Do You Need a MAS Licence? How to Know If Your Crypto Business Is Regulated in Singapore

Part 1: Understanding When Regulation Applies (And Why Most Businesses Get It Wrong)

If you’re planning to start a crypto business in Singapore—or already operating one—there’s one question that matters more than anything else:

Do we actually need a MAS licence?

It sounds simple.

But in reality, this is one of the most misunderstood—and most dangerous—questions in the entire crypto regulatory landscape.

Because getting it wrong doesn’t just mean a delay.

It can mean:

• Regulatory breaches
• Forced restructuring
• Operational disruption
• Or even being unable to continue operating

And here’s the part most founders don’t realise early enough:

Most crypto businesses in Singapore are regulated—even when they don’t think they are.

Why This Question Is More Complex Than It Looks

At first glance, it seems like a straightforward legal determination:

• You either need a licence
• Or you don’t

But Singapore doesn’t work that way.

MAS Does Not Regulate Based on Labels

You can call your business:

• A Web3 platform
• A decentralised protocol
• A technology provider
• A liquidity layer

MAS doesn’t care.

What MAS looks at is:

What your business actually does in practice.

And that’s where things become complex.

The Most Common Assumption (And Why It Fails)

Let’s start with the biggest misconception we see across founders, builders, and even experienced operators.

“We don’t hold funds, so we don’t need a licence.”

It sounds logical.

But in Singapore, it’s often wrong.

MAS will ask:

• Do you facilitate transactions?
• Do you connect buyers and sellers?
• Do you influence how trades happen?

If the answer is yes:

You may already be within the regulatory perimeter.

Key Insight

In Singapore, regulation is based on function—not custody, not branding, not intention.

Understanding the MAS Approach: “Substance Over Form”

To properly answer whether you need a MAS licence, you need to understand how MAS approaches regulation.

MAS applies what is known as:

A “substance over form” approach

This means:

• It looks beyond how your business is described
• It focuses on what your business actually does
• It analyses real-world activity—not theoretical structure

What This Means in Practice

Even if your platform is:

• Non-custodial
• API-based
• Decentralised in design

MAS will still ask:

• Who built it?
• Who maintains it?
• Who benefits from it?
• Who influences transactions?

If there is identifiable control or facilitation:

Regulation can apply.

The Core Principle: Activities Define Regulation

Everything in Singapore’s crypto regulation framework comes down to one principle:

It’s not about what your business is—it’s about what your business does.

This is critical.

Because once your activity falls within a regulated category:

Licensing is no longer optional.

What Activities Are Regulated in Singapore?

Under Singapore’s regulatory framework (primarily the Payment Services Act), crypto businesses are assessed based on specific activities involving Digital Payment Tokens (DPTs).

Let’s break down the key ones.

1. Dealing in Digital Payment Tokens

This is one of the broadest categories.

You are considered to be “dealing” if you:

• Buy or sell crypto
• Execute trades for clients
• Act as an intermediary

Real-World Examples:

• Crypto brokerages
• OTC desks
• Fiat-to-crypto conversion services

Important Detail:

You do not need to:

• Hold assets
• Take principal risk

If you facilitate buying or selling:

You are likely dealing.

2. Operating a Crypto Exchange

If your platform:

• Matches buyers and sellers
• Enables trading
• Determines pricing through order matching

Then you are operating an exchange.

Examples:

• Centralised exchanges
• Trading platforms
• Order book systems

3. Facilitating Crypto Transactions

This is where many businesses get caught unexpectedly.

Even if you:

• Do not execute trades
• Do not hold funds

But you:

• Route orders
• Connect users to exchanges
• Enable execution

You may still be regulated.

Example:

• Aggregators
• API trading platforms
• Smart order routing systems

Key Insight

You don’t need to execute a transaction to be regulated.
Enabling it can be enough.

4. Transfer of Digital Payment Tokens

If your business:

• Moves crypto between users
• Enables transfers
• Facilitates payments using crypto

You may fall within regulated activity.

Examples:

• Crypto remittance platforms
• Payment gateways
• Wallet transfer services

5. Custody of Digital Assets

If your business:

• Holds private keys
• Controls access to user assets
• Stores funds on behalf of users

You are providing custody.

And custody is one of the most sensitive regulated activities.

Key Insight

Control over private keys = control over assets = regulatory responsibility.

The Multi-Activity Reality

Here’s where things become even more important.

Most crypto businesses are not doing just one activity.

Example — A Typical Exchange

A single platform may:

• Facilitate trading → Exchange activity
• Execute orders → Dealing
• Hold assets → Custody
• Enable withdrawals → Transfer

What MAS Sees

Not separate features.

But:

One integrated system with multiple regulated activities.

Key Insight

MAS evaluates your entire ecosystem—not individual features.

The Cross-Border Misconception (Critical)

Now let’s address one of the most dangerous assumptions.

“We don’t serve Singapore users, so we don’t need a MAS licence.”

This used to be a common strategy.

But not anymore.

Today’s Reality

If your business:

• Operates from Singapore
• Has a team in Singapore
• Makes decisions in Singapore

You may still be regulated.

Even if:

• All your users are overseas

Why?

Because Singapore introduced frameworks to capture:

Cross-border crypto activity conducted from within its jurisdiction

Key Insight

MAS regulates where you operate from—not just who you serve.

Three Categories of Businesses (Where Do You Fall?)

At this stage, most businesses fall into one of three categories.

Category 1: Likely Not Regulated (Rare)

This applies if you are:

• Purely informational
• Not facilitating transactions
• Not influencing execution
• Not holding or moving assets

These cases are:

Rare and highly fact-specific.

Category 2: Potentially Regulated (Needs Analysis)

This includes:

• Hybrid models
• API-based systems
• Partial facilitation

These require:

• Detailed legal analysis
• Activity mapping
• Careful structuring

Category 3: Clearly Regulated (Most Cases)

This includes:

• Exchanges
• Brokerages
• Custody providers
• Transfer services
• Trading platforms

In these cases:

A MAS licence is required.

Why Getting This Wrong Is So Costly

At this point, you might be thinking:

“We’ll just apply later if needed.”

That approach is risky.

Because if you misclassify your business:

You may face:

• Regulatory exposure
• Delayed licensing
• Costly restructuring
• Loss of credibility

Key Insight

The earlier you understand your regulatory position, the more efficiently you can build your business.

A Practical Test You Can Use Today

If you want a quick way to assess your situation, ask yourself:

Does your business:

• Enable crypto transactions?
• Connect buyers and sellers?
• Influence trading or execution?
• Move digital assets?
• Control private keys?

If you answered YES to any of these:

You are likely within MAS regulatory scope.

Final Thought for Part 1

At this stage, one thing should be clear:

Determining whether you need a MAS licence is not a technical exercise—it’s a strategic one.

Because it affects:

• Your business model
• Your structure
• Your costs
• Your timeline
• Your ability to operate

And most importantly:

Your ability to succeed in Singapore.

Next: Part 2 — How to Assess Your Business Model and Make the Right Licensing Decision

In Part 2, we’ll go deeper into:

• How to analyse your business properly
• Common grey areas (DeFi, APIs, non-custodial models)
• When you might NOT need a licence
• And how to structure your business the right way

Because once you get this decision right:

Everything else becomes easier.

Part 2: How to Assess Your Business Model and Make the Right Licensing Decision

In Part 1, we established a critical truth:

Most crypto businesses operating in or from Singapore are regulated—whether they realise it or not.

Now we move to the practical part:

How do you actually determine your position with confidence?

Because this is where things move from theory to reality.

And where many founders either:

• Get clarity and move forward correctly
  or
• Misjudge their position and create long-term problems

The Right Question to Ask

Most people ask:

“Do we need a MAS licence?”

But that’s not the best question.

The Better Question Is:

“How does MAS classify what we are doing?”

Because once MAS classifies your activity:

• Your regulatory obligations are defined
• Your licensing requirement becomes clear

Step 1: Break Your Business Into Functions

One of the biggest mistakes founders make is looking at their business as a single concept.

MAS does not do that.

MAS breaks your business into:

Individual functions

Why This Matters

Because different parts of your platform may trigger:

• Different regulatory obligations
• Multiple regulated activities

Example — A “Simple” Crypto Platform

You might think:

“We are just a trading platform.”

MAS will break it down like this:

• User onboarding → AML obligations
• Order placement → Facilitation
• Matching engine → Exchange activity
• Wallet → Custody
• Withdrawals → Transfer

Key Insight

Your business is not one activity—it is a collection of regulated functions.

Step 2: Map Each Function to MAS-Regulated Activities

Once you break down your business, the next step is mapping.

Ask:

For each function:

“What is actually happening here?”

Example Mapping

Function	MAS View
Matching orders	Exchange
Routing trades	Facilitation
Holding assets	Custody
Moving funds	Transfer

Why This Step Is Critical

Because once even one function is regulated:

Your entire business may require licensing.

Step 3: Identify Control vs Influence

This is where many businesses fall into grey areas.

MAS distinguishes between:

• Control → Direct handling
• Influence → Indirect involvement

Control (Clear Regulation)

• Holding private keys
• Executing trades
• Moving assets

Influence (Still Regulated in Many Cases)

• Routing orders
• Connecting users
• Enabling execution

Key Insight

Even if you don’t control assets, influencing transactions can still trigger regulation.

Understanding the “Grey Zone” Models

This is where most confusion exists.

Let’s address the most common ones.

1. Non-Custodial Platforms

The Assumption

“We don’t hold funds, so we don’t need a licence.”

The Reality

MAS will ask:

• Do you facilitate transactions?
• Do you influence execution?

If yes:

You may still be regulated.

Example

A platform:

• Connects users to exchanges
• Does not hold funds

MAS view:

Facilitating transactions → potentially regulated

2. API / Aggregator Platforms

The Assumption

“We are just infrastructure.”

MAS View

• Does your API enable trading?
• Does it route orders?

If yes:

You are part of the transaction chain.

Key Insight

Infrastructure can still be regulated if it enables financial activity.

3. DeFi / “Decentralised” Models

The Assumption

“We are decentralised, so regulation doesn’t apply.”

MAS Will Ask:

• Who built the protocol?
• Who maintains it?
• Who earns from it?

If there is:

• Control
• Influence
• Economic benefit

Regulation may apply.

Key Insight

Decentralisation does not automatically remove regulatory responsibility.

4. Token-Based Business Models

If your business involves tokens, another layer of analysis applies.

MAS Will Assess:

• What rights does the token give?
• Is there profit expectation?
• Is there pooled investment?

Possible Outcomes

• Digital Payment Token → PSA
• Security Token → Securities laws
• Hybrid → Dual regulation

Key Insight

Token classification can completely change your regulatory obligations.

When You Might NOT Need a MAS Licence

Let’s be balanced—there are scenarios where licensing may not be required.

These Are Rare, But Possible

Pure Technology Providers

• No involvement in transactions
• No facilitation
• No influence

Informational Platforms

• Data providers
• Analytics dashboards
• Research tools

Certain Non-Custodial, Passive Models

But only if:

• No influence over transactions
• No involvement in execution

Important

These cases require:

Careful legal analysis—not assumptions

The Biggest Strategic Mistake

At this point, many founders try to do one thing:

“Let’s structure the business to avoid licensing.”

This approach usually leads to:

• Weak business models
• Regulatory risk
• Future restructuring

The Better Approach

Instead of avoiding regulation:

Design your business to be licensable.

Key Insight

In Singapore, working with the regulator is more effective than trying to avoid it.

How to Make the Right Licensing Decision

Now let’s bring everything together.

Ask Yourself:

1. What are all the functions in our business?

2. Which of these involve crypto transactions?

3. Where do we control or influence activity?

4. Are we operating from Singapore?

5. Are we targeting Singapore users (or could we be)?

If the Answer Points to Regulation:

Then the next step is clear:

Prepare for MAS licensing properly.

The Cost of Getting This Decision Right (or Wrong)

If You Get It Right:

• Clear strategy
• Smooth application
• Faster approval
• Strong positioning

If You Get It Wrong:

• Delays
• Rework
• Increased cost
• Regulatory friction

A Final Reality Check

Before you move forward, be honest with yourself:

Are we:

• Trying to understand regulation?
  or
• Trying to avoid it?

Because in Singapore:

Avoidance rarely works.
Alignment does.

How CRYPTOVERSE Can Help

Determining whether you need a MAS licence is not just a legal question—it’s a strategic decision that shapes your entire business.

That’s where CRYPTOVERSE comes in.

We help clients:

• Analyse their business model from a regulatory perspective
• Map activities accurately under MAS frameworks
• Identify licensing requirements early
• Structure operations to align with MAS expectations

This ensures that you don’t just guess your regulatory position—you understand it clearly and act on it confidently.

Because getting this decision right at the beginning:

Saves months of delays and significant costs later.

Final Thought

At the end of the day, this entire question comes down to one thing:

Clarity.

Clarity on:

• What you are doing
• How MAS sees it
• What obligations apply

Because once you have that:

• Your structure becomes clearer
• Your strategy becomes stronger
• Your path forward becomes obvious

And most importantly:

You move from uncertainty → to control.

FAQs