CSP Act 2024 and CSP Regulations 2025: Key Action Guide
CSP Act 2024 and CSP Regulations 2025: Key Action Guide
This blog aims to bring out the key action points emanating from the commencement of the CSP Act 2024 and the CSP Regulations 2025 helping businesses and professions governed by the act who are carrying out designated activities to navigate the new compliance requirements by decoding the AML, CPF, and CFT obligations they need to adhere with, the implementation challenges they face, the strategies to mitigate implementation challenges, and implementation timeline, these professions and businesses include the following:
- Corporate Service Providers (CSPs)
- Accounting Service Providers (ASPs), including Public Accounting Entities (PAEs)
- Registered Filing Agents (RFAs)
- Registered Qualified Individuals (RQIs).
The blog also includes a comparative analysis of the new CSP regulations versus the old regulations.
The Corporate Service Providers (CSP) Regulations 2025 came into effect on 9th June 2025. These regulations mark a significant step in Singapore’s efforts to enhance governance of the corporate service sector. These regulations, enacted under the Corporate Service Providers Act 2024, aim to prevent misuse of corporate structure for criminal activities like money laundering, terrorism financing (ML, TF), etc. With the global push for transparency and accountability, Singapore aimed to close regulatory gaps, strengthen due diligence requirements, and ensure that Corporate Service Providers uphold fit and proper standards.
Major Reforms: CSP Act 2024 and CSP Regulations 2025
The Corporate Service Providers Act 2024 and the new CSP regulations 2025 were both introduced to enhance the integrity and accountability of Singapore’s Corporate service providers. The new rules help increase transparency, make the system more secure, and ensure that CSPs meet high standards. Let’s discuss the major reforms in detail.
Mandatory CSP Registration
Who Must Register? All individuals or business entities that provide corporate services (like setting up companies, acting as nominee directors or shareholders, and providing registered office addresses) in Singapore must register with the Registrar of CSPs through the ACRA (Accounting and Corporate Regulatory Authority) portal before they can legally provide these services.
We are the best Anti-Money Laundering Service Provider in Singapore.
Contact us and prevent your business from being used as a conduit to commit financial crimes.
ACRA Registration Process-
Apply electronically via ACRA’s CSP Portal.
- Fill in the details of the applicant, key individuals (e.g., directors), business structure, and services offered.
- Upload supporting documents, such as Identity Proof, Proof of business address, Business plan or service scope, Compliance procedures (e.g., AML/CFT measures) etc.
- A non-refundable fee is to be paid at the time of application. The application fee for registration or renewal of registration as a CSP is $400 for 2 years of registration.
- If the applicant passes fit and proper criteria (assessment on integrity and reputation, financial soundness, competence and experience)
- Approval for registration is received typically within 30 to 60 days, unless further scrutiny is required.
A CSP licence is usually valid for 2 years, and an Application for renewal must be submitted at least 30 days before expiry.
Existing Registered Filing Agent (RFA) would be granted registration as a CSP to perform filing for their clients, until the expiry date of their current RFA registration. However, the CSP needs to update their CSP information through the General Lodgement eService on Bizfile.
And such business entities who are not registered as an RFA would have to register with ACRA as a CSP within six months of the commencement of the CSP Act i.e. 9, June ,2025.
Nominee Director & Shareholder
Appointed and Arranged by Registered CSPs
Nominee directors acting by way of business are required to have their acting arranged through registered CSPs. However, there is an exception. When an employee is appointed as director for their company or a related company, they don’t need to have their acting arranged through CSPs.
It is to be noted that registered CSPs must not arrange for a person to act as a nominee director unless satisfied that the proposed person is fit and proper.
Fit and Proper Assessment
Let us investigate the broad factors that should be considered by registered CSPs while assessing whether a person is fit and proper-
- Whether the person has been convicted of any offence involving fraud or dishonesty, or of any relevant offence (in Singapore or elsewhere).
- Whether the person is an undischarged bankrupt in Singapore or elsewhere.
- Whether the person’s previous conduct and compliance history have been satisfactory, including whether the person has been disqualified from acting as a director.
- Whether the person has the competency, capacity and capability to properly fulfil the obligations of a nominee director, considering the person’s experience and existing commitments, including the number of existing directorships.
Once the person has been appointed as a nominee director, the company should ensure that their directors (nominee or otherwise) remain fit and proper.
Identity Disclosure to ACRA
Companies now disclose the identities of nominee directors to the public and details of their nominators to ACRA.
Is your AML Compliance Fit & Proper?
Let us have your back with our Unceasing Efforts!
AML, CPF & CTF Obligations Originating from CSP Act 2024 and CSP Regulations 2025
The CSP Act 2024 and CSP Regulations 2025 pave the way for AML, CPF & CTF obligations such as:
ML, PF, and TF Risk Assessments
A registered CSP must take appropriate steps to identify, assess and understand the risks of money laundering, proliferation financing or terrorism financing (ML/PF/TF) in relation to:
- Customers
- Countries/territories where customers are from
- Countries/territories where they operate
- Products, corporate services and transactions undertaken
CSP must determine the extent of Customer Due Diligence (CDD) measures to be performed based on the customer risk assessment. And should ensure that the corresponding extent of controls is put in place to reduce these risks and prevent its business from being used for ML/PF/TF.
Customer Due Diligence (CDD) Measures
A registered CSP must perform regular CDD measures before establishing a business relationship.
CDD measures include-
- Identification and Verification of Customers by Document Collection for the purpose of ID verification
- Full Name/ Legal Name (+aliases)
- NRIC Number, Foreign Identification Number (FIN), Certificate of Birth, Passport and its number for a natural person customer
- Certificate of Incorporation, Business license, Incorporation Number or Registration Number in case of a legal entity customer
- Identification details and documents of the beneficial owner
In the event of the customer being a foreign company, the identities of the directors must be obtained and verified.
- Screening of all relevant parties against commercial databases.
- Proper identification and verification of the identities of customers and their beneficial owner(s).
- Inspecting valid government-issued identification and retention of a copy for proper CDD documentation.
- It is important to note that Simplified Customer Due Diligence measures can be carried out if the CSP believes that the risk of ML, PF, and TF is low, provided it is commensurate with the level of risks identified during risk assessment. Simplified CDD must not be conducted if the customer is from a relevant country and there is a risk that ML, PF, or TF could be carried out.
Enhanced Customer Due Diligence Measures (ECDD)
Enhanced CDD measures include:
Registered CSPs must implement Enhanced Customer Due Diligence measures with a risk-sensitive approach towards enhanced CDD, especially in the context of customers who are Politically Exposed Persons (PEP) and for specific remote transactions that involve the incorporation of a company, or the transfer of management, ownership or sale of a shelf company.
- When a customer cannot be physically present for identification, and remote customer onboarding for remote transactions takes place, the CSPs are required to conduct a live video call with:
- at least one proposed director (who is not a nominee); or
- at least one proposed member with at least 50% of the voting rights of the proposed company; or
- an authorised representative of a proposed member, if the proposed member is a legal person, and the authorised representative is an individual.
Timely. Relevant. Innovative.
Reduce the cost of AML Compliance. Go for our Managed KYC & CDD Services.
Ongoing Monitoring and Enhanced Ongoing Monitoring
CSPs must regularly review client relationships and their transactions to detect suspicious activities. A registered CSP must perform Enhanced Ongoing Monitoring to detect or prevent ML/PF/TF in respect of high-risk customers, countries that have complex or unusual transactions.
Record-Keeping
CSPs must maintain CDD records, transactions, and communications for at least 5 years. They must also ensure that data is easily retrievable and auditable when requested by ACRA or MAS.
Internal AML/CFT Program Requirements for Internal Policies, Procedures, and Controls (IPPC)
In addition to maintaining effective internal AML, CFT, and CPF policies, procedures and controls (IPPC) for preventing ML/PF/TF. Registered CSP must put in place effective IPPC across the group to ensure that only authorised employees or Registered Qualified Individuals (RQIs) engaged or appointed by the registered CSP are allowed to access the electronic transaction system. In addition, the IPPC must ensure that the transaction with ACRA on the electronic transaction system relates to a customer of the registered CSP and is authorised by that customer.
The IPPC must also provide for additional measures to mitigate the risk emanating from the introduction and development of new products or services, business practices, and delivery mechanisms for ML, PF, TF and new technologies.
Provision of Information
Under the CSP Guidelines, the registered CSP must maintain information regarding its customers and transactions with ACRA.
Information on customers:
- The total number of customers to whom they provided served corporate services
- A list containing details of the nationalities of the customers
- A list containing details of the places of residence of the customers who are natural persons
- A list containing details of the places of incorporation or formation of the customers that are legal entities or legal arrangements.
Information on transactions with ACRA as of 1 Jan of each year:
- The total number of ACRA transactions the CSP carried out for its customers
- The type of ACRA transactions the CSP carried out for its customers
- The total number of ACRA transactions carried out for persons who are not citizens or permanent residents of Singapore by the CSP
- The total number of company incorporations and registrations of businesses, limited liability partnerships and limited partnerships, carried out for non-citizens or permanent residents of Singapore
- The total number of ACRA transactions carried out for PEPs and customers from or in relevant countries that are high risk by the CSP
- The total number of company incorporations, and registrations for businesses, limited liability partnerships and limited partnerships, carried out for PEPs and customers from or in relevant countries or are high risk by the CSP.
Reporting of Suspicious Transaction (STR)
CSPs need to file STR with STRO when they are unable to perform or complete CDD measures or have reasonable grounds to suspect that the transaction may be connected to money laundering, proliferation financing or terrorism financing.
STRs must be filed promptly, as soon as reasonably practicable after establishing suspicion, i.e., no longer than 5 business days. For higher ML, FT, or PF risk cases, STRs are to be filed within one (1) business day with the Suspicious Transaction Reporting Officer (STRO) of the Commercial Affairs Department.
Let Your Reports Be as Strong
As Your Resolve Precise, Prompt, and Perfectly Pitched to the Ears of Oversight
Consequences of Non-Adherence with Compliance Requirements
- Registered CSPs and their Senior Management may be fined up to S$100,000 for each breach connected with preventing ML, FT, and PF risks.
- Registered CSP may be fined up to S$100,000 for each breach for not complying with the fit and proper requirements when arranging for a person to act as a nominee director for exceeding
- A CSP that fails to provide adequate information to ACRA or does not meet duties and responsibilities to prevent ML, PF, and TF or any RQI fails in its duties and responsibilities, then they are liable on conviction for fine not exceeding $10,000 or to imprisonment for a period not exceeding 2 years, or both.
Non-compliance can also lead to Regulatory Action, which can result in the suspension or revocation of CSP registration/license, Criminal liability for wilful or negligent non-compliance and Possible blacklisting or reputational damage.
Corporate Service Providers Navigating Through CSP Act 2024 and CSP Regulations 2025
With the enactment of the Corporate Service Providers (CSP) Act 2024 and the implementation of the CSP Regulations 2025, Corporate Service Providers (CSPs)are placed at the front line of governance, risk management, and anti-financial crime efforts.
Detailed Explanation of New Standards for CSPs
The CSP Act 2024 and CSP Regulations 2025 have introduced a comprehensive regulatory framework that mandates all Corporate Service Providers (CSPs) in Singapore to be registered and licensed by ACRA. CSPs must meet fit-and-proper criteria, renew licenses periodically, and notify ACRA of changes in business details or personnel. The regulations also impose strict AML/CFT obligations, including Customer Due Diligence (CDD), Enhanced Due Diligence (EDD) for high-risk clients such as PEPs or those from high-risk jurisdictions, record-keeping for at least five years, and prompt filing of Suspicious Transaction Reports (STRs). Additionally, CSPs must establish robust internal compliance programs, appoint compliance officers, and train staff regularly.
Under the CSP Guidelines, CSPs are also required to maintain detailed information about their customers and transactions and make such information available to ACRA upon request. This includes identity verification documents, service records, beneficial ownership data, and transactional history. With ACRA empowered to conduct unannounced inspections and enforce compliance, CSPs are now seen as regulatory gatekeepers responsible for safeguarding corporate transparency and preventing illicit financial activities in Singapore.
Implementation Challenges for CSPs in Singapore
To improve business transparency and prevent financial crimes, more stringent rules are introduced for CSPs through the CSP Act 2024 and the CSP Regulations 2025. While these reforms are crucial for raising industry standards and adhering to global best practices, they do not come without challenges for CSPs. Let’s discuss what implementation challenges new regulations bring –
Adhering to New Standards
Complying with new regulations that includes mandatory registration, enhanced AML/CFT obligations, etc requires CSP to redesign and upgrade their internal framework and governance structure. This may be unfamiliar, costly and difficult for many, especially who operates on smaller level.
Navigating Complex Regulations
The CSP regulatory framework involves multiple acts and regulations. Understanding, interpreting, and correctly applying these regulations can be a challenge, especially since ACRA or MAS may introduce changes through amendments frequently.
Implementing New Procedures
To align the current framework with the new framework, CSPs must introduce policies and procedures as per the requirement. Integrating these processes into daily existing operations requires effort, time, and careful documentation.
Training and Development
CSPs must provide regular training to staff on AML/CFT obligations, enhanced due diligence techniques, client risk indicators, and data reporting practices. However, many CSPs struggle to create or access structured training programs and sometimes lack of expertise can lead to unintentional non-compliance or exposure to regulatory penalties.
Cost of Compliance
Meeting various regulatory requirements often involve high compliance costs, including expenses related to recruitment of compliance teams and staff, external consultants, legal advisors and AML technology upgrades. These costs are especially burdensome for smaller CSPs or those with limited financial reserves.
Budget Allocation
CSPs must work on how to allocate limited budgets between core business activities and new compliance obligations. Inadequate allocation to compliance can lead to inadequate compliance infrastructure which in return increases the risk of breaches or enforcement actions by ACRA or other regulators.
Adopting Compliance Tools
There are various advanced compliance tools available in the market like e-KYC, automated risk scoring and screening, etc. CSPs face challenges in selecting the right tools that, implementing, and maintaining suitable RegTech tools, especially if they lack in-house IT or compliance specialists.
Ensuring Data Security
CSPs handle highly sensitive information, including client identities, beneficial ownership, and financial records. As regulatory reporting and digital onboarding grow, maintaining robust data security and ensuring compliance with Singapore’s Personal Data Protection Act (PDPA) becomes critical to prevent data breaches or misuse.
Identifying Vulnerabilities
Many CSPs lack the tools or expertise to detect weaknesses in their compliance systems, like gaps in documentation, poor client risk assessment, or inadequate monitoring procedures. These blind spots expose CSPs to regulatory penalties and reputational damage.
Mitigating Risks
Beyond identifying vulnerabilities, CSPs must actively develop risk mitigation strategies, such as internal audits, third-party reviews, business continuity plans, and escalation frameworks for suspicious activities. This demands strategic planning, continuous improvement, and a proactive compliance culture across the organisation.
Complete. Consistent. Accurate.
Engage us to create the most suitable AML/CFT policies and procedures for your CSP business.
Strategies for CSPs for Mitigating Implementation & Compliance Challenges
Now that we have investigated the challenges that CSPs face, let us talk about the strategies that CSPs can use to mitigate compliance challenges and help with easy implementation-
Crafting Comprehensive AML/CFT Policies
CSPs should develop a robust, risk-based AML/CFT framework, i.e., the IPPC. The internal policies and procedures must include CDD, enhanced due diligence, ongoing transaction monitoring, reporting of suspicious transactions, etc, in such a way that it aligns with both ACRA requirements and global standards. A clear roadmap makes everyday decision-making easy for CSPs and helps them be compliant, thus increasing customers’ and regulators’ trust.
Timely ACRA Registration and renewals
CSPs should have an internal system that tracks the renewal dates. CSPs must ensure that all required information—such as key personnel details, ownership structure, and business activities—is correctly submitted and notify ACRA about any changes in directorship or ownership, or any amendments to avoid penalties or operational disruptions.
Policy Gap Analysis
A policy gap analysis must be conducted to review the existing internal policies and procedures against the new CSP Act 2024 and CSP Regulations 2025 to identify areas of non-compliance or weakness. This helps CSPs understand what needs to be updated, removed, or added to meet regulatory expectations. It also supports better resource allocation and reduces the risk of regulatory breaches.
Nominee Arrangement Check
Nominee directors and shareholders are to be arranged by CSPs. The nominee director/shareholder should be checked to ensure they fulfil the “fit and proper” criteria. Reviewing their details also helps CSPs uncover the true beneficial owners, reducing the risk of being used for money laundering or tax evasion. This enhances due diligence and demonstrates transparency to regulators.
Continuous Staff Training
CSPs must have regular and role-specific training to ensure that all staff—especially those handling client onboarding, compliance, and reporting—are aware of their responsibilities. Training should cover AML/CFT concepts, red flag indicators, STR filing procedures, and regulatory updates. Well-trained staff are better equipped to detect risks early and act appropriately, reducing the chances of fraudulent activities and regulatory breaches.
Leveraging Automated Compliance Tools: Overview & Benefits
Using digital tools for compliance tasks—such as e-KYC, transaction monitoring, and record-keeping can greatly improve accuracy, efficiency, and audit readiness. These tools help CSPs automate routine checks, flag suspicious patterns in real time, maintain digital trails for audits, and reduce human error. Investing in RegTech solutions such as Name Screening Software, KYC Software, Customer Risk Assessment Software, and Transaction Monitoring Software also helps ensure faster onboarding, timely risk reviews, and scalability as regulations evolve.
Strengthening Data Security and Privacy Measures
With increased data collection and digital onboarding, CSPs must adopt secure IT systems and comply with the Personal Data Protection Act (PDPA). Protecting sensitive client data builds trust and ensures compliance with both AML obligations and privacy laws.
Implementation Phases for CSPs
Date | Event / Requirement |
2 July 2024 | CSP Act 2024 passed by Parliament |
May 2025 | Publication of Regulations & Guidelines by ACRA |
8 May 2025 | CSP Regulations 2025 finalized |
9 June 2025 | CSP Act and Regulations came into effect |
9 Dec 2025 | Registration deadline for existing/new CSPs (6-month transitional window) |
Ongoing | AML/CFT training to be completed within 6 months before registration/renewal |
Ongoing | Notify ACRA within 14 days of any key changes |
Timely. Relevant. Compliant.
Transforming CSPs reactive approach to a proactive approach with a customised In-house AML Compliance Department
Accounting Service Providers (ASPs) Navigating Through CSP Act 2024 and CSP Regulations 2025
With the CSP Act 2024 and CSP Regulations 2025 coming into force, Accounting Service Providers (ASPs) are now brought under a more robust regulatory framework aimed at enhancing transparency and focusing on combating anti-money laundering, countering the financing of terrorism, and preventing the financing of the proliferation of weapons of mass destruction. Let us dive into the reforms in detail.
Detailed Explanation of New Standards for Accounting Service Providers (ASPs)
Accounting Service Providers need to ensure compliance with the following AML, obligations:
Mandatory Registration
ASPs, including Public Accounting Entities (PAEs) that carry out designated activities related to accounting services, must register with the Accounting and Corporate Regulatory Authority (ACRA) as CSPs. In other words, if a business entity is offering general accounting services like bookkeeping, preparing financial statements, internal audit service, management accounting, taxation service, payroll processing, etc, it is not required to register.
However, if that same entity also carries out a “designated activity” in relation to those accounting services for the same client, registration is required.
” Designated activities” mean helping a customer get ready for, or carrying out, certain important financial or legal transactions. These include:
- Buying or selling property (like real estate or buildings)
- Managing the customer’s money, shares, or other valuable items
- Handling their bank accounts, savings accounts, or investment accounts
- Helping collect money from others to start or run a company
- Creating, running, or managing companies, trusts, or other legal entities, or helping buy and sell such entities
Deemed Registered CSPs
To avoid multiple registrations, Public Accounting Entities (PAEs) that are already registered under the Accountant Act need not apply for registration as CSPs if they do not provide any corporate services other than carrying out designated activities related to the provision of accounting services. Such PAEs will be deemed to be registered as CSPs.
Appointment of Registered Qualified Individual (RQI)
To operate as a CSP, PAEs must have at least one RQI appointed to carry out or supervise the carrying out of any designated activities related to accounting services. The details of the appointed RQI must be submitted to ACRA.
Implementation Challenges for Accounting Service Providers (ASPs) in Singapore
The implementation problems that ASPs face while complying with CSP law and regulatory requirements are discussed as follows:
Blurred Line Between Accounting and Designated Activities
ASPs provide accounting services like preparing financial statements, completing accounts, or management reports. Sometimes these activities are linked to designated activities, such as real estate deals or corporate restructuring, etc.
Thus, ASPs must constantly assess whether a basic accounting service triggers the need for CSP registration.
Dual-System Complexity
ASPs need to comply with two frameworks. One for standard accounting compliance (e.g., IRAS, ACRA filing rules), two is for AML/CPF/CFT compliance under the CSP Act and Regulations. This can be challenging both in terms of administrative and cost of compliance perspectives. This adds to the burden and raises the risk of non-compliance.
Increased Documentation
ASPS need to maintain additional compliance documentation relating to CDD, beneficial ownership, etc, if linked to a designated activity. This increases the workload of the accounting team for even routine accounting services.
Specialised Training Needs
Accounting teams that are traditionally trained in financial reporting must now be aware of AML/CFT risks, designated activities, transaction red flags, suspicious activity reporting, etc. This not only increases the operation cost of training but also requires more time and effort from the whole team and can be challenging to have everyone on board.
Reputational Risks in Financial Reporting
ASPs are often trusted with sensitive financial data. Failure to meet the new standards and being non-compliant with the regulations may not only result in legal consequences but may also harm the reputation and long-term client relationships.
Get on a call
with our AML experts and imbibe the latest regulatory requirements in your IPPC.
Strategies for ASPs for Mitigating Implementation & Compliance Challenges
As we have understood the challenges that ASPs face, let us discuss the unique strategies that ASPs can use to mitigate compliance challenges and help with the easy implementation of the latest CSP Act and Regulations.
Service Scope Mapping and Classification
ASPs must clearly map and tag each service as an accounting service or a designated activity. This can help the ASP to determine when CSP registration and AML/CFT controls are triggered and take timely action.
Internal Screening for Designated Triggers
Designated activities can arise at any point in time. ASPs must set an internal checklist or system to flag such activities, as they can prompt CDD and AML procedures.
Integrated Accounting & AML Risk Tools
ASPs must adopt or upgrade to software that combines both accounting and compliance tracking, which helps in risk profiling and documentation alongside financial workflows. This helps in ensuring compliance with all the applicable regulatory frameworks.
Specialist Staff Training
Accounting teams may not recognise or understand AML risks in financial data. ASPs must provide targeted training on AML/CFT regulations, risks, designated activities, transaction red flags, suspicious activity reporting, etc.
Maintaining Separate Workflows for CSP and Non-CSP Functions
Wherever possible, ASPs must assign CSP-regulated services to the staff trained in AML/CFT, ensuring compliance consistency and no crossover of responsibility by keeping workflows distinct and overlap-free.
Implementation Phases for ASPs
Date / Timeline | Requirement / Milestone | Applies to |
9 June 2025 | CSP Act 2024 & Regulations came into effect | All CSPs and ASPs engaging in designated activities |
From 9 June 2025 | Transitional period begins – ASPs already performing designated activities can continue while applying for CSP registration | Existing ASPs with designated activity |
Within 60 days from 9 June 2025 or from the date ASP begins CSP services | Return to be filed with ACRA providing details of Registered Qualified Individual (RQI) appointed by the PAEs (e.g., accounting firm) | Public Accounting Entities (PAEs) (e.g., accounting firms acting as CSPs) |
By 9 December 2025 | Deadline to apply for CSP registration under the 6-month transition window | ASPs intending to continue regulated activities |
After 9 December 2025 | Only registered CSPs can legally perform designated activities; AML/CPF/CTF compliance obligations fully enforceable | All ASPs conducting designated activities |
Give us a call or email us
Let AML Singapore help you choose the best AML software for your business!
Registered Filing Agents (RFAs) Navigating Through CSP Act 2024 and CSP Regulations 2025
Registered Filing Agents (RFAs) are entities registered with ACRA to handle statutory filings on behalf of companies. They need to transition to become Registered Corporate Service Providers (CSPs) under the new Corporate Service Providers Act 2024 (CSP Act) and CSP Regulations 2025.
Detailed Explanation of New Standards for Registered Filing Agents (RFAs)
The new standards that RFAs need to adhere to for ensuring compliance with latest regulatory requirements are as follows:
Transition of RFAs to Registered CSPs
Existing RFAs would transition to CSPs and be granted registration as CSPs to perform filing for their clients, until the expiry date of their current RFA registration. Such RFAs that are not already registered with ACRA as a CSP must register within six months of the commencement of the CSP Act. When transited RFA registration expires, they must submit the application for renewal. The new requirements for RFAs include a revised registration period and fees of $400 for a two-year registration period
Mandatory Appointment of RQI
Registered Filing Agent (RFA) will need to appoint at least one Registered Qualified Individual (RQI) and must submit details of such RQI with ACRA within 60 days of commencement of CSP act or the date on which they begin providing regulated services.
Implementation Challenges for Registered Filing Agents (RFAs) in Singapore
Implementation and execution challenges faced by RFAs are as hereunder.
Limited Awareness of New Regulatory Framework
RFAs who previously only handled document filings may not be fully familiar with the expanded AML/CFT obligations under the CSP framework, resulting in confusion or delays in compliance implementation.
Increased Administrative Burden
RFAs need to maintain more detailed records, introduce internal controls to ensure filings are supervised by RQIs, and prepare for periodic audits or inquiries from ACRA. These tasks go beyond their traditional administrative role and can be challenging.
Strategies for RFAs for Mitigating Implementation & Compliance Challenges
RFAs can mitigate regulatory change implementation and AML/CPF and CFT compliance challenges by adopting certain strategies discussed below:
Review & Update Internal Filing Workflows
RFAs must modify internal processes to ensure all ACRA filings are supervised or handled by an RQI. This can include tagging tasks by RQI in digital systems or adding supervisory checks in manual workflows.
Staff Training on New Obligations
Staff must be trained on the CSP Act requirements, the role of RQIs, and how filing practices must change. This builds clarity and avoids accidental breaches of the new law.
Implementation Phases for RFAs
Requirement | Who it Applies To | Deadline | Details |
Transitional CSP Registration | All existing RFAs (as of 9 June 2025) | By 9 December 2025 (within 6 months of commencement) | Existing RFAs are deemed registered as CSPs temporarily. To continue operations, they must apply for CSP registration by this date. |
Appointment of Registered Qualified Individual (RQI) | All RFAs providing regulated filing services | Within 60 days of 9 June 2025 (i.e., by 8 August 2025) or when they start services | Every RFA must appoint at least one RQI and submit their details to ACRA within 60 days from the Act’s start or from when the RFA starts providing regulated services. |
Expiry of RFA Status (if no CSP registration is made) | RFAs who do not apply for CSP registration | Upon expiry of current RFA registration OR post 9 December 2025, whichever is earlier | RFAs who do not transition will lose their ability to file transactions via ACRA after this point. |
Registered Qualified Individuals (RQIs) Navigating Through CSP Act 2024 and CSP Regulations 2025
Under the Corporate Service Providers (CSP) Act 2024, Registered Qualified Individuals (RQIs) play a critical role in ensuring regulatory compliance and service quality across all Corporate Service Providers (CSPs).
RQIs: Who they are and their Roles & Responsibilities
A Registered Qualified Individual (RQI) is an individual appointed by a CSP to carry out or supervise regulated corporate services. They play a crucial role in ensuring the CSP’s compliance with regulations. They must meet specific eligibility criteria set out by ACRA, which typically include Relevant professional qualifications (e.g., lawyer, accountant, corporate secretary), experience in corporate services or regulatory compliance, clean disciplinary and criminal record etc.
Requirements for registration and renewal of registration as a qualified individual
- Individual applicants seeking to register or renew their registration as a QI must successfully complete a mandatory training programme which comprises a prescribed AML/CPF/CFT course, and an AML/CPF/CFT Proficiency Test (if required by ACRA), prior to the application. Both the course and test (if required by ACRA) must be completed and passed within a period of 6 months immediately before the date of application for registration or renewal of registration.
- For existing Registered Qualified Individuals (RQIs) registered under the ACRA Act, there is no need to apply to be a RQI under the CSP Act. They will be deemed registered. RQI registration under the CSP Act will retain the same validity period as their existing RQI registration under the ACRA Act. No application is needed, and no fees are payable. When the transited RQI registration expires, RQI must meet new requirements under the CSP Act before submitting the application for renewal as an RQI, along with fees of $200 for a registration period of two years.
Responsibilities and Duties of RQIs
Standard responsibilities and duties of RQIs according to CSP guidelines published by ACRA and in alignment with latest CSP law and regulatory requirements are elaborated as follows:
Appointment of Authorised Employees
- An RQI must inform ACRA of the identity and required details of each authorised employee they appoint to carry out ACRA transactions on their behalf using the electronic system. Any changes in the employee’s details must also be promptly reported.
- An RQI must not appoint someone as an authorised employee if they have reason to believe the person is not a fit and proper person, or not actually employed by the registered CSP. The appointment should be withdrawn if these conditions are no longer complied with.
This ensures that only trusted, qualified, and accountable employees are allowed to assist in regulated filings, with the RQI fully responsible for oversight and compliance.
Duties In Respect of Transactions with The Registrar
- The RQI must ensure that all documents submitted via ACRA’s electronic system are complete and in the correct format. Documents that they know or suspect that it contains inaccurate information must not be used.
- Transactions must only be done with proper authorisation for the customers of the RQI or their registered CSP.
- The electronic transaction system must not be accessed for any prohibited purpose or illegal activity.
Duty Over Authorised Employees in Respect of Transactions
A Registered Qualified Individual (RQI) must take all reasonable measures to ensure that authorised employees use only complete and accurate documents when conducting ACRA transactions. The RQI must prevent authorised employees from carrying out transactions unless they are for legitimate customers and properly authorised and must also restrict any access to the electronic transaction system for prohibited or illegal purposes. Additionally, the RQI must ensure that only fit and proper employees who are currently employed by the CSP perform such transactions, withdrawing authorisation immediately if these conditions are not met. This ensures accountability and compliance with regulatory standards.
Duty to Report and Rectify
An RQI has a crucial responsibility to maintain the integrity and compliance of all transactions conducted through the electronic transaction system with the Registrar (ACRA).
A Registered Qualified Individual (RQI) must promptly notify the Registrar if they become aware or reasonably believe that any document used in ACRA transactions is incomplete, inaccurate, or improperly formatted. They must also report if any transaction was conducted without proper customer relation or authorisation, or if their access to the electronic system was used for prohibited or illegal purposes. Additionally, the RQI must inform the Registrar if an authorised employee conducted transactions while not being fit and proper or after ceasing employment.
Duty to Produce Documents and Information
A registered Qualified Individual (QI) must provide any documents, information, or explanations reasonably requested by the Registrar or their authorised officer to help determine if there has been a breach of the Regulations. The QI must also allow the Registrar or officer to keep and make copies of the documents provided.
Compliance with Directions– A registered Qualified Individual (QI) is required to comply with any written directions issued by the Registrar concerning the use of the electronic transaction system. This includes adhering to FATF recommendations and immediately ceasing any activities that may pose cybersecurity risks, threaten the integrity of data, or disrupt access to the system for other users, as determined by the Registrar.
Seamless Execution of Responsibilities, Sustained Compliance
Your Client Welcomed, Your Risks Weighed, and Your Records Ready
Common Challenges Faced by RQIs During CSP Act 2024 and CSP Regulations 2025 Implementation
Some of the common roadblocks encountered by RQIs while implementing latest regulatory requirements are as hereunder:
High Accountability and Liability
RQIs bear personal responsibility for ensuring compliance with all regulatory requirements. Any lapses in supervision or reporting can lead to personal penalties or professional consequences.
Maintaining Fit and Proper Status
RQIs must continuously meet the “fit and proper” criteria, which includes professional qualifications, integrity, and reputation. Any change in circumstances can impact their eligibility as RQIs.
Supervision of Authorised Employees
Ensuring that authorised employees comply with all procedures, maintain document accuracy, and conduct only authorised transactions requires constant oversight and diligence and can be challenging.
Navigating Complex Compliance Requirements
RQIs must fully understand and implement evolving regulations, including FATF recommendations and cybersecurity protocols, which requires ongoing education and adaptation.
Balancing Multiple Roles
Many RQIs are also partners, employees, or appointed officers of CSPs, requiring them to balance regulatory duties with business and operational responsibilities.
Strategies for RQIs for Mitigating Implementation & Compliance Challenges
RQIs can mitigate regulatory change implementation and AML/CPF and CFT compliance challenges by adopting certain strategies discussed below:
Implementing Internal Controls
RQIs must implement a structured framework and procedures to ensure proper handling and documentation of all electronic filings, documents, and customer authorisations.
Conducting a Check on Authorised Employees
Periodic self-assessments and audits must be conducted to detect gaps in processes, improper use of the electronic transaction system, or lapses in employee supervision. A system must be set up for regular checks on employee activities and to ensure timely reporting of any changes in employment status.
Attending Mandatory Trainings
RQIs and authorised employees must attend training sessions on the latest regulatory changes, FATF recommendations, cybersecurity measures, and compliance expectations to stay informed and competent.
Developing Rapid Response Mechanism
Having a rapid response mechanism is a must to quickly report, rectify, or stop any unauthorised or erroneous filings and to implement directions without any delays.
Implementation Phases Relevant for RQIs
Requirement | Deadline | Remarks |
Appointment of RQI by a CSP or Registered Filing Agent (RFA) | Within 60 days from the commencement date of CSP Act (i.e. by 9 June 2025) | Or by the date the CSP/RFA begins providing regulated corporate services, whichever is later. |
Submission of RQI details to ACRA | Same as above | To be submitted via prescribed return to ACRA. |
Registration of new RQIs | Ongoing, based on application | Must meet “fit and proper” criteria and be approved by ACRA before acting as RQI. |
Transition period for existing RFAs to register as CSPs and appoint RQIs | By 9 December 2025 (6 months from Act’s commencement on 9 June 2025) | Required if not already registered as CSPs. |
Compliance with reporting and supervisory duties | Immediately upon appointment | Includes duties over authorised employees and proper use of ACRA electronic system. |
Updating ACRA on any change in authorised employees’ status or particulars | As soon as practicable | No fixed deadline, but delays can result in non-compliance. |
Withdrawal of unfit authorised employees | Immediate, upon knowledge of disqualification | RQIs must act promptly if an authorised employee ceases to be fit and proper. |
Timely. Relevant. Compliant.
AML Singapore helps RQIs implement AML Compliance Strategies and Meet Compliance Timelines
CSP Act 2024 and CSP Regulations 2025 Analysis and Implementation: Detailed Breakdown
Brief introduction about ACRA (Filing Agents & Individuals) Regulations (‘RFA Guidelines’) 2015
The ACRA (Filing Agents and Qualified Individuals) Regulations 2015, commonly known as the RFA Guidelines, were introduced by the Accounting and Corporate Regulatory Authority (ACRA) of Singapore to regulate the conduct of Registered Filing Agents (RFAs) and Qualified Individuals (QIs) who perform statutory filings and transactions on behalf of clients with ACRA.
These regulations were designed to:
- Enhance accountability and professionalism in corporate filings.
- Ensure that filing agents and individuals meet “fit and proper” criteria before registration.
- Mandate robust internal controls and AML/CFT procedures, particularly in identifying and mitigating the risk of money laundering and terrorism financing.
- Impose ongoing obligations on RFAs and QIs, such as maintaining proper records, conducting due diligence on clients, and reporting suspicious transactions.
The 2015 Regulations served as a foundation for regulating service providers until their evolution under the CSP Act 2024 and CSP Regulations 2025, which introduced more stringent requirements.
Comparative Analysis: RFA Guidelines 2015 vs. CSP Regulations
Differentiating Aspect | RFA Guidelines 2015 | CSP Regulations 2025 |
Regulatory Framework | Governed RFAs and Qualified Individuals under Companies Act | Govern CSPs, RFAs (as a sub-category), ASPs, and RQIs under Corporate Service Providers Act 2024 |
Scope | Focused mainly on filing agents conducting ACRA transactions | Covers broader corporate services (e.g., company formation, nominee services, accounting, etc.) |
Entities Covered | Only Registered Filing Agents (RFAs) and Qualified Individuals (QIs) | Corporate Service Providers (CSPs) including ASPs, RFAs, and RQIs |
AML/CFT Requirements | Basic AML/CFT obligations, due diligence required | Enhanced AML/CPF/CTF obligations, including advanced and enhanced due diligence measures |
Risk Assessment | No formal risk assessment framework | Mandatory Risk-Based Approach for client onboarding and ongoing monitoring |
Registration Process | Simple RFA registration with QI nomination | Detailed Registration Process for CSPs, including eligibility, renewal, suspension, or cancellation procedures |
Qualified Individual Role | Acted as the named person responsible for filings | RQI now has Expanded Responsibilities, including oversight of authorised employees |
Internal Controls | Required policies and procedures for AML/CFT | Stronger emphasis on Governance, Compliance Systems, and Policy Documentation |
Technology Use | General access to ACRA’s filing portal | Regulated access and conduct on ACRA’s Electronic Transaction System by CSPs and RQIs |
Sanctions for Non-Compliance | Moderate penalties | Stricter Enforcement, including financial penalties, suspension, and public naming |
Reporting Obligations | Limited reporting duties | Comprehensive Reporting Duties, including transaction errors, suspicious activities, and unfit employees |
Transitional Provisions | Not applicable | Includes Transition Rules for existing RFAs to become CSPs and appoint RQIs |
Implementation of the CSP Act 2024 and the CSP Regulations 2025
Date | Event |
July 2, 2024 | The CSP Act 2024 was passed in Parliament |
May 8, 2025 | The CSP Regulations 2025 were officially published |
June 9, 2025 | Both the CSP Act 2024 and the CSP Regulations 2025 came into effect (commencement date) |
Conclusion
The CSP Act 2024 and CSP Regulations 2025 introduced a robust regulatory framework to enhance the governance, transparency, and accountability of Corporate Service Providers (CSPs) in Singapore. Key reforms include mandatory registration, the appointment of Registered Qualified Individuals (RQIs), implementation of strict AML/CFT/CPF compliance obligations, and clear guidelines for designated activities.
Different stakeholders, including Accounting Service Providers (ASPs), Registered Filing Agents (RFAs), and RQIs, face tailored compliance duties and timelines. Proactive strategies such as policy updates, staff training, and the use of compliance tools will be crucial for smooth implementation and continued regulatory alignment.
Give us a call or email us
Let AML Singapore help you choose the best AML software for your business!
About the Author
Pathik Shah
FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)
Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.