Corporate service providers to carry out fit and proper assessment on nominee directors and to perform customer due diligence measures under Corporate Service Providers Act 2024

12 November 2024

The Corporate Service Providers Act 2024 (“Act”) will prohibit persons from acting as nominee directors by way of business unless the appointments are arranged by registered corporate service providers (“CSPs”) and they have been assessed as fit and proper by the registered CSPs, and will require all registered CSPs to comply with obligations relating to anti-money laundering, countering the financing of terrorism, and the proliferation of weapons of mass destruction (“AML/CFT/PF”). The Act will take effect on a date that the Minister appoints by notification in the Gazette.

On 29 October 2024, the Accounting and Corporate Regulatory Authority (“ACRA”) released further details of these two aspects of the Act.

Requirements on CSPs: Fit and proper assessment of nominee directors

A registered CSP must not arrange for a person to act as a nominee director of a company, unless the registered CSP is satisfied that the person is a fit and proper person.

Factors that CSPs should consider in assessing whether the individual is fit and proper include:

• previous conduct and compliance history of the companies that he/she is a director of;
• whether he/she has the competency, capacity, and capability to properly fulfil the obligations of a nominee director; and
• taking into account his/her experience and existing commitments, including the number of existing directorships.

The requirement for a registered CSP to be satisfied that the person whom it arranges to act as a nominee director is fit and proper has to be complied with at the time of arrangement for each company. Once an individual has been appointed as a nominee director, the company must ensure that their directors remain fit and proper. Guidance on the application of fit and proper criteria, including examples, will be available in guidelines to be issued by ACRA.

Requirements on CSPs: Performing customer due diligence measures 

Performing customer due diligence measures 

A registered CSP must perform customer due diligence (“CDD”) measures before providing any corporate service to a customer, and where they have reason to suspect money laundering, terrorism financing, or proliferation financing (“ML/TF/PF”) or doubt the veracity or adequacy of previously obtained information.

CDD measures means prescribed measures for:

• identifying and verifying the identities of the customers and their beneficial owners;
• obtaining information on the purpose and intended nature of the business relationship;
• any other measures for detecting or preventing ML/TF/PF.

CSPs are required to perform CDD before lodging any transactions with ACRA. CSPs also have to document and keep a record of their CDD documentation for five years, and to keep the documentation of the clients up to date, as part of ongoing monitoring.

Common weaknesses observed include:

• failing to perform verification of customers’ particulars;
• neglecting to identify and verify the beneficial owner(s);
• failing to keep the documentation up to date;
• failing to retain CDD records or inadequate CDD documentation; and
• inadequate customer risk assessment.

Best practices include:

• ensuring completeness in identification and verification of the identities of customers and their beneficial owner(s);
• inspecting valid government-issued identification and retention of a copy for proper CDD documentation; and
• performing screening of all relevant parties against commercial screening databases and pertinent listings.

Inability to perform or complete CDD

Where a registered CSP is unable to perform or complete CDD, a registered CSP should:

• decline to provide any corporate service to the customer;
• not establish a business relationship with the customer;
• terminate any ongoing provision of any corporate service to the customer;
• document the basis of the determination / why the measures were not completed; and
• determine whether to file a suspicious transaction report (“STR”).

Non-face-to-face CDD measures

To enhance transparency and mitigate the risk of identity theft, for a transaction involving the incorporation of companies or transfer or sale of shelf companies, non-face-to-face verification measures will require a live video call with at least one (i) proposed director (other than a nominee director) or (ii) majority shareholder, if the customer is not physically present for identification purposes, due to the higher risks involved.

It should be noted that a screenshot of the live video call is required for record-keeping purposes. ACRA strongly encourages recording the video call.

Reliance on third parties to perform CDD measures

Enhancements will be made to clarify that the reliance on third parties when performing CDD will be limited to third parties that are advocates and solicitors, financial institutions, public accountants, and registered CSPs (and entities under the same ownership group) based in Singapore.

Before CSPs rely on a third party to perform any CDD measures, the following requirements have to be met: 

• The third party is also subject to and supervised for compliance with AML/CFT requirements, and has adequate measures in place to comply with those requirements.
• CSPs take appropriate steps to identify, assess, and understand the risks of AML/CFT/PF.
• The third party must not be one which the registered CSP has been specifically precluded by the Chief Executive of ACRA from relying on.
• The third party is able and willing to provide, without delay, any data, document, or information with respect to the CDD measures performed for the CSP.

CSPs are required to immediately obtain the necessary information about the customer from the third party performing CDD measures for the CSPs. ACRA reminds CSPs that they are ultimately responsible for compliance with their legal obligations, notwithstanding their use of a third party to perform CDD.

Filing suspicious transactions reports

A CSP is required to consider whether an STR must be filed when:

• it is unable to perform/complete CDD; or
• it has reasonable grounds to suspect that any property may be connected to ML/TF/PF.

More guidance on indicators of suspicious transactions can be found on ACRA’s website at www.acra.gov.sg.

As a best practice, internal guidelines should be established to provide clear direction to employees on:

• identifying red flag indicators, key risk concerns, and typologies associated with suspicious transactions;
• outlining the process for escalating suspicious transactions for a decision on whether to file an STR;
• defining the appropriate channels for reporting possible suspicious transactions within the CSP for potential referral to the Suspicious Transaction Reporting Office;
• specifying essential information to include in an STR; and
• setting a timeline for the review and decision of filing of such transactions as an STR.

CSPs are to promptly file an STR as soon as reasonably practicable upon the establishment of suspicion (i.e. no longer than five business days), and provide sufficient information to substantiate the filing of an STR. In cases where transactions have legitimate explanations and do not warrant the filing of an STR, CSPs must document the reasons for not filing a report.

Clarifications on internal policies, procedures, and controls

The scope of internal policies, procedures, and controls (“IPPC”) will be expanded to include consideration of PF risks, customer screening, measures for certain non-face to face transactions, and ongoing monitoring.

A registered CSP that provides the corporate service of carrying out transactions on behalf of another person must have a separate IPPC governing the use of and access to Bizfile by the CSP, its registered qualified individuals, and authorised employees.

Reference materials

Further details are available in the reference materials provided at the ACRA seminar held on 29 October 2024 at www.acra.gov.sg.