Payment Services Act Crypto Provisions and Requirements: What You Must Know in 2026

If you run a crypto business or trade digital assets, you can't afford to ignore the Payment Services Act crypto provisions. Different countries are enforcing strict rules - and missing a deadline could shut you down overnight. This isn't about future predictions. It's about what's active right now, in March 2026.

Singapore’s FSMA Deadline Is Already Past

Singapore’s Monetary Authority of Singapore (MAS) didn’t ask for cooperation - it demanded compliance. The Financial Services and Markets Act (FSMA) came into full force on June 30, 2025. No extensions. No grace periods. If your crypto exchange, wallet provider, or trading platform wasn’t licensed by then, you’re operating illegally.

Here’s what the rules actually mean in practice:

• You can’t let customers buy crypto with credit cards. Period.
• You must assess whether each user understands the risks before they trade. No more automated sign-ups.
• You must disclose all fees, risks, and potential losses in plain language - not fine print.
• Every transaction over a certain amount triggers the Travel Rule: you must collect and share the sender’s and receiver’s full name, account number, and address. This applies even if the transfer is between two Bitcoin wallets.

MAS doesn’t care if you’re small or new. If you serve customers in Singapore - even remotely - you’re under their jurisdiction. Many platforms shut down their Singapore-facing services entirely because the cost of compliance outweighed the market size.

Europe’s PSD2 and MiCA Overlap

In the EU, the rules are layered. The Markets in Crypto-Assets (MiCA) regulation sets the baseline for crypto asset service providers. But if your service involves moving crypto as a form of payment - like converting USDC to euros or sending ETH to pay for goods - the Payment Services Directive 2 (PSD2) also applies.

The European Banking Authority (EBA) made it clear: starting March 2, 2026, any company offering crypto-as-payment services must get PSD2 authorization. This doesn’t mean you need two licenses - it means you must meet the stricter parts of both.

Here’s what’s required under PSD2:

• Strong Customer Authentication (SCA): Every time someone accesses their custodial wallet or sends a payment, they must verify their identity with two factors - like a password and a one-time code.
• Fraud reporting: You must report any suspicious activity within 24 hours.
• Own funds calculation: You must hold enough capital to cover losses if users withdraw en masse.

But here’s the catch: if you’re just swapping Bitcoin for Ethereum, or exchanging crypto for fiat currency, that’s covered under MiCA - not PSD2. So if your platform doesn’t facilitate payments, PSD2 doesn’t apply. This distinction trips up many firms. You can’t assume one rule covers all your activities.

Japan’s Systematic Evolution

Japan’s Payment Services Act (PSA) has been evolving since 2009, but the 2025 amendment - approved by the Cabinet in March 2025 - is the biggest shift yet. While full details aren’t public yet, we know what’s already in place and what’s coming.

Current rules:

• All user crypto assets must be stored offline in cold wallets. No hot wallets allowed for customer funds.
• Exchanges must report any changes to the assets they support before listing them - not after.
• Advertising is strictly controlled. You can’t say "guaranteed returns" or use celebrity endorsements.
• Derivatives trading on crypto is now regulated separately to prevent manipulation.

The 2025 amendment expands this further. It’s expected to introduce:

• Stricter capital requirements for Type 1 license holders (full-service exchanges)
• Clearer rules for stablecoin issuance
• Expanded reporting for DeFi protocols that interact with licensed entities

Japan’s approach is methodical: fix one problem, then move to the next. But that doesn’t mean it’s easy. If you’re licensed in Japan, you’re subject to some of the most detailed oversight in the world.

The U.S. CLARITY Act: A New Roadmap

The U.S. doesn’t have a single federal law called the Payment Services Act. But the CLARITY Act - passed in late 2025 - created the closest thing. It divides crypto into three categories:

1. Digital commodities - like Bitcoin and Ethereum - regulated by the CFTC.
2. Investment contract assets - tokens that promise profits based on others’ work - regulated by the SEC.
3. Permitted payment stablecoins - pegged 1:1 to U.S. dollars and issued by approved entities - regulated by both.

This ends years of regulatory chaos. Before, the SEC sued platforms for selling unregistered securities - even if the asset was clearly a commodity. Now, if you’re trading Bitcoin, the CFTC handles it. If you’re selling a token that pays dividends, the SEC steps in.

Broker-dealers can now custody digital commodities without special permission. Exchanges can list both crypto and securities side by side. Recordkeeping rules now accept blockchain-based ledgers as official books and records.

But here’s the catch: if you’re operating across state lines, you still need state money transmitter licenses. CLARITY doesn’t override state law - it just clarifies federal jurisdiction.

What Happens If You Don’t Comply?

The penalties aren’t fines. They’re shutdowns.

In Singapore, MAS froze accounts and seized assets of unlicensed platforms. Customers lost access to their funds for months.

In the EU, non-compliant firms were barred from processing payments. Banks cut off their accounts. No payment rails = no business.

In Japan, unregistered exchanges lost their ability to convert yen to crypto. They became useless.

In the U.S., the SEC has already shut down over 15 platforms since January 2025 for violating CLARITY’s investment contract rules. The CFTC fined three firms for failing to report cross-border transfers.

There’s no "warning" system. You either comply - or you’re out.

How to Stay Compliant in 2026

If you operate globally, you need a three-layer compliance strategy:

1. Know your jurisdiction - Are you serving users in Singapore? Then FSMA applies. Are you processing payments in the EU? Then PSD2 kicks in. Are you based in the U.S.? Then CLARITY defines your path.
2. Map your activities - Are you just trading? Custody? Exchanging? Paying with crypto? Each triggers different rules.
3. Build for the strictest standard - If you’re licensed in Japan, apply cold storage everywhere. If you’re compliant with Singapore’s Travel Rule, apply it globally. It’s cheaper than running multiple systems.

Don’t wait for regulators to come to you. Audit your operations now. Review your user agreements. Check your KYC flows. Confirm your wallet storage. If you’re unsure, hire a compliance consultant with real experience in all four jurisdictions - not a generic crypto lawyer.

What’s Next?

By late 2026, we’ll likely see:

• More countries adopting Singapore-style Travel Rule enforcement
• Stablecoin issuers being treated like banks in the U.S. and EU
• DeFi protocols facing direct licensing requirements if they interact with regulated entities

The message is clear: crypto isn’t lawless anymore. The rules are written. The deadlines are set. The enforcement is real. Ignorance isn’t an excuse anymore - it’s a liability.