Singapore crypto regulations remain one of Asia’s top compliance priorities, with Singapore being among the most proactive jurisdictions. Compliance expectations are high and continue to evolve. Firms offering digital payment token services are required to meet comprehensive standards across licensing, AML/CFT controls, and operational risk management.

Regulatory Authorities Involved in Singapore Crypto Regulations

Several government bodies regulate crypto activities in Singapore:

  • Monetary Authority of Singapore (MAS): Primary regulator for financial institutions and capital markets activities involving digital tokens.
  • Ministry of Law: Oversees AML/CFT for entities that are not MAS-licensed but fall under certain AML reporting obligations.
  • Singapore Police Force (STRO): Tackles cybercrime and receives Suspicious Transaction Reports related to digital asset activity.

Licensing Framework Under the Payment Services Act

Firms engaging in Digital Payment Token (DPT) services must be licensed under the Payment Services Act 2019 (PSA). In 2025, MAS enforces three main licence types for crypto-related activities:

  • Money-Changing Licence (not relevant for DPTs)
  • Standard Payment Institution (SPI)
  • Major Payment Institution (MPI)

A company offering DPT services must obtain either an SPI or MPI licence depending on transaction thresholds.

MAS maintains a public register of licensed DPT providers, and offering such services without a licence is a criminal offence.

Key Aspects of the Licensing Framework

Digital Token Service Provider (DTSP) License

As of June 30, 2025, entities incorporated in Singapore that offer digital token services to clients outside the country must hold a DTSP license under the Financial Services and Markets Act 2022 (FSMA), which expands the scope of regulation beyond the PSA for certain activities. MAS has stated that it has “set the bar high” for licensing DTSPs serving overseas clients and will “generally not issue a licence” due to higher money laundering risks and supervisory challenges.

Minimum Capital Requirements

DPT service providers must demonstrate compliance with stringent licensing criteria, including maintaining a minimum base capital (e.g., SGD 250,000 for DTSP applications).

Segregation of Customer Assets

Licensed crypto firms are required to segregate customer assets, hold them on trust, and safeguard them with financial institutions in Singapore. This includes maintaining separate blockchain addresses for customer and firm assets, conducting daily reconciliations, and ensuring custody functions are operationally independent. Recent MAS guidelines stress storing 90% of customer assets in offline cold wallets for enhanced security.

Prohibition on Lending and Staking for Retail Customers

Lending and staking of retail customer tokens are prohibited, though these remain permitted for institutional and accredited investors.

Marketing Restrictions

MAS has set clear restrictions on the advertising and promotion of DPTs to ensure responsible marketing practices. DPT service providers must not trivialize the risks of trading in DPTs. Advertisements in public spaces or through mass media channels are generally prohibited. Promotion is typically restricted to their own corporate websites, mobile applications, or official social media accounts.

Anti-Money Laundering and Counter-Terrorist Financing (AML/CFT) Requirements

Licensed DPT service providers are subject to the same AML/CFT obligations as traditional financial institutions. These include:

Customer Due Diligence (CDD)

DPT service providers are required to identify and know their customers (including beneficial owners) and conduct ongoing monitoring. This includes:

  • Performing CDD from the first dollar of all DPT transactions
  • Enhanced CDD for higher-risk customers (e.g., Politically Exposed Persons or customers from high-risk jurisdictions).

Risk-Based Approach

Firms must conduct thorough risk assessments to identify and prioritise potential ML/TF risks and develop policies and controls to mitigate these risks. This includes assessing risks related to new products and technologies.

Transaction Monitoring

Crypto businesses must monitor transactions for unusual patterns, including the use of anonymity-related services, as indicators for money laundering and/or terrorist financing red flags. Enhanced monitoring should be conducted for higher-risk situations.

Suspicious Transaction Reporting (STRs)

DPT service providers must file STRs with the Commercial Affairs Department (CAD) of the Singapore Police Force and the MAS if they suspect money laundering or terrorism financing activities.

Record-Keeping

Detailed records of customer due diligence and transactions must be maintained and kept updated.

Travel Rule Compliance

DPT service providers must comply with the FATF’s Travel Rule, which requires them to collect and share originator and beneficiary information for DPT transfers. When value transfers are made between VASPs on behalf of their customers, the originating VASP must transmit necessary originator and beneficiary information to the beneficiary VASP, and vice versa.

Compliance Management Arrangements

DPT service providers are required to develop appropriate compliance management arrangements, including appointing an AML/CFT compliance officer at the management level.

Audit Function

They must maintain an adequately resourced and independent audit function to regularly assess the effectiveness of their internal policies, procedures, controls, and compliance with regulatory requirements.

Staff Training

Employees and officers must be regularly and appropriately trained on AML/CFT regulations, internal policies, procedures, and controls. MAS issued updated AML/CFT Notices in 2024 regarding virtual assets risk assessment, digital token offerings and several consultation papers in an attempt to establish an effective AML framework in the digital space.

Other Expectations

Crypto service providers must consider other regulatory expectations derived from the following:

  • Financial Services and Markets Act 2022 (FSMA): Beyond the PSA, the FSMA grants MAS broader powers to regulate digital token services, especially for those serving overseas clients. This act enhances MAS’s ability to oversee a wider range of digital token activities and enforce compliance, regardless of where users or funds are located.
  • Stablecoin Regulation: MAS has a regulatory framework for stablecoins, aiming to ensure a high degree of value stability for stablecoins regulated in Singapore. Issuers of stablecoins classified as e-money will require a PSA license and are subject to specific requirements regarding reserves, capital, and redemption at par.
  • Cyber Security: Implementing robust cybersecurity measures is a critical licensing criterion and ongoing obligation for DPT service providers.
  • Engagement with MAS: MAS maintains an ongoing dialogue with the industry and provides guidance through consultation papers and responses to feedback. Crypto providers should stay updated on these communications to understand evolving regulatory expectations.
  • Focus on Responsible Innovation: While Singapore has a robust regulatory framework, MAS also aims to foster responsible innovation in the digital asset space, encouraging real-world applications that boost efficiency and create economic value.

Final Thoughts

Singapore offers a structured and transparent regulatory environment for digital asset businesses, but with that comes a high compliance bar. Licensed entities must ensure that AML/CFT, technology risk, and licensing obligations are fully understood and implemented across functions.

Compliance professionals should maintain close familiarity with MAS notices, guidelines, and public enforcement actions. Ongoing dialogue with regulators and third-party audits are no longer optional. They are part of the baseline for operating.