Fintech 2025

Last Updated March 25, 2025

Singapore

Law and Practice

Authors



KGP Legal LLC is a Singapore-licensed corporate and commercial law firm with an international focus. It is a member firm of the InterAsia Law Alliance, a network of independent liaison law firms across the region. In addition, KGP Legal LLC has formed a strategic partnership with OA Legal, a Swiss-based law firm, to provide enhanced cross-border legal services. KGP Legal LLC provides seamless corporate and commercial assistance in Singapore, as well as in Hong Kong, China, Japan and Switzerland through its partners. It is committed to delivering high-quality, cost-effective legal solutions tailored to the specific needs of its clients. The firm has moved away from hourly billing and “open-ended” fee structure arrangements towards providing clients with fixed-fee arrangements that are predictable and transparent. It is relied upon by clients to provide solutions to complex problems and to safeguard and advance their interests.

Evolution of the Fintech Market in Singapore (2024)

In 2024, Singapore’s fintech sector saw significant progress in real-time payment networks, AI-driven solutions, and tokenised assets. Cross-border payment systems expanded with Project Nexus, connecting Singapore with Thailand, Indonesia and Malaysia, facilitating seamless transactions across ASEAN. Generative AI was widely adopted by firms like OCBC Bank and StashAway to enhance customer service and investment management. Tokenised asset platforms, such as Marketnode, enabled efficient trading of digital bonds, while Grab advanced embedded finance by offering microloans and insurance through GrabPay. Green fintech initiatives, led by platforms like GreenArc Capital and the MAS Finance for Net Zero Action Plan, focused on sustainability and ESG compliance.

Key Issues Impacting the Fintech Market in 2025

  • Cybersecurity risks – increased cross-border transactions and AI-driven platforms are raising the threat of fraud and scams, requiring advanced security measures.
  • Regulatory challenges – rapid growth in digital currencies, AI and CBDCs necessitates clearer regulations, especially for AML compliance, data privacy and global jurisdictional co-ordination.
  • Talent and skills gap – high demand for expertise in AI, blockchain and cybersecurity is outpacing supply, threatening innovation.
  • ESG compliance – standardising ESG metrics and meeting cross-border compliance remain barriers to adopting green fintech solutions.
  • Operational resilience – the interconnectedness of fintech platforms increases systemic risks, necessitating robust contingency plans and scalable AI solutions.

Singapore’s fintech ecosystem in 2025 encompasses diverse business models catering to different segments of the financial industry. Both new entrants and legacy players continue to innovate, leveraging advanced technology and regulatory support. The predominant verticals include the following.

Digital Payments and Remittances

Digital payment platforms dominate Singapore’s fintech landscape, with both established players like PayNow and GrabPay and newer entrants offering seamless, real-time payment solutions. Cross-border payment systems, such as those facilitated by Project Nexus, address the growing need for efficient regional remittances, targeting SMEs and consumers across ASEAN.

Digital Lending and Alternative Financing

Platforms like Funding Societies and Validus focus on providing SMEs with alternative financing options, including peer-to-peer lending and invoice financing. Embedded finance solutions offered by Grab and Shopee integrate credit and microloan services directly into their ecosystems.

WealthTech and Robo-Advisers

Wealth management platforms, including StashAway and Endowus, lead in democratising access to investment opportunities. These platforms offer personalised financial planning and portfolio management using AI-driven tools, making them appealing to retail and mass-affluent investors.

InsurTech

Insurance-focused fintechs like Singlife with Aviva leverage AI and big data to provide affordable, customisable policies. Embedded insurance solutions integrated into e-commerce platforms and ride-hailing apps are also gaining traction.

Crypto and Digital Assets

Singapore remains a hub for cryptocurrency and blockchain-based businesses. Established players like Crypto.com and new platforms continue to offer services such as digital asset trading, tokenised securities and custody solutions. MAS’s regulatory framework ensures market stability while fostering innovation in decentralised finance (DeFi).

Regtech

Regulatory technology solutions have gained importance, helping financial institutions automate compliance processes. Companies like Tookitaki offer AI-powered solutions for anti-money laundering (AML) and risk management, addressing stricter regulatory requirements.

Green and ESG Fintech

Sustainability-focused fintechs, such as GreenArc Capital, support green finance by providing tools to track ESG metrics, enabling businesses and investors to meet sustainability goals.

Banking as a Service (BaaS)

BaaS platforms allow businesses to integrate banking services into their offerings. Fintechs like Nium enable non-financial companies to provide payment, credit and remittance services, creating new revenue streams.

Digital payment providers are regulated under the PSA for services like e-money issuance and cryptocurrency transactions. Licensing options include Money-Changing Licence, SPI or MPI. Providers must comply with AML/CFT rules (MAS Notice PSN02) and TRM Guidelines for cybersecurity.

Crypto exchanges are governed by the PSA for digital payment tokens and SFA for tokenised securities. Licensed as MPI or RMO, they must adhere to AML/CFT rules, investor protection measures, and MAS Notices PSN02 and PSN04.

Insurtech are regulated under the Insurance Act and FAA for licensing as insurers, intermediaries or financial advisers. They must follow MAS insurance disclosure guidelines and PDPA for data protection.

Digital lending platforms are governed by the Moneylenders Act for consumer loans and SFA for investment-based lending. They require a Capital Markets Services Licence and must meet MAS disclosure and risk management standards.

Embedded finance (BaaS) is regulated under the Banking Act and PSA. Providers must comply with MAS TRM Guidelines and outsourcing standards for cybersecurity and data protection.

Green and ESG fintech is subject to MAS Environmental Risk Management Guidelines and must align with frameworks like TCFD, report ESG data and follow PDPA when handling sensitive information.

Robo-advisers are regulated under the FAA for licensing and SFA for investment advice. They must comply with MAS TRM Guidelines and PDPA for data privacy.

Regtech firms offering compliance tools must follow MAS outsourcing guidelines, AML/CFT requirements, and PDPA for secure data handling.

Crowdfunding platforms are regulated by the SFA, requiring a Capital Markets Services Licence. They must ensure transparency and investor protection per MAS regulations.

In Singapore, industry participants in the fintech sector utilise a variety of compensation models, including transaction-based fees, subscription models, management fees and commission-based structures, depending on their service offerings.

Under the relevant regulatory frameworks, including the FAA and PSA, industry participants are required to provide clear and comprehensive disclosures to their clients. These disclosures must include specific information on the nature, amount, frequency and duration of any fees and charges associated with the services provided. This ensures transparency, helping clients fully understand the financial terms of the services they engage with, and fostering trust in the fintech ecosystem. These disclosure requirements are consistent across the various compensation models used in the sector.

In Singapore, fintech companies and banks are regulated differently due to varying business models, scale and risks. Fintechs operate under laws like the PSA, SFA, and FAA, tailored to services such as payments, lending and digital assets. Banks are governed by the BA with stricter prudential regulations for capital, liquidity and solvency due to their systemic importance.

Fintechs face lighter licensing and capital requirements, often needing SPI or MPI licences under the PSA, while banks comply with Basel III capital adequacy rules. Fintechs focus on AML, cybersecurity and data privacy with flexible frameworks, whereas banks follow stringent AML, CTF and cybersecurity standards.

Fintechs typically offer niche products like peer-to-peer lending or robo-advisory, while banks provide a broader range of services subject to stricter regulations. Fintechs can test innovative products through MAS’s regulatory sandbox with relaxed requirements, unlike banks, which must adhere to full regulatory compliance.

Singapore’s Regulatory Sandbox

Singapore has a regulatory sandbox, which is operated by the MAS, known as the MAS FinTech Regulatory Sandbox. This framework provides a controlled environment for testing innovative financial products, services and business models. This allows nascent fintech endeavours space to develop within a supervised environment.

How the Sandbox Works

Under the regulatory sandbox, companies, including start-ups and existing financial institutions, can apply to test their innovations in a live production environment. During this testing phase, certain regulatory requirements may be relaxed to facilitate experimentation, while still ensuring consumer protection and financial stability. Examples of legal and regulatory requirements that MAS is prepared to consider relaxing for the duration of the sandbox include, but are not limited to: (i) asset maintenance requirements; (ii) fund solvency; (iii) capital adequacy requirements; (iv) board composition; and (v) financial soundness.

Who May Apply

The sandbox is open to a wide range of entities involved in the financial sector, including fintech start-ups, established financial institutions, technology companies and other innovators. MAS assesses each application based on its merits, considering factors such as the potential benefits to consumers, the novelty of the innovation and the applicant’s ability to manage associated risks effectively.

Approach to Regulation of Sandbox Companies

MAS maintains oversight throughout the testing phase to monitor the progress of sandbox participants and assess any risks that may arise. While certain regulatory requirements may be relaxed during the sandbox period, MAS ensures that adequate safeguards are in place to protect consumers and the integrity of the financial system. At the end of the testing period, MAS conducts a review to determine whether to grant regulatory approval for the innovation to be deployed on a broader scale, subject to any necessary adjustments or conditions. This approach allows for innovation to flourish while maintaining regulatory standards and safeguarding the interests of all stakeholders.

In Singapore, the regulation of the fintech industry is managed by several key agencies, each overseeing different aspects of the sector, for instance:

  • MAS – regulates fintech activities like payments, digital banking and cryptocurrencies under laws such as the PSA and SFA, and runs the FinTech Regulatory Sandbox for innovation and testing;
  • ACRA – oversees business registration and compliance with the Companies Act, ensuring corporate governance and accurate financial reporting for fintech companies;
  • CCCS – enforces competition and consumer protection laws to prevent anti-competitive practices and safeguard fair trade in the fintech space;
  • PDPC – regulates personal data under the PDPA, ensuring fintech companies comply with data protection and consumer privacy standards;
  • SGX – oversees securities and tokenised asset trading, enforcing transparency and investor protection in capital markets; and
  • IMDA – regulates digital infrastructure and emerging technologies like blockchain, ensuring compliance with cybersecurity and technology standards for secure operations.

MAS does issues “no-action” letters, particularly in the context of the FinTech Regulatory Sandbox, allowing companies to test innovative products without enforcement action for certain regulatory breaches, provided they meet specific conditions. However, the SGX does not typically issue “no-action” letters but may grant exemptions or relief from certain listing requirements on a case-by-case basis.

In Singapore, the MAS has issued comprehensive guidelines on outsourcing for financial institutions. These guidelines mandate that institutions rigorously evaluate vendors to ensure they can uphold a high standard of care, performing services with the same level of diligence as if conducted by the institution itself. Vendors must adhere to the institution’s obligations as a regulated entity, encompassing stringent requirements related to data protection, confidentiality and regulatory compliance.

When entering into outsourcing agreements, industry participants are obligated to precisely delineate the obligations, responsibilities and expectations of both parties involved in the outsourcing arrangement. Moreover, these agreements must grant institutions the authority to intervene if necessary to meet their legal and regulatory obligations.

In practice, opting for outsourcing to a regulated entity is generally considered preferable. This choice enhances the vendor’s familiarity with the regulatory requirements incumbent upon the institution, as they are likely subject to analogous obligations. Consequently, outsourcing to a regulated entity increases the likelihood of seamless regulatory compliance within the terms of the outsourcing agreement.

Fintech providers in Singapore are regulated by MAS and act as “gatekeepers”, bearing significant responsibility for platform activities. They must comply with AML/CFT guidelines, implementing customer due diligence (CDD), Know Your Customer (KYC), and Enhanced Due Diligence (EDD) where necessary. Providers must also adhere to PDPA for handling personal data and report suspicious activities to the Suspicious Transaction Reporting Office.

Additionally, fintech providers must follow MAS Technology Risk Management Guidelines, ensuring effective risk management practices to address technological risks.

While enforcement actions for operating regulated payment services without a licence under the PSA have occurred, regulators in Singapore have yet to undertake significant enforcement actions in other key verticals, such as cryptocurrency, wealthtech, and insurtech. However, MAS has been proactive in monitoring the developments within the fintech space. The MAS Fintech & Innovation Group (FTIG) plays a crucial role in evaluating emerging fintech innovations and ensuring compliance with regulatory requirements, offering a platform for consultation and feedback. In recent years, regulators have addressed issues such as AML non-compliance and miss-selling of robo-advisory services. As the fintech landscape continues to grow in complexity, regulators are likely to enhance their oversight, responding swiftly to breaches and evolving market dynamics to safeguard consumer interests, maintain financial stability, and align with global regulatory standards. The proactive stance of MAS signals that enforcement actions will intensify, particularly as new technologies and business models become more prevalent.

In Singapore, fintech industry participants are governed by several non-financial services regulations, including those on privacy, cybersecurity, social media content and AI, with some key differences compared to legacy players.

Privacy and Data Protection

Fintech companies, like traditional financial institutions, must comply with the PDPA. However, due to the data-intensive nature of fintech, they face additional scrutiny on data protection practices to safeguard sensitive customer information.

Cybersecurity

Under the Cybersecurity Act 2018, both fintech and legacy financial institutions must protect critical information infrastructure. However, fintechs, especially those using blockchain and cryptocurrency platforms, face unique cybersecurity risks, requiring compliance with MAS Technology Risk Management Guidelines to ensure robust protection against cyber threats.

Artificial Intelligence and Software Development

Fintechs leveraging AI and Machine Learning (ML) for services like robo-advisory and fraud detection must adhere to MAS guidelines, particularly those outlined in the 2022 Information Paper on AI fairness. While legacy players are also subject to these rules, fintech companies face closer scrutiny due to their heavy reliance on innovative technologies.

Social Media and Marketing

Fintech companies often use social media to market products and services, exposing them to risks under the Consumer Protection (Fair Trading) Act 2003. Unlike legacy institutions, fintechs may face higher regulatory challenges in avoiding misleading advertising and unfair practices.

Differences to Legacy Players

While both fintechs and traditional financial institutions must comply with similar regulations, fintechs face higher scrutiny due to their tech-driven business models. They must meet stricter standards, particularly in privacy, cybersecurity and the ethical use of AI. Fintechs also benefit from flexible regulatory approaches, like the MAS FinTech Regulatory Sandbox, allowing for more agile testing of innovations compared to legacy players.

Apart from the regulators, there are industry associations in Singapore, such as the Singapore Fintech Association, which function more as intermediaries between the fintech participants and stakeholders. The prevailing industry practices involve maintaining well-documented and transparent assessment records, with some indications pointing towards the consideration of external auditing for added assurance.

In Singapore, some entities offering regulated financial products may also engage in unregulated activities, though this practice is subject to careful scrutiny by the MAS. For example, CMS licence holders may engage in activities like trading bitcoin futures or other payment token derivatives, which are currently not regulated in the same way as traditional financial services.

These activities are often structured within the same legal entity; however, the MAS closely monitors these practices to ensure that the unregulated activities do not compromise the integrity or stability of the regulated services. Regulators have issued guidance to address the risks posed by combining regulated and unregulated services, emphasising that firms must manage potential conflicts of interest, operational risks and consumer protection issues.

With the introduction of the Financial Institutions (Miscellaneous Amendments) Bill 2024, the MAS will gain additional authority to issue directives to CMS licence holders involved in unregulated ventures. These directives will set minimum standards and safeguards to ensure that even unregulated activities do not undermine the regulated functions of these entities.

Singaporean fintech companies must comply with MAS’s robust AML and sanctions rules aligned with FATF standards. They conduct risk assessments, CDD, KYC and EDD for high-risk customers like PEPs (politically exposed persons). Regular account reviews and reporting suspicious transactions to the Commercial Affairs Department are mandatory. The Payment Services (Amendment) Act 2021 strengthens compliance with AML/CTF standards for virtual assets.

Singapore’s AML and sanctions rules align with the FATF standards. The MAS enforces regulations under the PSA, SFA and FAA, requiring customer due diligence, transaction monitoring and reporting of suspicious activities. Additionally, Singapore complies with international sanctions, including those from the United Nations and other jurisdictions. These efforts ensure that Singapore’s financial sector adheres to global AML and sanctions standards.

Singapore’s laws do allow for otherwise regulated products and services to be offered from another jurisdiction under a reverse solicitation scenario, without triggering domestic regulations.

Under the SFA and FAA, reverse solicitation permits foreign financial institutions to offer services to Singapore-based clients without being subject to local licensing requirements, provided that the services are solicited by the client, not by the provider. In such cases, the client must initiate the contact, and the foreign provider must not actively market or promote its services within Singapore.

However, the MAS emphasises that firms must still comply with relevant AML regulations. If any promotional activities occur within Singapore or if the services are marketed to the public, full compliance with licensing requirements will be triggered.

These provisions are overseen by the MAS and are similar to the EU’s MiFID II regulations for third-country entities providing services on a cross-border basis.

In the context of robo-advisers, the question of whether distinct business models are required for different asset classes revolves around the unique characteristics and risk profiles associated with each class. Asset classes, despite being often combined for diversification, frequently exhibit minimal or negative correlation. This prompts a consideration for tailored business models that align with the specific attributes of different asset classes. For example, a “hold to collect” model may be well-suited for managing current assets like trade receivables, while a “hold to collect and sell” approach may be more fitting for fixed assets such as bonds.

Robo-advisers first came to Singapore in 2018, with major banks like DBS, UOB and OCBC leading the way. By 2025, these banks have further expanded robo-advisory features, targeting less experienced individuals by offering accessible investment strategies and general financial advice. For example, DBS introduced DBS DigiPortfolio, which allows customers to invest in diversified portfolios managed by algorithms, seamlessly integrating this service with their traditional banking and wealth management services. Similarly, OCBC RoboInvest offers automated portfolio management based on risk preferences, providing easy access to other financial products like loans and savings accounts.

The integration process enables existing bank account holders to access the robo-adviser without the need for separate fund transfers, which typically take one to three working days. This streamlined approach allows customers to invest instantly from their deposit accounts, blending traditional wealth management with modern fintech solutions.

Best execution in the context of robo-advisers is a regulatory framework ensuring that financial service providers act in the best interest of their clients, optimising outcomes based on factors like price, cost and speed. However, there are challenges such as:

  • limited access to high-quality data;
  • rapid market changes during volatility;
  • technological risks, like system outages and cyber threats;
  • difficulty in analysing large volumes of data; and
  • lack of robust best execution policies.

In Singapore, robo-advisers like DBS DigiPortfolio and OCBC RoboInvest must ensure favourable execution for client trades, balancing automation with the duty to achieve best prices. These platforms rely on algorithms, which must prioritise factors like price and cost, while adhering to the FAA. Technological risks and data volume also add complexity, requiring careful monitoring and transparency to meet regulatory standards.

In Singapore, a person who does not lend money to individuals or who lends solely to accredited investors will be an excluded moneylender under the Moneylenders Act 2008, who would not be required to obtain a licence or an exemption for carrying on the business of moneylending in Singapore.

Each financial institution adheres to its unique underwriting process, although there is a general conformity to a standardised framework and strategy within the industry itself. Participants in the financial sector engage in a meticulous credit evaluation procedure, wherein they analyse their specific target customers, using risk assessment criteria which they create internally. This process consists of evaluating their customers against their own standards of pricing, collateral, facility structures, covenants and conditions. Furthermore, these institutions will review their predictions of a customer’s financial growth and assumptions on the future of the industry to support their credit evaluation process.

It is to be noted that there is no specific regulation stipulating these processes. However, MAS proactively ensures regulatory oversight through thematic inspections on various banks. These inspections serve to assess the institutions’ standards and practices, identifying areas for improvement and upholding the integrity of the overall underwriting processes.

In Singapore, there are several sources of fiat currency funds for loans, each governed by strict regulations from the MAS.

P2P Lending

Platforms raising funds from individual or institutional investors must comply with the SFA if loans are structured as debt securities, and the Moneylenders Act 2008 for personal loans. They must also obtain a licence under the PSA and follow AML/CFT regulations.

Lender-Raised Capital

If funds are raised through issuing shares or bonds, they are subject to the SFA for disclosure and licensing. Lenders may need a CMS licence from MAS, depending on their lending activity.

Taking Deposits

Financial institutions accepting public deposits must be licensed under the Banking Act 1970 and are supervised by MAS. They are also subject to deposit protection under the Deposit Insurance Act 2005.

Securitisation

This involves pooling assets into marketable securities. It is regulated under the SFA, with strict disclosure, AML/KYC, and tax compliance requirements.

Each of these sources requires compliance with MAS regulations, AML/CFT laws, and consumer protection measures to ensure financial stability and legal compliance.

Syndication of fiat currency loans does take place in Singapore, particularly in the context of corporate financing and government bonds. A notable example of the syndication process is that of SGS bonds. They are conducted through a series of events:

  • annually, a calendar outlines upcoming syndicated issuances of SGS bonds for the upcoming year;
  • a week before pricing day, banks are appointed as “Bookrunners” by MAS for bond distribution;
  • on pricing day, MAS launches the syndicated issuance, with Bookrunners offering bonds to institutional investors through a book-building process. Pricing details are published on the MAS website by the end of the day;
  • Public Offer opens one business day after pricing, lasting a determined period. MAS can adjust the aggregate principal amount of bonds during this time;
  • one to two business days post Public Offer closure, MAS publishes syndication results, detailing applications, allotted amounts, and an overview of allocations for Placement Tranche and Public Offer; and
  • bonds are then issued to individual and institutional investors, including those outside Singapore.

Syndicated lending is regulated by MAS. Comprehensive regulations can be found on the MAS website and banks need to follow these requirements to obtain a licence from MAS to carry out syndication of loans.

Payment services, including processing, are regulated by the MAS under the PSA. Payment services are categorised by PSA, but it is the providing of the payment service that is regulated, and not the creation or implementation of new payment rails.

Cross-border payments are regulated by the MAS under the PSA. Cross-border payment services in Singapore must be licensed by MAS to ensure that service providers meet legal requirements, implement robust AML/CTFT measures, carry out transaction monitoring, and meet regulatory standards on practices such as risk management. Additionally, the PSA is aimed at protecting consumers engaging in cross-border transactions. Thus, service providers must inform consumers of related fees, exchange rates, and terms and conditions in a clear manner.

There are various types of marketplaces and trading platforms that are permissible in Singapore. MAS oversees these platforms to ensure market integrity, investor protection and regulatory compliance across the financial ecosystem.

Traditional Stock Exchanges

  • Example – SGX.
  • Regulatory regime – traditional stock exchanges are regulated by the MAS and must adhere to the SFA and the rules and regulations set forth by MAS and SGX. These regulations govern aspects such as listing requirements, trading rules, market conduct and investor protection.

Multilateral Trading Facilities (MTFs)

  • Example – SGX Bond Pro.
  • Regulatory regime – MTFs are alternative trading venues that facilitate the trading of securities outside of traditional stock exchanges. They are subject to regulations similar to traditional stock exchanges, including compliance with the SFA and MAS regulations. However, MTFs may have slightly different listing requirements and trading rules tailored to their specific market segments.

Peer-to-Peer (P2P) Trading Platforms

  • Example – Funding Societies.
  • Regulatory regime – P2P trading platforms facilitate direct transactions between buyers and sellers without the involvement of traditional intermediaries. They are regulated by MAS under the SFA if they offer securities and FAA if they provide financial advice. MAS imposes licensing requirements, conduct standards and disclosure obligations on P2P trading platforms to safeguard investor interests, ensure market integrity, and mitigate risks associated with peer-to-peer lending.

Digital Asset Exchanges

  • Examples – Gemini, Coinhako, Kraken.
  • Regulatory regime – cryptocurrency exchanges facilitate the trading of digital assets such as Bitcoin and Ethereum. They are regulated by MAS under the PSA if they facilitate the exchange of digital payment tokens. Such cryptocurrency exchanges are required to obtain a licence from MAS to operate legally in Singapore. The PSA imposes stringent requirements on regulated cryptocurrency exchanges, including AML/CTF measures, customer due diligence, and cybersecurity standards.

In Singapore, different asset classes are regulated under the MAS framework, which includes AML/CFT rules to ensure financial system integrity.

Asset classes are subject to tailored regulatory regimes. Capital markets products, such as shares and debentures, are regulated under the SFA, depending on the activity and applicable exemptions. Digital payment tokens (cryptocurrencies) and e-money are regulated under the PSA, depending on the activity conducted.

Key differences include:

  • cryptocurrencies are primarily governed by the PSA, focusing on payment services and AML/CFT compliance; and
  • security tokens are treated as securities and regulated under the SFA, with stricter investor protection and disclosure requirements.

Regulatory Response to Cryptocurrency Exchanges

The emergence of cryptocurrency exchanges, both centralised and decentralised, has prompted Singaporean regulators to adopt comprehensive frameworks, including the extension of AML/CFT regulations. Cryptocurrency exchanges may be regulated under the PSA, which requires them to obtain a licence if they facilitate the exchange of digital payment tokens. These exchanges must comply with stringent requirements, including submitting Suspicious Activity Reports (SARs) to the MAS and implementing strict CDD procedures. This regulatory approach reflects Singapore’s commitment to innovation while combating financial crimes, marking a significant advancement in response to the growing cryptocurrency market.

Balancing Innovation and Security

Singapore aims to balance promoting innovation in the cryptocurrency sector with maintaining the integrity and security of the financial system. The PSA underscores the importance of transparency, accountability and regulatory co-operation, which strengthens the resilience of Singapore’s cryptocurrency ecosystem. This regulatory framework applies equally to centralised exchanges, which operate through a central authority, and decentralised exchanges, where trading occurs directly between users without an intermediary. By enforcing these robust requirements, Singapore preserves its position as a leading global financial hub while addressing the risks associated with rapidly evolving digital assets and platforms.

Listing standards in Singapore are overseen by the SGX and are divided into Mainboard and Catalist, each with distinct requirements for different types of companies.

Mainboard

For Mainboard, companies must meet stricter financial thresholds and governance standards. The key requirements include the following.

  • Profitability – a company must demonstrate a minimum consolidated pre-tax profit of at least SGD30 million for the latest financial year with an operating track record of at least three years.
  • Market capitalisation – alternatively, a company can be profitable in the latest financial year and have a market capitalisation of at least SGD150 million, also with at least three years of operating track record.
  • Revenue – if not meeting profitability thresholds, the company must have operating revenue in the latest financial year and a market capitalisation of at least SGD300 million.

Catalist

For Catalist, the standards are more flexible, focusing primarily on corporate governance without imposing strict quantitative thresholds. However, companies must still adhere to governance standards that ensure transparency and accountability.

Global Financial Industry

Globally, financial markets broadly agree on key listing standards that align with the regulatory frameworks of exchanges around the world. These standards typically include the following.

  • Financial performance – demonstrating profitability and strong financial health.
  • Corporate governance – adhering to strong governance frameworks that promote accountability.
  • Listing fees – ensuring that the costs associated with listing align with the company’s scale and market standing.
  • Liquidity of shares – companies must have sufficient share liquidity to ensure ease of trading.
  • Size of firm – the size is generally determined through income levels and market capitalisation, ensuring that only companies of sufficient scale can list on prominent exchanges.

Additional Standards

  • ESG disclosures – companies are increasingly expected to disclose ESG factors in line with global reporting frameworks, reflecting the growing importance of sustainability in listing decisions.
  • Transparency and fairness – in line with global best practices, the SGX prioritises fairness and transparency in the listing process, ensuring that potential investors have access to sufficient information before investing.

In Singapore, the MAS requires marketplaces and trading platforms to implement best execution procedures, ensuring optimal outcomes for client orders based on factors like speed, price and execution likelihood. Capital markets intermediaries must monitor compliance and disclose their best execution practices to clients, ensuring transparency and informed decision-making. These rules aim to ensure fair trading practices and protect market integrity.

Impact on Traditional Players

The rise of peer-to-peer trading platforms increases competition for traditional banks and financial institutions. With features like payment versatility and global transfers, these platforms attract consumers seeking convenience and financial inclusion. This trend risks market share loss for traditional players, pushing them to innovate and adapt to new consumer preferences and technological advancements. P2P platforms reduce transaction costs and offer faster services, challenging banks’ lending and investment advisory roles.

Impact on Fintech Players

P2P platforms drive fintech innovation by simplifying borrowing processes, lowering interest rates and improving access to funds. This creates opportunities for fintechs to expand their market reach and enhance service efficiency. However, they face challenges in navigating regulatory frameworks, including licensing under the PSA and compliance with AML/CFT regulations.

Regulatory Challenges

P2P trading platforms pose regulatory challenges concerning consumer protection, data privacy and market integrity. Regulators must address issues like fraud prevention, adequate disclosure and personal data protection under the PDPA. Ensuring market integrity and preventing manipulation, as outlined in the SFA, is essential. Regulatory oversight must also address cybersecurity risks and enforce due diligence, record-keeping and AML/CFT compliance.

Balancing innovation and regulatory compliance is crucial for a secure and thriving P2P trading ecosystem.

Rules

Effective from 1 April 2023, the MAS has instituted a firm regulatory stance against the practice of Payment for Order Flow (PFOF). As outlined in the Guidelines to Notice SFA 04-N16 on Execution of Customers’ Orders, the MAS explicitly prohibits brokers from receiving any form of payment or inducement in exchange for routing customer orders to specific market makers or trading venues. This prohibition is driven by concerns over potential conflicts of interest, where brokers might be incentivised to prioritise venues based on the compensation received, rather than considering the best interests of their clients.

Impact

The regulatory ban on PFOF is strategically crafted to preserve the integrity of Singapore’s financial markets and reinforce the duty of brokers to achieve best execution for their clients. Under the MAS’s framework, brokers are required to act in a manner that prioritises the most favourable outcomes for clients securing the best possible price, speed and execution quality for their orders.

Historically, PFOF practices have raised concerns about market fairness, as brokers may have been inclined to direct orders to trading venues offering the highest payment, potentially at the expense of achieving the best execution for clients. By eliminating this practice, the MAS aims to prevent external incentives from distorting brokers’ decision-making processes, ensuring that client interests remain paramount.

This regulatory measure underscores the MAS’s broader commitment to ensuring transparency, fairness and investor protection within the financial markets. It aligns with Singapore’s reputation as a secure, transparent and trustworthy financial hub that is keen on adapting to global trends while maintaining the highest standards of market integrity.

For context, PFOF is a prevalent practice in other jurisdictions, particularly in the US, where platforms like Robinhood have faced scrutiny over similar concerns. While PFOF may be permitted in certain markets, the stringent stance adopted by Singapore sets a benchmark for prioritising client welfare and maintaining market confidence, further distinguishing Singapore’s financial regulatory landscape.

Market Integrity

The basic principles governing trading to maintain market integrity are outlined in the SFA, which mandates that markets be fair, orderly and transparent. A fair market ensures proper trading practices and provides non-discriminatory access to market facilities and information, fostering an equitable environment for all participants. An orderly market is characterised by robust procedures and systems that facilitate organised transactions while minimising the risk of market failure. Transparency in trading, including the real-time availability of pre-trade and post-trade information, is crucial for maintaining market integrity.

Moreover, regulatory measures have been implemented to address emerging challenges, such as those in the digital payment token (DPT) services sector. Following a consultation paper released by MAS on proposed measures for Market Integrity for DPT services, regulatory measures for digital payment token services were introduced. These measures aim to uphold market integrity in the evolving digital landscape, aligning with the fundamental principles of fairness, orderliness and transparency outlined in the SFA.

Market Abuse

Market abuse and misconduct, defined as violations of the SFA, encompass practices such as insider trading, false trading and breaches of corporate disclosure requirements. To combat such misconduct, the MAS and SGX have jointly published a trade surveillance practice guide, assisting brokers in implementing effective monitoring practices.

SGX RegCo published the Algorithmic Trading Regulatory Guide in 2020 that recommends best practices in governance, risk controls, development process and testing process for SGX member firms that use algorithms for trading in Singapore markets.

In 2023, SGX RegCo published a consultation paper regarding proposed changes to its Futures Trading Rules to formalise important parts of the Algorithmic Trading Regulatory Guide in relation to the requirements for automated trading. There are currently no differentiated regulatory regimes for different asset classes.

When a firm acts in a principal capacity, it may apply to The Singapore Exchange Securities Trading Limited (SGX-ST) in order to become a Designated Market-Maker.

In Singapore, the MAS establishes regulatory distinctions between funds and dealers engaged in high-frequency trading and algorithmic trading. Funds are primarily regulated under the SFA and FAA, focusing on investor protection and disclosure. Licensing requirements may necessitate funds to apply for a CMS licence for fund management. These funds operate within a broader investment context, aiming to generate returns for investors through optimised trading decisions.

Firms that operate as dealers function as market makers, providing bid and ask quote on securities, and profit from their spread. Dealers participating in high-frequency trading and algorithmic trading are also regulated under the SFA and may require a CMS licence, emphasising market integrity and fair-trading practices.

Both entities must adhere to MAS regulations, ensuring compliance with risk management, reporting and supervisory requirements. While there are regulatory similarities, funds and dealers have distinct roles and objectives within Singapore’s financial framework.

Programmers and software developers of trading algorithms are highly recommended to apply the MAS Technology Risk Management Guidelines’ secure coding and application security standards during the development and creation of trading algorithms and other electronic trading tools.

These standards emphasise practices such as:

  • secure programming;
  • cryptography;
  • authentication;
  • input validation;
  • output encoding; and 
  • access controls.

While these guidelines are primarily applicable to financial institutions regulated by MAS, and not directly to the programmers and developers, they are essential in ensuring that the technology used by financial institutions complies with regulatory expectations. The guidelines help mitigate the risks of security breaches, which could affect market integrity, customer data protection and overall financial stability.

Additionally, the development and deployment of trading algorithms are indirectly regulated under the broader legal framework governing financial activities in Singapore. The SFA, along with MAS regulations on high-frequency and algorithmic trading, require that firms using these algorithms implement robust risk controls and monitoring systems. As a result, while programmers themselves are not directly regulated, the algorithms and tools they create must meet strict operational, legal and security standards, which are enforced by MAS on the firms deploying these technologies.

Therefore, programmers play a crucial role in ensuring that their algorithms adhere to these risk management, compliance and security standards to help financial institutions meet regulatory requirements and maintain market integrity.

Singapore’s prominence in the insurtech domain stems from dynamic start-ups and services cultivated within regulatory sandboxes. In underwriting, firms harness cutting-edge technologies such as big data, machine learning, AI and IoT to revolutionise decision-making processes. This tech-centric paradigm optimises risk assessment and enhances pricing precision, ultimately streamlining efficiency. This transformation facilitates a specialised underwriting pipeline, introducing tailored offerings and enabling dynamic premium adjustments. The emergence of usage-based insurance models further directs attention to individual lifestyles and risk factors, departing from traditional metrics like age and location.

Despite the absence of specific insurtech legislation, life insurance entities operate under the IA. Broader regulatory obligations extend to data privacy, big data usage and AI ethics. Compliance with the PDPA is imperative, mandating participant consent, purpose-specific data usage, and timely deletion when retention serves no functional purpose.

In Singapore, the regulatory treatment of different types of insurance is overseen by the MAS. MAS applies specific regulations and guidelines tailored to each category of insurer to ensure compliance with industry standards and the overall stability of the insurance market.

Life Insurance

Regulators

Life insurance is subject to specific regulations from MAS that address policyholder protection, solvency requirements and the unique features of life policies and long-term accident/health policies.

Industry participants

Life insurers focus on developing products that cater to long-term financial planning, retirement and protection needs. Underwriting processes emphasise health assessments and mortality risk evaluations.

Annuities

Regulators

Annuities are regulated to ensure the fair treatment of annuitants, with MAS guidelines addressing the unique characteristics of annuity products, including payout structures and guarantees.

Industry participants

Insurers offering annuities design products that provide periodic payments to policyholders, emphasising the stability of income in retirement. Underwriting may consider factors specific to annuitants’ financial situations.

Property and Casualty Insurance

Regulators

Property and casualty insurance is subject to regulations that manage risks associated with property damage, liability and other perils. MAS oversees compliance with guidelines tailored to the dynamic nature of this insurance category.

Industry participants

Insurers in this category offer diverse products, including home, auto and business insurance. Underwriting practices focus on assessing property-specific risks, such as location, construction and occupancy.

Captive Insurance

Regulators

Captive insurers, writing insurance principally for risks related to their associated corporations, have specific licensing requirements and regulatory oversight from MAS.

Industry participants

Captive insurers often tailor coverage to meet the unique risk profiles of their parent companies, allowing for flexibility in policy terms and conditions.

Regtech providers specialise in providing technology-based solutions that help financial institutions comply with regulations. Although the MAS has launched several schemes to promote regtech in the country, such as the Regtech Grant and the Digital Acceleration Grant schemes, these providers are not regulated in Singapore.

Provisions are dictated by both industry custom and regulation.

Industry Custom

In Singapore, contractual agreements between financial services firms and technology providers are meticulously crafted to ensure optimal performance, data accuracy and compliance with the regulatory framework set by MAS. From an industry custom standpoint, financial services firms may choose to impose contractual terms similar to those in a Quality Assurance Contract or Service Level Agreements. Provisions regarding intellectual property rights, regulatory compliance and audit and monitoring rights are tailored to Singapore’s legal and regulatory landscape, ensuring that financial institutions maintain control, adhere to regulatory standards and uphold data integrity. Dispute resolution clauses can also be included, to align with the industry custom of Singapore’s robust legal framework.

Regulation

Contractual terms can also explicitly address data accuracy – to comply with PDPA. Security measures are also a focal point, with robust cybersecurity practices to safeguard sensitive financial data, required under MAS’ Technology Risk Management guidelines for financial institutions. Financial institutions must adhere to the MAS Guidelines on Outsourcing in implementing adequate risk management practices.

Traditional players in Singapore’s financial services sector are actively embracing blockchain technology to modernise and streamline operations. Some institutions have already implemented blockchain solutions for cross-border payments, trade finance and digital identity verification, aiming to enhance efficiency and reduce costs. Collaborations between traditional financial players and blockchain start-ups are also on the rise, fostering joint ventures and consortia focused on developing innovative blockchain applications tailored to Singapore’s financial landscape. These partnerships underscore a collective effort to leverage blockchain’s potential for transformative change in the industry.

For example, MAS has partnered with participants in the industry to conduct a collaborative project, “Project Ubin”, to explore the use of blockchain and distributed ledger technology for the clearing and settlement of payments and securities. The payments network prototype that was developed through this project would facilitate the development of a cross-border payments infrastructure, as well as customer applications.

Consultation Papers and Amendments

MAS actively engages stakeholders through consultation papers to refine regulations on blockchain and digital token activities. A notable example is the 2023 consultation on amendments to the Payment Services Regulations 2019, proposing safeguards like statutory trusts for customer assets and restrictions on retail token lending and staking. By 2025, MAS expanded these measures to cover more complex blockchain applications, ensuring consumer protection and market stability.

Expansion of Regulatory Scope and Collaborative Initiatives

Under the Financial Services and Markets Act 2022, MAS targets overseas digital token providers servicing Singapore to mitigate cross-border risks. Enhanced AML/CFT measures and stricter compliance requirements reflect MAS’ proactive regulatory stance. Collaborative efforts through the Singapore Blockchain Innovation Programme (SBIP) now focus on interoperability, DeFi governance and sustainable blockchain development. These initiatives reinforce Singapore’s position as a blockchain innovation hub while safeguarding market integrity and consumer trust.

In Singapore, the regulation of blockchain assets depends on their characteristics, with MAS applying different frameworks to each type.

Digital Payment Tokens (DPTs)

Cryptocurrencies like Bitcoin and Ethereum are regulated under the PSA. Entities providing DPT services, such as exchanges, must obtain licenses and comply with AML and customer protection rules.

Securities Tokens

Tokens representing ownership in assets like stocks or bonds are regulated under the SFA. Issuers must meet prospectus requirements and intermediaries require capital markets services licences.

Utility Tokens

Utility tokens providing access to products or services are generally not regulated unless they resemble financial instruments. However, issuers must comply with consumer protection laws.

In Singapore, the regulation of issuers of blockchain assets, including cryptocurrencies, is primarily governed by the PSA and SFA. Entities engaging in the issuance of DPTs or e-money for payment transactions must obtain a licence from the MAS and adhere to stringent anti-money laundering AML/CFT measures to mitigate associated risks. Additionally, issuers of securities tokens, representing ownership in traditional assets like stocks or bonds, are regulated under the SFA.

For securities tokens, issuers must prepare and lodge a prospectus with MAS before offering them to the public, disclosing comprehensive information about the issuer, the tokens and associated risks. However, certain exemptions from prospectus requirements may apply, subject to specific conditions.

In Singapore, blockchain asset trading platforms and secondary market trading are regulated by the MAS under the SFA and PSA. Digital asset exchanges must comply with AML/CTF regulations, CDD procedures and cybersecurity standards. Intermediaries in secondary market trading, such as brokers and advisers, must hold MAS licences and meet disclosure, market conduct and investor protection requirements. Peer-to-peer trading platforms also need to adhere to AML/CFT regulations and MAS guidelines to prevent financial crime and fraud.

Staking services for cryptocurrencies are regulated under the PSA and, in some cases, the SFA. Providers offering DPT services must be licensed under the PSA and comply with AML/CFT rules.

Recent PSA amendments require customer funds to be held in statutory trusts and limit staking services for retail customers. If staking arrangements resemble investment contracts, they may fall under the SFA, requiring a Capital Markets Services Licence.

These regulations aim to protect investors and ensure transparency while supporting innovation.

Cryptocurrency lending services in Singapore are regulated under the PSA and potentially the SFA.

Under the PSA, entities must obtain a licence and comply with AML/CFT regulations. Recent amendments also require safeguarding customer assets and restrict lending services to retail customers. If the lending involves securities or derivatives, the SFA applies, requiring compliance with licensing and disclosure obligations. These regulations aim to protect investors and maintain market integrity.

In Singapore, cryptocurrency derivatives are regulated under the SFA. Providers must comply with licensing, reporting and risk management requirements. For example, the SGX and CME Group offer regulated Bitcoin futures contracts, allowing investors to speculate on Bitcoin’s price without owning it. These contracts are subject to MAS regulations, ensuring market integrity and investor protection.

In Singapore, DeFi platforms may be regulated under the PSA and SFA, depending on their activities. If they offer digital payment token services or e-money issuance, they may need an SPI or MPI licence. If the platform deals with capital markets products, it must comply with the SFA and may require a Capital Markets Services Licence. Even without intermediaries, DeFi platforms are subject to the same regulations as traditional ones if they engage in regulated activities like trading security tokens or providing financial services. This ensures investor protection, financial integrity, and market stability.

Funds investing in blockchain assets in Singapore are regulated under the SFA as collective investment schemes (CIS). Fund managers must obtain a CMS licence from MAS and comply with disclosure, transparency, valuation, custody and AML/CFT regulations. These requirements ensure investor protection, market stability and effective risk management for funds investing in blockchain assets.

In Singapore, virtual currencies and blockchain assets are regulated differently based on their characteristics and use cases. Virtual currencies like bitcoin and ethereum are primarily used for transactions and are regulated under the PSA as digital payment tokens. Providers of related services, such as exchanges, must be licensed under the PSA to ensure consumer protection and payment system integrity.

Blockchain assets, including security tokens representing real-world assets like stocks or bonds, are regulated under the SFA as capital market products. These tokens must comply with traditional securities regulations, including disclosure and registration, to protect investors. Utility tokens and NFTs, unless they have investment functions or are part of an investment scheme, are generally not regulated by the PSA or SFA.

This distinction reflects Singapore’s approach to ensuring a secure, transparent financial environment while adapting to the evolving digital asset landscape.

NFTs and NFT platforms in Singapore may fall under the fintech regulatory perimeter depending on their characteristics. NFTs representing ownership of valuable assets, like tokenised real estate, could be considered financial products under the SFA and require a CMS Licence. Platforms that facilitate payment services, such as cryptocurrency or fiat transactions, may be subject to the PSA and must comply with AML/CFT regulations.

Concerns about investor protection and market integrity may lead to regulatory intervention, especially for platforms that market NFTs as investment products. Examples include RealT (tokenising real estate) and Play-to-Earn NFT games, which could trigger PSA or SFA compliance. However, collectible NFTs for personal enjoyment, without financial features, may not fall under regulation unless they involve financial transactions or asset trading.

Open banking is a system where several banks use a common third-party system for the relaying of information to its customers. The regulations in Singapore support open banking – with the MAS collaborating with the Association of Banks in Singapore to construct non-binding guidelines on developing and adopting open API-based systems, which are crucial for open banking. Moreover, MAS is seen showing active support for Singapore’s transition to open banking by developing APIX, the world’s first cross-border platform for further collaboration within ASEAN itself.

In Singapore, the rising prominence of open banking has prompted banks and technology providers to prioritise robust measures for data privacy and security. Guided by MAS regulations, these entities are implementing advanced technologies like encryption and multi-factor authentication to fortify access controls and protect sensitive information during the transmission and storage phases. Privacy-enhancing systems such as pseudonymisation, anonymisation and data minimisation are also being widely adopted to mitigate risks associated with data breaches, aligning with global principles and local regulations such as PDPA.

Moreover, a collaborative industry approach involves regular information sharing, cybersecurity forums and joint initiatives, fostering a collective defence against evolving cyber threats. Continuous investments in cybersecurity infrastructure, employee training and periodic security audits underline the commitment of Singaporean banks and technology providers to secure customer data and maintain the integrity of the open banking ecosystem

Fraud in Singapore

There are two main categories of fraud in Singapore:

  • fraud in criminal proceedings; and
  • fraud in civil proceedings,

of which both involve and require the elements and proof of dishonesty/deceit.

Fraud in Relation to Financial Services and Fintech

Generally, fraud that occurs in relation to financial services and fintech will often fall under the category of fraud in criminal proceedings. Some examples of criminal fraud are identity theft, embezzlement, money laundering and forgery – all of which occur in relation to financial services and fintech. Such offences would render the offender criminally liable of cheating.

Pursuant to the nature of the crime, the sections that offenders are likely to be found liable and punishable under the Penal Code 1871 include but are not limited to:

  • Section 415 – Cheating;
  • Section 416 – Cheating by personation;
  • Section 416A – Illegally obtained personal information;
  • Section 417 – Punishment for cheating; and
  • Section 419 – Punishment for cheating by personation.

In 2024, the types of fraud which had the highest average losses in Singapore are as follows:

  • government officials’ impersonation scams;
  • investment scams;
  • job scams;
  • e-commerce scams;
  • fake friend call scams;
  • phishing scams;
  • investment scams;
  • market manipulation;
  • money laundering and terrorist financing; and
  • cyber fraud.

It is therefore likely for Singapore regulators to focus more on the above-mentioned frauds in 2025.

In Singapore, fintech service providers can be liable for customer losses due to contract breaches, negligence, fraud or regulatory violations. Providers may be held accountable for failing to execute transactions, protecting customer data or complying with AML/CFT and PDPA regulations. Although liability can be limited by contractual clauses, these cannot exclude negligence or breach of contract. Under the Consumer Protection (Fair Trading) Act 2003, unfair practices may result in customer compensation. Providers must also secure platforms against cyber-attacks, with inadequate security leading to liability. Disputes must be resolved transparently in line with MAS regulations.

KGP Legal LLC

10 Anson Road
#03-27
International Plaza
Singapore
079903

+65 6916 1298

+65 6916 1290

enquiry@kgplegal.com.sg www.kgplegal.com.sg/
Author Business Card

Trends and Developments


Authors



Allen & Gledhill LLP is an award-winning full-service law firm providing legal services to a wide range of clients, including corporations and financial institutions in Asia. The firm is consistently ranked as a market leader, having been involved in several challenging, complex and significant deals, many which are the first of their kind. The firm’s reputation for high-quality advice is regularly affirmed by strong rankings in leading publications, and by various awards and accolades. With a growing network of associate firms and offices, it is well-placed to advise clients on their business interests in Singapore and beyond, on matters involving the Asia region. With offices in Singapore, Myanmar, Vietnam and China, as well as associate firms in Malaysia (Rahmat Lim & Partners) and Indonesia (AGI Legal), the Allen & Gledhill network known as A&G Asia has over 650 lawyers, making it one of the largest law firm networks in the region.

Introduction

Singapore’s vibrant fintech ecosystem has led to a rich and varied scope of business models over the years. In 2015 and 2016, peer-to-peer lending and equity crowdfunding platforms were active in the market. In 2017, more robo-advisers began to set up shop in Singapore, and there was global interest in initial coin offerings and cryptocurrency exchanges. From 2018 onwards, there was a flurry of activity in the fintech space ranging from e-wallets, remittance businesses and digital banks, to cryptocurrency funds, security token exchanges, and cryptocurrency broker-dealing and market making.

In recent years, broad trends have continued to develop with a particular focus on artificial intelligence (AI) and payments. This piece will focus on how the following key trends might play out in Singapore, in 2025: (i) increased adoption of AI and the potential resurgence of “robo-advisers”; (ii) “single-currency stablecoins” and the new regulatory framework proposed by the Singapore financial services regulator and central bank, the Monetary Authority of Singapore (MAS); (iii) an increased focus on consumer protection; and (iv) increasing regulatory safeguards to address scams and responsibility for losses.

AI and “Robo-Advisers”

MAS has expressly recognised the role that AI plays in the financial services industry and has done so while highlighting the data protection and cyber security risks which accompany increased adoption of AI. In a media release announcing its commitment of up to SGD100 million to support quantum and AI capabilities in the Singapore financial sector through the Financial Sector Technology and Innovation Grant Scheme, MAS noted that there are “strong prospects” for AI applications in the financial services sector, and this involved “the development of frameworks and platforms for policies and protocols that enable secure and privacy-protected data exchange where financial institutions can collaborate on industry-wide use cases”.

In connection with the above, in July 2024, MAS published an information paper on Cyber Risks Associated with Generative Artificial Intelligence (GenAI), which summarised GenAI-enabled threats to include deepfakes, GenAI-enabled phishing, as well as malware generation and enhancement. At the time of the information paper, MAS proposed various mitigating measures. These included:

  • implementation of liveness detection techniques in facial recognition authentication;
  • campaigns to raise user awareness;
  • additional verification for high-risk transactions;
  • including deepfake attach scenarios in incident responses;
  • adopting multi-layered cyber defence; and
  • incorporating AI tools to detect malware and to better identify suspicious activity.

Mitigating measures to address data leakage from GenAI deployment also included establishing user policies specific to GenAI usage, and adopting best practices (ie, secure coding, vulnerability assessments and security testing), and performing due diligence when using GenAI solutions.

The information paper also highlighted the potential for bad actors to introduce malicious or inaccurate data to “poison” GenAI models and their outputs, whether at training or during use. Mitigating measures likewise focused on data governance, access controls and monitoring, and incorporating contingencies into business continuity plans.

A further information paper on AI model risk management was published in December 2024. This information paper focused on AI oversight and governance, risk management systems and processes (including materiality assessments), and the standards and processes for development and deployment of AI.

In addition to MAS-led efforts, Project Mindforge also released an industry-led whitepaper on GenAI risks and opportunities for banks.

While these papers focus more on the practices of banks, MAS has stated that it is in the midst of considering supervisory guidance for all financial institutions in 2025, not just banks, by building upon focus areas of the papers.

We expect that such measures will be particularly relevant to entities rolling out “agentic” AI models in connection with “algorithmic trading” or “robo-advisory” products.

Algorithmic trading

Algorithmic trading today already exists in the form of sophisticated codes or “trading bots” which are able to implement and execute trading strategies within pre-defined parameters. The revolution brought about by AI will invariably change existing algorithmic trading workflows.

Already, there is talk of “agentic AI” essentially playing the role of a tireless, incorporeal trader, which is able to iterate trading strategies and improve upon its own trading systems by learning from market data in real-time. All of this, while being immune to the emotions and needs of an actual human trader.

While a true “agentic AI” algorithmic trader does not yet exist, given the exponential growth of AI, it will not be surprising that artificial general intelligence will reach these capabilities in the foreseeable future. Once it does, it will be crucial for financial institutions to have implemented the measures proposed by MAS, to the extent applicable, to forerun the risks that are attendant in the adoption of such “agentic AI”.

Robo-advisory services

Similarly, robo-advisory services as they exist today run on sophisticated algorithms and are able to provide investment strategies or portfolio recommendations, considering a specific investor’s financial position, investment goals and risk appetites.

However, the incorporation of AI into these workflows could drastically streamline such robo-advisory operating models and dramatically increase their ability to deliver for customers. That being said, increased AI usage, particularly in the context of handling sensitive customer information (for the purposes of tailoring bespoke investment strategies) will give rise to increased data protection risks and other vulnerabilities.

Accordingly, as these models improve, we would expect more service providers to take advantage of these business cases, with a resurgence in robo-advisory services now powered by AI. However, providers of these services will need to ensure that they assess the exposure to the risks created by such AI usage, including the risks posed to their consumers in relation to data leakages and accuracy.

Single-Currency Stablecoins – The Proposed Stablecoin Regulatory Framework

As the overview to this Fintech 2025 Guide notes, stablecoins generally achieve value stability by one of two means: (i) through an algorithm which buys and sells stablecoins in reserve on the open market; or (ii) through backing by reserve assets denominated in the currency of the stablecoin itself (“single-currency stablecoins” or “SCS”).

The use-cases of stablecoins are myriad, but their three primary use-cases may be summarised as: (i) operating as a payment settlement layer; (ii) operating as a store of value; or (iii) functioning as an intermediary on-ramp or off-ramp asset to other cryptocurrencies, whether for the purpose of cryptocurrency trading, payment or otherwise.

Accordingly, given the increase in mainstream adoption of cryptocurrencies and the increased use-cases for stablecoins as a payment settlement layer in cross-border transactions, we would expect there to be an increased push toward SCS regulation.

In specific relation to Singapore, “stablecoins” are currently viewed as “digital payment tokens” (DPTs), similar to other types of large-cap cryptocurrencies such as bitcoin, ethereum or ripple. Accordingly, entities that provide regulated “payment services” involving “stablecoins” (including issuance) may currently be subject to licensing requirements under the Payment Services Act 2019 (the “PS Act”), supervised by MAS, for providing “DPT services”.

Notwithstanding the above, on 15 August 2023, MAS announced the features of a new stablecoin regulatory framework, to ensure a “high degree of value stability for stablecoins regulated in Singapore”. While this framework has not yet come into effect, MAS’ public announcement of the features of this upcoming framework has attracted even more stablecoin issuers to explore setting up in Singapore.

The framework will apply to any SCS that is issued in Singapore and pegged to the Singapore dollar or any G10 currency, and will impose key requirements relating to the following.

  • Stability of value and composition of reserve assets. This includes ensuring that reserve assets are composed of low-risk assets that are highly liquid and are custodised with MAS-regulated custodians with a minimum credit rating of “A-”, as well as to be subject to monthly audit and independent attestation requirements.
  • Capital requirements. This includes imposing a base capital requirement of SGD1 million or 50% of the SCS issuer’s annual operating expenses, whichever is higher. Further, there are business restrictions on SCS issuers undertaking any other activities that introduce additional risks (eg, restrictions on investing in and extending loans, lending or staking SCS and other DPTs, fund management).
  • Redemption at par. This includes ensuring that SCS holders have a direct legal claim for redemption at par, and that such requests can be made at any time and will be met after no later than five business days.
  • Disclosure requirements. There are also requirements for the white papers of such SCS to be disclosed, containing prescribed information including general information on the issuer, the value-stabilising mechanism, risks, and rights and obligations related to the SCS.

SCS issuers will need to be regulated under the PS Act for providing a “stablecoin issuance service”, and SCS that fulfil all requirements under the framework may additionally apply to MAS for their stablecoin to be “MAS-regulated stablecoins”, labelled as such to distinguish them from other stablecoins that may not meet these stringent requirements under the new framework.

As may be noted from the above, the primary thrust of these requirements relates to consumer protection and solvency, and are geared towards ensuring that consumers are able to realise the value of their SCS holdings at short notice and with some degree of certainty.

Increased Focus on Consumer Protection

The proposed stablecoin regulatory framework above dovetails with the broader push toward greater consumer protection. Indeed, the broader regulatory climate in Singapore has shifted away from DPT “trading” activity in and of itself, and more toward encouraging real commercial use-cases for blockchain technology.

Under its Guidelines on Provision of DPT Services to the Public, MAS has stated its view that: “[…] the trading of [DPTs] is highly risky and not suitable for the general public. The public should not be encouraged to engage in the trading of DPTs”. What is also telling of the regulator’s position in Singapore is the title of an address provided by then-Managing Director of MAS, Ravi Menon, at a seminar in August 2022: “Yes to Digital Asset Innovation, No to Cryptocurrency Speculation”.

Accordingly, in recent years, there has been a greater regulatory push in Singapore toward consumer protection measures; in particular, measures to mitigate the risks of insolvency on the part of DPT service providers. With effect from 4 October 2024, a new slate of consumer protection measures specific to DPT service providers took effect, with a second tranche of measures to come into force in June 2025.

The key consumer protection requirement is the requirement to ensure, no later than the next business day after a DPT service provider receives customer DPT, that such DPT is either deposited in a “trust account” or returned to the customer. That “trust account” must be designated as such (or as a customer’s account distinguishable from the DPT service provider’s own accounts), and the customer DPTs therein should be subject to stringent requirements. Disclosures must also be made to the customers on how their DPTs are being safeguarded, and what the risks and consequences are in the event of an insolvency.

Other requirements that came into force in October 2024 include the requirement to keep proper books and records, daily reconciliation of customer DPT, operational independence of the DPT safeguarding function, and other access and operational controls.

From 19 June 2025, further consumer protection requirements are slated to come into effect. These include the implementation of customer “risk awareness assessments” to assess whether retail customers have sufficient knowledge of the risks of such DPT services. It also includes restrictions on offering incentives (i) to “entice” retail customers to engage DPT services, or (ii) to any person (eg, existing customers or celebrities) to promote and/or refer DPT services to retail customers. DPT service providers will also be subject to certain further restrictions on providing credit or leverage in relation to transactions, among further requirements on conflicts of interest, DPT listing and governance policies, and complaints handling.

Regulatory Safeguards for Scams and the Shared Responsibility Framework

Finally, there has also been a proliferation of scams and other confidence tricks, capitalising on opportunities to prey on the vulnerabilities of consumers. In fact, from January to June 2024, the number of scam and cybercrime cases increased by 19% to 28,751 cases, compared to 24,367 cases in the same period in 2023, with scams accounting for 92.5% of these 28,751 cases. The total amount lost increased by 24.6% to at least SGD385.6 million in the first half of 2024, from at least SGD309.4 million in the same period in 2023.

Accordingly, MAS has taken various measures to ensure that a robust framework exists to protect consumers as far as possible. This includes the 2024 revision to the E-Payment User Protection Guidelines to promote the safety and security of e-payments, the publication of the Circular on Anti-Scam Measures on 25 October 2024 (the “Anti-Scams Circular”), and the joint publication of the Guidelines on Shared Responsibility Framework (the “SRF Guidelines”) on 24 October 2024 together with the Infocomm Media Development Authority (IMDA). These three instruments involve different entities and contain some overlapping duties, but have the common purpose of protecting retail individuals.

The Anti-Scams Circular addresses Major Payment Institutions (MPIs) providing personal payment accounts that contain e-money. For example, it requires MPIs to implement certain measures, such as a 12-hour cooling off period upon a login to an e-wallet on a new device, a default transaction limit of SGD1,000, restrictions on sending  clickable links/QR codes via e-mail or SMS, the provision of a 24/7 reporting channel and kill switch, and capabilities for real-time detection and blocking of suspicious transactions. MPIs intending to implement higher stock and flow caps (of SGD30,000 and SGD100,000 respectively) are required to implement the measures within the Anti-Scams Circular, and submit an attestation, before doing so.

The SRF Guidelines, which took effect on 16 December 2024, set out relevant duties to mitigate phishing scams, and set expectations of payouts to affected scam victims where these duties are breached. It also sets out a framework of responsibility for losses arising from seemingly authorised transactions, and an operational workflow for processing claims in respect of any seemingly authorised transaction. In brief, if the relevant financial institution and the telecommunications provider have both fulfilled all their duties under the SRF Guidelines, consumers will bear the losses from scams. These measures are designed to preserve confidence in digital payments and digital banking in Singapore, and to strengthen direct accountability of relevant regulated financial institutions and mobile network operators.

Conclusion

As the overview to this Fintech 2025 Guide notes, since 2023, the growth of AI has been exponential, and this is expected to continue well into the future. Further, growth in the use-cases of stablecoins and mainstream adoption of cryptocurrencies have amplified the need for robust consumer protections. In particular, bad actors seeking to take advantage of our vulnerabilities have also required us to focus on implementing frameworks to ensure that victims of scams and other confidence tricks are protected.

In any regulatory framework, a balance must always be struck between innovation and consumer protection. The trends that we expect to unfold in 2025 will present new opportunities and challenges for regulators, fintechs, as well as for their legal practitioners and other service providers, to continue to negotiate this balance in a manner which unlocks the productivity promises of AI and fintech, while managing exposure to the risks at hand.

Allen & Gledhill LLP

One Marina Boulevard
#28-00
Singapore
018989

+65 6890 7188

sg.enquiries@agasia.law www.allenandgledhill.com
Author Business Card

Law and Practice

Authors



KGP Legal LLC is a Singapore-licensed corporate and commercial law firm with an international focus. It is a member firm of the InterAsia Law Alliance, a network of independent liaison law firms across the region. In addition, KGP Legal LLC has formed a strategic partnership with OA Legal, a Swiss-based law firm, to provide enhanced cross-border legal services. KGP Legal LLC provides seamless corporate and commercial assistance in Singapore, as well as in Hong Kong, China, Japan and Switzerland through its partners. It is committed to delivering high-quality, cost-effective legal solutions tailored to the specific needs of its clients. The firm has moved away from hourly billing and “open-ended” fee structure arrangements towards providing clients with fixed-fee arrangements that are predictable and transparent. It is relied upon by clients to provide solutions to complex problems and to safeguard and advance their interests.

Trends and Developments

Authors



Allen & Gledhill LLP is an award-winning full-service law firm providing legal services to a wide range of clients, including corporations and financial institutions in Asia. The firm is consistently ranked as a market leader, having been involved in several challenging, complex and significant deals, many which are the first of their kind. The firm’s reputation for high-quality advice is regularly affirmed by strong rankings in leading publications, and by various awards and accolades. With a growing network of associate firms and offices, it is well-placed to advise clients on their business interests in Singapore and beyond, on matters involving the Asia region. With offices in Singapore, Myanmar, Vietnam and China, as well as associate firms in Malaysia (Rahmat Lim & Partners) and Indonesia (AGI Legal), the Allen & Gledhill network known as A&G Asia has over 650 lawyers, making it one of the largest law firm networks in the region.

Compare law and practice by selecting locations and topic(s)

{{searchBoxHeader}}

Select Topic(s)

loading ...
{{topic.title}}

Please select at least one chapter and one topic to use the compare functionality.