- Singapore — Regulator Profile
MAS — The Singapore Crypto Regulator
MAS is Singapore’s integrated financial regulator overseeing digital payment token activities — what requires a licence under the Payment Services Act, AML/CFT expectations, technology risk standards, and how firms secure authorisation in one of the world’s most stringent crypto regimes.
Quick Facts — MAS at a Glance
⚖️
Governed by the Payment Services Act 2019 and FSM Act 2022
🔑
Two licence tiers — Standard Payment Institution and Major Payment Institution
⏱️
Licensing typically takes 6 - 9+ months
🛡️
AML compliance is the primary approval driver
📋
Legal opinion and external audit are mandatory for DPT applicants
Who MAS Is
The Monetary Authority of Singapore
The Monetary Authority of Singapore (MAS) is the central bank and integrated financial regulator of Singapore, responsible for supervising banking and financial institutions, capital markets, payment services, and all digital asset and crypto-related activities.
MAS regulates digital asset businesses primarily under the Payment Services Act 2019 (PSA) and the Financial Services and Markets Act 2022 (FSM Act). A person must not carry on a regulated digital payment token (DPT) activity in Singapore — or from Singapore — without MAS authorisation.
Operating DPT services in or from Singapore without MAS authorisation is a regulatory offence. The FSM Act also captures cross-border digital token services originating from Singapore.
🏛️
MAS treats crypto firms as critical financial infrastructure — not technology startups. The expectations placed on DPT service providers are institutional-grade across governance, technology risk, AML, and capital adequacy.
Legislative & Regulatory Instruments MAS Uses
- Payment Services Act 2019 (PSA) — licensing of payment and crypto activities, including DPT services
- Financial Services and Markets Act 2022 (FSM Act) — cross-border digital token services from Singapore
- MAS Notice PSN02 (legally binding) — AML/CFT obligations for DPT service providers
- MAS Technology Risk Management Notice — mandatory technology risk and cyber hygiene standards
- MAS Guidelines PS-G01 — — licensing guidelines for payment service providers
- Fit & Proper Criteria Guidelines — governing directors, shareholders, and senior management
- Securities and Futures Act — Token Classification Guidance — determines when tokens are capital markets products
📋
The MAS framework is risk-based, technology-focused, and AML-intensive — with strong emphasis on governance, operational resilience, and cross-border activity controls.
Scope & Coverage
What MAS Regulates — DPT Services
To carry on a Digital Payment Token (DPT) service in Singapore, firms must obtain a licence specifying the regulated activity, licence type (SPI or MPI), the operational scale and thresholds, and any additional supervisory conditions. MAS applies a broad functional test — capturing even indirect participation in crypto transactions.
💱 Buying and Selling Digital Assets
🏛️ Operating Trading Platforms (Exchanges)
📤 Facilitating Token Transfers
🔐 Safeguarding / Custody of Digital Assets
📋 Arranging or Inducing Transactions
🔄 Brokerage and Intermediation Services
⚖️
2 Tiers
SPI and MPI — licence type determined by transaction volume and systemic risk
⏱️
6 - 9+ Months
Typical MAS approval timeline — highly iterative and evidence-driven
🌐
Cross-Border
FSM Act captures digital token services from Singapore to overseas users
The Licensing Framework
Scale Matters — SPI vs MPI
The PSA licensing regime is structured based on transaction volume and systemic risk. Your monthly transaction volumes determine whether you qualify for a Standard Payment Institution or must obtain a Major Payment Institution licence — with materially different obligations attached to each.
Lower Volume
Standard Payment Institution (SPI)
Below prescribed transaction thresholds
Threshold Criteria
- Below SGD 3 million per payment service (monthly)
- Below SGD 6 million aggregate monthly transaction volume
- Below SGD 5 million float (e-money threshold)
Regulatory Character
- Lighter requirements relative to MPI
- Disclosure-based safeguarding obligations
- Still subject to full AML/CFT and technology risk obligations
- Appropriate for smaller or earlier-stage operations
💡 Lower barrier — full compliance still required
Higher Volume
Major Payment Institution (MPI)
Above thresholds — enhanced obligations apply
Threshold Criteria
- Exceeds SGD 3 million per payment service (monthly)
- Exceeds SGD 6 million aggregate monthly transaction volume
- Exceeds SGD 5 million float (e-money threshold)
Regulatory Character
- Full prudential, safeguarding, and compliance obligations
- Capital adequacy and operational buffer requirements
- Heightened MAS supervision and reporting obligations
- Required for institutional-scale DPT businesses
⚠️ Full institutional-grade obligations
💡
No crypto-specific licence fee. MAS licensing is activity-based — the applicable fee depends on the regulated activity type and licence tier, not on a fixed digital asset licensing charge. Cross-border DPT services may also require assessment under the FSM Act regardless of SPI/MPI classification.
How Firms Get Authorised
The MAS DPT Licensing Pathway — 10 Stages
MAS approval is highly iterative and evidence-driven — often involving multiple rounds of engagement, a management interview, and detailed scrutiny of governance, AML, and technology controls. Every stage must be properly completed before the next can advance.
01
Regulatory Classification
Confirm token classification (security token vs DPT) and the precise regulated activity. Misclassification at this stage creates compounding problems throughout the application.
Critical First Step
02
Licensing Strategy
Determine SPI vs MPI based on projected volumes, FSM Act cross-border scope, and long-term business model. The licensing strategy shapes every subsequent decision.
SPI vs MPI Determination
03
Legal Opinion (Mandatory)
MAS requires a formal legal opinion from Singapore-qualified counsel on the regulatory perimeter analysis. This is non-negotiable for all DPT service applicants.
Mandatory — MAS Requirement
04
Regulatory Business Plan
Develop a comprehensive regulatory business plan covering services, fund flows, revenue model, governance structure, risk management approach, and financial projections — aligned with MAS expectations.
Core Application Document
05
AML/CFT & Governance Frameworks
Build the complete AML/CFT programme (PSN02 compliant), governance architecture, fit-and-proper assessments for directors and senior management, and technology risk controls to MAS TRM standards.
AML Is the Primary Driver
06
Full Application Dossier
Prepare the complete MAS application package — all prescribed forms, supporting documentation, financial statements, governance policies, and compliance frameworks in submission-ready format.
Complete Submission Required
07
Submission & Query Management
Multiple Rounds Expected
08
Management Interview
Senior management and key individuals will be interviewed by MAS as part of the fit-and-proper assessment. Preparation and alignment across the leadership team is critical at this stage.
MAS Interview Required
09
In-Principle Approval (IPA)
MAS grants IPA subject to conditions. Conditions must be fulfilled — including operational readiness, system testing, and remaining governance milestones — before the full licence is issued.
Conditions Apply
10
Conditions Fulfilled — Licence Issued
All IPA conditions satisfied. Full PSA licence granted. Ongoing supervision obligations — reporting, annual reviews, material event notifications, and AML monitoring — begin from licence issuance.
Ongoing Supervision Begins
What "Good" Looks Like
Conduct, Prudential & Technology Standards
MAS holds DPT service providers to institutional-grade standards across three core dimensions. All three must be evidenced at application stage — not planned for post-approval implementation.
🏦
Prudential Standards
- Capital adequacy — minimum capital plus operational buffer
- Ability to sustain 6–12 months of operating expenses
- Financial soundness and liquidity management
- Stress-testing and capital monitoring frameworks
⚖️
Conduct Expectations
- Fair and transparent client disclosures at all times
- No misleading marketing — especially to retail users
- Conflict of interest identification and management
- Accessible and timely complaints handling framework
🔐
Technology & Custody Controls
- Segregation of customer assets from firm assets
- Private key lifecycle governance
- Multi-signature controls and wallet architecture
- Daily reconciliation procedures
- Incident response protocols
- Business continuity and disaster recovery plans
🏛️
MAS treats crypto firms as critical financial infrastructure. Technology risk management is assessed against the MAS TRM Notice — a legally binding standard that applies to all licensed DPT service providers regardless of size or licence tier.
AML, Travel Rule & Financial Crime
MAS AML/CFT — The Primary Approval Driver
AML compliance is the single most heavily weighted factor in MAS DPT licence applications. MAS aligns closely with FATF standards and applies additional scrutiny specific to crypto-related risks — particularly transaction monitoring, blockchain analytics, and Travel Rule implementation.
Mandatory AML/CFT Requirements
- Risk-based AML framework — documented, implemented, and tested at submission
- Customer Due Diligence (CDD) — full KYC onboarding with risk-tiered procedures
- Enhanced Due Diligence (EDD) — for high-risk clients, PEPs, and complex structures
- Blockchain analytics and transaction monitoring — real-time screening against risk typologies
- Sanctions screening — ongoing, at onboarding, and on transaction execution
- Suspicious Transaction Reporting (STR) — mandatory reporting to the Suspicious Transaction Reporting Office
- Travel Rule compliance — originator and beneficiary data collection, transmission, and retention
Travel Rule — MAS Specifics
MAS has implemented Travel Rule requirements aligned with FATF Recommendation 16. DPT service providers must collect and transmit originator and beneficiary information for virtual asset transfers — and MAS expects a compliant technical solution to be in place at application stage, not post-approval.
⚠️
Blockchain analytics are specifically expected by MAS — particularly for transaction monitoring of DPT flows. Generic AML frameworks that do not address blockchain-specific risk typologies will not pass MAS scrutiny.
📋
MAS Notice PSN02 is legally binding — not guidance. Non-compliance with PSN02 AML/CFT obligations is a direct regulatory offence subject to enforcement action.
✔
MAS aligns closely with FATF standards with additional crypto-specific scrutiny layered on top — particularly covering DeFi exposure, peer-to-peer transaction monitoring, and high-risk jurisdiction controls.
Restrictions & Prohibitions
What MAS Restricts or Prohibits
The MAS framework imposes strict restrictions on DPT service providers — with heightened scrutiny applied to any services targeting retail users. These restrictions apply from the date of licensing and are enforced actively during supervision.
❌
Operating Without a Licence
Carrying on any DPT service in or from Singapore without MAS authorisation is a regulatory offence under the PSA — regardless of the licensing status of the entity in other jurisdictions.
❌
Anonymous or Fictitious Accounts
All customer accounts must be identified and verified. Anonymous accounts, pseudonymous onboarding, and fictitious customer profiles are prohibited under PSN02 and the PSA.
❌
Use of Customer Funds for Proprietary Purposes
Customer assets must be fully segregated from firm assets. Using customer funds for proprietary trading, investments, or business operations is strictly prohibited.
❌
Lending or Credit Facilities to Retail Users
DPT service providers cannot offer lending, credit facilities, or leverage to retail customers. This restriction applies regardless of how the product is structured or labelled.
❌
Commingling of Client and Company Assets
Client assets must be held separately from firm assets at all times — with daily reconciliation, independent custody, and segregated accounting.
❌
Misleading or Aggressive Retail Marketing
MAS restricts advertising and promotion of DPT services to retail users — including restrictions on paid advertising, social media promotion, and public-facing marketing that targets retail investors.
⚠️
Crypto businesses targeting retail users are subject to heightened restrictions and scrutiny. MAS has taken a firm position that retail DPT marketing creates systemic risk — and has implemented specific advertising restrictions that apply to all licensed and unlicensed DPT providers.
Supervision & Enforcement
How MAS Supervises Licensed DPT Providers
MAS supervision does not end at licence issuance. Licensed DPT service providers are subject to ongoing, active supervision across multiple channels — with mandatory material event reporting obligations and an active enforcement framework.
📊
Ongoing Regulatory Reporting — periodic returns and financial disclosures
🛡️
AML/CFT Audits — independent reviews of AML programme effectiveness
💻
Technology Risk Reviews — assessment of TRM Notice compliance and cyber hygiene
🔍
On-Site Inspections — MAS supervisory visits to assess live operations
📋
Thematic Reviews — industry-wide assessments of specific risk areas
⚖️
Enforcement & Penalty Framework — active enforcement including fines and licence revocation
⚠️
Material event reporting is mandatory and time-sensitive. Cyber incidents, AML breaches, financial deterioration, significant operational disruptions, and changes in control or ownership must be reported to MAS promptly — failure to report is itself a regulatory offence.
How We Help
MAS DPT Licensing — What We Deliver
We carry the full MAS licensing file from regulatory classification through to licence issuance — building board-grade artefacts that reflect how MAS reviewers think, not how technology vendors present.
⚖️
Regulatory Perimeter & Token Classification
We determine whether your token is a DPT, a capital markets product under the SFA, or an e-money instrument — and map the precise MAS regulatory perimeter before any application work begins. Misclassification at this stage derails everything that follows.
🗺️
Licensing Strategy — PSA vs FSM
We determine the correct licensing pathway — SPI or MPI under the PSA, FSM Act scope for cross-border services, or a combined structure — and design the regulatory strategy around your business model and projected transaction volumes.
📋
Legal Opinion (MAS-Compliant)
We prepare or coordinate the mandatory MAS legal opinion on regulatory perimeter analysis — ensuring it addresses the specific questions MAS reviewers focus on and holds up through the iterative query process.
📊
Business Plan & Fund Flow Design
We draft the regulatory business plan — the core document in every MAS application — covering services, fund flows, revenue model, risk management, governance structure, and financial projections aligned with MAS approval criteria.
🛡️
AML / Travel Rule Framework
We design and implement the full AML/CFT programme to PSN02 standard — including blockchain analytics integration, Travel Rule compliance architecture, transaction monitoring calibration, and STR reporting frameworks.
🔐
Custody & Wallet Architecture
We advise on custody infrastructure aligned with MAS requirements — private key lifecycle governance, multi-signature controls, asset segregation, daily reconciliation, and incident response — built to withstand MAS technology risk review.
👥
Governance & Fit & Proper Assessment
We structure the governance framework, prepare director and senior management profiles for fit-and-proper assessment, and prepare the leadership team for the MAS management interview — one of the most determinative stages of the process.
🌐
Full MAS File Management to Licence
We manage the complete MAS application — from submission through query rounds, IPA conditions, and final licence issuance — maintaining the regulatory file, coordinating external advisors, and managing all MAS engagement throughout.
Board-Grade Artefacts. Full File Management. Through to Go-Live.
- We determine your regulatory perimeter and token classification before any application or fee expenditure begins
- We build the full MAS application dossier — legal opinion, business plan, AML framework, governance, and technology controls
- We manage all MAS interactions — submission, query responses, management interview preparation, and IPA conditions
- We carry the file through to licence issuance and operational go-live — including post-approval compliance infrastructure
MAS is one of the most stringent crypto regulators globally. Approval requires institutional-grade preparation — not a standard licence application.
FAQs
Frequently Asked Questions — MAS DPT Licensing
Yes. Carrying on any DPT service in or from Singapore requires MAS authorisation under the Payment Services Act 2019. This applies to buying and selling digital assets, operating exchanges, facilitating transfers, safeguarding customer assets, and brokerage or intermediation. Cross-border services from Singapore to overseas users may also be captured under the Financial Services and Markets Act 2022 regardless of where clients are located.
Typically 6 – 9+ months from submission to licence issuance, depending on the complexity of the business model, the completeness and quality of the application, and the number of query rounds issued by MAS. MAS approval is highly iterative and evidence-driven — firms that submit complete, well-structured applications with strong AML frameworks progress faster. Inadequate submissions that generate extensive queries can extend the timeline significantly beyond 18 months.
No. Custody is assessed separately based on control over private keys and the specific arrangements under which customer assets are held. Where your business involves safeguarding digital assets, the custody arrangements must be properly structured — including private key governance, asset segregation, and reconciliation procedures — and evidenced in the application. MAS does not treat custody as automatically included in a trading or exchange licence.
No. The FSM Act captures cross-border digital token services carried on from Singapore — meaning that even where clients are located outside Singapore, if the service is provided from Singapore, MAS authorisation is required. This is a broad functional test and firms cannot structure around it by simply incorporating offshore while maintaining Singapore-based operations.
The Standard Payment Institution (SPI) licence applies to firms below prescribed monthly transaction thresholds — SGD 3 million per service and SGD 6 million aggregate. The Major Payment Institution (MPI) licence applies above these thresholds and carries full prudential, safeguarding, and compliance obligations. Most institutional DPT businesses targeting scale will require an MPI licence. The correct classification depends on your projected transaction volumes and business model — we determine this as the first step of every engagement.
Ready to Pursue a MAS DPT Licence?
Book a MAS Strategy Call
Whether you are assessing scope, preparing an application, or remediating an existing submission, securing a MAS DPT licence starts with the right regulatory strategy. Let us map your Singapore licensing pathway today.