SINGAPORE, Jan 5 — With more cryptocurrency cyber hacks making headlines here recently, more can be done to strengthen the cyber security of payment institutions, such as introducing a rating system to help the public make more informed choices.
This suggestion from Derrick Goh, Member of Parliament (MP) for Nee Soon Group Representation Constituency (GRC), was among those raised during a debate on the Payment Services (Amendment) Bill that was passed yesterday.
Ten MPs rose to speak during the debate, raising concerns such as whether the new laws sufficiently protect consumers against cyber attacks, scams and fraud, especially for seniors who may not be as digitally savvy.
Transport Minister Ong Ye Kung noted that payment services have evolved rapidly since the Payment Services Act was first passed last year.
A board member at the Monetary Authority of Singapore (MAS), Ong said that the amendments are aimed at better mitigating the risk of money laundering and terrorist financing in the digital payment token sector, as well as improving consumer protection.
“With innovative activities and new business models emerging, one significant development is in the area of digital payment tokens.
“These are cryptocurrencies, such as bitcoins, which are not denominated in any currency, but can be used as a form of payment.”
Ong added that the speed and crossborder nature of such payment activities carry higher inherent risks for money laundering and terrorism.
Among other things, the Bill will empower MAS to regulate digital payment token service providers that facilitate the use of tokens for payments but may not possess the monies or tokens involved.It will broaden the definition of cross-border money transfer services to include facilitating transfers of money between persons in different jurisdictions where money is not accepted or received by the service provider in singapore.
“That way, such service providers will come under the regulatory ambit of MAS even if the monies do not flow through Singapore,” Ong said.
On the consumer protection front, the Bill will enable MAS to impose user protection measures, such as requiring service providers to segregate customers’ assets from its own assets, when necessary.
On frauds and scams
MPs such as Louis Ng of Nee Soon GRC, Yip Hon Weng from Yio Chu Kang Single Member Constituency and Saktiandi Supaat from Bishan-Toa Payoh GRC spoke about the risk of the rise in fraud, scams and misleading marketing tactics.
Responding to them, Ong gave the assurance that the government has a rigorous and robust regulatory regime in place to deal with such matters.
For instance, MAS grants licences only to service providers that have put up proper governance and risk management processes.
MAS and the Commercial Affairs Department of the Singapore Police Force will also take enforcement action against service providers that operate illegally or fail to comply with regulatory requirements.
As of yesterday, the police have removed or blocked more than 150 advertisements and websites promoting suspicious investments featuring or involving digital payment tokens.
Ng Ling Ling of Ang Mo Kio GRC was concerned that seniors who are less digitally savvy may be more susceptible to scams.
In his reply, Ong said that MAS requires licensed digital payment token service providers to clearly disclose to their customers that they should only buy such tokens if they are familiar with the product and prepared to accept the risks.
Should service providers make statements suggesting that an investment in digital payment tokens is protected under the Payment Services Act, MAS will require them to correct or take down the notice immediately, he said.
These providers will also be subject to enforcement actions.
On cyber security
On the subject of cyber security, which was raised by Goh of Nee Soon GRC, Ong said that payment service providers must meet MAS’ standards on technology risk management and cyber-hygiene practices.
Examples of these regulatory requirements include establishing robust security controls to mitigate the risk of malware infection and data loss, and ensuring strong user authentication for bespoke systems that are used to assess customer information.
“New entrants who are not able to meet these standards will not be allowed to commence business,” Ong said.
The amendments will also allow MAS to impose additional requirements on digital payment token service providers to protect consumers’ data, such as introducing stricter controls and processes to protect data from unauthorised use.
This is in addition to the existing Personal Data Protection Act.
Saktiandi asked if service providers will be penalised should a cyber attack lead to massive losses.
He also asked if customers will be compensated in the event of such an attack.
Ong replied that MAS will oversee the dispute resolution process to ensure that service providers handle customer claims fairly and promptly.
Should a provider be found to have breached MAS’ cyber-hygiene requirements, it can be fined up to S$100,000 (RM304,084) on conviction, he added. ― TODAY
