Cross-border payments in Asia-Pacific have entered a new era. With Project Nexus going live in 2025, instant payment systems across ASEAN and beyond are now interconnected in ways that were impossible just two years ago. But this new infrastructure comes with equally sophisticated compliance requirements.
For payment service providers, fintechs, and financial institutions operating across borders, the challenge isn't just technical—it's regulatory. Each jurisdiction maintains its own licensing regime, AML/KYC standards, and reporting obligations. Getting it wrong can mean regulatory action, financial penalties, or complete market exclusion.
This guide provides a practical framework for achieving and maintaining cross-border payment compliance across APAC's key markets.
The APAC Cross-Border Payment Landscape in 2026
Understanding the current landscape is essential before diving into compliance specifics. Three major developments have reshaped cross-border payments in the region:
1. Project Nexus: The New Infrastructure Standard
Project Nexus, led by the Bank for International Settlements (BIS), represents the most significant advancement in cross-border payment infrastructure in decades. Originally a proof-of-concept connecting the Eurosystem, Malaysia, and Singapore in 2022, it has evolved into a live operational network.
Live Countries (2025-2026): Indonesia, Malaysia, Philippines, Singapore, Thailand, India
Settlement Time: Under 60 seconds for most transactions
Standard: ISO 20022 messaging with standardized APIs
Governance: Nexus Global Payments (NGP) entity established
What makes Nexus different from bilateral linkages (like Singapore-Thailand PayNow-PromptPay) is its multilateral architecture. Instead of requiring separate integrations for each corridor, participants connect once to the Nexus scheme and gain access to all connected countries.
For compliance teams, Nexus introduces standardization—but also new obligations. Participants must meet Nexus scheme requirements in addition to domestic regulatory requirements.
2. Regulatory Fragmentation Persists
Despite infrastructure convergence, there is no common regulatory framework across APAC for financial services and payments. Each jurisdiction maintains distinct:
- Licensing categories and capital requirements
- AML/KYC thresholds and procedures
- Data localization and privacy rules
- Consumer protection obligations
- Reporting formats and frequencies
This fragmentation means payment providers cannot rely on a single compliance framework. A "highest common denominator" approach—designing systems to meet the strictest requirements across all markets—is often the most practical strategy.
3. Stablecoins Enter the Mainstream
Stablecoin transaction volume reached $11.4 trillion in 2025, though only around $390 billion reflected actual payment activity (versus trading and automated transfers). With the stablecoin market growing from $5.3 billion in 2020 to over $300 billion today, regulators have responded with specific frameworks.
For cross-border payments, stablecoins introduce additional compliance considerations: travel rule implementation, reserve verification, and issuer licensing that may span multiple jurisdictions.
Jurisdiction-Specific Requirements
Let's examine the licensing and compliance requirements for APAC's key payment markets:
🇸🇬 Singapore
Regulator: MAS
License: Payment Services Act (PSA)
Types: Major Payment Institution (MPI) or Standard Payment Institution (SPI)
Capital: SGD 250,000 (SPI) / SGD 1M+ (MPI)
Timeline: 6-12 months
🇭🇰 Hong Kong
Regulator: Customs & Excise
License: Money Service Operator (MSO)
Types: Type A (remittance) / Type B (currency exchange)
Capital: HKD 25M+ for certain activities
Timeline: 3-6 months
🇦🇺 Australia
Regulator: ASIC / AUSTRAC
License: AFSL + AUSTRAC registration
Types: Varies by activity
Capital: AUD 150K-500K+ total costs
Timeline: 6-18 months
🇯🇵 Japan
Regulator: FSA / JFSA
License: Funds Transfer Service Provider
Types: Type I, II, III (by transaction size)
Capital: JPY 10M-100M+
Timeline: 6-12 months
🇰🇷 South Korea
Regulator: FSC / FIU Korea
License: Electronic Financial Business
Types: Payment Service / Remittance
Capital: KRW 2B+ for larger operators
Timeline: 6-9 months
🇹🇭 Thailand
Regulator: Bank of Thailand
License: e-Payment License
Types: Varies by service type
Capital: THB 50M+ for remittance
Timeline: 6-12 months
Licensing Strategy: Build vs. Partner
For organizations entering APAC cross-border payments, there are typically three paths:
| Approach | Pros | Cons | Best For |
|---|---|---|---|
| Direct Licensing | Full control, direct relationships | Lengthy process, high cost, local presence required | Long-term strategic markets |
| Acquisition | Faster market entry, existing infrastructure | Integration complexity, inherited risks | Rapid expansion (see Ripple's Australia approach) |
| Partnership/BaaS | Lowest upfront cost, fastest launch | Margin sharing, dependency on partner | Market testing, lower-volume corridors |
AML/KYC Framework: The Highest Common Denominator
Cross-border payment compliance hinges on robust AML/KYC frameworks. The challenge: requirements vary significantly across jurisdictions, but you need a unified system that satisfies all of them.
Customer Due Diligence (CDD) Matrix
Different jurisdictions have different thresholds for simplified, standard, and enhanced due diligence. Here's a practical matrix for key APAC markets:
| Jurisdiction | Simplified CDD Threshold | EDD Triggers | Source of Funds Required |
|---|---|---|---|
| Singapore | SGD 5,000 (single) / 20,000 (annual) | High-risk countries, PEPs, complex structures | Above SGD 20,000 |
| Hong Kong | HKD 8,000 (occasional) | High-risk factors, PEPs, unusual patterns | Risk-based |
| Australia | AUD 10,000 (reporting) | High-risk indicators, PEPs, customer risk | Above AUD 10,000 or high-risk |
| Japan | JPY 2M (Type I), 300K (Type III) | High-risk countries, PEPs, corporate | Risk-based |
Design your CDD program for the lowest threshold across all operating jurisdictions. For example, if operating in both Singapore and Japan, apply standard CDD from the first transaction rather than relying on simplified procedures. This creates operational consistency and reduces the risk of jurisdiction-specific gaps.
Sanctions Screening: Multi-List Approach
Cross-border payments require screening against multiple sanctions lists:
- UN Consolidated List — Universal baseline
- OFAC SDN List — Required if touching USD or US persons
- EU Consolidated List — Required for EUR transactions
- Local Lists:
- Singapore: MAS list + domestic terrorists
- Hong Kong: UN sanctions as implemented locally
- Australia: DFAT consolidated list
- Japan: METI list for export controls
Screen at multiple points: customer onboarding, transaction initiation, and ongoing monitoring. Real-time screening is essential for instant payment networks like Project Nexus.
Travel Rule Implementation
FATF Recommendation 16 (the "travel rule") requires originator and beneficiary information to accompany wire transfers. For crypto/stablecoin transfers, this has been extended with additional technical requirements.
Current APAC implementation status:
| Jurisdiction | Traditional Payments | Crypto/Stablecoin | Threshold |
|---|---|---|---|
| Singapore | ✅ Fully implemented | ✅ PSA covered | SGD 1,500 |
| Hong Kong | ✅ Fully implemented | ✅ AMLO coverage | All transfers |
| Japan | ✅ Fully implemented | ✅ JFSA guidance | All transfers |
| Australia | ✅ IFTI reporting | ⏳ Developing | AUD 10,000+ |
| South Korea | ✅ Fully implemented | ✅ DABA requirements | USD 1,000 equivalent |
Practical Implementation: A 5-Step Framework
Based on successful cross-border payment deployments across APAC, here's a practical implementation framework:
Map Your Regulatory Footprint
Before building anything, create a comprehensive regulatory matrix. For each jurisdiction where you will send, receive, or facilitate payments, document:
- Applicable licensing requirements
- AML/KYC obligations and thresholds
- Data localization requirements
- Consumer protection rules
- Reporting obligations and formats
Output: Jurisdiction-by-requirement matrix with gap analysis
Design Unified Compliance Architecture
Based on your regulatory matrix, design a compliance system that meets the highest standard across all jurisdictions. Key components:
- Identity Verification: Document types accepted per jurisdiction, liveness detection, watchlist screening
- Transaction Monitoring: Rules engine with jurisdiction-specific thresholds
- Sanctions Screening: Multi-list, real-time screening with fuzzy matching
- Case Management: Investigation workflows with jurisdiction-specific escalation
- Reporting: Automated STR/SAR generation in required formats
Establish Local Presence & Licensing
Determine your licensing strategy per market (direct, acquisition, or partnership). For direct licensing:
- Establish local entity (usually required)
- Appoint local responsible officers / compliance heads
- Prepare application documentation
- Engage with regulators (pre-application meetings where available)
- Budget for 6-18 month timelines
Integrate with Payment Infrastructure
Connect to relevant payment systems and networks:
- Project Nexus: If operating in ASEAN+India, evaluate Nexus participation through your banking partners
- Bilateral Links: PayNow-PromptPay, PayNow-DuitNow, etc.
- SWIFT gpi: For traditional correspondent banking
- Card Networks: Visa Direct, Mastercard Send
- Local Rails: FAST (SG), FPS (HK), NPP (AU), Zengin (JP)
Implement Ongoing Compliance Operations
Compliance is not a one-time setup. Establish continuous operations:
- Regulatory Monitoring: Track changes across all jurisdictions
- Periodic Reviews: Customer risk re-assessment, control testing
- Audit Preparation: Maintain audit trails, document decisions
- Training: Jurisdiction-specific training for staff
- Incident Response: Breach notification procedures per jurisdiction
Project Nexus Compliance Specifics
For organizations participating in Project Nexus (directly or through banking partners), additional compliance considerations apply:
Stablecoin-Specific Considerations
If your cross-border payment operations involve stablecoins, additional compliance layers apply:
Jurisdictional Classification
Stablecoins are classified differently across APAC:
- Singapore: Digital Payment Tokens (DPT) under PSA; single-currency stablecoins may be treated as e-money
- Hong Kong: Stablecoin Bill (2024) creates specific licensing for fiat-referenced stablecoins
- Japan: Payment-type stablecoins under Banking Act; crypto-asset type under PSA
- Australia: Currently unregulated; 2026 reforms expected to address classification
Travel Rule for Stablecoins
FATF guidance requires VASPs to implement travel rule for stablecoin transfers. Technical solutions include:
- Protocol-level: TRISA, OpenVASP, Sygna Bridge
- Sunrise Issues: Handling transfers to/from unhosted wallets or non-compliant counterparties
For stablecoin cross-border payments, Singapore and Hong Kong currently offer the clearest regulatory frameworks. Consider these jurisdictions as your primary licensing base, with partnerships or limited operations in developing markets.
Common Compliance Pitfalls
Based on regulatory actions and industry experience, here are the most common compliance failures in APAC cross-border payments:
| Pitfall | Consequence | Prevention |
|---|---|---|
| Inconsistent CDD across jurisdictions | Regulatory findings, remediation costs | Unified CDD at highest standard |
| Delayed transaction monitoring updates | Missed suspicious activity | Quarterly rule reviews, scenario testing |
| Incomplete travel rule data | Rejected transactions, regulatory action | Pre-validation before sending |
| Single-list sanctions screening | Sanctions violations | Multi-list screening with local lists |
| Inadequate record retention | Audit failures, penalties | 7+ year retention (max across jurisdictions) |
| Operating without proper licensing | License denial, prosecution | License-first approach, sandbox where available |
Timeline: What's Coming in 2026-2027
Stay ahead of regulatory developments with this timeline of expected changes:
Australia: Second tranche of digital asset reforms expected, addressing common access requirements and industry standard-setting body establishment
Project Nexus: Expected expansion to additional countries beyond initial 6 (India joined late 2024)
Hong Kong: Full implementation of stablecoin licensing regime under Stablecoin Bill
Singapore: Expected updates to PSA stablecoin framework following consultation
G20 Roadmap: Target date for achieving cross-border payment targets on cost, speed, and access
Conclusion: Building for Compliance
Cross-border payment compliance in APAC is complex but manageable. The key principles:
- Map comprehensively: Understand requirements across all operating jurisdictions before building
- Design to the highest standard: A unified framework that meets the strictest requirements simplifies operations
- Embrace standardization: Project Nexus and ISO 20022 are reducing fragmentation—lean into these standards
- Stay current: Regulatory change is constant; build monitoring into your compliance operations
- Document everything: Audit trails and decision records are your protection
The infrastructure for instant, low-cost cross-border payments is now in place across APAC. The organizations that succeed will be those that can operate seamlessly across this infrastructure while maintaining rigorous compliance standards.
Need Help with Cross-Border Payment Compliance?
APAC FinStab provides regulatory intelligence and compliance frameworks for payment providers operating across Asia-Pacific.
Get in Touch →Related Reading
- Hong Kong VASP License Guide 2026
- Singapore MAS AI Guidelines 2025
- Australia AFSL Crypto License Guide
- Stablecoin Regulation: APAC Comparison
Disclaimer: This guide is for informational purposes only and does not constitute legal or regulatory advice. Requirements vary by jurisdiction and change over time. Always consult with qualified legal counsel for your specific situation.