Singapore raises the bar for corporate compliance. Consult Triide’s experts to escort your business through compliance challenges.
On 9 June 2025, the Singapore government formally enacted the Corporate Service Providers Act (“CSP Act”) and the Companies and Limited Liability Partnerships (Miscellaneous Amendments) Act (“CLLPMA”), which together form the cornerstone of Singapore’s updated corporate compliance framework. In tandem with the Data Protection Officer (DPO) appointment requirement — already in effect since 30 September 2024 and having completed its transitional phase— these developments signal the formation of a comprehensive “three-pronged” regulatory regime. Collectively, these changes reflect a fundamental shift in Singapore’s regulatory philosophy: from one prioritising convenience to one centred on transparency and compliance.
Below is Triide’s analysis of the legislative changes:
All individuals or entities operating within Singapore or offering the following services from Singapore must be registered with the Accounting and Corporate Regulatory Authority (ACRA) as a Corporate Service Provider (CSP):
Company incorporation and filing services;
Provision of registered office addresses;
Appointment or arrangement of nominee directors/shareholders;
Corporate secretarial, accounting, and annual compliance services.
Unregistered provision of these services constitutes an offence and is punishable by a fine of up to SGD 50,000 or imprisonment of up to two years, or both. In the case of a continuing offence, an additional fine of up to SGD 2,500 may be imposed for each day or part thereof after conviction.
Registered CSPs are now required to verify client identities via real-time video conferencing when conducting core corporate transactions such as incorporation, annual return filings, or shareholding structure changes. Verification must involve key decision-makers of the company:
At least one proposed director (must not be a nominee);
At least one proposed shareholder with not less than 50% of the voting rights;
In the case of corporate shareholders, a natural person duly authorised to represent the entity.
The video call must be recorded in full, with screenshots and Know-Your-Customer (KYC) documents retained for a minimum of five years. Directors must personally sign the Consent to Act as Director and Disqualification Declaration; CSPs are strictly prohibited from signing on their behalf. This mechanism aims to mitigate identity fraud, ensure informed consent, and prevent illicit practices such as fraudulent incorporations and nominee shareholding arrangements.
The use of nominee directors for commercial purposes is strictly prohibited unless arranged through a licensed CSP, which must conduct a rigorous fit-and-proper assessment, including but not limited to:
Criminal and bankruptcy checks;
Assessment of competency and integrity;
Disclosure of the genuine relationship with the underlying principal.
Non-compliance may result in fines of up to SGD 100,000. These measures are designed to curb abuse of nominee structures in shell company formation and money laundering schemes.
Are Nominee Directors Still Permissible? Yes, under strict conditions:
Must be appointed through a licensed CSP;
Must have a legitimate and lawful mandate;
Must disclose the ultimate beneficial owner to ACRA;
Must be able to justify the commercial rationale for the appointment.
For instance, if a non-resident of Singapore requires a local director for company registration, nominee director services may still be utilised — provided the arrangement is transparent, legally substantiated, and subject to proper due diligence.
CSPs are mandated to elevate their Anti-Money Laundering (AML) and Counter-Financing of Terrorism (CFT) frameworks by:
Implementing Customer Due Diligence (CDD) and risk classification procedures;
Conducting video identity verification and retaining supporting evidence;
Establishing internal controls and restricting BizFile access to authorised personnel;
Reporting suspicious transactions to law enforcement within 1 to 5 business days.
Companies and foreign companies are now required to submit all records from their Register of Nominee Directors and Register of Nominee Shareholders to ACRA. Once submitted to the central registry, these nominee relationships will become publicly accessible and will be reflected in the companies’ business profiles.
Foreign companies must maintain a Register of Nominee Directors. In addition, those exempt from maintaining registers of controllers, nominee directors, or nominee shareholders are now required to include the following information in their annual filings to the registrar:
Whether they are exempt from maintaining such registers;
The category of exemption, if applicable; and
If not exempt, the physical location at which such registers are maintained.
The maximum penalty for certain offences has been quintupled — from SGD 5,000 to SGD 25,000. These include:
Failure to maintain a Register of Controllers, Nominee Directors, or Nominee Shareholders for companies (including foreign companies);
Failure to maintain a Register of Controllers for Limited Liability Partnerships (LLPs).
The newly enacted Corporate Service Providers Act (CSP) and the amended Companies and Limited Liability Partnerships (Miscellaneous Amendments) Act (CLLPMA), together with the Data Protection Officer (DPO) requirements that came into force in 2024, collectively establish a comprehensive and stringent compliance framework in Singapore. These regulatory changes have had a profound impact on businesses of all types—raising compliance costs and reshaping the broader business landscape. Companies are now compelled to reassess their corporate structures and operational models in response to this evolving regulatory environment.
Under the Personal Data Protection Act (PDPA) 2012, organizations are required to appoint one or more Data Protection Officers (DPOs). Once appointed, the DPO may delegate certain responsibilities to others, including non-employees. The DPO’s contact information must be publicly available.
The DPO’s duties include, but are not limited to:
The DPO role can be a dedicated position or added to an existing role within the organization. A designated DPO may also delegate some responsibilities to other officers. Organizations with limited resources can outsource the operational aspects of the DPO function to service providers.
While it is not mandatory for the DPO to be a Singapore citizen or resident, the committee recommends that the DPO should be easily reachable in Singapore, available during working hours, and if a phone number is provided, it should be a Singaporean number.
Failure to appoint a DPO may lead to an initial investigation by the committee. If the organization or individual fails to cooperate with the investigation, it constitutes an offense. Individuals may face fines of up to SGD 10,000 or imprisonment for up to 12 months, or both. Organizations may be fined up to SGD 100,000.
With global awareness of data protection rising and stricter regulations being implemented, Singapore’s DPO requirements are expected to become more refined. Businesses should view data protection as a continuous compliance obligation rather than a one-time task, establishing long-term mechanisms to ensure ongoing compliance.
The CSP Act and CLLPMA Amendment Act, implemented in 2025 in Singapore, along with the DPO requirements effective from 2024, form a comprehensive and strict compliance framework that has profound impacts on various businesses. These changes not only increase compliance costs but also reshape Singapore’s business environment, compelling companies to reassess their corporate structure and operational models.
In the face of this new compliance environment, businesses should conduct a comprehensive compliance gap analysis, assessing whether their current company structure, director arrangements, data flow processes, etc., comply with the new regulations. Special attention should be given to:
Businesses should carefully select licensed CSPs and professional advisors, confirming whether the service provider is an ACRA-registered licensed CSP and whether they have the professional capabilities and systems to meet the new regulatory requirements.
For businesses with strong compliance awareness, this new environment may actually create a competitive advantage. Companies that quickly adapt to the new regulations and establish a robust compliance system will find it easier to gain investor trust, secure bank support, and access new business opportunities.
If you have any needs related to setting up a business in Singapore, tax consulting, or compliance operations, please feel free to contact the Triide team at gofurther@triide.com. We will tailor market entry and fiscal solutions for you. Go further with confidence!
Copyright © 2025 Triide | All rights reserved. Data Protection & Privacy
