Singapore's Payment Services Act (PSA) came into full effect in January 2020, consolidating what had previously been a fragmented regulatory structure — the Money-Changing and Remittance Businesses Act and the Payment Systems (Oversight) Act — into a single licensing framework. For B2B fintech operators and treasury teams using cross-border payment services, understanding the PSA is not a compliance formality. It determines which payment service providers you can legally work with, what AML/KYB controls they must apply to your transactions, and what safeguarding protections apply to funds in transit.
The Seven Payment Service Categories
The PSA defines seven regulated payment service categories. For B2B cross-border payment operators, the most relevant are:
- Account Issuance Services: Issuing multi-currency payment accounts. Any provider holding SGD or foreign currency balances on behalf of your business falls under this category.
- Domestic Money Transfer Services: Executing fund transfers within Singapore — relevant for PayNow and FAST settlement on the Singapore leg of a cross-border flow.
- Cross-Border Money Transfer Services: The core category for international B2B payment operators. Any entity accepting SGD from a Singapore business and disbursing equivalent value in a foreign currency in another jurisdiction requires a PSA licence covering this activity.
- Merchant Acquisition Services: Relevant if the payment operator processes card-based collections on behalf of the business.
- Digital Payment Token Services: Crypto-related, not relevant for conventional B2B fiat payment infrastructure.
A single payment operator may hold licences covering multiple categories. The distinction matters for due diligence: when evaluating a payment service provider, verify which specific categories their MAS licence covers, not just whether they hold a PSA licence at all.
Licence Classes: Standard vs Major Payment Institution
The PSA establishes two licence classes with meaningfully different thresholds.
A Standard Payment Institution (SPI) licence covers operators whose monthly transaction volume does not exceed SGD 3 million across all services, or whose daily e-money float does not exceed SGD 5 million. SPIs face lighter compliance requirements but are genuinely constrained by these volume thresholds — if your payment service provider is an SPI and your business grows beyond certain volumes, they may not be able to service your flows compliantly without upgrading to a Major Payment Institution licence.
A Major Payment Institution (MPI) licence applies above those thresholds and carries more extensive AML/CFT programme requirements, enhanced safeguarding obligations (customer monies must be safeguarded either by holding in a trust account at a full bank or by obtaining a bank guarantee), and stricter technology risk management requirements aligned with MAS TRM Guidelines.
For B2B operators processing meaningful monthly volumes — above SGD 500,000 per month in cross-border flows — working with an MPI-licensed provider is generally the appropriate choice. SPI-licensed providers may be adequate for very early-stage volume but introduce regulatory risk as the relationship scales.
AML/CFT and KYB Obligations
The PSA requires PSA-licensed providers to comply with the MAS Notice PSN01 (Prevention of Money Laundering and Countering the Financing of Terrorism). For B2B clients, this means the payment provider must conduct Customer Due Diligence (CDD) — which in the B2B context is Know Your Business (KYB) — before onboarding and on an ongoing basis.
KYB for a Singapore-incorporated company typically covers: ACRA company registration verification, UBO (Ultimate Beneficial Owner) identification for individuals holding 25%+ ownership, director identity verification, and purpose-of-business confirmation. For businesses incorporated in other APAC jurisdictions — a Malaysian Sdn Bhd or an Indonesian PT — the equivalent corporate registry documents plus certified translations are typically required.
There is a persistent misconception that PSA compliance is purely the payment provider's problem and that B2B clients simply need to provide documents and then carry on. This is not quite right. Under the PSA and its subsidiary notices, payment providers are required to flag and report Suspicious Transaction Reports (STRs) to MAS's Suspicious Transaction Reporting Office (STRO). Businesses that have inconsistent payment patterns, high-velocity transfers to multiple jurisdictions with no clear business rationale, or UBOs from higher-risk jurisdictions will trigger enhanced due diligence (EDD) requirements that slow onboarding and require more documentation. Treasury teams that understand what EDD triggers look like can structure their documentation proactively, reducing friction.
Safeguarding of Customer Monies
One PSA provision that treasury teams in particular should understand is safeguarding. Under Section 23 of the PSA, MPI-licensed providers holding customer monies in excess of the prescribed thresholds must safeguard those funds. The two permitted safeguarding methods are: holding funds in a trust account maintained at a bank licensed under the Banking Act, or securing a bank guarantee from a licensed bank for the equivalent amount.
This matters operationally. If a payment operator holds your SGD balances in a multi-currency wallet and that operator became insolvent, the safeguarded funds held in trust would be segregated from the operator's estate and returned to clients. Funds not properly safeguarded would be subject to the general creditor pool. When evaluating a payment service provider's reliability, ask specifically how they safeguard client monies and at which bank the trust account is held — not as a theoretical question, but as a routine due diligence step.
What the PSA Does Not Regulate
We are not saying the PSA creates a blanket regulatory umbrella over everything that touches a payment. It does not. The PSA regulates the provision of payment services — the infrastructure layer. It does not directly regulate the commercial contracts between a Singapore business and its overseas suppliers or the FX rates quoted by a provider (those are governed by separate contract law and MAS FX market guidelines). A PSA licence does not indicate that a provider has strong technology infrastructure, reliable settlement rails, or competitive FX spreads. Those remain due diligence items separate from regulatory compliance.
Similarly, the PSA does not regulate banking services — a licensed bank in Singapore providing cross-border wire transfers operates under the Banking Act, not the PSA. Some treasury teams conflate PSA licensing with "MAS-regulated" as a general trust signal, when the relevant question is more specific: which regulatory framework applies to this specific service, and what protections does it actually create?
Practical Due Diligence Checklist for B2B Teams
When onboarding a Singapore-based payment service provider for cross-border B2B flows, the following PSA-specific checks are worth incorporating into your vendor review:
- Confirm MAS PSA licence number and category coverage at MAS Financial Institutions Directory. Licences are public record.
- Verify whether the provider holds a Standard or Major Payment Institution licence, and confirm their licensed activities cover cross-border money transfer services specifically.
- Ask for their safeguarding method and confirm funds are held in trust at a named licensed bank, not commingled with operating funds.
- Review their KYB onboarding requirements upfront so you can prepare ACRA bizfile, UBO declarations, and purpose-of-business documentation in advance. Delays at KYB stage are the single most common cause of slow payment infrastructure onboarding.
- Confirm their PSN01-compliant AML programme includes transaction monitoring — this is a signal that they are taking compliance seriously rather than treating MAS oversight as a checkbox.
The PSA framework has matured significantly since its 2020 launch. MAS has issued clarifications on digital token classification, updated the safeguarding requirements, and continued to publish guidance on technology risk management for payment systems. Treasury teams and fintech operators who check MAS's public circulars and consultation papers on payment services regulation on a semi-annual basis will stay ahead of changes before they affect operational workflows.