TAKEAWAYS
Singapore has emerged as a regional hub for digital finance, attracting virtual asset service providers (VASPs) seeking a regulatory environment that balances innovation and oversight. The Monetary Authority of Singapore (MAS), through its licensing and supervisory powers under the Payment Services Act 2019 (PSA), has implemented a comprehensive anti-money laundering, countering the financing of terrorism and countering the proliferation financing (AML/CFT) framework for persons that provide digital payment token (DPT)1 services in Singapore (also known as DPT service providers (DPTSPs)2). This article outlines the key regulatory requirements for VASPs, examines Singapore’s alignment with the Financial Action Task Force (FATF) standards, and discusses the implications for compliance and enforcement.
Virtual assets, such as cryptocurrencies and stablecoins, offer efficiency and innovation but pose unique risks to the financial system, particularly in the areas of money laundering, terrorism financing and proliferation financing (ML/TF). To mitigate these risks, jurisdictions around the world are increasingly imposing regulatory obligations on VASPs. Singapore is among the leading jurisdictions to have adopted such measures.
MAS has adopted a risk-based and internationally aligned approach to regulating DPTSPs, ensuring that innovation in the virtual asset space is matched by robust compliance requirements. Singapore’s framework integrates the principles of FATF and incorporates them into domestic law via PSA and its associated AML/CFT Notices and the Financial Services and Markets Act 2022.
Singapore regulates DPT services primarily through PSA, which came into force on 28 January 2020. PSA consolidates the regulation of payment systems and payment service providers, introducing a licensing regime that explicitly includes DPT services.
Under PSA, entities engaging in DPT services must obtain a payment licence. MAS Notice PSN02 Prevention of Money Laundering and Countering the Financing of Terrorism – Digital Payment Token Service sets out detailed AML/CFT obligations for licensees.3
Virtual assets pose several unique ML/TF risks due to their characteristics and the evolving nature of the virtual asset ecosystem. Understanding these risks is crucial for regulators, financial institutions, and professional services firms tasked with compliance oversight.
1) Anonymity and pseudonymity:
Many virtual assets, particularly cryptocurrencies like Bitcoin, allow users to transact without revealing their real-world identities. This pseudonymity can obscure the source or destination of funds, increasing the risk of misuse for money laundering, terrorist financing or proliferation financing.
2) Cross-border nature:
Virtual assets can be transferred across jurisdictions almost instantly and without the need for traditional intermediaries. This creates challenges for law enforcement and regulators, particularly when transactions involve jurisdictions with weak AML/CFT frameworks.
3) Layering and obfuscation:
Criminals can use techniques such as mixing services, tumblers, and privacy coins (example, Monero, Zcash) to obscure transaction trails and hinder forensic analysis.
4) Use of decentralised platforms:
Decentralised finance (DeFi) protocols and peer-to-peer platforms often operate without intermediaries or centralised control. This reduces the number of parties responsible for AML compliance and may allow illicit actors to exploit regulatory gaps.
5) Emerging technologies and other digital assets:
Digital assets, such as non-fungible tokens (NFTs), may be used for illicit purposes including the obfuscation of proceeds through digital collectibles or artworks.
To address these risks, MAS requires DPTSPs to implement robust risk assessments (including on the DPTs that they deal in), enhanced customer due diligence (CDD) measures for higher-risk customers, enhanced risk-mitigating measures for DPT transfers made to private/unregulated wallets and ongoing monitoring to detect suspicious activities. Industry players must also invest in adequate compliance resources, technologies (including blockchain analytics tools) and training to stay ahead of emerging threats. DPTSPs should not deal with United Nations (UN)-sanctioned persons, and should freeze assets of such persons, in accordance with the relevant regulations in Singapore. DPTSPs should also ensure that the filing of suspicious transaction reports (STRs) does not exceed five business days after suspicion was first established, unless the circumstances are exceptional or extraordinary; and, in cases involving sanctioned parties and parties acting on behalf/under the direction of sanctioned parties, no later than one business day after suspicion was first established.
Customer due diligence
CDD is a cornerstone of Singapore’s AML/CFT framework. As set out in MAS Notice PSN02, a DPTSP must perform CDD measures when:
CDD includes verifying the identity of customers and beneficial owners, understanding the nature of the business relationship, screening the customers and beneficial owners for compliance with Singapore’s counter-terrorism financing and proliferation financing laws and conducting ongoing monitoring. Enhanced CDD measures are required for higher-risk customers, such as politically exposed persons (PEPs) or customers presenting higher ML/TF risks (for example, customers from high-risk jurisdictions).
Risk-based approach
DPTSPs are required to adopt a risk-based approach to AML/CFT, with risk assessment as the starting point. This includes developing and implementing adequate internal policies, procedures, and controls, taking into consideration their risk exposure and meeting its obligations under the law.
Compliance with FATF Travel Rule
One of the most technically challenging aspects of virtual asset AML/CFT compliance is the “Travel Rule” within FATF Recommendation 16, which requires VASPs to transmit originator and beneficiary information when conducting transactions above certain thresholds.
MAS supports the implementation of the Travel Rule in Singapore, and has set out the requirements in MAS Notice PSN024. When dealing with private/unregulated wallets, DPTSPs should adopt enhanced risk-mitigating measures such as identifying and verifying the identities of the originator and beneficiary of the transfer (including requiring the customer to demonstrate control over the wallet address if the private/unregulated wallet address belongs to the customer), establishing the identity of the beneficial owners of the transfer beneficiary, and performing screening and enhanced monitoring over the transaction. MAS has urged industry players to adopt technological solutions that facilitate secure data transmission while ensuring compliance with personal data protection laws.
Recordkeeping requirements
MAS mandates that records relating to customer identity, transactions, and CDD measures must be retained for at least five years after the end of the business relationship or the date of the transaction.5
Recent developments
MAS has clarified that digital token (DT)6 service providers offering DT services solely to customers outside Singapore will need to be licensed from 30 June 2025. MAS has set the bar high for licensing and will generally not issue a licence. Without a licence, existing DT service providers serving only overseas customers will be required to cease these activities as the regime came into effect on 30 June 2025.
Relevance to accounting industry
The increasing institutionalisation of virtual assets has important implications for the accounting profession. Accountants, auditors, and financial advisors are increasingly called upon to navigate the complexities of virtual asset reporting, valuation, and regulatory compliance. For example, accounting firms may be engaged to assist VASPs in advising or designing AML/CFT frameworks. The AML/CFT rules implemented by MAS directly affect how accounting professionals interact with clients involved in the virtual asset space.
Singapore’s AML/CFT regime for virtual assets reflects a careful balance between enabling innovation and mitigating financial crime risks. Through PSA and MAS-issued guidance, DPTSPs operating in Singapore must comply with stringent AML/CFT obligations that align with global standards.
Firms looking to enter the Singapore market must invest in compliance capabilities, risk governance, and regulatory technology to meet these requirements. As the international regulatory environment continues to evolve, Singapore’s approach is likely to remain a model for jurisdictions seeking both flexibility and rigour in virtual asset oversight.
Lisa Ooi is a member of the ISCA Ethics Committee (EC). ISCA EC develops the ISCA Code of Professional Conduct and Ethics by adopting the International Code of Ethics for Professional Accountants issued by the International Ethics Standards Board for Accountants (IESBA), with local adaptations as are necessary to serve the public interest in Singapore, and to conform with Singapore’s regulatory environment and statutory requirements.
1 DPTs, together with digital capital market product tokens, refer to virtual assets as defined in the FATF standards. Entities that conduct regulated activities in relation to digital capital market product tokens are already required to be licensed under the Securities and Futures Act 2001, and to comply with AML/CFT requirements.
2 VASPs, as defined in the FATF standards, include DPTSPs.
3 MAS Notice PSN02. Last revised on 30 June 2025 and takes effect from 1 July 2025.
4 The “Travel Rule” threshold in Singapore is S$1,500, but certain information still needs to be exchanged even for transactions below this threshold. Refer to Paragraph 13 of MAS Notice PSN02.
5 Refer to Paragraph 14 of MAS Notice PSN02.
6 Digital token is defined under the Financial Services and Markets Act 2022 to mean (a) a digital payment token as defined in the Payment Services Act 2019 or (b) a digital representation of a capital markets product as defined in the Securities and Futures Act 2001 which (i) can be transferred, stored or traded electronically; and (ii) satisfies such other characteristics as MAS may prescribe, but does not include an excluded DT.
© 2024 Institute of Singapore Chartered Accountants
