment token (DPT) service providers (DPTSPs) must implement.

The Guidelines, which take effect on 4 October 2024, should be read together with the Payment Services Act 2019 and its regulations (see our article on MAS's proposed amendments to the Payment Services Regulations).

Determination of “Accredited Investor”

The Guidelines set out the definition of “accredited investor” for purposes of implementing consumer protection measures for DPT service customers (see our related articles on MAS’s consultation paper and response to feedback on those measures), which is consistent with how the term is defined under the Securities and Futures Act 2001. In determining AI status, DPTSPs should disclose and regularly review its methodology for valuing customers’ assets. In addition, DPT values will be considered but subject to a minimum haircut of 50% or S$200,000, whichever is lower.  

Under the Guidelines, all DPT service customers will be treated as retail customers by default.  However, a customer who meets the definition of “accredited investor” may consent to a DPTSP treating them as an accredited investor (AI) after the DPTSP gives the customer the prescribed written notification, including a general warning and a clear explanation about the effect of being classified as an AI. Customers can withdraw that consent at anytime and may also choose to be treated as an AI by one DPTSP and as a retail customer by another DPTSP.

Segregation of Customers’ Digital Assets

The table below sets out the key requirements imposed by the Guidelines on DPTSPs when safekeeping customers’ digital assets in-house or through a third-party custodian.

Prescribed Measures

A DPTSP must:

  • use different blockchain addresses to store customers’ assets from those used to store its own assets
  • determine the suitability of the safeguarding person
  • implement risk management controls, including procedures for authorising and securing transfers or withdrawal of assets and technological measures
  • ensure that DPT instruments for at least 90% of safeguarded customer assets must be stored in cold wallets
  • ensure that senior managers and personnel who control the movement of customers’ assets are Singapore residents
  • have written policies, conducting independent checks and properly segregating duties to minimise conflicts of interest
Required Disclosures

A DPTSP must disclose the following matters to its customers:

  • the extent of the safeguarding person’s liability if customers’ assets are lost due to the fraud or negligence of the safeguarding person or its agents
  • the terms and conditions the DPTSP has agreed with the third-party safeguarding person, if applicable
  • the DPTSP’s policy on storage arrangements for those customers’ assets
  • whether and how customers may authorise third parties to give or receive instructions to or from the DPTSP
  • the circumstances when assets held as collateral may be used to satisfy customer liabilities to the DPTSP
  • the fees and costs for safeguarding customers’ assets
Customer Statements of Account

A DPTSP must provide monthly statements of account to its customers, including:

  • information relating to their transactions
  • the status and movement of their safeguarded digital assets and money with the DPTSP

Conclusion

The regulatory approach to DPT-related services continuously evolves because the technology behind them and risks associated with them evolve as well.  DPTSPs should take advantage of the 6-month transition period to develop and implement measures to comply with the Guidelines in a way that corresponds to their risk profile and the complexity of their offered services and supporting technologies.

For More Information

OrionW regularly advises clients on the PS Act and fintech matters.  For more information about the PS Act and fintech regulatory compliance, or if you have questions about this article, please contact us at fintech@orionw.com.

Disclaimer: This article is for general information only and does not constitute legal advice.

Newsletter

Subscribe to
our newsletters

To subscribe, select the newsletter options that interest you (TMT, FinTech or DPC - Data Protection and Cybersecurity) and provide your details.

  • TMT - Technology, Media and Telecommunications
  • FinTech
  • DPC - Data Protection & Cybersecurity
Please read our Privacy Policy. You can unsubscribe at any time.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
contact us
OrionW LLC
Level 37, 16 Collyer Quay
Collyer Quay Centre
Singapore 049318

OrionW is a boutique law firm specialising in Singapore and cross-border corporate, commercial and regulatory matters, with a focus on technology, media and telecommunications (TMT) and financial technology (FinTech). We are dedicated to providing excellent legal service to clients at the leading edge of their markets.

OrionW LLC (UEN 201505714C) is a Singapore law practice incorporated with limited liability.