Open Fintech business: The registration phase, the first step

The first steps is to register with the competent authorities. Whether you are an individual or a company, you must approach the Accounting and Companies Regulatory Authority (ACRA). Note that if you are a foreigner, a third party will take care of the company registration as indicated by the ACRA, in order to avoid future obstacles in the creation of your Fintech business.

Currently, the most favorable form of company to set up a Fintech business is the Private Limited Company (PLC): tax advantages and autonomous entity in particular.

Obtaining a specific license for financial services

Currently, there is no license specifically dedicated to Fintech business. Nevertheless, in order to comply with the standards in force in Singapore, it is necessary to obtain a license that fits with the services offered: some services are related to accounting, online payment, cryptocurrency, … etc.

The more diverse the services offered, the more it will be necessary to obtain the licenses corresponding to these services.

According to the Securities and Futures Act (SFA) for business activities subject to regulation, people must necessarily obtain the license entitled “Capital Markets Services” (CMS), note that this license is granted only to companies in compliance with the law.

In addition, the holder of such a license CMS must appoint a representative who focuses on the regulation of the activity.

The services covered by this license are the following:

➤ Trading of capital market products
➤ Advice on corporate finance
➤ Real estate investment management
➤ Securities financing
➤ Provision of credit rating services
➤ Fund management

Another license that may be of interest in the context of a Fintech business, is the “Financial Advisors” license issued by the Monetary Authority of Singapore (MAS)

It applies to the following services:

➤ Offers of consulting services relating to investment products other than corporate finance consulting
➤ Issuance or promotion of forecasting documents on any investment product
➤ Promotion of collective investment schemes (trust funds, investment funds, equity funds etc.)
➤ Setting up life insurance policies

However, the following cases are excluded:

1. The person offering financial product advisory service is a resident of Singapore and has a prospect base of less than 30 accredited investors,

2. Legal entities, namely banks, merchant banks, finance companies, insurance companies and insurance brokers.

The “Finance companies” license, also issued by the Monetary Authority of Singapore, applies to the following services: A finance company is a company that accepts fixed deposits and savings. It may also relate to the lending of funds to both public and private institutions.

“Moneylenders License”, issued by the Insolvency & Public Trustee’s Office (IPTO), concerns any company whose income is derived exclusively from interest on loans of funds.

Money lenders that lend only to:

➤ Accredited investors
➤ Corporations
➤ Limited liability companies
➤ Trustee directors or trust managers
➤ Trustees of REITs

The “Money-changers license”, issued by MAS, concerns companies that are involved in the purchase and resale of foreign currency.

“Insurance license”, issued by MAS, applies to the following activities:

➤ Assumes risk or liability in Singapore under policies
➤ Receives policy applications in Singapore
➤ Issuing policies in Singapore and collecting or receiving premiums on policies in Singapore
Open a Fintech business in Singapore

The “Banking license” issued by MAS, applied for companies that have the following service(s):

➤ Receiving money in a current or deposit account
➤ Payment and cashing of checks drawn or paid by customers

Second step: The regulation phase

During these various procedures of both registration and licensing, you will be confronted with various administrative standards. In 2016, Singapore implemented a “sandbox” before any Fintech can enter the market. This aims to speed up the process and registration but also to encourage innovation in a controlled risk environment.

More precisely, it is during this phase that the different financial products are tested to evaluate their chances of success once launched on the market. Other measures are also put in place to limit the potential damage in case of failure.

In addition, a Fintech will also be subject to regulatory requirements. Each entity will have different degrees of regulatory leniency depending on the complexity and risk level of its service. These requirements are as follows:

➤ Asset maintenance requirement
➤ Composition of the board of directors
➤ Credit rating
➤ Financial strength
➤ Fund solvency and capital adequacy
➤ Licensing rights
➤ Management experience
➤ MAS guidelines (technology risk management and outsourcing)
➤ Minimum liquid assets

Third to fifth steps: From application phase to experimentation phase

Then, there are 3 major steps before your Fintech business is approved. The first one is the application phase, then there is the feasibility assessment phase and then the experimentation phase (“sandbox”). During all these stages, MAS maintains a switch with the applicant.

The application phase: in this first step you will be asked to fill out a Fintech business online application and return it to the MAS application portal. From there, MAS will begin to analyze the concrete feasibility of the project, using the evaluation information provided by the applicant. It takes an average of 21 days to get an initial response regarding the pre-validation of your project.

The evaluation phase: during this phase, the complexity of the services you propose will be confronted with the necessary conditions of regulation in the field. Once the investigation is completed, the applicant will be informed of the rejection or acceptance of the project of Fintech business. In the first case, this does not mean that your project is to be abandoned, you can try again when you have adjusted your services to the regulations in force. In the second case, you will move on to the last stage, the experimentation phase.

The experimentation phase: the applicant must then inform the company of his experimental service, as well as the risks associated with it. Before any launch, the company must collect the consent of the users, they must accept the conditions and associated risks. In addition, if any changes are made to the services, it is advisable to inform MAS of any changes at least one month prior to their actual implementation and to state the reasons for the change.

Set up yous business in Financial Technology

310 client reviews (4.8/5) ⭐⭐⭐⭐⭐

Contact us

Legal compliance of a Fintech business in Singapore

Any financial entity, including Fintechs, must comply with applicable standards. Namely, the Personal Data Protection Act 2012 (PDPA), which has 10 main obligations.

1. Consent, purpose limitation and notification obligation:

Customers’ personal data (PD) can be collected, used, collected or disclosed after they have been informed of the purpose of its use and given their consent.
In addition, customers have the right to withdraw such consent if they believe that the purpose or purposes of the use are not in accordance with their wishes, provided they give reasonable notice.
Any subsequent attempt to collect, use or disclose customer information after the withdrawal request will result in a penalty.

2. Obligation to limit retention of PI:

Once the retention of PI no longer serves a legal or business purpose.

3. Right of access and correction of PI:

Companies are required to fulfill their obligations in the event that a customer requests to know.
The use and disclosure of their collected data within one year of the request.
What part of their data was used or under the control of the company in question
Further requests to rectify errors or omissions in the customer’s information should be addressed as soon as possible if requested.

4. Duty of Accuracy:

Companies are under a duty to collect accurate and precise PD.

5. Obligation to protect RFPs:

Both during the period of use of the data and at the time of disposal, companies must implement adequate cybersecurity measures to prevent a possible breach of the data by an external source.

6. Requirement to limit transfers of PD to foreign countries:

If PD is to be transferred to a foreign country, the company must first determine whether the host country requires a sufficient level of protection at least equal to that provided by the PDPA.

7. Protection of responsibility:

A company must appoint a data protection officer who will be responsible for ensuring that the company complies with the rules prescribed by the PDPA.

8. Duty to notify in case of RFP violation:

RFPs may be violated; they may be in the hands of a third party that the company did not intend to grant them. Notification is mandatory when the 500 customers threshold is exceeded. The company will notify both the affected customers and the data protection commission.

9. “Do not contact" compliance:

Some people have put their telephone number on a “do not contact” list. These people wish to avoid all commercial approaches, whatever the technical means used (voice calls, written messages, or faxes).

10. Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT):

Singapore has issued Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) guidelines that financial services, including Fintechs, must follow to directly deter money laundering and terrorist financing.

Compliance falls under the following acts:

➤ Access and mitigate money laundering and terrorist financing risks
➤ Identifying and knowing their customers
➤ Conducting regular account reviews
➤ Monitoring and reporting suspicious transactions

Get the required licenses for your business

310 client reviews (4.8/5) ⭐⭐⭐⭐⭐

Talk to an expert