{"id":129008,"date":"2026-03-10T13:13:39","date_gmt":"2026-03-10T13:13:39","guid":{"rendered":"https:\/\/my.legal500.com\/guides\/?post_type=comparative_guide&#038;p=129008"},"modified":"2026-03-12T08:21:42","modified_gmt":"2026-03-12T08:21:42","slug":"singapore-fintech","status":"publish","type":"comparative_guide","link":"https:\/\/my.legal500.com\/guides\/chapter\/singapore-fintech\/","title":{"rendered":"Singapore: Fintech"},"content":{"rendered":"","protected":false},"template":"","class_list":["post-129008","comparative_guide","type-comparative_guide","status-publish","hentry","guides-fintech","jurisdictions-singapore"],"acf":[],"appp":{"post_list":{"below_title":"<div class=\"guide-author-details\"><span class=\"guide-author\">Drew &amp; Napier<\/span><span class=\"guide-author-logo\"><img src=\"https:\/\/my.legal500.com\/guides\/wp-content\/uploads\/sites\/1\/2019\/12\/DN_LOGO_RGB-1.jpg\"\/><\/span><\/div>"},"post_detail":{"above_title":"<div class=\"guide-author-details\"><span class=\"guide-author\">Drew &amp; Napier<\/span><span class=\"guide-author-logo\"><img src=\"https:\/\/my.legal500.com\/guides\/wp-content\/uploads\/sites\/1\/2019\/12\/DN_LOGO_RGB-1.jpg\"\/><\/span><\/div>","below_title":"<span class=\"guide-intro\">This country specific Q&amp;A provides an overview of Fintech laws and regulations applicable in Singapore<\/span><div class=\"guide-content\"><div class=\"filter\">\r\n\r\n\t\t\t\t<input type=\"text\" placeholder=\"Search questions and answers...\" class=\"filter-container__search-field\">\r\n\t\t\t<\/div>\r\n\r\n\t\t\t\r\n\r\n\r\n\t\t\t<ol class=\"custom-counter\">\r\n\r\n\t\t\t\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Who are the primary regulators overseeing fintechs in your jurisdiction, and how are regulatory boundaries evolving as innovation crosses traditional lines between payments, lending, wealth, and digital assets?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>The Monetary Authority of Singapore (\u201cMAS\u201d) is the primary regulator of Singapore\u2019s financial services industry, overseeing its financial institutions and sectors such as banking, capital markets and payments for matters concerning, among others, business conduct, investor protection, anti-money laundering and operational resilience.<\/p>\n<p>Singapore\u2019s regulatory regime is activity-based. Activities overseen by each regulator are generally distinctly demarcated, ensuring that there is no overlap in regulatory oversight over the same subject matter. This clear separation helps maintain regulatory clarity and prevents duplication of supervisory responsibilities.<\/p>\n<p>Beyond financial sector regulation, the Personal Data Protection Commission of Singapore (\u201cPDPC\u201d) regulates the collection, use, and management of personal data. This applies to all entities, irrespective of their status as financial institutions. Consequently, certain incidents may simultaneously breach multiple regulatory regimes, thereby involving more than one regulatory authority. Nevertheless, the distinct segregation of supervisory duties ensures minimal friction and prevents jurisdictional conflicts among regulators.<\/p>\n<p>As innovation blurs traditional lines between business segments, Singapore has also gradually expanded the scope of regulated activities (which remain technology agnostic). The amendments to the Payment Services Act 2019 (\u201cPS Act\u201d) in 2024 brought additional digital payment token (\u201cDPT\u201d) services within its regulatory perimeter. These amendments respond to newer crypto-native business models which have moved past simply dealing with DPTs or establishing exchanges, to providing front-ends which induce or arrange trades without taking possession of DPTs.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">As regulators adopt different rules for digital assets, AI, and consumer protection, what key regulatory and operational challenges could slow fintech innovation and growth in your jurisdiction over the next 12 months?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>While Singapore remains pro\u2011innovation, it holds higher expectations on custody and business conduct with respect to retail customers. In parallel, MAS is advancing guidance on responsible AI use by regulated financial institutions, while maintaining a strong focus on technology risk, outsourcing and operational resilience.<\/p>\n<p>As the scope of regulations expands to include newer business and operating models, these measures may modestly extend time\u2011to\u2011market, and raise compliance costs \u2014 especially for retail\u2011facing or cross\u2011border offerings. The relatively long waiting period for licence applications and approvals (at least a year as of the time of writing) definitely slows down the pace of expansion in Singapore.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Are fintechs generally required to obtain licenses or registrations to operate in your jurisdiction, and if so, which activities typically trigger those requirements (e.g., lending, payments, digital assets custody)?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Whether a fintech company must be licensed or registered in Singapore depends on its jurisdiction of incorporation, specific business activities and applicable exemptions. Relevant legislation includes:<\/p>\n<p>(a) Securities and Futures Act 2001;<br \/>\n(b) Banking Act 1970;<br \/>\n(c) Financial Advisers Act 2001;<br \/>\n(d) Payment Services Act 2019;<br \/>\n(e) Cybersecurity Act 2018;<br \/>\n(f) Insurance Act 1966;<br \/>\n(g) Moneylenders Act 2008;<br \/>\n(h) Commodity Trading Act 1992;<br \/>\n(i) Precious Stones and Precious Metals (Prevention of Money Laundering, Terrorism Financing and Proliferation Financing) Act 2019;<br \/>\n(j) Financial Services and Markets Act 2022; and<br \/>\n(k) Trust Companies Act 2005.<\/p>\n<p>Where a fintech company engages in regulated activities under these laws, it may require a licence unless applicable exemptions apply. Regulated activities include:<\/p>\n<p>(i) the operation of a cryptocurrency exchange;<br \/>\n(ii) the operation of an exchange on which capital markets products are traded;<br \/>\n(iii) the sale of fungible digital assets which constitute DPTs or capital markets products;<br \/>\n(iv) the purchase and sale of digital assets backed by commodities at spot prices; and<br \/>\n(v) the provision of custody services over fungible digital assets which constitute DPTs, digital tokens or capital markets products.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Are there emerging cross-functional or omnibus licensing regimes, such as those inspired by the U.S. GENIUS Act, the EU MiCA\/DORA frameworks, or similar integrated models, that allow a single license to cover multiple fintech activities?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Singapore does not have a single \u201comnibus\u201d licensing regime permitting a licensee to undertake broad fintech activities under a single, unified licence. Instead, in line with Singapore\u2019s activity-based, technology-agnostic approach to regulation, different fintech activities may fall to be regulated under different regulations thereby attracting distinct licensing obligations.<\/p>\n<p>However, financial institutions which hold an existing licence under a regulatory regime may be exempted from licensing under a different regulatory regime in specified circumstances. For example, a bank or merchant bank licensed under the Banking Act 1970 is exempt from the requirement of having in force a licence under the PS Act to carry on a business of providing any payment service.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">How have regulatory sandboxes, innovation offices, or digital-testing frameworks matured in 2025, and what measurable impact have they had on time-to-market or capital formation for fintech start-ups?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>The MAS FinTech Regulatory Sandbox (\u201cSandbox\u201d) allows financial institutions and fintech companies to experiment with new technologies and develop innovative financial products in a controlled environment within a defined timeframe.<\/p>\n<p>The flexibility afforded by the Sandbox is especially beneficial to start-ups as MAS may relax specific legal and regulatory requirements during the sandbox period, giving start-ups the runway to refine and test their products, possibly reducing the time-to-market for such products.<\/p>\n<p>Applications to take part in the Sandbox are processed relatively quickly. According to a written parliamentary reply published on 14 October 2025, the median processing time for Sandbox applications, from submission to outcome notification is around 3 months.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">How are regulators adapting their supervisory approaches (e.g., RegTech-enabled supervision, API-based reporting) to oversee fintechs operating across jurisdictions or with embedded finance models?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>MAS collaborates with foreign supervisory authorities through memoranda of understanding, enabling information sharing and mutual assistance in cross-border enforcement and supervision. Agreements with the Hong Kong Monetary Authority and the International Financial Services Centre Authority establish frameworks for cooperation and facilitate exchange of information between the respective authorities.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">How do your jurisdiction\u2019s securities, commodities, and banking regulators interpret tokenization, DeFi, and stablecoin products under the current legal landscape, particularly in light of the U.S. state-level stablecoin acts and MiCA implementation in the EU?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Singapore\u2019s legal regime is technology-agnostic and focuses on regulating specific underlying activities. If the tokenised product constitutes a regulated product under a given regulatory regime, then corresponding regulated activities pertaining to the regulated product may require a licence unless otherwise exempted. MAS has expressly stated that it will continue to focus on the economic substance of tokenised products in determining the applicability of regulatory requirements.<\/p>\n<p>As far as stablecoin products are concerned, MAS has recognised the potential of stablecoins as a widely used payment instrument and has proposed to introduce an additional \u201cStablecoin Issuance Service\u201d as a new regulated payment service under the PS Act. This concerns single-currency stablecoins (\u201cSCS\u201d) pegged to either the Singapore dollar, or Group of Ten (\u201cG10\u201d) currencies. SCS issued by issuers which comply with the relevant prudential and reserve requirements will be known as \u201cMAS-regulated stablecoins\u201d.<\/p>\n<p>Issuers who wish to be regulated under the new framework will be subject to additional requirements, including prudential and reserve obligations. Issuers of stablecoins other than MAS-regulated stablecoins will continue to be subject to the existing DPT regulatory regime under the PS Act. As the proposed stablecoin regime has yet to come into force, all issuers of stablecoins are currently regulated as DPT service providers under the existing PS Act.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">What are the AML\/CFT and travel-rule obligations for virtual asset service providers currently, and how do they apply to \u201cnon-custodial\u201d or \u201cself-hosted wallet\u201d models?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Virtual asset service providers must verify user and beneficial owner identities, comply with the travel rule for value transfers, and keep due diligence and transaction records for at least five years. Customers and their associates must be screened against MAS and other authorities&#8217; money laundering and terrorism-financing lists.<\/p>\n<p>Companies should align AML\/CFT policies with MAS guidelines (PSN02, PS-G02), appoint qualified compliance teams, and regularly review risks at the board level. The travel rule applies when providers act as ordering, intermediary, or beneficiary institutions in transfers involving qualifying parties.<\/p>\n<p>The travel rule does not apply to transactions with non-custodial wallets, but these are higher risk under PS-G02. Providers should enhance measures\u2014such as verifying both parties\u2019 identities, confirming beneficial owners, and increasing monitoring and screening.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">What new prudential or reserve requirements are being imposed on stablecoin issuers or custodians?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>In Singapore, once the proposed stablecoin regime comes into force, the typology of stablecoin issuers will fall into two categories: issuers of MAS-regulated stablecoins, and issuers of non-MAS regulated stablecoins.<\/p>\n<p>Issuers of MAS-regulated stablecoins are required to maintain a reserve backing of at least 100% of the value of outstanding SCS in circulation, valued daily on a mark to market basis and denominated in the peg currency. Reserve assets must comprise cash and cash equivalents, and short dated high quality debt issued by the government or central bank of the peg currency, or organisations that are of both a governmental and international character with a minimum AA credit rating. Reserves must be held in segregated accounts on trust with MAS licensed custodians, or overseas custodians rated at least A that have a MAS regulated Singapore branch.<\/p>\n<p>Prudentially, such issuers must hold base capital equal to the higher of S$1 million or 50% of annual operating expenses, and maintain liquid assets equal to the higher of 50% of annual operating expenses or an independently verified orderly wind down amount.<\/p>\n<p>Issuers of non-MAS regulated stablecoins are not subject to these SCS specific reserve and redemption requirements, and are regulated as DPT service providers under the PS Act instead. Standard payment institutions must maintain a baseline capital of S$100,000, while major payment institutions must maintain a baseline capital of at least S$250,000. These institutions must also maintain a security deposit with MAS of S$100,000 where average monthly transaction volumes for any one regulated payment service do not exceed S$6 million, and S$200,000 in all other cases.<\/p>\n<p>DPT service providers which provide custody services in respect of DPTs (stablecoins or otherwise) or DPT instruments are similarly regulated under the PS Act.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">How focused are regulators in your jurisdiction on data privacy, cybersecurity, and operational resilience for fintechs, and what enforcement or inquiry trends are emerging?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Regulated financial institutions in Singapore are subject to technology risk management and operational resilience requirements set out in the Technology Risk Management and Cyber Hygiene notices issued by MAS. These notices require financial institutions to, among others, implement controls to restrict unauthorised network traffic, implement anti\u2011malware and multi\u2011factor authentication, and maintain high availability and recovery for critical systems.<\/p>\n<p>Also notable are the Guidelines on Outsourcing issued by MAS which outline its expectations for technology risk governance by financial institutions and their oversight over third-party service providers. Further, MAS\u2019 E-Payments User Protection Guidelines outline the expected minimum protections that regulated financial institutions shall provide to individuals and sole proprietors against unauthorised or erroneous transactions on certain accounts.<\/p>\n<p>On the data privacy front, PDPC administers the Personal Data Protection Act (\u201cPDPA\u201d), which governs the collection, use and disclosure of personal data in Singapore. In 2021, the PDPA was amended to introduce criminal liability for violations. In 2022, the maximum financial penalties for breaches were also significantly increased, reflecting a stricter enforcement approach to data protection in Singapore.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">What practical steps should cryptocurrency and blockchain companies take to detect and prevent fraudulent transactions, and how can they prepare for regulatory audits, inquiries, and enforcement actions?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Cryptocurrency and blockchain companies regulated in Singapore should adopt risk-based customer due diligence and transaction monitoring per MAS Notice PSN02, including robust KYC, screening for politically exposed persons and sanctions, and source-of-funds checks for high-risk clients. On-chain analytics tools aid in identifying suspicious activity and scam connections.<\/p>\n<p>Companies should uphold board-approved policies, maintain comprehensive documentation, audit trails, and protocols for regulatory reporting. Regular audits and tamper-evident records further support compliance and regulator readiness.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">How are fintechs adapting to changing immigration frameworks, such as revisions to U.S. H-1B and digital nomad visas in the EU and Asia, to attract tech and compliance talent globally?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Singapore has established immigration policies aimed at attracting global talent. Fintechs have adapted to these policies by mapping organisational roles to Singapore immigration pathways, and putting together Singapore immigration applications in compliance with relevant requirements.<\/p>\n<p>Work passes relevant to foreign individuals in fintech include the following:<\/p>\n<p>(a) Employment Pass \u2013 for professionals, managers, and executives;<br \/>\n(b) Tech.Pass \u2013 for established tech entrepreneurs, leaders, and experts; and<br \/>\n(c) EntrePass \u2013 for foreign entrepreneurs who want to operate a business in Singapore that is venture-backed or owns innovative technologies.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">What new geopolitical or sanctions-related risks (e.g., digital asset restrictions, AML screening mandates) have emerged that affect fintech operations in cross-border markets?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Sanctions-related risks are increasingly prominent as digital assets gain wider adoption. Jurisdictions are tightening digital asset restrictions, enforcing the travel rule, and expanding AML\/CFT requirements for virtual asset service providers.<\/p>\n<p>Fintechs are responding by updating screening processes to include crypto-native identifiers, using geofencing and AI to manage access to restricted markets, and tailoring products by jurisdiction. Regulated firms should be ready for intensive reviews of their exposure to high-risk jurisdictions\u2014through correspondent or liquidity partners\u2014and should also assess exposure to dark pools that could mask transactions with sanctioned parties.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">How do immigration and workforce-mobility policies\u2014like work visas, remote-work permits, and intra-company transfers\u2014affect fintechs\u2019 ability to move key staff into new markets, and what practical steps can companies take to avoid talent shortages or delays?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\">Relocating skilled fintech professionals requires planning. Non-citizens or non-permanent residents working in Singapore need a valid work pass. While Singapore companies can hire remote workers abroad, having few connections to Singapore beyond incorporation may lessen their advantages.\r\n\r\nMany firms ensure leaders like CEOs and compliance heads are based locally to demonstrate oversight, matching MAS supervisory expectations, while other team members may work remotely.<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">How do immigration rules and visa limitations influence the speed and strategy of fintech market entry, particularly when launching operations in multiple jurisdictions?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Refer to our response to Q14 above.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">How can fintechs protect their proprietary algorithms and smart-contract code, balancing open-source use with trade-secret protections and any AI-related disclosure rules?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Singapore has a robust IP protection regime conducive to fintech innovation. Proprietary algorithms and software can be protected via three main methods:<\/p>\n<p>(a) Patent protection \u2013 Patents provide holders with exclusive rights for up to 20 years to use or otherwise take advantage of their inventions. However, patent applicants must publicly disclose the details of their invention, which may include specific algorithms or training data sets, which could expose the technology to competitors.<\/p>\n<p>(b) Copyright protection \u2013 Copyright automatically protects original works in tangible form (e.g. algorithms, software, source codes) without need for registration. However, the work must be original to qualify for such protection.<\/p>\n<p>(c) Law of confidence \u2013 Apart from contractual duties of confidence, an obligation of confidence vis-\u00e0-vis confidential information may be imposed in equity under Singapore law. Companies can seek relief if confidential information is wrongfully accessed or exploited.<\/p>\n<p>AI\u2011related transparency obligations, including facilitating the understanding of financial institutions\u2019 use of AI, can be satisfied through structured overviews of how a given AI model was designed and evaluated (i.e. model cards). Disclosures should be aligned with the Fairness, Ethics, Accountability and Transparency Principles co-created by MAS and the financial industry (\u201cFEAT Principles\u201d), which have considered the sensitive nature of proprietary algorithms and smart contract code. Expectations regarding disclosures are focused on how data is used or affects decision-making and consequences on the data subjects, not on the proprietary algorithm and code itself.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">What strategies are most effective for safeguarding trademarks and digital brands in an era of AI-generated impersonation, deepfakes, and synthetic media fraud?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Safeguarding digital brands today requires a fusion of classic trademark enforcement and modern, technology-led defences against AI-enabled impersonation, deepfakes and synthetic fraud. In Singapore, the legal bedrock remains the Trade Marks Act 1998 and the common law action for passing off.<\/p>\n<p>Singapore\u2019s trade mark registration regime grants registrants exclusive rights to use (and authorise others to use) the trade mark in relation to the goods or services for which it has been registered. Statutory remedies under the Trade Marks Act 1998 include injunctions, damages, accounts for profit and statutory damages. Unregistered trade marks may also be protected under the law of passing off. Since the law is technology agnostic, it does not matter whether infringement was done through the use of technology.<\/p>\n<p>Brands should also consider updating their supplier, agency, and influencer agreements to explicitly prohibit the creation or distribution of AI-generated content that infringes upon or impersonates their brand, or other parties\u2019 brands. These agreements can further allocate responsibilities for prompt takedown actions and include clear indemnity provisions.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">When fintechs collaborate with outside developers, partners, or open-source communities, how can they make sure they retain ownership of their technology and avoid disputes?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Fintech startups should ensure that agreements with third-party contractors expressly set out the treatment of IP developed during the course of the collaboration, whether any licences for use of such IP and non-competes are required, and consider matters dealing with moral rights. If any resources or software development kits will be provided, the agreement should expressly address ownership of not just these documents, but also any derivative works originating from these documents. Furthermore, non-disclosure agreements and confidentiality clauses should be incorporated in the agreements with such third party contractors or partners.<\/p>\n<p>When engaging open-source communities, fintechs should prefer inbound contributor licence agreements that assign or license contributions on terms compatible with commercialisation. They should avoid inadvertent contamination especially with code that is subject to copyleft permissions.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">What steps should fintechs take to detect, prevent, and respond to competitors or third parties who might copy or misuse their technology, algorithms, or branding, and how do enforcement strategies differ across jurisdictions?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Fintechs may deploy robust technical safeguards to protect proprietary software and algorithms from reverse engineering or duplication by competitors. These measures may include hosting key algorithmic logic on secure company servers, running sensitive code in isolated virtual environments, and applying runtime integrity checks to identify any attempts at tampering.<\/p>\n<p>On the monitoring side, fintechs may proactively check code repositories, package managers, app stores, domain registrations, and online marketplaces to detect unauthorised duplication, typosquatting, and malicious libraries. Continuous surveillance of these platforms can help ensure rapid response to infringement threats.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">How are jurisdictions addressing cross-border IP enforcement for fintech products involving distributed infrastructure and decentralized code bases?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Intellectual property protection remains territorial. For distributed code and infrastructure, enforcement targets access points\u2014domain registrars, hosts, app stores, payment rails\u2014and identifiable operators. Singapore enables efficient cross border action, with prompt interim relief (including Norwich Pharmacal orders), dynamic website blocking, and repository or app store takedowns, alongside robust trade mark and copyright remedies.<\/p>\n<p>International tools such as the Paris Convention and the Patent Cooperation Treaty streamline multi-jurisdictional filings, while customs measures and platform \u201cnotice and action\u201d mechanisms support evidence sharing and coordinated interventions.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">How should fintechs approach IP protection when licensing or selling software, smart contracts, or AI models to ensure ongoing control and compliance with different countries\u2019 laws?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Licences should be designed to be modular and sensitive to jurisdictional requirements. For software and smart contracts, it is critical to distinguish pure development activity from deployments that facilitate regulated activity. In cases where such facilitation occurs, licensing and regulatory implications must be evaluated in accordance with the relevant jurisdiction, particularly considering virtual asset service provider regulations. To mitigate risk, licences and agreements should address matters such as sublicensing and audit rights, security obligations, change of control provisions, export control compliance, and indemnification related to regulatory liability.<\/p>\n<p>With respect to AI models, fintechs should ensure the clear allocation of intellectual property ownership across model architecture, training code, model weights, fine-tuned derivatives, and evaluation datasets. Agreements should seek to protect commercially sensitive elements as trade secrets with confidentiality, access controls and anti\u2011reverse\u2011engineering provisions.<\/p>\n<p>It is important to define output IP and usage rights, including restrictions on model extraction, competitive benchmarking, and retraining using outputs. Additionally, compliance with the PDPA is essential when training or inferencing data are processed by AI models. Measures such as geo-fencing and sector-specific restrictions may be required to address sanctions and export control obligations. To ensure that there is ongoing control over the use of AI, there should be change of law adjustment mechanisms and step-in or suspension rights to mitigate cross border regulatory risk.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Under emerging AI-governance frameworks, such as the EU AI Act and U.S. GENIUS Act, what legal obligations apply to fintechs using AI in underwriting, robo-advisory, and fraud protection?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>While Singapore\u2019s regulatory authorities have published several whitepapers and guidelines on AI-use in operations, these are not legally binding on fintech companies generally.<\/p>\n<p>However, where a fintech is a regulated financial institution, MAS expects financial institutions to apply the FEAT Principles (refer to our response to Q16 above) when using AI and data analytics (AIDA) for decision-making in providing financial products and services. Broadly, the FEAT Principles address:<\/p>\n<p>(a) Fairness: AIDA decisions should not unjustifiably disadvantage individuals or groups. Data and models used in AIDA decisions should be regularly reviewed for accuracy, relevance and bias.<\/p>\n<p>(b) Ethics: AIDA use must align with ethical standards, and codes of conduct.<\/p>\n<p>(c) Accountability: AIDA usage must be approved by appropriate internal authorities, while data subjects should have ways to inquire, appeal and request reviews of AIDA decisions.<\/p>\n<p>(d) Transparency: AIDA use should be proactively disclosed to data subjects, with clear explanations of data usage and decision impacts.<\/p>\n<p>To minimise AIDA-related bias or discriminatory outcomes, fintech companies may utilise the FEAT Principles Assessment Methodology and open-source toolkit (\u201cVeritas Documents\u201d) developed as part of MAS\u2019 Veritas Initiative. The Veritas Documents aim to facilitate the systematic adoption of the FEAT Principles by financial institutions.<\/p>\n<p>MAS has also proposed guidelines on AI risk management for financial institutions (\u201cProposed AI Guidelines\u201d), which are aimed at complementing the FEAT Principles with specific supervisory expectations for responsible AI use, including Generative AI and AI agents. They expect financial institutions\u2019 board and senior management to maintain effective oversight and ensure AI use does not conflict with other supervisory obligations. Institutions will also be expected to implement a risk management framework covering AI identification, an accurate inventory of use cases, systems or models, and risk materiality assessments.<\/p>\n<p>Once adopted, the Proposed AI Guidelines will articulate MAS\u2019s supervisory expectations for all regulated financial institutions on a proportionate, risk-based basis. Although not legally binding, non-adherence can affect supervisory assessments.<\/p>\n<p>More recently in January 2026, the Infocomm Media Development Authority of Singapore (IMDA) published a model AI governance framework for agentic AI (\u201cAI MGF\u201d) which outlines the risks associated with agentic AI use and provides emerging best practices in managing such risks. The recommendations in the AI MGF focus on ensuring that humans remain meaningfully accountable in the agentic workflow by implementing clear allocation of responsibility both within and outside the organisation and deploying technical measures to require and facilitate human approval where appropriate.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">How can fintechs evidence algorithmic fairness, explainability, and bias mitigation in compliance with new supervisory expectations for automated credit and AML decisioning systems?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>The Proposed AI Guidelines, while still under consultation and subject to change, outline what MAS expects regulated financial institutions to implement when using AI. Where AI use has a high impact on customer outcomes and may result in unfair access or denial of financial services, MAS expects the institution to pay more attention to its deployment. Credit decisioning and insurance underwriting are cited as high-impact AI use cases. Providing evidence that these expectations are met may be key.<\/p>\n<p>To demonstrate algorithmic fairness in automated credit and AML decisioning, institutions should define protected attributes, fairness metrics and thresholds, test for disparate impact across sub-populations, and document mitigations (e.g., feature constraints, re-weighting) and decisions. Documenting controls to identify and mitigate harmful biases and discriminatory outcomes could show bias mitigation.<\/p>\n<p>When third-party AI is used for automated credit or AML decisioning, institutions can evidence fairness, explainability and bias mitigation by obtaining provider artefacts (like model cards and fairness testing summaries) and securing audit and testing rights. Maintaining effective human oversight with override or kill mechanisms is essential, as responsibility for automated credit and AML decisioning outcomes rests with the financial institution, not the AI.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">What are the IP and data-protection considerations around training proprietary AI models on financial data, and how can fintechs structure data-sharing agreements to minimize risk?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Training proprietary AI models on financial data introduces two main risk areas: liability risk exposure for use of financial data and privacy. Fintechs may mitigate these risks by clearly allocating liability risks pertaining to the use of financial data within their data-sharing agreements. For instance, if financial data is provided for specified purposes, parties should consider the remedies and loss mitigation measures should the use exceed such purposes. There may also be scenarios where the financial data provided is tainted, skewing results in a certain way, resulting in execution bias \u2013 similarly, parties should consider and set out acceptable thresholds within the agreements.<\/p>\n<p>Beyond clarifying liability risk exposure, agreements should establish clear parameters for any use of personal data in training, such as obtaining meaningful consent or relying on recognised exceptions. For cross-border data transfers, fintechs must implement protections at least equivalent to the PDPA and restrict onward transfers to jurisdictions offering comparable safeguards.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">How are regulators treating AI-driven investment or credit-decisioning tools for purposes of fiduciary duty, fair lending, and disclosure obligations under updated consumer protection frameworks?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Refer to our responses to Q22 and Q23 above.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">What emerging liability theories (e.g., negligent model governance, failure to supervise AI) could expose fintechs to enforcement or civil litigation in the next 12 months, and how should firms build defensible risk management frameworks?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Aside from potential contractual and tort liability for negligent model or algorithm development, we may see more legal risk exposure to enforcement actions for regulated institutions in instances involving insufficient human oversight (including on the end user\u2019s side when using and deploying AI agents) and deficient disclosures.<\/p>\n<p>Regulators have also stepped up their expectations regarding anti-scam controls, where non-compliance increases reimbursement exposure and supervisory action under the Shared Responsibility Framework. The framework was introduced by MAS and the Infocomm Media Development Authority of Singapore (\u201cIMDA\u201d) to combat phishing scams.<\/p>\n<p>With the rise of AI agents and their deployment across blockchains and DeFi pools, critical questions about who should be responsible for supervision of such AI agents may arise. The AI MGF could be a good starting point for firms to identify where commercial and legal risks may lie, and the controls (if any) that should be implemented to manage such risks.<\/p>\n<p>Firms should also consult the Proposed AI Guidelines and FEAT Principles in building risk management frameworks to get a flavour of MAS\u2019 supervisory expectations regarding the use of AI in the provision of regulated services and products.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">What notable examples of fintech-driven disruption or embedded finance adoption have reshaped your jurisdiction\u2019s financial landscape in the past year?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>The most notable example concerns tokenisation activities in Singapore, which have crossed an inflection point from pilot initiatives to repeatable institutional use cases. MAS has worked with financial institutions to pilot promising asset tokenisation use cases under Project Guardian. Project Guardian\u2019s industry group now comprises the Global Financial Markets Association (GFMA), International Capital Market Association (ICMA) and the International Swaps and Derivatives Association (ISDA).<\/p>\n<p>Further, under the Global Layer 1 (GL1) initiative, MAS is collaborating with various international policymakers and financial institutions to develop shared ledger infrastructure based on distributed ledger technology which permits participating jurisdictions to host tokenised financial assets while respecting the policy autonomy of such jurisdictions.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Looking ahead, which regulatory reforms or global coordination efforts\u2014such as cross-border licensing passporting or stablecoin reserve interoperability\u2014hold the greatest potential to accelerate fintech innovation?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>One catalyst for fintech innovation is the development of interoperability for stablecoin frameworks across major jurisdictions. Once in force, Singapore\u2019s single-currency stablecoin (SCS) framework will impose reserve quality, redemption at par, capital, and disclosure obligations on MAS-regulated stablecoins. As major jurisdictions implement their own regimes (for example, the EU\u2019s MiCA rules for e-money and asset-referenced tokens), the goal now is interoperability of reserve, attestation, and redemption standards so that a compliant SGD or G10-pegged stablecoin can be used predictably across venues and borders for payments and tokenised-asset settlement.<\/p>\n<p>Another catalyst is the creation of common \u201cplaybooks\u201d for tokenisation that work across markets in major jurisdictions, allowing issuers and market operators to scale without bespoke legal engineering in each jurisdiction, thus reducing time-to-market for tokenised products. Notable developments in this area are MAS\u2019 Project Guardian and the Global Layer 1 (GL1) initiative, aimed at developing shared ledger infrastructure across participating jurisdictions.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\r\n<div class=\"word-count-hidden\" style=\"display:none;\">Estimated word count: <span class=\"word-count\">4929<\/span><\/div>\r\n\r\n\t\t\t<\/ol>\r\n\r\n<script type=\"text\/javascript\" src=\"\/wp-content\/themes\/twentyseventeen\/src\/jquery\/components\/filter-guides.js\" async><\/script><\/div>"}},"_links":{"self":[{"href":"https:\/\/my.legal500.com\/guides\/wp-json\/wp\/v2\/comparative_guide\/129008","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/my.legal500.com\/guides\/wp-json\/wp\/v2\/comparative_guide"}],"about":[{"href":"https:\/\/my.legal500.com\/guides\/wp-json\/wp\/v2\/types\/comparative_guide"}],"wp:attachment":[{"href":"https:\/\/my.legal500.com\/guides\/wp-json\/wp\/v2\/media?parent=129008"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}