Nizam Ismail of RHTLaw Taylor Wessing provides an important guide on the complex regulatory aspects of Southeast Asia’s fintech industry

Southeast Asia is going through a fintech revolution. Vietnam recently launched the first digital-only bank, called 'Timo'. Over in Malaysia, the Securities Commission announced the country's first six equities-based crowdfunding platforms last year – pipping its neighbour, Singapore, which is only expected to announce its equities crowdfunding regulations later this year. Malaysia is also looking at introducing regulations for peer-to-peer (P2P) lending.

In Singapore, the chairman of the Monetary Authority of Singapore (MAS) and the deputy prime minister, Tharman Shanmugaratnam, in April this year, announced Singapore's aggressive push to develop a fintech ecosystem in Singapore and a week-long fintech festival in Singapore in November (complete with a slick promotional video on YouTube). The announcement of this event was made in New York. This venue choice was meaningful, subtly positioning Singapore as a fintech hub for global players. MAS has actually started a fintech department and appointed a chief fintech officer. MAS has led the formation of a fintech office – a one-stop platform to promote fintech in Singapore. MAS has also promoted the use of application programming interfaces (APIs), taking the lead by making its data available through APIs.

In Indonesia, communications and information technology minister, Rudiantara, announced in March 2016 plans by the Indonesian bourse, IDX, to set up a dedicated technology board, to foster tech entrepreneurs. The minister proudly proclaimed the emergence of two unicorns (billion dollar start-ups) within 2016.

Accelerators and investors are active in the region, making bets on which fintech platform will be the next unicorn.

Regulators are similarly busy, largely acknowledging the revolutionary impact of fintech, as well as nervously acknowledging its many risks, which they are struggling to fully comprehend.

Every fintech start-up knows that regulatory risk is the most important risk factor for its business. The reality is that the financial services industry is the most heavily regulated in the world.

The repercussions for a fintech start-up being ignorant of its regulatory status can be severe. If it conducts regulated activities without obtaining the necessary licences, this could typically attract criminal penalties (including the threat of imprisonment) or civil liability.

There are pressing challenges for fintech start-ups in dealing with regulations in Southeast Asia.

Southeast Asia is not monolithic. There are diverse jurisdictions with different legal traditions, and which are at different stages of regulatory development. For over-the-counter (OTC) derivatives and futures trading may not be regulated in all Southeast Asian jurisdictions.

Understanding the applicable rules in Southeast Asia presents an interesting challenge – regulators may not publish all laws and regulations on their websites. Even where they are published, the information might not be up to date. Language can also be a problem: not all data is published in English; and even where the published regulations are up to date and in English, it is not certain that what is published encompasses all the rules that might apply in reality. There may be a level of discretion that requires personal engagement with the regulators.

Therefore, while the ASEAN economic community, which was established in 2016, with its vast pyramid base of under-banked communities, promises the allure of tapping into a market that is the seventh-largest in the world, the reality is that fintech start-ups face a daunting task when trying to understand and navigate the complex and often frustrating regulatory quirks of the various jurisdictions in that community.

Against this backdrop of the diverse nature of ASEAN, the other challenge for fintech start-ups is that regulators may not have made up their minds on how to regulate fintech.

The philosophy of financial services regulators typically focuses on safety and soundness objectives, putting in place prudential safeguards such as capital and liquidity requirements. This is typically the approach for banking and insurance regulations. Capital markets regulations, on the other hand, tend to focus on promoting fair and efficient markets and fair dealing for consumers.

The difficulty is how to apply the regulatory philosophy to the fintech industry. There are several inherent tension points.

By nature, fintech start-ups disrupt. They look for opportunities where regulations do not exist, or are vague. They seek to do things in a cheaper, more efficient, convenient and transparent manner compared to traditional financial institutions. Fintech start-ups could grow exponentially and become systemically important in a short period of time. The issue is that fintech start-ups may not have in place a robust governance, risk-management or compliance framework. A fintech start-up may be looking for a quick exit through a trade sale or IPO, and may not see the need to invest in a set of robust controls. It may not necessarily have a long-term view. Indeed, there are good reasons why traditional financial institutions have sophisticated governance, risk and compliance frameworks. A fintech failure or crisis could also have a widespread impact on consumers, and could adversely affect the reputation of a financial market.

By definition, regulations cannot foreshadow industry development. Regulators also do not want to inhibit innovation. However, there will be a tipping point, when because of customer protection reasons, or worse, because of a failure or crisis relating to a fintech platform, regulations just have to step in.

One example of this is the issue of whether regulators should regulate bitcoin or other cyber-currencies. Most regulators feel that the use of cyber-currencies may not be sufficiently widespread so as to justify regulations. In Singapore, MAS takes the view that cyber-currencies may introduce money laundering and terrorist financing risks. In March 2014, MAS announced that it would introduce anti-money laundering and combating of terrorist financing requirements for cyber-currency players. As of April 2016, the rules have yet to be introduced.

In April this year, the chairman of MAS explained that a fintech player that grows and acquires 'meaningful scale' will be regulated like any other financial institution. Conditions must be consistently fair for all, and there are good reasons why regulations exist in the first instance.

Earlier this year, MAS' managing director, Ravi Menon, explained that MAS would take a risk-focused and proportionate approach towards regulations. He provided an example for P2P lending platforms which do not need to be regulated in Singapore so long as the platforms do not take deposits. However, if these P2P platforms were to grow and raise macro-prudential concerns – for instance, if they were to become pervasive and systemic – MAS would regulate them.

Similarly, non-systemically important payment systems will not be regulated in Singapore until such time that they become systemic. This is the prevailing approach under Singapore's Payment Systems (Oversight Act).

From the perspective of the fintech player, this means that they could be victims of their own success and be subject to regulations when they become successful.

However, the Singapore regulator's assurance is that regulations will be proportionate – they will be calibrated to address the specific risks of the activity.

Apart from the risk of being regulated in future, another issue is that of dealing with existing regulations; in other words, working to old-style rules that may not be relevant for new world business models. Force fitting one into the other may not work.

For instance, regulations requiring capital or the payment of a security deposit for each place of business, or the displaying of physical licences at those places of business, simply has little relevance for a fintech platform.

Another example of the shackling effect of existing regulations can be found in the context of equities-based crowdfunding rules proposed by MAS in a consultation paper in February 2015. MAS had considered existing licensing and prospectus requirements and proposed equities-based crowdfunding activities that were only allowed for accredited investors (high-net-worth individuals or corporations meeting certain net asset or income requirements) and institutional investors (essentially, regulated financial institutions). In other words, equities-based crowdfunding platforms would not be allowed for retail consumers. This effectively removes the 'crowd' from crowdfunding.

One good initiative introduced by MAS in promoting fintech is the regulatory sandbox, similar to the approach taken by the UK FCA.

It is conceptually a good initiative. The regulatory sandbox allows for controlled experiments – where a start-up that requires licensing could get its proof of concept up, demonstrate a working platform (within limited confines of volumes and number of customers) fairly quickly, instead of going through a long licensing process.

However, the practical implementation has been a little difficult. There has been no guidance on the form or requirements of the sandbox. There have been instances where MAS has imposed a high level of innovation before proceeding further with a sandbox application, turning down applications even in instances where a proposed business model may be novel in Singapore.

The jury is out on whether Southeast Asian regulators will write dedicated regulations for fintech. There may be a good argument for such dedicated regulations, given the peculiar needs of fintech start-ups for a proportionate approach – a sliding scale of regulations depending on the risk profile of the start-up.

Whether or not dedicated fintech regulations are introduced, we will see a flurry of regulatory activities in Southeast Asia as regulators start addressing gaps in their regulatory frameworks, or updating various pieces of legislation to keep pace with the demands of innovation.

Regulatory development is really not an option for regulators, but a necessary step to foster consumer confidence and maintain the good standing and reputation of their respective markets.

While regulations can increase the cost and complexity of doing business, fintech players should perhaps see regulations as assets – after all, they promote consumer confidence, and protect the longer-term interests of a fintech platform.

Importantly, they also introduce a barrier to entry to potential competitors.


  First published by our sister publication IFLR magazine. Take your free trial today.


Nizam Ismail
RHTLaw Taylor Wessing

About the author
Nizam Ismail is a partner of RHTLaw Taylor Wessing under its banking and finance and corporate practice. He also is a co-founder of RHT Compliance Solutions, a dedicated financial services compliance consultancy/solutions provider. He has 20 years of experience and expertise in financial services regulatory compliance and litigation.

He was executive director and head of compliance for Southeast Asia in Morgan Stanley Singapore. Ismail was also formerly senior vice president and head of compliance for Southeast Asia at Lehman Brothers Singapore, Executive director (legal and compliance) in Nomura Singapore and senior legal counsel of Citigroup (corporate and investment bank). Ismail's area of compliance coverage included markets, investment banking, corporate banking, private banking and asset management. Ismail's product coverage included fixed income, equities, commodities, currency, rates, derivatives, futures, structured deposits.

Ismail spent six years as a regulator at the Monetary Authority of Singapore (MAS), where he was deputy director and head of the Market Conduct Policy Division. There, Ismail worked on various policy reviews relating to the capital markets, including various policy reviews leading to the enactment of the Securities and Futures Act, the Financial Advisers Act, Trust Companies Act and the Business Trust Act. Ismail also conducted a review on the application of competition law on financial services.

The policy reviews that Ismail oversaw at MAS included: revamp of regulatory framework on markets/recognised market operators, dual currency investments, credit card solitication rules, disclosure requirements for investment products, rationalisation of wholesale/retail investors, extra-territorial application, regulation of traded life/endowment policies, civil penalty regime for market misconduct, review of insider trading, licensing and business conduct issues, policies behind regulation capital markets intermediaries, and implementation of recommendations of Corporate Law and Regulatory Framework Committee (CLRFC).