You’ve seen the clichéd descriptions of Singapore as one of the world’s most dynamic and innovative technological hubs. These are more than just buzzwords, especially if you apply them to the local payments landscape.

As specialists in advising and guiding payment service providers (PSPs) in Singapore, we have witnessed and continue to witness the relentless pace of change in this space. From the emergence of new business models and the evolution of technologies to established players adapting to shifting customer expectations, Singapore’s payments ecosystem never remains in stasis.

As much as innovation flourishes in Singapore’s payments landscape, it is simultaneously managed and regulated by the country’s central bank, the Monetary Authority of Singapore (MAS). Under MAS’s carefully crafted Payment Services Act (PSA), compliance is non-negotiable for all PSPs operating in Singapore, especially in light of the regulatory body’s heightened wariness towards digital payment tokens (DPTs), also known as cryptocurrencies.

MAS's message is clear: compliance underpins any PSP's business strategy more than just abiding by local laws. Both the application and maintenance of their license need to operate in Singapore, ensuring their longevity and credibility in the eyes of both consumers and regulators alike.

What lies ahead beyond Q2 2025?

We can only make educated guesses at this point, but judging by the cocktail of regulatory trends, MAS communications, and our experience guiding licensees, we foresee a compliance function that must be proactive, predictive, tech-enabled, deeply integrated, and culturally ingrained.

DPTs, or the catalyst for stringent regulations

As we mentioned earlier, MAS recently renewed its focus on DPT service providers, in light of the emergence of anti-money laundering and countering the financing of terrorism (AML/CFT), market volatility, and consumer protection risks in the industry.

This sparked a wave of regulations, where MAS acted decisively to mitigate emerging risks and uphold the integrity of Singapore's financial ecosystem. From here, MAS extended this increased vigilance across the entire spectrum of payment services, encompassing traditional remittance, merchant acquisition, e-money issuance, domestic and cross-border transfers, and more. For example, MAS issued Notice PSN01 to manage AML/CFT risks for all other payment services, serving as a parallel to the DPT-focused Notice PSN02.

In essence, MAS applied the core principles of its DPT measures—robust risk management, enhanced due diligence (EDD), clear consumer communication, and strong governance—to all PSP licensees, establishing them as the baseline expectations for payment services in Singapore.

Payment service compliance in 2025: What should you look out for?

With regulations now tighter than ever, what’s next?

For starters, we’ve identified five key pillars shaping MAS’s compliance expectations as of 2025:

1. Proactive and predictive risk management paves the way

Compliance was once highly reactive, with measures only implemented in response to regulatory changes or identified breaches as they occurred.

This has changed significantly in the past few years, with MAS demonstrating a more proactive approach by adopting a dynamic, risk-focused mindset that influences both policies and daily operations. Compliance teams are now expected to be ahead of the game, anticipating emerging threats like new fraud schemes, evolving money laundering tactics, or even risks that come with new technologies and business partnerships.

For example, MAS collaborated with Infocomm Media Development Authority (IMDA) in October 2024 to implement a Shared Responsibility Framework (SRF) for phishing scams. With effect from December 2024, this framework assigned duties to financial institutions (FIs) and telecommunication companies (Telcos) to mitigate phishing attacks. The framework also established expectations of payouts to affected scam victims should the FIs and telcos fall short of their duties.

More recently in April 2025, MAS’s Cyber and Technology Resilience Experts (CTREX) Panel organised a two-day event to propose methods to enhance technology resilience and counter third-party risks, quantum security, and digital financial scams. CTREX also invited technology professionals from the financial industry to participate in the event.

Both examples serve to highlight MAS’s foresighted approach to risk management, structuring measures and guidelines in anticipation of potential threats instead of reacting to threats after they’ve occurred.

2. Build deeply embedded and sophisticated AML/CFT frameworks

AML/CFT measures have extended far beyond basic Know Your Customer (KYC) checks and transaction monitoring. Now, you’re required to build comprehensive and adaptive frameworks into your operations.

Under Notices PSN01 and PSN02, all PSPs are required to have a granular understanding of their customers’ sources of wealth and funds, alongside a detailed verification process in place to identify them. In addition to this, you must implement agile sanctions screening processes that react swiftly to geopolitical shifts, along with robust procedures to manage correspondent relationships and cross-border transaction risks.

Moreover, you’re expected to continuously monitor and review your customer risk profiles, weeding out any potential threats as necessary.

3. Construct robust technology risk management (TRM) and cybersecurity resilience

In the past, IT security was often seen as a separate concern from core compliance, but MAS now considers it to be a vital part of PSPs’ compliance systems. This shift is largely because technology underwrites most payment services today, leading MAS to connect technology risk with compliance.

In this regard, you must integrate MAS’s TRM guidelines into your risk management framework, where you should proactively gather cyber threat intelligence and manage vulnerabilities. Since you handle sensitive customer data, you must also align your data governance and protection measures with the Personal Data Protection Act (PDPA).

Furthermore, you need to be thorough in your third-party risk management, especially for critical services like cloud providers that handle sensitive data and customer information. To ensure the recoverability of your systems, you should also make it a point to regularly test your business continuity and disaster recovery plans.

4. Focus on consumer protection and fair dealing

With MAS focusing more on building and maintaining consumer trust, simply providing basic disclosures and handling complaints the usual way just won’t cut it anymore. As a PSP, you’re now expected to treat your customers fairly and be transparent about how your business operates.

This information must be presented clearly and concisely, covering fees, risks (particularly for complex products like DPTs), and your terms of service. MAS stresses the importance of being careful with your marketing materials, ensuring they’re not misleading and are suitable for your target audience. This is especially crucial for DPT service providers, as MAS restricts them from publicly advertising their services to retail investors.

Beyond being fair and transparent, MAS also expects you to establish strong measures for segregating and safeguarding your customers’ funds. You must also have effective resolution mechanisms to swiftly resolve disputes.

5. Create a pervasive culture of compliance in your business

As much as possible, you should weave compliance into the fabric of your organisation. This all begins with setting the right tone from the top, ensuring senior management and the Board take clear responsibility for compliance. You could also supply your compliance team with adequate resources, including a proper budget and skilled personnel that match the scale and complexity of your business. You should ideally appoint a dedicated Compliance Officer as well, who should be given enough independence, authority, and access to management and the Board to do their job effectively.

Since compliance is now the lifeblood of your business, it’s important to involve the rest of your staff. Beyond providing them with regular and customised compliance training, you also need to create a safe environment where they feel comfortable raising concerns without fear of reprisal.

The enabling role of RegTech

Sounds like a lot to take in and implement? It certainly is.

In recognition that meeting these expectations manually has become increasingly untenable, MAS encourages you to adopt regulatory technology (RegTech).

Defined as the use of technology to streamline risk management and regulatory compliance in financial institutions, RegTech is poised to enhance compliance through:

• Automated KYC and onboarding

• Sophisticated transaction monitoring tools

• AI-powered risk analytics

• Automated regulatory reporting

• Streamlined audit trails

• Digital compliance management platforms

As a PSP licensee in Singapore, it’s beneficial for you to evaluate and strategically implement RegTech solutions that address your specific risk profile and operational needs. Don't view it as just a cost; instead, see it as an investment to improve your organisation’s resilience and efficiency.

Comply with MAS the smart way with Eastern Mezzanine

It’s clear that under MAS’s guidance, compliance has evolved into a dynamic, intelligent, and integrated function that actively manages risk and protects consumers.

While RegTech is available to simplify your compliance function, navigating the payments regulatory landscape and aligning yourself with all relevant regulations can still be confusing.

Make things even simpler for your business by partnering with Eastern Mezzanine. Our team of highly specialised legal counsels is equipped with deep expertise in payment services, able to provide crucial insights, navigate nuances, and ensure your framework is robust and future-proof.

Talk to us today to find out how we can take care of your compliance needs.