Singapore, located in the heart of Asia and once a preferred destination for global Web3 entrepreneurs due to its combination of open and prudent financial policies, is now experiencing an unprecedented regulatory upheaval.
On 30 May 2025, the Monetary Authority of Singapore (MAS) officially released a regulatory response document for digital token service providers (DTSPs), marking the full entry into force of the new rules on 30 June. Not only did the policy have no transition period, but it also ended the "Singapore model" that was once considered a crypto safe haven almost overnight with "extremely limited licensing standards" and "criminal liability" as the bottom line.
Let us take a look at the eight key points under the new regulations.
The core content of the new regulations: before the end of the month, obtain a license or stop the service
The Monetary Authority of Singapore (MAS) released a document on May 30, 2025, officially establishing new regulations for Digital Token Service Providers (DTSP). The core of the regulations is to impose licensing obligations on all individuals or institutions with a business presence in Singapore that provide digital token services to overseas clients, under Section 137 of the Financial Services and Markets Act (FSM Act).
MAS clearly stated that regardless of whether the service target is a local customer in Singapore, as long as the service is conducted at any "business premises" in Singapore, a DTSP license must be obtained; otherwise, it will be considered illegal operation. Previously, if the service target was an overseas customer, companies registered in Singapore did not need to obtain a license.
More severely, the MAS refused to establish any transition period in this document. All entities subject to the new rules must either obtain a DTSP license or cease all digital token service operations altogether by June 30, 2025. According to MAS, licensing applications will only be approved in "very limited circumstances", meaning that the vast majority of service providers are not in a position to continue operating in Singapore. Failure to comply with the licensing requirements will result in a criminal offence and will result in severe penalties under the FSM Act.
Which companies will be affected?
The ones most affected by the new MAS regulations will be those Web3 companies that do not hold a DTSP license but have a physical presence, office, or core team members in Singapore, especially the following two types of institutions:
International cryptocurrency institutions headquartered or primarily operating in Singapore, especially exchanges that previously used Singapore as a hub for the Asia-Pacific region, may still touch regulatory red lines if certain service modules have not received DTSP approval.
A Web3 company registered in Singapore but serving global users, an unlicensed DEX, wallet, and cross-chain protocol development team: projects with Singapore as their legal registration location but targeting overseas markets, such as some DeFi protocols, NFT platforms, and blockchain game development teams.
For example, if the technical backbone team of a decentralized trading platform (a certain Uniswap fork project) or a cross-chain bridge team is based in Singapore, even if targeting global users, it will be subject to compliance risk if it has not obtained the necessary licenses.
How do I get a DTSP license? Is it hard?
The application threshold for the DTSP (Digital Token Service Provider) license is extremely high. MAS has clearly stated in its latest response document that the license will only be granted "under extremely limited circumstances." In other words, obtaining the license is not an open, routine administrative process, but rather a special approval based on prudent regulatory logic.
First of all, the applicant must demonstrate that it has a sound anti-money laundering and counter-terrorist financing (AML/CFT) control system, including customer due diligence (CDD) process, suspicious transaction reporting mechanism, technical and cyber security protection, due diligence process when cooperating with third parties to conduct business, IT system risk control and cybersecurity measures (to meet the minimum cybersecurity requirements set out in the FSM-N3 1 Notice), internal compliance structure (including the arrangement of key personnel such as compliance officers and risk control officers), etc.
MAS has systematic assessment requirements for the applicant's compliance capability, business transparency, risk control mechanisms, and personnel qualifications. In particular, DTSP license holders will face regulatory intensity comparable to or even higher than that of traditional financial institutions in terms of customer identity verification, transaction tracking, and data retention.
Therefore, it can be clearly stated that the DTSP license is not only "difficult to obtain," but also a licensing system that, in terms of policy logic, "does not encourage widespread issuance." The regulatory goal of MAS is not to help more crypto service providers comply and establish themselves, but to actively filter out high-risk entities, thereby minimizing the reputational and systemic financial risks borne by Singapore due to Web3 activities.
Telecommuters: It is possible to work remotely for foreign companies, but there are still risks
MAS's attitude towards remote workers is particularly rigorous and specific in the new DTSP regulations, and its core logic can be summarized in one sentence: as long as you are "physically in Singapore and doing business overseas," you may trigger licensing obligations, even if you are working from home.
The MAS clarifies that any individual who engages in digital token services (DT services) at a "place of business" in Singapore and provides overseas customers is required to apply for a DTSP licence under section 137 of the Financial Services and Markets Act. The definition of "place of business" here is very broad and may include not only a formal office, but also a coworking space or even a home office. This means that remote workers are not automatically exempt from regulatory obligations.
However, MAS has established exceptions for a certain group of people—if an individual is employed by a foreign-registered company that only targets foreign users, and their work activities are part of that employment relationship, such as remote coding or handling operational support tasks, then the employee's work itself is not considered illegal and does not trigger licensing obligations. It is important to note that this exemption applies only to formal "employees" and not to individuals who do not have an employment contract, such as independent consultants, contractors, or company founders.
However, in practice, there is still a significant amount of discretion. For example, MAS has not clearly defined whether "employees" include project founders, stakeholders, or co-founders; nor has it specified whether certain responsibilities can be outsourced without affecting compliance status. In addition, if remote workers engage in business negotiations, visit clients, or use shared office spaces in Singapore, it is also unclear whether these activities can be deemed as providing DT services in Singapore, thus falling under regulatory scope.
Therefore, for remote workers in Singapore, relying solely on the "not working in the domestic market" aspect is no longer sufficient for compliance assurance. The MAS's position is very clear: as long as an individual is physically present in Singapore and their work involves digital token services directed at overseas markets, it may be deemed illegal operation, unless it meets extremely strict exception criteria.
Due diligence regulations are stricter.
In the regulatory framework released by MAS, the provisions regarding Customer Due Diligence (CDD) are highly rigorous. MAS requires all individuals or institutions applying for and holding a DTSP license to establish a comprehensive CDD system to address the prevalent risks of money laundering and terrorist financing (ML/TF) in digital token services.
MAS did not set a uniform deadline for completing CDD in FSM-N 27 notice, but clearly stated that the completion deadline will be determined "as appropriate" based on the specific circumstances of each applicant at the time of licensing. Assessment factors include the client's risk profile, the complexity of the business model, and the institution's own compliance capabilities.
In facing the potential upcoming CDD revision requirements, MAS will not uniformly stipulate the circumstances under which all licensees must update their existing customer information. Instead, MAS requires DTSP to establish an internal assessment mechanism to determine based on actual business and revision content whether it is necessary to conduct due diligence again.
In addition, MAS specifically emphasizes that DTSPs must conduct adequate due diligence on a third party when choosing whether to rely on that third party to complete CDD work. Specifically, institutions should establish an internal review process to assess whether a third party is capable of fulfilling its AML/CFT responsibilities. It is important to note that MAS does not allow payment service providers licensed in other countries or financial institutions under the supervision of foreign regulators to be automatically included in the scope of "third parties" that can be relied upon.
Report capital-related events within five days, and hacker-related events within one hour.
According to the relevant notice issued by MAS, DTSP licensees must comply with two key regulations regarding reporting obligations, which pertain to the reporting of suspicious activities/fraud incidents (FSM-N 28) and the urgent notification of significant incidents (FSM-N 30):
First, the FSM-N 28 Circular requires that fraud or suspicious activity must be reported to the MAS within five working days if the incident is found to have a material impact on the licensee's safety, soundness or reputation (MAS does not provide a uniform definition of what constitutes a suspicious activity or fraudulent event at the discretion of the company). If the matter is still under investigation, the report states the current status of the investigation, and MAS reserves the right to request additional information.
Secondly, the FSM-N3 0 notification stipulates that for significant incidents occurring in areas such as technical systems, network security, and data breaches, especially those that may trigger industry chain reactions or public confidence crises, license holders must submit a preliminary notification within one hour. MAS pointed out that the purpose of this requirement is to allow regulatory authorities time to assess the potential impact of the incident on the entire market.
In summary: The reporting deadline for fraud and suspicious behavior is five working days, and major cybersecurity incidents must be reported within one hour.
What licensed companies can you fully trust?
According to information released by the Monetary Authority of Singapore (MAS) as of June 5, 2025, the number of companies that have obtained a Digital Token Service Provider (DTSP) license is extremely limited, and they are basically well-known large companies.
Among them, known licensed (including holding digital currency payment licenses) include Anchorage Digital Singapore, BitGo Singapore, Blockchain.com (Singapore), Bsquared Technology, Circle Internet Singapore, Coinbase Singapore, DBS Vickers Securities (Singapore), OKX, Paxos, Ripple, as well as well-known institutions such as HashKey and GSR.
In addition, some companies are exempt under the Payment Services Act (PS Act), the Securities and Futures Act (SFA), or the Financial Advisors Act (FAA), allowing them to provide relevant services without the need to apply for a DTSP license. Such exemptions usually apply to institutions that are already licensed and regulated in other financial service areas.
This move is for Singapore's "financial reputation".
One of the core starting points of this new regulation is the Monetary Authority of Singapore's (MAS) high regard for the country's "financial reputation." In its response document, MAS emphasized multiple times that due to the strong cross-border attributes and internet characteristics of Digital Token Services (DT Services), their anonymity and borderless nature make them more susceptible to being used for illegal activities such as money laundering, terrorist financing, and fraud. Although many DTSPs do not serve clients within Singapore, once these companies are registered or operate from Singapore, any issues that arise will inevitably subject Singapore to global public opinion and regulatory repercussions.
As such, MAS emphasises that its regulatory objective is not just to curb individual violations, but to prevent any potential risks from having a systemic impact on the reputation of Singapore's financial system. In MAS's view, the biggest risk to Singapore from DTSPs is not their direct penetration into the local financial system, but that if these institutions are abused, Singapore may be seen as a "springboard" jurisdiction for connivance or poor regulation, which will seriously undermine its credibility and regulatory credibility as a global financial center.
It can be said that this is a "zero tolerance" preventive regulatory mindset: it is better to give up tolerance for high-risk innovations than to sacrifice national reputation. From this perspective, MAS's move is not only about technical compliance but also a strategic defense of the "regulatory reputation red line."
View Original
The content is for reference only, not a solicitation or offer. No investment, tax, or legal advice provided. See Disclaimer for more risks disclosure.
All unregistered encryption companies must withdraw from Singapore by the end of the month, with no transition period!
Written by: jk, Odaily
Singapore, located in the heart of Asia and once a preferred destination for global Web3 entrepreneurs due to its combination of open and prudent financial policies, is now experiencing an unprecedented regulatory upheaval.
On 30 May 2025, the Monetary Authority of Singapore (MAS) officially released a regulatory response document for digital token service providers (DTSPs), marking the full entry into force of the new rules on 30 June. Not only did the policy have no transition period, but it also ended the "Singapore model" that was once considered a crypto safe haven almost overnight with "extremely limited licensing standards" and "criminal liability" as the bottom line.
Let us take a look at the eight key points under the new regulations.
The Monetary Authority of Singapore (MAS) released a document on May 30, 2025, officially establishing new regulations for Digital Token Service Providers (DTSP). The core of the regulations is to impose licensing obligations on all individuals or institutions with a business presence in Singapore that provide digital token services to overseas clients, under Section 137 of the Financial Services and Markets Act (FSM Act).
MAS clearly stated that regardless of whether the service target is a local customer in Singapore, as long as the service is conducted at any "business premises" in Singapore, a DTSP license must be obtained; otherwise, it will be considered illegal operation. Previously, if the service target was an overseas customer, companies registered in Singapore did not need to obtain a license.
More severely, the MAS refused to establish any transition period in this document. All entities subject to the new rules must either obtain a DTSP license or cease all digital token service operations altogether by June 30, 2025. According to MAS, licensing applications will only be approved in "very limited circumstances", meaning that the vast majority of service providers are not in a position to continue operating in Singapore. Failure to comply with the licensing requirements will result in a criminal offence and will result in severe penalties under the FSM Act.
The ones most affected by the new MAS regulations will be those Web3 companies that do not hold a DTSP license but have a physical presence, office, or core team members in Singapore, especially the following two types of institutions:
International cryptocurrency institutions headquartered or primarily operating in Singapore, especially exchanges that previously used Singapore as a hub for the Asia-Pacific region, may still touch regulatory red lines if certain service modules have not received DTSP approval.
A Web3 company registered in Singapore but serving global users, an unlicensed DEX, wallet, and cross-chain protocol development team: projects with Singapore as their legal registration location but targeting overseas markets, such as some DeFi protocols, NFT platforms, and blockchain game development teams.
For example, if the technical backbone team of a decentralized trading platform (a certain Uniswap fork project) or a cross-chain bridge team is based in Singapore, even if targeting global users, it will be subject to compliance risk if it has not obtained the necessary licenses.
The application threshold for the DTSP (Digital Token Service Provider) license is extremely high. MAS has clearly stated in its latest response document that the license will only be granted "under extremely limited circumstances." In other words, obtaining the license is not an open, routine administrative process, but rather a special approval based on prudent regulatory logic.
First of all, the applicant must demonstrate that it has a sound anti-money laundering and counter-terrorist financing (AML/CFT) control system, including customer due diligence (CDD) process, suspicious transaction reporting mechanism, technical and cyber security protection, due diligence process when cooperating with third parties to conduct business, IT system risk control and cybersecurity measures (to meet the minimum cybersecurity requirements set out in the FSM-N3 1 Notice), internal compliance structure (including the arrangement of key personnel such as compliance officers and risk control officers), etc.
MAS has systematic assessment requirements for the applicant's compliance capability, business transparency, risk control mechanisms, and personnel qualifications. In particular, DTSP license holders will face regulatory intensity comparable to or even higher than that of traditional financial institutions in terms of customer identity verification, transaction tracking, and data retention.
Therefore, it can be clearly stated that the DTSP license is not only "difficult to obtain," but also a licensing system that, in terms of policy logic, "does not encourage widespread issuance." The regulatory goal of MAS is not to help more crypto service providers comply and establish themselves, but to actively filter out high-risk entities, thereby minimizing the reputational and systemic financial risks borne by Singapore due to Web3 activities.
MAS's attitude towards remote workers is particularly rigorous and specific in the new DTSP regulations, and its core logic can be summarized in one sentence: as long as you are "physically in Singapore and doing business overseas," you may trigger licensing obligations, even if you are working from home.
The MAS clarifies that any individual who engages in digital token services (DT services) at a "place of business" in Singapore and provides overseas customers is required to apply for a DTSP licence under section 137 of the Financial Services and Markets Act. The definition of "place of business" here is very broad and may include not only a formal office, but also a coworking space or even a home office. This means that remote workers are not automatically exempt from regulatory obligations.
However, MAS has established exceptions for a certain group of people—if an individual is employed by a foreign-registered company that only targets foreign users, and their work activities are part of that employment relationship, such as remote coding or handling operational support tasks, then the employee's work itself is not considered illegal and does not trigger licensing obligations. It is important to note that this exemption applies only to formal "employees" and not to individuals who do not have an employment contract, such as independent consultants, contractors, or company founders.
However, in practice, there is still a significant amount of discretion. For example, MAS has not clearly defined whether "employees" include project founders, stakeholders, or co-founders; nor has it specified whether certain responsibilities can be outsourced without affecting compliance status. In addition, if remote workers engage in business negotiations, visit clients, or use shared office spaces in Singapore, it is also unclear whether these activities can be deemed as providing DT services in Singapore, thus falling under regulatory scope.
Therefore, for remote workers in Singapore, relying solely on the "not working in the domestic market" aspect is no longer sufficient for compliance assurance. The MAS's position is very clear: as long as an individual is physically present in Singapore and their work involves digital token services directed at overseas markets, it may be deemed illegal operation, unless it meets extremely strict exception criteria.
In the regulatory framework released by MAS, the provisions regarding Customer Due Diligence (CDD) are highly rigorous. MAS requires all individuals or institutions applying for and holding a DTSP license to establish a comprehensive CDD system to address the prevalent risks of money laundering and terrorist financing (ML/TF) in digital token services.
MAS did not set a uniform deadline for completing CDD in FSM-N 27 notice, but clearly stated that the completion deadline will be determined "as appropriate" based on the specific circumstances of each applicant at the time of licensing. Assessment factors include the client's risk profile, the complexity of the business model, and the institution's own compliance capabilities.
In facing the potential upcoming CDD revision requirements, MAS will not uniformly stipulate the circumstances under which all licensees must update their existing customer information. Instead, MAS requires DTSP to establish an internal assessment mechanism to determine based on actual business and revision content whether it is necessary to conduct due diligence again.
In addition, MAS specifically emphasizes that DTSPs must conduct adequate due diligence on a third party when choosing whether to rely on that third party to complete CDD work. Specifically, institutions should establish an internal review process to assess whether a third party is capable of fulfilling its AML/CFT responsibilities. It is important to note that MAS does not allow payment service providers licensed in other countries or financial institutions under the supervision of foreign regulators to be automatically included in the scope of "third parties" that can be relied upon.
According to the relevant notice issued by MAS, DTSP licensees must comply with two key regulations regarding reporting obligations, which pertain to the reporting of suspicious activities/fraud incidents (FSM-N 28) and the urgent notification of significant incidents (FSM-N 30):
First, the FSM-N 28 Circular requires that fraud or suspicious activity must be reported to the MAS within five working days if the incident is found to have a material impact on the licensee's safety, soundness or reputation (MAS does not provide a uniform definition of what constitutes a suspicious activity or fraudulent event at the discretion of the company). If the matter is still under investigation, the report states the current status of the investigation, and MAS reserves the right to request additional information.
Secondly, the FSM-N3 0 notification stipulates that for significant incidents occurring in areas such as technical systems, network security, and data breaches, especially those that may trigger industry chain reactions or public confidence crises, license holders must submit a preliminary notification within one hour. MAS pointed out that the purpose of this requirement is to allow regulatory authorities time to assess the potential impact of the incident on the entire market.
In summary: The reporting deadline for fraud and suspicious behavior is five working days, and major cybersecurity incidents must be reported within one hour.
According to information released by the Monetary Authority of Singapore (MAS) as of June 5, 2025, the number of companies that have obtained a Digital Token Service Provider (DTSP) license is extremely limited, and they are basically well-known large companies.
Among them, known licensed (including holding digital currency payment licenses) include Anchorage Digital Singapore, BitGo Singapore, Blockchain.com (Singapore), Bsquared Technology, Circle Internet Singapore, Coinbase Singapore, DBS Vickers Securities (Singapore), OKX, Paxos, Ripple, as well as well-known institutions such as HashKey and GSR.
In addition, some companies are exempt under the Payment Services Act (PS Act), the Securities and Futures Act (SFA), or the Financial Advisors Act (FAA), allowing them to provide relevant services without the need to apply for a DTSP license. Such exemptions usually apply to institutions that are already licensed and regulated in other financial service areas.
One of the core starting points of this new regulation is the Monetary Authority of Singapore's (MAS) high regard for the country's "financial reputation." In its response document, MAS emphasized multiple times that due to the strong cross-border attributes and internet characteristics of Digital Token Services (DT Services), their anonymity and borderless nature make them more susceptible to being used for illegal activities such as money laundering, terrorist financing, and fraud. Although many DTSPs do not serve clients within Singapore, once these companies are registered or operate from Singapore, any issues that arise will inevitably subject Singapore to global public opinion and regulatory repercussions.
As such, MAS emphasises that its regulatory objective is not just to curb individual violations, but to prevent any potential risks from having a systemic impact on the reputation of Singapore's financial system. In MAS's view, the biggest risk to Singapore from DTSPs is not their direct penetration into the local financial system, but that if these institutions are abused, Singapore may be seen as a "springboard" jurisdiction for connivance or poor regulation, which will seriously undermine its credibility and regulatory credibility as a global financial center.
It can be said that this is a "zero tolerance" preventive regulatory mindset: it is better to give up tolerance for high-risk innovations than to sacrifice national reputation. From this perspective, MAS's move is not only about technical compliance but also a strategic defense of the "regulatory reputation red line."