Payment Services Act Crypto Provisions and Requirements: What You Must Know in 2026

If you run a crypto business or trade digital assets, you can't afford to ignore the Payment Services Act crypto provisions. Different countries are enforcing strict rules - and missing a deadline could shut you down overnight. This isn't about future predictions. It's about what's active right now, in March 2026.

Singapore’s FSMA Deadline Is Already Past

Singapore’s Monetary Authority of Singapore (MAS) didn’t ask for cooperation - it demanded compliance. The Financial Services and Markets Act (FSMA) came into full force on June 30, 2025. No extensions. No grace periods. If your crypto exchange, wallet provider, or trading platform wasn’t licensed by then, you’re operating illegally.

Here’s what the rules actually mean in practice:

You can’t let customers buy crypto with credit cards. Period.
You must assess whether each user understands the risks before they trade. No more automated sign-ups.
You must disclose all fees, risks, and potential losses in plain language - not fine print.
Every transaction over a certain amount triggers the Travel Rule: you must collect and share the sender’s and receiver’s full name, account number, and address. This applies even if the transfer is between two Bitcoin wallets.

MAS doesn’t care if you’re small or new. If you serve customers in Singapore - even remotely - you’re under their jurisdiction. Many platforms shut down their Singapore-facing services entirely because the cost of compliance outweighed the market size.

Europe’s PSD2 and MiCA Overlap

In the EU, the rules are layered. The Markets in Crypto-Assets (MiCA) regulation sets the baseline for crypto asset service providers. But if your service involves moving crypto as a form of payment - like converting USDC to euros or sending ETH to pay for goods - the Payment Services Directive 2 (PSD2) also applies.

The European Banking Authority (EBA) made it clear: starting March 2, 2026, any company offering crypto-as-payment services must get PSD2 authorization. This doesn’t mean you need two licenses - it means you must meet the stricter parts of both.

Here’s what’s required under PSD2:

Strong Customer Authentication (SCA): Every time someone accesses their custodial wallet or sends a payment, they must verify their identity with two factors - like a password and a one-time code.
Fraud reporting: You must report any suspicious activity within 24 hours.
Own funds calculation: You must hold enough capital to cover losses if users withdraw en masse.

But here’s the catch: if you’re just swapping Bitcoin for Ethereum, or exchanging crypto for fiat currency, that’s covered under MiCA - not PSD2. So if your platform doesn’t facilitate payments, PSD2 doesn’t apply. This distinction trips up many firms. You can’t assume one rule covers all your activities.

Japan’s Systematic Evolution

Japan’s Payment Services Act (PSA) has been evolving since 2009, but the 2025 amendment - approved by the Cabinet in March 2025 - is the biggest shift yet. While full details aren’t public yet, we know what’s already in place and what’s coming.

Current rules:

All user crypto assets must be stored offline in cold wallets. No hot wallets allowed for customer funds.
Exchanges must report any changes to the assets they support before listing them - not after.
Advertising is strictly controlled. You can’t say "guaranteed returns" or use celebrity endorsements.
Derivatives trading on crypto is now regulated separately to prevent manipulation.

The 2025 amendment expands this further. It’s expected to introduce:

Stricter capital requirements for Type 1 license holders (full-service exchanges)
Clearer rules for stablecoin issuance
Expanded reporting for DeFi protocols that interact with licensed entities

Japan’s approach is methodical: fix one problem, then move to the next. But that doesn’t mean it’s easy. If you’re licensed in Japan, you’re subject to some of the most detailed oversight in the world.

Split-screen crypto platform showing compliance requirements across Singapore, EU, and U.S.

The U.S. CLARITY Act: A New Roadmap

The U.S. doesn’t have a single federal law called the Payment Services Act. But the CLARITY Act - passed in late 2025 - created the closest thing. It divides crypto into three categories:

Digital commodities - like Bitcoin and Ethereum - regulated by the CFTC.
Investment contract assets - tokens that promise profits based on others’ work - regulated by the SEC.
Permitted payment stablecoins - pegged 1:1 to U.S. dollars and issued by approved entities - regulated by both.

This ends years of regulatory chaos. Before, the SEC sued platforms for selling unregistered securities - even if the asset was clearly a commodity. Now, if you’re trading Bitcoin, the CFTC handles it. If you’re selling a token that pays dividends, the SEC steps in.

Broker-dealers can now custody digital commodities without special permission. Exchanges can list both crypto and securities side by side. Recordkeeping rules now accept blockchain-based ledgers as official books and records.

But here’s the catch: if you’re operating across state lines, you still need state money transmitter licenses. CLARITY doesn’t override state law - it just clarifies federal jurisdiction.

What Happens If You Don’t Comply?

The penalties aren’t fines. They’re shutdowns.

In Singapore, MAS froze accounts and seized assets of unlicensed platforms. Customers lost access to their funds for months.

In the EU, non-compliant firms were barred from processing payments. Banks cut off their accounts. No payment rails = no business.

In Japan, unregistered exchanges lost their ability to convert yen to crypto. They became useless.

In the U.S., the SEC has already shut down over 15 platforms since January 2025 for violating CLARITY’s investment contract rules. The CFTC fined three firms for failing to report cross-border transfers.

There’s no "warning" system. You either comply - or you’re out.

Compliance officer surrounded by holograms of crypto regulations and a ticking deadline.

How to Stay Compliant in 2026

If you operate globally, you need a three-layer compliance strategy:

Know your jurisdiction - Are you serving users in Singapore? Then FSMA applies. Are you processing payments in the EU? Then PSD2 kicks in. Are you based in the U.S.? Then CLARITY defines your path.
Map your activities - Are you just trading? Custody? Exchanging? Paying with crypto? Each triggers different rules.
Build for the strictest standard - If you’re licensed in Japan, apply cold storage everywhere. If you’re compliant with Singapore’s Travel Rule, apply it globally. It’s cheaper than running multiple systems.

Don’t wait for regulators to come to you. Audit your operations now. Review your user agreements. Check your KYC flows. Confirm your wallet storage. If you’re unsure, hire a compliance consultant with real experience in all four jurisdictions - not a generic crypto lawyer.

What’s Next?

By late 2026, we’ll likely see:

More countries adopting Singapore-style Travel Rule enforcement
Stablecoin issuers being treated like banks in the U.S. and EU
DeFi protocols facing direct licensing requirements if they interact with regulated entities

The message is clear: crypto isn’t lawless anymore. The rules are written. The deadlines are set. The enforcement is real. Ignorance isn’t an excuse anymore - it’s a liability.

Do I need a license if I only trade crypto for myself?

No. Personal trading is not regulated. The Payment Services Act rules only apply to businesses that offer services to others - like exchanges, wallets, or payment processors. If you’re buying and selling crypto on your own, you’re not subject to these requirements.

Can I use one compliance system for all countries?

Not really. Each jurisdiction has different rules. Singapore requires Travel Rule compliance and bans credit card purchases. The EU demands Strong Customer Authentication. Japan requires cold storage. The U.S. requires asset classification. You can design a system that meets the strictest standard - but you still need to verify each country’s specific legal interpretation.

What happens if my platform is registered in one country but serves users in another?

You’re subject to the rules of every country where users are located. If your platform is registered in Japan but a user in Singapore makes a transaction, you must comply with Singapore’s FSMA rules for that user. Jurisdiction is based on user location - not where your company is incorporated.

Are stablecoins treated differently under these laws?

Yes. In the EU and U.S., stablecoins pegged to fiat currency and issued by regulated entities are treated as payment instruments or permitted payment assets. In Singapore, they’re classified as digital tokens and subject to full FSMA rules. Japan treats them as crypto assets with special oversight. Their regulatory treatment is stricter than other crypto assets because they’re designed for everyday payments.

Is DeFi covered under these regulations?

Indirectly. If a DeFi protocol interacts with a licensed entity - like a regulated exchange or wallet provider - that entity must ensure compliance. The protocol itself isn’t licensed, but the regulated partner must monitor and report any activity that violates rules. The U.S. CLARITY Act explicitly allows exemptions for certain DeFi activities, but only if they don’t involve intermediaries subject to regulation.

Tags: Payment Services Act crypto regulations crypto compliance Travel Rule MiCA PSD2 Japan PSA Singapore FSMA

March 22 2026
Terri DeLange
11 Comments
Permalink

Written by: Terri DeLange

View all posts by: Terri DeLange

11 Comments

kavya barikar
March 22, 2026 AT 09:16

Regulation isn't oppression. It's the price of legitimacy.
Crypto needed this. No more gray zones.
Now we can build something real.
aravindsai pandla
March 22, 2026 AT 10:06

Clear rules are better than chaos. I’ve seen startups collapse because they assumed ‘crypto = no rules.’
Now they’re gone. This is protection, not punishment.
namrata singh
March 24, 2026 AT 05:02

I read this and just… paused.
It’s wild how much has changed in two years.
Remember when we joked about Bitcoin being cash for criminals?
Now the regulators are the ones with the checklist.
I wonder if the kids starting out today even remember the wild west days.
Or if they’ll just see this as ‘how it’s always been.’
That’s the real shift.
Not the laws.
But the assumption that they exist.
Andrea Zaszczynski
March 25, 2026 AT 23:55

Why is everyone acting like this is new? The SEC has been suing people since 2017.
Japan’s been locking up wallets since 2018.
Singapore banned credit cards in 2021.
Stop pretending this is a surprise. It’s just now hitting the mainstream news.
Cordany Harper
March 26, 2026 AT 16:59

As someone who’s been in this space since 2015 - I’m actually kinda proud.
We survived the scams, the crashes, the ‘it’s a bubble’ nonsense.
Now the suits are finally catching up - and they’re not wrong.
It’s not about killing crypto.
It’s about making it not suck for normal people.
And honestly? That’s the win.
Also - cold storage? YES. Why are we still letting exchanges hold our coins hot? 🤦‍♂️
DarShawn Owens
March 28, 2026 AT 01:06

Love how this breaks it down by region. So many people think ‘crypto law’ is one thing.
It’s like trying to drive in 5 countries with one license.
Good reminder to check local rules - even if you’re ‘global’.
manoj kumar
March 28, 2026 AT 03:24

Wow. Another ‘compliance guide’ pretending this is helpful.
Everyone knows the rules.
What no one talks about is how 90% of these firms are just paying lawyers to rubber-stamp their fake KYC.
And regulators? They’re too busy chasing headlines to audit the real stuff.
So yeah - keep your ‘compliance strategy.’
It’s theater.
vu phung
March 28, 2026 AT 21:57

Let’s be real - this is the beginning of crypto’s institutionalization.
PSD2 + MiCA + CLARITY + FSMA - it’s not a patchwork.
It’s a framework.
And the next wave of institutional capital? They won’t touch anything that doesn’t have these boxes checked.
So if you’re building now - you’re not building for degens.
You’re building for pension funds.
And honestly? That’s the future.
It’s not sexy.
But it’s sustainable.
Lorna Gornik
March 30, 2026 AT 08:26

ok but like… what about the little guys?? 😭
like i just wanna buy eth and send it to my bro in nyc…
do i need a 300-page whitepaper now??
also pls tell me if i can still use my doge meme as a profile pic 🐶
jk… kinda 😅
Jackie Crusenberry
March 31, 2026 AT 09:44

So… what? We’re just supposed to trust the system now?
After everything? After the collapses? After the rug pulls? After the FTXs?
People don’t want rules.
They want justice.
And this? This feels like just another way to lock us out.
YANG YUE
March 31, 2026 AT 22:11

This isn’t regulation.
This is evolution.
Like when the internet went from dial-up to broadband - it got slower to set up, but faster to use.
Same here.
Now, instead of wild west chaos, we’re building digital infrastructure.
And yeah - it’s boring.
But boring is how you build empires.
Not memes.
Not moon boys.
But bricks.
And someone’s finally handing us the trowel.