Welcome to Singapore. A powerhouse for finance and technology in Southeast Asia and across the globe, Singapore boasts a dynamic and ever-evolving digital-first payments ecosystem.

From seamless mobile wallets like PayLah! and GrabPay to sophisticated cross-border payment services like PayNow, Singapore uses a stringent regulatory framework to govern payments and payment services.

The heart of this framework? The Payment Services Act (PSA), administered by the Monetary Authority of Singapore (MAS) since January 2020. The PSA essentially modernises and consolidates Singapore’s previously fragmented payment regulations, establishing a two-pronged approach that not only supports growth and innovation but also mitigates known risks like money laundering, terrorism financing, and consumer protection issues.

Whether you’re a budding fintech startup, a renowned bank, or a foreign enterprise looking to expand into Singapore, equipping yourself with a sound understanding of the PSA is essential to ensure your business is compliant with local payment laws. This regulation shapes how payment services are offered, impacts operational requirements, and ultimately builds trust within the ecosystem.

This article serves as an introductory complete guide to the PSA for business owners, outlining what you need to know about the relevant regulations to navigate Singapore’s payment landscape effectively and ensure compliance.

Before the Payment Services Act, there was chaos

This was a time before the PSA came into effect on 28 January 2020, when Singapore’s payment services regulations were fragmented and split across a few different policies, including the Payment Systems (Oversight) Act (PS(O)A) and the Money-changing and Remittance Businesses Act (MCRBA).

Under this system, businesses needed to apply for separate licenses under each policy. However, given the rapid pace of innovation, particularly in digital payments and newer technologies like e-wallets and digital token exchanges, Singapore needed to stipulate a central framework that is holistic and forward-looking.

Thus was the PSA born.

Spearheaded by the MAS, the PSA consolidated the regulatory framework surrounding payments under one single, activity-based policy to provide clarity for businesses. Under the PSA, consumer protection and risk mitigation are core priorities, safeguarding users’ funds and tackling crucial risks like money laundering (ML), terrorism financing (TF), and technology and cybersecurity vulnerabilities inherent in payment systems.

In turn, the PSA creates a regulatory environment that fosters innovation while managing risks effectively, bolstering Singapore's reputation as a safe, efficient, and trusted hub for payment services and fintech.

Who needs to comply with the PSA?

The PSA applies to any business or entity providing regulated payment services in Singapore. Put simply, so long as you provide payment services to customers in Singapore, you are subject to the act and may require a license. This holds even if your business is headquartered outside of Singapore.

In this regard, the PSA defines seven specific types of payment services that require licensing if offered in Singapore.

1. Account issuance: These provide or issue payment accounts. E-wallets like GrabPay and Singtel Dash fall under this category, as they enable users to store value and make payments.

2. Domestic money transfer: These facilitate fund transfers between individuals and businesses within Singapore. Local peer-to-peer transfer platforms like PayNow fall under this category.

3. Cross-border money transfer: These enable fund transfers between Singapore and the rest of the world. These include traditional remittance services like Western Union and newer fintech firms such as Wise and Revolut.

4. Merchant acquisition: These enable merchants to accept payments, often involving processing transactions via point-of-sale (POS) systems or online payment gateways. Stripe, Adyen, and KPay fall under this category.

5. E-money issuance: These issue electronically stored money (e-money) for payments or fund transfers.

6. Digital Payment Token (DPT): These encompass a range of applications for handling DPTs (commonly known as cryptocurrencies like Bitcoin and Ether). The PSA covers the following applications:

   1. Buying, selling, or exchanging DPTs. Centralised cryptocurrency exchanges fall under here, such as Coinhako, Gemini, and Kraken.

   2. Transmitting or arranging for the transmission of DPTs

   3. Custodian wallet services for DPTs

   4. Active support for the buying or selling of DPTs without possessing monies or DPTs

7. Money-changing: These refer to the traditional practice of buying or selling foreign currency notes.

Should your business be involved in one or more of these activities in Singapore, you must assess your licensing requirements under the PSA.

The PSA licensing framework, in three tiers

Keeping the PSA’s history, goals, and who it applies to in mind, it is time for you to understand its licensing framework.

The PSA licensing framework is activity-based, issuing licenses based on the scope of payment services provided by businesses. There are three broad tiers of licenses under this framework, starting from the least to the most regulated:

1. Money-changing license

This is the most straightforward license, applying to simple money-changing services. The scope of regulation is narrow, as such services are often provided by small businesses offering over-the-counter services with few risks.

2. Standard Payment Institution (SPI) license

This license applies to businesses conducting any combination of the above seven regulated payment services under specified thresholds.

Generally, SPIs are lightly regulated as the MAS encourages small businesses to innovate and be enterprising in their endeavours.

3. Major Payment Institution (MPI) license

This license is a major extension of the SPI, applicable to businesses that provide payment services exceeding the above thresholds. Given the scale of their operations, they are marked as riskier enterprises and subject to tighter and more robust regulations.

The simplified nature of the PSA licensing framework removes any doubt and uncertainty over which license is the most appropriate for your business to apply for. With this framework, you are empowered to ensure you stay compliant with prevailing payment services laws in Singapore.

Learn more about each license and their thresholds here: Who’s Licensed, and How: A Breakdown of Payment Services Licences in Singapore

Key obligations of your PSA license

With your license on hand, you must now maintain it to ensure the longevity of your business in Singapore. This involves significant compliance obligations, which the MAS has outlined across a few key areas.

Anti-money laundering (AML) and countering the financing of terrorism (CFT)

The first, and most important, of these fee obligations is Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT). This is because payment services can present significant money laundering and terrorism funding (ML/TF) risks—particularly DPTs—often done through illegal cross-border transfers, anonymous cash-based payment transactions, and payment structuring to avoid reporting thresholds.

Businesses are thus obligated to observe the following measures to ensure adequate AML/CFT protection:

1. Develop and implement policies, procedures, and controls to manage and mitigate their risks. This includes Know Your Customer (KYC) checks and transaction monitoring, and record keeping.

2. Enhance the above measures should higher ML/TF risks arise as necessary.

Safeguarding of customer funds

This obligation acts as a buffer if payment service providers become insolvent, preventing the loss of customer funds.

The PSA thus mandates MPIs to safeguard customer money using any of the following stipulated means:

• An undertaking from a bank in Singapore, a merchant bank, or a finance company

• A guarantee from a bank in Singapore, a merchant bank, a finance company, or a financial guarantee insurer

• A deposit in a trust account held with a bank, merchant bank, or finance company

• Safeguarding in other ways as prescribed by MAS

MPIs are only exempt from protecting customer funds if it is received for DPT and money-changing services. They also do not need to safeguard money owed to foreign merchants if they comply with the relevant foreign regulations.

Most SPIs are exempt from this obligation, given that the smaller volume of their regulated payment transactions poses lower risks of loss of customer funds.

Technology risk management

This particularly pertains to new forms of electronic payment spurred by technological advancements. Despite the convenience they afford, they can potentially expose businesses to cybersecurity risks like data breaches, fraud, and operational disruption.

Businesses are thus required to implement strong cybersecurity measures to protect their systems and data integrity, in adherence to MAS’s Technology Risk Management (TRM) guidelines.

Learn more about how to maintain your PSA license here: You’ve Got the Licence. Now Keep It: 11 Tips for Payment Service Providers in Singapore

Compliance is complex yet rewarding

The benefits of compliance are manifold, beginning with enhancing your business’s credibility and trust. Equipping your business with a MAS license signals stability, regulatory adherence, and trustworthiness to your customers, partners, and investors.

Furthermore, your license unlocks access to Singapore’s payments market, serving as the legal foundation on which you can operate and grow your business. And by continuing to align your business with the PSA, you stand to future-proof your business against evolving regulatory frameworks and expectations in the digital finance space.

As a common set of standards to govern payments in Singapore, the PSA ultimately levels the playing field and fosters fair competition across the industry.

Align with the PSA: Take the next step now

Now that you are (almost) an expert in the PSA, the next step is to align your business with its framework and obtain a license.

Start by assessing your business’s activities, determining if any of them can be classified under one or more of the PSA’s identified regulated payment services.

From here, project your transaction volumes and float to determine which of the three licenses applies to your business. Review the relevant MAS guidelines and regulations, and then proceed to compile the necessary documentation for your application.

To streamline the license application process, you can also consider engaging legal counsel experienced with the PSA and the broader MAS licensing rules—especially if your business model is complex and cannot easily fit into the PSA’s seven buckets.

Simplify your PSA license application with Eastern Mezzanine

Look no further than Eastern Mezzanine for your PSA license application needs. Our team of legal counsels are equipped with deep expertise in payment services, and the PSA naturally falls under our purview.

Our dedicated team is here to guide you through the vagaries of the PSA every step of the way, ensuring your business stays compliant with every single regulation that is relevant to your selected license.

Talk to us today to find out how we can kickstart your PSA license application.