Most of the relevant forms and guidelines for the Payment Services Act (the “PS Act”), including the main license application form (“Form 1”) ⁽¹⁾ have now been published by the Monetary Authority of Singapore. Over the coming weeks, we intend to publish a series of articles considering various practical issues relating to applying for a license under or complying with the PS Act.

On 18 December 2019, the Monetary Authority of Singapore (the “MAS”) published its Guidelines on Licensing for Payment Service Providers (the “PS Act Guidelines”). In paragraph 3.1.7 of the PS Act Guidelines, with respect to the minimum compliance arrangements that payment service providers should have the MAS states:

“the ultimate responsibility and accountability for ensuring compliance with applicable laws and regulations will still rest with the applicant’s sole-proprietor, partners, or directors and CEO, and compliance officer [emphasis added].

We believe this language regarding ultimate responsibility and accountability of compliance officers of payment service providers (“PSP Compliance Officers”) is a significant development because (1) we are unaware of the MAS using this description of compliance officers’ responsibility previously and (2) the practical repercussions of a PSP Compliance Officer having the same degree of accountability as the directors and chief executive officer (“CEO”) are uncertain.

GENERAL GOVERNANCE STRUCTURES

In general, responsibility for management of a company (regardless of its industry or regulatory status) is held by its board of directors (the “Board”). Day to day management of a company is delegated to senior management, which often includes one or more directors, led by a CEO (collectively, “Senior Management”). ⁽²⁾

The seniority of compliance personnel at any given Financial Institution (“FI”) may vary. At some FIs, Senior Management will include the individuals who deal with day to day, operational compliance matters. At smaller FIs, legal and compliance staff may have more junior roles. The MAS generally acknowledged this potential range of seniority in the Response to Feedback Received (the “Response”) on the Proposed Guidelines on Individual Accountability and Conduct (the “Accountability Guidelines”) when it wrote that, with respect to small FIs “…the directors and chief executive officers usually directly oversee most or all functions in the FIs.” ⁽³⁾

The head of an FI’s compliance function usually has dual reporting lines. One reporting line goes to a member of senior management such as the CEO or chief operating officer. The second line is a direct reporting line to the Board.⁽⁴⁾ As a result, any decision of the compliance officer can normally be overturned.

Insider Trading Case Study

On a day to day basis, a compliance officer’s approval may be required for certain decisions for which the FI is ultimately responsible. For example, with respect to insider trading policies compliance officers often have authority to approve whether staff can deal in securities for their personal account. Such approvals are based on policies and procedures determined by Senior Management and/or the FI’s board of directors (the “Board”).

Most FI’s require staff to hold any securities for their personal account for a minimum period (the “Minimum Period”) to generally reduce the risk of trading on inside information. However, the length of the Minimum Period is not prescribed by law. While the compliance officer may recommend a duration for the Minimum Period, the final decision rests with the CEO and the Board. At some FIs, the compliance officer may have authority to grant exceptions to the Minimum Period on a case by case basis, although certain exceptions may need to be escalated to Senior Management and/or the Board.

The Compliance Function’s Role

As the insider trading case study makes clear, compliance officers perform a mix of decision-making and advisory tasks. The decisions compliance officers make are normally administrative in nature, enforcing a policy or procedure approved by Senior Management and/or the Board. Obviously, recommendations made by a compliance officer can be quite significant. If an FI has a compliance breach, the breach could be due to a decision made by a compliance officer. The breach could also be due to a policy adopted or decision made by Senior Management or the Board beyond the control of and notwithstanding any recommendations made by the compliance officer.

THE PAYMENT SERVICES ACT COMPARED TO OTHER LEGISLATION

The MAS’ formulation of the “ultimate responsibility” of PSP Compliance Officers is different than what the MAS has articulated in the context of:

• compliance officers of fund management companies (“FMCs”), regarding which the MAS has said: “Ultimate responsibility for compliance with applicable laws and regulations rests with the FMC’s CEO and board of directors…”;⁽⁵⁾
• compliance officers of capital markets intermediaries (“CMIs”), regarding which the MAS has said: “Each CMI is reminded that the ultimate responsibility and accountability for ensuring compliance with anti-money laundering and countering the financing of terrorism (“AML/CFT”) laws, regulations and notices rests with its board of directors and senior management.”;⁽⁶⁾
• risk management, regarding which the MAS has said: “While performing an oversight function, the Board may delegate to senior management the authority to run the institution’s day-to-day operations. The Board, however, bears the overall responsibility for ensuring that the institution’s operations comply with Board approved policies, applicable laws and regulations, and are consistent with the industry’s sound and prudent practices”;⁽⁷⁾
• the Accountability Guidelines, regarding which the MAS has proposed to define “head of compliance” as the person “who is principally [emphasis added] responsible for monitoring and managing the financial institution’s compliance with regulatory requirements under the applicable laws and regulations as well as internal policies and procedures”;⁽⁸⁾ and
• the AML/CFT guidelines for the PS Act, regarding which the MAS has said: “Each payment service provider is reminded that the ultimate responsibility and accountability for ensuring compliance with AML/CFT laws, regulations and notices rests with its board of directors and senior management.” ⁽⁹⁾

The Practical Consequences of “Ultimate Responsibility and Accountability” for PSP Compliance Officers

Payment service providers are required to set out a “designated compliance person” in Form 1.10 The MAS has described this requirement as:

“the appointment of a suitably qualified compliance officer at the management level. This individual is expected to have sufficient expertise and authority to oversee the compliance function of the applicant, although he may be assisted by other staff in day-to-day operations.”⁽¹¹⁾

It is not clear whether “management level” is equivalent to “senior management”, a term used elsewhere in the PS Act Guidelines and other publications.

At a minimum, a PSP Compliance Officer must be a fit and proper person,⁽¹²⁾ the criteria for which include honesty, integrity, reputation, competence and capability.⁽¹³⁾ A failure by a PSP Compliance Officer to discharge his or her duties properly could result in such person no longer being deemed fit and proper, and thus ineligible for employment. However, this outcome is not unique to PSP Compliance Officers as the fit and proper requirements apply to all FIs. A PSP Compliance Officer could also be charged with an offence under section 90(2) of the PS Act if the payment service provider itself commits an offence under the PS Act. There could also be risks that we do not foresee.

Ways to Address the Risks of Being a PSP Compliance Officer

If PSP Compliance Officers have greater responsibility than the compliance officers of other FIs, PSP Compliance Officers may require (1) that they have ultimate authority with respect to compliance matters such as being a required approver or having a veto power over various matters and (2) relatively higher compensation to reflect the increased risk of such roles.

CONCLUSION

It is quite possible that PSP Compliance Officers will only be ultimately responsible for the recommendations they give and the decisions they take, as opposed to all conduct of the FI. At this time, the significance of the PS Act Guidelines’ description of PSP Compliance Officers’ accountability for ensuring compliance with applicable laws and regulations is unclear.

What is clear is that the MAS as well as regulators globally are focused on increasing accountability within FIs. We strongly recommend payment service providers review their governance processes both to comply with the PS Act Guidelines and to reflect the desired outcomes set forth in the Accountability Guidelines.

HOLLAND & MARIE

Holland & Marie is a compliance, C-Suite and legal solutions firm based in Singapore. We have extensive experience in resolving typical compliance issues including regulatory inspections, satisfying regulatory requirements and maintaining best practices in corporate governance to navigate the rapidly changing regulatory landscape.

For further information, contact:

Chris Holland: Partner | Holland & Marie | 201802481R

7 Straits View, Marina One East Tower, #05-01 Singapore 018936

[email protected]

www.hmstrategy.com

Disclaimer: The material in this post represents general information only and should not be relied upon as legal advice. Holland & Marie Pte. Ltd. is not a law firm and may not act as an advocate or solicitor for purposes of the Singapore Legal Profession Act.

(1) See https://www.mas.gov.sg/-/media/MAS/Sectors/Forms-and-Templates/Form-1—Application- for-a-Payment-Service-Provider-Licence.pdf

(2) We often recommend that a firm’s General Counsel and/or Head of Compliance not be appointed as directors so such officers can advise the Board without the complication of having fiduciary duties as a director.

(3) See Paragraph 2.6 of the Response, published in June 2019.

(4) Sometimes there are additional reporting lines to sub-committees of the Board, such as the Audit Committee.

(5) See Paragraph 3.14 of the Guidelines on Licensing, Registration and Conduct of Business for Fund Management Companies.

(6) See Paragraph 1-4-9 of the Guidelines to MAS Notice SFA04-N02 on Prevention of Money Laundering and Countering the Financing of Terrorism.

(7) See Paragraph 1.2.9 of the Guidelines on Risk Management Practices – Board and Senior Management.

(8) See Annex C of the Accountability Guidelines.

(9) See Paragraph 1-4-8 of the Guidelines to PSN01 on Prevention of Money Laundering and Countering the Financing of Terrorism – Specified Payment Services and Paragraph 1-4-10 of the Guidelines to PSN02 on Prevention of Money Laundering and Countering the Financing of Terrorism – Digital Payment Token Services.

(10) See Question 7.27 of Form 1.

(11) See Appendix 2 of the PS Act Guidelines.

(12) See Paragraph 3.1.2 of the PS Act Guidelines.

(13) See Paragraph 8 of the Guidelines on Fit and Proper Criteria.