Folio 05 · Insights · Article

Mar 22, 2026

Singapore MAS payment institution: capital requirements in 2026

The MAS has revised base capital thresholds and operational risk buffers for MPI applicants. Here is the practical read for fintechs choosing Singapore — and how the rules compare to a comparable EU PI.

Editorial illustration for Singapore MAS payment institution: capital requirements in 2026

Singapore remains one of the strongest payment institution routes in APAC, but the MAS review of capital and operational risk expectations changes how applicants should budget the file. The headline figures are only the entry ticket; the real planning number is the buffer MAS expects the model to carry through stress — and the qualitative gates around technology, substance, and AML fail more applicants than the arithmetic does. This is the practical read for fintechs choosing Singapore, with the comparison to an EU payment institution at the end.

The licence structure under the PS Act

The Payment Services Act organises the regime around seven defined payment services — account issuance, domestic money transfer, cross-border money transfer, merchant acquisition, e-money issuance, digital payment token services, and money-changing — and three licence classes. The two that matter for most fintechs:

  • Standard Payment Institution (SPI) — for businesses operating below the volume thresholds, with base capital of S$100,000.
  • Major Payment Institution (MPI) — required once activity crosses the thresholds: in the region of S$3 million in monthly transactions for a single payment service, S$6 million across multiple services, or an e-money float around the S$5 million mark. Base capital: S$250,000, plus a security deposit with MAS that scales with the licence's scope.

Most serious applicants file directly for the MPI. The thresholds are low relative to a real payments business, regrading mid-growth costs more than starting heavy, and counterparties — banks, card schemes, enterprise clients — read the MPI as the adult licence.

A digital payment token service in the model changes the conversation: the DPT licensing track carries its own conduct, custody, and consumer-access expectations, and MAS has been deliberately selective in that queue. A payments application with a DPT component should be planned as the harder of the two files.

What the capital review changes in practice

MAS has been explicit that base capital is a floor, not a target. The supervisory expectation now runs through three layers:

  • Base capital — the statutory figure, held in qualifying form, unimpaired by losses, with the evidence trail clean.
  • Operational risk buffer — capital scaled to the volume, complexity, and failure modes of the flows, assessed against the applicant's own scenario analysis rather than a single formula. E-money float, cross-border corridors, FX exposure, and settlement timing mismatches all push it upward. The application should show the scenarios, the loss estimates, and the capital conclusion — not assert adequacy.
  • Liquidity and safeguarding adequacy — for e-money issuers, full safeguarding of the float with a bank in Singapore or another approved arrangement, reconciled daily, plus demonstrable liquidity to run the business without ever reaching toward client funds.

The practical consequence: an MPI application whose financials show base capital plus a thin margin reads as underprepared. Files that clear smoothly model capital against projected peak float and volume — not averages — hold visible headroom, and name who funds the top-up if growth outruns plan, with evidence the funder can.

Building the capital section that survives review

  • Start from the flows: peak daily volume per corridor, float high-water mark, settlement gaps per partner.
  • Run the downside cases that matter for payments: partner settlement delay, corridor suspension, FX gap on a volatile pair, chargeback spike.
  • Translate each into capital and liquidity numbers, show the arithmetic, and set the buffer above the worst plausible case.
  • Document the contingency funding: committed shareholder support with the shareholder's own evidence of means, not a comfort letter.

The rest of the file MAS actually reads

Capital is the quantitative gate; the qualitative gates fail more applicants:

  • Local substance: a Singapore-incorporated entity, at least one executive director ordinarily resident in Singapore, a compliance function that genuinely operates from Singapore, and decision-making that happens where the licence lives. Regional hub structures work — Singapore as the licensed core with group services around it — but the core must be real.
  • Technology risk: MAS's technology risk management guidelines apply in full, and payments firms are examined on them early. Penetration testing, vendor and cloud oversight, change management, incident reporting readiness with the prescribed notification windows — the application should evidence a programme, not promise one.
  • AML/CFT: programme documentation aligned to the payment-services AML notices, with named ownership, screening tooling identified, and — for cross-border models — corridor risk assessments that read as analysis rather than boilerplate.
  • Track record: shareholders and key persons with verifiable history in payments or adjacent regulated business. MAS reads founder CVs the way banks read credit files, and gaps are better explained than discovered.

Timeline and process

A realistic MPI authorisation runs six to twelve months from a complete application, with the variance driven by file quality, the DPT component if any, and the pace of the applicant's responses. The process rhythm: completeness review, substantive question rounds (expect at least two), possible interviews with key persons, then conditions and the operational readiness conversation before launch.

Two scheduling notes from delivered files: the technology-risk questions arrive earlier than teams expect, so the security documentation cannot trail the rest of the file; and MAS reads consistency obsessively — the volumes in the business plan, the AML risk assessment, and the capital model must be the same numbers.

The EU PI comparison

Against a comparable EU payment institution authorisation:

  • Headline capital: Singapore's S$250,000 MPI base converts to roughly EUR 169,000 at recent EUR/SGD reference rates, which is above the EU's EUR 125,000 PI figure. The difference is real, but capital alone should not drive the jurisdiction choice.
  • Where the weight sits: MAS front-loads the operating reality — technology risk, substance, scenario-based capital — before authorisation. Several EU supervisors verify more of it after, through early-years inspection. The honest framing is front-loaded versus back-loaded scrutiny, not cheaper versus dearer.
  • Market shape: the EU licence passports across the EEA; Singapore's does not passport anywhere, but anchors APAC corridors, enterprise clients, and a banking sector that is genuinely open to licensed payments firms.
  • Timeline: broadly comparable for well-prepared applicants; both punish incomplete files with the same multiplier.

Groups building global infrastructure increasingly hold both, sequenced by where revenue lands first.

The DPT track: when crypto is in the model

A digital payment token service inside an otherwise conventional payments application deserves honest internal pricing, because it changes the file's difficulty class:

  • Consumer-access expectations: MAS has layered conduct requirements onto DPT services — risk disclosures, restrictions on incentives and credit-funded purchases, customer suitability friction — and the application must show them implemented in the product, not acknowledged in a policy.
  • Custody discipline: client DPT holdings carry segregation and safekeeping expectations recognisable from the securities world, with the operational evidence to match.
  • A more selective queue: the DPT licensing track has been deliberately slow and selective, and the approved population is short. A combined application moves at the speed of its hardest component.

The strategic options worth weighing: file the payments services first and add the DPT service by variation once licensed; partner with an already-licensed DPT provider for the crypto leg; or accept the longer combined timeline knowingly. Teams that discover this trade-off during assessment, rather than before it, lose the most time of any pattern we see in Singapore files.

Common mistakes in Singapore files

  • Budgeting the statutory capital and discovering the buffer expectation during assessment, with the clock running.
  • A resident-director arrangement that is plainly nominee in character — MAS interviews reveal these in minutes.
  • Technology documentation written by the compliance team rather than the engineering team, and reading like it.
  • Treating the DPT service as a checkbox addition to a payments application rather than its own, harder track.
  • Inconsistent numbers across the business plan, capital model, and AML assessment — the fastest route to a second question round.

The application anatomy

The MPI file MAS reads, in the order that earns credibility:

  • Business profile and the seven-services mapping: each requested service tied to a concrete product flow, with nothing requested speculatively — unused licence scope draws conditions and questions.
  • Flow-of-funds diagrams per corridor and per service, with the settlement timing and counterparties on the arrows.
  • Financial projections and the capital model: base and downside cases, the scenario analysis behind the operational risk buffer, the security deposit acknowledged, and the contingency funding evidenced.
  • Safeguarding chapter for e-money: the Singapore bank arrangement, trust or guarantee mechanics, and the daily reconciliation procedure.
  • Governance and people: the resident executive director, the compliance and technology owners with CVs that survive a register check, and the organisation chart as it will exist at launch.
  • Technology risk pack: architecture, penetration-test reports or firm commitments, vendor and cloud oversight, incident response with the notification windows internalised.
  • AML/CFT programme aligned to the payment-services notices, with corridor risk assessments that read as analysis.

One internal reconciliation read before submission — volumes, float, headcount, and capital telling the same story across chapters — is the cheapest month saved in the whole project.

Operational readiness: what MAS checks before launch

Authorisation and launch are separate gates. Between in-principle approval and go-live, expect attention on:

  • Conditions discharge: final policies, completed hires, the operating bank account live, the security deposit lodged.
  • Systems demonstrations: MAS or its questions will walk transaction flows, onboarding journeys, and monitoring alerts against the documentation — fluency here belongs to the operations team, not the consultants.
  • Reporting readiness: the regulatory returns calendar, the data pipelines behind it, and a dry run before the first submission.
  • Incident readiness: the notification procedure with names, numbers, and the prescribed windows rehearsed.

Plan authorisation-to-launch as its own four-to-eight-week phase with an owner, not as a formality.

The first two years licensed

The operating relationship with MAS rewards the same discipline the application did:

  • Returns filed on calendar, with the data reconciling to the audited accounts at year-end.
  • Threshold monitoring: SPI licensees tracking against the regrading thresholds monthly, because crossing them unprepared is a compliance event, not a growth milestone.
  • Technology risk as a living programme: annual penetration testing, vendor reviews, and the audit trail that the guidelines contemplate.
  • Material change discipline: new services, new corridors, ownership changes, and key-person moves notified or approved per the licence conditions — early, with analysis attached.
  • The float watched like a covenant: safeguarding reconciliations daily, the capital implications of float growth re-forecast quarterly.

Firms that run this calendar describe MAS supervision as predictable; firms that improvise describe it differently. The difference is the calendar.

Questions applicants ask

SPI first, or straight to MPI?

If the eighteen-month plan crosses the thresholds, file MPI. The SPI saves capital briefly and costs a re-licensing project at exactly the moment the business is busiest.

Does the security deposit replace capital?

No — it sits alongside base capital as a separate statutory requirement, scaled to the licence scope. Budget both.

Can the float be safeguarded outside Singapore?

The safeguarding arrangements MAS accepts centre on Singapore-based undertakings — bank guarantees or trust arrangements with banks in Singapore. Plan the safeguarding banking relationship as a Singapore relationship from the start.

How real is the resident-director requirement?

Entirely real, and tested at interview. The workable patterns are a genuine local executive hire or a founder relocating; the unworkable pattern is a name on a form.

Can a foreign group hold the licence through a regional holding company?

Yes — the licensed entity must be Singapore-incorporated, but foreign ownership above it is routine. What MAS examines is the chain to natural persons, the source of the capital, and whether group arrangements — shared services, intercompany agreements, outsourcing to affiliates — leave the Singapore entity in genuine control of its own regulated activity. Group structures that drain decision-making offshore are read against the substance expectations, holding structures as such are not the issue.

Model the licence cost as base capital, plus the buffer implied by the financial projections, plus the security deposit, plus the standing cost of the Singapore compliance and technology functions — and let the application show all four knowingly. Applicants that price only the statutory figure discover the rest during assessment; applicants that price the reality clear it.

Scope a Singapore payment route

No live Singapore SPI/MPI file is listed right now. SKY7 can compare a fresh MAS filing, current inventory and buyer diligence requirements.

Editorial disclaimer

This article is general information only and is not legal, regulatory, tax, investment, or financial advice.

Does this change touch your file?

Tell us where you hold or seek permissions and what activities the file covers. We map the update against your authorisation and reply with what it alters, what it leaves alone, and the dates that matter.

Yuna Liang

Yuna follows APAC payment institution regimes, including Singapore MAS capital, conduct and operational readiness expectations for cross-border fintech launches. Her work links licensing strategy with banking access, outsourcing controls, safeguarding evidence and realistic build timelines for teams entering Asia-Pacific markets. She reviews payment-flow narratives, local director requirements, technology reliance, AML operations and partner due diligence so founders can understand what must be built before filing and what can be sequenced after approval without creating avoidable regulator or bank friction.