- Singapore — MAS Regulated Activities
Crypto Activities Regulated by MAS
MAS regulates a broad range of digital asset activities under the Payment Services Act — understand what constitutes a regulated crypto activity in Singapore and the types of services that require licensing.
Core Regulatory Principle
⚖️
MAS regulates functions and activities — not business names or labels
🔗
7 distinct DPT activity categories may require licensing
⚠️
Most crypto platforms trigger multiple regulated activities simultaneously
🌐
Cross-border services from Singapore may be regulated under the FSM Act
🔑
Custody is determined by control over private keys — not by label
MAS Regulates Activities, Not Labels
How MAS Determines Whether Your Business Is Regulated
The Monetary Authority of Singapore regulates crypto businesses based on what they do — not what they call themselves. A business will be regulated if it performs a function that falls within a defined payment service, regardless of branding, technical architecture, or corporate structure.
MAS applies a substance-over-form test. The regulatory perimeter is drawn around economic function — the movement, exchange, custody, or facilitation of digital assets — not around how a business describes its services to users or how it structures its technology stack.
Crypto activities in Singapore are primarily regulated under the Payment Services Act 2019 (PSA) for domestic and cross-border DPT services, and the Financial Services and Markets Act 2022 (FSM Act) for cross-border digital token services provided from Singapore.
If your business touches the movement, exchange, custody, or facilitation of digital assets — you are very likely regulated under the MAS framework.
🧠
The Practical Regulatory Test: Ask yourself — “Do we touch, move, control, or influence digital assets or transactions?” If the answer is yes, MAS regulation likely applies — regardless of how the activity is described, branded, or structured.
How MAS Assesses Activities
MAS evaluates the actual substance of a business's operations across four dimensions — not the labels applied to those operations:
- Actual Functionality
What the platform or service actually does in practice — not how it is described in terms of service or marketing materials.
- End-to-End Transaction Flow
The complete lifecycle of a transaction — from initiation to settlement — and each party's role within it.
- Degree of Control
The extent to which the firm exercises control over assets, transactions, or user interactions — from full custody to indirect facilitation.
- Role in Execution or Facilitation
Whether the firm executes transactions directly or facilitates them indirectly — both can trigger regulated activity status.
🔗
7 Activities
Defined DPT activity categories under the PSA — most platforms trigger more than one
⚖️
Substance Test
MAS applies substance-over-form — avoidance strategies based on labels rarely succeed
🌐
FSM Act
Cross-border DPT services from Singapore may be regulated even with no Singapore users
The 7 Regulated DPT Activities
MAS-Regulated Crypto Activities — Full Breakdown
Below is a complete breakdown of the seven core DPT activity categories regulated by MAS under the PSA — including what each activity means in practice, the types of services that fall within each category, and the key trigger that determines whether the activity applies to your business.
01
💱
Dealing in Digital Payment Tokens
Buying or selling digital assets as a business — whether as principal, as agent, or through brokerage arrangements. Any business that executes or facilitates trades on behalf of users or as a market participant is likely "dealing."
Sample Services
- Crypto brokerage platforms (buy/sell on behalf of users)
- OTC (over-the-counter) trading desks
- Market-making services
- Fiat-to-crypto conversion services
🔴
Key Trigger: If you facilitate or execute trades — in any capacity — you are likely “dealing” under the PSA.
02
🏛️
Operating a DPT Exchange
Providing a platform where buyers and sellers interact, orders are matched, and trades are executed. The key characteristic is enabling price discovery and order matching between counterparties.
Sample Services
- Centralised crypto exchanges (CEX)
- Spot trading platforms with order books
- Matching engine-based marketplaces
- Peer-to-peer (P2P) trading platforms
🔴
Key Trigger: If you facilitate or execute trades — in any capacity — you are likely “dealing” under the PSA.
03
🔄
Facilitating the Exchange of DPTs
Arranging or enabling transactions without directly executing them. This category captures indirect participation — where a firm connects parties, routes orders, or enables trading infrastructure without being the direct counterparty.
Sample Services
- Aggregators routing orders to multiple exchanges
- Broker platforms connecting users to liquidity providers
- API-based trading facilitators
- Introducing brokers
🔴
Key Trigger: Even indirect facilitation constitutes a regulated activity. Routing orders through a third party does not remove the regulatory obligation.
04
📤
Transfer of Digital Payment Tokens
Executing or facilitating the movement of digital assets between parties. Any service that moves tokens between users, wallets, or accounts — whether on behalf of a third party or as part of a payment or remittance structure — is performing a transfer service.
Sample Services
- Crypto remittance services
- Wallet-to-wallet transfer platforms
- Cross-border token transfer services
- Payment gateways using crypto
🔴
Key Trigger: If you move tokens between users or accounts — for any purpose, including payment or remittance — you are performing a regulated transfer service.
05
🔐
Safeguarding / Custody of DPTs
Holding or controlling digital assets on behalf of customers. The regulatory test is control over private keys — not the label applied to the service. Any arrangement where the firm exercises control over a user's private keys constitutes custody.
Sample Services
- Custodial wallet providers
- Exchange-hosted wallets with firm-controlled keys
- Institutional custody platforms
- Key management services
🔴
Key Trigger: Control over private keys equals custody — regardless of how the service is labelled or how the contractual arrangement is structured.
06
📋
Arranging or Inducing DPT Transactions
Encouraging, promoting, or facilitating participation in crypto transactions — even where the firm does not directly execute or hold assets. This is the broadest category and captures "soft" intermediation that influences user decision-making.
Sample Services
- Referral platforms directing users to DPT services
- Token launch and IDO platforms
- Affiliate programmes for crypto services
- Investment recommendation platforms
🔴
Key Trigger: Even “soft” intermediation — referrals, recommendations, or introductions — may constitute a regulated activity under the PSA.
07
💵
Fiat-Related Payment Services (Crypto-Adjacent)
Handling fiat funds in connection with crypto transactions. Where a payment service processes, holds, or transmits fiat currency as part of a crypto-linked flow — including on/off ramps and e-wallet services — additional PSA licensing obligations may apply beyond the DPT licence.
Sample Services
- Fiat on/off ramps for crypto platforms
- Payment processing services for DPT businesses
- E-wallets supporting crypto purchases with fiat
🔴
Key Trigger: If fiat currency flows interact with crypto transactions — even as a supporting function — additional payment service licensing obligations may apply.
08
🌐
Cross-Border Activities — FSM Act
Even where a platform serves only overseas clients and has no Singapore-based users — if operations are conducted from Singapore, the Financial Services and Markets Act 2022 may capture those cross-border DPT services.
When the FSM Act Applies
- Platform operated from Singapore, serving overseas users
- Development or management of a DPT service conducted in Singapore
- Key personnel, servers, or infrastructure based in Singapore
⚠️
Key Trigger: Cross-border services from Singapore may require FSM Act authorisation even where no Singapore users are served — the jurisdictional test is based on where operations are conducted, not where clients are located.
Multiple Activities — The Full Transaction Lifecycle
Most Crypto Platforms Trigger Multiple Regulated Activities
MAS assesses the full transaction lifecycle — not isolated functions. Most operational crypto businesses perform several regulated activities simultaneously, and each must be covered within the firm's PSA licence. A single licence covers all regulated activities performed.
Example — Centralised Crypto Exchange (CEX)
Platform Function
Regulated Activity Triggered
Trading (buy/sell execution)
Dealing + Operating an Exchange
Hosted wallets
Custody / Safeguarding of DPTs
Withdrawals to external wallets
Transfer of Digital Payment Tokens
Fiat deposits and withdrawals
Fiat-Related Payment Service
Referral or affiliate programme
Arranging or Inducing DPT Transactions
💡
Key Insight: MAS licences cover all regulated activities performed — not a single activity. The licensing application must identify every regulated activity the business performs, and the application dossier must demonstrate compliance across all of them.
Common Misclassifications
❌ "We are just a tech platform"
Reality: If your technology facilitates transactions between users — including routing, matching, or enabling trading — you are performing a regulated activity regardless of the technology label.
❌ "We don't hold funds"
Reality: If you influence, route, or facilitate transactions — even without holding assets — the "arranging or inducing" and "facilitating exchange" categories may still apply.
❌ "We only provide APIs"
Reality: APIs that enable trading, order routing, or asset transfers are functional enablers of regulated activity. The API layer does not create a regulatory exemption.
⚠️
MAS applies a substance-over-form test. Structuring a business to avoid regulatory classification through technical or commercial labelling rarely succeeds — MAS looks through structure to underlying function.
How We Help
MAS Activity Mapping & Licensing Strategy — What We Deliver
We map your crypto business model to MAS-regulated activities with precision — identifying every regulated function your platform performs, the licence obligations that follow, and the optimal licensing strategy for your business model and growth trajectory.
🗺️
Activity Mapping & Regulatory Classification
We analyse your complete business model — platform architecture, transaction flows, wallet arrangements, and commercial structure — and map every function to its corresponding regulated activity category under the PSA. No activity is missed, no misclassification is carried forward.
⚖️
Licensing Strategy — PSA vs FSM Structuring
We determine the correct licensing pathway — SPI or MPI under the PSA, FSM Act scope for cross-border services, or a combined structure — and design the regulatory strategy around your specific activity profile, transaction volumes, and business model.
📊
Fund Flow Analysis
We map the complete fund flow — from user onboarding through transaction execution and settlement — identifying every point at which a regulated activity is triggered and every custody, transfer, or payment obligation that must be addressed in the licence application.
📋
Legal Opinion (MAS-Compliant)
We prepare or coordinate the mandatory MAS legal opinion on regulatory perimeter analysis — covering all regulated activities identified in the mapping exercise — ensuring it addresses MAS reviewers' specific questions and holds up through the iterative query process.
🔗
Multi-Activity Licensing Design
We design the complete licensing structure to cover all regulated activities the business performs — including activity-specific compliance frameworks, governance requirements, and documentation — ensuring no activity creates an unlicensed gap in the application.
🔍
Pre-Application Regulatory Assessment
For firms considering a MAS licence application, we conduct a comprehensive pre-application assessment — identifying all regulated activities, licensing obligations, capital requirements, AML implications, and structural considerations — before any formal engagement with MAS begins.
Precision Activity Mapping — Before You Apply, Not After
- We map every function of your business to its corresponding MAS-regulated activity category under the PSA
- We identify all licensing obligations that follow — across SPI/MPI thresholds, FSM Act scope, and multi-activity coverage
- We design the licensing strategy and application structure to cover every regulated activity your business performs
- We carry the complete regulatory assessment through to a MAS-compliant legal opinion and full application dossier
MAS regulates functions — not business names. Correct activity classification before you apply determines whether your licensing process is smooth or costly.
FAQs
Frequently Asked Questions — MAS Regulated Crypto Activities
Yes. A MAS PSA licence covers all regulated payment service activities performed by the licensee — there is no requirement to hold separate licences for each regulated activity. However, the licence application must identify every regulated activity the business performs, and the compliance framework must address each one. Failing to disclose all regulated activities in the application creates a gap that MAS may identify during review or supervision.
MAS applies a substance-over-form test — avoidance strategies based on technical or commercial labelling rarely succeed. If the underlying function of your business is to facilitate, execute, or enable digital asset transactions, MAS will assess the substance of that function rather than the label applied to it. Structuring specifically to avoid regulation — while performing the regulated function — creates compounding exposure rather than eliminating it.
Yes, where the firm exercises control over private keys or assets on behalf of customers. MAS determines custody by control — not by the label applied to the service. If your platform holds private keys, operates hosted wallets, or exercises discretionary control over user assets in any form, that constitutes a regulated custody activity under the PSA. Non-custodial services — where users retain sole control of their own private keys throughout — are not custody activities.
Not all — but most operational models trigger at least one regulated activity. Pure software development, non-custodial open-source protocol development, and genuine infrastructure provision without transaction facilitation may fall outside the regulatory perimeter. However, once a business begins to facilitate, execute, arrange, or enable digital asset transactions — even indirectly — one or more PSA activities are likely triggered. The safest approach is a professional regulatory perimeter analysis before building or launching.
Potentially yes — under the Financial Services and Markets Act 2022. The FSM Act captures cross-border digital token services conducted from Singapore, regardless of where clients are located. If your platform’s operations, management, or key infrastructure are based in Singapore — and the platform provides DPT services to users overseas — MAS authorisation under the FSM Act may be required. The jurisdictional test is based on where the service is conducted from, not where clients are located.
Identify Your Regulated Activities Before You Apply
Book a MAS Licensing Assessment
Whether you are mapping activities for the first time or preparing a MAS licence application, correct regulatory classification is the foundation everything else is built on. Let us map your business model to MAS-regulated activities today.