Statute Details
- Title: Corporate Service Providers Regulations 2025
- Act Code: CSPA2024-S292-2025
- Legislative Type: Subsidiary legislation (SL)
- Enacting Act: Corporate Service Providers Act 2024 (made under section 35)
- Commencement: 9 June 2025
- Current Version: Current version as at 27 Mar 2026
- Regulatory Focus: Licensing/registration-related requirements, duties for registered corporate service providers and registered qualified individuals, and AML/CPF/CFT obligations
- Key Provisions (from extract):
- Section 2: Definitions (including “AML/CPF/CFT course”, “authorised employee”, “customer”, and “relevant offence”)
- Section 4: “Qualified individuals” (definition framework)
- Structure: Part 1 (Preliminary); Part 2 (Prescribed requirements under Parts 2 and 3 of Act); Part 3 (Notification and electronic transaction system); Part 4 (AML/CPF/CFT); Part 5 (Duties of registered qualified individuals); Part 6 (Miscellaneous); Schedule (Fees)
What Is This Legislation About?
The Corporate Service Providers Regulations 2025 (“CSP Regulations”) are subsidiary legislation made under the Corporate Service Providers Act 2024. In practical terms, the Regulations operationalise how Singapore regulates corporate service providers (“CSPs”) and, critically, the individuals who are “qualified” to supervise or carry out certain corporate services through the Accounting and Corporate Regulatory Authority (ACRA) electronic transaction system.
The Regulations do three main things. First, they set out the training and “fit and proper” requirements for applicants seeking registration (both for CSPs and for “registered qualified individuals”). Second, they impose procedural and governance duties on registered CSPs, including duties to notify the Registrar and to maintain internal controls around access to ACRA’s electronic transaction system. Third, and most substantively, they establish a detailed anti-money laundering / countering proliferation financing / countering the financing of terrorism (AML/CPF/CFT) compliance framework for registered CSPs, including customer due diligence (CDD), risk assessments, record-keeping, monitoring, and reporting.
For practitioners, the CSP Regulations are best read as a compliance “map” that translates the Act’s high-level obligations into concrete operational requirements—particularly around CDD, enhanced measures, third-party reliance, remote transactions, and the roles and responsibilities of “registered qualified individuals” and their authorised employees.
What Are the Key Provisions?
1) Preliminary definitions and the regulatory architecture (Part 1)
Part 1 contains the citation/commencement and definitions. Section 2 is especially important because it defines terms that drive the rest of the Regulations. For example, it defines an “authorised employee” as an employee appointed by a registered qualified individual to carry out ACRA transactions using the electronic transaction system, but only under the supervision of that registered qualified individual. This definition is central to how responsibility is allocated between the individual supervisor and the staff who execute transactions.
Section 2 also defines “customer” in relation to a registered CSP as the person who employs or engages the CSP to carry out corporate services on the customer’s behalf. It further defines “relevant offence” to capture offences that are relevant to “fit and proper” assessments and compliance considerations. These definitions matter because they determine who is within scope for CDD, screening, and compliance obligations.
2) Prescribed requirements for registration and “fit and proper” assessments (Part 2)
Part 2 sets out prescribed requirements under Parts 2 and 3 of the Act. The Regulations require applicants to complete approved courses and to satisfy fit and proper criteria.
Sections 5 and 6 prescribe courses for individual applicants and for key appointment holders of non-individual applicants. Sections 7 and 8 then set out “fit and proper” factors for key appointment holders of applicants for registration as registered CSPs, and for applicants for registration as registered qualified individuals. Although the extract provided does not reproduce the full list of factors, the structure indicates that the Regulations will evaluate integrity, competence, and compliance history—often including whether the person has been involved in relevant offences or has failed to comply with regulatory requirements.
Section 9 identifies prescribed persons who may provide corporate services, while Section 10 requires deemed registered CSPs to provide particulars of registered qualified individuals. Section 11 addresses “fit and proper” factors for a person acting as a nominee director, and Section 12 prescribes the period for appeal to the Minister. For counsel advising applicants, these provisions are critical because they determine eligibility and the evidential record that should be prepared for registration and ongoing compliance.
3) Notification and electronic transaction system controls (Part 3)
Part 3 focuses on governance and operational controls around the ACRA electronic transaction system. Section 13 imposes a duty to notify the Registrar. While the extract does not specify the triggers, such duties typically relate to changes in key personnel, supervisory arrangements, or matters that affect registration status.
Section 14 requires registered CSPs to maintain internal policies, procedures and controls in respect of access to the electronic transaction system. This is a compliance “control point”: the Regulations recognise that access and transaction execution are high-risk areas because they can affect corporate filings and the integrity of corporate records.
Section 15 imposes a duty to assess, report and remedy (as indicated by the heading). In practice, this likely requires CSPs to identify issues arising from the use of the electronic transaction system, report relevant matters to the Registrar, and take corrective action. For practitioners, this part is often where internal compliance frameworks are tested—especially when there are system access changes, staff turnover, or suspected errors in filings.
4) AML/CPF/CFT duties: CDD, risk assessments, monitoring, and internal controls (Part 4)
Part 4 is the most detailed and operationally significant part of the Regulations. It is divided into four divisions.
Division 1 (General) includes definitions and, notably, Section 17’s framework for AML/CPF/CFT obligations. Section 17 defines the scope of the Part, and Section 17(1) is referenced in later provisions. Section 17 also defines a “politically-exposed person” (PEP), which is important because enhanced due diligence is typically required for higher-risk categories.
Division 2 (CDD measures) sets out the CDD measures that must be performed in relation to section 17(1). Section 18 states the purpose of the Division, which is to ensure that CSPs understand and mitigate risks of money laundering, proliferation financing, and terrorism financing through customer and beneficial owner identification and verification, screening, and risk-based measures.
Sections 19 to 29 cover the core CDD workflow:
- Risk assessments (s 19): CSPs must conduct risk assessments to determine appropriate CDD measures.
- Identification and verification of customers and customers’ agents (s 20): CSPs must identify and verify identity.
- Identification and verification of beneficial owners (s 21): CSPs must identify and verify who ultimately owns or controls the customer.
- Customer screening (s 22): CSPs must screen customers (and likely related persons) against relevant lists or risk indicators.
- Provision of services before completing verification (s 23): the Regulations address when services may be provided before full verification is completed, typically subject to risk controls.
- Third-party reliance (s 24): CSPs may perform CDD through third parties, but must meet conditions.
- Simplified CDD (s 25) and Enhanced CDD (s 26): the Regulations allow different levels of CDD depending on risk.
- PEP risk-sensitive enhanced measures (s 27): enhanced CDD must be applied in a risk-sensitive way for certain PEPs.
- Remote transactions (s 28): additional requirements apply where transactions are conducted remotely.
- Risk-sensitive duty (s 29): CSPs must perform CDD on a risk-sensitive basis.
Division 3 (Record-keeping) includes Section 30, prescribing record-keeping requirements under section 17(5). This is essential for demonstrating compliance during audits, investigations, or enforcement actions.
Division 4 (Ongoing monitoring and governance) includes Sections 31 to 40. These provisions address:
- Ongoing monitoring and enhanced ongoing monitoring (s 32)
- Internal policies, procedures and controls (s 33)
- Group policy (s 34)
- Duty to assess and report (s 35)
- Audit and compliance management (s 36)
- Employees and training (s 37)
- Provision of information (s 38)
- Compliance with directions (s 39)
- New products, practices and technologies (s 40)
For counsel, Part 4 should be treated as a compliance programme standard. It is not enough to have policies on paper; the Regulations require ongoing monitoring, training, audit/compliance management, and responsive governance to new risks and technologies.
5) Duties of registered qualified individuals (Part 5)
Part 5 focuses on the individual-level obligations of registered qualified individuals. It includes:
- Appointment of authorised employees (s 42): qualified individuals may appoint authorised employees to carry out ACRA transactions under supervision.
- Duties in respect of transactions (s 43): qualified individuals must ensure transactions are handled properly.
- Duty over authorised employees (s 44): qualified individuals must supervise and ensure compliance by authorised employees.
- Duty to report and rectify (s 45): qualified individuals must address issues and report where required.
- Duty to produce documents and provide information (s 46): supports regulatory oversight.
- “Fit and proper” factors for authorised employees (s 47): indicates that even staff executing transactions must meet integrity/competence expectations.
- Compliance with directions (s 48): qualified individuals must comply with regulatory directions.
This part is particularly important in practice because it clarifies that supervision is not nominal. The Regulations create a compliance chain: authorised employees execute transactions, but the registered qualified individual retains responsibility for oversight, reporting, and rectification.
6) Miscellaneous: offences, fees, and transitional provisions (Part 6)
Part 6 includes:
- Duty to produce documents and provide information (s 49) (a general oversight provision)
- Compoundable offences (s 50) (enabling certain offences to be dealt with by composition)
- Fees (s 51) and a Schedule setting out fee details
- Saving and transitional provisions (s 52) (important for how existing registrations and compliance arrangements are treated when the Regulations commence)
How Is This Legislation Structured?
The CSP Regulations are structured to mirror the lifecycle of compliance: (1) definitions and eligibility (Part 1 and Part 2), (2) operational governance around ACRA electronic transactions (Part 3), (3) AML/CPF/CFT compliance programme requirements (Part 4), (4) individual duties of registered qualified individuals (Part 5), and (5) enforcement and administrative matters (Part 6). The Schedule provides the fee framework.
Who Does This Legislation Apply To?
The Regulations apply primarily to registered corporate service providers and registered qualified individuals (including those who supervise authorised employees). They also apply to applicants for registration, because Part 2 prescribes training and “fit and proper” requirements that must be satisfied before registration is granted.
In addition, the Regulations indirectly affect authorised employees and other persons involved in corporate service delivery, because the Regulations require that authorised employees be appointed by registered qualified individuals and meet “fit and proper” expectations. Where CSPs rely on third parties for CDD or where transactions are remote, the obligations still fall on the registered CSP to ensure compliance with the prescribed risk-based standards.
Why Is This Legislation Important?
The CSP Regulations are important because they translate the Corporate Service Providers Act 2024 into concrete compliance obligations that are enforceable in practice. For registered CSPs, the Regulations effectively require a structured compliance programme covering training, governance, electronic transaction controls, and AML/CPF/CFT risk management.
From an enforcement and risk perspective, the Regulations are significant because they impose duties that are both process-based (policies, procedures, controls, training, audits) and evidence-based (record-keeping, duties to produce documents, and reporting/rectification obligations). This means that in the event of regulatory scrutiny, the ability to demonstrate compliance through documentation and operational records will be central.
For practitioners advising CSPs, the Regulations also highlight the importance of role clarity. The supervision model—where authorised employees carry out transactions under the supervision of registered qualified individuals—creates a compliance chain that must be reflected in internal procedures, appointment records, and oversight mechanisms.
Related Legislation
- Corporate Service Providers Act 2024
- Accountants Act 2004
- Companies Act 1967
- Legal Profession Act 1966
Source Documents
This article provides an overview of the Corporate Service Providers Regulations 2025 for legal research and educational purposes. It does not constitute legal advice. Readers should consult the official text for authoritative provisions.