How long does it take to get a crypto exchange license in Singapore?

Realistically, the MAS licensing process takes 12-18 months from initial application to final approval. Simple applications with strong compliance frameworks may clear in 9-12 months, while complex cases or those requiring additional documentation can extend to 24 months.

What is the minimum capital requirement for an MAS crypto license?

The base capital requirement for a Major Payment Institution (MPI) license is SGD 250,000 (approximately USD 185,000). However, MAS may impose higher capital requirements based on the scale of operations, risk profile, and the range of payment services offered.

Can a foreign company apply for a crypto exchange license in Singapore?

Yes, foreign companies can apply, but they must incorporate a local entity in Singapore, appoint at least one resident director, maintain a physical office in Singapore, and designate a local compliance officer. A local presence is non-negotiable.

What is the difference between a Standard Payment Institution and Major Payment Institution license?

A Standard Payment Institution (SPI) license allows limited transaction volumes (SGD 3 million per month per payment service, SGD 6 million total). A Major Payment Institution (MPI) license has no volume caps and is required for most serious crypto exchanges. MPI has stricter capital and compliance requirements.

Does MAS require a crypto exchange to hold customer funds in a specific way?

Yes. MAS requires licensees to safeguard customer assets by holding them in trust accounts with qualified custodians or in segregated wallets. Customer funds must be kept separate from the company's operational funds at all times. Detailed record-keeping of all customer assets is mandatory.

What happens if I operate a crypto exchange in Singapore without a license?

Operating a Digital Payment Token service without a valid MAS license is a criminal offense under the Payment Services Act. Penalties include fines of up to SGD 250,000 and imprisonment of up to 3 years. MAS actively monitors and takes enforcement action against unlicensed operators.

Licensing Compliance Singapore

How to Get a Crypto Exchange License in Singapore (MAS)

Codono Team

| March 8, 2026 | 20 min read

Why Singapore for Your Crypto Exchange
Understanding the MAS Regulatory Framework
The Payment Services Act and Digital Payment Tokens
License Types: SPI vs MPI
Capital Requirements
The 6-Step Application Process
Compliance Framework Requirements
Operational Requirements
Timeline: What to Realistically Expect
Cost Breakdown
Advantages of a Singapore License
Challenges and How to Overcome Them
Tips for a Successful Application
Building Your Licensed Exchange

Why Singapore for Your Crypto Exchange

Singapore has earned its reputation as Asia’s financial hub through decades of deliberate policy. For crypto exchange operators, the jurisdiction offers something rare: regulatory clarity without hostility toward innovation.

The Monetary Authority of Singapore (MAS) has taken a measured approach. Rather than banning crypto activity or leaving it unregulated, MAS created a comprehensive framework under the Payment Services Act (PSA) that treats digital payment token (DPT) services as a regulated financial activity. This sends a signal to banks, institutional investors, and users alike: a Singapore-licensed exchange has met a high bar.

The numbers back this up. As of early 2026, Singapore has approved fewer than 20 Major Payment Institution licenses for DPT services. That selectivity is the point. A Singapore MAS crypto license carries weight precisely because it is hard to get.

If you are planning to start a crypto exchange targeting Asian markets or seeking institutional credibility globally, Singapore should be at the top of your list. But you need to understand exactly what is involved. This guide covers every aspect of the process, from capital requirements to compliance frameworks, with no shortcuts.

Understanding the MAS Regulatory Framework

MAS functions as Singapore’s central bank and integrated financial regulator. Unlike jurisdictions where banking and securities regulation are split across multiple agencies, MAS handles it all. For crypto exchange operators, this means one primary regulator, one licensing framework, and one set of rules.

The key legislation is the Payment Services Act 2019 (PSA), which was amended in 2021 and further updated in 2024 to strengthen DPT service provider requirements. The PSA consolidated previously fragmented regulations into a single framework covering seven payment services, including DPT services.

MAS supplements the PSA with detailed guidelines and notices:

Notice PSN02: AML/CFT requirements for DPT service providers
Technology Risk Management (TRM) Guidelines: Cybersecurity and IT governance standards
Guidelines on Fair Dealing: Consumer protection expectations
Notice on Prevention of Money Laundering and Countering the Financing of Terrorism: Specific procedures for customer due diligence

Understanding that MAS views crypto regulation through a risk management lens is critical. MAS does not care whether your exchange lists 10 tokens or 1,000. It cares whether you have robust controls to prevent money laundering, protect customer assets, manage technology risk, and maintain operational resilience.

The Payment Services Act and Digital Payment Tokens

Under the PSA, a Digital Payment Token (DPT) is defined as a digital representation of value that is not denominated in any currency, can be transferred and stored electronically, and is (or is intended to be) a medium of exchange accepted by the public.

If your exchange facilitates any of the following, you need a DPT service license:

Buying or selling DPTs for fiat currency or other DPTs
Operating a platform that allows users to exchange DPTs
Facilitating the transfer of DPTs between parties
Providing custodial services for DPTs on behalf of customers

The scope is broad. Even if you only operate a peer-to-peer matching service or a DPT custody solution without a trading engine, you likely fall within the PSA’s reach. MAS has made clear through enforcement actions that attempting to structure around licensing requirements is viewed unfavorably.

For operators building on crypto exchange software platforms, the licensing requirement applies regardless of the underlying technology. White-label solutions, custom-built engines, and decentralized front-ends with centralized order matching all fall within scope if they serve Singapore-based customers.

License Types: SPI vs MPI

The PSA creates two license tiers for payment service providers:

Standard Payment Institution (SPI)

Monthly transaction limit: SGD 3 million per payment service
Total monthly limit: SGD 6 million across all services
Lower capital requirements (SGD 100,000 base)
Suitable for small-scale or early-stage operations

Major Payment Institution (MPI)

No transaction volume caps
Higher capital requirements (SGD 250,000 base)
Stricter ongoing compliance obligations
Required for any exchange expecting meaningful volume

For most serious crypto exchange operators, the MPI license is the only realistic option. The SPI volume caps are low enough that a moderately successful exchange would exceed them within months. Upgrading from SPI to MPI later requires a new application, which means going through the approval process again.

A strategic approach some operators take: apply for the MPI license from day one, but structure the application around a phased launch. Start with a limited token selection and restricted user base, then expand once licensed. MAS appreciates measured rollout plans.

Capital Requirements

MAS capital requirements for DPT service providers under an MPI license are structured as follows:

Base Capital: SGD 250,000 (approximately USD 185,000)

This is the minimum paid-up capital that must be maintained at all times. It is not a one-time deposit — your company’s equity must stay above this threshold on an ongoing basis.

Additional capital considerations:

Security deposits: MAS may require a security deposit or bank guarantee, typically SGD 100,000-200,000, depending on your business model
Operational float: You need working capital beyond the base requirement. Budget SGD 500,000-1,000,000 for the first 12-18 months of operations
Customer asset safeguarding: Customer funds held must be segregated and backed. This is separate from your operational capital
Insurance: Professional indemnity and cyber insurance are expected, adding SGD 50,000-150,000 annually

Total realistic capital needed to launch: SGD 1,000,000-2,000,000 (USD 740,000-1,480,000) when you factor in the base capital, security deposit, operational runway, technology costs, and compliance setup.

MAS may impose higher capital requirements for applicants with larger projected volumes or those offering margin trading, derivatives, or lending services. The numbers above represent minimums for a spot-only exchange.

The 6-Step Application Process

Step 1: Pre-Application Preparation (2-3 Months)

Before submitting anything to MAS, you need your house in order:

Incorporate a Singapore entity (Private Limited Company via ACRA)
Appoint qualified directors, including at least one Singapore resident director
Secure a physical office in Singapore (virtual offices are not accepted)
Hire a compliance officer with relevant AML/CFT experience
Engage legal counsel experienced in MAS licensing (this is not optional)
Draft your compliance framework including AML/CFT policies, risk management procedures, and technology risk assessments
Prepare your business plan with financial projections, target market analysis, and operational structure

The quality of your pre-application preparation directly impacts your approval probability. MAS reviewers can tell immediately whether an applicant has done serious groundwork or is submitting a speculative application.

Step 2: Submit Application via MAS Portal (1-2 Weeks)

Applications are submitted through the MAS eService portal. The submission package includes:

Completed Form 1 (Application for License)
Business plan and financial projections (3-5 years)
Organizational chart with key personnel details
AML/CFT policy manual
Technology risk management documentation
Outsourcing arrangements (if applicable)
Fit and proper declarations for all directors, CEO, and substantial shareholders
Proof of paid-up capital
Application fee: SGD 1,000 (non-refundable)

Every document matters. Incomplete applications are returned without review, and resubmission resets your queue position.

Step 3: Initial MAS Review and Queries (3-6 Months)

After submission, MAS assigns a case officer who reviews your application in detail. Expect multiple rounds of queries. Common areas MAS probes:

Source of funds: Where is your capital coming from? MAS scrutinizes the background of investors and shareholders
Compliance depth: Generic policy templates get rejected. MAS wants to see Singapore-specific procedures
Technology controls: How do you secure customer assets? What are your hot/cold wallet procedures? Your incident response plan?
Personnel qualifications: Are your compliance and technology officers adequately experienced?

Responding to MAS queries promptly and thoroughly is essential. Delayed or incomplete responses extend the timeline significantly.

Step 4: Enhanced Due Diligence (2-4 Months)

MAS conducts its own background checks on key personnel and shareholders. This includes:

Criminal background checks across multiple jurisdictions
Financial history and bankruptcy checks
Review of past regulatory interactions
Assessment of beneficial ownership structures
Verification of stated experience and qualifications

There is nothing you can do to speed this step up. Ensure all disclosures are accurate — MAS has discovered undisclosed regulatory actions or criminal records during this phase, resulting in immediate application denial.

Step 5: Conditional Approval and Remediation (1-3 Months)

If MAS is satisfied with the application, it typically issues an in-principle approval (IPA) with conditions. Common conditions include:

Completing specific compliance hires before launch
Implementing additional technology controls
Obtaining required insurance coverage
Demonstrating operational readiness through a dry run
Finalizing banking arrangements

You have a fixed window (usually 3-6 months) to satisfy all conditions. Failure to meet conditions within the deadline can result in withdrawal of the IPA.

Step 6: Final License Issuance

Once all conditions are met and verified, MAS issues the Major Payment Institution license. You are now authorized to provide DPT services in Singapore, subject to ongoing compliance obligations.

Annual license fee: SGD 1,000

The low annual fee is deceptive. The real cost of maintaining a license is in ongoing compliance, which runs SGD 300,000-800,000 per year depending on scale.

Compliance Framework Requirements

MAS expects a comprehensive compliance framework. This is not a checkbox exercise — MAS conducts inspections and can revoke licenses from operators with inadequate controls.

AML/CFT Program

Your anti-money laundering and counter-terrorism financing program must include:

Customer Due Diligence (CDD): Identity verification for all users before they can transact. This goes beyond basic KYC — MAS expects risk-based CDD with enhanced measures for high-risk customers. A robust KYC/AML system is foundational to meeting these requirements
Transaction monitoring: Real-time and post-trade monitoring for suspicious patterns. Rule-based and behavior-based detection are both expected
Suspicious Transaction Reporting (STR): Procedures for filing STRs with the Suspicious Transaction Reporting Office (STRO) within prescribed timeframes
Sanctions screening: Real-time screening against UNSC, OFAC, EU, and Singapore MAS sanctions lists
Travel Rule compliance: For DPT transfers, originator and beneficiary information must be transmitted per FATF Travel Rule requirements
Record retention: All CDD records and transaction data must be retained for at least 5 years after the business relationship ends

Technology Risk Management

MAS TRM Guidelines are extensive. Key requirements for crypto exchanges:

Cybersecurity: Penetration testing, vulnerability assessments, SOC monitoring, and incident response procedures. Building on enterprise-grade security features is a practical starting point
System availability: Uptime targets, disaster recovery plans, and business continuity procedures
Access controls: Multi-factor authentication, privileged access management, and audit logging
Third-party risk management: Due diligence on all technology vendors, cloud providers, and outsourced services
Data protection: Compliance with Singapore’s Personal Data Protection Act (PDPA) alongside MAS data handling requirements
Change management: Documented procedures for system updates, with testing and rollback capabilities

Customer Asset Safeguarding

Since 2024, MAS has strengthened customer asset protection requirements:

Customer DPTs must be held in trust or segregated from company assets
Detailed accounting of all customer balances
Regular reconciliation (at minimum daily)
Adequate insurance or reserve arrangements
Clear disclosure to customers about how their assets are held

Operational Requirements

Beyond compliance frameworks, MAS has specific operational expectations:

Local Presence

Physical office: A staffed office in Singapore (not a co-working hot desk)
Resident director: At least one director who is a Singapore citizen, permanent resident, or EntrePass holder
Local compliance officer: The person responsible for AML/CFT compliance must be based in Singapore
CEO or executive director: At least one senior executive should be based in Singapore

Personnel Requirements

Fit and proper criteria: All directors, CEO, and substantial shareholders must pass MAS fit and proper assessments
Compliance team: Minimum 2-3 dedicated compliance staff for a small exchange, scaling with volume
Technology team: In-house or contracted technology personnel with relevant security expertise
Ongoing training: Staff must receive regular AML/CFT training, with documentation

Reporting Obligations

Licensed DPT service providers must submit:

Annual regulatory returns: Financial statements, compliance reports, and business activity data
Ad hoc reports: Material changes in business, personnel, or risk profile must be reported promptly
Incident reports: Cybersecurity incidents, system outages, and significant operational failures must be reported within prescribed timeframes
Audit reports: Annual external audit of financial statements and periodic compliance audits

Timeline: What to Realistically Expect

Here is a realistic timeline based on recent MAS licensing experience. Optimistic projections from consultants who promise 6-month approvals should be treated with skepticism.

Phase	Duration	Cumulative
Pre-application preparation	2-3 months	2-3 months
Application submission	1-2 weeks	3 months
Initial MAS review and queries	3-6 months	6-9 months
Enhanced due diligence	2-4 months	8-13 months
Conditional approval and remediation	1-3 months	9-16 months
Final license issuance	2-4 weeks	10-17 months

Realistic total: 12-18 months from the start of preparation to holding a license. Some applications have taken 24 months or longer, particularly those involving complex ownership structures or applicants from higher-risk jurisdictions.

Factors that extend the timeline:

Incomplete or poor-quality initial submissions
Slow responses to MAS queries
Key personnel changes during the application process
Adverse findings during background checks
Complex corporate structures requiring additional disclosure
MAS workload fluctuations (application volumes have increased significantly)

Cost Breakdown

Here is a detailed cost breakdown for obtaining and maintaining an MAS crypto exchange license:

One-Time Setup Costs

Item	Cost (SGD)
Company incorporation and registered address	2,000-5,000
Legal counsel (licensing application)	150,000-300,000
Compliance framework development	80,000-150,000
Technology risk assessment and audit	30,000-60,000
MAS application fee	1,000
Office setup (deposit, fit-out)	30,000-80,000
Initial compliance hires (recruitment)	20,000-40,000
Exchange platform licensing or development	50,000-200,000
Insurance (first year)	50,000-150,000
Total setup	413,000-986,000

Annual Ongoing Costs

Item	Cost (SGD)
MAS annual license fee	1,000
Compliance team salaries (3-5 staff)	300,000-600,000
Legal retainer	50,000-120,000
External audit	30,000-60,000
Technology security (pen testing, SOC)	50,000-100,000
AML/CFT tools and screening services	40,000-80,000
Insurance renewal	50,000-150,000
Office rent and operations	60,000-150,000
Regulatory reporting and filings	10,000-30,000
Total annual	591,000-1,291,000

Combined first-year cost: SGD 1,000,000-2,200,000 (USD 740,000-1,630,000)

These numbers are not inflated. Operators who try to cut corners on legal counsel or compliance hires frequently have their applications rejected or returned, costing more in the long run. Working with proven crypto exchange software that already incorporates regulatory compliance features can reduce the technology cost component significantly.

Advantages of a Singapore License

Despite the high bar, a Singapore MAS crypto license offers distinct advantages:

Regulatory Credibility

Singapore is a Tier 1 financial center. An MAS license signals to banks, institutional partners, and sophisticated users that your exchange meets one of the world’s highest regulatory standards. This credibility is difficult to replicate with licenses from smaller jurisdictions.

Banking Access

This is the practical advantage that matters most. Singapore-licensed DPT service providers have significantly better access to banking relationships than unlicensed operators. Major Singapore banks (DBS, OCBC, UOB) and international banks with Singapore operations are more willing to provide banking services to MAS-licensed entities.

Banking access remains challenging even with a license, but it is substantially easier than in most other jurisdictions. The license removes the single biggest operational bottleneck for crypto exchanges.

Clear Regulatory Framework

Unlike jurisdictions where crypto regulation is fragmented, ambiguous, or subject to sudden changes, Singapore’s PSA framework is well-documented and relatively stable. MAS publishes detailed guidance, responds to industry consultations, and provides clarity on regulatory expectations. You can plan your business with reasonable confidence about what the rules will be.

Regional Gateway

Singapore serves as the financial gateway to Southeast Asia — a region with over 700 million people and rapidly growing crypto adoption. A Singapore license provides a strong base for serving markets in Indonesia, Thailand, Vietnam, the Philippines, and Malaysia, subject to local regulations in each market.

Tax Efficiency

Singapore has no capital gains tax, a territorial tax system, and a corporate tax rate of 17% with various incentives and exemptions available for financial services companies. For exchange operators, this translates to meaningful tax efficiency compared to jurisdictions like the United States or most of the European Union. For EU-focused operations, compare this with the MiCA compliance framework which takes a different approach.

Talent Pool

Singapore has a deep pool of compliance, legal, technology, and financial services talent. Hiring qualified compliance officers and AML specialists is easier here than in most Asian jurisdictions.

Challenges and How to Overcome Them

Banking Relationships

The challenge: Even with an MAS license, opening and maintaining banking relationships is difficult. Banks have their own compliance requirements and risk appetite, and many remain cautious about crypto businesses.

How to overcome it: Apply to multiple banks simultaneously. Prepare a comprehensive banking onboarding package that includes your MAS license, audited financials, compliance framework summary, and transaction monitoring procedures. Consider starting with digital banks (such as Trust Bank or GXS Bank) that may have a higher appetite for fintech clients. Having a license from MAS is your strongest card — lead with it.

High Compliance Bar

The challenge: MAS expectations are demanding and ongoing. Maintaining compliance requires sustained investment in people, processes, and technology.

How to overcome it: Build compliance into your operations from day one rather than bolting it on later. Use compliance technology (RegTech) to automate transaction monitoring, sanctions screening, and regulatory reporting. The cost of automation is high upfront but significantly lower than manual compliance at scale.

Lengthy Approval Timeline

The challenge: 12-18 months is a long time in crypto. Market conditions can change significantly during the application process.

How to overcome it: Start the application process early. Use the preparation period to build your platform, establish partnerships, and develop your user acquisition strategy. You cannot trade while waiting for the license, but you can do everything else. Some operators launch in other jurisdictions first and add Singapore later. Others use the waiting period to participate in MAS’s regulatory sandbox if eligible.

Competition for Limited Licenses

The challenge: MAS is selective. The rejection rate is high, and the number of approved DPT licenses remains small.

How to overcome it: Differentiate your application. MAS looks for applicants with genuine substance — experienced teams, realistic business plans, and clear value propositions. A generic “we want to build an exchange” application will not succeed. Show MAS why your exchange serves a market need and how your compliance framework exceeds minimum requirements.

Evolving Regulations

The challenge: MAS continues to refine DPT regulations. New requirements around stablecoin regulation, customer protection, and cross-border transfers are being phased in.

How to overcome it: Stay connected. Join the Singapore Fintech Association. Participate in MAS consultation papers. Engage with your legal counsel regularly on regulatory developments. Building a flexible compliance framework that can adapt to new requirements is more sustainable than building to the exact minimum of today’s rules.

Tips for a Successful Application

Based on patterns from successful MAS license applications, here are practical recommendations:

1. Invest in legal counsel early. The SGD 150,000-300,000 you spend on experienced MAS licensing counsel is the highest-ROI investment in your application. Firms with a track record of successful DPT license applications know exactly what MAS expects and how to structure your submission. Do not use generalist law firms.

2. Build your compliance framework before applying. MAS wants to see a working framework, not a promise to build one. Draft your AML/CFT policies, transaction monitoring rules, CDD procedures, and technology risk assessment before you submit Form 1. This demonstrates seriousness and accelerates the review process.

3. Hire your compliance officer first. Your compliance officer should be involved in drafting the application, not hired after approval. MAS specifically evaluates the qualifications and experience of your compliance personnel during the application review.

4. Be transparent about everything. Any attempt to obscure ownership structures, background issues, or business model details will be discovered during MAS due diligence. Full transparency — even about potential weaknesses — is always better than partial disclosure. MAS respects honesty and penalizes concealment.

5. Prepare realistic financial projections. Hockey-stick growth projections undermine credibility. Show MAS you understand the market, have realistic volume expectations, and can sustain operations during the ramp-up period. Conservative projections with clear assumptions are preferred.

6. Choose your technology partner carefully. MAS will evaluate your technology stack as part of the application. Using proven, battle-tested technology reduces MAS concern about operational risk. Document your technology architecture, security controls, and disaster recovery procedures thoroughly.

7. Respond to MAS queries within 48 hours. Fast, comprehensive responses to MAS questions signal organizational capability. Slow responses signal the opposite. Assign a dedicated point person for MAS communications and empower them to gather information quickly from across the organization.

8. Plan for the long haul. An MAS license is not a sprint. It is a commitment to sustained regulatory compliance. Make sure your business model can support the ongoing cost of compliance (SGD 600,000-1,300,000 per year) and that your investors understand this.

Building Your Licensed Exchange

Obtaining an MAS crypto exchange license is one of the most challenging licensing processes in the global crypto industry. It is also one of the most valuable. The combination of regulatory credibility, banking access, and strategic positioning in Asia makes Singapore a jurisdiction worth the investment for serious exchange operators.

The operators who succeed in Singapore share common traits: adequate capitalization, experienced compliance teams, robust technology, and patience. The ones who fail typically underestimate the compliance requirements, underfund the application process, or try to take shortcuts that MAS detects immediately.

If you are ready to build a licensed exchange in Singapore, start with the foundation. Your crypto exchange software needs to support the compliance, security, and operational requirements that MAS demands from day one. Codono’s platform is built with regulatory compliance in mind, incorporating KYC/AML systems, enterprise-grade security, and the operational controls that regulators like MAS expect to see.

For a broader overview of crypto exchange licensing across multiple jurisdictions, see our comprehensive crypto exchange license guide. And when you are ready to move forward, explore how to start a crypto exchange with the technology and compliance infrastructure to meet MAS standards.

The bar is high. The reward is worth it.

Licensing Compliance Singapore Regulation MAS AML

Table of Contents