Payment Services Act Crypto Provisions and Requirements: What You Need to Know in 2025

By June 30, 2025, any crypto platform operating in Singapore must be licensed under the Financial Services and Markets Act (FSMA) - or shut down. No extensions. No exceptions. This isn’t a warning. It’s the law. And it’s just one piece of a global patchwork of rules that now govern how crypto businesses operate, serve customers, and protect money.

Why This Matters to You

If you run a crypto exchange, wallet provider, or even a stablecoin issuer, you’re not just dealing with code and blockchain. You’re dealing with regulators who now treat digital assets like bank accounts. The Payment Services Act (PSA) and its global equivalents aren’t optional guidelines. They’re legal obligations with real consequences: fines, license revocation, or criminal charges.

It’s not just about Singapore. Japan tightened its rules in 2025. The EU is enforcing new rules in March 2026. The U.S. just passed the CLARITY Act to stop regulatory chaos. Each jurisdiction has its own version of the same question: How do we stop fraud, protect consumers, and still let innovation grow?

Singapore: Zero Tolerance, Full Compliance

Singapore’s Monetary Authority of Singapore (MAS) doesn’t play games. The FSMA rules that took effect in 2024 are among the strictest in the world. If you’re offering crypto services to anyone in Singapore - even if you’re based in London or Tokyo - you need a license by June 30, 2025.

Here’s what you absolutely must do:

• Implement the Travel Rule: For every transaction over $1,000, you must collect and send the sender’s and receiver’s full names, account numbers, and addresses. This applies to Bitcoin, Ethereum, or any stablecoin - no exceptions.
• Ban credit card purchases for crypto. No more impulse buys with plastic. MAS says this protects people from debt traps.
• Require detailed risk disclosures before anyone deposits money. No flashy ads promising 10x returns. Just facts: volatility, fees, risks.
• Perform customer suitability checks. Are they experienced? Do they understand the risks? If not, you can’t let them trade.

Failure to comply? Your platform gets blocked. No grace period. No second chance. MAS has made it clear: if you’re not licensed by June 30, you’re illegal.

Japan: Cold Storage, Clear Rules, Constant Evolution

Japan’s Payment Services Act has been evolving since 2009. The big shift came in 2019: virtual currency became crypto assets. And then came the cold storage rule - a game-changer.

By law, Japanese crypto exchanges must store at least 95% of user funds in offline wallets. No hot wallets for big holdings. No excuses. This isn’t about tech preference - it’s about theft prevention. After the 2018 Coincheck hack that lost $530 million, Japan didn’t just tighten rules. It rebuilt them.

The 2025 amendment, approved in March, added new layers:

• Exchange providers must now report changes to the crypto assets they support before listing them - not after.
• Advertising rules are stricter: no misleading claims, no fake testimonials, no promises of guaranteed returns.
• Derivatives trading involving crypto is now regulated separately to prevent manipulation.
• ICO tokens that promise profit-sharing? Those are treated as securities under the Financial Instruments and Exchange Act.

Japan’s system has three license tiers: Type 1 for full-service exchanges, Type 2 for limited services, and Type 3 for smaller players. The system is designed to scale with the market - but every tier demands accountability.

Europe: PSD2 Meets MiCA - The Hybrid Rules

The EU’s approach is more complex. Two laws overlap: the Payment Services Directive 2 (PSD2) and the Markets in Crypto-Assets (MiCA) regulation. The European Banking Authority (EBA) issued guidance in late 2024 to untangle the mess.

Here’s the key: transferring crypto assets can be treated as a payment service - but only under certain conditions.

If you’re moving crypto from one wallet to another as part of a payment (like paying for goods), you might fall under PSD2. That means you need:

• Strong Customer Authentication (SCA): Two-factor login for wallet access and transfers.
• Fraud reporting: You must report suspicious transactions to authorities.
• Own funds requirements: You must hold enough capital to cover potential losses - same as a bank.

But here’s the catch: exchanging crypto for fiat, or crypto for crypto, is not a payment service under PSD2. Those fall under MiCA. So if you’re a crypto-to-crypto exchange, you don’t need PSD2 - you need MiCA authorization.

The deadline for PSD2 compliance? March 2, 2026. And during the transition, regulators are told to use existing MiCA application data to speed things up. No double paperwork. But they won’t ignore SCA or fraud rules. Those are non-negotiable.

United States: The CLARITY Act - Ending the Wild West

The U.S. didn’t pass one law. It built a system to stop regulators from fighting each other.

The CLARITY Act, passed in early 2025, divides crypto assets into three categories:

1. Digital commodities - like Bitcoin and Ethereum. Regulated by the CFTC.
2. Investment contract assets - tokens that promise profits from others’ efforts. Regulated by the SEC as securities.
3. Permitted payment stablecoins - stablecoins tied to U.S. dollars, with reserve audits. Regulated by both the Fed and state agencies.

This ends the “regulation by enforcement” era. Before, the SEC would sue platforms for selling unregistered securities - even if the token was clearly meant as a currency. Now, if your token is a commodity, you don’t need SEC approval. You need CFTC compliance.

Broker-dealers can now legally custody and trade digital commodities. Exchanges can list them alongside securities - as long as they’re properly categorized. Recordkeeping rules now allow blockchain-based ledgers as official books. And DeFi protocols? The SEC can grant exemptions if they’re truly decentralized.

This isn’t permissive. It’s precise. You must classify every asset you handle. Get it wrong? You’re in violation.

What You Can’t Ignore: Global Compliance Costs

Running a crypto business today isn’t just about tech. It’s about legal teams, compliance officers, and audit trails.

Think about this:

• In Singapore, you need Travel Rule tech that works across all blockchains - even ones you don’t control.
• In Japan, you need cold storage infrastructure that meets government standards - and daily audits.
• In the EU, you need SCA systems that work for both fiat and crypto payments - and fraud detection that flags anomalies in real time.
• In the U.S., you need legal analysts who can classify each token under the CLARITY Act - and update classifications as markets evolve.

There’s no one-size-fits-all solution. A platform serving users in Singapore, Japan, and the EU needs four separate compliance systems. That’s expensive. That’s complex. But it’s mandatory.

What’s Next? The 2026 Horizon

By March 2026, the EU will fully enforce MiCA and PSD2. By mid-2026, expect more countries to follow Singapore’s lead: hard deadlines, no grace periods, full transparency.

Stablecoins are the next battleground. The U.S. is pushing for reserve audits. Singapore is limiting their use in retail payments. Japan is requiring issuer licensing. The EU is demanding transparency on backing assets.

And the one thing all regulators agree on? Retail investors need protection. No more fake influencers. No more “get rich quick” ads. No more letting people buy crypto with credit cards unless they’ve been properly warned.

What Should You Do Right Now?

If you’re a crypto business:

1. Map where your users are. Singapore? Japan? EU? U.S.? Each has different rules.
2. Identify which crypto assets you handle. Are they commodities? Securities? Stablecoins? Classify them now.
3. Check your tech stack. Do you have Travel Rule compliance? SCA? Cold storage? Fraud detection?
4. Start your licensing process. Deadlines aren’t coming. They’re already here.
5. Train your team. Compliance isn’t a one-time task. It’s daily work.

If you’re a user: know your rights. Ask your exchange: Are you licensed? Do you store my assets offline? Do you report transactions over $1,000? If they can’t answer, move your funds.

The age of crypto’s wild west is over. The rules are written. The deadlines are set. The regulators are watching. The only question left is: are you ready?