Background
The Singapore Payment Services Act 2019 (PSA) was issued by the Singapore government as a “forward-looking and flexible framework for the regulation of payment systems and payment service providers in Singapore.” Replacing the former Payment Systems Oversight Act and Money-Changing and Remittance Businesses Act, the PSA “provides for regulatory certainty and consumer safeguards, while encouraging innovation and growth of payment services and fintech.”
In addition, Notice PS-N01 (Prevention of Money Laundering and Countering the Financing of Terrorism – Specified Payment Services), which was issued by the Monetary Authority of Singapore (MAS) further to the PSA, introduces requirements on Anti-Money Laundering (AML) and countering the financing of terrorism (CFT) for regulated payment service providers (including Stripe).
What this means for Stripe users
In order to comply with the AML/CFT measures mandated by the PSA and Notice PS-N01, in particular paragraph 7, “Customer Due Diligence,” Stripe is making certain changes to the user onboarding process and has introduced the following additional measures that apply to both new and current users:
- Enhanced identity verification
- Collection of additional Know Your Customer (KYC) information
- Verification of authority to open the account
Enhanced identity verification
Provisions under the PSA and Notice PS-N01 require Stripe to implement an enhanced identity verification process for certain users. To remain in compliance with this requirement, Stripe will ask you to verify yourself via Singapore Myinfo (using your Singpass app) or provide a valid form of ID with a photo of yourself captured by Stripe – using the camera on your computer or mobile device.
Collection of additional KYC information
In order to comply with the PSA and Notice PS-N01, Stripe will collect additional information from you, e.g., your nationality, details about your company’s directors, etc. The extent of additional information Stripe is required to collect depends, among other things, on the type of your Stripe account, and we would only request information that we need in order to comply with the applicable regulations.
Connected parties: We are required to verify the details of all of your directors (if you are a company), partners and managers (if you are a partnership), and senior executives/office bearers (if you are an unincorporated entity like a society, club, etc.).
Beneficial owners: We are also required to identify and verify the identities of individuals with significant ownership and/or control of your business, established via shareholding, voting rights, and/or executive authority of the business. For additional information on this requirement and how to satisfy it, please visit our support page on ultimate beneficial ownership requirements in Singapore.
Verification of authority to open the account
In order to comply with the PSA and Notice PS-N01, Stripe is required to verify that an individual opening the Stripe account is authorised to do so on behalf of the business. In order for Stripe to verify this information, please only proceed to open the account if you are the owner or a director of the business. For additional information on this requirement and how to satisfy it, please visit our support page on representative authority verification.
Account closure
If verification remains uncompleted, provisions under PSA and Notice PS-N01 require Stripe to:
- Pause charge processing and payouts to bank accounts if user verification remains uncompleted 30 business days after the terms of the Stripe SSA have been accepted.
- Terminate and permanently close the Stripe payment account if verification remains uncompleted 120 business days after the terms of the Stripe SSA have been accepted.
If you wish to use Stripe’s payment services again, you will need to create a new Stripe account.
Conclusion
Stripe’s account-opening requirements are designed to help our users stay up-to-date on new features or changing regulations – including the new requirements introduced by the PSA and MAS Notice PS-N01. If you have any questions, please let us know.
FAQs
Why am I being asked to provide personally identifiable information for all of my directors and/or key executives?
In order to comply with existing AML/KYC regulations in Singapore, including MAS Notice PS-N01, paragraph 7, Stripe needs to identify and verify the identity of all connected parties of Stripe users.
Stripe attempts to verify the identity of connected parties by collecting and matching connected parties’ names, dates of birth, ID numbers, addresses, etc.
Connected parties refers to directors (for a company); partners (for partnership businesses); or key executives, such as the president, chairperson, treasurer, etc. (for the rest of the legal entities).
Why am I being asked to provide personally identifiable information for my owners?
In order to comply with existing AML/KYC regulations, including MAS Notice PS-N01, paragraph 7, Stripe needs to identify and verify the identities of ultimate beneficial owners (UBOs) of Stripe users that are legal entities.
Stripe attempts to verify the identity of UBOs by collecting and matching UBOs’ names, dates of birth, ID numbers, addresses, etc., and also ensuring that the list of UBOs is correct and complete.
A UBO refers to any individual who ultimately owns or controls your business, or on whose behalf transactions are being conducted, and includes any person who exercises ultimate effective control over your business. This will generally translate to anyone who effectively owns more than 25% of your business and/or your directors.
I’m a non-profit organisation (NPO) without an owner. Am I still required to provide UBO information?
Yes. Since NPOs do not have owners, UBOs are individuals that ultimately control or exercise significant influence over your organisation. This includes individuals such as the president, chairperson, treasurer, secretary, etc.
Is my Personally Identifiable Information (PII) safe with Stripe?
Yes. Please refer to Stripe’s Privacy Center for information on how Stripe handles PII, including information collected to comply with AML/KYC regulations.