Nimbl

The Financial Action Task Force’s (“FATF”) review report reveals slow progress in the implementation of the revised FATF 40 standards for VASP’s. After more than two years of publication of the FATF standards on Virtual Assets (“VA”) and Virtual Assets Service Providers (“VASP”), many countries do not as yet have the basic regulatory framework for VASPs. The FATF covers more than 200 countries and jurisdictions, however, less than half (45%) of the 128 reporting countries reported that they have passed the necessary laws/regulations to permit or prohibit VASPs. The number of countries whose AML/CFT regime for VASPs is actually operational is even lower. Most countries and most VASPs are not complying with Recommendation 16, .aka. as the Travel Rule, of the FATF standards , with only 10 countries reporting that they have implemented and are enforcing the Travel Rule requirements for VASPs. FATF has indicated that its focus for 2022, will be to accelerate the implementation of the Travel Rule globally. In the last quarter of 2021 , the industry witnessed a shift in sentiment from a year ago , where the debate against the travel rule regulation moved to how quickly the rule can be implemented. The key driver for the shift was a push by the regulators that have legislated the Travel Rule. Operationally, the implementation of the Travel Rule continues to be challenged by the lack of interoperability and disparate levels of legislation among countries (‘sunrise issue”). Due to these challenges, the industry is observing the formation of a constellation of Exchange clusters as a way to meet the regulatory requirements and move forward. Travel Rule The Travel Rule, was developed with “the objective of preventing terrorists and other criminals from having unfettered access to electronically-facilitated fund transfers and for detecting such misuse when it occurs.” It requires VASP’s to: include required and accurate originator information, and required beneficiary information, on wire transfers and related messages, and that the information remains with the wire transfer or related message throughout the payment chain; monitor wire transfers for the purpose of detecting those which lack required originator and/or beneficiary information, and take appropriate measures; take freezing action and should prohibit conducting transactions with designated persons and entities in the context of processing wire transfers. The goal is to stop proceeds of crime -including ransom payments, illegal dark market sales, proliferation finance and terrorist financing , from using virtual assets as an anonymizing payment rail. Travel Rule takes centre stage The Travel Rule is the most focused piece in terms of VASPs’ compliance with the revised FATF 40 Standards, yet only 10 jurisdictions reported having actively enforcing the requirements. An additional 14 jurisdictions reported that they have introduced the regulation but have yet to enforce it . No jurisdiction reported being aware of any VASP that has fully complied with all elements of the Travel Rule. FATF has indicated that its next steps will be to accelerate the implementation of the Travel Rule globally. Since the last quarter of 2021, we are witnessing an increase in momentum , both, in the development of standards and protocols, such as the Travel Rule Information Sharing Architecture (TRISA) which can now help enable interoperability between solutions and in implementation by VASP’s. The patchy approach to effecting the legislation by jurisdictions, also known as the “sunrise issue” together with a lack of unified technology for interoperability remain major obstacles to full & successful implementation. Out of the 128 reporting jurisdictions that responded to the FATF’s questionnaire 52 jurisdictions claimed to now regulate VASPs, 6 jurisdictions prohibit the operation of VASPs, and the other 70 jurisdictions have not yet implemented or are in the process of implementing the revised Standards in their national law. Travel Rule Obligations i. Data Sharing RequirementPrior to the introduction of the Travel rule for virtual asset transfers , financial institutions that conducted wire transfers of fiat currency had to reciprocate the originator and beneficiary’s personal information. Inspired by this, the Travel rule was extended to VA’s and VASP’s. Under the Travel Rule , the originators and beneficiaries of all transfers of virtual assets must exchange identifying information. The rule is applicable to all VASPs, financial institutions and obliged entities. Additionally, the originators and beneficiaries involved in a transfer must be able to guarantee the accuracy of the information they send to the other. The identifying information must be exchanged /transmitted in near real time and before a virtual asset transfer is conducted on the platform. Identifying information ii. Counterparty VASP identification and due diligenceDifferent entities within the industry pose higher or lower ML/TF risks depending on a variety of factors, including products, services, customers, geography, the AML/CFT regimes in the VASP’s jurisdiction along with the strength of the entities compliance programs. The Travel rule requires VASP’s to identify and perform comprehensive due diligence on counterparties to assess the corresponding ML/TF risk impact and implement appropriate measures to mitigate and manage the risks. The due diligence is to be performed prior to the transmission of the originator & beneficiary’s identifying information to the counterparty and is required to be refreshed periodically or when risks emerge from the relationship. iii. Information SecurityRisks to individual privacy and to personal safety are real. The information that is required to be shared includes physical location and possibly the value of a user’s virtual asset. This may lead to; Hacks and PII data leaks and abuse of collected PII for identity theft Transaction IDs can be used to determine how much cryptocurrency the holder controls Physical and cyber-attacks against holders Fake VASPs masquerading as legitimate VASPs to collect PII Monitoring by oppressive regimes, data leaks, exchange hacks, data mining, poor security, data brokering; Denial of service attacks. To protect user information from unauthorised disclosures, VASP’s are required to ensure data security , particularly since the data transmittal occurs concurrently with the VA transfer. The suggested technical specifications for data security include but are not limited to; Public & Private keys are created for each entity

Cryptocurrencies also termed as Digital Payment Tokens (“DPT”) are regulated under the Payment Services Act (“PSA”) in Singapore. Based on the DPT’s characteristics and attributes they could fall outside the ambit of the PSA . Utility tokens are generally not regulated by the MAS as financial products, but intermediaries dealing with such utility tokens may require licensing if such utility tokens constitute digital payment tokens. Further some could fall within the purview of the Securities and Futures Act (“SFA”). Prior to applying for licenses or conducting any cryptocurrency related activities, entities should obtain a legal opinion on the characteristics of the coins and/or tokens from a Singapore law firm to ascertain the governing piece of legislation. There are seven payment services defined in the PSA, account issuance service, e-money issuance service, merchant acquisition service, domestic money transfer service, cross-border money transfer service, money changing service and DPT service.The product could potentially fall under the definition of “e-money” or “DPT service”, in which case the entity would need to obtain a license under the PSA. The PSA sets out the definition of the term ‘digital payment token’ as any digital representation of value that is expressed as a unit, not denominated in any currency or pegged to any currency, intended to be a medium of exchange accepted by the public as payment and can be transferred, stored or traded electronically. “E-money” is defined as “any electronically stored monetary value that is denominated in any currency, or pegged by its issuer to any currency, has been paid for in advance to enable the making of payment transactions through the use of a payment account, is accepted by a person other than its issuer and represents a claim on its issuer, but does not include any deposit accepted in Singapore, from any person in Singapore’. VASP’s and DTP providers who are considering offering their services in Singapore should take into account the above. NIMBL would be happy to advise you on your licensing requirements in Singapore.

Criteria for registration as a Registered Insurance Broker in Singapore A person who carries on business as any type of insurance broker in Singapore is required to be registered with the Monetary Authority of Singapore (‘MAS”) as either a Registered , an Approved or as an Exempt insurance broker, unless he is exempted from registration under section 35ZN of the Insurance Act. Type of Registered Broker As a Registered Insurance Broker the Company may apply to be registered as : a direct insurance broker, to carry on general business and long term accident and health policies; a general reinsurance broker, to carry on general reinsurance business; a life reinsurance broker, to carry on life reinsurance business; or an insurance broker, to carry on any combination of the above. Criteria to apply as a Registered Insurance Broker An applicant must be a company; An applicant must satisfy minimum financial requirements; a standalone non-Hybrid professional indemnity insurance policy Management Expertise; Track Record; Supervision by Home Authority if applicant is a foreign company; Adequate systems and processes; Board & Senior Management should meet the Fit & Proper Criteria; Letter of Responsibility upon request by the MAS; Penetration Testing Report Any additional criteria as may be stipulated by the MAS. Annual License Fees Direct Insurance Broker – $7,000 General Reinsurance Broker – $5,000 Life Reinsurance Broker – $2,500 Combination of any of the above – Aggregate of the relevant amounts above. NIMBL would be happy to advise you on your licensing requirements in Singapore.