Updated AML-CFT requirements for DPT service licensees take effect from 4 April 2024, requiring (a) due diligence measures for appointing agents and (b) a group AML-CFT policy that applies to branches and subsidiaries.


MAS Updates AML-CFT Requirements for DPT Service Licensees

April 4, 2024

The Monetary Authority of Singapore (MAS) updated MAS Notice PSN02 on the Prevention of Money Laundering and Countering the Financing of Terrorism – Holders of Payment Services Licence (Digital Payment Token Service), imposing additional requirements onlicensees that provide digital payment token (DPT) services (DPT Service Licensees) relating to the prevention of money laundering and terrorism financing (ML/TF).  

The latest version of MAS Notice PSN02 will take effect on 4 April 2024.

Due Diligence Measures When Appointing Agents

Before contracting with any person to assist in providing DPT services (agent), a DPT Service Licensee must ensure that:

  • the agency agreement is in writing and approved by the DPT Service Licensee’s senior management;
  • it takes appropriate steps to identify, assess and understand the ML/TF risks relating to the places in which the agent operates;
  • it is not precluded by MAS from appointing the agent; and
  • the agent complies with its programme on anti-money laundering and countering the financing of terrorism (AML-CFT).

A DPT Service Licensee must also keep an updated list of all its agents, which is accessible upon request to MAS and other authorities from places in which the agents operate.

Financial institutions and persons who themselves carry on the business of providing DPT services would not be classified as agents.

Group AML-CFT Policy

A DPT Service Licensee incorporated in Singapore (SG DPT Service Licensee) must:

  • develop a group AML-CFT policy that complies with MAS Notice PSN02 and applies to all its Singapore and overseas branches and subsidiaries which are financial institutions; and
  • develop group policies and procedures for, to the extent permitted by applicable law, the sharing of customer, account and transaction information to the SG DPT Service Licensee’s group-level compliance, audit and AML-CFT teams, for client due diligence and ML/TF risk management purposes, including information relating to unusual activities.

If there is a conflict between the AML-CFT requirements in Singapore and the jurisdiction in which a branch or subsidiary operates, the branch or subsidiary must apply the higher standard and, if it cannot do so, the SG DPT Service Licensee must implement controls to manage any ML/TF risks and report it to MAS.

When necessary to manage ML/TF risks, a Singapore branch of a foreign DPT Service Licensee must also share customer, account and transaction information to its affiliates which are financial institutions and the entity controlling those affiliates.

Appropriate safeguards should be applied to protect the confidentiality and use of any information shared to affiliates.


DPT Service Licensees should review and, if necessary, update, their AML-CFT policies and procedures to comply with the updated AML-CFT requirements.  DPT Service Licensees should also ensure that their affiliates and staff are made aware of and receive proper training on the updated requirements.

For More Information

OrionW regularly advises clients on FinTech matters.  For more information about the regulation of payment services and cryptocurrencies in Singapore, or if you have questions about this article, please contact us at fintech@orionw.com.

Disclaimer: This article is for general information only and does not constitute legal advice.


Subscribe to
our newsletters

To subscribe, select the newsletter options that interest you (TMT, FinTech or DPC - Data Protection and Cybersecurity) and provide your details.

  • TMT - Technology, Media and Telecommunications
  • FinTech
  • DPC - Data Protection & Cybersecurity
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.