The Monetary Authority of Singapore (MAS) has announced stricter anti-money laundering (AML) and counter financing of terrorism (CFT) controls on digital payment token (DPT) service providers. The changes are meant to mitigate the risk of money laundering in the sector by tightening controls and safeguarding the assets of DPT service providers’ customers.
Digital payment tokens, encompass different assets such as cryptocurrencies, and are often secured by blockchain technology.
DPT service providers in Singapore are currently regulated under the Payment Services Act, which was amended in April 2024 to include user protection and financial stability requirements. The amendments include a transition period from April 2024 to January 2025 – DPT service providers are to update their license applications, ensure their AML/CFT controls meet the new requirements, and complete an external audit in order to continue operating after January 2025.
The recent amendments to the Payment Services Act widen the scope of regulated activities, which now include:
MAS can also impose requirements on DPT service providers relating to AML/CFT controls, user protection, and financial stability.
Financial crime facilitated through cryptocurrency transactions is sizeable: Chainalysis’ 2023 report revealed that cryptocurrency crime reached $22.2 billion worldwide last year. Some interesting trends observed include a notable rise in funds sent from ransomware to gambling platforms and new ways of laundering money through mixers or bridges.
Cryptocurrency and digital payment tokens offer users a certain level of anonymity in transactions. Furthermore, because these services are not as heavily regulated as other payment service providers or financial institutions, customer due diligence standards may be less strict, making these currencies susceptible to abuse for financial crime.
Given the risk of money laundering and terrorism financing (ML/TF) in cryptocurrency, regulatory bodies globally – including the Financial Action Task Force, Hong Kong’s Securities and Futures Commission, Dubai’s Virtual Assets Regulatory Authority, Japan’s Financial Services Authority, and the European Securities and Markets’ Authority – have introduced more stringent AML requirements and licensing regimes in recent years.
Similarly, under the Payment Services Act and Notice PSN02 in Singapore, DPT service providers are required to have a robust compliance framework in place for risk assessment and mitigation, customer due diligence, ongoing monitoring for suspicious activity, and documentation for regulatory reporting.
Smaller fintech, DPT, or cryptocurrency businesses may not have sufficient resources or sophisticated know your customer (KYC) technology to conduct automated customer due diligence and ongoing risk monitoring at scale. Due to budget constraints or regulatory imperatives, they may choose to address competing business priorities instead of investing in compliance processes, especially if they are still able to meet the minimum AML/CFT thresholds required to operate.
However, the widening regulatory oversight in Singapore of DPTs necessitates a more robust compliance framework for service providers, including adoption of a risk-based approach to assess and mitigate AML/CFT risks.
Cryptocurrency firms and DPT service providers need to understand risks associated with third-party entities they’re transacting with, getting clarity on information such as ownership structures. This can be addressed with a database displaying ultimate beneficial ownership information that delivers improved corporate transparency.
Strengthened intelligent screening capabilities at onboarding through automated workflows integrated with a comprehensive risk-relevant database of adverse media, sanctions, watchlists, and politically exposed persons (PEPs) can help businesses understand who they’re working with and the risks of doing so. With the ability to filter information by risk type, stage, and age, tailored to an organization’s risk policies and appetite, businesses can conduct more effective screening, due diligence, and ongoing risk monitoring.
Knowing each customer and monitoring them on an ongoing basis for new or relevant risk factors can be complex, especially without the use of automated solutions. New risk events may come to light at any time, and complicated ownership and control are subject to rapid change.
Instead of traditional periodic reviews, which can take place anywhere between one and five years after onboarding depending on the entities’ risk rating, adopting a perpetual KYC approach allows compliance teams to respond to evolving risk in real time based on reliable, accurate data ;proving flags when there are significant changes in a counterparty’s risk profile that may require investigation.
Financial criminals are using increasingly sophisticated means to launder money, which can include setting up complex networks of shell companies with no direct links and multiple ownership layers in different jurisdictions. These criminals, often part of organized crime syndicates, can for example create money mule accounts and offshore entities to transact illegal proceeds, moving funds via a network of financial institutions and payment providers.
Moody’s has identified the following seven indicators of shell company risk:
Companies with visibility of these risk indicators are better equipped to detect suspicious transactions and ownership patterns so they can conduct deeper investigation on outlier profiles in their networks.
The MAS’ increased regulatory oversight is in line with a global shift towards stricter AML/CFT compliance requirements in cryptocurrency and fintech to protect consumers.
Companies operating in this space can expect increasing regulatory oversight in more jurisdictions. Complying with evolving AML/CFT obligations is made easier using a robust risk-based approach that includes global datasets, automated KYC checks, analytical insights, and integrated workflows tailored to an organization’s risk appetite.
Stay on top of evolving risk. Moody’s works with the fintech sector to automate KYC processes so they can scale as your business grows.
Get in touch today for more information – we would love to hear from you.