Eltoma Corporate Services — Authorised Corporate Services Provider
Articles are provided for general informational purposes by an authorised corporate services provider and do not constitute legal advice.
Singapore’s corporate service provider framework has changed materially. The previous regulatory language centred on registered filing agents, registered qualified individuals and the filing of ACRA transactions. The current framework, introduced through the Corporate Service Providers Act 2024 and the Corporate Service Providers Regulations 2025, is broader in scope and more explicit in its expectations. It is no longer sufficient to ask only whether a service provider files documents with ACRA. The more important question is whether the provider carries on a business of providing corporate services in or from Singapore.
For business owners and investors, this reform is not an internal compliance matter for service providers alone. It affects how companies are incorporated, how nominee-director arrangements are assessed, how registered office and address services are provided, how beneficial ownership and connected-party information is collected, and how remote onboarding is handled. In practice, a well-run CSP relationship will now involve more structured due diligence, clearer service scoping and more disciplined regulatory documentation.
For legal, tax and corporate-advisory professionals, the key point is that the new regime should not be approached as a rebranded version of the RFA framework. Many AML/CFT controls already existed under the previous framework, but the current regime widens the perimeter, adds counter-proliferation financing terminology, strengthens governance and creates specific workstreams for matters such as nominee directors, remote verification and risk assessment of new products or technologies.
Under the previous regime, the regulated position was closely connected with the carrying out of ACRA transactions through the electronic transaction system. Registered filing agents and registered qualified individuals occupied the central operational roles. That model was logical for a system in which regulatory control was attached primarily to the act of filing documents for customers and to the use of professional filing access.
It would, however, be inaccurate to say that the old framework lacked compliance substance. The RFA framework already contained customer due diligence obligations, risk assessment, screening, training, suspicious transaction reporting, record-keeping, compliance management and independent audit expectations. The practical difficulty was different: entities that provided corporate-services-type support without performing ACRA filings could fall outside the same regulatory discipline. ACRA has expressly identified this as a regulatory gap which the new CSP framework is intended to address.
The most important change is the move from a filing-agent lens to a corporate-service-provider lens. ACRA’s current guidance explains that a CSP may include law firms, accounting firms and corporate secretarial firms providing specified corporate services. The six categories identified in ACRA’s registration guidance include business registration, address services, role services, nominee shareholder services, designated accounting services and filing services.
This broader perimeter is highly relevant to investors and foreign-owned groups. A provider may be within the CSP framework even where the client is not merely asking it to file an annual return. Company formation, arranging a director or secretary, providing a registered office or correspondence address, arranging nominee shareholders or performing certain designated activities in connection with accounting services can all be relevant. The commercial label used in an engagement letter will not be conclusive; the real service being provided must be analysed.
Professional firms should therefore maintain a service-perimeter analysis. This is not simply a compliance checklist. It is a governance document which records which services the firm provides, which services it does not provide, which services are outsourced or referred, and which services are performed only through a registered qualified individual or authorised employee under supervision. For clients, the corresponding question is straightforward: has the service provider clearly explained what it is authorised and prepared to do?
The CSP framework also changes the way in which responsibility should be organised and evidenced within a professional firm. The registered CSP is the regulated entity, but the new architecture places greater emphasis on Key Appointment Holders, registered qualified individuals and authorised employees acting under proper supervision. The practical result is that governance mapping becomes more important than it was under a filing-agent model.
For a client, this should translate into greater confidence that corporate administration is being handled through a regulated chain of responsibility. For a CSP, it means that registration status, RQI endorsement, employee filing access and supervision lines should be documented in a way that can be produced during an internal audit or regulatory review. A responsibility matrix showing the registered CSP, KAHs, RQIs, authorised employees and their respective functions is a sensible baseline control.
The nominee-director provisions are among the most commercially significant changes. Singapore has long been used by foreign investors as a jurisdiction for regional holding, trading and service structures. In many cases, foreign-owned companies require local administrative support and, in some structures, nominee-director arrangements may be considered. The new framework makes clear that nominee-director services cannot be treated as a mere administrative convenience.
ACRA states that persons acting as nominee directors by way of business must have their appointments arranged by registered CSPs, unless the relevant person is themselves a registered CSP, and that proposed nominee directors must be assessed as fit and proper. The reform is designed to reduce the misuse of nominee arrangements, including shell-company structures used for illicit purposes. For CSPs, this means that every nominee-director appointment should be supported by a fit-and-proper assessment, capacity review and appointment-specific documentation.
From a client perspective, the practical consequence is that a reputable CSP may ask more questions before arranging a nominee director. The firm may need to understand the proposed company’s business, ownership, source of funds, expected transactions, jurisdictions of operation and reasons for the appointment. This should not be seen as unnecessary formality. It is now part of the regulated risk-management process.
Another important shift concerns the logic of customer due diligence. Under the previous framework, the trigger was commonly discussed by reference to the establishment of a business relationship, suspicion or doubts about previously obtained information. The current framework is expressed more directly by reference to performing CDD before providing any corporate service. This is a practical difference, not a drafting nicety.
In a modern CSP file, the onboarding process should be connected to the service being provided. The documents and questions required for a straightforward annual-return filing may not be the same as those required for incorporation of a foreign-owned structure, a nominee-director arrangement, the sale of a shelf company, or a transaction involving a politically exposed person. A service-based approach helps the provider identify the real risk point before the work begins.
For investors and business owners, this means that onboarding may be more detailed than in the past. A CSP may require identity documents, corporate ownership charts, particulars of beneficial owners, addresses, explanations of business activity, proof of authority, source-of-funds information, sanctions and adverse-media screening results, and information about connected parties. Where a client structure is cross-border, the process may take longer because the risk assessment is necessarily wider.
Remote onboarding has become commercially normal, particularly for foreign founders and international groups. Under the old RFA guidance, non-face-to-face relationships were already treated as higher risk and required compensating measures. The new CSP framework is more prescriptive for certain higher-risk corporate transactions.
Where the service involves the incorporation of a company, the transfer of management or ownership, or the sale of a shelf company, the CSP may be required to perform a live video call with specified persons and to retain appropriate records, including a screenshot. The practical significance is clear: remote incorporation remains possible, but it must be supported by a verifiable process. The provider should not simply collect scanned documents and proceed without proper identity and authority checks.
This change is particularly relevant for clients outside Singapore. A client should expect the CSP to schedule video verification where required, record the purpose of the call, identify the relevant persons and retain evidence in accordance with its internal policies. Where a director is not physically present, director consent and related documentation should be controlled carefully.
Screening was already a core part of the previous RFA framework, but the current regime requires CSPs to pay renewed attention to the population being screened and the evidence retained. A properly operated screening process should not be limited to the contracting customer. It may extend to agents, connected parties, beneficial owners and persons connected with a proposed corporation or legal person in formation cases.
For clients, this means that a screening request is not limited to the director who signs the engagement letter. The CSP may need to understand the wider ownership and control structure and may need to screen individuals and entities who are not visibly involved in day-to-day dealings. The review may include sanctions, terrorism financing, proliferation financing, law-enforcement sources, regulatory lists and adverse media, depending on the firm’s risk methodology and the requirements applicable at the time.
A screening hit does not always mean that the engagement must be declined. It does, however, require analysis, documentation and, in some cases, escalation. The quality of a CSP’s process will often be seen in its hit-disposition records: what was found, how it was assessed, who approved the decision and whether additional due diligence was required.
The current framework places greater emphasis on enterprise-wide risk assessment. It is not enough to classify customers as low, medium or high risk in isolation. A CSP should understand the money laundering, terrorism financing and proliferation financing risks arising from its customer base, service lines, customer jurisdictions, jurisdictions of operation, delivery channels and transaction patterns.
This is especially important for firms that provide cross-border support, accounting-related services, nominee arrangements, address services or remote onboarding. The risk profile of a firm dealing only with local, low-risk entities will differ from that of a firm supporting foreign-owned structures with complex ownership chains, multi-jurisdictional fund flows and non-face-to-face onboarding.
The framework also requires attention to new products, new business practices, new delivery mechanisms and new or developing technologies. In practical terms, a CSP should not launch a new digital onboarding process, referral channel or service line without considering the related financial-crime risks. For clients, this means that technology may make the process more efficient, but it does not displace the need for regulatory judgement.
Many controls under the CSP framework are not wholly new. Independent audit, compliance management, employee screening, annual training, record-keeping and suspicious transaction reporting were already familiar under the RFA framework. The difference is that these controls must now be mapped to the current CSP terminology and internal policies, procedures and controls framework.
A legacy RFA-era AML manual should therefore not be treated as automatically sufficient. A defensible compliance pack should refer to the current CSP Act, Regulations and Guidelines, address AML/CPF/CFT rather than AML/CFT only, include the current governance roles, and be supported by operating registers. These registers may include the customer universe, risk-rating register, screening log, PEP and higher-risk customer log, remote-transaction log, nominee-director register, internal suspicion log, ETS/BizFile access log and staff training log.
Management accountability is also more prominent. ACRA’s official materials refer to fines for breaches of AML/CFT/PF obligations by registered CSPs and their senior management. This should encourage professional firms to treat CSP compliance as a board and management matter, not merely as a back-office administrative function.
A less visible, but operationally important, aspect of the framework concerns management information. CSPs may need to produce customer and transaction statistics, including information about customer numbers, nationalities, residencies, places of incorporation, filing volumes, non-resident transaction volumes and higher-risk categories. In practice, a provider that cannot generate this information reliably will be placed under pressure during audit or regulatory review.
This is why CSP compliance should be integrated with the firm’s CRM, onboarding records, registers and filing logs. Manual reconstruction after the event is weak practice. For clients, the practical result may be more structured collection of data at onboarding and periodic refresh points. For advisers, it reinforces the importance of designing systems that support regulatory reporting, not merely client service delivery.
The following practical points are likely to matter most in day-to-day advisory work:
A CSP or professional advisory firm should begin with the perimeter question. Which services are actually provided? Are any designated accounting services carried out? Are nominee-director or nominee-shareholder arrangements offered? Are address services provided as a service rather than under a true tenancy arrangement? Are ACRA transactions filed for clients or for companies where the firm acts as secretary? The answers determine the compliance architecture.
Once the perimeter is clear, the firm should update its governance and AML/CPF/CFT pack. The most important documents will usually include a service-perimeter memorandum, KAH governance file, RQI and authorised employee responsibility matrix, customer acceptance and CDD procedure, screening policy, nominee-director policy, remote-transaction procedure, enterprise risk assessment methodology, new-product or new-technology risk assessment procedure, STR escalation procedure, statistical reporting procedure and internal audit methodology.
The objective is not to produce documents for their own sake. The objective is to create a framework that reflects the actual business, can be followed by staff, can be tested by an independent audit function and can be explained to clients, banks and regulators.
The move from the RFA framework to the current CSP framework represents a substantive regulatory development in Singapore’s corporate-services sector. It widens the perimeter of regulated activity, strengthens governance, introduces a more structured approach to nominee-director arrangements, formalises remote verification expectations in certain cases and reinforces AML/CPF/CFT compliance as a management-level responsibility.
For business owners and investors, the practical takeaway is simple: corporate administration in Singapore should now be treated as part of a regulated compliance environment. A professional CSP may ask more questions, require more documents and apply more structured verification than before. That should be regarded as a sign of regulatory maturity rather than inefficiency.
For CSPs and advisers, the principal message is equally clear. Legacy RFA-era documents should be reviewed, not merely relabelled. The current framework requires a CSP-specific governance and compliance architecture, aligned to the actual services provided and supported by contemporaneous evidence. In a market where Singapore’s reputation depends on transparency, integrity and reliability of corporate infrastructure, the new framework is best understood not as a burden, but as a higher operating standard.
The Singapore CSP framework is the regulatory framework for corporate service providers under the Corporate Service Providers Act 2024 and the Corporate Service Providers Regulations 2025. It applies to businesses providing specified corporate services in or from Singapore and includes AML/CPF/CFT obligations.
ACRA states that the Corporate Service Providers Act 2024 took effect on 9 June 2025. From that date, CSPs must consider registration, ongoing obligations and nominee-director requirements under the current regime.
No. The CSP framework is broader than the former RFA model. The former model was closely tied to filing ACRA transactions, whereas the current framework focuses on whether the provider carries on a business of providing specified corporate services in or from Singapore.
ACRA identifies six broad service categories: business registration, address services, role services, nominee shareholder services, designated accounting services and filing services. The actual service performed should be analysed, not only the label in the engagement letter.
Nominee directors are now treated as a specific governance and risk-control issue. A person acting as a nominee director by way of business must generally have the appointment arranged by a registered CSP, and the CSP must assess whether the proposed nominee director is fit and proper.
Clients should expect more structured onboarding, ownership and beneficial-owner questions, source-of-funds information, sanctions and adverse-media screening, and, in some cases, live video verification or deeper checks for higher-risk structures.
Professional firms should review their service perimeter, governance map, CDD procedure, screening policy, nominee-director procedure, remote verification controls, enterprise risk assessment, statistical reporting capability and independent audit readiness.
Articles are provided for general informational purposes by an authorised corporate services provider and do not constitute legal advice.
Receive updates with practical insights on international business, law, tax, accounting, and compliance.
Be the first to hear about our latest discounts and special offers!
Follow our Telegram channel for offshore industry news:
Want updates by e-mail?
Enter your email address below to subscribe to our newsletter!