MAS issues new customer protection guidelines for DPT services which will take effect from 4 October 2024.


MAS Issues Crypto Customer Protection Guidelines

April 5, 2024

The Monetary Authority of Singapore (MAS) has issued the Guidelines on Consumer Protection Measures by Digital Payment Token Service Providers (Guidelines) setting out the consumer protection measures that digital payment token (DPT) service providers (DPTSPs) must implement.

The Guidelines, which take effect on 4 October 2024, should be read together with the Payment Services Act 2019 and its regulations (see our article on MAS's proposed amendments to the Payment Services Regulations).

Determination of “Accredited Investor”

The Guidelines set out the definition of “accredited investor” for purposes of implementing consumer protection measures for DPT service customers (see our related articles on MAS’s consultation paper and response to feedback on those measures), which is consistent with how the term is defined under the Securities and Futures Act 2001. In determining AI status, DPTSPs should disclose and regularly review its methodology for valuing customers’ assets. In addition, DPT values will be considered but subject to a minimum haircut of 50% or S$200,000, whichever is lower.  

Under the Guidelines, all DPT service customers will be treated as retail customers by default.  However, a customer who meets the definition of “accredited investor” may consent to a DPTSP treating them as an accredited investor (AI) after the DPTSP gives the customer the prescribed written notification, including a general warning and a clear explanation about the effect of being classified as an AI. Customers can withdraw that consent at anytime and may also choose to be treated as an AI by one DPTSP and as a retail customer by another DPTSP.

Segregation of Customers’ Digital Assets

The table below sets out the key requirements imposed by the Guidelines on DPTSPs when safekeeping customers’ digital assets in-house or through a third-party custodian.

Prescribed Measures

A DPTSP must:

  • use different blockchain addresses to store customers’ assets from those used to store its own assets
  • determine the suitability of the safeguarding person
  • implement risk management controls, including procedures for authorising and securing transfers or withdrawal of assets and technological measures
  • ensure that DPT instruments for at least 90% of safeguarded customer assets must be stored in cold wallets
  • ensure that senior managers and personnel who control the movement of customers’ assets are Singapore residents
  • have written policies, conducting independent checks and properly segregating duties to minimise conflicts of interest
Required Disclosures

A DPTSP must disclose the following matters to its customers:

  • the extent of the safeguarding person’s liability if customers’ assets are lost due to the fraud or negligence of the safeguarding person or its agents
  • the terms and conditions the DPTSP has agreed with the third-party safeguarding person, if applicable
  • the DPTSP’s policy on storage arrangements for those customers’ assets
  • whether and how customers may authorise third parties to give or receive instructions to or from the DPTSP
  • the circumstances when assets held as collateral may be used to satisfy customer liabilities to the DPTSP
  • the fees and costs for safeguarding customers’ assets
Customer Statements of Account

A DPTSP must provide monthly statements of account to its customers, including:

  • information relating to their transactions
  • the status and movement of their safeguarded digital assets and money with the DPTSP


The regulatory approach to DPT-related services continuously evolves because the technology behind them and risks associated with them evolve as well.  DPTSPs should take advantage of the 6-monthtransition period to develop and implement measures to comply with the Guidelines in a way that corresponds to their risk profile and the complexity of their offered services and supporting technologies.

For More Information

OrionW regularly advises clients on the PS Act and fintech matters.  For more information about the PS Act and fintech regulatory compliance, or if you have questions about this article, please contact us at

Disclaimer: This article is for general information only and does not constitute legal advice.


Subscribe to
our newsletters

To subscribe, select the newsletter options that interest you (TMT, FinTech or DPC - Data Protection and Cybersecurity) and provide your details.

  • TMT - Technology, Media and Telecommunications
  • FinTech
  • DPC - Data Protection & Cybersecurity
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.