Compliance Hub

Sanctions Screening for Fintechs in APAC: What MAS, BNM and BSP Require

Site Logo
Tookitaki
10 Jul 2026
6 min
read

Fintechs operating in APAC enter markets where regulators have been explicit: payment service providers, e-wallets, digital banks, and licensed lenders carry the same sanctions screening obligations as traditional banks. MAS in Singapore, BNM in Malaysia, and BSP in the Philippines have each extended their AML/CFT frameworks to cover fintech entities, and sanctions compliance is included in that extension without a lighter standard.

The compliance challenge for fintechs is operational, not legal. The legal obligation is clear. The challenge is building a screening programme that processes large transaction volumes at the speed fintech payment products require, covers the correct lists for each market, screens accurately without generating false positive volumes that exceed the capacity of a lean compliance team, and documents screening decisions in a way that satisfies regulators.

A fintech that applies a bank-grade screening programme to a consumer payment product with 500,000 daily transactions will either slow down the product with screening latency, or overwhelm its compliance team with alerts that cannot be reviewed in time. A fintech that reduces screening sensitivity to manage alert volumes creates a detection gap that regulators will find in examination.

This guide covers what each of the three main APAC regulators requires from fintech entities, and how those requirements translate into operational compliance decisions.

Talk to an Expert

MAS requirements for Singapore payment institutions

Under the Payment Services Act 2019, payment service providers in Singapore are licensed by MAS and subject to AML/CFT obligations that include sanctions screening. MAS issues Notice PSN01 (for Standard Payment Institutions) and PSN02 (for Major Payment Institutions) setting the operational requirements. The sanctions screening standard in these notices mirrors MAS Notice 626, which governs banks: the lists to screen against, the matching standard, and the response procedures are substantively the same.

Required lists: Singapore payment institutions must screen against the MAS Targeted Financial Sanctions list, UN Security Council consolidated lists, and, where relevant to their transaction flows, the OFAC SDN list. Payment institutions with cross-border transfer capabilities, particularly those processing USD transactions or transfers to and from the US, should screen OFAC as part of their baseline programme.

Travel rule compliance: Payment institutions above the Major Payment Institution threshold in Singapore are subject to the travel rule for fund transfers: they must collect, retain, and transmit originator and beneficiary information alongside fund transfers. Travel rule compliance and sanctions screening interact directly: the originator and beneficiary information collected for travel rule purposes is the data that needs to be screened before the transfer is processed.

Real-time screening requirement: MAS expects screening to run before a payment is processed, not in a batch after funds have moved. For payment products with sub-second processing expectations, this means the screening integration must operate at the latency required by the product's settlement architecture.

Scale consideration for Major Payment Institutions: A major payment institution processing millions of transactions per month needs a screening programme that can match that volume without creating a bottleneck in the payment flow. Manual-review-only workflows break at the transaction volumes fintech products generate.

For a detailed breakdown of MAS sanctions requirements including list coverage and examination findings for Singapore institutions, see our sanctions screening guide for Singapore.

BNM requirements for Malaysian PSPs and e-wallets

BNM's AML/CFT requirements apply to payment service providers and e-wallet operators with the same force as banks. BNM has been explicit that fintech licensing under its payment system framework does not reduce sanctions compliance obligations.

Required lists: BNM-licensed PSPs and e-wallets must screen against BNM's Targeted Financial Sanctions list, UN Security Council lists, and additional lists based on their transaction profile. PSPs processing cross-border remittances, particularly to markets with significant OFAC exposure, should screen OFAC alongside BNM's consolidated list.

Beneficial owner screening for corporate wallets: BNM's examination findings at fintech entities have specifically flagged the gap in beneficial owner screening for corporate wallet accounts. A PSP that screens the registered account holder but does not identify and screen the beneficial owner of a corporate account is not satisfying BNM's CDD requirements.

Without delay list updates: BNM expects new designations to be reflected in an institution's screening database on the day of publication, not at the next scheduled update cycle. For a fintech relying on manual list downloads, this creates operational risk: a new designation published on a public holiday or outside business hours may not be incorporated until the next working day.

Freeze and reporting: When a confirmed match is identified, BNM requires the institution to freeze the matched party's assets without delay and report to BNM's Financial Intelligence and Enforcement Department. The response workflow must be tested and operable at the transaction volumes the fintech processes, not just in a low-volume test environment.

For detailed BNM sanctions requirements including examination findings specific to Malaysian fintechs, see our sanctions screening guide for Malaysia. For broader AML/CFT obligations for BNM-licensed PSPs and e-wallets, see our AML compliance guide for Malaysian fintechs.

BSP requirements for Philippine payment service providers

BSP licenses payment service providers, e-money issuers, and remittance operators in the Philippines, and through its AML/CFT framework requires these institutions to maintain sanctions screening programmes.

Regulatory framework: BSP-supervised institutions comply with the Revised AML/CFT Regulatory Framework under the Anti-Money Laundering Act (AMLA) as amended by Republic Act 11521 (2021), which expanded the coverage of AML/CFT obligations to new categories of financial service providers including virtual asset service providers (VASPs) and payment service operators. The Anti-Terrorism Act of 2020 (Republic Act 11479) strengthened the terrorism financing framework and expanded the designation mechanisms the Anti-Money Laundering Council (AMLC) can use.

AMLC designation list: The AMLC maintains a list of designated terrorists and terrorist organizations under Philippine law. BSP-supervised institutions must screen against AMLC's list, UN Security Council lists, and, where relevant, OFAC. The AMLC designation list is updated when new UNSC resolutions are adopted and when domestic designations are made under the Anti-Terrorism Act.

VASPs and digital asset platforms: BSP Circular 1108 brought virtual asset service providers under BSP's AML/CFT framework. VASPs licensed by BSP have the same sanctions screening obligations as other BSP-supervised payment providers. Given the cross-border nature of virtual asset transactions, VASP exposure to OFAC-designated entities is a specific risk that BSP expects to be covered in the screening programme.

Real-time transaction screening: BSP requires transaction screening before processing for cross-border fund transfers and digital asset transactions. Batch processing that screens transactions after funds have moved does not satisfy this requirement.

Documentation: BSP examinations have flagged inadequate documentation of screening decisions as a consistent finding at fintech entities. When a compliance officer reviews a potential match and concludes it is a false positive, the basis for that conclusion must be on record.

sanctions_screening_fintechs_apac_under_200kb

The specific compliance challenges fintechs face

Traditional bank compliance programmes are built for the transaction volumes and customer onboarding rates of deposit-taking institutions. Fintech compliance programmes face three structural differences:

Transaction volume per compliance officer: A fintech payment platform with 10 compliance staff and 1 million daily transactions cannot rely on manual review for every screening alert. Screening sensitivity must be calibrated so that alerts represent a reviewable volume without creating detection gaps. This requires a screening system that reduces false positives through intelligent matching, not a system that reduces them by lowering sensitivity.

Customer onboarding at scale: Digital customer onboarding at high speed compresses the time available for sanctions screening before the customer relationship begins. Screening must run within the onboarding flow without adding latency that increases drop-off rates. Real-time screening APIs that return a result within milliseconds allow screening to run invisibly within the onboarding experience.

Cross-border transaction exposure: Payment fintechs by nature process cross-border transactions. This means exposure to a broader range of sanctions regimes than a domestic bank with a local customer base. A remittance platform sending funds to 30 countries needs list coverage that corresponds to its payment corridor exposure, not just the domestic regulator's minimum.

Lean teams, multiple regulators: A fintech licensed in Singapore, Malaysia, and the Philippines must maintain a screening programme that satisfies three different regulators, each with slightly different list requirements, reporting procedures, and examination approaches. Running three separate screening configurations, or trying to maintain manual compliance across three jurisdictions with a small team, is not operationally sustainable.

How FinCense supports fintech sanctions screening across APAC

FinCense's screening module is built to operate at fintech transaction volumes without creating processing latency. Screening runs as a real-time API call at the point of transaction initiation, returning a result before the payment is released, covering the real-time requirement across MAS, BNM, and BSP jurisdictions.

List coverage is configurable by institution and by transaction type. MAS TFS, BNM TFS, AMLC, OFAC, UN Security Council lists, and additional sources can be applied based on the payment corridor or customer profile, without running every transaction against every list. List updates are incorporated automatically on publication across all configured sources, without manual intervention.

Fuzzy matching uses NLP to handle the name variant, transliteration, and alias challenges common on APAC sanctions lists. False positive rates are reduced by up to 70% compared to exact-string matching approaches, bringing alert volumes to levels a lean compliance team can review. Matching thresholds are configurable and auditable per jurisdiction, so MAS, BNM, and BSP examination teams each see a programme calibrated for their specific requirements.

Match alerts, false positive documentation, freeze decisions, and regulatory reports are managed in a single case management environment. For a fintech operating across multiple APAC jurisdictions, this means one system of record for sanctions compliance rather than three separate workflows.

For Singapore-specific sanctions requirements in detail, see our sanctions screening guide for Singapore. For Malaysia-specific requirements, see our sanctions screening guide for Malaysia.

To see how FinCense handles sanctions screening for APAC fintechs operating across multiple jurisdictions, book a demo with our team.

Frequently asked questions

Are payment service providers in Singapore subject to the same sanctions screening requirements as banks?

Yes. MAS applies the same sanctions screening standard to payment institutions licensed under the Payment Services Act 2019 as it does to banks under Notice 626. The required lists, matching standards, and response procedures are substantively the same. Major Payment Institutions are also subject to travel rule compliance, which directly interacts with transaction-level sanctions screening.

What sanctions lists must Philippine fintechs screen against?

BSP-supervised fintechs must screen against the AMLC's designated persons list, UN Security Council consolidated lists, and, where relevant to their business, the OFAC SDN list. VASPs licensed by BSP have the same obligations as other payment service providers, with particular attention to cross-border transaction exposure.

How do fintechs manage high transaction volumes alongside real-time screening requirements?

The only sustainable approach is a screening system that operates at transaction-processing speed and reduces false positives through intelligent matching rather than lowered sensitivity. Manual review cannot scale to the transaction volumes fintech products generate. The right benchmark is a system that generates reviewable alert volumes at full transaction scale, not one that reduces alerts by compromising detection.

What is the travel rule and how does it relate to sanctions screening?

The travel rule requires payment institutions to collect, retain, and transmit originator and beneficiary information alongside fund transfers. This information is the same data that needs to be screened against sanctions lists before the transfer is processed. Compliance with the travel rule and real-time sanctions screening are therefore tightly coupled at the transaction level.

Do fintechs operating in multiple APAC jurisdictions need separate screening programmes for each regulator?

Not necessarily. The list requirements across MAS, BNM, and BSP overlap significantly. A single screening platform that can be configured with the correct list sources and threshold settings for each jurisdiction handles multi-market compliance in one system. The key is that the configuration for each jurisdiction is documented and auditable separately, so each regulator sees a programme that meets their specific requirements.

What is the most common sanctions compliance gap regulators find at APAC fintechs?

Across MAS, BNM, and BSP examination findings, the most consistent gaps are: insufficient documentation of false positive decisions, batch transaction screening instead of real-time processing, beneficial owner screening not applied to corporate accounts, and delayed list updates where new designations are not incorporated on the day of publication.

Talk to an Expert

Ready to Streamline Your Anti-Financial Crime Compliance?

Our Thought Leadership Guides

Blogs
09 Jul 2026
5 min
read

Sanctions Screening in Australia: Obligations for Banks and Financial Institutions

Sanctions compliance in Australia sits across two regulatory frameworks: DFAT's sanctions legislation and AUSTRAC's AML/CTF program requirements. This guide covers what financial institutions must screen against, who enforces what, and where compliance programmes commonly fall short.

Sanctions Screening in Australia: Obligations for Banks and Financial Institutions
Blogs
09 Jul 2026
5 min
read

Sanctions Screening in Malaysia: What BNM Requires from Banks and Fintechs

BNM requires all licensed financial institutions and payment service providers in Malaysia to screen customers and transactions against targeted financial sanctions lists. This guide covers the legal obligations, required lists, operational standards, and common examination findings.

Sanctions Screening in Malaysia: What BNM Requires from Banks and Fintechs
Blogs
06 Jul 2026
5 min
read

The Luffy Group Case: Fake Officials, Stolen ATM Cards, and the AML Trail Banks Cannot Ignore

The Luffy Group case shows how fake official scams, stolen ATM cards, rapid cash-outs, mule accounts, and cross-border fund movement can create AML risk for financial institutions.

The Luffy Group Case: Fake Officials, Stolen ATM Cards, and the AML Trail Banks Cannot Ignore