Original | Odaily Planet Daily ( @OdailyChina )
Author: jk
Singapore, located in the heart of Asia, has become the preferred destination for global Web3 entrepreneurs due to its open yet prudent financial policies. Now, it is undergoing an unprecedented regulatory upheaval.
On May 30, 2025 , the Monetary Authority of Singapore (MAS) officially released a regulatory response document for digital token service providers (DTSP), marking that the new regulations will take full effect on June 30. Not only does this policy have no transition period, but it also uses extremely limited licensing standards and criminal liability as the bottom line, almost overnight ending the Singapore model that was once regarded as a crypto haven.
Let’s take a look at the eight key points under the new regulations.
1. The core content of the new regulations: Get a license or stop service before the end of the month
The document released by the Monetary Authority of Singapore (MAS) on May 30, 2025 formally established new regulatory rules for digital token service providers (DTSPs). The core of this is to establish licensing obligations for all individuals or institutions that have a place of business in Singapore and provide digital token services overseas through Section 137 of the Financial Services and Markets Act (FSM Act).
MAS clearly stated that regardless of whether the service object is a local customer in Singapore, as long as the service is provided at any place of business in Singapore, a DTSP license must be obtained, otherwise it will be regarded as illegal operation. Previously, if the service object was an overseas customer, a company registered in Singapore did not need to obtain a license.
More seriously, MAS refused to set up any transition period in this document. All entities subject to the new regulations must either obtain a DTSP license or completely stop all digital token service businesses before June 30, 2025. MAS stated that it would only approve licensing applications in extremely limited circumstances, which means that the vast majority of service providers do not have the conditions to continue operating in Singapore. Violation of licensing regulations will constitute a criminal offense and face severe penalties under the FSM Act.
2. Which companies will be affected?
The most affected by the new MAS regulations will be those Web3 companies that do not hold DTSP licenses but have entities, offices or core team members in Singapore, especially the following two types of institutions:
International crypto institutions with headquarters or main operations in Singapore , especially exchanges that previously used Singapore as their Asia-Pacific hub, may still run into regulatory red lines if some of their service modules are not approved by DTSP.
Web3 companies registered in Singapore but serving global users, unlicensed DEX, wallets and cross-chain protocol development teams : Project parties with Singapore as their legal registration place but business facing overseas, such as some DeFi protocols, NFT platforms, blockchain game development teams, etc.
For example, if the technical backbone team of a decentralized trading platform (a Uniswap fork project) or a cross-chain bridge team is based in Singapore, even if it serves global users, it will be included in the scope of compliance risks if it does not obtain a license.
3. How to obtain a DTSP license? Is it difficult?
The application threshold for the DTSP (Digital Token Service Provider) license is extremely high. MAS has clearly stated in its latest response document that the license will only be granted in extremely limited circumstances. In other words, obtaining a license is not an open, routine administrative process, but an exceptional approval based on prudent regulatory logic.
First, the applicant must demonstrate that it has a sound anti-money laundering and counter-terrorist financing (AML/CFT) control system, including customer due diligence (CDD) process, suspicious transaction reporting mechanism, technical and network security protection, due diligence process when conducting business with third parties, IT system risk control and network security measures (must meet the minimum network security requirements specified in the FSM-N3 1 notice), internal compliance structure (including key personnel arrangements such as compliance officers and risk control managers), etc.
MAS has systematic assessment requirements for applicants’ compliance capabilities, business transparency, risk control mechanisms, and personnel qualifications. In particular, in terms of customer identification, transaction tracking, and data retention, DTSP license holders will face regulatory intensity comparable to or even higher than that of traditional financial institutions.
Therefore, it can be clearly stated that the DTSP license is not only difficult to obtain, but also a licensing system that does not encourage large-scale issuance in terms of policy logic. The regulatory goal of MAS is not to help more encryption service providers to comply with regulations, but to actively filter out high-risk entities and minimize the reputation risk and financial systemic risk that Singapore suffers from Web3 activities.
4. Remote workers: Remote work for foreign companies is possible, but there are still risks
MASs attitude towards remote workers is particularly rigorous and specific in the new DTSP regulations. Its core logic can be summed up in one sentence: as long as you are in Singapore but doing business abroad, you may trigger the obligation to hold a license, even if you work from home.
MAS clearly states that any individual who provides digital token services (DT services) to overseas customers at a place of business in Singapore must apply for a DTSP license in accordance with Section 137 of the Financial Services and Markets Act. The definition of place of business here is extremely broad, including not only formal offices, but also shared office spaces and even home offices. This means that remote workers are not automatically exempt from regulatory obligations.
However, MAS has set up an exception for a group of people - if an individual is employed by a foreign-registered company that only serves foreign users, and his or her work is part of the employment relationship, such as remotely writing code or handling operational support matters, then the employees work itself is not considered illegal and does not trigger the obligation to hold a license. It should be noted that this exemption only applies to formal employee status, not individuals who do not have an employment contract relationship, such as independent consultants, contractors or company founders.
However, there is still a lot of room for discretion in actual operation. For example, MAS does not clearly define whether employees include project founders, shareholders or co-founders; nor does it clarify whether some responsibilities can be outsourced without affecting compliance status. In addition, if remote workers participate in business negotiations, visit customers, or use shared office spaces in Singapore, it does not say whether they can be deemed to be providing DT services in Singapore and thus fall within the scope of regulation.
Therefore, for remote workers in Singapore, simply relying on “not working in the domestic market” is no longer sufficient compliance protection. MAS’s position is very clear: as long as an individual is in Singapore and his or her work involves digital token services for overseas, he or she may be deemed to be operating illegally unless extremely strict exception standards are met.
5. Stricter due diligence regulations
In the regulatory framework released by MAS this time, the regulations on customer due diligence (CDD) are highly stringent. MAS requires all individuals or institutions that apply for and hold DTSP licenses to establish a sound CDD system to address the money laundering and terrorist financing (ML/TF) risks that are prevalent in digital token services.
MAS did not set a uniform time limit for the completion of CDD in the FSM-N 27 Notice, but instead specified that the time limit would be determined on a “local basis” basis for each applicant at the time of licensing. Assessment factors include the risk profile of the client, the complexity of the business model, and the institution’s own compliance capabilities.
In the face of the possible future revision of CDD requirements, MAS will not uniformly stipulate under what circumstances all licensees must update their original customer information. Instead, MAS requires DTSPs to establish an internal assessment mechanism to determine whether due diligence needs to be re-conducted based on actual business and the content of the revision.
In addition, MAS specifically emphasizes that when choosing whether to rely on a third party to complete CDD work, the DTSP must conduct adequate due diligence on the third party. Specifically, institutions should establish an internal review process to assess whether the third party has the ability to perform AML/CFT duties. It should be noted that MAS does not allow payment service providers that already hold licenses from other countries or financial institutions supervised by foreign regulators to be automatically included in the scope of third parties that can be relied on.
6. Report any Three Arrows Capital-like incident within five days and any hacker-like incident within one hour
According to the relevant notice issued by MAS, DTSP licensees need to comply with two key provisions in terms of reporting obligations, namely reporting of suspicious activities/fraud incidents (FSM-N 28) and emergency notification of major incidents (FSM-N3 0):
First, FSM-N 28 requires that if fraud or suspicious activities are found and the incident has a significant impact on the safety, soundness or reputation of the licensee (MAS does not have a unified definition of the significance of suspicious activities or fraud incidents, it depends on the companys own judgment), it must be reported to MAS within five working days. If the incident is still under investigation, the current status of the investigation must be stated in the report, and MAS has the right to request additional information.
Secondly, FSM-N3 0 notifications stipulate that licensees must submit preliminary notifications within one hour for major incidents in technical systems, network security, data breaches, etc., especially those that may trigger a chain reaction in the industry or a crisis of public confidence. MAS pointed out that the purpose of this requirement is to buy regulatory authorities reaction time to assess the potential impact of the incident on the entire market.
In summary: The reporting period for fraud and suspicious behavior is five working days, and major cybersecurity incidents must be reported within one hour.
7. What are some licensed companies that you don’t have to worry about at all?
According to information released by the Monetary Authority of Singapore (MAS) as of June 5, 2025, the number of companies that have obtained Digital Token Service Provider (DTSP) licenses is extremely limited, and they are basically well-known large companies.
Among them, known licensed companies (including those holding digital currency payment licenses) include Anchorage Digital Singapore, BitGo Singapore, Blockchain.com (Singapore), Bsquared Technology, Circle Internet Singapore, Coinbase Singapore, DBS Vickers Securities (Singapore), OKX, Paxos, Ripple, as well as well-known institutions such as HashKey and GSR.
In addition, some companies are exempted from the Payment Services Act (PS Act), Securities and Futures Act (SFA) or Financial Advisers Act (FAA) and can provide related services without applying for a DTSP license. Such exemptions usually apply to institutions that are already licensed and regulated in other financial services fields.
8. The move is for Singapore’s “financial reputation”
One of the core starting points of the new regulation is the Monetary Authority of Singapore (MAS)s high regard for the countrys financial reputation. MAS has repeatedly emphasized in its response documents that due to the strong cross-border and Internet characteristics of digital token services (DT services), their anonymity and borderless characteristics make them more likely to be used for illegal activities such as money laundering, terrorist financing, and fraud. Although many DTSPs do not serve customers in Singapore, once these companies use Singapore as their place of registration or operating base, Singapore will inevitably be affected by global public opinion and regulation if something goes wrong.
Therefore, MAS emphasizes that its regulatory goal is not just to curb individual illegal activities, but to prevent any potential risks from causing a systemic impact on the reputation of Singapores financial system. In the view of MAS, the biggest risk of DTSP to Singapore is not its direct penetration into the local financial system, but that once these institutions are abused, Singapore may be regarded as a springboard jurisdiction that condones or poorly regulates, which will seriously undermine its credibility and regulatory reputation as a global financial center.
It can be said that this is a zero tolerance preventive regulatory thinking: it would rather give up tolerance for high-risk innovation than sacrifice the countrys reputation. From this perspective, MASs move is not only technical compliance, but also a strategic defense of the regulatory reputation red line.
