Singapore Should Stop Beating Itself Up on Crypto Regulations
A spate of high profile implosions of some of the biggest names in crypto within the city state of Singapore is sparking deep introspection and pressuring authorities to bring down the regulatory hammer on an otherwise nascent industry, but is the financial center being too hard on itself?

โCode is law.โ While the catchphrase has caught on with the crypto crowd, it has little cache with the crew that actually formulate law โ legislators and those who execute the law โ regulators. And therein lies one of the biggest challenges of regulating the cryptocurrency space โ lawmakers are literally writing law on paper, while the blockchain is built on code. And while regulators can produce reams of legislation, few (if any) can write a single line of code. Even as the law struggles (at best) to keep pace with technological advances, rushing to regulate in a piecemeal manner can and often does result in unintended consequences.
Right Code Not Law
Take for instance Singaporeโs Payment Services Act (โPSAโ).
When the idea of the PSA was first mooted, it was heralded (especially by those in the cryptocurrency industry) as a forward-looking piece of legislation that would help cement Singaporeโs position as a global hub for digital assets.
Whilst the PSA may have been hyped as the first attempt by a major financial centre to regulate the rough-and-tumble cryptocurrency sector, a bit of legislative history would reveal that its thrust and parry was far more limited both in scope, scale and ambition.
In the aftermath of the initial coin offering (ICO) bubble and bust, instead of using existing legislation (as has been the approach in the US) and enforcement action to bring the cryptocurrency industry to heel, lawmakers in Singapore chose a different approach โ to start (sort of) from scratch.
The Monetary Authority of Singapore (MAS), which serves as both the central bank and regulator for financial services in Singapore, mooted a bill that would cover not just digital tokens, but payments as well.
Before the PSA came into effect in January 2020, payment service providers were regulated by the Payment Systems (Oversight) Act (โPSOA), while money changers and remittance companies by the Money-Changing and Remittance Businesses Act (โMCRBAโ).
There were overlaps between the PSOA and the MCRBA and at the time it was believed that since cryptocurrencies were growing in usage, there was a need to regulate them in a more effective manner, especially since the nascent asset class didnโt fit neatly within the existing legal framework.
Instead of trying to rework existing legislation, Singaporeโs approach was to start over and bring everything under one piece of legislation.
Enter the Payment Services Act

At its core, the PSA was intended to do two things โ streamline the existing two pieces of legislation, the PSOA and the MCRBA, and create an โactivity-basedโ piece of law that would better cope with everything from digital payments (such as digital wallets in apps) to digital tokens (such as cryptocurrencies).
At first blush, Singaporeโs approach to regulating cryptocurrencies looked promising.
On the one hand, MAS would have expanded powers under the designation regime of the PSA to ensure innovations in payment systems would not undermine financial stability, while on the other hand, a licensing regime would be put in place covering not just existing payment services providers, but aspiring cryptocurrency companies as well.
Under the PSA, there are seven key payment services that attract licensing requirements:
- account issuance services;
- domestic money transfer services;
- cross-border money transfer services;
- merchant acquisition services;
- e-money issuance services;
- digital payment token services; and
- money-changing services.
Relevant to the cryptocurrency industry were licensing requirements under 5 and 6, e-money issuance services and digital payment token services and the licensing regime consisted of two broad categories:
- Money-changing License
- Standard or Major Payment Institution License (with the distinction between the two being one of the amounts processed and base capital requirements)
With Singaporeโs licensing regime now in place, crypto companies (both foreign and domestic), eager to burnish their credentials and appearance of compliance in an industry rife with fraud, raced to apply.
- READ MORE: What Could Happen to Binance?
Whose license is it anyway?

Unfortunately for the legion of โCrypto Brosโ intending to apply for a license under the auspices of the PSA, the list of admission requirements was long and daunting, and for most of them, given their lack of experience in financial services, unfamiliar.
An e-money issuance service for the purposes of the PSA allows users to use e-money to pay merchants or transfer e-money to another individual and a plain interpretation of the act would cover everything from stablecoins to prepaid digital wallets.
Digital payment token services under the PSA on the other hand dealt only with buying or selling digital payment tokens (โDPTsโ), otherwise known as cryptocurrencies, or providing a platform to allow persons to exchange DPTs.
The main issue of course is that the PSA canโt (nor was it designed to), capture all of the activities ancillary to e-money and DPTs, under the umbrella of a payment services license.
For instance, a cryptocurrency exchange operating in Singapore would be required to apply for a license under the PSA, but outside of the following ongoing requirements for maintaining such a license, almost no guidance is provided for how it should operate the exchange:
- AML/CFT requirements
- Periodic Returns โ e.g. volume of transfers
- Cyber Hygiene โ primarily cybersecurity
- Business conduct โ including safeguarding of customersโ monies, record of transactions, issuance of receipts, etc.
- Disclosures and Communications โ accurate representations on the scope of its license and activities to customers
- Annual audit requirements
Nowhere in the PSA or its attendant legislation and regulations does it mention that a crypto exchange operating in Singapore needs to hold clientโs crypto separate from its own, or that its owners ought not also have their own proprietary trading firm that can trade against customers on its exchange.
The PSA certainly does not stipulate any restrictions on common shareholding between the owners of a crypto exchange and a market maker that plies the same exchange, despite the glaring conflict of interest.
Such requirements are found instead in an entirely different piece of law โ the Securities and Futures Act (โSFAโ), a well-established piece of legislation that governs activities in the capital markets and ensures such basics as the need for exchanges to maintain independent custodians and other common sense measures to avoid conflicts of interest.
At its core of course is the struggle with what exactly a cryptocurrency is.
While US Securities and Exchange Commission Chairman Gary Gensler considers that most cryptocurrencies fall under the definition of securities, the Chimera-like quality of many of them resists easy classification.
And at the time that the PSA was mooted, cryptocurrencies were treated as distinct and apart from traditional securities.
Because of the classification bifurcation, regulators operating under the PSA would be hard pressed to properly police the space, let alone oversee it.
To Securitise or Not Securitise, That is the Question

For instance, what if a Singapore company was to offer crypto lending and borrowing activities in Singapore, how exactly would that be governed?
According to the PSA, the definition of a โdigital payment token serviceโ means:
(a) any service of dealing in digital payment tokens (other than any such service that the Authority may prescribe);
(b) any service of facilitating the exchange of digital payment tokens (other than any such service that the Authority may prescribe);
Presumably, borrowing and lending crypto would fall under โdealingโ for the purposes of the PSA.
Yet neither the PSA nor its ancillary regulations provide for how such โdealingโ ought to be conducted.
How much can you borrow and how much can you lend?
Who should you lend to and who can you borrow from?
How much of customer assets can you lend out to and to whom?
There are no requirements that Singapore-based crypto companies segregate usersโ crypto from their own, or maintain capital reserves in case some of that lending goes awry, only an obligation to โsafeguardโ customer monies, whatever that means.
Also absent from the PSA are requirements that licensees maintain sufficient reserves to meet withdrawals or other well-established risk management measures required by the SFA and the Banking Act.
But it should come as no surprise that the PSA couldnโt cover all these scenarios โ it was never designed to nor is it clear that it was ever intended to in the first place.
Gimme a License, Make it Two

Because the PSA offers a licensing regime, crypto companies with a license, receive an almost instant halo-like stamp of approval from a regulator in a major global financial centre.
And that halo doesnโt even need to be crystalised to bear fruit, as was the case for Hodlnaut, a Singapore company that offered eye-popping yields on crypto deposits and was granted an in-principle license under the PSA.
On 8 August 2022, one day before Singaporeโs National Day (Independence Day), Hodlnaut shocked customers by announcing that it was freezing all customer withdrawals citing โrecent market conditions.โ
In reality, Hodlnaut, which in March 2022, had been granted an โin-principleโ PSA license was off to the races by April of that same year, taking exposure to the ultimately doomed algorithmic stablecoin UST.
Upon receiving its โin-principleโ qualification to receive a PSA license from MAS, yield-hungry depositors flocked to Hodlnaut.
Only a month after being sprinkled with MAS pixie dust, Hodlnaut was offering 14 per cent annualized returns on 180-day fixed deposits, that it deployed to the ultimately doomed Anchor Protocol using UST, an algorithmic stablecoin where it earned yields of almost 20 per cent, clearing a cool 6 per cent in the process.
When UST eventually lost its peg and its sister token LUNA became almost worthless, thousands of Hodlnautโs customers, lured by the promise of 14 per cent annualised returns, would soon find that they were no longer able to withdraw money from the platform.
Part of the problem of course was that companies like Hodlnaut donโt actually have โassetsโ in the traditional sense โ they have liabilities.
When you deposit money with a bank, thatโs not the bankโs asset, it represents an unsecured loan to the bank (apart from government deposit insurance to a fixed amount) and a liability on the bankโs books.
In return for having the privilege of borrowing money from you, banks need to maintain whatโs known as capital adequacy ratios โ the ratio of a bankโs capital in relation to its risk-weighted assets and current liabilities.
If the bank carries a lot of risky assets on its books, it wouldnโt be able to receive very much as deposits, which is why banks carry a lot of Tier 1 capital (CET1), the highest quality of regulatory capital, which has the ability to absorb losses immediately should they occur.
Hodlnautโs customers enjoyed no such privilege.
While companies like Hodlnaut boasted of their assets under management, these โassetsโ were really unsecured loans that the company owed to its customers.
But because these โassetsโ were cryptocurrencies and Singapore has specific legislation governing DPTs โ they didnโt come under the auspices of the SFA or the Banking Act, but the PSA instead, legislation that is particularly ill-suited to cover such scenarios as in the case of Hodlnaut.
If it Acts Like a Bank, Regulate it Like One

Itโs been said that if it looks like a duck, walks like a duck and quacks like a duck, odds are itโs a duck.
Although companies such as Hodlnaut arenโt banks, they behave as if they are and ought to be regulated as if they were โ using a combination of the SFA, Banking Act and the PSA.
Instead, the PSA provided companies like Hodlnaut with a veneer of legitimacy and regulatory stamp of approval as if they were operating to the same standards as companies governed by the Banking Act and the SFA, without holding them accountable to such.
So was Singapore wrong to have cobbled together the PSA in such a hurry?
โYesโ and โno.โ
The PSA represents a progressive piece of legislation emanating from one of the worldโs major financial centers, and stitched together by lawmakers intent on building the future.
Often mentioned in the same breath as New York, London, Zurich and Hong Kong, but lacking the same hinterlands and geographical advantages of those cities, Singapore is merely doing what it can to maintain its edge as a financial centre.
Which explains why in 2018, Singapore embarked on a process to take a stab at governing what many other regulators had determined was โungovernableโ โ cryptocurrencies.
Because Singapore doesnโt benefit from the massive hinterland like New York, or the strategic location of Hong Kong and London, it has to leverage the advantages that it does have โ speed and agility.
Unfortunately, legislating for any new technology, especially cryptocurrencies, calls for a โGoldilocks Approachโ โ not too fast, but not too slow either.
And perhaps legislators can lean on the Hippocratic Oath for guidance โ primum non nocere โ first, do no harm.
While a haste to regulate doesnโt prima facie do harm, arguably the creation of a licensing regime without the necessary infrastructure to support such a framework does.
First Do No Harm
Rather than try and fit the round peg of cryptocurrencies into the square hole of the PSA, an alternative could have been to not issue licenses to begin with.
Singapore could have used all the existing tools at the disposal of regulators to police the cryptocurrency industry which US Securities and Exchange Commission Chairman Gary Gensler famously labelled the โWild West.โ
And that means the PSA, SFA and Banking Act, whilst catering for such exceptions and carve outs where existing law proved cumbersome and inapplicable.
External observers may be quick to judge Singaporeโs early experiment with regulating cryptocurrencies to have failed based on the number of high-profile insolvencies and collapses associated with the city-state.
But that observation would be misguided.
Cryptocurrencies arenโt (yet) part of the greater financial system and itโs unclear if they ever will be.
By carving out crypto and protecting the most feckless of investors from unnecessary exposure, it could be argued that at the very least, Singaporeโs lawmakers are committing to โdo no harm.โ
And while many of recent high-profile crypto failures are proximate to Singapore, lawmakers in the financial centre could hardly be said to have been their proximate cause.
Disgraced crypto hedge fund Three Arrows Capital (โ3ACโ) may have had its office in Singapore, but its fund and approved investment manager were in the British Virgin Islands.
By the time 3ACโs founders Kyle Davies and Zhu Su ghosted investors, its investment management license issued by MAS had long lapsed.
Terra-Lunaโs Terraform Labs may have had an office and been incorporated in Singapore, but it wasnโt regulated by MAS and its founders and principal staff were not from the city-state.
And even if Singaporeโs investors bemoan how the city stateโs sovereign wealth fundโs investment in FTX gave the cryptocurrency exchange the aura of โinvestabilityโ and โreliability,โ neither the exchange nor its officers are regulated by MAS nor is the company incorporated in Singapore.
Instead, cryptocurrency investors and traders regardless of jurisdiction need to recognize that keeping their assets safe ultimately falls on personal responsibility more than anything else.
Regulation, licensing and official endorsement will do almost nothing to guarantee funds are SAFU โ to move forward, law and regulation alone is a paper tiger, legislation needs to be combined with technology.
No More Paper Tigers

One possible way of giving teeth to legislation is requiring practical implementation of safeguards for customers.
For instance, a license under the PSA, whether in-principle or otherwise, could require a declaration of all public wallet addresses managed by the license-seeking entity to the regulator.
Even if the licensee loathes to make its public wallet addresses known to all and sundry (doubtful at best, else how would you take deposits?), surely the authority issuing the license ought to be entitled to oversight?
Third party companies or auditors could then be tasked for validating and verifying assets within those wallets are sufficient to meet customer withdrawals, and instead of periodically, this monitoring could be done in real-time.
Regulators could leverage the very blockchain technology that they seek to govern, utilising its inherent transparency as a tool for oversight, rather than relying on it posthumously after things have gone wrong.
Whereas financial institutions operate in a far more structured environment, lawmakers who want to properly police the cryptocurrency sector need to use the very infrastructure that the industry depends on for adequate policing.
And that includes real-time crypto asset monitoring, unscheduled inspections and wallet identification โ the ability to do so already exists, but active policing and whistleblowing has been left largely to the community.
This canโt be the way forward.
Last November, the Financial Times suggested Hong Kong was well-positioned to wrestle the crypto capital crown from Singapore, given the latterโs recent setbacks and its knee-jerk response to hold back on all things crypto-related โ but such a view would be somewhat premature.
Singapore is often lauded as an example of a startup country that succeeded, but that process was not without trial and error and the PSA is likely to be no different.
Whilst expedient, the PSA and its implementation needs to evolve, but perhaps at a faster pace than already quick regulators and lawmakers in Singapore are already accustomed to.
The speed at which Singapore rolled out the PSA is no small feat, but far from resting on its laurels, lawmakers in the country could do more to make it useable and to spread its ambition beyond its current iteration.
If the raison dโetre of licensing is to provide a safe framework for stakeholders to operate in, then arguably, the PSA has moved too quickly.
Without adequate infrastructure to support a comprehensive licensing regime, which includes using technological tools to oversee the licensed, the PSA risks becoming nothing more than a marketing tool, providing licensees with a coat of credibility, even as they โcryptoโ covertly.
By Patrick Tan, CEO & General Counsel of Novum Alpha
Novum Alpha is the quantitative digital asset trading arm of the Novum Group, a vertically integrated group of blockchain development and digital asset companies. For more information about Novum Alpha and its products, please go to https://novumalpha.com/ or email: ask@novum.global
For more business reads, click here.