Series
Publications
Series
Publications
New VA dealing and VA custodian regimes proposed: The Financial Services and the Treasury Bureau and the Securities and Futures Commission (SFC) have jointly issued two public consultations closing on 29 August: one paper proposing a new and comprehensive regulatory and licensing framework for virtual assets (VA) custodian services in Hong Kong; and another introducing a new, broad licensing and supervisory regime for persons and businesses dealing in VA. Both regimes will be subject to SFC supervision. Under the proposals, any business providing virtual asset dealing services in Hong Kong, whether online or at physical locations, would require a new VA dealing services licence. Entities carrying on a business in Hong Kong providing safekeeping of VA on behalf of clients or who enable the transfer of client VA will also need to be licensed for VA custody. Actively marketing VA dealing or custody services to the Hong Kong public, even if carried out from outside Hong Kong, would trigger these licensing requirements. Both existing regulated firms currently offering VA activities, as well as those who are presently unregulated, will be affected by the proposals as currently drafted and will need new licences. Read more in our bulletin.
HKMA Publishes cryptoasset standard return templates: The Hong Kong Monetary Authority (HKMA) has published a set of revised return templates applicable when the cryptoassets standard and other miscellaneous amendments are implemented in Hong Kong. This publication follows the consultation on the draft rules for implementing the Basel Committee’s standard on the prudential treatment of banks’ cryptoasset exposures. The returns include explanatory notes to reflect the reporting requirements for returns on Liquidity Position, Capital Adequacy Ratio and Return of Large Exposures, among others.
SFC highlights new actions against unauthorised trading at financial firms: The SFC has issued new guidance in response to a rise in unauthorised trading incidents, where criminals used phishing SMS messages to steal client login details and access trading accounts. Licensed Corporations (LCs) must act swiftly to prevent these incidents by (i) signing up for the SMS Sender Registration Scheme; (ii) raising client awareness; and (iii) enhancing detection and controls for identifying unauthorised access and transactions in client accounts.
PBOC and HKMA jointly launch Payment Connect to link faster payment systems in Mainland China and Hong Kong: The People’s Bank of China and the HKMA have jointly announced the launch of “Payment Connect”, a new mechanism linking the faster payment systems in Mainland China and Hong Kong. From 22 June 2025, Payment Connect enables residents in both regions to make more efficient, secure, and real-time cross-boundary payments. Payment Connect offers several advantages over traditional cross-boundary fund remittance between the Mainland and Hong Kong: (i) users can initiate transfers online through participating banks’ online applications; (ii) transfers for current account transactions, within specified limits, can be processed instantly and with simplified procedures; and (iii) direct links between payment infrastructures in the Mainland and Hong Kong reduce reliance on intermediaries, lowering transaction costs. At launch, six banks from Mainland China and six banks from Hong Kong will participate, including Bank of China Limited, China Merchants Bank Co., Ltd, Hang Seng Bank Limited, and The Hongkong and Shanghai Banking Corporation Limited. Additional financial institutions are expected to join Payment Connect over time.
PCAC releases two industry self-regulation rules to standardize the outsourcing practices of acquiring business: The Payment and Clearing Association of China (PCAC) has released two industry self-regulation rules which took effect on 26 May: the Management Regulations for Filing of Acquiring Outsourcing Service Institution (the Filing Regulations) and the Management Regulations for Evaluation of Acquiring Outsourcing Service (the Evaluation Regulations). Both regulations are intended to strengthen industry self-regulation, standardise payment outsourcing practices, mitigate risks in acquiring businesses, and support the healthy development of the payment service market. Specifically, the Filing Regulations require outsourcing service providers in the acquiring sector to file with PCAC before commencing operations and outline the specific requirements for such filing. The Evaluation Regulations establish a framework for assessing outsourcing service providers to acquiring businesses, detailing the obligations of licensed payment institutions regarding information registration, risk information management, and the evaluation of their outsourcing service providers.
Chinese authorities release draft guidelines on cross-border automotive data security: Eight Chinese government departments, including the Ministry of Industry and Information Technology and the Cyberspace Administration of China (CAC), have jointly released the draft Guidelines for Cross-Border Security of Automotive Data (2025 Edition) (the Draft Guidelines) for public consultation, which ends on 13 July 2025. The Draft Guidelines clarify that automotive data processors must undergo a cross-border data security assessment when transferring important data or large volumes of personal information overseas. For smaller-scale, non-sensitive transfers, processors may use a standard contract or certification. The Draft Guidelines also detail what constitutes important data in specific scenarios, such as manufacturing and autonomous driving, and requires processors to establish data management mechanisms to ensure secure transmission and log retention.
CAC issues third edition of data export security assessment guidelines: The CAC has issued the Data Export Security Assessment Declaration Guidelines (Third Edition). These Guidelines clarify the required application materials, outline the online declaration process, and specify the conditions for extending the validity period of an assessment. They also provide that data processors may apply for an extension within 60 working days before the current assessment expires.
Responses to feedback received on proposed amendments to AML/CFT Notices for FIs and VCCs: The Monetary Authority of Singapore (MAS) has published its responses to feedback on their consultation paper on proposed amendments to anti-money laundering and countering the financing of terrorism (AML/CFT) Notices and Guidelines for financial institutions and variable capital companies (VCCs), which apply to all FIs including payment service providers and digital token service providers. The revised Notices and Guidelines have come into effect on 1 July 2025. Read more in our May bulletin.
MAS issued revised anti-money laundering (AML) and countering the financing of terrorists (CFT) notices and guidance: The MAS has issued revised versions of (i) Notice PSN01 Prevention of Money Laundering and Countering the Financing of Terrorism – Specified Payment Services, (ii) Notice PSN02 Prevention of Money Laundering and Countering the Financing of Terrorism – Digital Payment Token Service and its accompanying Guidelines to Notice PSN01 and Guidelines to Notice PSN02, which took effect on 1 July 2025. Additionally, MAS has introduced Notice PSN01AA and Notice PSN10 under the Financial Services and Markets Act 2022 (FSMA), effective from 1 July 2025, replacing the earlier notices issued under the Monetary Authority of Singapore Act 1970. Changes include amendments to the definition of a “customer” and “trust related party”, the list of third parties that can be relied on, and FIs exempted from the requirement to inquire about their beneficial owners, identification and verification requirements for customers and their beneficial owners, and the requirement to submit reports on suspicious transactions.
Composition penalties imposed against five major payment institutions: The MAS has imposed composition penalties on five licensed major payment institutions (MPIs) amounting to S$960,000 for breaches of AML/CFT requirements under MAS Notice PSN01. The MPIs (Remsea Pte Ltd, Arcade Plaza Traders Pte Ltd, J-Dee Remittance Services Pte Ltd, Mobile Community Tech Pte Ltd and OxPay SG Pte Ltd) were found to have inadequate AML/CFT controls in place, resulting in multiple breaches of AML/CFT requirements, such as: failures in identifying, verifying the identity and screening of customers and beneficial owners, verifying the authority of appointees acting on behalf of customers, and breaches of wire transfer requirements. The MAS emphasised its expectations of senior management of FIs to play an active role in the implementation of AML/CFT controls and remediation measures and plans to publish an information paper outlining common issues, supervisory expectations, and suggested improvements identified during recent examinations to help guide the wider industry.
MAS announced the incorporation of new payment entity: The MAS and Association of Banks Singapore (ABS) have announced the incorporation of Singapore Payments Network (SPaN), which will administer and govern Singapore’s national payment schemes. Its purpose is to consolidate and scale up national payment schemes, such as FAST, PayNow and SGQR, positioning them for future growth and regional interoperability.
IMDA announces three new data protection and AI initiatives: Singapore has introduced three new initiatives focused on data protection and AI adoption:
MAS clarified regulatory regime for Digital Token Service Providers (DTSP): In a media release, the MAS has clarified the applicable scope for its DTSP regime under the FSMA. As of 30 June 2025, DTSPs offering services solely to overseas customers involving digital payment tokens or tokens of capital markets products must be licensed by MAS or otherwise cease these activities. However, the MAS has set the bar high for licensing and will generally not issue a licence under the FSMA due to higher money laundering risk and little substantive regulated activity in Singapore. There was no transition period due to the higher risks presented.
Amended Payment Services Act Enacted: The amendments to the Payment Services Act (Act No. 59 of 2009, as amended) has been enacted on 6 June 2025 and will come into force within a year (English summary / Japanese original). Under the amendments, those who conduct certain cross-border payments, such as domestic businesses that facilitate payments to overseas e-commerce businesses or payments from overseas payment service providers, are required to register as funds transfer service providers. The Financial Services Agency of Japan has opened a contact form (available only in Japanese) to accept consultations regarding such cross-border payment regulations.
Proposed amendments to criteria for selecting digital assets for listing on digital asset exchanges: The Securities and Exchange Commission of Thailand (SEC) has issued a public consultation closing on 21 July on proposed amendments to the criteria for selecting digital assets for listing on digital asset exchanges. Currently, the rules prohibit digital asset exchanges from listing digital tokens issued by themselves or by related persons and entities (COI tokens), as part of measures to maintain market orderliness and prevent unfair market practices. However, the SEC recognises that these restrictions may no longer reflect international developments or sufficiently support sector innovation. The consultation seeks input regarding: (i) whether digital asset exchanges should be permitted to list COI tokens, subject to appropriate safeguards; (ii) whether exchanges should be required to publicly disclose the names of all individuals and entities connected to any token issuer (widely drafted to include directors, executives, controllers, their spouses or partners, and legal entities they control, as well as parent, subsidiary, and affiliate companies),such disclosures would also be flagged in the SEC’s e-reporting system; and (iii) the proposed transitional provision, which would require currently listed issuers to provide these within 90 days of the new rules becoming effective.
SCA’s “Finfluencers” regulatory regime goes live: In a major step toward enhancing investor protection and transparency, the UAE Securities and Commodities Authority (SCA) has issued Decision No. 10/RM/2025 on 20 May 2025. This landmark regulation establishes a comprehensive framework governing “finfluencers” – individuals who share financial advice or recommendations via social media and other public platforms. To qualify as a finfluencer under the new regulation, individuals must either be certified financial analysts or demonstrate substantial market influence through experience and audience reach. Registration with the SCA is mandatory, subject to annual renewal and “fit and proper” criteria.
The FSRA issues amendments to its virtual assets regime: The Financial Services Regulatory Authority (FSRA) of Abu Dhabi Global Market (ADGM) has introduced significant amendments to its virtual asset regime, further enhancing its status as a global centre for digital finance and strengthening its appeal to Virtual Asset Service Providers (VASPs). A key change is the move to a self-assessment model for Accepted Virtual Assets (AVAs). Licensed virtual asset firms are now permitted to assess tokens independently against the FSRA’s detailed criteria, which address factors such as traceability, liquidity, technological resilience, and functional utility. Firms may proceed with listing tokens after notifying the FSRA at least five business days in advance. This marks a notable departure from the prior pre-approval process, accelerating token onboarding while maintaining regulatory transparency and accountability.
Contents