June 30, 2025 is less than a month away. On this day, Singapore's Financial Services and Markets Act (FSMA) will officially come into effect, setting ironclad rules for the digital asset industry. MAS wants to protect Singapore's reputation as a global financial center. Digital token services: Broking, dealing, transmission, exchange, matching, custodial services, advisory or dealing services of digital tokens are online cross-border operations, which are easily used by criminals for money laundering or financing terrorism (abbreviated as ML/TF). DTSPs refer to individuals or companies that have offices or registered companies in Singapore but mainly provide digital token (DT) services overseas. These services have little connection with Singapore, but once something goes wrong, Singapore may be blamed. Therefore, MAS decided to strictly regulate and require DTSPs to obtain licenses, and the compliance standards are particularly high.

Therefore, companies that fail to comply with the license may be ordered to close down. Industry practitioners still have many doubts about FSMA. The Monetary Authority of Singapore also gave a detailed response to the feedback received by the companies on June 6. The following is Aiying’s summary of the response:

1. If a company is registered only for tax residency or only has senior management, does it need a license?

According to MAS: Some companies are registered in Singapore, but the purpose is not to actually conduct business in Singapore, but to take advantage of Singapore's tax incentives and become Singapore's "tax residents". Tax residency allows companies to enjoy lower tax rates or tax treaty benefits in Singapore. Or the company only arranges senior management (such as CEO, directors, CFO, etc.) in Singapore, but has no other substantive business activities (such as sales, customer service, operations)

As long as the company actually provides DT services overseas (such as processing transactions and custodial tokens through a Singapore account), a license is still required. The purpose of registration does not affect the license requirements. The key is whether the company is engaged in DT services.

2. Does working from home count as a place of business?

MAS’s statement: It does not clearly stipulate whether a residence is a “place of business”, but emphasizes that the judgment is based on the substance of the business. If you conduct substantive business at home (such as processing customer orders, making sales, and providing consulting services through a home computer), MAS may deem it a place of business and require a license.

If you only do work occasionally (e.g. answer a few emails, do light administrative support), it may not be considered a place of business. A coworking space or company office is more likely to be considered a place of business because it is more like a formal business location.

3. Is the threshold for applying for a license high? Is the time enough? Can it be extended?

MAS's statement: Want to get a DTSP license? It's not that easy! MAS will only issue licenses in "very rare cases", such as when your business model is reasonable, regulated overseas (must comply with international standards such as FATF), and the company structure is fine. The key is that there is no transition period. From June 30, 2025, unlicensed DTSPs must stop their overseas services, otherwise they will be illegal. MAS will give you 4 weeks' notice to prepare, but don't expect leniency.

Feedback from companies: 4 weeks is too short! There is no time to prepare application materials and wait for MAS review. Companies are worried about business suspension, layoffs, and even supply chain impact. Some people suggest giving a 3-month transition period or allowing companies in the application process to continue operating temporarily.

MAS's response: No respite. MAS believes that the DTSP risk is too high and compliance must be swift. 4 weeks is enough for you to decide whether to apply or suspend business.

4. Will licensing fees and capital requirements crush small companies?

According to MAS, the license application fee and annual fee are both S$10,000, which is fixed regardless of the size of your company or the amount of business you do. In addition, you must prepare S$250,000 in capital (basic capital for companies and cash deposits for individuals) to prove that you have the strength to take root in Singapore.

Feedback from companies: Small companies complain that 250,000 Singapore dollars is too high, and the 10,000 Singapore dollars license fee is not cheap either. Some people suggest charging different fees based on company size, or lowering capital requirements. Others ask whether fees will increase due to the increase in the number of services.

MAS's response: No changes! The fees are aligned with those of the DPTSPs industry, and a unified fee is the fairest. The S$250,000 is to ensure that you are not a "shell company".

5. Who has to apply for a license?

According to MAS: Companies with business premises (such as offices, shared workspaces) or registered in Singapore (regardless of whether they actually operate in Singapore) must apply for a license if they provide offshore digital token (DT) services (such as cryptocurrency trading, wallet services, custody). MAS will look at whether your front-office functions (such as sales, business development, customer service) or customer base are offshore. For example, a license is required to contact overseas customers and process transactions in Singapore.

Exemptions:

Foreign company employees: Working for a foreign registered company in Singapore (such as technical support, backend development), no personal license is required for employment activities

6. How to conduct due diligence (CDD) for existing customers?

MAS said: After obtaining the license, you have to re-do customer due diligence (CDD) for old customers (customers you cooperated with before the license), such as checking their identities and sources of funds. The completion time is determined by MAS based on customer risk.

Feedback from companies: Everyone agrees to do CDD, but they are worried about time, especially for companies with many clients. They suggest to process in stages according to risk (check high-risk clients first), and they also want to know if old data can be reused.

MAS’ response: No fixed time is given, the timetable is determined according to the customer’s risk. Enterprises have to assess their subsequent CDD needs by themselves, and MAS will issue guidelines but no specific regulations.

7. Can I ask a third party to help with CDD?

MAS says: You can find a third party to do CDD, but it cannot be a payment service company (because their compliance levels vary). You have to check whether the third party is reliable.

Feedback from enterprises: It is easier to find a third party. It is recommended to allow the use of payment companies that meet FATF standards, and to have clear evaluation criteria.

MAS’ response: Payment companies cannot do without concessions. Companies must build their own processes to evaluate third parties.

8. How strict are the rules for account services and transfers?

MAS’s statement:

Account Services: When working with other financial institutions, you must first check their anti-money laundering measures to ensure there is no risk.

Transfer: The transfer must include the initiator and beneficiary information (name, ID number, etc.) in compliance with FATF standards. If the information is incomplete, the decision on whether to proceed must be made based on the risk.

Feedback from enterprises: We want to evaluate templates and unified information standards, such as adding transaction IDs and token types. We are worried that incomplete information will block transactions and affect customer experience.

MAS' response: We will provide assessment guidelines, but will not set technical standards and remain neutral. The information must be complete, otherwise it may be rejected.

9. Are technical risks and cybersecurity requirements easy to deal with?

MAS’s statement:

Technical risks: The IT system must be as stable as a rock, customer data must not be leaked, and major incidents must be reported to MAS within 1 hour.

Network security: protect accounts, patch, install firewalls, antivirus, and use multi-factor authentication.

Feedback from enterprises: 1 hour report is too rushed, it is recommended to give a simple report first and then follow up in detail. They also want to add global practices, such as regular penetration testing.

MAS's response: One-hour reporting is mandatory to ensure that MAS is aware of the impact in a timely manner. Cybersecurity is a basic requirement and new measures may be added in the future.

10. Will the conduct and disclosure requirements be too onerous?

MAS’s statement:

Behavior: Record transactions, issue receipts, post exchange rates and fees, and maintain fixed business hours so customers can find you.

Disclosure: Risk warnings must be issued to remind customers that they may lose money; do not make random statements about the scope of your supervision by MAS.

Feedback from companies: Business hours are too rigid, and it is recommended to be more flexible according to the size of the company. Disclosures would like to use multiple languages and templates, and guidance is needed on handling erroneous disclosures.

MAS' response: Business hours will not be changed, and customers will be able to contact you. Disclosure language should be determined by you, and incorrect disclosures should be corrected immediately.

11. Are the guidelines specific enough? Can they help companies avoid detours?

MAS said: DTSP must comply with general financial guidelines (suitability, technical risks, business continuity, outsourcing), and DTSP-specific FAQs may be issued in the future.

Enterprises’ concerns: They want DTSP-specific cybersecurity guidelines, executive competency checklists, and cases, and feel that the general guidelines are not relevant enough.

MAS’s attitude: The guidelines are in principle, you have to customize them yourself. We will consider adding FAQs to solve industry pain points.

12. Even if you already have a license or are exempt, FSMA still imposes higher compliance requirements on all DTSP-related businesses

Stricter Technology Risk Management (TRM): System security and network risk prevention and control need to be strengthened in line with MAS’s Technology Risk Management Guidelines.

Annual audit report submission: Independent audit reports must be submitted to MAS on a regular basis, focusing on assessing AML/CFT (anti-money laundering and counter-terrorist financing) compliance.

Higher AML/CFT requirements: including customer due diligence (CDD), transaction monitoring, screening for suspicious activities, etc., which must comply with MAS’s PSN02 notification requirements.

Rapid reporting of major security incidents: Major security incidents (such as data leaks, hacker attacks) must be reported to MAS within 1 hour (Note: this time requirement may be adjusted based on specific guidelines, it is recommended to refer to MAS's final notification).

Cash payment restrictions: prohibiting the acceptance or payment of cash transactions exceeding S$20,000 (approximately US$15,000) to reduce money laundering risks

If you are already licensed or exempted under the following frameworks, you do not need to apply for a DTSP license under FSMA:

• Holds a Payment Services Act (PSA) license
• Exempted by PSA
• Hold a Securities and Futures Act (SFA) or Financial Advisers Act (FAA) license, or be exempted from such license

Aiying Action Suggestions:

• Check yourself now: Find a lawyer to confirm whether your business needs a license, and prepare to apply or exit the business as soon as possible.
• Spend money on compliance: upgrade systems, train employees, and ensure that CDD, technical security, and disclosure are up to standard.
• Communicate more: Proactively contact MAS to confirm timelines and requirements, and reduce guessing games.
• Pay attention to guidance: MAS’s subsequent guidance and FAQs are very important and should be followed closely.

Comparison of DTSP regulatory framework solutions: