Cryptocurrency License Singapore Guide: What It Means, How to Evaluate It, and What to Avoid

Singapore has emerged as one of the world's leading hubs for cryptocurrency and digital asset businesses, thanks to its clear regulatory framework and proactive oversight by the Monetary Authority of Singapore (MAS). However, obtaining a cryptocurrency license in Singapore is a rigorous, resource-intensive process that demands a deep understanding of the regulatory landscape. This guide explains what a crypto license in Singapore actually means, how the licensing framework works, what it takes to get approved — and the critical pitfalls that can derail your application or result in enforcement action.

Updated: July 19, 2026 • Reading time: ~14 min

🏛️ What a "Crypto License" in Singapore Actually Means

There is no standalone license in Singapore called a "crypto license." Instead, cryptocurrency businesses are regulated under the Payment Services Act (PSA), and must obtain a license to provide Digital Payment Token (DPT) services[reference:0]. This distinction is important: you are not being licensed as a "crypto company" — you are being licensed to perform specific regulated payment services involving digital assets[reference:1].

The PSA came into effect in January 2020 and has since become the foundation of Singapore's crypto regulatory framework[reference:2][reference:3]. Under this act, DPT services — which include buying, selling, facilitating exchange, transmitting, and custody of cryptocurrencies — are regulated activities[reference:4][reference:5].

In addition to the PSA, the Financial Services and Markets Act (FSMA) 2022 expanded the regulatory perimeter to cover Digital Token Service Providers (DTSPs) — entities based in Singapore that provide digital token services, including to customers outside Singapore[reference:6][reference:7]. From 30 June 2025, DTSPs serving overseas customers must also obtain a license[reference:8][reference:9].

📌 Key insight: The "crypto license" in Singapore is essentially a PSA license that covers DPT-related activities. The term is a shorthand — not a formal license category[reference:10].

📜 The Regulatory Framework: PSA & FSMA

Singapore's approach to cryptocurrency regulation is built on two primary legislative pillars:

The Payment Services Act (PSA) 2019

The PSA is the primary law governing payment services in Singapore, including DPT services. It requires any person carrying on a business of providing a payment service in Singapore to be licensed or exempt[reference:11]. DPT services are defined as:

The PSA also covers custody services for DPT service providers[reference:15]. The regime has been progressively tightened between 2024 and 2026, with enhanced consumer-protection rules, segregation of customer assets, restrictions on lending and staking of retail customers' tokens, and a dedicated framework for single-currency stablecoins[reference:16].

The Financial Services and Markets Act (FSMA) 2022

The FSMA extended regulatory oversight to Digital Token Service Providers (DTSPs) — entities that provide digital token services from a place of business in Singapore, including those serving only overseas clients[reference:17][reference:18]. From 30 June 2025, DTSPs must be licensed under the PSA, Securities and Futures Act, or Financial Advisers Act[reference:19]. MAS has confirmed there will be no transitional period; all in-scope DTSPs were required to suspend or cease operations by June 30 unless licensed[reference:20].

⚠️ Important: MAS has set the bar high for licensing and will generally not issue a license if the money laundering risks are higher or if substantive regulated activity is outside Singapore, making effective supervision impossible[reference:21][reference:22].

📋 License Types: SPI, MPI, and DTSP

Under the PSA, there are two main license types for DPT service providers, determined by the volume and scale of your operations[reference:23]:

Standard Payment Institution (SPI)

An SPI license is for businesses with lower transaction volumes. It requires base capital of S$100,000[reference:24][reference:25]. This is typically suitable for smaller crypto businesses or those in the early stages of operations.

Major Payment Institution (MPI)

An MPI license is for larger-scale operations that exceed the transaction volume thresholds for an SPI. It requires base capital of S$250,000 and additional safeguards for customer assets[reference:26][reference:27]. Most crypto exchanges and larger platforms require an MPI license. The MPI license covers buying and selling of Bitcoin, Ethereum, and other MAS-recognized digital payment tokens; crypto exchange operations; and digital asset OTC services[reference:28].

Digital Token Service Provider (DTSP) License

Under the FSMA, DTSPs providing digital token services from Singapore — including to overseas customers — must obtain a license[reference:29]. Existing PSA licensees providing DPT services are exempt from the DTSP license requirement[reference:30]. MAS has indicated it will generally not issue licenses under the DTSP framework, as the operating models carry inherently higher risks[reference:31].

📌 Note: A licensee must apply to vary its licence if it intends to add or remove a payment service or change its licence type (e.g., from SPI to MPI)[reference:32].

📝 The Application Process: What to Expect

The MAS licensing process for DPT service providers is a structured, rigorous assessment of operational readiness — not merely a filing exercise[reference:33]. MAS evaluates whether your business is fully prepared to operate as a regulated financial institution, and approval is only granted when that readiness is demonstrated[reference:34].

The 12-Step Pathway

A typical DPT license application follows a structured pathway, often described as a 12-step process[reference:35]:

  1. Confirm licensing obligation — Determine whether your activities fall within the scope of DPT services[reference:36].
  2. Define business model and regulated activities — Map how users interact, how transactions execute, and where funds move[reference:37].
  3. Incorporate the company — Set up a Singapore-incorporated company with a physical office[reference:38].
  4. Appoint key officers — A resident executive director, a compliance officer, and a money-laundering reporting officer[reference:39].
  5. Build the AML/CFT framework — Develop robust anti-money laundering and counter-terrorism financing controls[reference:40].
  6. Establish technology-risk management — Implement institutional-grade cybersecurity and incident response[reference:41].
  7. Design customer-asset safeguarding — Segregate customer assets and hold them on trust[reference:42].
  8. Prepare the application — Compile a business plan, financial projections, risk assessment, and up to 50+ supporting documents[reference:43][reference:44].
  9. Submit via MAS e-licensing portal — Submit Form 1 through the MAS portal[reference:45][reference:46].
  10. Respond to MAS queries — MAS commonly issues two to three rounds of written queries[reference:47].
  11. Complete pre-licensing assessment — May include an external audit of controls[reference:48].
  12. Receive final approval — If all requirements are met, the license is granted.
⚠️ Critical principle: MAS does not approve applications — it approves operational readiness. The distinction matters: MAS is not evaluating whether you have completed a form; it is assessing whether your business can safely, compliantly, and sustainably operate as a regulated financial institution[reference:49].

🔑 Key Requirements for Approval

DPT applicants face the highest level of scrutiny among payment activities, given money-laundering, terrorism-financing, and consumer-protection risks[reference:50]. The key requirements include:

Corporate and Governance Requirements

Financial Requirements

Compliance and Risk Management

📌 Key principle: MAS regulates based on what your business does — not what it calls itself[reference:63]. Even non-custodial, API-based, or decentralized platforms may fall within the regulatory perimeter if they facilitate transactions or enable trading[reference:64].

💰 Costs and Timeline

Obtaining a MAS crypto license is a significant financial commitment. The costs go far beyond the application fee.

Application Fees (Payable to MAS)

Professional and Compliance Costs

Timeline

The review process for DPT applicants is among the longest — frequently 9 to 18 months from a complete submission[reference:70]. A realistic end-to-end timeline is 9 to 14 months from filing to approval, with MAS commonly issuing two to three rounds of written queries[reference:71]. For a well-prepared applicant, the total timeline may be 6 to 9+ months[reference:72].

⚠️ Budget realistically: The total cost of preparing a compliant application — including legal advice, compliance frameworks, and independent assessments — typically runs S$80,000 to S$250,000. This is in addition to base capital requirements[reference:73].

📰 Recent Developments and Enforcement

Singapore's crypto licensing landscape is dynamic, with ongoing applications, new approvals, and significant enforcement actions.

License Applications and Approvals

To date, Singapore has received over 480 crypto service license applications under the Payment Services Act[reference:74][reference:75]. Of these, around 170 applicants — or 35% — have applied to provide DPT services[reference:76]. Thirty DPT applications were withdrawn following engagement with MAS, and two were rejected[reference:77]. As of mid-2026, MAS has licensed 37 entities to provide DPT services[reference:78].

In July 2026, Cumberland SG Pte. Ltd. received a full MAS MPI license to provide Digital Payment Token Services and Cross-Border Money Transfer Services. This followed an in-principle approval received in March 2025. Other licensed MPI firms include Anchorage Digital Singapore, Bitstamp Asia, and Coinbase Singapore[reference:82].

Enforcement Actions

In May 2026, MAS revoked the MPI license of Bsquared Technology (BSQ) — just 16 months after it was granted[reference:83][reference:84]. The revocation followed findings of "serious breaches" including:

The case underscores that obtaining a license is not the end of compliance — ongoing governance, transparency, and risk controls are essential[reference:89]. MAS has also added platforms like Bybit and Hyperliquid to its Investor Alert List for operating without proper licensing[reference:90][reference:91].

⚠️ Enforcement trend: MAS has increasingly applied licensing and compliance expectations across the crypto sector. In May 2025, MAS ordered crypto companies serving overseas customers to either obtain licenses or cease operations[reference:92]. The regulator has made clear that there will be no transitional arrangements for firms operating abroad without approval[reference:93].

📋 Comparison: SPI vs. MPI vs. DTSP

Feature SPI (Standard Payment Institution) MPI (Major Payment Institution) DTSP (Digital Token Service Provider)
Primary Legislation Payment Services Act (PSA) Payment Services Act (PSA) Financial Services and Markets Act (FSMA)
Base Capital S$100,000[reference:94] S$250,000[reference:95] Varies (generally higher standards)
Application Fee S$1,500[reference:96] S$1,500 – S$10,000[reference:97] As prescribed under FSMA
Typical Applicant Smaller crypto businesses, early-stage operations Exchanges, OTC desks, larger platforms[reference:98] Entities serving overseas clients from Singapore[reference:99]
Customer Asset Safeguarding Required Enhanced requirements[reference:100] Required
Exemption from DTSP Yes (if PSA-licensed for DPT)[reference:101] Yes (if PSA-licensed for DPT)[reference:102] N/A

This table reflects general principles. Specific requirements may vary based on the nature and scale of your business activities. Always verify current requirements with MAS or a qualified legal advisor.

Application Readiness Checklist

Before submitting your MAS crypto license application, ensure you have completed the following:

  • Confirm your licensing obligation — Map your activities against the DPT service definitions under the PSA.
  • Incorporate a Singapore company — With a permanent place of business and resident director.
  • Appoint key officers — Resident executive director, compliance officer, and money-laundering reporting officer.
  • Fund base capital — S$100,000 (SPI) or S$250,000 (MPI) held with MAS.
  • Build AML/CFT framework — Including customer due diligence, transaction monitoring, and travel rule compliance.
  • Establish technology-risk management — Cybersecurity controls, wallet management, and incident response.
  • Design customer-asset safeguarding — Segregate customer assets and hold them on trust.
  • Prepare business plan and financial projections — With clear fund flow diagrams.
  • Compile supporting documents — Up to 50+ documents across all categories.
  • Submit via MAS e-licensing portal — With Form 1 and all required attachments.
  • Prepare for MAS queries — Expect multiple rounds of written questions.
  • Plan for ongoing compliance — Annual audits, reporting, and regulatory updates.

🧩 Example Scenario

A Hypothetical Crypto Exchange Seeking an MPI License

Scenario: CryptoExchange Pte. Ltd. is a Singapore-incorporated company planning to operate a cryptocurrency exchange platform offering spot trading, OTC services, and custody for institutional and retail clients. The founders have prior experience in fintech and have secured initial funding.

Step 1: The company engages a legal and compliance advisory firm to map its activities against the PSA. They confirm that they require an MPI license due to the scale of their anticipated transaction volumes.

Step 2: They incorporate the company, appoint a resident executive director, a compliance officer, and a money-laundering reporting officer. They open a corporate bank account and fund the S$250,000 base capital requirement.

Step 3: The compliance team builds a comprehensive AML/CFT framework, including customer due diligence, transaction monitoring, and FATF travel rule compliance. They also develop a technology-risk management framework with penetration testing and incident response protocols.

Step 4: They submit the application through the MAS e-licensing portal, including a detailed business plan, financial projections, fund flow diagrams, and over 40 supporting documents.

Step 5: Over the next 12 months, MAS issues three rounds of written queries. The company responds promptly and engages in pre-licensing discussions. An external audit of their controls is conducted.

Outcome: After 14 months, MAS grants the MPI license. The company can now legally operate its exchange in Singapore. However, they must maintain ongoing compliance, submit regular reports, and adhere to MAS's restrictions on marketing to retail customers and providing leverage.

⚠️ Common Mistakes

1. Misunderstanding the Regulatory Scope

Assuming licensing is only required for exchanges or custodians. MAS regulates a broader range of activities, including facilitating transactions and enabling trading[reference:103].

2. Underestimating the Application Timeline

Expecting approval in a few months. The process frequently takes 9 to 18 months from a complete submission[reference:104].

3. Skimping on Compliance Build-Out

Treating AML/CFT and technology-risk frameworks as paperwork exercises. MAS requires operational, demonstrable controls — not theoretical promises[reference:105].

4. Failing to Appoint a Resident Director

Overlooking the requirement for at least one executive director resident in Singapore[reference:106].

5. Inadequate Fund Flow Documentation

Fund flow diagrams are among the most scrutinised documents. Ambiguities or gaps can significantly delay approval[reference:107].

6. Assuming License = End of Compliance

The Bsquared case demonstrates that ongoing governance, transparency, and risk controls are essential. Breaches can lead to revocation[reference:108][reference:109].

🚨 Risk Warning

Operating a cryptocurrency business without the required license carries significant legal and financial risk.

Under the Payment Services Act, providing DPT services without a license is a serious offense. MAS can impose hefty fines, pursue criminal liability, and order the cessation of operations[reference:110]. The regulator has also made clear that entities serving only overseas clients from Singapore must obtain a license or face enforcement action[reference:111][reference:112].

The licensing process itself is rigorous and resource-intensive. Applicants must demonstrate institutional-grade controls from day one, and approval is only granted when operational readiness is proven[reference:113]. The review process can take 9 to 18 months, and there is no guarantee of approval[reference:114].

This article is educational and informational only. It does not constitute legal, financial, or regulatory advice. Cryptocurrency licensing requirements in Singapore are complex and subject to change. You should consult a qualified legal professional with expertise in Singapore's financial services regulations before making any decisions about licensing or business operations.

Key risks include: legal penalties for unlicensed operations, significant financial investment in compliance with no guarantee of approval, ongoing compliance obligations, and the potential for license revocation if regulatory standards are not maintained.

Frequently Asked Questions

What is a cryptocurrency license in Singapore?

There is no standalone "crypto license" in Singapore. Instead, cryptocurrency businesses are regulated under the Payment Services Act (PSA) and must obtain a license to provide Digital Payment Token (DPT) services — either a Standard Payment Institution (SPI) or Major Payment Institution (MPI) license. Some entities may also require a Digital Token Service Provider (DTSP) license under the Financial Services and Markets Act (FSMA).[reference:115]

What activities require a MAS crypto license?

You likely need a license if your business buys or sells crypto (dealing in DPTs), operates a trading platform or exchange, facilitates crypto transactions between users, transfers digital assets on behalf of customers, or provides custody or wallet services for crypto assets. MAS regulates based on what your business does — not what it calls itself.[reference:116]

What is the difference between an SPI and an MPI license?

A Standard Payment Institution (SPI) license is for businesses with lower transaction volumes, requiring S$100,000 in base capital. A Major Payment Institution (MPI) license is for larger-scale operations, requiring S$250,000 in base capital and additional safeguards for customer assets. Most crypto exchanges and larger platforms require an MPI license.[reference:117]

How much does a MAS crypto license cost?

MAS application fees range from roughly S$1,000 to S$10,000 depending on the activities. However, the total cost of preparing a compliant application — including legal advice, compliance build-out, and independent assessments — typically runs S$80,000 to S$250,000. Annual compliance and audit costs add S$25,000 to S$60,000.[reference:118][reference:119]

How long does the MAS crypto license application take?

The review process for DPT applicants is among the longest, frequently taking 9 to 18 months from a complete submission. MAS commonly issues two to three rounds of written queries, and applicants should be prepared for a rigorous assessment of their operational readiness.[reference:120][reference:121]

What are the key requirements for a MAS crypto license?

Key requirements include: being a Singapore-incorporated company with a permanent place of business, at least one executive director resident in Singapore, base capital of S$100,000 (SPI) or S$250,000 (MPI), robust AML/CFT controls, technology risk management framework, segregation of customer assets, appointment of a compliance officer and money-laundering reporting officer, and adherence to MAS restrictions on marketing DPT services to the retail public.[reference:122][reference:123]

What happens if I operate a crypto business in Singapore without a license?

Operating without a required license is a serious offense under the Payment Services Act. MAS can impose hefty fines, pursue criminal liability, and order the cessation of operations. The regulator has also clarified that entities serving only overseas clients from Singapore must obtain a license or face enforcement action.[reference:124][reference:125]

What was the Bsquared case and what can we learn from it?

In May 2026, MAS revoked Bsquared Technology's MPI license — just 16 months after it was granted — due to serious breaches including false or misleading statements, significant weaknesses in risk management, and failures in conflict-of-interest policies. The case underscores that obtaining a license is not the end of compliance; ongoing governance, transparency, and risk controls are essential to maintain regulatory approval.[reference:126][reference:127][reference:128]