CEO
On the 26th of October 2022, the Monetary Authority of Singapore (MAS) issued a consultation paper proposing additional regulatory safeguards for cryptocurrency firms. The proposal expands the existing regulatory framework for DPTSPs (both licensed digital payment token service providers and those operating under a transitional exemption) under the Payment Services Act 2019. The summary below sets out the main elements of the proposed expansion of the existing regulatory framework.
Improved Business Operating Models
Segregation of customer and firm assets and the potential for individual custodians are some of the measures the MAS is proposing in order to improve business operations in crypto firms. Business practices will also be sharpened with proposals for improved private key management, daily calculation of asset values and daily reconciliations.
Risk Monitoring
The MAS proposes to set out, disclose and enforce rules governing trading practices across Crypto firms. As a result, the crypto firms will have to implement surveillance systems to monitor trading activities on the DPT trading platforms.
Risk Awareness Assessment
DPTSPs must conduct a risk awareness assessment of retail customers to ensure sufficient risk awareness before DPT service provision. The risk awareness assessment will include an assessment of the impact of sharp price fluctuations and market illiquidity among other things. There is much focus on ICT risk assessment alongside assessment of the consequences of technological or operational issues (including loss of private keys or DPT access and the consequences of fraud, theft, sabotage or cyberattacks).DPTSPs have not been subject to the technology risk management requirements applicable to other financial firms but under the new proposals, this may all change. Going forward the MAS proposes that crypto firms must identify critical systems and ensure that the maximum unscheduled downtime for each of those critical systems does not exceed four hours within any 12-hour period. A recovery time objective (RTO) of no more than four hours is proposed for each critical system. Of most importance is the fact that crypto firms will have to notify the MAS within an hour of discovering a severe system malfunction or IT security incident. Further, the root cause and impact analysis report is to then be submitted to the MAS within 14 days.
The MAS Timeline
The MAS consultation period is open until 21 December 2022. Thereafter MAS will issue guidelines setting out the regulatory requirements. DPTSPs will have a transition period from the publication of the new guidelines to comply.
What the Future Holds
MAS has noted that DPT markets have been susceptible to abusive practices such as wash trading, pump and dump, cornering, spoofing, and insider trading. MAS is working with the International Organisation of Securities Commissions (IOSCO), on the development of best practices and principles to address such practices.