Introduction
The rapid development of digital currency/token as a form of investment, mode of payment and now entertainment has forced the government in every country to develop a regulatory framework in order to provide layers of protection and accountability for the digital investors as well as operators. In Malaysia, despite the Security Commission of Malaysia (SC) enforcement actions against one of the biggest online cryptocurrencies exchange company, Binance Holdings Limited and its three other entities on the 30th July 2021[1], the SC has in the following year, on 31st October 2022, as an initiatives to liberalise the capital market and provide access for businesses to alternative means of funding, announced the opening of registration for new “recognized market operators – digital asset exchange” (RMO-DAX) from 1st November 2022.[2] The situation in Singapore however differs as despite its ambition to be a global cryptocurrency hub, several incidents has seemed to impact the treatment towards cryptocurrencies.[3] Singapore has now be seen as a volatile and speculative in sending mixed signals to the industry.[4]
That being said, this article will discuss on the requirements on acquiring the license to conduct operate cryptocurrency in Malaysia and Singapore and to compare them side by side for future investors’ consideration in operating cryptocurrency services.
Requirements for Digital Asset Exchange (DAX) and Digital Payment Token (DPT)
In Malaysia, the SC has labelled cryptocurrency as a recognized market[5] and companies providing such services are required to register to be a recognized market operator (RMO) pursuant to Section 34 of the Capital Market Services Act 2007 (CMSA). Singapore on the other hand recognized cryptocurrency as digital payment token and its service providers are required to be license under Section 5 of the Payment Services Act 2019 (PSA).
Based on the above, the table below shall compare side by side on the requirement for operators or service providers in obtaining license to operate DAX in Malaysia or DPT in Singapore:-
| Requirements | Malaysia | Singapore |
| Guidelines/ Statute/Act | Capital Market and Services Act[6](CMSA) Guidelines on Recognized Markets[7] (GRM) | Payment Services Act 2019[8] (PSA) Guideline on Licensing for Payment Service Providers[9](GLPS) |
| Authority | Security Commission of Malaysia (SC) | Monetary Authority of Singapore (MAS) |
| Eligibility and Financial Requirements | must be locally incorporated (15.03(a) GRM);have a minimum paid-up capital of RM5 million (15.03(b)(i) GRM); andif DAX operator acts as a counterparty to an investor for every buy or sell order on or through the platform, an additional RM5 million is to be maintained in shareholders’ funds.(15.03(b)(ii) GRM). | must have permanent place of business or registered office in Singapore (3.1.4 GLPS);one executive director must be a Singapore citizen or permanent resident or one of the director is a Singapore’ Employment Pass holder and at least one other director of the applicant is a Singapore citizen of permanent resident (A1-2 GLPS);Payment Service Providers (PSP) must choose the license (2.4 GLPS) which are:-Standard Payment Institution (SPI) with threshold limit of S$ 3 million monthly transactions; orMajor Payment Services (MPI) with no specific threshold.applicant must have Base Capital Requirement of S$100,000 for SPI and S$250,000 for MPI; andspecifically for MPI applicant, a security in the form of a cash deposit with MAS or a bank guarantee of S$100,000 for applicant with payment transaction does not exceed S$6 million and S$200,000 for all other cases (3.1.6 GLPS). |
| Frameworks and Policies | conflict of interest framework (15.08 GRM) which includes:-proprietary trading by DAX Operator on its platform;disclosure of conflict of interest to investor;insider trading; andmanagement of non-public material information.risk management framework (15.11 GRM):-operational risk-management framework to mitigate risks;organizational chart to define roles and responsibility to address operational risks;operational objectives and policies to achieve such objectives; andcomprehensive physical and information security policy that addresses all potential vulnerabilities and threats.business continuity plan which incorporates the use of secondary sites designed to ensure critical IT system can resume within reasonable recovery time objective (15.13 GRM)policies and procedures to assess digital asset prior to offering on platform (15.16 GRM)delisting of digital asset policies and procedure (15.21 GRM)trading, clearing and settlement procedures and policies (15.24(b) GRM) | Minimum Compliance Arrangement is required to be in place by Applicant which include (3.1.7 GLPS):-independent compliance function in Singapore with qualified staff;compliance support from holding company or related oversea entity; andcompliance management arrangements which include appointment of compliance officer.Technology Risk Management. Applicant that intends to provide online financial services must perform penetration test on its platform and remediate all high risk findings and conduct independent validation on the effectiveness on the remediation actions (3.1.8 GLPS) |
| Continuing Obligations | periodic reviews, audits and testing on system, operational policies, procedures, and controls relating to risk management and continuity plan (15.14 GRM);conduct real-time market surveillance (15.24(c) GRM); andobtain SC approval to carry out other model than the one registered on its platform with SC (15.27 GRM). | comply with AML/CFT requirements as set out in the Notices on Prevention of Money Laundering and Countering the Financing of Terrorism[10] and Notice on Reporting of Suspicious Activities & Incidents of Fraud[11];provide periodic regulatory returns in relation not payment service activities according to Notice on Submission of Regulatory Returns[12];comply with cyber hygiene requirements as set out in Notice on Cyber Hygiene[13];andensure accurate representation on scope of its license and provide disclosures according to Notice on Disclosure and Communications[14] . |
| Audit | DAX Operator must establish internal audit (15.15 GRM). | applicant must appoint independent audit, whether internal audit within the applicant or independent internal audit from head office to assess adequacy and effectiveness of procedures, control and compliance; andaudit must be done annually as set out in Section 37 of PSA. |
| Prohibitions | Prohibition on providing financial assistance to investors (15.09 GRM). | Guidelines on Provision of Digital Payment Token Services to the Public[15] prohibition on promotion of DPT services to general public in which DPT service providers shall not promote their DPT services in public areas or media (2.1 GLPS);prohibition of DPT services in public areas in which DPT services shall not be provided in public areas through the use of automated teller machines (ATM) (3.1 GLPS); andprohibition on services relating to DPT-related products in which DPT service providers should not promote payment token derivatives which are derivatives contracts that reference DPT as underlying assets (4.2 GLPS). |
| Other requirements | if DAX Operator is public company, one member of the board must be independent director. (15.05 GRM);New digital asset not offered on any other DAX Platform requires SC’s concurrence (15.17 GRM) and to fulfill the minimum eligibility criteria (15.19(b) GRM); andIf DAX Operator operates as a counterparty to an investor for every buy or sell order on or through the platform, DAX Operator must (15.26 GRM):-ensure that digital asset is sourced from a virtual asset service provider (VASP) that is registered, authorized, licensed or regulated by regulatory authority similar to SC;ensure the VASP is in compliance with FATF Compliance 2012;ensure that purchase of digital asset by investor must go through DAX Operator’s wallet to investor’s wallet; andcarry out AML/TF screening on the digital asset sourced before transferring to investor. | Fit and Proper (3.1.2 GLPS). Applicant need to ensure that its members, directors and employees are fit and proper according to the Guidelines on Fit and Proper Criteria[16];Competency of Key Individual (3.1.3 GLPS). Applicant need to ensure that its directors, partners have sufficient experience in operating business in payment services industry or related areas in the financial services industry;The applicant must appoint at least one person to present at place of business or office to address any queries or complaints from customer for a minimum of 10 days a month with minimum 8 hours on each day (3.1.4 GLPS); |
Table 1: Malaysia and Singapore requirement on digital assets operator license
Based on the above Table 1, in the requirement on eligibility and financial requirements, both Malaysia and Singapore have slight differences in which in Malaysia, DAX operator is required to incorporate a local company under Sendirian Berhad or Berhad in order to be eligible for the license whilst Singapore does not impose such requirement in which applicant are only required to have permanent place of business or registered office in Singapore. It is to be noted that although the requirement on having a locally incorporated company in Malaysia, the process of incorporation of company in Malaysia should not be considered as a burden as incorporation of a company in Malaysia has been made accessible to anyone and there are no strict requirement imposed on foreign company incorporating local company in Malaysia.[17] In addition, despite Malaysia having a higher paid up capital requirement as compared to Singapore, the paid up capital would only require to be reflected during the incorporation of the company and can be used for the purpose of the business upon the incorporation. It is to be noted however for DAX Operator who acts as a counterparty to an investor for every buy or sell order on or through the platform, an additional RM5 million is to be maintained in its shareholders’ funds.
In relation to framework and policies on digital assets, both Malaysia and Singapore are on par with its regulations pertaining to compliance and ongoing requirement that need to be fulfilled by applicant who are applying for license and applicant who has obtained the license. As digital assets are in trend and have an unstable trend depending on the value the public put into the digital assets, the SC and MAS have continuously develop its regulatory framework and policy to ensure that all kinds of digital assets are covered and observed. In Malaysia specifically, under paragraph 15.17 of the GRM, it can be said that Malaysia are welcoming all kinds of new digital assets to be introduced by DAX Operator. In relation to Singapore framework and policy, despite having its similarity to Malaysia’s GRM, there has been guideline enforced by MAS to prohibit the marketing and advertisement of digital service provider. MAS on 17th January 2022 has issued the guideline to prohibit all kinds of advertisement on digital assets following the increase of scams and fraud relating to digital assets.
In reality, study cases have shown that digital assets are blooming in Malaysia. In Malaysia, as of 17th August 2022, there are 4 registered RMO-DAX which are Luno Malaysia Sdn. Bhd., MX Global Sdn. Bhd., SINEGY DAX Sdn. Bhd., and Tokenize Technology (M) Sdn. Bhd. Despite having only 4 registered RMO-DAX, there are almost 40 RMO-DAX has been registered since but has been declared by SC not to be permitted to continue its operations due to several reason such as non-compliance of the GRM or CMSA. As SC has opened the registration of RMO-DAX starting from 1st November 2022, it is said that more RMO-DAX will emerge in Malaysia. In an interview, the SC Chairman stated that despite Binance being taken against previously, Binance still could apply for the license and evaluate its existing partnership in the country.[18] Singapore on the other hand has given 10 crypto service providers license as of 1st December 2022 which are DBS Vickers Securities, Digital Treasures Center, Fomo Pay, Independent Reserve, Revolut, Sparrow Tech Private, Hako Technology, Paxos, MetaComp, BHOP Consulting and Triple A Technologies.[19] It is unfortunate however, that the prohibition on advertisement was imposed on these companies in which has prohibited their expansion and development in the country.
Conclusion
The framework and policies set up in both countries are aimed towards providing accountability and protection towards its investors. However, in the eye of an operator of digital assets, the regulations imposed by the authority might seem to be a burden especially to a foreign company seeking to set up its business in the countries. Strict imposition of requirement to obtain licenses might become a double edge sword for the regulators in attracting investor and operators of digital assets in setting up and investing in the countries. As of current date, it was reported that there are more than 600 crypto or blockchain companies are now headquartered in Southeast Asia and Pinebridge Investment reported that by 2040, Asia is estimated to make up half of global GDP and 40% of global consumption, with much of it coming from ASEAN.[20] Having this in mind, regulators need to set up in its game and evaluate the practicability of the imposition of requirement towards digital assets operators according to the global trend.
Authors
- Aryn Rozali
- Nurul Hibbah Abd Khalid
- Fatihah Azhar
03 February 2023
References
[1] Security Commission. (2021, July) SC takes enforcement actions on Binance for illegally operating in Malaysia.(https://www.sc.com.my/resources/media/media-release/sc-takes-enforcement-actions-on-binance-for-illegally-operating-in-malaysia)
[2] The Edge Market. (2022, November) SC opens up for more crypto exchanges. (https://www.theedgemarkets.com/article/sc-opens-more-crypto-exchanges)
[3] The collapse of the US crypto exchange FTX due to crippling liquidity crunch has impacted Singapore treatment towards cryptocurrency especially when the state investment fund, Temasek was defrauded by FTX Trading Ltd for a total investment of US$293 billion which has led to internal review of the investment.
[4] CNBC. (2022, November) Singapore wants to be a hub for blockchain in finance, just not speculative crypto trading, MAS says. (https://www.cnbc.com/2022/11/03/singapore-wants-to-be-a-crypto-hub-but-not-for-crypto-speculation.html)
[5] According to the Guidelines on Recognized Market by the SC, a recognized market covers an alternative trading venue, marketplace or facility that brings together purchasers and sellers of capital market products. The level of regulation in comparison to approved markets is not as stringent.
[6] Security Commission (2021, July) Capital Markets and Services Act 2007. (https://www.sc.com.my/api/documentms/download.ashx?id=2093f82c-7929-47e8-9279-f88e3b85dbbf)
[7] Security Commission (2022) Guidelines on Recognized Markets. (https://www.sc.com.my/api/documentms/download.ashx?id=abbbbe58-aa4b-4de3-8832-96ceabd5477e)
[8] Singapore Statutes Online (2019, February) Payment Services Act 2019. (https://sso.agc.gov.sg/Acts-Supp/2-2019/Published/20190220?DocDate=20190220&ProvIds=P12-#pr5-)
[9] Monetary Authority of Singapore (2019, December) Guidelines on Licensing for Payment Service Providers. (https://www.mas.gov.sg/-/media/mas/sectors/guidance/guidelines-on-licensing-for-payment-service-providers.pdf)
[10] Monetary Authority of Singapore (2022, March) Notice PSN02 Prevention of Money Laundering and Countering the Financing of Terrorism – Digital Payment Token Service. (https://www.mas.gov.sg/regulation/notices/psn02-aml-cft-notice—digital-payment-token-service)
[11] Monetary Authority of Singapore (2019, December) PSN03 Notice on reporting of suspicious activities and incidents of fraud. (https://www.mas.gov.sg/regulation/notices/psn03-notice-on-reporting-of-suspicious-activities-and-incidents-of-fraud)
[12] Monetary Authority of Singapore (2019, December) PSN04 Notice on Submission of Regulatory Returns. (https://www.mas.gov.sg/regulation/notices/psn04-notice-on-submission-of-regulatory-returns)
[13] Monetary Authority of Singapore (2019, December) PSN06 Notice Cyber Hygiene. (https://www.mas.gov.sg/regulation/notices/psn06)
[14] Monetary Authority of Singapore (2022, March) PSN08 Notice on Disclosure and Communications. (https://www.mas.gov.sg/regulation/notices/psn08-notice-on-disclosures-and-communications)
[15] Monetary Authority of Singapore (2022, January) Guidelines on Provision of Digital Payment Token Services to the Public. (https://www.mas.gov.sg/-/media/mas-media-library/regulation/guidelines/pso/ps-g02-guidelines-on-provision-of-digital-payment-token-services-to-the-public/guidelines-on-provision-of-digital-payment-token-services-to-the-public-ps-g02.pdf)
[16] Monetary Authority of Singapore (2021, July) Guidelines on Fit and Proper Criteria. (https://www.mas.gov.sg/-/media/mas/regulations-and-financial-stability/regulations-guidance-and-licensing/financial-advisers/guidelines/1-july-2021-fsgg01-guidelines-on-fit-and-proper-criteria.pdf)
[17] Companies Commission Malaysia. Guidelines for Registration of Foreign Company. (https://www.ssm.com.my/Pages/Legal_Framework/GUIDELINES/gl6_bi_guidelines_for_registration_of_foreign_company_201117_0.pdf)
[18] The Edge Market. (2022, November) SC opens up for more crypto exchanges. (https://www.theedgemarkets.com/article/sc-opens-more-crypto-exchanges)
[19] Fintechnews Singapore (2022, November) Here are all the License Crypto Services Providers in Singapore. (https://fintechnews.sg/63023/crypto/here-are-all-the-licensed-crypto-services-providers-in-singapore/)
[20] Tech Crunch (2022, June) In Southeast Asia, a booming crypto scene. (https://techcrunch.com/2022/06/14/crypto-southast-asia-2022/)