Singapore’s Payment Services Act

The Payments Services Act (PSA) has now been in force for several years, and many firms have received their licences, while others are still in the process of obtaining them. Whether already licensed or still awaiting in-principle or final approval, the challenges for firms are the mandatory obligations under the the Monetary Authority of Singapore’s (MAS) Payment Services Act with which they must comply on an ongoing basis. Areas of compliance largely include AML and KYC-related requirements, transaction monitoring, safeguarding of customer funds, regulatory reporting and, for some firms, trade surveillance. To ensure ongoing compliance with payment services regulations, organisations need the right interplay between technology and personnel, and to implement the right target operating model and solution design that can scale rapidly- all underpinned by a robust risk management and control framework.

How can Protiviti help your business stabilise and grow

  • Ongoing review of the business plan for a possible expansion of the licence, communication to MAS and adoption of additional compliance structures
  • New customer acquisition strategy
  • Apply for MAS’s Digital Acceleration Grant (DAG)
  • Revenue modelling
  • Organisational structure development
  • Review current state and design future state process to meet regulations
  • Regularly update TOM and solution stack for expanded regulatory supervision and reporting
  • Review business operations
  • Keep all relevant policy & procedures and SOPs updated
  • Refresh enterprise-wide risk assessment
  • Business transformation for the digital future
  • Organisational structure review to deliver change and monitor adoption
  • TRM including cybersecurity assessment
  • Implement new systems for compliance, reporting and operations
  • Build knowledge base to manage and address new PSA requirements
  • Ongoing L&D
  • Meet AML/KYC processing, assurance and reporting requirements
  • Review current operational footprint and design future state lean organisational structure to meet new regulatory obligations supported via technology
  • Build/outsource risk & compliance and internal audit functions

Find out more about risk & compliance

Compliance support

Risk management

Internal audit 

  • Preparation of licence applications
  • Develop/refresh policy & procedures
  • Outsourced compliance function
  • AML/KYC support –managed service
  • Co-sourced/outsourced
  • Risk function
  • Risk assessments
  • Model validation
  • Vendor selection –risk
  • Co-sourced/outsourced internal audit function
  • Digital & IT audits


Technology transformation

Digital enablement

Business process improvement

  • Technology, strategy and IT operations Transformation
  • Security & privacy assessments
  • Penetration testing
  • Agile software implementation
  • Full stack development
  • RPA, AI and ML in risk management
  • Cloud strategy
  • UX/UI
  • Data analytics and visualisation
  • AI-enabled forensics
  • Change management-manual to digital
  • Operating model redesign
  • Training & communication
  • Operations & process enhancement
  • Policies, Procedures & SOPs
  • Financial reporting, remediation & compliance
  • Cost & performance management


Ranadip Datta
Rana is a managing director, and a commercially focussed and highly driven risk professional.  He specialises in multi-channel complex solution consulting to the financial services sector in APAC with extensive experience in the risk, compliance, CDD and ...
Gregor Neveling
Gregor is a director with more than 20 years of experience in the financial services industry, both in Europe and Asia. He has extensive experience in corporate, retail and investment banking, wealth and asset management, compliance, AML/CFT, KYC, and risk. He started ...


April 21, 2022

PCI Security Standards Council publishes updated data security standard

DSS 4.0 addresses rapidly evolving threat environment and provides flexibility for how organisations can achieve compliance On March 31, 2022, the PCI Security Standards Council (PCI SSC) released a new version of the PCI Data Security Standard (DSS). PCI DSS 4.0 is the first revision to the DSS in almost four years. It represents a major update to the standard as...