Talk to a security advisor — a free 30-minute review
AlphaCISO®
Contact us
All servicesService

Payment Services Act (PS Act)

Licensing-ready security and controls.

From licence application to ongoing supervision

The Payment Services Act 2019, administered by MAS, governs payment businesses through licensing tiers — money-changing, standard payment institution, and major payment institution. The activities it covers range across account issuance, domestic and cross-border transfers, merchant acquisition, e-money, and digital payment token (DPT) services. Your licence class shapes exactly what MAS expects of you.

Beyond the licence itself, payment institutions carry technology risk and cyber hygiene obligations — notably the PSN06 Notice — alongside user-protection and AML-CFT-adjacent duties. We focus on the security and technology risk dimension, both to get you licence-ready and to keep you compliant once you are operating.

How we work

  • Scope. We pin down your licence tier and regulated activities so the work matches what MAS actually requires of you.
  • Assess. We review your security and technology risk controls against PSN06 and TRM expectations.
  • Evidence. We build the control evidence a licensing review and ongoing supervision will look for.
  • Remediate. Gaps become a sequenced roadmap, prioritised by regulatory weight.

Security that survives go-live

A licence is the start, not the finish. We position your controls so they hold up under continuing MAS supervision — not just for the application window — so growth does not reopen old gaps.