Singapore has established itself as a global fintech hub, with the Monetary Authority of Singapore (MAS) taking a progressive and innovation-friendly approach to financial technology regulation. The regulatory framework balances the need to encourage innovation with the imperative to protect consumers and maintain the integrity of the financial system. At the core of this framework is the Payment Services Act 2019 (PS Act), which provides a unified licensing regime for payment services, including digital payment tokens, e-money, and remittance services. Complementing the licensing regime is the MAS regulatory sandbox, which allows fintech companies to test innovative products in a controlled environment with relaxed regulatory requirements.
This guide covers Singapore's fintech regulatory landscape as of 2026, including the Payment Services Act licensing framework, MAS's regulatory sandbox programs, digital payment token regulations, e-money licensing, remittance requirements, and practical guidance for fintech startups navigating the regulatory environment. Our research team has compiled this information from the PS Act, MAS guidelines, notices, and consultation papers.
Payment Services Act 2019: The Unified Framework
The PS Act, which came into force on 28 January 2020, replaced the previous patchwork of regulations (the Payment Systems Oversight Act and the Money-changing and Remittance Businesses Act) with a single, activity-based licensing framework. The Act regulates seven types of payment services under a modular licensing structure.
Seven Regulated Payment Services
| Payment Service | Description | Examples |
|---|---|---|
| Account Issuance | Issuing payment accounts (non-bank) | E-wallet accounts, stored value accounts |
| Domestic Money Transfer | Facilitating domestic fund transfers | Payment gateways, domestic remittance |
| Cross-Border Money Transfer | Facilitating international fund transfers | International remittance, forex remittance |
| Merchant Acquisition | Processing merchant payments | Card acquiring, POS services |
| E-Money Issuance | Issuing e-money (digital stored value) | Pre-paid cards, digital wallets with stored value |
| Digital Payment Token (DPT) | Buying/selling/facilitating exchange of DPTs | Cryptocurrency exchanges, OTC trading |
| Money-Changing | Physical exchange of currency | Money changers, currency exchange bureaus |
License Types
The PS Act provides two license categories:
Standard Payment Institution (SPI) License: For businesses with lower transaction volumes. An SPI can conduct any combination of the seven regulated services, subject to specific thresholds. The monthly average of all payment transactions processed must not exceed SGD 3 million, and the daily average of e-money float must not exceed SGD 5 million.
Major Payment Institution (MPI) License: Required when the SPI thresholds are exceeded. An MPI is subject to more stringent regulatory requirements, including higher base capital requirements, safeguarding obligations for customer funds, and more detailed reporting requirements.
| Requirement | Standard Payment Institution | Major Payment Institution |
|---|---|---|
| Base Capital | SGD 100,000 | SGD 250,000 |
| Transaction Threshold | Up to SGD 3M monthly average | Above SGD 3M monthly average |
| E-Money Float Threshold | Up to SGD 5M daily average | Above SGD 5M daily average |
| Safeguarding of Customer Funds | Not required | Mandatory |
| Audit Requirement | Annual audit | Annual audit |
| Compliance Reporting | Periodic | More frequent and detailed |
| AML/CFT Requirements | Full compliance | Full compliance |
| Technology Risk Management | Applicable | Applicable (more stringent) |
The modular structure of the PS Act means that a fintech company only needs to be licensed for the specific payment services it provides. A company that only processes merchant payments needs a license covering merchant acquisition services only, while a cryptocurrency exchange needs a license for digital payment token services. This modular approach reduces the regulatory burden for focused fintech companies while ensuring that each regulated activity is properly supervised.
Applying for a Payment Services License
Pre-Application Preparation
Before applying, fintech companies should assess which of the seven payment services their business model involves, determine whether they will exceed the SPI thresholds (requiring an MPI license), ensure the company meets the base capital requirements, develop the required compliance frameworks (AML/CFT, technology risk management, business continuity), and appoint qualified individuals for key compliance roles.
Application Process
License applications are submitted through MAS's electronic application system. The typical process involves submitting the completed application form with all supporting documentation, MAS conducting a preliminary review and potentially requesting additional information, MAS performing background checks on directors, shareholders, and key personnel, MAS assessing the adequacy of the company's compliance frameworks and technology infrastructure, and MAS issuing the license (or a notice of rejection with reasons).
The processing time varies but typically ranges from 3 to 6 months for straightforward applications. Complex applications (particularly for DPT services) may take longer due to enhanced scrutiny.
Key Personnel Requirements
Licensed payment service providers must have at least one executive director who is resident in Singapore, a designated AML/CFT compliance officer, a technology risk management function, and fit and proper directors and key personnel (assessed against MAS's Guidelines on Fit and Proper Criteria).
MAS Regulatory Sandbox
The MAS regulatory sandbox allows fintech companies to experiment with innovative financial products and services in a live environment but within defined boundaries and with appropriate safeguards. The sandbox provides temporary regulatory relaxations for approved experiments, enabling companies to test their concepts without full compliance with all applicable regulations.
Sandbox Express
Sandbox Express is a fast-track option for predefined activities where MAS has already established the regulatory parameters. The key features of Sandbox Express include pre-defined sandbox conditions (no bespoke negotiation), a 21-day approval timeline from application, specific activity types eligible (currently including insurance brokerage, recognized market operators, and remittance), and a defined experiment period with clear exit criteria.
Full Sandbox (Sandbox 2.0)
The full sandbox, known as Sandbox 2.0, is designed for novel or complex innovations that do not fit the predefined Sandbox Express categories. Key features include customized sandbox conditions negotiated between MAS and the applicant, a longer evaluation process (typically 2 to 4 months), a broader scope of possible relaxations, a defined experiment period (typically 6 to 12 months, extendable), and clear criteria for graduation to full licensing.
| Feature | Sandbox Express | Full Sandbox (2.0) |
|---|---|---|
| Approval Timeline | 21 days | 2-4 months |
| Conditions | Pre-defined | Customized |
| Duration | Pre-defined (6-12 months) | Negotiated (typically 6-12 months) |
| Eligible Activities | Specified categories | Any innovative financial service |
| Consumer Safeguards | Pre-defined | Customized based on risk |
| Exit Strategy | Defined (graduate or exit) | Defined (graduate or exit) |
Sandbox Requirements
All sandbox applicants must demonstrate that the innovation is genuinely novel (not an existing product with minor modifications), propose adequate safeguards to protect consumers during the experiment, have a clear plan for measuring the experiment's success, have a defined exit strategy (either graduation to full licensing or orderly wind-down), and commit to sharing learnings with MAS.
The MAS sandbox is not a shortcut to avoid regulation. It is a structured program that allows testing of innovations under relaxed but still supervised conditions. Companies that enter the sandbox must demonstrate genuine innovation, adequate consumer protection, and a credible path to full regulatory compliance. The sandbox is best suited for companies with a developed product concept that needs live market validation before committing to the full licensing process and associated costs.
Digital Payment Token (DPT) Services
Digital payment token services (covering cryptocurrencies and other digital assets) are among the most heavily scrutinized fintech activities in Singapore. The regulatory framework has been progressively tightened since the PS Act's introduction, reflecting global concerns about consumer protection, money laundering, and market stability.
Regulatory Requirements for DPT Service Providers
DPT service providers must obtain either an SPI or MPI license from MAS, implement robust AML/CFT controls (including customer due diligence, transaction monitoring, and suspicious transaction reporting), segregate customer assets from the company's own assets, conduct regular audits of customer asset holdings, implement technology risk management frameworks aligned with MAS guidelines, and comply with consumer protection measures including risk disclosure, suitability assessment, and restrictions on marketing and advertising.
Consumer Protection Measures
MAS has implemented several measures specifically targeting DPT consumer protection, including a ban on advertising DPT services in public areas (including social media targeted at the general public), requirements to assess customer knowledge and risk tolerance before providing DPT services, mandatory risk disclosure statements, and restrictions on incentive programs designed to attract retail customers.
E-Money Issuance
E-money issuers must obtain a license under the PS Act and comply with specific requirements designed to protect customers' stored value.
Safeguarding Requirements
Major Payment Institutions issuing e-money must safeguard customer funds by maintaining the funds in a segregated trust account with a Singapore bank, obtaining an undertaking or guarantee from a bank or insurer, or placing the funds in a designated bank account under a statutory trust. The safeguarding requirement ensures that customer funds are protected in the event of the e-money issuer's insolvency.
Spending Limits
MAS imposes limits on e-money accounts to protect consumers. The maximum amount that can be held in a personal e-money account is SGD 5,000 at any time, and the maximum annual expenditure from a personal e-money account is SGD 30,000 (though higher limits apply for fully verified accounts).
Remittance Services
Cross-border money transfer services are regulated under the PS Act, requiring either an SPI or MPI license depending on transaction volumes. Key regulatory requirements include maintaining a permanent place of business in Singapore, implementing AML/CFT controls including customer identification and transaction monitoring, maintaining records of all transactions for at least 5 years, and filing regular reports with MAS.
The remittance market in Singapore is highly competitive, with traditional money changers, bank remittance services, and fintech platforms all competing for customers. Fintech companies entering this space should be aware that MAS applies particularly rigorous scrutiny to remittance license applications due to the higher money laundering risks associated with cross-border transfers. Applicants must demonstrate robust compliance frameworks and the financial resources to operate sustainably.
Technology Risk Management
All licensed payment service providers must comply with MAS's Technology Risk Management (TRM) guidelines, which set expectations for IT governance, security, and resilience. Key requirements include establishing a technology risk management framework approved by the board, implementing security controls including access management, encryption, and intrusion detection, conducting regular penetration testing and vulnerability assessments, maintaining business continuity and disaster recovery plans, and reporting technology incidents to MAS within specified timeframes.
AML/CFT Compliance
Anti-money laundering and counter-terrorism financing compliance is a fundamental requirement for all licensed payment service providers. Requirements include conducting customer due diligence (CDD) on all customers, implementing transaction monitoring systems to detect suspicious patterns, filing Suspicious Transaction Reports (STRs) with the Suspicious Transaction Reporting Office, maintaining records of all transactions and CDD documentation for at least 5 years, and conducting regular AML/CFT training for all relevant staff.
For broader business compliance requirements, see our guide on Singapore business laws and compliance.
Open Banking and API Standards
MAS has been promoting the development of open banking in Singapore through the Finance-as-a-Service (FaaS) API framework and the Singapore Financial Data Exchange (SGFinDex).
SGFinDex
SGFinDex allows individuals to access their financial information held across different banks, insurers, and government agencies through a single platform. For fintech companies, SGFinDex creates opportunities to develop personal financial management applications, aggregated investment dashboards, and holistic financial planning tools that pull data from multiple sources.
API Playbook
MAS published the Finance-as-a-Service API Playbook in collaboration with the Association of Banks in Singapore, defining standardized APIs for common banking functions such as account information, payment initiation, and product discovery. Fintech companies can leverage these APIs to build innovative financial products that integrate with existing banking infrastructure, reducing development costs and improving interoperability.
BNPL and Alternative Lending
Buy Now, Pay Later (BNPL) services and alternative lending platforms have grown rapidly in Singapore. MAS has introduced guidelines for BNPL operators covering responsible lending practices, credit assessment requirements, and transparent fee disclosure. BNPL operators must ensure that total outstanding commitments do not cause undue financial hardship for consumers and must provide clear information about fees, interest rates, and consequences of late payment.
Practical Steps for Fintech Startups
Fintech startups should begin regulatory planning early in their product development process. The recommended approach includes mapping your business model to the PS Act's seven regulated services, engaging with MAS early (through pre-application discussions) to understand the applicable requirements, considering the sandbox if your product is genuinely innovative and you need live market validation, building compliance frameworks (AML/CFT, TRM) in parallel with product development, budgeting for compliance costs (legal advice, compliance hires, technology infrastructure), and engaging a regulatory consultant experienced with MAS if your team lacks in-house regulatory expertise.
For information on business banking options to support your fintech operations, see our guide on opening a business bank account in Singapore.
Insurance and Capital Markets Fintech
Beyond payment services, fintech innovation in Singapore extends to insurance technology (InsurTech) and capital markets technology.
InsurTech Regulation
InsurTech companies distributing or advising on insurance products must comply with the Insurance Act and the Financial Advisers Act. MAS has introduced specific guidelines for digital insurance distribution, including online fact-finding requirements, digital needs analysis, and electronic policy issuance. The Sandbox Express includes a track for insurance brokerage activities, allowing InsurTech startups to test digital distribution models under relaxed conditions.
Digital Securities and Tokenization
MAS regulates digital securities (security tokens) under the Securities and Futures Act. Platforms facilitating the trading of digital securities must obtain a Recognized Market Operator (RMO) or Approved Exchange license. Tokenized securities are treated the same as traditional securities for regulatory purposes, meaning all prospectus requirements, disclosure obligations, and investor protection rules apply.
Crowdfunding
Equity crowdfunding platforms are regulated by MAS under the Securities and Futures Act. Platforms must hold a Capital Markets Services license and comply with investor protection requirements, including investment limits for retail investors and mandatory risk disclosure.
Conclusion
Singapore's fintech regulatory framework, centered on the Payment Services Act and complemented by the MAS regulatory sandbox, provides a clear and structured path for fintech companies to operate legally and build trust with customers. The modular licensing structure ensures that companies are regulated proportionally to the services they provide, while the sandbox enables testing of genuine innovations in a controlled environment. For fintech entrepreneurs, the key to success is early regulatory engagement, robust compliance frameworks, and a clear understanding of which payment services your business model involves. The investment in regulatory compliance, while significant for early-stage companies, is essential for long-term sustainability and provides a competitive moat that protects established players from under-regulated competitors.
Frequently Asked Questions
What licenses does the Payment Services Act cover in Singapore?
The Payment Services Act 2019 (PS Act) regulates seven payment services under two license types. A Standard Payment Institution (SPI) license covers businesses with lower transaction volumes, while a Major Payment Institution (MPI) license is required for larger operations exceeding specified thresholds. The seven regulated services are: account issuance, domestic money transfer, cross-border money transfer, merchant acquisition, e-money issuance, digital payment token services, and money-changing. Each service has its own regulatory requirements, and businesses may apply for a license covering one or more services.
How does the MAS regulatory sandbox work?
The MAS regulatory sandbox allows fintech companies to test innovative financial products and services in a controlled environment with relaxed regulatory requirements for a defined period. The Sandbox Express provides a fast-track option for well-understood activities with pre-defined conditions and a 21-day approval timeline. The full sandbox is for more novel or complex innovations requiring customized conditions. Companies in the sandbox must define clear testing parameters, have safeguards to protect consumers, and develop an exit strategy. The typical sandbox period is 6 to 12 months, extendable based on progress.
What are the requirements for a digital payment token service license?
To operate a digital payment token (DPT) service in Singapore, businesses must obtain either a Standard or Major Payment Institution license with DPT service approval from MAS. Key requirements include: a permanent place of business in Singapore, at least one director who is a Singapore resident, minimum base capital of SGD 100,000 (SPI) or SGD 250,000 (MPI), robust AML/CFT controls, technology risk management frameworks, and cyber hygiene measures. DPT service providers must also comply with the Financial Advisers Act requirements when recommending DPT products and adhere to MAS guidelines on consumer protection for DPT services.