How to Get a Major Payment Institution Licence in Singapore (MPI), 2026 Checklist & Compliance Playbook

Understanding how to get a major payment institution licence in Singapore has become more demanding since MAS amended its Guidelines on Licensing for Payment Service Providers in 2024 and issued follow-up supervisory expectations through 2025 and into 2026. The Major Payment Institution (MPI) licence sits at the top tier of the Payment Services Act (PSA) licensing framework, carrying higher base-capital requirements, stricter governance expectations and a more intensive AML/CFT assessment than its Standard Payment Institution (SPI) counterpart. This guide distils the current rules into a single, step-by-step application playbook, covering eligibility thresholds, document checklists, governance and residency requirements, AML/CFT programme design and post-approval obligations, so that founders, compliance officers and general counsel can move from planning to lodgement with confidence.

Every load-bearing requirement referenced below is drawn from the MAS licensing page, the MAS Guidelines (PS-G01, updated 8 October 2025) and the GoBusiness MPI licence directory.

TL;DR, Who Must Apply and What to Do Now (Executive Checklist)

If you are a founder, product lead or compliance officer preparing a major payment institution license Singapore application in 2026, use this executive checklist as your starting point. Each item maps to a detailed section later in this article.

• Confirm your threshold position. Determine whether your monthly transaction volumes for any regulated payment service exceed the specified SPI thresholds (e.g., S$3 million for certain activities). If they do, or will, you need an MPI licence.
• Gather governance documents. Prepare board composition details, senior-management CVs, organisational charts and evidence of local executive-director residency in Singapore.
• Appoint accountable officers. Designate a Money-Laundering Reporting Officer (MLRO) and a Compliance Officer with demonstrable experience and local presence.
• Build your AML/CFT programme. Draft a risk assessment, CDD/KYC procedures, transaction-monitoring rules, sanctions-screening protocols and a suspicious-transaction reporting (STR) workflow.
• Evidence capital and business continuity. Show proof of the required minimum base capital (S$250,000 for MPI, per MAS Guidelines) and an IT security/business-continuity plan (BCP).
• Complete MAS specimen forms. Download and populate all required specimen forms from the MAS licensing page and the GoBusiness portal.
• Assess PDPA readiness. Map personal-data flows, complete a Data Protection Impact Assessment (DPIA) and prepare vendor-processing clauses compliant with the PDPA.
• Budget for timeline and MAS queries. Expect the full cycle, pre-assessment, lodgement, MAS questions and approval, to take several months. Incomplete applications extend this significantly.

Quick Decision Flow, Three Steps

1. Identify your payment services. List every activity you provide or plan to provide under the PSA (e.g., cross-border money transfer, merchant acquisition, e-money issuance, digital payment token (DPT) services).
2. Check thresholds. If any single service exceeds the relevant SPI monthly threshold, or if you provide a service for which no SPI threshold applies, proceed to MPI.
3. Prepare your application pack. Follow the document checklist, governance requirements and AML/CFT programme guidance set out in this playbook.

What Is a Major Payment Institution (MPI) Under Singapore Law?

A Major Payment Institution is a payment service provider licensed by the Monetary Authority of Singapore (MAS) under the Payment Services Act 2019 (PSA). The MPI licence is required when a provider’s business exceeds the thresholds prescribed for a Standard Payment Institution, or when it wishes to conduct regulated payment services without being subject to SPI-level restrictions. The PSA and the accompanying MAS Guidelines on Licensing for Payment Service Providers (PS-G01) together form the primary legal basis for the MPI regime.

The PSA regulates seven categories of payment services. An MPI may be licensed to provide one or more of the following:

• Account-issuance service
• Domestic money-transfer service
• Cross-border money-transfer service
• Merchant-acquisition service
• E-money issuance service
• Digital payment token (DPT) service
• Money-changing service

Key Legal Sources and Specimen Forms

Applicants should work from the following primary materials, all available on the MAS website:

• Payment Services Act 2019, the governing statute.
• MAS Guidelines on Licensing for Payment Service Providers (PS-G01), sets out admission criteria, governance standards, capital requirements and specimen forms.
• GoBusiness MPI licence page, contains the transactional application checklist and upload portal.

MPI Eligibility and Numeric Thresholds, How to Decide When to Apply

The decision between an SPI and an MPI licence turns primarily on monthly transaction thresholds. Under the Payment Services Act licence requirements, an SPI is subject to specified caps, for example, a monthly threshold of S$3 million for certain payment activities such as e-money float or payment transactions. Once a provider exceeds (or anticipates exceeding) the relevant SPI threshold for any single service, MAS expects it to apply for an MPI licence. In some cases, the nature of the service itself, such as DPT services, may bring a provider directly within MPI-level obligations regardless of volume.

SPI vs MPI, Decision Checklist

• Does your monthly transaction value for any regulated service exceed S$3 million? → MPI.
• Does your daily e-money float exceed S$5 million? → MPI.
• Do you provide DPT services and wish to operate above SPI-level restrictions? → MPI.
• Is your business within all SPI thresholds and you do not foresee exceeding them in the near term? → SPI may suffice.
• Does MAS require you to hold a higher base capital (S$250,000 vs S$100,000)? → This points to MPI.

Both licence types require the applicant to be a company incorporated in Singapore or a foreign company registered under the Companies Act with a permanent place of business in Singapore, as stated on the MAS licensing page. Industry observers note that MAS has in practice scrutinised the substance of local presence more closely since the 2024 Guidelines revision, meaning a brass-plate office no longer suffices.

Who Has an MPI?, Illustrative Examples

MAS publishes a searchable register of licensed institutions. You can verify current MPI holders on the MAS Financial Institutions Directory. Notable examples include 2C2P, which announced obtaining its MPI licence for merchant-acquisition and cross-border money-transfer services. Reviewing the register provides applicants with useful benchmarks for scope of services and business models that MAS has approved.

MPI Application Process and Timeline, Document Checklist and Specimen List

The MAS MPI licence application follows a structured flow. Understanding each stage, and the documents required at every point, is the single most effective way to shorten the overall timeline. Below is the practical workflow derived from the GoBusiness MPI licence page and the MAS Guidelines.

Pre-Application Readiness Checklist

Before lodging your application, confirm you have the following ready:

1. Singapore-incorporated entity (or registered foreign corporation) with ACRA registration.
2. Finalised business plan covering each payment service you intend to provide.
3. Ownership-structure diagram (up to ultimate beneficial owners).
4. Board and senior-management composition with CVs, fit-and-proper declarations and evidence of residency.
5. Draft AML/CFT programme (risk assessment, CDD/KYC policies, monitoring rules, STR workflow).
6. Evidence of minimum base capital (S$250,000 per MAS Guidelines).
7. IT-security assessment and business-continuity plan (BCP).
8. Corporate-governance framework (terms of reference for board committees, compliance-function mandate, outsourcing-oversight policy).
9. PDPA compliance documentation (data-flow map, DPIA, vendor clauses).

Required MAS Specimen Forms

MAS prescribes specimen forms that must be completed and uploaded via the GoBusiness portal. These forms cover, among other items:

• Application form for MPI licence, entity information, directors, shareholders, proposed payment services.
• Fit-and-proper declarations, for each director, CEO and substantial shareholder.
• Organisational-structure form, corporate group chart and description of related entities.
• Financial-resources form, evidence of base capital and projected financial statements.

All specimen forms are referenced in the MAS Guidelines (PS-G01) and are available for download from the MAS licensing page.

Document Checklist Table

Typical MAS Follow-Up Requests

After lodgement, MAS commonly issues supplementary queries. Based on practitioner experience noted by Rajah & Tann Asia and Dentons Rodyk, the most frequent follow-ups concern:

• Clarification of the applicant’s risk appetite and target customer profile.
• Additional detail on transaction-monitoring rules and thresholds.
• Evidence of local decision-making authority (not merely a shell with offshore control).
• Outsourcing arrangements, nature, jurisdiction and contractual controls over third-party providers (including cloud and DPT custodians).
• Financial projections and adequacy of capital runway beyond the statutory minimum.

Early indications suggest that the typical end-to-end timeline, from pre-assessment through lodgement, MAS queries and final approval, runs to several months and can extend significantly if the application package is incomplete or if MAS identifies material gaps in governance or AML/CFT readiness.

Governance, Residency and Senior Management Expectations

MAS’s revised Guidelines place considerable weight on the governance and residency requirements for MPI applicants. The regulator expects to see genuine local decision-making, not a structure in which Singapore directors serve in name only while strategic and operational control resides offshore.

Key governance expectations include:

• Board composition. At least one executive director who is ordinarily resident in Singapore and who exercises real oversight of the licensed activities.
• Senior-management residency. The CEO (or equivalent) and key control-function heads (compliance, risk, finance) should be based in Singapore.
• MLRO and Compliance Officer. MAS expects designated, named individuals with appropriate qualifications, reporting lines to the board and sufficient seniority to escalate issues independently.
• Independence of control functions. The compliance and internal-audit functions must not report solely to the business line they oversee; clear separation of duties is expected.
• Outsourcing oversight. Where critical functions (e.g., transaction monitoring, cloud hosting, DPT custody) are outsourced, the board must retain documented oversight mechanisms, including contractual audit rights, exit strategies and business-continuity provisions, as highlighted by Dentons Rodyk.

If you are comparing the governance expectations for payment-services licensing with those in other jurisdictions, see our guides on obtaining an MSB licence in the US and what is the CASP under MiCA regulation.

Sample Clause Snippets for Governance Undertakings

Note: the following specimen wordings are provided as legal gist only. Applicants should engage qualified counsel to tailor these to their specific structure and MAS requirements.

Specimen 1, Local Executive Director Undertaking

“The undersigned confirms that [he/she] is ordinarily resident in Singapore, maintains a permanent place of residence in Singapore and exercises day-to-day oversight of the Applicant’s licensed payment services, including attendance at all scheduled Board meetings and direct supervisory authority over the Compliance Officer and MLRO.”

Specimen 2, Outsourcing-Oversight Board Resolution

“RESOLVED that the Board has reviewed and approved the outsourcing of [description of function] to [Service Provider], subject to: (a) contractual audit rights exercisable by the Applicant or MAS; (b) documented exit and business-continuity arrangements; and (c) quarterly reporting by [Service Provider] to the Applicant’s Compliance Officer.”

AML/CFT Programme, What MAS Will Assess and the Applicant Checklist

The AML/CFT requirements for MPI applicants represent the most scrutinised component of any MAS licensing assessment. MAS expects applicants to present a fully documented AML/CFT programme at the point of application, not after approval. The programme must demonstrate that the applicant can meet its obligations under the PSA, the MAS Notice on Prevention of Money Laundering and Countering the Financing of Terrorism (PSN02) and the MAS Guidelines on AML/CFT from Day 1 of operations.

AML/CFT Checklist Mapped to MAS Assessment Items

Example Monitoring Rules and Escalation Matrix

A well-structured monitoring programme will include rules addressing at least:

• Velocity rules, flagging multiple transactions within a short time window by the same customer or linked accounts.
• Structuring detection, identifying transactions just below reporting thresholds.
• Geographic-risk triggers, escalating transactions involving high-risk jurisdictions identified in the EWRA.
• Behavioural anomalies, comparing a customer’s transactional pattern against their declared profile and risk rating.

Each alert generated by the monitoring system should follow a documented escalation matrix: front-line review → compliance analyst investigation → MLRO decision → STR filing with STRO (if warranted). The entire chain, including rationale for closing alerts without filing, must be logged and auditable. For a broader discussion of crypto-asset compliance considerations, see our guide on why you need a crypto licence and how to get it right.

PDPA and Data Protection Obligations for PSPs, Quick Compliance Checklist

Every MPI applicant must also satisfy PDPA obligations for PSPs. The Personal Data Protection Act 2012, administered by the Personal Data Protection Commission (PDPC), applies to all organisations in Singapore that collect, use or disclose personal data. For payment service providers handling sensitive financial and identity data at scale, compliance is non-negotiable.

Practical Checklist for PDPA Readiness

• Data-flow mapping. Document every point at which personal data enters, is processed, stored, shared or transferred, especially cross-border transfers to group entities or outsourced service providers.
• Data Protection Impact Assessment (DPIA). Conduct a DPIA for each high-risk processing activity, including DPT onboarding, CDD/KYC data handling and cloud storage.
• Consent and purpose limitation. Ensure collection, use and disclosure of personal data are supported by valid consent or a recognised exception, and that purposes are clearly stated in your privacy notice.
• Data-breach management plan. Maintain an incident-response plan that meets the PDPC’s notification obligations, including the mandatory 72-hour notification window for notifiable data breaches.
• Vendor-processing clauses. All data-processing agreements with third parties should include PDPA-compliant clauses on purpose limitation, security standards, audit rights and cross-border transfer safeguards.
• Data Protection Officer (DPO). Appoint a DPO responsible for overseeing compliance and serving as the point of contact for the PDPC.

Practical Traps, Refusal Reasons and Mitigation Strategies

MAS does not publish a public list of refused MPI applications, but practitioner commentary from Allen & Gledhill and Rajah & Tann Asia highlights recurring reasons for delays or adverse outcomes:

• Weak governance structures. Nominal local directors without genuine decision-making authority; compliance function reporting to the business head rather than the board. Mitigation: appoint a resident executive director with documented authority and independent reporting lines for the compliance function.
• Inadequate AML/CFT programme. Generic, off-the-shelf policies not tailored to the applicant’s risk profile, service types or customer base. Mitigation: engage experienced AML consultants or counsel to produce a bespoke EWRA and policy suite before lodgement.
• Insufficient local oversight and substance. Offshore parent controls all material decisions; Singapore entity has no meaningful operational infrastructure. Mitigation: demonstrate genuine local operations, local staff, local IT infrastructure, board meetings held in Singapore, locally documented decision trails.
• Poor IT and BCP controls. No penetration-testing evidence, untested disaster-recovery plans. Mitigation: commission an independent IT-security assessment and conduct at least one BCP drill before lodgement.

Real-World Case Notes

Industry observers have noted several patterns from publicly available MAS communications and enforcement actions: applicants that treated the Singapore licence as a “pass-through” for offshore operations consistently faced extended queries; providers that integrated DPT services without dedicated blockchain-analytics and travel-rule infrastructure were asked to re-submit material portions of their AML/CFT programme; and entities with opaque ownership structures encountered prolonged fit-and-proper assessments. Early preparation on each of these fronts materially reduces approval timelines.

After Approval, Ongoing Obligations, Reporting and Supervisory Expectations

Obtaining the MPI licence is the beginning, not the end, of the regulatory relationship. MAS imposes ongoing obligations that licensed MPIs must observe throughout the life of the licence:

• Periodic reporting. Submit prescribed returns (financial statements, transaction data, capital-adequacy reports) to MAS on the schedule specified in licence conditions.
• Capital maintenance. Maintain the minimum base capital (S$250,000, per MAS Guidelines) at all times; notify MAS promptly if capital falls below the required threshold.
• Change notifications. Inform MAS of material changes to directors, CEO, substantial shareholders, outsourcing arrangements, business model or payment services offered, before the change takes effect, where possible.
• AML audits. Conduct and submit independent AML/CFT programme reviews at least annually.
• Inspection readiness. Be prepared for on-site or thematic inspections by MAS at any time.
• Consumer-protection obligations. Comply with applicable safeguarding requirements for customer money and e-money float.

Reporting Obligations by Entity Type

For a comparative look at ongoing compliance in other fintech-licensing jurisdictions, readers may find our guides on launching a crypto exchange and setting up a fintech company useful.

Practical Appendices and Downloadable Resources, Templates and Specimen Wording

The following template items are provided as legal gist only and should not be submitted to MAS without review and customisation by qualified counsel. They are intended to give applicants a structural starting point.

• MPI pre-application readiness checklist, a consolidated, printable checklist of every document, form and assessment referenced in this guide.
• Sample governance clause, local executive director undertaking, see specimen wording in the Governance section above.
• Sample MLRO role description, job scope, reporting lines, authority to file STRs, minimum qualifications and ongoing training requirements.
• Sample board resolution, outsourcing oversight, see specimen wording in the Governance section above.
• MAS specimen forms reference list, application form, fit-and-proper declarations, organisational-structure form and financial-resources form (download from the MAS licensing page).

For custom drafting of governance undertakings, AML/CFT programmes or licence-application packs, find a qualified Singapore-based lawyer through our directory.

What to Do This Week, Three Immediate Steps (Updated 20 May 2026)

1. Run a threshold audit. Pull your last three months of transaction data for every regulated payment service and compare each against the SPI thresholds. If you breach any threshold, or project doing so within six months, begin the MPI application process immediately.
2. Appoint your MLRO and Compliance Officer. If you have not already designated named individuals with documented authority and Singapore residency, do so this week. MAS expects these roles to be filled before lodgement, not after.
3. Download and populate MAS specimen forms. Visit the MAS licensing page and the GoBusiness portal, download every required specimen form and begin populating them with current entity data. Completing this step early exposes document gaps while there is still time to address them.

Conclusion

Knowing how to get a major payment institution licence in Singapore in 2026 means more than filling in forms, it requires a genuine, well-documented governance structure, a bespoke AML/CFT programme built around your specific risk profile, demonstrable local decision-making authority and capital adequacy that satisfies MAS from the outset. The Payment Services Act licence requirements and the revised MAS Guidelines have raised the bar, and early indications suggest that the regulator continues to apply close scrutiny to applicants’ substance over form. Use the checklists, tables and specimen wording in this playbook to structure your preparation, and engage qualified Singapore-based counsel early in the process to address the governance and compliance traps that most commonly delay or derail applications. The practical appendices and resources above are designed to give you a head start, but every application is unique, and tailored legal advice remains essential.

Sources

1. Monetary Authority of Singapore, Licensing for Payment Service Providers
2. MAS, Financial Institutions Directory (MPI list)
3. MAS Guidelines on Licensing for Payment Service Providers (PS-G01, updated 8 October 2025)
4. GoBusiness, Major Payment Institution Licence
5. Allen & Gledhill, MAS Issues Revised Guidelines on Licensing for Payment Service Providers
6. Rajah & Tann Asia, MAS Revises Guidelines on Licensing for Payment Service Providers
7. Dentons Rodyk, Amendment to Guidelines on Licensing for Payment Service Providers
8. Waystone Compliance Solutions, PSA Licensing Guide
9. 2C2P, MPI Licence Announcement
10. Personal Data Protection Commission Singapore (PDPC)