123/A, Miranda City Likaoli Prikano, Dope
+0989 7876 9865 9
+(090) 8765 86543 85
info@example.com
example.mail@hum.com
The Payment Services Act Singapore (PS Act) was enacted in Singapore on 28 January 2020, and it establishes a comprehensive, activity-based licensing regime that regulates the sector. The PS Act superseded two earlier Acts, the Payment Systems (Oversight) Act and the Money-Changing and Remittance Businesses Act, and established a new, technology-neutral payment framework that will cater for the entire range of payment services: from traditional money-changing and remittance businesses to digital payment tokens and e-money issuance. The core of the framework is two main types of payment institution licences: the Standard Payment Institution (SPI) licence and the Major Payment Institution (MPI) licence. There are several types of licences, with varying scopes, transaction volumes, capital requirements, and compliance obligations, and choosing the right licence is one of the most critical regulatory decisions a payment services company can make when entering the Singapore market.
The MAS regulates payment institutions under a framework of the same rigour as that used to regulate other financial activities, such as fund management and capital markets services. Following the PS Act’s enactment, MAS has further developed its regulatory expectations, most recently by introducing a requirement for legal opinion in 2024 that affects all new PS applicants (both SPI and MPI), mandating a legal opinion from a law firm with experience in PS Act matters to determine whether their proposed services would be regulated under the PS Act. A firm wishing to offer payment services in or from Singapore must be familiar with the Singapore payment institution licensing guide, which outlines the various payment institutions, what each is and requires, as well as how the MAS’s expectations have changed.
The consequences of selecting the wrong payment institution licence, or not having one at all, are serious. If a firm carries on regulated payment services without a valid MAS licence, the firm’s directors and principal officers may be held liable for criminal acts, including imprisonment for up to 3 years and/or fines of up to S$125,000 for first offences. In addition to the legal implications, unlicensed operation could lead to business closure, irreparable reputational damage, especially in Singapore’s close-knit financial community, and loss of banking access for running payment services. The effects of running without a licence may include regulatory action by the regulatory authority during the licence review for firms that have already started operating without a licence while awaiting review.
The other key decision is whether to opt for the Standard Payment Institution licence or the Major Payment Institution licence. Having applied the wrong licence – usually an SPI where an MPI is needed, or not planned for an MPI upgrade when the business grows – licence variation applications, regulatory review and operational disruption, all of which could have been avoided with careful initial planning. For any fintech founder, compliance team, or business development professional who has to decide between an SPI and an MPI licence in Singapore, the key to a successful approach to regulation is understanding how each licence works, what the differences are, and which one aligns with a particular business model.
The Payment Services Act Singapore Regulatory Framework is based on a single, consolidated Act that supersedes the existing, confusing, and multiple regulatory requirements for payment services in Singapore. The PS Act takes an activity-based licensing approach, in which a firm needs to obtain a licence authorisation for each type of regulated payment service it wishes to offer, rather than a single licence that encompasses all financial services. This is an activity-based framework that ensures regulatory effort for each service is tailored to the risks it poses, and that companies are not obliged to obtain licences for services they do not provide. Under the PS Act, there are currently seven types of regulated payment services: account issuance services, domestic money transfer services, cross-border money transfer services, merchant acquisition services, e-money issuance services, digital payment token services, and money-changing services. These service types may be offered under either an SPI or an MPI licence; the choice of licence type depends mainly on the volume and type of payment activities a firm engages in.
The PS Act and all payment institutions licensed under it are administered and supervised by MAS. It is involved in multiple payment services-related functions in an interconnected manner.
MAS is the custodian, reviews and decides on all SPI and MPI licence applications. Before granting, refusing, or attaching conditions to a licence, and before assessing applications for a new one, it conducts a thorough assessment of each applicant’s business model, governance arrangements, capital position, compliance framework, and the fit and properness of key members of staff.
Upon issuance of a licence, MAS monitors all payment institutions on an ongoing basis by conducting on-site inspections of the institutions’ premises, systems, and compliance records, as well as off-site monitoring, such as analysis of AUM data and regulatory returns, and event-driven notifications received from institutions.
MAS formulates and updates the regulatory regime governing payment institutions and publishes guidelines, notices, and consultation papers that set the standards of conduct and compliance requirements for all licensed institutions. In addition, MAS has been working with international regulatory institutions to harmonise Singapore’s payments framework with international standards.
Under the PS Act, MAS has wide enforcement powers, including the power to impose civil penalties on firms, issue directions, require remediation, and suspend or revoke licences, as well as to refer matters to the Public Prosecutor for criminal prosecution if serious regulatory violations have been committed.
The PS Act outlines seven categories of regulated payment services. A firm should determine which of these services it will offer and ensure that its licence applies to each service type before it starts providing the service.
This includes the opening of payment accounts (which may include e-wallets and stored-value accounts) on which customers can hold funds and make payments. Account issuance is a fundamental service that any digital wallet, e-commerce platform, or super-app offering users a stored-value facility needs to provide.
Domestic money transfer services refer to the transfer of funds within Singapore; Cross-border money transfer services refer to remittances and payments to recipients outside of Singapore. They are both covered by AML/CFT controls and are separately regulated under the PS Act.
Merchant acquisition is the processing of payment transactions for merchants, allowing businesses to accept card payments, QR code payments, and other electronic payment methods. It is regulated by payment processors, acquiring banks and merchant service providers.
E-money issuance is the process of providing electronic monetary value recorded on a payment instrument or an account, which can be used to redeem goods or services or exchanged for money. Digital payment token services (the acquisition, issuance, and processing of digital payment tokens) are also regulated under the PS Act. They are subject to additional requirements based on their higher risk profile.
The Standard Payment Institution (SPI) licence is a MAS authorisation issued under the PS Act that allows a firm to offer one or more payment services, subject to certain transaction volume limits. It’s the basic payment institution licence, suitable for smaller payment service providers, early-stage fintech businesses, and those with slightly lower transaction volumes than might warrant the full scope of the MPI licence. The SPI licence carries lower compliance requirements than the MPI because it is for smaller payment operations with lower systemic risk. An easier compliance burden does not imply a lack of regulatory rigour; however, the MAS requires that SPI holders comply with the fit and proper criteria, AML/CFT, conduct requirements, and ongoing regulatory reporting. The SPI is designed to be the right option for companies entering the regulated payment services industry for the first time and a clear step toward upgrading to an MPI licence as transaction volume increases.
The SPI licence is suitable for a particular type of payment service provider. Firms can use this knowledge of the typical business models under an SPI to evaluate whether this is the appropriate licence for them.
Fintech firms in their nascent stages, such as those developing payment wallets, remittance services, or merchant payment solutions for a specific customer group, are generally subject to the SPI transaction limits and may also take advantage of the reduced compliance burden of the SPI licence when initially setting up their operations in Singapore.
Individual money transfer companies that specialise in a certain type of migration, such as Singapore to Philippines or Singapore to India, are often allowed to deal with a narrow migration flow, usually because their clientele is a specific community rather than the general consumer market.
The transaction volume of operators of e-wallets or stored-value accounts for a particular merchant ecosystem, loyalty programme or employer group is usually within the SPI limits. It fits the general SPI structure, unlike the general public.
Firms moving from an SPI to full PS Act-licensed status often start under an SPI, where the regulatory framework is manageable and offers a way for businesses to grow and for their compliance systems to develop.
One of the key features of the SPI licence is its transaction volume thresholds. These caps set the maximum scale at which the SPI holder is allowed to operate, and breaching them requires an MPI licence application.
On any rolling 12-month period, an SPI holder will be capped at S$3 million in average monthly transaction value for any regulated payment service (excluding e-money issuance and money-changing services). This cap is a separate cap for each service type.
If a holder of an SPI offers two or more regulated payment services, the average transaction value for these services in a rolling year (12 months) of the preceding year shall not exceed S$6 million.
The amount of e-money outstanding at any time (also known as the total outstanding e-money float) must not exceed S$5 million for an e-money holder that also services e-money issuance. If e-money outstanding exceeds this cap, there will need to be either a reduction in e-money outstanding or the upgrade to an MPI licence.
SPI holders are expected to track their transactions on an ongoing basis and proactively alert MAS when they reach the applicable thresholds. MAS does not expect firms to start the licence variation process once they have hit the thresholds, but rather well before.
From the time of license issuance, SPI holders must comply with a set of defined obligations. These conditions are scaled but real regulatory requirements that must be managed during the firm’s licensed life.
SPI holders are required to establish a risk-based AML/CFT programme that must include customer identification and verification, transaction monitoring, and reporting of suspicious transactions to the Suspicious Transaction Reporting Office (STRO). The programme should be recorded, in use and regularly reviewed internally.
MAS’ fit-and-proper requirements must be met continuously by all directors, the CEO, and key management personnel of an SPI. Any change in the firm’s key personnel or key shareholding structure must be reported to MAS within the stipulated time frame.
SPI holders will be required to file periodic regulatory returns with MAS that include, among other things, the number of transactions, the nature of the services provided, and changes in business activities. Event-driven notifications (including material changes in the business model, cybersecurity incidents and breaches of licence conditions) must be reported promptly.
SPI holders will be governed by the conduct-of-business requirements for payment institutions set by MAS, which include disclosing fees and transaction terms to customers, handling customer complaints, and safeguarding customer data in compliance with relevant Singapore laws.
A Major Payment Institution (MPI) licence is a MAS authorisation under the PS Act that allows a firm to offer one or more regulated payment services without the transaction volume or e-money float limits that apply to those holding an SPI licence. It is the higher-tier payment institution licence, which is available to existing payment institutions, large-scale digital wallet service providers, significant cross-border remittance service providers, and digital payment token service providers with a monthly transaction value of more than, or likely to exceed, the SPI limits. The MPI licence is subject to all PS Act obligations for customer fund safeguarding, capital requirements, and reporting and conduct requirements, which are more stringent given the systemic importance and higher risk profile of high-volume payment operations. The MPI licence is the right licence for firms developing a payment services business with a clear intention to scale it significantly — or for firms whose investment commitments or commercial plans will require large transaction volumes from the start.
The MPI licence aims to be available to payment service providers whose business model or scale the SPI framework can’t support. Several types of firms always need MPI licensing.
Consumer-facing digital wallets with high user counts, such as those embedded in super-apps, ride-hailing apps, or major e-commerce platforms, generally have transaction volumes above the SPI level from early in their development. MPI must license these companies to operate without volume limitations.
High-volume cross-border MTO for wide consumer and business customers, those with multiple corridors and/or large diaspora communities, often need to operate at high volumes and require the flexibility of an MPI licence.
Firms that deal in digital payment tokens, such as cryptocurrency exchanges, OTC desks, and token swap platforms that process a large volume of digital payment token transactions, will need an MPI licence with a DPT service authorisation. The increased risk profile of DPT services is reflected in MAS’s higher standards for compliance by MPI holders carrying out these activities.
Payment processors and merchant acquirers that process more than a specified number of transactions for any merchant client in a month must be licensed under MPI. These companies tend to sign up merchants quickly, and transaction volume can increase rapidly as well, making it crucial to work towards licensing your Merchant Processing agreement from the get-go.
The MPI licence does not have a cap on transaction volumes or e-money float, unlike the SPI licence. But there are specific financial needs linked to the size of MPI operations.
MPI licence holders are not subject to monthly caps or rolling 12-month caps on any number of transactions for regulated payment services (RPS). The unrivalled capacity is what sets the MPI licence apart from the SPI and is the main reason companies apply for MPI licensing from the start.
Unlike the S$5 million e-money float cap imposed on SPI holders, the e-money float cap does not apply to MPI holders for their e-money issuance services. This enables an MPI e-money issuer to maintain any desired amount of e-money outstanding in accordance with its business model, with the sole exception of user fund safeguarding imposed on MPI holders.
Applicants for the MPIs must have a minimum paid-up capital of S$250,000 at the time of application and ensure that the capital remains at or above S$ 250,000 at all times. This level of capital is substantially above the SPI baseline and reflects the higher financial needs of MPI holders, such as user fund security.
An MPI holder must deposit security with MAS or obtain a bank guarantee of S$100,000 (if average monthly transactions are not more than S$6 million) or S$200,000 (if average monthly transactions exceed S$6 million) before starting their business. The deposit serves as a financial cushion for MAS to tap into if the MPI holder is unable to honour its obligations to the customers.
Payment operations are subject to the complete range of PS Act compliance obligations, which are more onerous than those applicable to SPI payments, given that the payment system is of systemic importance for large-scale payment operations.
MPI holders must take robust measures to protect the funds of their payment service customers. This involves keeping user funds segregated from the firm’s normal operating funds held in MAS-approved financial institutions, and reporting to MAS regularly on the safeguarding measures taken.
MAS TRM Guidelines require detailed expectations regarding system resilience, cybersecurity controls, incident response planning, and oversight of third-party vendors for MPI holders. The requirements are based on the critical nature of large-scale payment systems and the possibility that operational problems could affect many users.
AML/CFT requirements apply to all payment institution licensees. Still, MPI holders are expected to have a higher level of compliance in some areas, such as beneficial ownership verification, enhanced due diligence for higher-risk customers, and the capability of the transaction monitoring system. MAS implements the Travel Rule and other KYC measures at the point of every transaction for DPT service providers.
MPI holders will need to provide an annual report that includes a review of compliance with their obligations under the PS Act, the effectiveness of their AML/CFT controls, and the adequacy of their safeguarding arrangements, carried out by an independent external auditor. This report shall be submitted to MAS within the stipulated period after the end of the financial year of the firm.
The regulatory differences that Singapore is most immediately seen in are the levels of transaction volume and e-money float, which identify the type of licence required for a given payment business. The SPI is based on a set of caps that impose an obligation to upgrade. At the same time, the MPI has no volume constraints — the choice between the two can ultimately be seen as a matter of the firm’s current and expected operations.
The VCFM regime’s licensing requirements for different types of businesses are designed to ensure that only truly early-stage VCs can benefit from the simplified requirements. The criteria include fund structure, investment mandate, governance and staffing.
The SPI licence is subject to a cap of S$3 million of average monthly transactions per person per payment service, and an overall cap of S$6 million of transactions, regardless of whether they are e-money or money changing, for all payment services for each person within 12 months, taken forward from the start of the licence. The float of e-money is limited to a maximum of S$5 million in circulation. The limits are suitable for smaller operators and early-stage businesses, but do require active monitoring as the business expands, as exceeding the limits without a licence variation is also a regulatory offence. SPI holders would be required to have systems in place that track their rolling transaction volume against these caps at all times.
There is no limit on the number of payment service transactions the firm may process under the MPI licence, nor on the amount of e-money that may be held on the firm’s balance sheet. The operational scale is unconstrained, but this is accompanied by much more stringent compliance requirements – such as maintaining a base capital of at least S$250,000, holding a security deposit of between S$100,000 and S$200,000, an independent audit of the user funds and an annual audit requirement – to demonstrate the higher risk profile and systemic importance of large-scale payment operations in Singapore.
Table 1: SPI vs MPI — Transaction Thresholds and Financial Requirements
The transaction threshold structure does not necessarily dictate a company’s choice between SPI and MPI; a firm can begin with an SPI and then outgrow it as its user base and transaction volume grow. By planning for the licence upgrade path and tracking volumes over the past 12 months, the firm can ensure there is no disruption to operations if it exceeds the SPI thresholds without an MPI licence.
An important distinction between SPI and MPI licence holders is that the latter must ensure that funds are kept safe. This requirement applies only to MPI holders, due to the increased volume of customer funds passing through high-volume systems.
All user funds must be placed in accounts maintained in the name of the MPI holder, and such accounts must be separate from the firm’s operating accounts and maintained with an approved Singapore-licensed bank or finance company. The mixing of user funds with operating funds is not allowed, and MPI holders are required to perform daily reconciliation of user fund balances with the amounts maintained in separate accounts.
The user fund protection requirements of the PS Act do not apply to the SPI holders. Based on MAS’s risk assessment of SPI operations, the systemic risk they pose is not sufficient to justify requiring them to segregate their own funds. MAS has, however, imposed general requirements on SPI holders to exercise proper care over funds held by customers.
Information on safeguarding arrangements to be reported to MAS must be included in the MPI holder’s periodic regulatory returns. It will be reported to MAS as soon as it becomes known that the arrangements are or may be inadequate. Safeguarding arrangements should be a specific focus of the annual independent audit carried out by MPI holders.
The MPI obligation to guard user funds has obvious implications for cash management, as cash user funds in segregated accounts cannot be invested or used to fund operations by a payment firm designing its business model and treasury arrangements. Firms must consider the working capital implications of their safeguarding obligations when planning their MPI for licensing.
In addition to the financial requirements, the MAS payment services licence comparison also highlights differences in the extent and depth of regulatory reporting requirements for SPI and MPI holders. These differences stem from the “proportionality principle” embedded in the PS Act framework.
The SPI and MPI holders are required to provide periodic returns to MAS. MPI holders, however, have to file more detailed and frequent reports, including transaction volumes by service, safeguarding balances, AML/CFT programme metrics, and technology risk indicators, due to the higher expectations for supervisory attention to large-scale payment operations.
MPI holders are required to have an annual independent audit of their PS Act compliance, safeguarding arrangements and AML/CFT controls. SPIs do not need to be audited annually by an independent audit firm, but remain subject to MAS’s right to conduct ad hoc inspections and information requests at any time.
Any change in shareholding or control, a change in key personnel, a significant cybersecurity incident, or a breach of licence conditions is defined as a material event that should be notified to MAS by both SPI and MPI holders. MPI holders have additional notification requirements on specific aspects, such as any anticipated or actual inadequacy in their safeguarding arrangements.
In this respect, the operations of MPI holders are more likely to be observed by MAS than those of SPI holders, because of the larger number of customers and counterparties that may be affected in the event of a compliance failure, and the size of their operations. Should the MAS contact any MPI firm, it will be more likely to obtain supervisory contact, detailed enquiries about information, and higher expectations for documentation.
An SPI vs MPI licence requirements framework is not just a compliance choice; it’s a business choice that impacts the firm’s operational infrastructure, cost base, and growth path.
The SPI licence is ideal for companies that anticipate that their transaction volume will be within the SPI limits for their first few years. It enables the firm to consolidate its business in Singapore, expand its compliance framework, and grow its customer base before the higher compliance expenses associated with MPI licensing.
Firms whose business plans suggest that the SPI thresholds could be breached in the first 12 to 18 months of operation, or where their commercial commitments depend on transaction volume being unrestricted from the start of operation, should apply for an MPI licence from the beginning instead of going through the process of a licence variation in the early stages of operation.
Business continuity plans should incorporate the timeframe for applying for an MPI, the additional capital and operational needs it would require, as well as the implications of the variation process from the time of the first application of the SPI, rather than when thresholds are approached.
The firm’s technology infrastructure has specific requirements, including compliance with the TRM Guidelines and safeguarding requirements for MPI compliance obligations. Companies wishing to move from SPI to MPI should ask whether their current systems will support MPI compliance from the outset of the upgraded licence, which should be planned in parallel with the licence variation application.
The issuance of accounts is one of the seven categories of payments regulated by the PS Act. Any firm that issues a payment institution licensing guide in Singapore or an account issuance authorisation is required to hold an SPI or MPI licence.
Account issuance includes establishing and maintaining payment accounts that users can use to pay electronically and to deposit and withdraw money. This includes e-wallets, stored-value accounts, or digital payment accounts (via mobile apps or web platforms), but not bank accounts, which are regulated under the Banking Act.
Consumer-facing e-wallet operators (such as those available on ride-hailing, food delivery, e-commerce, and super-apps) are the most prevalent issuers of account issuance service authorisations. The number of users and transactions your application processes usually determines which SPI or MPI licences you need.
The account issuance service category also covers employer payroll wallets, corporate expense accounts and loyalty programme stored-value accounts. Still, they may be able to run under an SPI licence due to their smaller user base and transaction volume.
Account issuance and e-money issuance are two distinct regulated services under the PS Act that are related. The issuance of e-money is the creation and issuance of electronically stored monetary value that can be converted into goods or services or other currencies, often in conjunction with the service of opening and operating an account.
One of the most widely licensed and regulated payment services under the PS Act is money transfer, both within Singapore and internationally. These services are part and parcel of the traditional remittance operators’ business and are becoming part of the product offerings of digital payment platforms.
Domestic money transfer services involve transferring money between payers and payees within Singapore and do not require the creation of a payment account. This includes PayNow transfers, bank-to-bank transfers using non-bank payment platforms and peer-to-peer payments.
A cross-border money transfer service refers to the transfer of money to or from another jurisdiction, or the receipt of money in Singapore from another jurisdiction. This class includes the traditional remittance houses and international payment providers that are vital to the work of migrant workers, students abroad, and companies with overseas suppliers and customers.
Domestic and cross-border money transfer services are subject to AML/CFT requirements, such as customer due diligence for both sender and receiver, monitoring transactions for suspicious activity, and — in the case of cross-border transfers — the FATF Travel Rule in relation to certain thresholds.
Many remittance/money transfer companies start with an SPI licence, and they achieve suitable operational capacity through SPI thresholds during the initial growth phase. Operators that provide services to a wide range of consumers or operate on more than one remittance corridor often hit SPI targets in their first 2 years, and MPI planning is a critical component of the initial design of the business model.
Payment processors, digital wallet platforms, and consumer-facing payment applications are primarily involved in two regulated payment service categories: merchant acquisition and e-money issuance.
Merchant acquisition refers to the processing and settlement of payment transactions on behalf of merchants, allowing businesses to accept electronic payments from their customers. Payment processors and acquirers that process payments and onboard merchants will engage in this regulated activity and will be required to hold the relevant PS Act licence.
E-money issuance refers to the process of issuing electronic monetary values (EMV) that are stored on a payment instrument, payment account, or chip card, and can be exchanged by the cardholder for goods, services, or fiat money with the issuer or a network of participating merchants. E-money issuers range from large consumer wallet companies to more limited closed-loop prepaid card companies operating within specific merchant ecosystems.
In the case of an e-money holder that offers e-money issuance services, the value of e-money outstanding at any time (the e-money float) shall be kept in safeguarded accounts that comply with the user fund protection standards set by MAS. SPI holders have a S$5 million e-money float cap, which limits the amount of e-money issuance that can be conducted without an MPI licence.
Many payment systems offer both merchant acquisition and account issuance/e-money issuance services — such as a QR code payment system that issues QR codes for merchants and e-wallets for consumers. There are specific regulatory authorisations for each service type, and the compliance requirements for each service are distinct.
As a result of the high-risk nature of cryptocurrency and digital asset activities in Singapore’s financial regulatory environment, payment token services are among the most heavily regulated categories of payment services under the PS Act and are referred to as digital payment token services (DPT services).
The DPT services include the purchase or sale of digital payment tokens, the trading of DPTs (as principal or agent), the inducement or attempted inducement of persons to engage in a DPT transaction, and the custody of DPTs. Cryptocurrency exchanges typically hold DPT service authorisations, operate OTC crypto desks, and provide crypto custody services.
DPT service providers must also comply with additional regulatory obligations that do not apply to other payment services, such as AML/CFT obligations, the application of the Travel Rule to all DPT payments above prescribed thresholds, enhanced customer due diligence requirements, and restrictions on marketing DPT services to retail customers.
Technically, a small-scale DPT service provider might be operating within the SPI thresholds. Still, given the size of most cryptocurrency exchanges and OTC desks, and MAS’s heightened expectations of DPT service providers, it would now seem more appropriate to apply MPI licensing as the de facto rule for established DPT service providers in Singapore. MAS has signalled that it will closely monitor DPT licence applications and expects high standards of governance and compliance from all DPT service providers.
In 2022, MAS advised DPT service providers to no longer actively market or advertise their services to the general public in Singapore, in accordance with regulatory changes made since then. DPT services may be actively marketed only to institutional and sophisticated investors, given MAS’s concerns about retail consumers’ ability to evaluate the risks of DPT investment activities.
All applicants to SPI and MPI, as well as key personnel, are subject to MAS’s Fit and Proper Criteria (Guidelines FSG-G01). The SPI and MPI licence requirements in this area are non-negotiable and apply when the firm applies and on an ongoing basis during the firm’s licensed life.
MAS checks for criminal convictions, regulatory fines or sanctions, civil judgments, and professional disciplinary actions that have occurred in any jurisdiction in the past for any directors, CEO, or key management personnel. Non-disclosure of material regulatory or legal history will be considered a serious violation and may lead to the rejection of applications.
Key personnel should have the necessary qualifications and experience relevant to their role in the operation of the service. MAS evaluates this based on the professional background information included in the application, and for senior positions, it may seek supplementary information or references.
MAS will take into account whether key individuals have a good financial record, including any prior insolvency, bankruptcy, or material default on debts in any jurisdiction. Financial instability among key personnel is considered one of the governance risk indicators and needs to be explained in the application.
MAS will assess whether proposed key appointees have conflicts of interest that may affect their capacity to act in the firm’s and customers’ interests, and whether they have adequate time to devote to their duties in Singapore due to other professional or personal obligations.
The capital and financial needs differ between SPI and MPI applicants, reflecting the proportional risk approach of the PS Act. All applicants (whether individual or group) are required to demonstrate the financial ability to begin and continue licensed operations from the date of licensing.
The PS Act does not prescribe any specific minimum paid-up capital for an SPI applicant; MAS will expect the SPI applicant to have adequate financial resources to support its operations and comply with its regulatory obligations. In actuality, an applicant’s capital should be commensurate with the size and riskiness of the payment services to be offered.
All applicants for an MPI must have a minimum of S$250,000 in paid-up capital at the time of application and maintain this paid-up capital throughout the life of the MPI. This capital must be ready and unrestricted, meaning it can’t be allocated to other expenses or contingent on future funding.
Before starting a business, the MPI holder is required to deposit a guarantee of either S$100,000 or S$200,000 (as applicable, depending on the average monthly transaction size) with MAS or a qualifying bank as a security deposit. The amount of this deposit is for the protection of MAS and can be called upon if the MPI holder fails to meet its obligations.
Under certain conditions set by MAS, entities that introduce corporate finance clients without providing substantive advice on investments and transactions may be considered corporate finance advisers. The scope of this exemption is limited and should be considered on a case-by-case basis.
MAS does not require applicants to have a minimum headcount in Singapore; they must demonstrate that their governance arrangements and substance are credible.
Only Singapore-incorporated companies or foreign companies with a Singapore branch, registered with ACRA, are eligible to apply for SPI or MPI licences. The regulated entity must have a physical office in Singapore from which its regulated payment service activities are carried out.
The CEO, Managing Director, or other senior manager of the firm (as the case may be) shall be ordinarily resident in Singapore and shall be actively involved in the day-to-day management of the firm’s payment service activities in Singapore. This role is full-time and requires the person to meet MAS’s fit-and-proper requirements.
The firm shall have a board of directors capable of providing effective governance oversight of the payment services business. At least one of the directors should be ordinarily resident in Singapore. The board needs to show active involvement in the firm’s risk management, compliance and strategy process – not just be the nominal corporate governance structure.
All applicants (including SPI and MPI applicants) are required to have an identifiable compliance function to monitor the firm’s compliance with its compliance obligations under the PS Act, AML/CFT programme and licence conditions. The compliance function can be carried out by a suitably qualified person, as a compliance officer, with other duties, if the applicant is a smaller SPI company.
The completeness and quality of the application package are the primary determinants of the speed and outcome of MAS’s review. Before applying for the payment institution licence analysis, it is crucial to know what documentation is required to conduct such an analysis.
It should contain a ‘business plan’ that provides substantiation of each business activity proposed against the regulated payment service for which it is intended, and should provide sufficient detail of the operation of the business activities to show that the applicant is ready to undertake the activities as a licensed business. Applications often get delayed due to generic or high-level business plans.
In 2024, new applicants for SPI and MPI must submit a legal opinion from a law firm experienced in the PS Act, confirming which services and products are considered regulated payment services under the PS Act. The opinion and any approach the firm wishes to take to the provision of the services must be prepared by a qualified Singapore-admitted solicitor and must cover the regulated classification of each service the firm proposes to provide.
As part of the application, a full AML/CFT framework, including customer due diligence policies, suspicious transaction reporting procedures, transaction monitoring procedures and governance arrangements for the compliance function must be provided. Such documents should be substantive and tailored to the type of company and its clientele.
All proposed directors, CEO and key management personnel must provide detailed profiles, including full employment history, educational qualifications, regulatory disclosure declarations, and regulatory or legal history in all jurisdictions. MAS will conduct independent verification of these profiles during the review process, focusing on key elements.
AML/CFT compliance is the bottom line, a condition for all payment institution licensees under the PS Act that cannot be compromised. MAS has published the AML/CFT notices covering payment institutions, which prescribe in detail the requirements that all SPI/MPIs must comply with from the date of their licensing — most prominently, MAS Notice PSN01. The AML/CFT framework for payment institutions is risk-based – this implies that any level of control applied to any specific customer, transaction, or service must reflect the level of money laundering or terrorist financing risk assessed for that customer, transaction, or service. This risk-based approach involves payment institutions completing and documenting a thorough Money Laundering and Terrorist Financing Risk Assessment that addresses their customer base, geographic exposure, nature of transactions, delivery channels, and products before implementing their AML/CFT controls.
Since the implementation of the PS Act, MAS’s AML/CFT expectations for payment institutions have become much more stringent, as Singapore aims to uphold its high level of FATF compliance and mitigate the unique AML risks of digital payment services. Payment institutions are required to amend their AML/CFT policies and risk assessments at least once a year, or more frequently if their business model, customer base, or the regulatory environment changes significantly. AML/CFT compliance failures fall into the most severe category of regulatory failure. They can result in a range of enforcement actions, from formal warnings and directions for remediation to heavy financial fines and even the loss of a licence. The Singapore payment services compliance guide for AML/CFT starts by adopting a truly risk-driven approach to designing a compliance programme, rather than a compliance programme designed on paper.
At the heart of every payment institution’s AML/CFT programme is its customer due diligence (CDD). MAS expects payment institutions to use proportionate CDD procedures that are suitable to the risk profile of each customer and the payment services they use.
Standard CDD mandates the identification and verification of the customer and — if the customer is a legal person — of the customer’s beneficial owners and controllers. This usually means obtaining and checking government-issued ID papers for individual customers and, for corporate customers, determining the legal entity, its ownership, and who holds control.
Higher-risk customers (such as politically exposed persons (PEPs), customers from higher-risk jurisdictions, and customers with business activities and/or transaction patterns that pose greater money laundering and/or terrorist financing risk) must be subject to enhanced due diligence. The principle of EDT is an in-depth examination of the client’s identity, the origin of funds, and the nature of the payment service relationship.
Lower-risk customers, such as regulated financial institutions, government bodies, and listed companies, may be subject to simplified due diligence if the money-laundering risk is deemed truly low. MAS Notice PSN01 clarifies when SDD is allowed and the controls that must remain in place even when SDD is in effect.
CDD is not a one-off activity upon the customer’s joining. Payment institutions are required to continue monitoring customer transactions, update customer profiles as soon as material changes occur, and periodically review existing customer relationships (the frequency of the review depends on the customer’s risk assessment).
Transaction monitoring is the second pillar of an effective AML/CFT programme. Payment institutions need to have systems and procedures in place to identify unusual transaction patterns among their customers and report them to the relevant authorities as soon as they are identified.
All payment institutions need to have automated transaction monitoring systems in place that can trigger alerts for transactions that have characteristics of money laundering or terrorist financing (e.g. transactions that are unusually large; transactions that occur quickly through one account; transactions that are structured in a way not to trigger reporting thresholds; transactions that do not fit with the customer’s known profile).
A payment institution is obliged to submit a Suspicious Transaction Report (STR) to the Suspicious Transaction Reporting Office (STRO) as soon as practicable whenever the payment institution has reason to suspect the transaction may be a transaction in the proceeds of criminal conduct or may be associated with the activities of a terrorist. You are only required to file an STR if you suspect a transaction, and not when you discover it is actually suspicious.
Any cash payment made by a payment institution exceeding prescribed amounts (currently S$20,000) would be subject to a Cash Transaction Report (CTR) to be submitted to STRO within the prescribed reporting time. The CTRs are to be filed with or without a suspicion of money laundering, and contain “mandated information concerning the transaction and the parties to the transaction”.
The FATF Travel Rule, which mandates the collection, verification, and transmission of information regarding the originator and beneficiary of DPT transfers exceeding S$1,500, applies to payment institutions that offer digital payment token services. The Travel Rule must be supported by a technology infrastructure capable of securely communicating beneficiary information among DPT service providers.
AML/CFT compliance is not a ‘one size fits all’ static programme that can be set up and then forgotten. Payment institutions need to continue implementing payment AML/CFT controls and payment systems security measures, with the understanding that their AML/CFT framework, in its entirety, must be continuously adapted and improved to meet regulatory expectations and the needs of their clients and business.
Payment Institutions (PIs) should restate and revise their Money Laundering and Terrorist Financing Risk Assessments (MLTFRAs) at least annually, taking into account changes to their business model, customer base, geographic exposure, and the latest guidance from MAS and international standard-setting bodies. The new risk assessment should be signed off by senior management and discussed with the board.
Regular AML/CFT training shall be provided to all staff who are involved in any function that involves contact with customers, engages in transactions, or is involved in AML/CFT compliance. Training shall include the firm’s ML/CFT policies and procedures, AML/CFT common red flags, AML/CFT typologies relevant to the firm’s business area, and the staff’s responsibilities in the event of a suspicious transaction.
Payment institutions should regularly review their AML/CFT programme, either internally or through an external review, to assess whether their controls are appropriate, properly implemented, and effective at identifying suspicious transactions. What is found must be disclosed to senior management and the board, and remediation actions must be followed up and completed within agreed deadlines.
MAS constantly revises its AML/CFT notices, guidelines and typology publications. Payment institutions are advised to monitor these updates and promptly adjust their internal policies and procedures to comply with the new requirements and supervisory expectations. If a firm did not include regulatory changes in its AML/CFT programme, this is considered a compliance gap, even if the firm was unaware of the change.
The Singapore payment institution licensing guide’s compliance framework also requires payment institutions to incur recurring costs, irrespective of their size. One of the most common operational issues faced by licensed payment firms is managing these costs while ensuring the quality of the compliance programme.
The establishment of a compliant Singapore payment institution will involve legal costs of S$50,000 to S$200,000 or higher, depending on the complexity of the business model and the payment services applied for, including legal fees for application and constitutional documents, AML/CFT programme development and technology costs for compliance systems, and advisory fees.
The costs of maintaining the AML/CFT programme, compliance staff, technology systems, external legal advice, and regulatory reporting are an important recurring cost for all payment institutions. For smaller SPI holders, these costs may be a high proportion of revenues; hence, the efficient design of compliance programmes — not an over-engineered one — is important to commercial considerations.
The extra costs for MPI holders are due to the annual requirement for an independent audit. The expense of hiring an experienced payment institution auditor and the documentation required to support the audit introduce a significant compliance burden that must be taken into account when developing the firm’s cost structure and fee pricing.
SPI and MPI holders must invest in compliance technology to keep systems compliant, up to date, and tested on an ongoing basis, such as customer identity verification, transaction monitoring, and regulatory reporting solutions. Additional technology investment to support safeguarding reconciliation and reporting will generally be needed for firms scaling from SPI to MPI.
Exceeding the thresholds in SPI vs MPI is a good sign of business success – but the transition from SPI to MPI is a regulatory process that requires careful planning well ahead of breaching the thresholds.
SPI holders are required to keep a close eye on their transaction volume for the previous 12 months, and to begin the MPI licence variation process in time to receive MAS approval before the transaction volume thresholds are met. Companies are in breach of regulatory conditions if they go beyond the SPI thresholds without an approved MPI variation.
However, the MPI licence variation process will generally take MAS about 120 business days after a complete application is received, which is much longer than the 60 business days we aim for for SPI applications. The application for a variation should be submitted at least six to nine months before SPI levels are likely to be exceeded, to allow the new licence to be issued in time for use.
The reasons for the transition to an MPI licence are that the firm must ensure it has a minimum paid-up capital of S$250,000, provide a security deposit, and implement user fund safeguarding arrangements and an improved compliance infrastructure. The obligations must be carefully considered and adequately cost before a licence variation application is made.
During the variation process, payment service operations cannot be interrupted for firms that are transitioning from SPI to MPI. The review will cover compliance with the SPI licence throughout the review period, communication with banking partners and technology providers regarding the upcoming licence change, and ensuring all operational and compliance changes necessitated by the MPI licence are made prior to the change to the new licence.
Cybersecurity, system resilience, and the handling of third-party vendors are among the top regulatory risks for MAS payment licence consultants advising payment institutions in Singapore. The detailed expectations that all payment institutions must comply with are set out in MAS’s Technology Risk Management (TRM) Guidelines.
MAS also expects payment institutions to have strong and resilient payment systems that can achieve the defined recovery time and recovery point objectives in the eventuality of failures. Unplanned downtime of payment platforms used by customers is considered a business failure and could be a liability from a regulatory standpoint, especially when it affects customers.
Payment institutions are required to implement a comprehensive security framework that includes network security, access control, data encryption, vulnerability management, and security monitoring. Regular testing, including independent penetration testing, and adapting previous controls to account for emerging threats and vulnerabilities, are needed for these controls.
Payment institutions that rely on third-party service providers, such as third-party cloud hosting, payment processing infrastructure, and identity verification service providers, should adopt adequate vendor due diligence and oversight mechanisms to ensure that third-party risks are identified and managed appropriately. MAS expects payment institutions to ensure their third-party providers comply with the relevant regulatory requirements.
Payment institutions should have documented response plans that are regularly tested and can be deployed swiftly in the event of a cybersecurity incident or system breach. Aside from the prescribed time limits for notifying MAS, firms are expected to submit detailed post-incident reports on the cause, impact, and remediation of the incident when requested by MAS in the event of a significant technology incident.
The regulatory landscape for payment institutions in Singapore is not set in stone. Since the PS Act entered into force, MAS has consistently issued regulations; payment institutions need to be able to track, evaluate, and adapt to regulatory developments as an integral part of their operational competence.
Since its introduction, the PS Act has undergone several changes, including the extension of the scope of payment services regulated under the Act and the tightening of the regulatory requirements to specific payment services — such as digital payment tokens. Payment institutions are required to stay abreast of legislative changes and promptly adjust their compliance processes to align with applicable legislation.
Consultation papers and updated guidelines on specific focus areas of payment institution regulation, such as AML/CFT standards, technology risk management, and conduct requirements for specific payment service types, are regularly published by MAS. Payment institutions should engage in public consultations if relevant to their activities and act quickly on the results of completed consultations.
International standards issued by the Financial Action Task Force (FATF), the BIS Committee on Payments and Market Infrastructures (CPMI) and the International Organisation of Securities Commissions (IOSCO) influence Singapore’s payment services regulations. In the past, the majority of regulatory issuances by these organisations, such as changes to FATF Recommendations or the implementation of new standards for digital assets, have trickled down to MAS policy, and ultimately, the regulatory requirements of payment institutions licensed in Singapore.
Payment institutions with a proactive relationship with MAS (such as attending industry events, joining MAS-facilitated industry working groups, and discussing industry supervisory matters with MAS supervisors before implementing measures) are well placed to react to and anticipate MAS’s regulatory requirements compared with those who engage with MAS reactively. It’s important to invest in MAS relationship management – not just a courtesy.
The question of which payment institution licence I need is best answered by a structured assessment of key factors that, together, will identify the appropriate type of licence for the firm’s current operations and plans.
The most significant criteria are the volume of transactions the firm is currently processing and expects to process in the first 12 to 24 months of licensed operation. If future forecasts suggest that the SPI threshold is likely to be breached within 18 months of the date the licence is granted, or if a commitment has been settled with a commercial entity that requires full volumes, then it is more suitable to begin with an MPI licence.
The nature of the payment service offered can significantly impact the type of licence required and the compliance requirements. More companies are likely to need MPI licensing to serve a broad merchant base, issue e-money at scale, or acquire merchants than those offering niche remittance or closed-loop wallet services within a specific community.
When comparing early-stage companies, the minimum capital requirement for the MPI licence is a major factor: S$250,000. While the firm may be able to meet the higher capital requirement on the application date, it may be necessary for it to obtain an SPI licence, which has a lower capital requirement, in the short term. In contrast, a stronger capital base is put in place to enable the firm to qualify for an MPI licence in the longer term.
Payment service providers, like some investors, commercial partners, and enterprise customers, want to see that their suppliers have an MPI licence before engaging with them — this suggests they believe the MPI’s tougher requirements indicate the supplier is a more mature and compliant firm. The stakeholder commitments of these firms may mean they need to apply for an MPI license even if their existing volumes would otherwise qualify for an SPI license.
One of the key issues for the Singapore decision on SPI vs MPI licences is growth planning. A firm that makes the correct choice of licence at a particular point in its business but fails to plan for its expected growth may end up operating beyond the scope of its licence at a crucial point in its development.
The number of transactions that payment companies are expected to process should be based on a 12-month rolling window, which is also used to calculate a payment company’s SPI threshold, in both base-case and optimistic growth scenarios. This modelling should be revised every quarter and used as an early warning to initiate licence variation planning when SPI projections are likely to be met within the next 12 months.
From the very beginning, firms should include the MPI upgrade in their regulatory roadmap as part of a comprehensive plan that outlines the timeline, capital requirements, and investments in compliance infrastructure and operations the upgrade will require. Considering the MPI upgrade as a planned event, rather than a rushed solution to reach the threshold, places the change less squarely in the middle of the change curve, minimising disruption during the transition.
Payment institution licensees generally maintain banking relationships for their settlement, safeguarding, and operational accounts. In advance, banking partners should be made aware of the firm’s growth plans and the expected licence transition timeline, as some banking arrangements may need to be restructured during the transition to MPI due to the segregated safeguarding accounts required by the MPI holders.
The implementation expenses of an MPI licence – the security deposit, security measures and infrastructure, annual audit, and increased regulatory reporting – are significant additions to the firm’s cost base compared to an SPI. Companies looking to implement an MPI upgrade should consider the cost of compliance and how this will impact the pricing model and fees.
Compliance requirements are significantly heavier under an MPI licence than under an SPI licence, and firms must consider whether they have the resources (personnel, technology, and funds) to maintain compliance with an MPI licence before applying for one.
MPI holders face stronger compliance obligations, technology risk obligations, annual audit coordination, and safeguarding monitoring than SPI holders, necessitating a more robust compliance function. Compliance teams should be evaluated to determine whether they can handle MPI compliance or need to hire new staff or engage outside contractors for this purpose before the licence move.
MPI compliance has specific technology requirements, such as safeguarding for reconciliation systems, enhanced transaction monitoring and TRM-compliant technology infrastructure. A technology gap assessment should be carried out before applying for an MPI licence to determine any investments needed to become compliant, and to budget for them accordingly.
As compliance with the new regulations, such as AML/CFT and DPT, as well as technology risk management, can be complex, most people who hold an MPI will have a continuing relationship with external legal, compliance and technology advisers. Considering these advisory relationships as a constant operating expense, rather than a reactive expense, is a better and more cost-effective way to manage MPI compliance.
For compliance, it is important that the firm’s board and senior management actively and informatively engage in the compliance function, approve material AML/CFT risk assessments/policies and be responsible for the firm’s regulatory standing with MAS. Boards and senior management teams that have limited experience with direct payment services compliance may require additional skills by bringing on a director or advisory board member who has such experience.
Knowing the extent to which typical fintech business models align with the SPI vs MPI decision should enable firms to make informed licensing decisions at the outset of the regulatory planning process.
Table 2: Common Fintech Business Models and Likely Licence Requirements
The scenarios above are examples of what can happen, not what does happen. The appropriate licence for a given company will depend on the precise nature of the regulated activities, the volume of transactions that the company expects to process, the number of investors in the company, and its commercial commitments. For any business where it is not clear which payment licence is correct (SPI vs MPI), it is advisable to engage qualified MAS payment licence consultants and conduct a regulatory field assessment before filing.
Becoming a payment institution is just the first step to a firm’s MAS relationship. Active compliance with Singapore payment services guide obligations requires that licensed enterprises adhere to these obligations throughout the term of their license while keeping their compliance positions active, accurate, and timely.
All SPI and MPI holders are required to make periodic regulatory returns to MAS at specified times. The returns include transaction count, by service type; transition in the firm’s business model or service scope; AML/CFT programme metrics; and — for MPI holders — safeguarding balances and audit status. Any returns are to be made by the prescribed deadline through the MAS regulatory portal online.
Payment institutions have to prepare annual audited financial statements and submit them to MAS. The financial statements should be issued with the independent auditor’s report to the holder of the MPI on PS Act compliance and safeguarding arrangements. The submission must be made within the specified time period, following the firm’s financial year-end.
In addition to the periodic returns, payment institutions are required to notify MAS immediately of any material events, such as a significant change in shareholding or control, a change in key personnel, a material cybersecurity incident, a breach of licence conditions, and/or any possible failure to fulfil the payment institution’s regulatory obligations. Notices to file are regulatory breaches in themselves.
If an SPI holder is approaching its applicable SPI thresholds, it must notify MAS of its transactions and apply for a licence variation. This variation application should be submitted and approved prior to the firm’s operations going beyond the scope of their SPI license,e and it must include all documentation required for an MPI application.
Payment institutions rely on independent audits and reviews as an important way to demonstrate ongoing compliance with MAS and to identify their own weaknesses before they become MAS issues.
The MHI should ensure that the annual audit is carried out by an independent auditor acceptable to MAS and qualified for the purpose. The audit will examine the firm’s adherence to its PS Act obligations (such as AML/CFT controls, safeguarding provisions, technology risk management, and conduct obligations), and the auditor’s report is to be submitted to MAS within the prescribed period.
All payment institutions — including SPI holders — must have regular, independent audits of their AML/CFT programmes to evaluate their effectiveness and identify gaps. These reviews are not required for SPI holders to undertake regularly. Still, they are considered good practice and are linked to providing early warning of compliance shortcomings before they are identified during a MAS supervisory review.
Payment institutions should regularly arrange independent technology risk assessments, such as penetration testing, vulnerability testing, and disaster recovery testing, to ensure the effectiveness of their technology-based cybersecurity and system resilience controls. MAS will expect these assessments to be repeated regularly and for the outcomes to be acted on within agreed remediation time frames.
In addition to external audits, payment institutions should have an internal audit programme that provides the board and senior management with independent, regular assurance on the firm’s adherence to internal policies and MAS’s regulatory expectations. The internal audit function should be able to access the board directly,y and the results of the internal audits should be monitored and acted upon.
As the regulatory landscape develops, the structure and composition of the firm change, and new typologies of money laundering and technology-enabled money laundering emerge. Internal policies and controls will become outdated due to the firm’s changing needs at the time of licensing and an ongoing management responsibility to keep them current.
Internal policies are to be reviewed and updated in relation to specific trigger events such as changes in MAS notices and guidelines, new AML/CFT typologies published by MAS or FATF, significant changes in the firm’s customer base and services offered, findings from the internal and external audit and lessons learnt from operational incidents and/or customer complaints.
All internal material policies, such as the AML/CFT policy, technology risk management policy, and compliance monitoring plan, should be reviewed as part of a formal annual review cycle, in addition to the event-driven review cycle. All reviews should be documented, approved by senior management or the board and communicated and incorporated into operational procedures if they change.
Payment institutions should keep a record of their internal policies, including changes, their effective dates, and the names of the person(s) approving them. Through this documentation, MAS can see that these policies are not static but are actively managed by the firm, and it also establishes an audit trail in the event of a regulatory enquiry.
Any policy change should be shared with all relevant staff immediately, and training should be provided on important changes if the policy change impacts staff responsibilities or operational practice. Records of staff communications and training on policy updates must be retained as part of the firm’s compliance documentation.
MAS can make inspections of payment institution premises and systems at any time, without notice. Having an organisation on constant alert to conduct inspections for compliance is an integral part of effective compliance management for all licensed payment institutions.
All compliance documentation, such as AML/CFT policies and procedures, customer due diligence records, transaction monitoring alerts and dispositions, suspicious transaction reporting, regulatory return submissions and minutes of compliance meetings must be kept in an organised format, be available for retrieval and be made available to MAS inspectors on a timely basis upon request.
MAS examiners could ask for evidence of compliance systems such as the firm’s transaction monitoring, customer identity verification and safeguarding reconciliation systems. Firms should ensure that suitably trained staff can show inspectors these systems and explain how they help the firm meet its compliance requirements.
Everyone at the school whom the MAS inspectors may contact should be informed of the nature of the inspection and their role in it. Essential compliance, operations and technology personnel should be able to respond expertly and with confidence to queries regarding the firm’s compliance programme, escalation and incident management processes.
Once an MAS inspection has been completed, the firm should consider any findings and/or observations, regardless of whether they have been identified as regulatory breaches or priority remediation items. When licensed payment institutions respond promptly and comprehensively to findings from MAS inspections, it signals the compliance culture that MAS expects and minimises the risk of escalatory regulatory action.
This guide has explained in detail the Payment Services Act (PSA) Singapore licensing framework between the two licenses: SPI and MPI, including the most important factors that differentiate the two, the regulated payment services they cover, the compliance requirements they impose, and considerations for selecting between the two licenses. These are the key principles to reflect:
Deciding to use either an SPI or an MPI licence isn’t just a compliance tick; it’s a strategic decision that influences the firm’s operational capacity, compliance cost structure, and growth path. It should be based on realistic transaction counts, fair estimates of the firm’s capital, and an understanding of the service offerings and investor obligations.
SPI holders should keep an ongoing track of their transactions over the past 12 months, monitoring them against relevant thresholds, not only when they make periodic regulatory return submissions. To ensure the right steps are taken to prevent future threshold breaches, planning for licence variations must be proactive rather than reactive in times of crisis when thresholds have been exceeded.
The regulatory standing of the firm is based on the quality and authenticity of its compliance programme, not just its formal documentation, irrespective of whether it is licensed under an SPI or an MPI. AML/CFT programmes with effective operations, regular assessments, and board-led monitoring and supervision are invariably better regulated than those with well-documented programmes that are poorly controlled.
The PS Act system is not a ‘one size fits all’ system, and payment institutions should continuously gain regulatory intelligence and compliance agility to prepare for changes in the MAS framework, FATF standards, and the evolving risk landscape for digital payment services. Companies that view regulatory change as a business process rather than an “occasionally” disruptive event are more likely to continue operating in compliance for the long haul.
The technical nature of the PS Act – especially the process of service classification, AML/CFT programme design, the DPT regulations and the MPI upgrade process – highlights the added value of qualified payment licence consultants beyond the licence application process. With continuous advisory engagement from seasoned legal, compliance, and technology advisers, payment institutions are equipped with the regulatory expertise and experience they require to navigate Singapore’s payments landscape with confidence and assurance.
For a payment services business to become sustainable in Singapore, we have to embrace regulatory excellence beyond compliance with MAS regulations. The success of Singapore as a leading financial centre in Asia is partly attributable to the quality and integrity of regulated financial institutions. Payment institutions are increasingly playing a central role as financial infrastructure providers in Singapore and are expected to meet this standard. The Standard Payment Institution vs Major Payment Institution regulatory approach offers a graduated regulatory route for firms to transition from a graduated compliance regime to the complete obligations of an MPI licence as they expand. Building the compliance infrastructure upfront, ensuring the right level of capital for the growth phase, and planning for the MPI upgrade so it’s something you plan for and work toward, rather than something that comes out of nowhere and needs to be solved immediately.
In Singapore, the payment services companies that go on to be successful are those that regard MAS as not only a licensee but also a supervisor with whom they actively and transparently engage. The trust that regulators have developed in firms, stemming from proactive notice of material developments, constructive responses to inspection feedback, industry consultation and ongoing investment in compliance programme quality, is reflected in a smooth supervisory relationship, quicker licence variation applications and ultimately superior commercial outcomes in Singapore’s competitive payment services market. This payment institution licensing guide for Singapore offers knowledge and a practical perspective for firms and professionals embarking on licensing for the first time or seeking to enhance compliance programmes, helping them navigate the payment services regulatory landscape with confidence in Singapore.
