Jan 21, 2025
8 min read

Singapore Crypto Regulations—All You Need to Know in 2025

Learn about the compliance requirements and licensing procedures in Singapore's crypto industry in 2025.

Singapore is at the forefront of cryptocurrency adoption in the Asia-Pacific region, securing approximately $627 million in funding for crypto companies across 88 deals in 2023.

The Monetary Authority of Singapore (MAS) has adopted a proactive regulatory stance, authorizing 19 cryptocurrency service providers as of January 2024. This includes major players like Crypto.com and Coinhako. 

Singapore has a system for regulating crypto firms, known as “digital payment token (DPT) providers” in the country. Accordingly, the Payment Services Act 2019 (PS Act) establishes a regulatory framework for DPT service providers in Singapore.

To help you navigate Singapore’s crypto environment, we at Sumsub prepared this guide explaining the specifics of the country’s regulations. 

Crypto is not considered legal tender in Singapore, but it can be used as an alternative means of payment (Legal tender refers to the officially recognized currency that can be used to settle debts and fulfill financial obligations within a country).

In Singapore, the legal tender is the Singapore Dollar (SGD), issued and regulated by the MAS.

Who regulates cryptocurrency in Singapore?

The main law regulating crypto businesses is the PS Act. It was introduced in 2019 to provide a more coherent set of regulations, including rules for licensing and exemptions. We will discuss this part in detail in the following sections.

The MAS is continuously working to improve the regulatory framework of DPT services in the country, issuing several Notices and Guidelines aimed to clarify some regulatory requirements:

Who is affected?

In Singapore, DPT services include:

  • Buying or selling DPTs (commonly known as cryptocurrencies)
  • Providing a platform to allow persons to exchange DPTs
  • Transmitting or arranging for the transmission of DPTs
  • Provision of custodian wallet services for DPTs
  • Actively facilitating the buying or selling of DPTs without possession of monies or DPTs.

AML crypto regulations in Singapore

DPT providers in Singapore must implement AML/CFT procedures and policies, including:

  • Risk assessment and risk mitigation, which includes assessing the possibility of engagement in ML/TF activities by clients and ways to prevent it
  • Customer Due Diligence (CDD), which includes collecting and verifying information about customers during onboarding and analyzing the results
  • Enhanced Due Diligence measures, which are carried out on customers considered to be more high-risk 
  • Simplified Due Diligence, which is carried out under certain circumstances when the risks of money laundering and terrorism financing are low
  • Transaction monitoring, carried out to assess the trajectory of the movement of assets, the size of the assets, frequency, patterns, etc.
  • Sanctions screening, which checks if customers are present on sanction, warning, PEP, or wanted lists
  • Suspicious transaction reporting, where DPT services promptly submit reports on suspicious transactions (including attempted transactions), regardless of the amount of the transaction, to the Suspicious Transaction Reporting Office and the Commercial Affairs Department of the Singapore Police Force, extending a copy to the MAS
  • Recordkeeping, under which the DPT service is required to retain customer information for five years
  • Travel Rule compliance.

Restricting public marketing of crypto assets in Singapore

The MAS requires all providers of cryptocurrency to make sure the public understands the risks of crypto trading. 

The MAS therefore prohibits the following marketing practices:

  1. Portraying DPT trading in a manner that trivializes the high risks 
  1. Releasing any form of advertisements or promotional materials to the general public or a specific consumer segment in Singapore:
  • In public areas in Singapore, including advertising on public transport or public transport venues, or providing in-person access to DPT services through the use of ATMs
  • Through any other media directed at the general public in Singapore, including broadcast media, newspapers and magazines, public events or roadshows
  • Engaging third parties, such as social media influencers or third-party websites, including banners or pop-up advertisements on third-party social media platforms
  • Promoting payment token derivatives to the public as a convenient unregulated alternative to trading in DPTs

So long as the risks of trading in DPTs is not trivialized and the promotion is consistent with the risk disclosures required under the PS Act, DPT service providers are allowed to promote their services on their own through:

  • Corporate websites
  • Mobile applications
  • Official social media accounts

Additionally, DPT service providers shall develop and implement adequate internal policies, procedures, and controls to help prevent money laundering and terrorist financing and communicate these to their employees.

Compliance

DPT service providers are required to develop appropriate compliance management arrangements, which at the least includes appointing an AML/CFT compliance officer at the management level.

Auditing

DPT service providers are required to maintain an audit function that is adequately resourced, independent, and able to regularly assess the effectiveness of their internal policies, procedures, controls, and compliance with regulatory requirements.

Training

DPT service providers should take all appropriate steps to ensure that their employees and officers (whether in Singapore or elsewhere) are regularly and appropriately trained on AML/CFT regulations, internal policies, procedures and controls on AML/CFT.

Singapore crypto regulations update 2024-2025

In 2024, the regulatory landscape for DPT service providers in Singapore underwent significant changes, primarily driven by amendments to the PS Act and the introduction of stricter compliance requirements.

Key developments in DPT licensing:

  • Regulatory amendments: The MAS expanded the PS Act to include provisions for user protection and financial stability. The amendments now encompass a broader range of activities such as custodial services, facilitating DPT exchanges, and cross-border money transfers.
  • Licensing requirements: DPT service providers must demonstrate compliance with stringent licensing criteria, including maintaining a minimum base capital of SGD 250,000 (USD 184,000), implementing robust cyber security measures, and conducting due diligence on counterparties. Additionally, they are required to notify customers about the risks associated with investing in cryptocurrencies.
  • Consumer protection guidelines: In September 2024, MAS revised guidelines to enhance consumer protection measures for DPT service providers. These guidelines include access measures, conflict of interest provisions, and business conduct regulations aimed at safeguarding consumer interests.

The regulatory changes in Singapore align with a global trend towards tighter AML/CFT compliance in the cryptocurrency sector. This is in response to increasing concerns about financial crimes facilitated by DPTs.

Travel Rule requirements in Singapore

As part of their AML obligations, DPT service providers must comply with the Travel Rule as imposed by the MAS.

The Travel Rule requires DPT service providers to collect and share the information of clients when sending or receiving DPTs by value transfer on the account of an originator or beneficiary. Therefore, DPT service providers must provide originator and beneficiary data to each other during DPTs transactions.

If you want to learn more about the Travel Rule and how it’s applied in different counties, including Singapore, you can find all the necessary information at our Help Center

The scope of information that originators are required to share with the beneficiary’s DPT service provider depends on the transaction amount. If the amount of transaction is less than SGD 1,500 (approximately USD 1,106), the DPT service provider should collect and share the following information:

  • The name of the originator
  • The originator’s account number (or unique transaction reference number where no account number exists)
  • The name of the beneficiary
  • The beneficiary’s account number (or unique transaction reference number where no account number exists)

If the transaction amount exceeds SGD 1,500, any of the following information may be required:

  • The name of the originator
  • The originator’s account number (or unique transaction reference number where no account number exists)
  • The name of the beneficiary
  • The beneficiary’s account number (or unique transaction reference number where no account number exists)
  • Any of the following:
    • the originator’s residential address
    • registered or business address and, if different, principal place of business, as may be appropriate
    • the originator’s unique identification number (such as an identity card number, birth certificate number or passport number, or where the originator is not a natural person, the incorporation number or business registration number) the date and place of birth, incorporation or registration of the originator (as may be appropriate)

Travel Rule compliance solution

Navigating the complex regulatory landscape is essential for VASPs, requiring robust compliance solutions. To ensure smooth operations, crypto businesses need extensive connectivity, making it crucial to partner with a provider that supports a wide range of protocols and has an extensive network of VASPs.

Sumsub has the biggest connectivity on the market, with 5 protocols on board (CODE, GTR, TRP, Sumsub and Sygna).

Sumsub also offers a solution with over 1,700 VASPs in its ecosystem and supports more than 10,000 assets, providing comprehensive compliance tools to help service providers meet regulatory requirements efficiently.

Sumsub’s platform includes features for identity verification, transaction monitoring, AML screening, and regulatory reporting, allowing VASPs to comply with the Travel Rule and other mandates while maintaining a seamless user experience and operational efficiency. Additionally, Sumsub effectively manages the “sunrise” period and other challenges related to Travel Rule implementation across different jurisdictions.

The key benefits of Sumsub Travel Rule solution are:

  • Smooth integration with other Sumsub products: Use the Travel Rule solution alongside the user verification, transaction monitoring, and AML check features for detailed transaction information.
  • Popular data exchange protocols: Supports TRP, GTR, CODE, Sygna and Sumsub custom protocol, and email notifications to streamline Travel Rule data exchange. The system automatically chooses the fastest and easiest method to obtain counterparty data.
  • Unhosted wallet verification: Assesses whether the unhosted wallet is owned or controlled by the originator or beneficiary.
  • VASP attribution: Identifies if the virtual asset transaction is with a VASP or an unhosted wallet and establishes the counterparty VASP’s identity.
  • Screening against watchlists: Checks virtual asset transaction participants against global sanctions lists (OFAC, UN, HMT, EU, DFT, etc.) and adverse media.
  • Secure ecosystem: Provides access to the latest verification data and documentation related to other Travel Rule ecosystem members for quick transaction confirmations.
  • Simple solution for interoperability and sunrise issues.
  • Extensive functionality: Allows you to configure specific fields for data exchange to comply with regulations.
  • Supports over 10,000 virtual assets.
  • 1,700 VASPs in the ecosystem.
  • Crypto wallet scoring: Enables automated transaction rejection based on the wallet’s status.

Become a crypto compliance expert!

Join Sumsub’s free crypto Travel Rule course starting on October 3, 2024. Master compliance with practical insights from industry leaders.

Register now
Become a crypto compliance expert!

Licensing requirements

Choosing a license

There are three types of licenses a company can get in Singapore, depending on their business type:

  1. The money-changing license, which suits businesses that only provide a money-changing service (i.e., the buying or selling of foreign currency)
  2. The Standard Payment Institution (SPI) license, which allows holders to provide any kind of payment services, including operations with cryptocurrency. This license can be applied if services meet the following thresholds: 
  • SGD 3 million monthly transactions for any payment service (other than e-money account issuance and money-changing services)
  • SGD 6 million monthly transactions for two or more payment services (other than e-money account issuance and money-changing services)
  • SGD 5 million of daily outstanding electronic money (e-money).
  1. The Major Payment Institution (MPI) license, which offers the same opportunities for companies as the SPI license does, but is meant for larger companies that go beyond the thresholds aforementioned

There may be some additional authorization/recognition requirements in relation to businesses offering DPT.

Obtaining a license 

For SPI, the following criteria apply:

  • Be a Singapore-incorporated company or a Singapore branch of a foreign corporation.
  • Have a permanent place of business or a registered office where the books and records can be securely held.
  • At least one person must be appointed to be present at the place of business or a registered office to address any queries or complaints from consumers.
  • Have a minimum base capital of SGD 100,000 (approximately USD 73,740).
  • Have sufficient capital buffer in excess of the base capital requirement, bearing in mind the scale and scope of its operations and the potential for profit and losses.
  • Have either one executive director who is a Singapore Citizen or Singapore Permanent Resident (PR), or one executive director who is a Singapore Employment Pass (EP) holder, and at least one other director who is a Singapore citizen or Singapore PR.
  • Implement a risk management system specialized for cryptocurrency activities.

The criteria for a MPI license are similar to those for SPIs, except that the minimum capital requirement is SGD 250,000 (approximately USD 184,000).

MPIs are also required to maintain a security deposit as a small buffer for the protection of customer money. MPIs who accept, process or execute payment transactions where the total value is SGD 6 million or less in a month in respect of each payment service are required to place a security deposit of SGD 100,000. Licensees that conduct higher volume transactions (above SGD 6 million) in respect of any payment service are required to place a security deposit of SGD 200,000.

There is a list of assessment criteria that MAS takes into consideration when evaluating an application for licenses. They include, but are not limited to: 

  • Governance and ownership requirements
  • Fitness and propriety
  • Competency of key individuals
  • Permanent place of business or registered office
  • Base capital
  • Security 
  • Compliance arrangements 
  • Technology risk management 
  • Audit arrangements 
  • Annual audit requirements 
  • Letter of Responsibility and Letter of Undertaking

You can read more about the differences in assessment criteria between each license here.

FAQ

  • Is cryptocurrency legal in Singapore?

    Yes, cryptocurrency is legal in Singapore and regulated under the Payment Services Act (PS Act).

  • What is DPT in Singapore?

    DPT (or Digital Payment Token) in Singapore refers to cryptocurrencies and other digital assets regulated under the Payment Services Act.

  • Does the MAS regulate cryptocurrency?

    Yes, the Monetary Authority of Singapore (MAS) regulates cryptocurrency service providers under the Payment Services Act and other relevant frameworks.

AMLCryptoRegulatory ComplianceSingaporeTravel Rule