Licensed under the Payment Services Act

1. About the Payment Services Act 2019

The Payment Services Act 2019 (PS Act) is Singapore's primary regulatory framework for payment services, administered by the Monetary Authority of Singapore (MAS). It came into force on 28 January 2020 and consolidates the previous Money-Changing and Remittance Businesses Act and the Payment Systems (Oversight) Act under a single activity-based licensing regime.

Under the PS Act, providers are licensed for one of three tiers based on transaction volumes and scope:

• Money-Changing Licence — limited to money-changing services only.
• Standard Payment Institution Licence (SPI) — multiple payment services with transaction caps.
• Major Payment Institution Licence (MPI) — no transaction caps; required for our scale.

bitexasia holds a Major Payment Institution licence covering the activities listed in Section 2 below.

2. Licence scope

The licence authorises bitexasia to conduct the following regulated payment services (as defined in the First Schedule of the PS Act):

• Cross-border money transfer service — enabling customers to send and receive funds across borders, denominated in fiat or digital payment tokens.
• Digital payment token service (DPT) — buying or selling digital payment tokens, facilitating the exchange of digital payment tokens, and providing custodial services for tokens on behalf of customers.
• Account issuance service — issuing and maintaining customer accounts that hold funds or digital payment tokens.
• E-money issuance service — limited scope, used for the in-platform fiat ledger backing on-exchange spot trades.

The licence does not authorise: domestic money transfer between unrelated third parties (separate licence required), merchant acquisition services, or insurance distribution.

3. Capital and segregation requirements

As an MPI we are required to maintain:

• Base capital of at least S$250,000 (we maintain materially above this threshold; precise figures are disclosed in the annual MAS Form 1 return).
• Customer funds segregation — all customer fiat balances held in segregated trust accounts at MAS-licensed banks, ring-fenced from the operating treasury. Daily reconciliation; quarterly external attestation.
• Customer DPT segregation — customer digital payment tokens held in segregated wallets, distinct from any operational tokens. On-chain segregation covered by the quarterly proof-of-reserves attestation.
• Security deposit as prescribed by MAS Notice PSN02 (held with MAS or via a bank guarantee).

4. AML / CFT obligations

We comply with the following MAS notices governing anti-money-laundering and countering the financing of terrorism for payment service providers:

• MAS Notice PSN01 — Prevention of Money Laundering and Countering the Financing of Terrorism for Specified Payment Services.
• MAS Notice PSN02 — Notice on Conduct.
• MAS Notice PSN04 — Disclosures and Communications.
• MAS Notice PSN05 — Prevention of Money Laundering and Countering the Financing of Terrorism — Digital Payment Token Service.

Key controls: identity verification at onboarding for all customers (CDD), enhanced due diligence for higher-risk profiles, ongoing transaction monitoring against sanctions and politically-exposed-persons lists, suspicious transaction reporting to the Suspicious Transaction Reporting Office (STRO) where applicable. Travel Rule compliance for cross-VASP transfers above S$1,500 implemented per the FATF Recommendation 16 timeline.

5. Technology risk management

MAS Notice 655 (Notice on Cyber Hygiene) and the Technology Risk Management Guidelines apply. Key requirements we implement:

• Cybersecurity governance with a designated Chief Information Security Officer who reports to the board's Risk Committee.
• Annual independent penetration testing (see the latest pen-test report).
• Vulnerability assessment cadence with risk-rated remediation SLAs.
• Customer authentication uniformity — phishing-resistant 2FA available for all accounts (see the FIDO2 default rollout).
• Material outsourcing arrangements subject to the Outsourcing Guidelines (Sept 2019).
• Notification to MAS within 1 hour of any "relevant incident" as defined in Notice 655.

6. Regulatory reporting cadence

Submissions to MAS during the year:

• Annual MAS Form 1 (regulatory return) — comprehensive financial, operational and transaction-volume return.
• Annual Audited Financial Statements — submitted within five months of financial year end.
• Quarterly transaction-volume returns — by activity class.
• Material change notifications — within 14 days of any material change in business, beneficial ownership, or senior management.
• Incident notifications — per Notice 655 timelines.

7. Licence verification

The licence can be verified independently on the MAS Financial Institutions Directory at eservices.mas.gov.sg/fid by entering reference number PS20210438 or by searching for "bitexasia".

For regulator-to-regulator or counterparty enquiries requiring a more detailed verification letter, contact compliance@bitexasia.com; we can arrange a direct response from our compliance team within five business days.

8. Contact

Licence and regulatory enquiries: compliance@bitexasia.com. MAS-related questions or formal counterparty diligence: include your firm's name, regulator (if applicable), and the specific information required. We respond within five business days during MAS business days.