← Back to blog

MAS Singapore crypto laws: the 2026 compliance guide

June 20, 2026
MAS Singapore crypto laws: the 2026 compliance guide

TL;DR:

  • The Monetary Authority of Singapore requires digital token service providers to obtain a license, regardless of customer location, to operate legally.
  • Licensing involves meeting specific capital, governance, AML, and technical standards, with strict enforcement against unlicensed activities and operational violations.

The Monetary Authority of Singapore (MAS) defines Digital Token Service Providers (DTSPs) as any entity operating from Singapore that provides digital token exchange, custody, transfer, or wallet services, and mandates that all such providers obtain a licence under the Financial Services and Markets Act (FSMA). This requirement applies regardless of where customers are located. Since 30 june 2025, operating without that licence is illegal under MAS Singapore crypto laws, with penalties extending to cessation orders, fines, and imprisonment. For business owners, investors, and legal professionals assessing Singapore as a base for crypto operations, understanding the full scope of the FSMA and the Payment Services Act (PSA) is not optional. It is the foundation of every compliant structure.


What licensable digital token service activities fall under MAS regulation?

Two professionals discussing digital token activities

MAS regulates a defined set of digital token service activities under the FSMA and the PSA. The DTSP Regulations 2025 specify the exact scope of licensable conduct and the governance standards required for each category.

The following activities require a MAS licence:

  • Digital token exchange services — operating a platform that facilitates the buying, selling, or conversion of digital tokens
  • Digital token custody services — holding or controlling digital tokens or private keys on behalf of clients
  • Digital token transfer services — transmitting digital tokens from one party to another
  • Digital token wallet provision — providing software or infrastructure enabling clients to store or manage digital tokens

The PSA further distinguishes between two licence tiers based on transaction volume and asset thresholds. A Standard Payment Institution (SPI) licence applies where annual transaction volume falls below SGD 3 million and assets under management remain below SGD 5 million. A Major Payment Institution (MPI) licence is required for all operations exceeding those thresholds.

One critical point that many applicants overlook: MAS mandates licensing based on operational presence in Singapore, management location, or registered office, not on the nationality or location of customers. A firm incorporated in Singapore that serves only overseas clients still requires a full DTSP licence. This extraterritorial application closes the offshore loophole that previously allowed foreign-facing operators to avoid Singapore regulatory oversight.

Infographic outlining MAS crypto compliance steps

For a detailed breakdown of SPI and MPI licence criteria, including application processes and activity-specific conditions, Cryptoverselawyers has published a dedicated reference guide.


What are the capital and prudential requirements for MAS crypto licences?

Capital adequacy is a central pillar of the MAS licensing framework. The minimum capital thresholds differ materially between licence categories and carry ongoing prudential obligations.

Licence typeMinimum paid-up capitalTransaction volume thresholdAssets under management threshold
Standard Payment Institution (SPI)SGD 100,000Below SGD 3 million per annumBelow SGD 5 million
Major Payment Institution (MPI)SGD 250,000SGD 3 million per annum or aboveSGD 5 million or above

Capital requirements do not end at the point of licence approval. MAS expects licensees to maintain ongoing prudential standards, including regular financial reporting, external audits, and capital adequacy monitoring. Boards must demonstrate that capital buffers are proportionate to the risk profile of the business at all times.

MAS applies a conditional capital pathway for firms that can demonstrate effective technical safeguards against blockchain-specific risks. Where a firm proves that its custody model, key management architecture, and transaction controls meet MAS's technical standards, it may qualify for more favourable capital treatment. Firms that cannot produce that evidence face conservative capital requirements by default. This distinction rewards investment in technology infrastructure and makes prudential modelling a strategic, not merely administrative, exercise.

The real cost of a Singapore crypto licence extends beyond minimum capital. Applicants must account for application fees, legal advisory costs, technology build-out, and ongoing audit expenditure.

Pro Tip: Engage a qualified auditor with DTSP experience before submitting your licence application. MAS reviewers scrutinise capital adequacy models closely, and a poorly structured balance sheet is one of the most common reasons for application rejection.


How do AML/CFT obligations and the Crypto Travel Rule shape compliance under MAS?

Anti-money laundering and counter-terrorism financing (AML/CFT) compliance is the most operationally demanding aspect of the MAS regulatory framework for DTSPs. MAS Notice PSN02 sets out the specific AML/CFT duties applicable to all licensed digital token service providers.

The Crypto Travel Rule, enforced through Notice PSN02, requires every DTSP to collect, verify, and transmit originator and beneficiary information for each digital token transfer. This aligns Singapore's framework with the Financial Action Task Force (FATF) standards for virtual asset service providers (VASPs). The practical implication is that DTSPs cannot process transfers without establishing the identity of both parties, regardless of transaction size.

Compliance with the Travel Rule requires the following steps:

  1. Collect originator data — full legal name, account number or wallet address, and physical address or national identity number for every outgoing transfer
  2. Collect beneficiary data — full legal name and account number or wallet address for every incoming transfer
  3. Transmit data securely — share originator and beneficiary information with the receiving VASP before or simultaneously with the transfer
  4. Screen against sanctions lists — verify both parties against MAS-designated sanctions lists and FATF high-risk jurisdictions before processing
  5. Retain records — maintain all transaction records for a minimum of five years and make them available to MAS on request

The technological implementation challenges are significant. DTSPs must integrate with Travel Rule compliance platforms and establish bilateral data-sharing agreements with counterpart VASPs. Where a receiving VASP is unhosted or unregulated, the sending DTSP bears additional due diligence obligations.

Pro Tip: Implement a dedicated Travel Rule compliance platform such as Notabene, Sygna Bridge, or Veriscope before going live. Retrofitting these systems after launch is substantially more costly and creates a window of regulatory exposure.

Effective KYC document handling is the operational foundation of Travel Rule compliance. Automated KYC workflows reduce manual error and accelerate the onboarding process without compromising data integrity.


What are enforcement risks, penalties, and MAS's approach to licence applications?

MAS is one of the most selective financial regulators globally when it comes to digital asset licensing. By Q1 2026, MAS had issued only 21 MPI licences and 8 SPI licences. That figure reflects deliberate restraint, not administrative backlog. MAS has rejected or withdrawn approximately 170 licence applications by the same period, citing systemic risk concerns as the primary basis for refusal.

The enforcement consequences for unlicensed operation are severe:

  • Cessation orders — MAS can require an unlicensed provider to immediately cease all regulated activities in Singapore
  • Financial penalties — significant fines apply to both the entity and its directors under the FSMA
  • Criminal prosecution — individuals responsible for unlicensed operations face potential imprisonment
  • Reputational damage — MAS publishes enforcement actions, which affects relationships with banks, investors, and institutional counterparties

Common reasons for licence application denial include inadequate capital planning, weak AML/CFT frameworks, insufficient governance documentation, and failure to demonstrate that the business model does not threaten financial stability. MAS also scrutinises the fitness and propriety of senior management and beneficial owners. The DTSP Regulations 2025 specify that all senior managers and controllers must receive individual MAS approval before appointment.

For firms that have already received a rejection or are reconsidering their Singapore strategy, Cryptoverselawyers has published a detailed analysis of why crypto licence applications get rejected and how to address the most common structural deficiencies.

The MAS crackdown on unlicensed providers accelerated sharply after the june 2025 deadline. Firms that had been operating under transitional arrangements were required to either obtain a licence or wind down Singapore operations entirely.


Achieving and maintaining MAS compliance requires a structured approach across governance, capital management, technology, and operational controls. The following framework reflects the standards MAS expects at the point of licence application and throughout the licence lifecycle.

Board-level governance and oversight

The board of a licensed DTSP carries direct responsibility for regulatory compliance. This means approving the AML/CFT policy, overseeing capital adequacy, and receiving regular management information on transaction monitoring outcomes. MAS expects boards to include members with demonstrable financial services or regulatory experience.

Segregation and protection of client assets

Retail investor protections under MAS rules include statutory trust arrangements for client assets. Licensed DTSPs must hold client digital tokens and fiat currency in segregated accounts, separate from proprietary assets. MAS prohibits the use of client assets for the firm's own purposes, including as collateral. MAS also prohibits leveraged crypto purchases via credit cards, reflecting its commitment to protecting retail investors from excessive debt exposure.

Capital modelling and prudential monitoring

Capital adequacy must be monitored on an ongoing basis, not only at the point of licence application. Boards should receive quarterly capital adequacy reports and stress-test results. Where the firm approaches minimum capital thresholds, a documented remediation plan must be in place before MAS is notified.

KYC, AML, and transaction monitoring systems

Effective compliance requires automated transaction monitoring calibrated to the specific risk profile of the DTSP's customer base and product set. Systems must generate alerts for unusual transaction patterns, politically exposed persons, and high-risk jurisdictions. All alerts must be reviewed, documented, and escalated where appropriate.

Audit readiness and regulatory reporting

MAS conducts both scheduled and unannounced supervisory reviews. Firms must maintain complete, accurate, and retrievable records of all transactions, customer due diligence files, and compliance decisions. Annual audits by MAS-approved external auditors are mandatory for MPI licensees.

For firms assessing whether to remain in Singapore or relocate operations, the VASP relocation playbook published by Cryptoverselawyers provides a structured decision framework.


The MAS framework rewards preparation, not optimism

Having advised clients across MAS, VARA, the FCA, and MiCA frameworks, one pattern stands out clearly: the firms that succeed with MAS applications are those that treat compliance as a product requirement, not a post-launch obligation.

MAS does not reward ambition. It rewards evidence. An application that arrives with a detailed capital adequacy model, a board with genuine financial services experience, a fully documented AML/CFT framework, and a technology architecture that demonstrably addresses blockchain-specific risks will receive serious consideration. An application that arrives with a business plan and a promise to build compliance infrastructure later will not.

The misconception we encounter most frequently is that MAS licensing is primarily a legal exercise. It is not. It is a governance and technology exercise that happens to require legal documentation. The firms that fail are almost always those that outsource compliance to lawyers without investing in the underlying systems and people that compliance requires.

MAS's calibrated approach to innovation and risk management is genuinely sophisticated. The conditional capital pathways for firms with strong technical controls are a signal that MAS wants well-governed, technology-mature operators in Singapore. The 170 rejected applications are a signal that it will not lower that standard to fill the market.

The 2026 regulatory environment also signals that MAS is watching how licensed firms behave after approval. Supervision readiness is not a one-time exercise. Firms that build compliance culture into their operations from day one will be far better positioned when MAS conducts its first post-licence supervisory review.

— CRYPTOVERSE


How Cryptoverselawyers supports MAS crypto licence applications

https://cryptoverselawyers.io

Cryptoverselawyers advises digital asset businesses on MAS licensing, capital structuring, AML/CFT framework design, and ongoing supervisory compliance. Our team has direct experience with FSMA and PSA licence applications, including pre-application engagement with MAS, governance documentation, and audit preparation. We work with crypto exchanges, custody providers, wallet operators, and institutional investors entering the Singapore market.

If you are assessing your licensing obligations, preparing an application, or responding to an MAS enquiry, our digital asset legal consultancy team provides the regulatory depth and practical experience your situation requires. We also advise on multi-jurisdictional structuring for firms operating across Singapore, the UAE, the EU, and the UK. Contact Cryptoverselawyers to discuss your MAS compliance position.


FAQ

What is a Digital Token Service Provider under MAS rules?

A Digital Token Service Provider (DTSP) is any entity operating from Singapore that provides exchange, custody, transfer, or wallet services for digital tokens. All DTSPs must hold a MAS licence under the FSMA, regardless of where their customers are located.

What is the minimum capital required for a MAS crypto licence?

The minimum paid-up capital is SGD 100,000 for a Standard Payment Institution licence and SGD 250,000 for a Major Payment Institution licence. Ongoing capital adequacy obligations apply throughout the licence period.

What does the Crypto Travel Rule require in Singapore?

MAS Notice PSN02 requires licensed DTSPs to collect and transmit originator and beneficiary information for every digital token transfer. This aligns with FATF standards and applies to all transfers regardless of value.

What happens if you operate a crypto business in Singapore without a licence?

Operating without a MAS licence is illegal under the FSMA and carries penalties including cessation orders, financial fines, and potential imprisonment for responsible individuals.

How many MAS crypto licences have been issued as of 2026?

By Q1 2026, MAS had issued 21 MPI licences and 8 SPI licences, while rejecting or withdrawing approximately 170 applications. This reflects MAS's selective, risk-based approach to licensing digital token service providers.