On August 29, 2019, the Monetary Authority of Singapore (MAS) announced that it will begin accepting applications for new digital bank licenses. Interested parties have until December 31 to submit their applications. This follows the MAS’ initial announcement in June to issue up to two digital full bank (DFB) licenses and three digital wholesale bank (DWB) licenses, effectively opening up digital bank licenses to nonbank players.
On Feb. 13, 2018, the Monetary Authority of Singapore (MAS) issued a Consultation Paper on the Proposed E-Payments User Protection Guidelines (Consultation Paper). Under the Consultation Paper, the MAS proposes to issue a set of guidelines (Guidelines) to standardize the protection offered to individuals or micro-enterprises from losses arising from unauthorized or mistaken payment transactions.
The Guidelines are part of MAS’s ongoing review of Singapore’s regulatory framework for payment services. They are meant to provide general guidance and are not intended to be comprehensive or to replace or override any legislation.
As the FinTech industry continues to expand, regulators around the globe are starting to react. The past 18 months have seen the emergence of a new trend in financial services regulation, the “sandbox.”
Since the launch of the UK’s regulatory sandbox in May 2016, regulators across the globe have adopted similar frameworks. There are now regulatory sandboxes in Abu Dhabi, Australia, Canada, Hong Kong, Lithuania, Singapore, Switzerland and Thailand, to name a few, and the European Union recently set out proposals for a possible EU-wide regulatory sandbox. (more…)
Singapore’s Personal Data Protection Commission (PDPC) has launched a public consultation into a proposed revision to the law that would require reporting of certain data breaches. Singapore currently uses a voluntary approach to data breach notifications, but, according to the PDPC, this has resulted in uneven notification practices. Under the proposals, it will be mandatory for organizations to inform customers of personal data breaches that pose any risk of impact or harm to the affected individual as soon as they are discovered. If an incident involves 500 or more individuals, organizations will need to notify the PDPC as soon as possible but no later than 72 hours after discovery of the breach. The proposals aim to allow individuals to take steps to protect their interests in the event of a data breach, for example, by changing their password. (more…)