For years, Singapore was the go-to playground for crypto startups looking to build a brand with Asian credibility while technically serving only overseas clients. That loophole is gone. As of June 30, 2025, the Monetary Authority of Singapore (MAS) enforced strict new rules under the Financial Services and Markets Act, closing the door on regulatory arbitrage. If you are running a crypto business from Singapore now, you need a license, no matter who your customers are.
This shift marks a massive change in how digital asset businesses operate in the city-state. The days of flying under the radar by claiming "offshore-only" operations are over. Now, every entity dealing in digital tokens must comply with rigorous standards designed to protect financial integrity. This guide breaks down exactly what you need to know about getting licensed, the costs involved, and how the new laws affect your business model.
The New Regulatory Landscape: FSMA and DTSPs
To understand where things stand today, we have to look at the two pillars holding up Singapore's crypto regulations: the Payment Services Act (PSA) and the newer Financial Services and Markets Act (FSMA). For most of 2020-2025, the PSA was the main rulebook. It categorized exchanges based on transaction volume. But starting mid-2025, the FSMA introduced a more targeted approach for crypto-specific activities through the concept of Digital Token Service Providers (DTSPs).
A DTSP is any person who carries out designated payment services involving digital tokens. This includes operating a crypto exchange platform, providing custody services, or offering advisory services related to digital assets. The key difference here is intent and scope. Under the old system, if you didn't process enough fiat currency transactions, you might slip into an exempt category. Under the FSMA, if you handle digital tokens as a core business activity, you fall under the DTSP framework, regardless of your fiat volume.
MAS made it clear that there would be no transitional period for these changes. When the clock struck midnight on June 30, 2025, compliance became mandatory overnight. This sudden enforcement was a direct response to concerns about money laundering risks associated with firms using Singapore as a base to service foreign markets without adequate oversight. The goal? To ensure that Singapore’s reputation as a financial hub isn't tarnished by illicit crypto flows.
License Types Under the Payment Services Act (PSA)
While the FSMA adds a layer of specificity for token services, the PSA remains the foundation for licensing structures. Depending on your scale and operations, you will likely fall into one of three categories defined by the PSA. Understanding which bucket you fit into is the first step in calculating your compliance costs and timeline.
| License Type | Monthly Transaction Limit | Minimum Capital Requirement | Key Obligations |
|---|---|---|---|
| Standard Payment Institution (SPI) | Up to SGD 3 million | SGD 100,000 | Basic KYC/AML, regular reporting, operational resilience |
| Major Payment Institution (MPI) | Over SGD 3 million | SGD 250,000 | Enhanced risk management, comprehensive audits, stricter AML protocols |
| Exempt Payment Service Provider | N/A (Specific low-risk activities) | Varies (Often notification only) | Limited operational scope, specific restrictions apply |
If you are a small startup processing less than SGD 3 million per month, the Standard Payment Institution license is your entry point. You need to show SGD 100,000 in paid-up capital. This isn't just cash sitting in a bank account; it needs to be available to support your operations. For larger players handling high volumes, the Major Payment Institution license requires SGD 250,000 in capital and comes with heavier scrutiny. Think advanced transaction monitoring systems, dedicated compliance officers, and quarterly internal audits.
Anti-Money Laundering (AML) and KYC Standards
Getting the capital right is only half the battle. The other half is proving you can stop bad actors from using your platform. MAS Notice PSN02 sets the bar for Anti-Money Laundering (AML) and Counter-Financing of Terrorism (CFT) measures. These aren't suggestions; they are legal mandates that treat crypto platforms with the same seriousness as traditional banks.
Your Customer Due Diligence (CDD) procedures must be robust. This means verifying identities beyond just a selfie and passport scan. You need ongoing monitoring of transactions to detect suspicious patterns. If something looks off-like rapid transfers between unrelated wallets or structuring deposits to avoid thresholds-you must file a Suspicious Transaction Report (STR) to the Suspicious Transaction Reporting Office (STRO) in Singapore.
Many smaller operators struggle here because building this infrastructure takes time and money. You can't just buy a white-label solution and hope it passes inspection. MAS expects customized policies tailored to your specific risk profile. This includes documenting how you assess customer risk, how you monitor geographies (especially high-risk jurisdictions), and how you train staff to spot red flags.
The Application Process: What to Expect
Applying for a license in Singapore is not a quick fill-in-the-form exercise. It is a detailed, documentation-heavy process that tests your organization's maturity. Here is what you need to prepare before you even submit your application to MAS:
- Comprehensive Business Plan: Detail your mission, revenue model, marketing strategy, and growth projections. MAS wants to see a viable business, not a speculative experiment.
- KYC and AML Policies: Submit written procedures for customer verification, transaction monitoring, and reporting. These must align with MAS Notice PSN02.
- Risk Management Framework: Outline how you identify, assess, and mitigate risks. This covers operational risks, cybersecurity threats, and market volatility impacts.
- Internal Controls: Describe your governance structure. Who is responsible for compliance? How do you ensure segregation of duties?
- Capital Proof: Provide evidence of the required minimum capital (SGD 100k or 250k). This usually involves bank statements or audited financials.
- Audit Reports: If you are already operating, you'll need recent internal and external audit reports demonstrating compliance readiness.
Once submitted, expect a review period of 3 to 6 months for a Standard license. For Major licenses, due to the enhanced due diligence required, this can stretch to 6-12 months. MAS may ask multiple rounds of questions. Be prepared to clarify your technical architecture, data storage locations, and third-party vendor relationships.
Why MAS Cracked Down: The Context Behind the Rules
You might wonder why Singapore moved so aggressively in 2025. The answer lies in global events that shook confidence in the crypto sector. The collapse of Terraform Labs and Three Arrows Capital in 2022 highlighted the dangers of unregulated leverage and opaque fund management. While these firms weren't necessarily based in Singapore, they operated within its ecosystem, damaging the country's reputation.
MAS explicitly stated that it would not tolerate firms using Singapore as a base to evade regulation while servicing other markets. Chengyi Ong, head of Asia Pacific policy at Chainalysis, noted that "financial integrity is a red line." The regulator wants to insulate Singapore from reputational risk. By enforcing strict licensing, MAS ensures that any crypto business operating from its shores meets high standards of transparency and accountability.
This stance contrasts sharply with some offshore jurisdictions that offer lax oversight to attract business. It also differs from the European Union's MiCA regulation, which provided longer implementation timelines. Singapore chose speed and clarity, forcing immediate compliance. For legitimate businesses, this creates a level playing field. For those relying on loopholes, it was a death sentence.
Comparing Singapore to Other Jurisdictions
If you are considering where to set up your crypto exchange, it helps to compare Singapore against other major hubs. Each jurisdiction has its own flavor of regulation, cost structure, and ease of doing business.
| Jurisdiction | Regulatory Body | Key Legislation | Capital Requirement | Transitional Period |
|---|---|---|---|---|
| Singapore | MAS | PSA, FSMA | SGD 100k - 250k | None (Immediate effect) |
| European Union | ESMA / National Authorities | MiCA | Varies by member state | Extended (Phased rollout) |
| Switzerland | FINMA | Anti-Money Laundering Act | CHF 1M+ (for banks) | Case-by-case |
| United States | SEC, CFTC, FinCEN | Fragmented State/Federal Laws | Varies widely | Ongoing litigation/clarification |
Singapore offers a unified national standard, which is a huge advantage over the US's fragmented state-by-state approach. Unlike Switzerland, where capital requirements can reach millions of francs, Singapore's entry barrier is relatively accessible for medium-sized operators. However, the lack of a transitional period makes it tougher than the EU's MiCA regime, which gave firms time to adapt. Hong Kong is emerging as a competitor, but Singapore's first-mover advantage in regulated crypto gives it a distinct edge in terms of established precedent and legal certainty.
Practical Tips for Compliance Success
Navigating this landscape requires more than just reading the rules. Here are practical steps to increase your chances of approval:
- Hire Local Expertise: Don't try to interpret MAS notices yourself. Engage law firms or consultants specializing in Singapore fintech regulation. They know what MAS looks for in applications.
- Invest in Tech Early: Your compliance software needs to be integrated into your core platform. Retro-fitting AML tools later is expensive and risky.
- Document Everything: MAS loves paper trails. Keep detailed records of all policy decisions, risk assessments, and board meetings discussing compliance.
- Engage Proactively: If you are unsure about a specific aspect of your business model, engage with MAS early through pre-application consultations. It's better to get feedback before submitting a flawed application.
- Focus on Governance: Show that compliance is embedded in your company culture, not just a checkbox for the regulator. Appoint a qualified Money Laundering Reporting Officer (MLRO) with real authority.
Remember, the goal isn't just to get a license. It's to build a sustainable business that can withstand regulatory scrutiny and gain user trust. In a post-2025 world, trust is your most valuable asset.
Can I operate a crypto exchange in Singapore without a license if I only serve overseas clients?
No. Since June 30, 2025, the Financial Services and Markets Act (FSMA) closed this loophole. Any Digital Token Service Provider (DTSP) operating from Singapore must obtain a license, regardless of whether their customers are located locally or abroad. MAS explicitly prohibits using Singapore as a base to evade regulation while servicing other markets.
What is the minimum capital required for a crypto exchange license in Singapore?
Under the Payment Services Act (PSA), a Standard Payment Institution license requires a minimum of SGD 100,000 in paid-up capital. For a Major Payment Institution license, which applies to larger operations exceeding SGD 3 million in monthly transactions, the requirement is SGD 250,000.
How long does it take to get a crypto license in Singapore?
The timeline varies by license type. A Standard Payment Institution license typically takes 3 to 6 months to process. A Major Payment Institution license can take 6 to 12 months due to the enhanced due diligence and stricter compliance requirements involved.
What happens if I don't comply with the new FSMA regulations?
Non-compliance can result in severe penalties, including substantial fines, imprisonment for responsible individuals, and the revocation of any existing licenses. MAS has taken a zero-tolerance approach to unlicensed DTSP activities since the FSMA came into effect in 2025.
Is Singapore's crypto regulation stricter than Europe's MiCA?
In terms of implementation speed, yes. Singapore's FSMA took effect immediately without a transitional period, whereas the EU's MiCA regulation provides a phased rollout. However, both regimes aim for high standards of consumer protection and AML compliance. Singapore's unified national framework is often seen as clearer than the fragmented approaches in some other regions.
Do I need a local office to apply for a license?
Yes. To be licensed by MAS, your company must be incorporated in Singapore and have its principal place of business in the country. You cannot hold a Singapore license while being headquartered elsewhere.
What are the key components of the KYC/AML policy required by MAS?
Your policy must include robust customer identification procedures, ongoing transaction monitoring systems, risk assessment frameworks for different customer types, and clear protocols for filing Suspicious Transaction Reports (STRs) to the STRO. It must align with MAS Notice PSN02.