Statute Details
- Title: Corporate Service Providers Regulations 2025
- Act Code: CSPA2024-S292-2025
- Type: Subsidiary legislation (SL)
- Enacting Act: Corporate Service Providers Act 2024 (powers conferred by section 35)
- Commencement: 9 June 2025
- Current version status: Current version as at 27 Mar 2026
- Regulatory focus: Licensing/registration prerequisites, conduct duties, and AML/CFT/CPF compliance obligations for registered corporate service providers and registered qualified individuals
- Key provisions (from extract):
- Section 2: Definitions
- Section 4: Qualified individuals (definition-related provision)
- Structure: Part 1 (Preliminary); Part 2 (Prescribed requirements under Parts 2 and 3 of Act); Part 3 (Notification and electronic transaction system); Part 4 (AML/CPF/CFT duties); Part 5 (Duties of registered qualified individuals); Part 6 (Miscellaneous); Schedule (Fees)
What Is This Legislation About?
The Corporate Service Providers Regulations 2025 (“CSP Regulations”) are subsidiary legislation made under the Corporate Service Providers Act 2024. In plain language, the Regulations operationalise how the Act works in practice for corporate service providers in Singapore—particularly those who are registered under the Act and those individuals who are “qualified” to supervise and carry out regulated corporate services through ACRA’s electronic transaction system.
The Regulations do three main things. First, they set out the “plumbing” for registration and ongoing compliance: training/course requirements, “fit and proper” criteria, and what types of persons may provide corporate services. Second, they impose operational duties on registered corporate service providers, including duties to notify the Registrar and to maintain internal controls around access to ACRA’s electronic transaction system. Third—and most substantively—they prescribe detailed anti-money laundering, countering proliferation financing, and countering the financing of terrorism (AML/CPF/CFT) obligations, including customer due diligence (CDD), risk assessments, record-keeping, monitoring, internal controls, and reporting.
For practitioners, the key takeaway is that the Regulations translate broad statutory obligations into specific, enforceable requirements. They also create a compliance architecture that links (i) corporate service providers, (ii) registered qualified individuals, and (iii) authorised employees working under supervision, with clear duties and “fit and proper” expectations across the chain.
What Are the Key Provisions?
1) Preliminary framework and definitions (Part 1; Sections 1–4)
The Regulations commence on 9 June 2025 and provide definitions that govern interpretation. Section 2 is central: it defines terms such as “AML/CPF/CFT course”, “AML/CPF/CFT test”, “authorised employee”, “corporate secretarial agent”, and “customer” (in the context of a registered corporate service provider). These definitions matter because many later duties attach to these roles and relationships.
Notably, the definition of “authorised employee” is supervision-based and transaction-specific: an authorised employee is an employee appointed by a registered qualified individual to carry out ACRA transactions using the electronic transaction system, under the supervision of that registered qualified individual. This is a compliance design choice: it makes supervision and accountability explicit, rather than leaving responsibility solely at the corporate entity level.
2) Prescribed requirements for registration and “fit and proper” assessments (Part 2; Sections 5–12)
Part 2 prescribes requirements that the Act requires to be specified in Regulations. These include:
- Courses for individual applicants (Section 5): sets training requirements for individuals seeking registration as registered qualified individuals (or otherwise as required under the Act framework).
- Courses for key appointment holders of non-individual applicants (Section 6): ensures that key appointment holders of corporate applicants meet competency expectations.
- “Fit and proper” factors for key appointment holders (Section 7): sets criteria used to assess suitability.
- “Fit and proper” factors for applicants for registration as registered qualified individuals (Section 8): similarly sets suitability criteria for individuals.
- Prescribed persons who may provide corporate services (Section 9): clarifies who is eligible to provide corporate services within the regulatory regime.
- Particulars to be provided by deemed registered corporate service providers (Section 10): addresses transitional or deemed registration categories.
- “Fit and proper” factors for person acting as nominee director (Section 11): extends suitability assessment to nominee director arrangements.
- Prescribed period for appeal to Minister (Section 12): provides procedural timing for appeals.
For lawyers advising applicants, the practical importance is that “fit and proper” is not left open-ended. The Regulations provide the factors that will be used in assessments, and training requirements reduce the risk of non-compliance at the outset. In regulated corporate services, where suitability and competence are recurring themes, these provisions are often the first compliance hurdle.
3) Duties relating to notification and the electronic transaction system (Part 3; Sections 13–15)
Part 3 focuses on governance and operational controls. Registered corporate service providers must:
- Notify the Registrar (Section 13): the Regulations impose a duty to notify, ensuring that regulatory oversight is informed of relevant changes or events.
- Maintain internal policies, procedures and controls for access to the electronic transaction system (Section 14): this is directly linked to the ACRA electronic workflow. It requires structured internal controls over who can access and perform transactions.
- Assess, report and remedy (Section 15): the Regulations require action when issues arise in relation to the electronic transaction system—typically involving assessment of impact, reporting to the Registrar, and remediation.
For practitioners, these provisions are important because they create a compliance trail. If there is an access control failure, a supervision failure, or a transaction integrity issue, the Regulations provide the expected compliance steps (assessment, reporting, remedy) rather than leaving it to general duties.
4) AML/CPF/CFT obligations: CDD, monitoring, internal controls, and reporting (Part 4; Sections 16–40)
Part 4 is the most detailed and operationally significant part. It is structured into divisions:
- Division 1 (General; Sections 16–17): includes definitions and the definition of “politically-exposed person” (PEP).
- Division 2 (CDD measures under section 17(1); Sections 18–29): prescribes risk assessments, identity verification, beneficial ownership identification, customer screening, and rules on services before CDD completion, third-party reliance, simplified and enhanced CDD, PEP risk-sensitive enhanced CDD, and remote transactions.
- Division 3 (Record-keeping under section 17(5); Section 30): requires records to be kept in a specified manner.
- Division 4 (Other requirements under section 17(6); Sections 31–40): covers ongoing monitoring, group policy, duty to assess and report, audit and compliance management, employees and training, provision of information, compliance with directions, and controls for new products/practices/technologies.
In plain language, the AML/CPF/CFT framework requires registered corporate service providers to adopt a risk-based approach. They must assess risks, identify and verify customers and customers’ agents, identify and verify beneficial owners, screen customers, and apply simplified or enhanced CDD depending on risk. Enhanced CDD is required in higher-risk situations, including for certain politically-exposed persons, and the approach must be “risk-sensitive”.
The Regulations also address practical scenarios: for example, they include provisions on remote transactions (Section 28) and on whether services can be provided before completing identity verification (Section 23). They also permit performance of CDD measures by third parties (Section 24), but this is typically subject to conditions to ensure the provider can still meet regulatory standards.
Beyond CDD, Part 4 requires ongoing monitoring (Section 32), internal policies and controls (Section 33), group-level policy (Section 34), and a duty to assess and report (Section 35). It also requires audit/compliance management (Section 36), training (Section 37), and information provision and compliance with directions (Sections 38–39). Finally, it requires controls for new products, practices and technologies (Section 40), reflecting the reality that AML/CPF/CFT risk evolves with business models and tools.
5) Duties of registered qualified individuals (Part 5; Sections 41–48)
Part 5 makes the supervisory role of registered qualified individuals explicit. It includes:
- Definition for this Part (Section 41) clarifies who is covered.
- Appointment of authorised employees (Section 42): registered qualified individuals must appoint authorised employees to carry out ACRA transactions under supervision.
- Duties in respect of transactions (Section 43) and duty over authorised employees (Section 44): these provisions emphasise supervision and oversight.
- Duty to report and rectify (Section 45): if issues arise, qualified individuals must take corrective steps and report as required.
- Duty to produce documents and provide information (Section 46): supports regulatory investigations and compliance checks.
- “Fit and proper” factors for authorised employees (Section 47): extends suitability requirements to the individuals who actually execute transactions under supervision.
- Compliance with directions (Section 48): ensures qualified individuals must follow regulatory directions.
For practitioners, Part 5 is often where internal compliance systems are tested. It is not enough to have policies at the corporate level; the registered qualified individual must actively supervise, ensure authorised employees meet suitability expectations, and respond to issues through reporting and rectification.
6) Miscellaneous: offences, fees, and transitional provisions (Part 6; Sections 49–52)
Part 6 includes general duties to produce documents and provide information (Section 49), compoundable offences (Section 50), fees (Section 51), and saving and transitional provisions (Section 52). The Schedule sets out the fee structure.
How Is This Legislation Structured?
The CSP Regulations are organised to mirror the lifecycle of regulated corporate service work:
Part 1 (Preliminary) sets citation, commencement, and definitions. Part 2 prescribes requirements tied to registration and suitability, including training and “fit and proper” factors. Part 3 focuses on operational governance—notification duties and controls around ACRA’s electronic transaction system. Part 4 is the AML/CPF/CFT compliance engine, with CDD, record-keeping, ongoing monitoring, internal controls, reporting, and controls for new technologies. Part 5 assigns transaction-level and supervisory duties to registered qualified individuals and their authorised employees. Part 6 covers enforcement mechanics (including compoundable offences), fees, and transitional/saving provisions. A Schedule provides the fee details.
Who Does This Legislation Apply To?
The Regulations apply primarily to registered corporate service providers and registered qualified individuals under the Corporate Service Providers Act 2024. They also regulate the conduct of authorised employees appointed by registered qualified individuals, insofar as the Regulations impose “fit and proper” expectations and require supervision and duties relating to transactions.
In addition, the Regulations address categories such as deemed registered corporate service providers (through prescribed particulars) and persons acting as nominee directors (through “fit and proper” factors). Accordingly, the compliance perimeter is not limited to the corporate entity; it extends to the individuals who perform or supervise regulated corporate services and those who may be involved in corporate governance arrangements.
Why Is This Legislation Important?
The CSP Regulations are important because they convert the Corporate Service Providers Act 2024 into detailed compliance requirements that practitioners can implement. In the corporate services sector, regulatory risk is often operational: access to electronic systems, supervision of transaction execution, and the quality of AML/CPF/CFT controls. The Regulations directly target these risk points.
From an enforcement perspective, the Regulations provide a structured basis for regulators to assess compliance. Duties to notify, maintain internal controls, perform and evidence CDD, keep records, conduct ongoing monitoring, and respond to directions create clear standards against which conduct can be measured. The inclusion of compoundable offences and document-production duties further increases the likelihood that non-compliance will be addressed through formal regulatory action.
Practically, the Regulations require law firms and corporate service providers to invest in compliance systems: training and testing for relevant individuals, documented risk assessments, customer and beneficial owner verification processes, screening workflows, and governance around remote transactions and third-party reliance. For registered qualified individuals, the Regulations also require active supervision and accountability for authorised employees. This makes the Regulations highly relevant to compliance officers, company secretarial practices, and legal advisers supporting registration, audits, and regulatory responses.
Related Legislation
- Corporate Service Providers Act 2024
- Accountants Act 2004
- Companies Act 1967
- Legal Profession Act 1966
Source Documents
This article provides an overview of the Corporate Service Providers Regulations 2025 for legal research and educational purposes. It does not constitute legal advice. Readers should consult the official text for authoritative provisions.