Crypto Exchange Licensing Requirements in Singapore: FSMA & PSA Guide

Crypto Exchange Licensing Requirements in Singapore: FSMA & PSA Guide

Running a cryptocurrency business from Singapore used to be a gray area. You could set up shop, serve clients overseas, and technically avoid local regulations. That loophole closed abruptly on June 30, 2025.

The Monetary Authority of Singapore (MAS) implemented the Financial Services and Markets Act (FSMA), a comprehensive regulatory framework that mandates licensing for all Digital Token Service Providers operating within or targeting Singapore. This shift means there is no longer a "safe harbor" for offshore-focused operations based in the city-state. If you are planning to launch a crypto exchange, token service provider, or digital asset platform involving Singapore, you now face strict licensing requirements with zero transitional period.

This guide breaks down exactly what you need to know about navigating the new landscape, comparing the old Payment Services Act (PSA) routes with the new FSMA obligations, and detailing the documentation required to get approved by MAS.

Understanding the Two Pillars: PSA vs. FSMA

To understand your obligations, you first need to distinguish between the two legislative frameworks currently governing digital assets in Singapore. They serve different purposes but often overlap for crypto exchanges.

The Payment Services Act 2019 (PSA), the foundational law regulating payment services including crypto-asset exchanges since 2020 remains active. It classifies businesses based on transaction volume. If your primary activity is facilitating payments using digital tokens, this is your baseline requirement.

However, the FSMA, effective mid-2025, introduces the concept of Digital Token Service Provider (DTSP), entities offering investment-related services involving digital tokens such as trading platforms, custody, or advisory services. The key difference? The PSA focuses on the movement of money (payments), while the FSMA focuses on the nature of the service (investment/financial market activity). Most crypto exchanges will likely need compliance under both regimes depending on their specific service offerings.

License Categories Under the Payment Services Act

If your business involves exchanging crypto-assets for fiat currency or other digital tokens, you fall under the PSA. MAS categorizes these licenses based on your monthly transaction value. Here is how they break down:

Comparison of PSA License Types for Crypto Exchanges
License Type Monthly Transaction Limit Minimum Capital Requirement Key Compliance Obligations
Standard Payment Institution (SPI) Up to SGD 3 million SGD 100,000 Basic AML/CFT measures, customer due diligence, regular reporting to MAS
Major Payment Institution (MPI) Exceeding SGD 3 million SGD 250,000 Enhanced risk management, independent audits, stricter operational controls, senior management approval
Exempt Payment Service Provider Low-risk activities only Varies (Notification only) Limited scope, specific operational restrictions, must notify MAS before starting

For most serious exchanges, the Major Payment Institution (MPI) license is the target. The jump from SGD 100,000 to SGD 250,000 in capital might seem small, but the compliance burden increases exponentially. MPI holders undergo enhanced scrutiny, including detailed audits of their internal controls and risk management frameworks.

The New Reality: FSMA and the End of Regulatory Arbitrage

The biggest shock to the industry was not the capital requirement, but the removal of the "offshore client" loophole. Before June 30, 2025, many firms operated in Singapore but marketed exclusively to users outside the country, arguing they were not providing services "in" Singapore.

MAS shut this down completely with the FSMA. Under the new rules, if you are incorporated in Singapore, have directors in Singapore, or use Singapore-based infrastructure to manage a crypto business, you are subject to DTSP licensing regardless of where your customers sit geographically.

Why did MAS do this? The regulator cited reputational risk. High-profile collapses like Three Arrows Capital and Terraform Labs in 2022 highlighted how unregulated entities could cause global instability while hiding behind jurisdictional gaps. MAS explicitly stated it would not allow Singapore to be used as a base for evading regulation elsewhere.

This means your application process must demonstrate robust Anti-Money Laundering (AML) and Counter-Financing of Terrorism (CFT) procedures that meet international standards, not just local ones. You cannot simply tick boxes; you must prove your systems can detect and report suspicious activities in real-time.

Split illustration comparing PSA payment rules with FSMA investment service requirements.

Step-by-Step Application Process

Getting licensed is not a quick administrative task. It is a rigorous vetting process that typically takes 6 to 12 months for an MPI license. Here is what you need to prepare:

  1. Business Plan Submission: You need a comprehensive document outlining your mission, revenue model, marketing strategy, and growth projections. MAS wants to see sustainability, not just hype. Include detailed financial forecasts for at least three years.
  2. KYC and AML Policy Documentation: Submit your full Customer Due Diligence (CDD) protocols. How do you verify identities? What is your threshold for Enhanced Due Diligence (EDD)? How do you monitor transactions for red flags? These policies must align with MAS Notice PSN02, the regulatory notice setting out anti-money laundering and counter-financing of terrorism requirements for payment service providers.
  3. Risk Assessment Framework: Provide a detailed analysis of potential risks-operational, cybersecurity, market, and compliance. Show how you mitigate each one. For example, if you offer staking services, explain how you manage smart contract risks.
  4. Capital Proof: Demonstrate that you have the required minimum capital (SGD 100k or SGD 250k) available in a Singapore bank account or through confirmed financial support letters from accredited investors.
  5. Audit Reports: If you are already operating, submit annual internal and external audit reports. New entrants may need to provide pro-forma audits or engage a firm to validate their proposed controls.

Expect multiple rounds of feedback. MAS officers are known for being thorough. They will ask probing questions about your technology stack, your team's experience, and your contingency plans for system failures.

Costs and Timeline: What to Expect

Budgeting for a crypto license in Singapore requires looking beyond the initial capital deposit. Legal fees, compliance consulting, and technical audits add significant costs.

  • Legal and Consulting Fees: Expect to spend SGD 50,000 to SGD 150,000+ on legal counsel specializing in fintech regulation. This covers drafting policies, preparing submissions, and liaising with MAS.
  • Compliance Technology: Implementing KYC/AML software solutions can cost SGD 20,000 to SGD 100,000 annually, depending on user volume.
  • Timeline: Standard Payment Institution applications take 3-6 months. Major Payment Institution applications often stretch to 6-12 months due to the depth of due diligence required.

Smaller operators have reported struggling with the immediate implementation of FSMA. Without a transitional period, many had to choose between rapid restructuring or exiting the market. Larger, well-capitalized exchanges generally welcomed the clarity, even if the compliance costs were high.

Team reviewing compliance maps and shields in a storybook-style office setting.

How Singapore Compares to Other Jurisdictions

If you are deciding where to incorporate, context matters. Singapore’s approach is distinct from its peers.

Compared to the European Union’s Markets in Crypto-Assets (MiCA), the EU's comprehensive regulatory framework for crypto-assets designed to harmonize rules across member states, Singapore moved faster. MiCA provides longer implementation timelines and phased rollouts. Singapore’s FSMA hit immediately. However, Singapore’s capital requirements (SGD 100k-250k) are significantly lower than Switzerland’s, which can demand millions of Swiss francs for similar banking-grade licenses.

In the United States, the landscape is fragmented. You face state-level Money Transmitter Licenses (MTLs) alongside federal SEC oversight. Singapore offers a single national regulator (MAS), which simplifies navigation once you understand the rules. Hong Kong has recently introduced its own licensing regime, creating regional competition, but Singapore retains a first-mover advantage in terms of established regulatory precedent and institutional trust.

Common Pitfalls to Avoid

Many applications fail not because the business idea is bad, but because the compliance foundation is weak. Avoid these common mistakes:

  • Underestimating AML Complexity: Generic AML policies are rejected. Your procedures must be tailored to crypto-specific risks, such as mixing services, privacy coins, and cross-chain transfers.
  • Ignoring Senior Management Roles: MAS scrutinizes the fit-and-proper status of directors and key executives. Ensure your leadership team has verifiable experience in finance or technology.
  • Poor Cybersecurity Documentation: You must detail how customer funds are secured. Cold storage ratios, multi-signature wallet setups, and insurance coverage for digital assets are critical details to include.
  • Vague Business Models: If your revenue model relies heavily on speculative trading fees without clear utility, MAS may question the sustainability and legitimacy of the operation.

Future Outlook: Is Singapore Still Viable?

Despite the tightening, Singapore remains a top-tier hub for regulated crypto innovation. The clarity provided by FSMA attracts institutional players who prefer certainty over ambiguity. While smaller, agile startups may find the barriers too high, established firms benefit from the reduced reputational risk associated with operating in a strictly regulated environment.

MAS has signaled that it will continue to refine these rules. Expect ongoing updates to technical standards, particularly around decentralized finance (DeFi) protocols and stablecoin issuers. The goal is clear: maintain Singapore’s position as a global financial center while ensuring that crypto activities do not compromise financial integrity.

Can I operate a crypto exchange in Singapore serving only foreign clients?

No. As of June 30, 2025, the Financial Services and Markets Act (FSMA) closed the loophole allowing firms to operate in Singapore while serving only offshore clients. If your business is based in Singapore, you must obtain a Digital Token Service Provider (DTSP) license or a relevant Payment Services Act license, regardless of your customer base location.

What is the difference between SPI and MPI licenses?

The Standard Payment Institution (SPI) license is for businesses with monthly transaction values up to SGD 3 million, requiring SGD 100,000 in capital. The Major Payment Institution (MPI) license is for those exceeding SGD 3 million monthly, requiring SGD 250,000 in capital and subject to stricter compliance, auditing, and risk management requirements.

How long does it take to get a crypto license in Singapore?

Processing times vary by license type. A Standard Payment Institution license typically takes 3 to 6 months. A Major Payment Institution license can take 6 to 12 months due to the extensive due diligence, background checks, and detailed review of compliance frameworks required by MAS.

Do I need a lawyer to apply for a crypto license?

While not legally mandatory, it is highly recommended. The application process involves complex legal documentation, AML policy drafting, and direct communication with MAS. Specialized fintech lawyers help ensure your submission meets all regulatory expectations, reducing the risk of rejection or delays.

What happens if I operate without a license after June 2025?

Operating without the required license is a criminal offense under the Payment Services Act and FSMA. Penalties include substantial fines and imprisonment. MAS has demonstrated a willingness to enforce these rules strictly to protect the integrity of Singapore’s financial system.

Is Singapore better than Switzerland for crypto licensing?

It depends on your scale. Singapore has lower minimum capital requirements (SGD 100k-250k) compared to Switzerland, which can require millions of CHF. However, Singapore’s regulatory environment is more centralized and fast-moving. Switzerland offers deep banking integration but at a higher entry cost. Singapore is often preferred for agility and regional access to Asian markets.

Related Posts