Recent S$27.45M in AML fines underscores enforcement intensity driving compliance expenditure.

Compliance Cost Benchmark: 3.5–5.0% of Revenue

For MAS-regulated fintech entities in Singapore, regulatory compliance now constitutes an estimated 3.5–5.0% of annual operating revenue. This figure—encompassing anti-money laundering and countering the financing of terrorism (AML/CFT) programs, audit fees, licensing obligations, and ongoing reporting costs—places compliance among the top three operating expenses for most fintechs, comparable in scale to IT infrastructure or personnel budgets.

The ratio reflects the cumulative burden of multiple regulatory obligations. Fintechs operating in Singapore must secure appropriate licences under the Payment Services Act, Financial Advisers Act, Securities and Futures Act, or Insurance Act, depending on their service mix. Each licence carries its own compliance requirements: customer due diligence, enhanced due diligence for higher-risk relationships, suspicious transaction reporting to Singapore's Commercial Affairs Department, periodic account reviews, and adherence to the Personal Data Protection Act. For standard payment institutions and major payment institutions alike, these obligations are not one-off licensing events but continuous operational costs embedded in day-to-day processes.

The 3.5–5.0% range positions compliance as a structural cost of doing business in Singapore's financial ecosystem. Industry observers note that this spending level is driven not merely by the presence of regulation but by the intensity of its enforcement—a dynamic confirmed by MAS's recent actions.

MAS Enforcement Intensity: S$27.45M in AML Penalties

In 2025, the Monetary Authority of Singapore imposed composition penalties totaling S$27.45 million on nine financial institutions for breaches of AML/CFT requirements. The fines, ranging from S$1 million for LGT Bank (Singapore) Ltd. to S$5.8 million for Credit Suisse Singapore Branch, signal that MAS holds institutions accountable not only for the absence of policies but for inconsistent implementation.

Banks bore the majority of the enforcement action, accounting for S$20.4 million in penalties. Capital market services licence holders contributed S$5.25 million, and a licensed trust company was fined S$1.8 million. MAS noted in its enforcement statement that the breaches "arose out of poor or inconsistent implementation" of AML/CFT policies rather than a complete absence of controls. The shortcomings identified included deficiencies in customer due diligence, transaction monitoring, and suspicious transaction reporting procedures, with examinations conducted from early 2023 to early 2025.

The scale and breadth of these fines create a powerful compliance incentive across the sector. When MAS imposes penalties ranging from S$1 million to S$5.8 million on nine institutions simultaneously, it sends an unambiguous signal that enforcement intensity is not reserved for outliers. Every MAS-regulated entity must treat compliance expenditure not as discretionary but as a core operational requirement.

Composition Penalty (S$M) (S$M)Source: Orionmano Industries

Regulatory Architecture Drives Compliance Requirements

Singapore's regulatory framework for fintech is not governed by a single statute but by multiple overlapping legislations. Depending on the services offered, a fintech may need to comply with the Payment Services Act 2019 (payment services and digital payment tokens), the Financial Advisers Act (financial advisory services), the Securities and Futures Act (securities trading and fund management), the Insurance Act 1966 (insurance products), and the Personal Data Protection Act 2012 (data privacy and security). Each statute imposes its own licensing conditions, conduct requirements, and reporting obligations.

This multi-legislative structure is administered by a single integrated regulator. MAS regulates banking, insurance, securities, financial advisors, and payment systems—a unified approach that, as Flagright notes, "enables faster responses to emerging risks and more consistent regulatory standards across different financial services." Unlike jurisdictions with separate regulators for each sector, Singapore's integrated model means that a fintech operating multiple service lines faces a single supervisory authority with a comprehensive view of its compliance posture. The consistency of standards across the financial ecosystem raises the baseline compliance requirement for all participants.

MAS's regulatory sandbox, launched in 2016, provides a controlled environment for fintechs to test innovative products while MAS monitors risks and adjusts rules. The sandbox has supported experiments in digital payments, robo-advisors, blockchain applications, and AI-driven underwriting. However, the sandbox does not reduce compliance obligations; it delays their full force while MAS observes the product's risk profile. Once the firm exits the sandbox and scales, the full weight of AML/CFT, licensing, and reporting requirements applies.

All MAS-regulated entities must comply with strict AML/CFT guidelines that include customer due diligence, enhanced due diligence for high-risk customers, suspicious transaction reporting, and regular account reviews. The guidelines require fintechs to assess and mitigate money laundering and terrorism financing risks systematically, not merely to maintain a compliance checklist.

RegTech Investment as a Strategic Response

Both MAS and the industry are investing in technology to manage compliance costs. MAS has committed S$42 million to accelerate RegTech adoption in risk management and compliance, and an additional S$100 million in 2024 to support quantum computing and artificial intelligence applications. These investments reflect an understanding that regulatory technology—including automated transaction monitoring, AI-driven sanctions screening, and machine-learning-based suspicious activity detection—can reduce the manual labour component of compliance while potentially improving detection accuracy.

Singapore's RegTech market is supported by an estimated 900 fintech firms, of which RegTech represents approximately 15% of the landscape. The Finance & Insurance sector recorded the highest digital adoption intensity among all industries at 3.13 (on IMDA's index), and an AI adoption rate of 22.6%, placing it behind only Information & Communications and Professional Services. This digital infrastructure provides a foundation for compliance automation: a financial sector already digitised enough to operationalise model-based compliance tools.

The four MAS-issued digital bank licences create long-duration compliance needs. Each licensed digital bank requires onboarding controls, sanctions screening, transaction monitoring, fraud detection, and reporting infrastructure—not as a short-term licensing event but as a permanent operational requirement. MAS has stated that no new digital bank licences are currently being granted, meaning the existing licence holders will face sustained compliance costs without the diluting effect of new entrants.

The outlook for compliance expenditure at MAS-regulated entities points toward continued upward pressure on operating budgets. While RegTech and AI investments may eventually stabilise or reduce the cost-per-unit of compliance activities, the enforcement trend—exemplified by the S$27.45 million in 2025 penalties—suggests that regulators expect ever-higher standards of implementation. For fintechs in Singapore, compliance at 3.5–5.0% of revenue is not a peak but a baseline.