In a recent conference conducted by the Chartered Secretaries Institute of Singapore on Wednesday, 10 July 2024, crucial updates regarding the implementation of the new Corporate Service Provider (CSP)s bill were discussed and the changes presented by the Accounting and Corporate Regulatory Authority (ACRA). These regulatory changes significantly expand the responsibilities and powers of CSPs, which will have a direct impact on companies and clients utilising corporate compliance services. The new regulations empower CSPs to perform fit and proper assessments for nominee directors, conduct more thorough due diligence on clients, and report any unsatisfactory findings.
This blog post will guide CSPs through the key requirements of these significant regulatory changes, explaining each aspect in detail and ensuring comprehensive understanding of the changes.
Table of Contents
1. Requirements on CSPs
1.1 Registration Requirements
The new regulations require business entities [(i) individuals or partnerships registered under the Business Names Registration Act 2014, (ii) Companies, (iii) Limited Partnerships, and (iv) Limited Liability Partnership (LLP)s ] that carry on a business in Singapore of providing any corporate services to be registered as CSPs, even if they do not file transactions on behalf of their customers with ACRA.
1.2 What are “Corporate Services”?
The following activities are classified as “corporate services” under the new regulations:
Table 1: Scope of Corporate Services
1.3 What are “Designated Activities” and “Accounting Services”?
Business entities need to be registered as CSPs if it engages in both a designated activity AND performs defined accounting services for the same client.
Table 2: What are these “designated activities”?
1.4 Special considerations for accounting-related entities:
Table 3: Registration requirements for accounting-related entities
1.5 Who is a RQI ?
A RQI is a key person within a CSP who is responsible for ensuring the CSP’s compliance with regulations. Each CSP is required to have at least one RQI.
What are the RQI guidelines?
- Appointment requirement: Every CSP must appoint a RQI.
- Responsibilities: RQIs play a crucial role in ensuring the CSP’s compliance with regulations, including proper conduct of customer due diligence and fit and proper assessments of nominee directors.
- Reporting to ACRA: For PAEs that are deemed registered CSPs, they are required to update ACRA with their RQI’s particulars.
- Default Designation: In the absence of information provided by PAEs, ACRA would treat all key appointment holders of the deemed registered CSPs as RQIs.
RQI guidelines under consideration
- Limitation on RQI roles: An individual may only serve as an RQI for up to a limited number of CSPs (e.g. 2) at the point of application.
- Exceeding the limit: Individuals seeking to be an RQI for more than the prescribed limit must submit an application to ACRA for a case-by-case assessment.
- Transition period: To facilitate a smooth transition, existing Registered Filing Agent (RFA)s who are currently RQIs beyond the proposed limit would be permitted to continue until their current registration lapses.
These guidelines aim to ensure that CSPs have qualified individuals overseeing their compliance with regulatory requirements, with limitations in place to prevent over-extension of RQI responsibilities across multiple entities.
2. Fit and proper assessment of Nominee Directors
Registered CSPs must ensure that individuals arranged to act as Nominee Directors meet specific criteria. This assessment is crucial for maintaining the integrity of corporate governance.
Key requirement: Registered CSPs must not arrange for persons to act as Nominee Directors of companies unless the CSPs are satisfied that the person are fit and proper.
Table 4: Fit and Proper Requirements for Nominee Directors
*More details on the fit and proper criteria will be prescribed in the subsidiary legislation.
3. Performing customer due diligence (CDD) measures
CDD is a crucial requirement for CSPs to prevent money laundering, terrorism financing, and proliferation financing (ML/TF/PF).
Let’s explore the key aspects of this requirement. CDD must be performed when one of the
following happens: –
- Before providing any corporate services.
- When suspecting ML/TF/PF.
- When doubting the veracity/adequacy of previously obtained information.
Important Notes:
- CDD must be performed before lodging transactions with ACRA
- CDD documentation must be kept for five years and regularly updated
3.1 Table 5: Common weaknesses vs Best practices in CDD
3.2 What are non-face-to-face CDD measures?
With the increase in remote transactions, CSPs must be vigilant when conducting non-face-to-face CDD.
CDD measures under consideration
- As part of the ongoing efforts to enhance transparency and mitigate the risk of
identity theft, non-face-to-face verification measures will be enhanced in the
updated subsidiary legislation and guidelines. - Limiting the reliance on third-parties when performing the CDD to third-parties that are [i] advocates and solicitors (regulated under the Legal Profession Act 1966), [ii] financial institutions (regulated under the Monetary Authority of Singapore Act 1970), and [iii] public accountants (regulated under the Accountants Act 2004).
3.3 What are the best practices for video conferencing for CDD?
- Implement strong controls to verify customer identity
- Use control questions during the process
- Perform “live” checks to detect impersonation
- Complement video conferencing with additional verification against reliable databases
3.4 Can CSPs rely on third-parties for CDD?
CSPs may rely on third-parties for CDD under certain conditions:
- The third-party subject and supervised for compliance with anti-money laundering/ counter-terrorism financing(AML/CTF) requirements and has adequate measures in place to comply with those requirements.
- CSPs assess and understand the risks involved in AML/CTF.
- The third-party is not precluded by ACRA
- The third-party can provide all necessary CDD documents
Note: CSPs are required to immediately obtain the necessary customer details and remain ultimately responsible for the CDD compliance, even when using third-parties.
3.5 What happens when CSPs fails to complete the CDD?
If CSPs cannot complete the CDD, they must:
- decline to provide services
- terminate any ongoing service provision
- document the reasons for incompletion
- consider filing a Suspicious Transaction Report (STR)
- not establish a business relationship with the customer
3.6 When should CSPs file the STRs ?
CSPs must file STRs within 15 business business days when they:
- are unable to complete the CDD
- suspect when any property is connected to ML/TF/PF
3.7 What are the best practices for STR filing?
- Establish clear internal guidelines for identifying suspicious transactions
- Define escalation processes
- Specify essential information for a STRs
- Set timelines for review and filing of a STRs
- Document reasons if deciding not to file a STR
STR filings under consideration:
- Revision of timeline to STR filings to “as soon as reasonably practicable upon the
establishment of suspicion” to five business days
By adhering to these CDD requirements and best practices, CSPs can significantly contribute to preventing financial crimes and maintaining the integrity of the financial system
4. Requirements on entities that CSPs support
CSPs have specific responsibilities in supporting entities to ensure compliance with regulatory requirements. Below are the detailed requirements for entities that CSPs support, particularly focusing on the maintenance of the Register of Registrable Controllers (RORC) and special considerations for non-profit organisation (NPO)s.
4.1 Maintaining the RORC
A company incorporated on or after the appointed day must keep RORC starting on the date of the company’s incorporation. Currently, companies and LLPs are required to keep the RORC within 30 days of being incorporated/registered.
Table 6: RORC maintenance requirements
4.2 Special care for NPOs
Risk of Abuse
- Awareness: CLG-NPOs (Companies Limited by Guarantee which are NPOs) may be at risk of being abused for terrorism financing or other forms of terrorist support due to their charitable characteristics and activities.
Transparency and Accountability
- Annual Returns and Financial Statements: NPOs must file annual returns and audited financial statements to ensure transparency.
- ACRA Guidance: Follow ACRA’s specific guidance for CLG-NPOs and be aware of red flag indicators for the NPO sector, which are available on the ACRA website.
Table 7: Special requirements for NPOs
4.3 Table 8: CSPs responsibilities
5. Impact on corporates and clients of CSPs
The new regulatory framework for CSPs in Singapore will have significant implications for businesses and individuals who use corporate services. Here’s a detailed overview of how these changes will affect clients of CSPs:
These changes aim to enhance transparency, mitigate risks, and maintain the integrity of the business environment in Singapore. While they may introduce additional compliance burdens for clients, they also serve to protect legitimate businesses and reinforce Singapore’s reputation as a trusted financial and business hub
Summary
In summary, Singapore CSPs have a pivotal role in upholding corporate governance and ensuring compliance with the new regulatory framework. Their responsibilities are enhanced to foster transparency, mitigate risks, and maintain the integrity of the business environment.
The key areas where CSPs must focus include:
- Registration requirements:
- Execution: All entities providing corporate services
in and from Singapore are properly registered as CSPs. This includes
businesses, virtual office providers, and shared office providers. Proper
registration is the first step in establishing a compliant business environment.
2. Key appointment holders of CSPs:
- Execution: Key appointment holders of CSPs are responsible for maintaining adequate oversight and implementing effective risk management standards to uphold the integrity of the sector.
3. AML/CTF:
- Execution: CSPs should maintain and update robust
AML/CTF controls to effectively mitigate risks associated with financial
crimes.
4. ML/TF/PF:
- Execution: CSPs crucial gatekeepers in combating ML/TF/PF,
should proactively study and incorporate relevant best practices tailored to
the risk profiles of their clients and business activities.
Any business entity that provides corporate services in or from Singapore must register as a CSP. This includes businesses conducting transactions with ACRA on behalf of clients, virtual office providers, and shared office providers
Nominee directors must demonstrate satisfactory conduct, competency, capability, and commercial integrity. CSPs must conduct thorough assessments to ensure these criteria are met.
CSPs should implement enhanced verification measures, use secure video conferencing platforms, verify identification documents, and retain records of the verification process.
Yes, CSPs can rely on third parties for CDD, provided the third party adheres to equivalent CDD standards, and there are written agreements and periodic verifications in place.
CSPs must file Suspicious Transaction Reports (STRs) promptly, providing detailed information about the suspicious activity while maintaining confidentiality.