Singapore's regulators set pace for blockchain and fintech 'ecosystem' advances

Blockchain developers need to consider a range of regulatory regimes and issues when building the governance framework and supporting and protecting the development of for blockchain, distributed ledger technology and cryptocurrencies.

And Singapore has offered plenty of opportunity this decade, as regulators in one of the world's strongest economies look to create an environment for the digital economy to continue to thrive and compete globally.

What is the state of Singapore's regulatory regime for blockchain and cryptocurrencies, and how advanced are its developments in smart contracts, data and privacy, cybersecurity, and intellectual property?

Blockchain regulation

When a native token is issued, the issuer must consider whether it constitutes a "security" or a "capital markets product" that gives rise to licensing or prospectus registration obligations under the Securities and Futures Act 200; or a "digital payment token" under the Payment Services Act (PSA) 2019; or a "digital token" under the Financial Services and Markets Act (FSMA) 2022.

The issuer should consider if any activities involving the tokens are licensable under the legislation: if a token qualifies as a "security" or a "capital markets product", there are prospectus requirements for offering it to the public.

If there is no native token but the developer deals with tokens, the issuer needs to consider whether it is regulated under the legislation and activities involving the tokens constitute licensable activities: safeguarding tokens and the provision of a digital token exchange are licensable activities.

Blockchain developers should consider the general anti-money laundering (AML) and counter-terrorist financing legislation , such as the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act and the Terrorism (Suppression of Financing) Act.

For private blockchains, it is unlikely that the token will be regulated: the regime is not meant to target a utility token used between private parties. However, care is needed defining, in the contract between the private parties, the token’s rights so that it is not caught under the regulatory regime – especially the PSA definition of "e-money".

Blockchain app users

There are general regulatory issues that users of blockchain applications should consider when using a blockchain and distributed ledger protocol, including whether the services provider is licensed and the licence requires the safeguarding of customers’ assets.

Since June, not all licensed digital-payment token providers are required to safeguard customers’ assets, as the regulations have not yet come into force; users should not assume that the provider is required to safeguard assets, even if PSA licensed.

If the token is regulated as a security or digital payment token, it is possible that users’ activities will be regulated. A user offering to exchange bitcoin – a digital payment token under the PSA – for cash could be considered to be providing the regulated service of "dealing in digital payment tokens".

Administrative powers

The Monetary Authority of Singapore (MAS) oversees financial services and is responsible for enforcing the SFA, the PSA and the FSMA, under which it has the power to impose regulations and guidelines, monitor compliance and enforce against breaches.

Bodies responsible for enforcement of AML laws – depending on the industry and legislation that is triggered – include the MAS, the Commercial Affairs Department, the Ministry of Law; and the Central Narcotics Bureau and the Corrupt Practices Investigation Bureau.

Regulators and blockchain

The MAS is supportive of the use of blockchain for tokenising assets to create digital assets but is critical of speculation in cryptocurrencies. It views cryptocurrencies as one part of the digital asset "ecosystem" and is more interested in the other technological applications of blockchain.

It has adopted a four-pronged approach to building an ecosystem to explore the potential of distributed ledger technology and support the tokenisation of financial and real economy assets, enable connectivity and anchor those with strong value propositions and risk management.

Since the PSA was enacted in 2019, the MAS has fine-tuned its regulations and, in response to the historical failure of digital payment services providers to safeguard customers’ assets, is introducing new legislation. The regulator is experimenting with introducing central bank digital currencies for international settlements under Project Ubin+.

Prominent industry associations include the Blockchain Association Singapore, the Singapore Cryptocurrency and Blockchain Industry Association and the Enterprise Ethereum Alliance.

Blockchain market

Applications and protocols that have become embedded, for base-layer blockchains, include Ethereum and Tezos with offices in Singapore. GovTech Singapore and the OpenCerts Consortium have developed a public service, OpenCerts, for verifying educational certificates. OpenCerts is built on the Ethereum blockchain.

RippleNet is used for settlement by InstaRem, the fintech payment services provider. For private blockchains and international settlements, the MAS had participated in pilots built on permissioned versions of Ethereum (Hyperledger Besu) and the public Ethereum testnet (Sepolia).

Potential new applications and protocols are being explored, including tokenisation of real-world assets and security tokens, central bank digital currencies and stablecoin issuance under a licensed framework with asset protection measures. Industries include digital asset exchanges, including ADDX and DBS Digital, exchange game finance, such as Ethlas, and digital asset financial institutions like Sygnum.

Initiatives and governmental programmes are in place to incentivise blockchain development. MAS' Singapore Blockchain Innovation Programme was set-up in 2020 to build an ecosystem to encourage companies to conceptualise blockchain-based solutions, grow Singapore's blockchain community and conduct research on next-generation blockchain efforts.

Cryptocurrency regulation

Cryptocurrencies and virtual currencies could fall under a range of definitions and regulation. Capital markets products are defined under the SFA as securities, units in a collective investment scheme, derivatives contracts and spot foreign exchange contracts for leveraged foreign exchange trading and other products prescribed by the MAS.

E-money is defined under the PSA as any electronically stored monetary value that is denominated in or pegged by its issuer to any currency, has been paid in advance to enable payment transactions via a payment account, is accepted by a person other than its issuer, and represents a claim on its issuer.

Digital payment token is defined under the PSA as any digital representation of value: expressed as a unit;  not denominated and not pegged by its issuer to any currency; intended as a medium of exchange accepted by the public as payment for goods or services or discharge of a debt; can be transferred, stored or traded electronically; and satisfies other MAS-prescribed characteristics.

Digital token is defined under the FSMA, which sets out a similar definition to "digital payment token" under the PSA. The FSMA targets companies with operations in Singapore that do not offer services to resident entities.

Single-currency stablecoins are covered if pegged to the Singapore dollar or a G10 national currency, under yet-finalised legislation. Depending on the definition, different regulations apply: classification as a "capital markets product" would attract prospectus requirements under the SFA for issuance and classification as a "digital payment token" under the PSA would mean that services involving the tokens could be regulated.

AML and cryptocurrencies

AML and counter-terrorist financing obligations come under the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act, chapter 325 of Singapore's Terrorism (Suppression of Financing) Act, and notices by the various its agencies, including Singapore Customs, the MAS and the Ministry of Law.

If licensing obligations apply under the SFA, the PSA or the FSMA, the specific AML frameworks issued by MAS for licensees will apply.

Crypto and consumer protection

The MAS generally discourages speculation in cryptocurrencies and does not believe that cryptocurrencies have intrinsic value. It prohibits the advertising of digital payment token services including cryptocurrency exchanges to the public in Singapore. It has also announced investor protection measures that require licensed digital-payment token services providers, including cryptocurrency exchanges, to safeguard user assets.

The MAS is also expected to introduce consumer safeguard measures to prevent retail customers from using local credit cards to buy cryptocurrencies and offers of incentives such as free tokens to court retail users.

Tax perspective

Taxing initial coin offerings (ICO) proceeds of token issuers depends on the rights and functions attached to the tokens issued to investors. The Inland Revenue Authority of Singapore (IRAS) regards the issuance of utility tokens as deferred revenue and subject to income tax.

Proceeds from the issuance of security tokens are akin to those from securities or other investment assets and instruments and are capital in nature and not subject to income tax. There is no capital gains tax in Singapore. However, if a token is a security token, it will be regulated as a capital market product under the SFA.

Payment tokens for goods and services

For the purposes of income tax, IRAS views transactions that involve payment tokens for goods or services as barter trade. If businesses receive payment tokens for the goods or services provided, they will be taxed on the value of the underlying goods provided or services performed.

Conversely, businesses using payment tokens to pay for goods and services are allowed a deduction for the goods purchased or services received, subject to general deduction rules.

The value of the deduction is based on that of the underlying goods purchased and services received with other scenarios in IRAS' guide to income tax treatment of digital tokens.

Crypto trader and exchange

There are no regulatory requirements for persons trading in a personal capacity but they must not offer to trade on behalf of others. An exchange for securities tokens or tokenised assets is regulated under the SFA as either an approved exchange or a recognised market operator with a capital markets services licence.

An exchange for digital payment tokens is regulated under the PSA as a digital payment services provider or under the FSMA as a digital token services provider.

Initial coin offerings and securities token offerings

A security token offering will be regulated under the SFA and prospectus requirements will apply unless an exemption is available. The definition is whether the token is a "capital markets product".

For an ICO not to be considered as a security token offering, tokens will need to be in another category, such as a utility or in governance token (there is no definition of either under Singapore law); they lack rights similar to those of a capital markets product. However, the MAS has a broad understanding that a utility token gives rights to goods and services, which could include computation time on a blockchain.

Smart contracts

There are four factors to consider around smart contracts, whether: their publication on the blockchain constitutes an offer; transacting with the smart contract constitutes acceptance; there is consideration and "something of value" in exchange for the counterparty’s promise or performance; whether there is an intention to create legal relations (in practice, the courts have found a lack of intention only in familial or social contexts, such a joke or a promise between loved ones).

Where participants are aware of smart contract's effect, four elements could be made out. Posting the terms of the offer to participants on the blockchain may be a unilateral offer to the world "at large" and accepted by other participants. Transacting with the smart contract – sending cryptocurrency to its specified address – constitutes acceptance via conduct. Consideration will normally be provided as the participant expects the smart contract to perform its promised effects. There will normally be an intention to create legal relations, given that parties on a blockchain usually lack familial or social relationships and are on a commercial or business basis.

Smart contract guidelines

There are no regulatory or governmental guidelines or policies for regulating and defining smart contracts, but the Singapore Academy of Law’s Law Reform Committee is working on a report.

The Infocomm Media Development Authority (IMDA) has commented on if a cryptographic hash is an electronic signature (which is evidence of acceptance via consent) in a consultation paper on the Review of the Electronic Transactions Act (ETA) It stated that the ETA does not prevent the use and formation of smart contracts: once formed, it is unlikely to be denied validity or enforceability due to its automatic formation.

The IMDA said that "it may be possible for the cryptographic hash to be considered as an electronic signature", depending on the specific technical implementation, and used to demonstrate the intention of a party to accept the contract. However, it also noted that the hash would not be capable of identifying an anonymous participant. If acceptance of a contract is recognised in the future, it will likely be acceptance by conduct: by transacting through the smart contract.

If a contract is purely deterministic and its conditions can be verified on-chain (or via data oracles which parties deem to be correct), smart contracts can replace traditional contracts: the best instances would be settlement contracts or trades in an exchange.

Smart contracts might be unable to replace parts of traditional contracts. Most real-world contracts, other than settlements and trades in an exchange, are conditioned on facts or standards that cannot be determined on-chain (or which parties would be unwilling to defer to a data oracle) and are unlikely to be replaced. A contract that specifies goods of a "reasonable quality" or services in accordance with "industry standards" could not be replaced by a smart contract.

Judicial enforcement

As smart contracts are automatically settled, they are likely to be litigated on only if a party disputes the automated outcome. The dispute may be over a mistake that invalidates the contract – for example, a software bug and an unintended automated result – or a fraudulent misrepresentation, such as the developer's portrayal of the effects of the smart contract; or the contract may have been made under duress, such as a ransomware attack that forced the transfer of cryptocurrency to a smart contract.

There are practical considerations when drafting a smart contract. To minimise disputes – particularly on each party’s understanding of its effects – parties should consider writing a traditional contract, which takes precedence over the effects of the smart contract, to document the intentions of the parties and intended effects of the smart contract. This will be useful if there are errors in the source code that lead to unintended effects.

The considerations may differ when smart contracts are on a private rather than public blockchain. For private blockchains, there is a clear need for a traditional contract, as there are additional matters to be negotiated, such as  governance rights and the allocation of validator nodes.

Data and privacy

Blockchain presents data protection and privacy challenges. The visibility of each transaction on the blockchain means information committed to the blockchain needs to be anonymised – but supposedly anonymised datasets, such as the identities of movie reviewers, can be reverse engineered by cross-referencing with other data sets. Law enforcement agencies are also interested in intermediaries such as centralised exchanges that could potentially hold identifying information.

Blockchain can offer data protection and privacy advantages. Currently, email addresses are the main method by which a person obtains an online identity. Under most laws, an email address itself constitutes personal data. If a blockchain address – such as Ethereum – becomes the main method of obtaining an online identity, it will provide anonymity.

Cybersecurity

Blockchain presents specific cybersecurity challenges and concerns. Vulnerable smart contracts with cryptocurrencies can be ”drained”. There may be a lack of understanding among users on what permissions (including the power of transfer) are granted to smart contracts. The immutability of the blockchain itself is another risk, such as with the transfer of illicitly obtained funds through scams.

But blockchain also has cybersecurity advantages, particularly the anonymity offered that provides security through obscurity, especially when privacy coins are used.

Tools and measures to mitigate cybersecurity risk for developers include audits so smart contracts function as intended, while consumers can stay updated on phishing and how mistakes in granting permissions occur.

Intellectual property

There are intellectual property (IP) challenges. There is a mismatch with non-fungible tokens (NFTs) between the expectation of “I own this NFT” and actual IP rights granted. This could be resolved if a progressive issuer introduces more IP rights over the underlying artwork or asset to the holders of the NFTs.

Although most blockchain projects were historically open source, some projects are now prohibiting commercial use – in part, to avoid "vampire attacks" and to develop a proprietary "moat". As projects will have to refer to each other to ensure compatibility and to adhere to a developing industry standard, there is potential for IP infringement.

The main form of IP protection is copyright over the source code. An appropriate licence should be chosen. Blockchain developers can also consider patenting, but this might hinder adoption as it would be unusual by community standards.

There is no global registry or market for copyrighted works. Potentially, blockchain could offer a standard for the registration and trading of  IP and its open and immutable properties may be employed to prove registration, provenance and creatorship and track ownership.

Osborne Clarke comment

User protection will be the predominant theme over the next two years. Upcoming changes announced by the MAS include asset protection for licensed digital payment services requirements, increased consumer protection measures to discourage speculation in cryptocurrencies and a framework for regulating privately issued stablecoins.

The regulatory change to further advance the blockchain industry would be a simplified listing and prospectus regime for digital assets, rather than the same framework for securities.

The main impediment to the adoption of blockchain technology is the stringent application process for digital payment token services licences under the PSA– but the process may take up to a few years.

For an effective use of blockchain technologies, look at the uses the MAS is interested in and, therefore, more likely to approve licences for – in particular, the tokenisation of real-world assets. Navigating a changing landscape is difficult and seasoned experts with practical experience in the space will be helpful.

A version of this article originally appeared on Mondaq as the Singapore chapter of its "Blockchain Comparative Guide".