Create a Fintech business in Singapore in 5 steps

The first steps is to register with the competent authorities. Whether you are an individual or a company, you must approach the Accounting and Companies Regulatory Authority (ACRA). Note that if you are a foreigner, a third party will take care of the company registration as indicated by the ACRA, in order to avoid future obstacles in the creation of your Fintech business.

Currently, the most favorable form of company to set up a Fintech business is the Private Limited Company (PLC): tax advantages and autonomous entity in particular.

Currently, there is no license specifically dedicated to Fintech business. Nevertheless, in order to comply with the standards in force in Singapore, it is necessary to obtain a license that fits with the services offered: some services are related to accounting, online payment, cryptocurrency, … etc.

The more diverse the services offered, the more it will be necessary to obtain the licenses corresponding to these services.

According to the Securities and Futures Act (SFA) for business activities subject to regulation, people must necessarily obtain the license entitled “Capital Markets Services” (CMS), note that this license is granted only to companies in compliance with the law.

In addition, the holder of such a license CMS must appoint a representative who focuses on the regulation of the activity.

The services covered by this license are the following:

Another license that may be of interest in the context of a Fintech business, is the “Financial Advisors” license issued by the Monetary Authority of Singapore (MAS)

It applies to the following services:

However, the following cases are excluded:

1. The person offering financial product advisory service is a resident of Singapore and has a prospect base of less than 30 accredited investors,

2. Legal entities, namely banks, merchant banks, finance companies, insurance companies and insurance brokers.

The “Finance companies” license, also issued by the Monetary Authority of Singapore, applies to the following services: A finance company is a company that accepts fixed deposits and savings. It may also relate to the lending of funds to both public and private institutions.

“Moneylenders License”, issued by the Insolvency & Public Trustee’s Office (IPTO), concerns any company whose income is derived exclusively from interest on loans of funds.

Money lenders that lend only to:

The “Money-changers license”, issued by MAS, concerns companies that are involved in the purchase and resale of foreign currency.

“Insurance license”, issued by MAS, applies to the following activities:

The “Banking license” issued by MAS, applied for companies that have the following service(s):

During these various procedures of both registration and licensing, you will be confronted with various administrative standards. In 2016, Singapore implemented a “sandbox” before any Fintech can enter the market. This aims to speed up the process and registration but also to encourage innovation in a controlled risk environment.

More precisely, it is during this phase that the different financial products are tested to evaluate their chances of success once launched on the market. Other measures are also put in place to limit the potential damage in case of failure.

In addition, a Fintech will also be subject to regulatory requirements. Each entity will have different degrees of regulatory leniency depending on the complexity and risk level of its service. These requirements are as follows:

Then, there are 3 major steps before your Fintech business is approved. The first one is the application phase, then there is the feasibility assessment phase and then the experimentation phase (“sandbox”). During all these stages, MAS maintains a switch with the applicant.

The application phase: in this first step you will be asked to fill out a Fintech business online application and return it to the MAS application portal. From there, MAS will begin to analyze the concrete feasibility of the project, using the evaluation information provided by the applicant. It takes an average of 21 days to get an initial response regarding the pre-validation of your project.

The evaluation phase: during this phase, the complexity of the services you propose will be confronted with the necessary conditions of regulation in the field. Once the investigation is completed, the applicant will be informed of the rejection or acceptance of the project of Fintech business. In the first case, this does not mean that your project is to be abandoned, you can try again when you have adjusted your services to the regulations in force. In the second case, you will move on to the last stage, the experimentation phase.

The experimentation phase: the applicant must then inform the company of his experimental service, as well as the risks associated with it. Before any launch, the company must collect the consent of the users, they must accept the conditions and associated risks. In addition, if any changes are made to the services, it is advisable to inform MAS of any changes at least one month prior to their actual implementation and to state the reasons for the change.

Any financial entity, including Fintechs, must comply with applicable standards. Namely, the Personal Data Protection Act 2012 (PDPA), which has 10 main obligations.

Customers’ personal data (PD) can be collected, used, collected or disclosed after they have been informed of the purpose of its use and given their consent.
In addition, customers have the right to withdraw such consent if they believe that the purpose or purposes of the use are not in accordance with their wishes, provided they give reasonable notice.
Any subsequent attempt to collect, use or disclose customer information after the withdrawal request will result in a penalty.

Once the retention of PI no longer serves a legal or business purpose.

Companies are required to fulfill their obligations in the event that a customer requests to know.
The use and disclosure of their collected data within one year of the request.
What part of their data was used or under the control of the company in question
Further requests to rectify errors or omissions in the customer’s information should be addressed as soon as possible if requested.

Companies are under a duty to collect accurate and precise PD.

Both during the period of use of the data and at the time of disposal, companies must implement adequate cybersecurity measures to prevent a possible breach of the data by an external source.

If PD is to be transferred to a foreign country, the company must first determine whether the host country requires a sufficient level of protection at least equal to that provided by the PDPA.

A company must appoint a data protection officer who will be responsible for ensuring that the company complies with the rules prescribed by the PDPA.

RFPs may be violated; they may be in the hands of a third party that the company did not intend to grant them. Notification is mandatory when the 500 customers threshold is exceeded. The company will notify both the affected customers and the data protection commission.

Some people have put their telephone number on a “do not contact” list. These people wish to avoid all commercial approaches, whatever the technical means used (voice calls, written messages, or faxes).

Singapore has issued Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) guidelines that financial services, including Fintechs, must follow to directly deter money laundering and terrorist financing.

Compliance falls under the following acts: