Sep 26, 2023
6 min read

Singapore Crypto Regulations—All You Need to Know in 2023

Learn about compliance requirements and licensing procedures

Singapore has a system for regulating crypto firms, known as “digital payment token (DPT) providers” in the country. Accordingly, the Payment Services Act (PSA) establishes a regulatory framework for DPT service providers in Singapore. 

To help you navigate Singapore’s crypto environment, we at Sumsub prepared this guide explaining the specifics of the country’s regulations. 

Is cryptocurrency considered legal tender in Singapore?

Crypto in Singapore is not considered legal tender, but it can be used as an alternative means of payment. 

Regulation of DPT services 

The main law regulating crypto businesses is the Payment Service Act (PSA). It was introduced in 2019 to provide a more coherent set of regulations, including rules for licensing and exemptions. We will discuss this part in detail in the following sections.

The Monetary Authority of Singapore (MAS) is continuously working to improve the regulatory framework of DPT services in the country, issuing several Notices and Guidelines aimed to clarify some regulatory requirements:

  • Notice PSN02 Prevention of Money Laundering and Countering the Financing of Terrorism—Digital Payment Token Service
  • Guidelines to Notice PSN02 on Prevention of Money Laundering and Countering the Financing of Terrorism – Digital Payment Token Service
  • Guidelines on Provision of Digital Payment Token Services to the Public [PS-G02]

In May 2023, the MAS issued its Consultation Paper on Proposed Amendments to Payment Services Regulations 2019.

On July 3, 2023, the MAS announced new requirements for DPT services to safekeep customer assets under a statutory trust before the end of the year. This will mitigate the risk of loss or misuse of customer assets, and facilitate their recovery in the event of the DPT insolvency. MAS then carried out a public consultation on the draft legislative amendments to the Payment Services Regulations to put the July requirements into effect (consultation was closed on August 3, 2023).

Who is affected?

In Singapore, DPT services include:

  • Any service facilitating the exchange of digital payment tokens, namely establishing or operating a DPT exchange, where the person that establishes or operates that DPT exchange comes into possession of any money or DPT
  • Any service that deals with digital payment tokens—namely buying or selling DPTs in exchange for money or any other DPT (either the same or a different type)

The 2021 Amendment Act proposes to expand the definition of DPT services to entities:

  • Transferring DPTs
  • Providing custodian wallets for or on behalf of customers
  • Brokering DPT transactions (without possession of money or DPTs)

It should be noted that the Act is not in force yet. 

Anti-money laundering (AML) requirements

DPT providers in Singapore must implement AML/CFT procedures and policies, including:

  • Risk assessment and risk mitigation, which includes assessing the possibility of engagement in ML/TF activities by clients and ways to prevent it
  • Customer Due Diligence (CDD), which includes collecting and verifying information about customers during onboarding and analyzing the results
  • Enhanced Due Diligence measures, which are carried out on customers that considered to be more high risk 
  • Simplified Due Diligence, which is carried out under certain circumstances when the risks of money laundering and terrorism financing are low
  • Transaction monitoring to assess the trajectory of the movement of assets, the size of the assets, frequency, patterns, etc.
  • Sanctions screening to check if customers are present on sanction, warning, or PEP, or wanted lists
  • Suspicious transaction reporting, where DPT services promptly submit reports on suspicious transactions (including attempted transactions), regardless of the amount of the transaction, to the Suspicious Transaction Reporting Office and the Commercial Affairs Department of the Singapore Police Force, extending a copy to the MAS 
  • Recordkeeping, under which the DPT service is required to retain customer information for five years

Additionally, payment service providers—which include DPT providers—shall develop and implement adequate internal policies, procedures, and controls to help prevent money laundering and terrorist financing and communicate these to their employees.

Compliance

DPT service providers are required to develop appropriate compliance management arrangements, which at the least includes appointing an AML/CFT compliance officer at the management level.

Auditing

DPT service providers are required to maintain an audit function that is adequately resourced, independent, and able to regularly assess the effectiveness of their internal policies, procedures, controls, and compliance with regulatory requirements.

Training

DPT service providers should take all appropriate steps to ensure that their employees and officers (whether in Singapore or elsewhere) are regularly and appropriately trained on AML/CFT regulations, internal policies, procedures and controls on AML/CFT.

Travel Rule

As part of their AML obligations, DPT service providers must comply with the Travel Rule as imposed by the MAS in accordance with FATF requirements.

The Travel Rule requires DPT service providers to collect and share the personal information of clients when sending or receiving DPTs by value transfer on the account of an originator or beneficiary. Therefore, DPT service providers must provide sender and recipient data to each other during transactions.

This rule also applies to payment service providers in cases of:

  • Sending of one or more digital payment tokens by value transfer; or
  • Receiving one or more digital payment tokens by value transfer on the account of the value transfer originator or the value transfer beneficiary, but shall not apply to a transfer and settlement between the payment service provider and another financial institution where the payment service provider and the other financial institution are acting on their own behalf as the value transfer originator and the value transfer beneficiary.

If you want to learn more about the Travel Rule and how it’s applied in different counties, including Singapore, you can find all the necessary information at our Help Center

The scope of information that originators are required to share with the beneficiary provider depends on the transaction amount. If the amount of transaction is less than S$1,500 (approximately $1,106), the provider should collect and share the following information:

  • The name of the value transfer originator
  • The value transfer originator’s account number (or unique transaction reference number where no account number exists)
  • The name of the value transfer beneficiary
  • The value transfer beneficiary’s account number (or unique transaction reference number where no account number exists)

If the transaction amount exceeds S$1,500, any of the following information may be required:

  • The name of the value transfer originator
  • The value transfer originator’s account number (or unique transaction reference number where no account number exists)
  • The name of the value transfer beneficiary
  • The value transfer beneficiary’s account number (or unique transaction reference number where no account number exists)
  • Any of the following:
    •  the value transfer originator’s residential address
    • registered or business address and, if different, principal place of business, as may be appropriate
    • the value transfer originator’s unique identification number (such as an identity card number, birth certificate number or passport number, or where the value transfer originator is not a natural person, the incorporation number or business registration number) the date and place of birth, incorporation or registration of the value transfer originator (as may be appropriate)

The actions required in relation to non-hosted wallets, incomplete or missing information, and more can be found in our Help Center.

Licensing requirements

Choosing a license

There are three types of licenses a company can get in Singapore, depending on their business type:

  1. The money-changing license, which suits businesses that only provide a money-changing service (i.e., the buying or selling of foreign currency)
  1. The Standard Payment Institution (SPI) license, which allows holders to provide any kind of payment services, including operations with cryptocurrency. This license can be applied if services meet the following thresholds: 
  • S$3 million monthly transactions for any payment service (other than e-money account issuance and money-changing services)
  • S$6 million monthly transactions for two or more payment services (other than e-money account issuance and money-changing services)
  • S$5 million of daily outstanding electronic money (e-money).
  1. The Major Payment Institution (MPI) license, which offers the same opportunities for companies as the SPI license does, but is meant for larger companies that go beyond the thresholds aforementioned

There may be some additional authorization/recognition requirements in relation to businesses offering digital tokens.

Obtaining a license 

For Standard Payment Institutions (SPI), the following criteria apply:

  • Be a Singapore-incorporated company or a Singapore branch of a foreign corporation.
  • Have a permanent place of business or a registered office where the books and records can be securely held.
    • At least one person must be appointed to be present at the place of business or a registered office to address any queries or complaints from consumers.
  • Have a minimum base capital of S$100,000 (approximately $73,740).
  • Should have either 1 executive director who is a Singapore Citizen or Singapore Permanent Resident (PR), or 1 executive director who is a Singapore Employment Pass (EP) holder and at least 1 other director who is a Singapore citizen or Singapore PR.

The criteria for a Major Payment Institution (MPI) license are similar to those for SPIs, except that the minimum capital requirement is S$250,000 (approximately $184,300).

There is a list of assessment criteria that MAS takes into consideration when evaluating an application for licenses. They include, but are not limited to: 

  • Fitness and propriety
  • Competency of key individuals 
  • Security 
  • Compliance arrangements 
  • Technology risk management 
  • Audit arrangements 
  • Annual audit requirements 
  • Letter of Responsibility and Letter of Undertaking 

You can read more about the differences in assessment criteria between each license here.

It should be noted that DPT service providers could be granted an exemption from holding a licence under the Payment Services Act (“PS Act”) for a specified period. This exemption will cease after a specified period or, if the entity submitted a licence application under the PS Act, on the date that the application is approved or rejected by MAS or withdrawn by the applicant. More detailed information about this exemption can be found here

FAQ

  • Are cryptocurrencies regulated in Singapore?

    Yes, provision of DPT services (services with cryptocurrencies) are regulated by the Monetary Authority of Singapore. DPT service providers must be licensed or exempted.

  • What is the MAS?

    The Monetary Authority of Singapore (MAS) is Singapore’s central bank and integrated financial regulator. The MAS has powers to issue legal instruments for the regulation and supervision of financial institutions.

  • Do you need a license to trade cryptocurrency in Singapore?

    A platform that facilitates trading in Singapore may require a license. Whether it needs a license or not will depend on the functionality of the platform.

  • What are the new crypto laws in Singapore?

    There have been no laws introduced recently. However, the MAS is carrying out consultations regarding amendments to the PSA. In addition, it has issued consultation documents and investor protection measures.

See Sumsub in action

CryptoSingapore