Singapore's Payment Ecosystem: Innovation under Strong Regulatory Oversight
Singapore's payment landscape has grown well beyond traditional payment processing. Digital wallets, payment accounts, platform-based payment solutions and embedded finance arrangements are now part of how consumers and businesses receive, hold and move funds.
This growth supports Singapore's position as a regional payments hub. At the same time, it has also raised the level of regulatory expectations on payment service providers. The Monetary Authority of Singapore (MAS) has consistently taken the position that innovation must be supported by sound governance, proper risk management, effective anti-money laundering (AML) and countering the financing of terrorism (CFT) controls and clear accountability.
Account issuance services sit at the centre of this ecosystem. A payment account may allow customers to receive funds, store value, make payments, withdraw funds or access other payment-related services. Under the Payment Services Act 2019 (PS Act), account issuance includes issuing a payment account to any person in Singapore and providing services required for operating that payment account, including services that enable money to be placed in or withdrawn from the account (Part 3 of the First Schedule to the PS Act).
Because of this, the MAS expects licensees to understand not only how the product works, but also how the account could be misused for fraud, mule account activity, layering, unauthorised access or suspicious fund movement.
Where Account Issuance Licensees Commonly Fall Short
For account issuance licensees, compliance issues usually arise when the product expands faster than the control framework. A payment account may begin with a simple use case but, over time, may include new funding methods, third-party transfers, wallet-to-wallet functions, cash-out options, or merchant-related features.
This is where regulatory risk can build quietly. A firm may still view the product as a basic account service, while the actual functionality may already involve domestic transfer, cross-border transfer, e-money issuance or other regulated payment activities. Under the PS Act, a person must have the appropriate licence, unless exempted, to carry on regulated payment services such as account issuance, domestic money transfer, cross-border money transfer, e-money issuance or digital payment token services.
Customer onboarding is another area where weaknesses can surface. If customer due diligence (CDD), beneficial ownership checks, sanctions screening and customer risk assessment are not properly designed, the account can be exposed to mule activity, impersonation, scam proceeds and other financial crime risks.
Ongoing monitoring is equally important. Unusual account behaviour, such as repeated top-ups and withdrawals, rapid fund pass-through, multiple accounts linked to the same customer or device, dormant accounts becoming suddenly active, or activity inconsistent with the customer's profile, should be detected and escalated promptly.
The Guidelines to MAS Notice PSN01 on Prevention of Money Laundering and Countering the Financing of Terrorism – Specified Payment Services make clear that the degree of observance with the Guidelines may have an impact on the MAS' overall risk assessment of a payment service provider, including its view of board and senior management oversight, governance, internal controls and risk management. In practice, the MAS will not only look at whether the licensee has policies. The more important question is whether those policies are reflected in system controls, operating procedures, staff escalation, management oversight and proper recordkeeping.
Implications of Noncompliance or Nonconformity with Regulatory Requirements
For account issuance providers, noncompliance is not just a technical breach. It can affect the firm's licence standing, customer confidence, banking relationships and the MAS assessment of the firm's overall control environment.
Where the product has evolved beyond the approved licence scope, the firm may be exposed to a more serious regulatory issue. Under the PS Act, a person must not carry on a business of providing any type of payment service in Singapore unless it has the appropriate licence or is an exempt payment service provider. A breach may result in fines of up to SGD 250,000 for non-individuals, with further daily fines for continuing offences.
Poor account controls may also increase the firm's exposure to mule accounts, scam proceeds, fraud, sanctions breaches and suspicious transaction activity. Where suspicious activities or fraud incidents are material to the safety, soundness or reputation of the licensee, MAS Notice PSN03 on Reporting of Suspicious Activities and Incidents of Fraud (PSN03) requires a report to the MAS in Form F1 no later than five working days after discovery. PSN03 also makes clear that suspicious transaction reporting obligations to the Suspicious Transactions Reporting Office (STRO) continue to apply.
In practical terms, weak account issuance controls can lead to regulatory queries, remediation requirements, closer supervisory scrutiny, delayed approval for future business changes, restrictions on product expansion, loss of partner confidence and potential enforcement action. Once a payment account is used to facilitate suspicious fund movement, the issue is no longer just an onboarding weakness; it becomes a governance and control failure.
How We Can Help
At Alpadis (Singapore) Pte. Ltd., we help payment service providers review whether their account issuance model is properly supported by the right licence scope, compliance framework and operational controls.
Our support includes regulatory scoping of account features, review of onboarding controls, CDD and enhanced due diligence (EDD) framework assessment, customer risk-rating methodology, sanctions screening review, transaction monitoring design, internal suspicious transaction report (STR) escalation procedures, account restriction and closure controls, and preparation for MAS inspections or regulatory queries.
We also help licensees translate regulatory requirements into practical operating procedures, so that compliance is embedded into the way the account is opened, used, monitored and maintained.
For more information on our compliance services and capabilities, please contact us directly at
