March 22, 2026
Methodology About Contact
TOKENIZATION COMPLIANCE
The Vanderbilt Terminal for Digital Asset Compliance
INDEPENDENT GLOBAL INTELLIGENCE FOR COMPLIANCE & REGULATION
MiCA Licensed CASPs: 12 ▲ Deadline Jul 2026 | AML Fines (2026): $2.1B ▲ Global Crypto | KYC Verifications: 890M ▲ 2025 Global | Travel Rule: 72% ▲ VASP Compliance | SEC No-Action: 4 Letters ▲ Tokenized Securities | Compliance Software: $1.8B ▲ Market Size | VASP Registrations: 3,400+ ▲ Global | 1099-DA Deadline: Jan 2027 ▼ First Filing | MiCA Licensed CASPs: 12 ▲ Deadline Jul 2026 | AML Fines (2026): $2.1B ▲ Global Crypto | KYC Verifications: 890M ▲ 2025 Global | Travel Rule: 72% ▲ VASP Compliance | SEC No-Action: 4 Letters ▲ Tokenized Securities | Compliance Software: $1.8B ▲ Market Size | VASP Registrations: 3,400+ ▲ Global | 1099-DA Deadline: Jan 2027 ▼ First Filing |
Home Regional Compliance Singapore MAS Compliance Requirements for Digital Payment Token Services
Layer 1

Singapore MAS Compliance Requirements for Digital Payment Token Services

Complete guide to Singapore MAS compliance for crypto businesses covering Payment Services Act licensing, AML/CFT requirements, technology risk management, and costs.

Advertisement

Table of Contents

  1. Singapore Regulatory Overview
  2. Payment Services Act Framework
  3. License Types and Requirements
  4. Application Process
  5. AML/CFT Requirements
  6. Technology Risk Management
  7. Consumer Protection Requirements
  8. Ongoing Compliance Obligations
  9. Costs and Timeline
  10. Implementation Guide

Singapore Regulatory Overview

Singapore has established one of the most sophisticated and well-regarded regulatory frameworks for digital assets in the Asia-Pacific region. The Monetary Authority of Singapore (MAS) — functioning as both the central bank and the financial regulator — has taken a measured, principles-based approach that balances innovation with robust prudential and AML/CFT standards.

The regulatory framework centers on the Payment Services Act 2019 (PSA), as amended by the Payment Services (Amendment) Act 2021, which brought digital payment token (DPT) services under comprehensive MAS regulation. The PSA establishes a licensing regime for DPT service providers, imposes AML/CFT requirements aligned with FATF standards, and grants MAS broad supervisory and enforcement powers.

Singapore’s approach is notable for its clarity and its alignment with international standards. MAS has issued detailed guidelines, notices, and FAQs that provide practical guidance on compliance expectations. The regulator actively engages with industry through consultation papers and industry working groups, and has demonstrated a willingness to adjust its framework based on market developments and industry feedback.

For compliance officers evaluating Singapore as a regulatory jurisdiction, the key considerations are the rigorous but well-defined licensing process, the comprehensive AML/CFT requirements, the technology risk management standards, and the relatively high barriers to entry that reflect Singapore’s positioning as a premium regulatory jurisdiction.

Payment Services Act Framework

The PSA defines “digital payment token” as any digital representation of value that is expressed as a unit, not denominated in any currency, can be transferred electronically, and is intended as a medium of exchange. This definition covers Bitcoin, Ether, and most other cryptocurrencies, while explicitly excluding securities tokens (regulated under the Securities and Futures Act) and e-money (regulated under the PSA’s separate e-money provisions).

Regulated Activities

The PSA regulates the following DPT-related activities:

  • Dealing in DPTs — Buying, selling, or exchanging DPTs for money or other DPTs
  • Facilitating exchange of DPTs — Operating a platform that facilitates the exchange of DPTs
  • DPT transfer services — Providing the service of transmitting DPTs from one DPT account to another
  • DPT custodial services — Safeguarding DPTs or managing instruments that provide control over DPTs

Any entity providing these services in Singapore — including entities that provide cross-border services to Singapore customers — must be licensed by MAS.

License Types and Requirements

Standard Payment Institution (SPI) License

For DPT service providers with monthly transaction volume not exceeding SGD 3 million and daily e-money float not exceeding SGD 5 million.

Capital Requirements: Minimum base capital of SGD 100,000 (approximately $75,000) or a higher amount as specified by MAS based on the applicant’s risk profile.

Major Payment Institution (MPI) License

For DPT service providers that exceed the SPI thresholds or that provide services at a scale that MAS considers systemically relevant.

Capital Requirements: Minimum base capital of SGD 250,000 (approximately $188,000) or higher as determined by MAS. MPI licensees must also maintain a security deposit with MAS.

Which License to Apply For

Most crypto exchanges and DPT service providers of meaningful scale require an MPI license. The SPI license is suitable for smaller service providers or firms entering the market at limited scale with plans to upgrade to MPI as volumes grow.

Application Process

Pre-Application

MAS encourages pre-application consultations for novel or complex business models. The pre-application phase helps applicants understand MAS expectations and identify potential issues before formal submission.

Application Submission

The formal application includes a completed application form, detailed business plan, corporate governance documentation, compliance framework documentation (AML/CFT policies, technology risk management), financial projections and evidence of capital adequacy, fitness and propriety declarations for all directors and key personnel, and the appointed CEO and compliance officer must be Singapore-resident.

MAS Assessment

MAS conducts a thorough assessment that typically takes 6-12 months. The assessment covers the applicant’s business model and risk profile, the fitness and propriety of key personnel, the adequacy of the AML/CFT framework, technology risk management capabilities, financial soundness, and the applicant’s track record and reputation.

MAS has been selective in granting DPT licenses. Since the PSA came into effect, MAS has received over 400 applications and granted licenses to fewer than 30 entities, reflecting the regulator’s high standards and thorough assessment process.

Conditions and Restrictions

MAS may attach conditions to licenses, including restrictions on specific DPT types, customer segments, transaction volumes, or geographic scope. Conditions are tailored to the applicant’s risk profile and operational readiness.

AML/CFT Requirements

MAS Notice PSN02 sets out detailed AML/CFT requirements for DPT service providers. These requirements are among the most comprehensive in the region and reflect Singapore’s position as a FATF member with strong mutual evaluation ratings.

Customer Due Diligence

  • Verify customer identity before establishing a business relationship or conducting transactions above SGD 5,000
  • Perform enhanced due diligence for higher-risk customers, PEPs, and customers from higher-risk jurisdictions
  • Ongoing monitoring of the business relationship
  • Record keeping for at least five years after the end of the business relationship

Transaction Monitoring

  • Implement real-time and batch transaction monitoring systems
  • Configure monitoring rules appropriate to the firm’s risk profile
  • Review and investigate alerts in a timely manner
  • Maintain documentation of alert dispositions and investigation outcomes

Suspicious Transaction Reporting

  • File Suspicious Transaction Reports (STRs) with the Suspicious Transaction Reporting Office (STRO) for all suspicious transactions
  • STRs must be filed as soon as reasonably practicable after forming the suspicion
  • No threshold — STRs are required regardless of transaction amount

Travel Rule

Singapore has implemented the Travel Rule through MAS Notice PSN02, requiring DPT service providers to obtain, verify, and transmit originator and beneficiary information for DPT transfers exceeding SGD 1,500 (approximately $1,125).

Sanctions Compliance

DPT service providers must screen against all applicable sanctions lists, including UN Security Council lists, Singapore MAS sanctions lists, and lists of designated persons under Singapore’s Terrorism (Suppression of Financing) Act and other relevant legislation.

Technology Risk Management

MAS has issued comprehensive Technology Risk Management Guidelines (TRM Guidelines) that apply to all financial institutions, including DPT service providers. The TRM Guidelines cover:

Cybersecurity

  • Implement a cybersecurity framework proportionate to the firm’s risk profile
  • Conduct regular vulnerability assessments and penetration testing
  • Deploy intrusion detection and prevention systems
  • Establish incident response procedures
  • Report material cyber incidents to MAS within one hour of discovery

IT Governance

  • Board oversight of technology risks
  • Designated technology risk management function
  • Regular technology risk assessments
  • Change management procedures for system modifications

Cloud Computing

  • Due diligence on cloud service providers
  • Data residency considerations (MAS has specific expectations about data stored outside Singapore)
  • Business continuity planning for cloud service disruptions
  • Contractual protections with cloud providers

Wallet and Key Management

  • Secure key generation, storage, and recovery procedures
  • Multi-signature or equivalent controls for high-value transactions
  • Regular audit of key management processes
  • Segregation of customer and company assets

Consumer Protection Requirements

MAS has implemented significant consumer protection requirements for DPT service providers, including restrictions on marketing and advertising (DPT services may not be marketed to the general public in public areas, public transport, broadcast media, or social media), risk disclosures that must be prominently displayed, segregation of customer assets from company assets, and complaint handling procedures that meet MAS standards.

The marketing restrictions are notably stringent and reflect MAS’s concern about retail consumer harm from speculative DPT trading.

Ongoing Compliance Obligations

Regulatory Reporting

Licensed DPT service providers must submit regular reports to MAS, including annual audited financial statements, quarterly prudential returns, material change notifications, and incident reports for security breaches and operational disruptions.

Ongoing Fit and Proper Requirements

All directors, CEOs, and key personnel must maintain fitness and propriety throughout the license term. Any changes to key personnel require MAS approval. MAS may require removal of individuals who no longer meet fit and proper standards.

Examination and Supervision

MAS conducts regular on-site and off-site examinations of licensed DPT service providers. Examinations cover AML/CFT compliance, technology risk management, governance and risk management, and compliance with license conditions.

Costs and Timeline

Licensing Costs

ItemCost Range
MAS Application FeeSGD 1,000 ($750)
MAS Annual License FeeSGD 1,000-10,000 ($750-$7,500)
Legal Counsel$80,000-250,000
Compliance Framework$50,000-150,000
Technology Setup$150,000-400,000
Capital Requirement$75,000-$188,000+
Singapore Office$40,000-120,000/year
Key Personnel (CEO, CO)$300,000-600,000/year
Total Year 1$700,000-1,700,000+

Timeline

PhaseDuration
Pre-Application1-2 months
Application Preparation2-4 months
MAS Assessment6-12 months
Post-Approval Setup1-3 months
Total10-21 months

Implementation Guide

Step 1: Regulatory Assessment

Determine whether your activities require a DPT license under the PSA. Assess whether SPI or MPI license is appropriate based on expected volumes.

Step 2: Entity and Personnel

Incorporate a Singapore entity. Appoint a Singapore-resident CEO and compliance officer who meet MAS fit and proper standards.

Step 3: Compliance Framework

Develop a comprehensive AML/CFT framework compliant with PSN02. Implement technology risk management aligned with MAS TRM Guidelines.

Step 4: Technology Infrastructure

Deploy KYC, transaction monitoring, sanctions screening, and Travel Rule compliance technology. Implement cybersecurity controls meeting MAS standards.

Step 5: Application

Prepare and submit the license application with all required documentation. Engage with MAS throughout the assessment process.

Step 6: Operational Readiness

During the MAS assessment period, complete operational setup, staff hiring, and systems testing. Prepare for MAS on-site assessment.

Step 7: Launch

Upon license grant, commence regulated operations. Implement ongoing compliance reporting and monitoring.

For comparison with other jurisdictions, see UAE vs. Singapore Compliance.

Singapore’s Competitive Positioning

Singapore’s regulatory framework for digital assets is designed to attract high-quality participants while filtering out firms that cannot meet rigorous compliance standards. MAS’s selective licensing approach — granting licenses to fewer than 30 firms from over 400 applications — has established Singapore as a premium regulatory jurisdiction where licensed entities benefit from the reputational value of MAS authorization.

For compliance officers evaluating Singapore, the key advantages include MAS’s international reputation as one of the world’s most sophisticated financial regulators, the comprehensive and well-documented regulatory framework that provides clarity on compliance expectations, the robust legal system with strong rule of law, access to the broader Asia-Pacific market from a strategically positioned hub, and a deep talent pool of compliance and financial services professionals.

The key challenges include the stringent marketing restrictions that limit retail customer acquisition, the rigorous and selective licensing process with high rejection rates, the comprehensive technology risk management requirements that create significant operational obligations, and the relatively small domestic market compared to the EU or US.

Singapore remains one of the most attractive jurisdictions for digital asset firms that can meet MAS’s standards. For firms with the resources and commitment to meet MAS requirements, a Singapore license provides a strong foundation for Asia-Pacific operations and significant credibility with institutional counterparties worldwide.

For a step-by-step licensing guide, see the Singapore MAS license how-to guide and the Singapore jurisdiction profile. For regulator-specific analysis, see the MAS regulator profile. For how Singapore compares with competing jurisdictions, see the UAE vs Singapore compliance comparison and the Asia-Pacific comparison benchmark. For the Travel Rule implementation discussed here, see the crypto Travel Rule compliance guide and the Travel Rule encyclopedia entry. For broader AML programme design, see the crypto AML programme building guide.

For the official regulatory source, see the Monetary Authority of Singapore for PSA licensing guidance and FATF mutual evaluations for Singapore’s AML/CFT compliance assessment.

MAS requirements are subject to change. Consult qualified Singapore legal counsel for current requirements. Updated March 2026.

Advertisement
regional-complianceSingaporeMAS
Related Articles
UAE Crypto Compliance Requirements: VARA, ADGM, and Federal Framework
VARA Compliance Framework: Dubai Virtual Asset Regulation Case Study
Advertisement
Network Intelligence

Institutional Access

Coming Soon