EXECUTIVE SUMMARY
In a word, maybe. The MAS considers each license application on its own merits, so there could be circumstances regarding which the MAS would approve a license application of a payment service provider (“PSP”) that proposed to outsource compliance to an unaffiliated third party (a “Compliance Vendor”). However, we believe the MAS would closely scrutinize the facts and circumstances of such a proposal. In general, the MAS’ minimum requirements for compliance are to (1) have an independent and dedicated in-house compliance function (“Option 1”) or (2) outsource the compliance function to the PSP’s head office or a related entity, if such head office or related entity has its own independent and dedicated compliance function (“Option 2”). In the event the MAS is unwilling to approve a complete outsourcing of the compliance function, the MAS may be more amenable to approving the outsourcing of compliance processes like sanctions screening or maintenance of registers.
FORM 1
Question 7.27
In Question 7.27 of Form 1, Payment Service Providers (“PSPs”) are required to set out a “designated compliance person” (the “DCO”) in Form 1.(2) The MAS has described this requirement as:
- “the appointment of a suitably qualified compliance officer at the management level. This individual is expected to have sufficient expertise and authority to oversee the compliance function of the applicant, although he may be assisted by other staff in day-to-day operations.” (3)
It is not clear whether “management level” is equivalent to “senior management”, a term used elsewhere in the PS Act Guidelines and other publications.
Question 7.28
In Question 7.28, the PSP is asked to provide details of the compliance arrangement. In addition to Option 1 and Option 2 (set forth above), there is an option to answer “Others” (“Option 3”).
For Option 3, the PSP is asked to: “Describe the arrangement and provide the following details on the designated compliance officer”. However, the required details are not set out in the specimen draft of Form 1. As a result, we do not know what arrangements would be considered for Option 3.
Guidelines on Licensing for Payment Service Providers (the “Guidelines”)
Appendix 2 of the Guidelines sets out the minimum compliance arrangements for PSPs. Appendix 2 references Option 1 and Option 2. It does not mention Option 3.
Appendix 2 goes on to state:
- “The applicant must also develop appropriate compliance management arrangements, including at least, the appointment of a suitably qualified compliance officer at the management level. This individual is expected to have sufficient expertise and authority to oversee the compliance function of the applicant, although he may be assisted by other staff in day-to-day operations.
- If this officer has yet to be employed at the point of application, he/she must, at the minimum, have been identified at the point of application and must be employed and appointed prior to the applicant commencing business.”
Nevertheless, Appendix 3 of the Guidelines states that a PSP must disclose in Form 1 “details on all outsourced compliance functions, including… the relationship between the applicant and the outsourced provider (e.g. vendor, parent company), licensing/registration status of the outsourced provider, and oversight arrangements”. Here, the MAS explicitly cites the potential for a compliance function to be outsourced to a vendor. Still, the extent to which such outsourcing to a Compliance Vendor would be permitted is unclear.
Comparison of the Permissibility of Outsourcing the Compliance Function of Capital Markets Services (“CMS”) Licensees
The formulation of Question 7.28 in Form 1 with respect to a PSP’s compliance arrangements is different than the wording set out in the application form (the “CMS Application”) applicable to entities (excluding fund management companies) applying for a CMS license. CMS license applicants are specifically provided with an option to propose the appointment of an external service provider who will assist with the compliance function.(4) In other contexts, the MAS has observed the practice of CMIs outsourcing the compliance function.(5)
The CMS Application also uses the term DCO when it discusses CMS license applicants that have an independent and dedicated compliance function. For CMS license applicants that plan to use a Compliance Vendor, the applicants are required to set forth the name of the “senior staff responsible for compliance matters”. In the context of a CMS license holder, it is unclear what differences in fundamental accountability, if any, a DCO has compared to a senior staff responsible for compliance officers.(6)
OUTSOURCING AND ACCOUNTABILITY
Notwithstanding the foregoing, the MAS Guidelines on Outsourcing (the “Outsourcing Guidelines”) generally envisage that compliance is a function that can be outsourced. (7) Outsourcing the compliance function (whether to a Compliance Vendor or as envisaged in Option 2) would not diminish the obligations of a PSP, and those of its board and senior management to comply with relevant laws and regulations.(8) Furthermore, we expect the MAS will require that the DCO is a full-time employee of the PSP, particularly because of the “ultimate responsibility and accountability” for ensuring compliance with applicable law and regulation of PSP compliance officers.(9)
CONCLUSION
Holland & Marie provides outsourced compliance services. We would be pleased to explore whether we can develop an outsourced compliance arrangement that would be commensurate with the nature, scale and complexity of a PSP’s planned business.(10) Even if we are unable to provide a fully outsourced solution, we may be able to provide support that simplifies and strengthens your compliance framework.
So, if you got this far in the article, please do reach out and let us buy you a coffee to see how we can help!
For further information, contact:
Chris Holland: Partner | Holland & Marie | 201802481R
7 Straits View, Marina One East Tower, #05-01 Singapore 018936
Disclaimer: The material in this post represents general information only and should not be relied upon as legal advice. Holland & Marie Pte. Ltd. is not a law firm and may not act as an advocate or solicitor for purposes of the Singapore Legal Profession Act.
(2) See Question 7.27 of Form 1.
(3) See Appendix 2 of the PS Act Guidelines.
(4) See Question 10.1(b) of Form 1 – Application for a Capital Markets Services License (Other than for a Fund Management Company).
(5) For example, see Paragraph 2.12 of the Guidelines of MAS Notice SFA04-N02 on Prevention of Money Laundering and Countering the Financing of Terrorism.
(6) For a discussion of the increased accountability that compliance officers may have under the PS Act compared to other laws, see http://hollandandmarie.com/2020/01/accountability2/
(7) See Paragraph 1(m) of Annex 1 of the Outsourcing Guidelines.
(8) See Paragraph 1.1 of the Outsourcing Guidelines.
(9) See Paragraph 3.17 of the Guidelines.
(10) Ibid.
