The Monetary Authority of Singapore (MAS) is Singapore's central bank and the integrated financial regulator supervising financial institutions in Singapore, including banks, insurance companies, capital markets intermediaries and other financial markets infrastructure. If the fintech/insurtech activities involve moneylending, the regulator is the Registrar of Moneylenders.
As a statutory board in the Singapore government, the Infocomm Media Development Authority of Singapore (IMDA) develops and regulates the converged infocomm and media sector, and also seeks to promote and regulate data protection in Singapore through the Personal Data Protection Commission (which is part of the IMDA).
The Intellectual Property Office of Singapore (IPOS) administers the intellectual property regime.
Activities involving insurers, insurance intermediaries and the insurance business may be regulated under the Insurance Act (Cap. 142), Financial Advisers Act (Cap. 110), and their attendant regulations, directions, notices, guidelines and industry codes (for example, there are codes of conduct or guidelines under the auspices of the General Insurance Association (GIA) or the Life Insurance Association (LIA)). Regulated insurance companies seeking to commence or develop fintech/insurtech activities must ensure that any new activities comply with the foregoing (as applicable) and do not breach any existing license conditions. In order to encourage more fintech/insurtech experimentation, the MAS has implemented the regulatory sandbox experiment such that companies may avail themselves of a regulatory sandbox to experiment with fintech solutions in the production environment but within a well-defined space and duration.
Payment and settlement systems (for example, digital payments) may be regulated under the Payment Systems (Oversight) Act (Cap. 222A), its attendant regulations, directions, notices and guidelines. Money-changing and remittance businesses will be subject to the requirements of the Money-changing and Remittance Businesses Act (Cap. 187), its attendant regulations, directions, notices and guidelines.
In August 2016, the MAS issued a Consultation Paper on Proposed Activity-based Payments Framework and Establishment of a National Payments Council. This consultation proposes a payment framework that will supersede the Payment Systems (Oversight) Act (Cap. 222 A), and envisages regulation on an activity basis to entities within the payments ecosystem to allow MAS to better address issues such as consumer protection, access, corporate governance, and other emerging risks such as cybersecurity, interoperability, technology, and money-laundering and terrorism financing.
Virtual currencies (for example, Bitcoin) are not regulated; however, the MAS has announced that virtual currency intermediaries may be regulated for anti-money laundering and countering the financing of terrorism purposes.
Any activities involving all offers of investments of securities in Singapore (for example, equity crowdfunding platforms), the dealing of securities, fund management, securities financing, custodial services for securities, leveraged foreign exchange trading, trading in futures contracts, among others, will potentially be regulated under the Securities and Futures Act (Cap. 289). Fintech activities involving moneylending may also be regulated under the Moneylenders Act (Cap. 188).
Separately, in relation to cryptography and data encryption, while Singapore does not have control on the import of cryptographic/dataencryption products or their use, the export of cryptographic/data-encryption products and technology listed in the Strategic Goods Control List of the Strategic Goods (Control) Order 2015, is controlled under the Strategic Goods (Control) Act (Cap. 300).
There is strong government and regulatory support. The development of the fintech/insurtech space is in line with Singapore's ambition to be a Smart Nation. The MAS seeks to create a Smart Financial Centre where technology is used pervasively in the financial industry to increase efficiency, create opportunities, allow for better management of risks and improve lives. Fintech/insurtech, which involves using technology to devise new financial services and products, is a key ingredient in building a Smart Financial Centre. The regulators have
been positive and encourage fintech/insurtech innovation in the following ways:
The licenses required will depend on the specific activities contemplated. We recommend seeking the advice of local counsel. In brief overview:
Please note that the foregoing links may be updated from time to time and you are advised to check with local counsel for updates before relying on the above information.
There are no specific regulations for the use of telematics or biometrics on its own; however, insurance companies should ensure that such use is compliant with any existing regulations or conduct of business requirements. Data privacy concerns will also apply. Further, depending on how such technology is used, we may need to consider whether other areas of regulation are attracted (for example, telecommunications or pharmaceuticals).
Yes, there can be different standards of regulation, for example, for payment systems. While the MAS has general oversight functions and information-gathering powers over payment systems, it has more extensive powers in relation to designated payment systems, which are those where the MAS is satisfied that a disruption in the operations of the payment system could trigger, cause or transmit further disruption to participants or systemic disruption to the financial system of Singapore; a disruption in the operations of the payment system could affect public confidence in payment systems or the financial system of Singapore; or it is otherwise in the interests of the public to do so.
Based on recent public announcements by the MAS, this distinction between "too big to fail" and "too small to care" may also be applied to fintech/insurtech innovations that may not already be regulated. This is because, as mentioned, the MAS has announced that it will apply a materiality and proportionality test and regulation introduced to address risks from fintech/insurtech innovation must be proportionate to the risk posed.
Licensed insurers (other than captive insurers and marine mutual insurers) will need to comply with MAS 127 Notice on Technology Risk Management, registered insurance brokers will need to comply with Insurance companies MAS 506 Notice on Technology Risk Management, and licensed financial advisers will need to comply with FAA-N18 Notice on Technology Risk Management. The Technology Risk Management Guidelines, Business Continuity Guidelines, MAS 126 Notice Enterprise Risk Management for Insurers, MAS Circular No. SRD TR 02/2014 IT Security Risks Posed By Personal Mobile Devices, MAS Circular No. SRD TR 01/2014 System Vulnerability Assessments and Penetration Testing, MAS Circular No. SRD TR 01/2015 Early Detection of Cyber Intrusions and MAS Circular No. SRD TR 03/2015 Technology Risk and Cyber Security Training for Board will also need to be complied with.
Singapore's Personal Data Protection Act 2012 (PDPA) and its attendant Personal Data Protection Regulations (which came into effect on 2 July 2014) applies to all organizations in the private sector. The PDPA regulates the collection, use, storage, disclosure and transfer of personal data in Singapore. In addition to the baseline requirements of the PDPA, additional specific mandatory regulations also apply to certain industries (such as banking and medical) with respect to certain categories of sensitive personal data (such as bank customer
information and medical records).
The Personal Data Protection Commission (PDPC) has issued advisory guidelines, which indicate the manner in which the PDPC will interpret provisions of the PDPA. Of interest to insurance companies and fintech/insurtech businesses seeking to utilize big data and telematics are the advisory guidelines on the PDPA for selected topics such as analytics and research, and on anonymization, which was revised on 28 March 2017, There are also industry-led guidelines developed by the insurance industry associations, such as the LIA Code of Practice for Life Insurers on the PDPA, and the LIA Code of Conduct for Tied Agents of Life Insurers on the PDPA.
In addition, the PDPC recently, on 20 January 2017, introduced and updated its advisory guidelines to help companies better protect personal data in compliance with the PDPA. The new and/or updated guidelines include:
Insurance companies will also need to ensure that their dealing with personal data do not contravene any business conduct requirements or any technology risk management guidelines.
Yes, the PDPA provides the following:
Singapore's Computer Misuse and Cybersecurity Act (Cap. 50A) (CMCA) criminalizes certain activities, including the unauthorized access, use, interception and modification of computers, data and computer services, and empowers the Minister of Home Affairs to act against
cybersecurity threats. On 3 April 2017, the Singapore Parliament passed certain amendments to the CMCA to strengthen Singapore's legislative framework for combatting cybercrime. In particular, the amendments seek to extend the reach of the CMCA by criminalizing acts that are enabled by cybersecurity attacks. For example, it would be unlawful for a person to use hacked credit card details, even if the act of hacking was committed by another. In addition, the amendments also targets acts that enable cybercrime, by criminalizing the act of obtaining and the act of dealing in tools that may be used to commit a CMCA offense (for example, hacking tools such as malware).
The Singapore Minister of Communications and Information has also indicated that a new stand-alone Cyber Security Act (CSA) will be introduced in 2017 to strengthen the powers of the Cyber Security Agency to protect Singapore's critical infrastructure and national systems, such as those in the energy and transport sectors, from cyber threats. The proposed CSA is intended to be an omnibus, overseeing cybersecurity of essential services as a whole. Among other things, the proposed CSA will confer power on the Cyber Security Agency's chief as Commissioner of Cybersecurity to investigate threats and incidents to ensure that critical infrastructure and national systems will not be disrupted in the event of a cyberattack. In addition, the proposed CSA also includes proactive and preventive measures that must be undertaken by owners of critical infrastructure, such as conducting regular system audits by a commissioner-approved
third party, among others. The Cybersecurity Bill was just released on 10 July 2017 for public consultation.
In April 2015, the MAS launched a web aggregator called compareFIRST, which allows consumers to compare the premiums and features of life insurance products and acts as a direct purchase channel, allowing people to buy simple life insurance products without commissions and financial advice. Since then, many banks and insurance companies have announced innovation hubs or accelerator programs, with the support of the MAS and other relevant government bodies, including the IDA (now merged with the MDA to constitute the IMDA).
In late 2016, MAS launched its fintech regulatory sandbox experiment in order to encourage more fintech experimentation so that promising innovations can be tested in the market and have a chance for wider adoption. As of June 2017, only one sandbox experiment has been accepted by the MAS and publicly announced. The sandbox is an area of active innovation and there are market trends suggesting continued application of the sandbox to insurtech developments in Singapore.
On 17 March 2016, the Competition Commission of Singapore issued an infringement decision against ten financial advisers in Singapore for engaging in an anticompetitive agreement to pressure their competitor, iFAST Financial Pte. Ltd., to withdraw its offer of a 50% commission rebate on competing life insurance products on the Fundsupermart.com website. The ten financial advisers were fined between SGD 5,000 and SGD 405,114, depending on each financial advisor's respective life insurance business turnover and aggravating and mitigating factors. This is the first case involving market access and restriction of market access involving firms in the financial services industry and highlights that the Competition Commission of Singapore will enforce the law where necessary to ensure that new and innovative players can access the market and compete fairly in Singapore.
Fintech/insurtech will likely be a key enabler in designing better and more efficient work processes and creating new business models that will deliver higher growth, cost savings and better services for industry participants.
Insurance companies will seek to acquire or team up with non-insurance tech players such as new digital insurance start-ups or telematics-related companies in order to deliver new offerings, better price risk, extend the value chain and have greater overall efficiency. As a further example, insurance companies are also looking to mine data sets to identify underwriting opportunities for those who suffer chronic illnesses such as dementia and obesity. With big data, we also expect to see more insurers better adopt end-to-end analytics solutions that cross the entire insurance value chain. In doing so, they hope to gain an enriched, single client view and the ability to execute a targeted pipeline.
Another area may be "just-in-time" insurance. It has also been suggested that the traditional concept of insuring an asset over many periods is outdated, and that instead, the business should move to a more transactional consumption model where just-in-time insurance is delivered on mobile and underwritten in seconds.
We may increase accessibility to insurance in Singapore. The MAS' compareFIRST web aggregator was successful with more than 180,000 visits within the first three months of its launch and we may see the cost of insurance become lower, providing access to lower-income
consumers. In addition, the insurance sector has seen new contenders come up with the aim of addressing the shortcomings in user experience and analytics of compareFIRST. This ensures a more efficient "aggregator" experience where customers have a smoother experience comparing the latest offerings. Hence, we may see the cost of insurance become lower, providing access to lower-income consumers.
We expect to see enhanced customer service in insurtech. For example, some insurance companies have launched a self-learning virtual assistant, which is meant to provide instant answers to operational inquiries, and thus enabling frontline staff to focus on dealing with more
complex queries. Other insurtech apps are working on improving the notification system for payment of premiums and renewals. In doing so, insurance companies can heighten efficiency in serving customers, which might help expand the insurance company's customer base.
We can also expect a rise in usage-based insurance and dynamically adjusted premiums. Companies may begin to offer insurance schemes based on lifestyles instead of traditional factors such as age and location.