CSP practice & the RFA / QI regime
What a corporate service provider is in Singapore, how it is registered and qualified — from the Registered Filing Agent / Qualified Individual framework to the Corporate Service Providers Act 2024 — and the duties and liability risks the role carries.
This page is general information for Singapore CSPs, not legal advice. The CSP Act 2024 and RQI statements come from CorpSec AI’s verified citation table; the older RFA / QI registration and qualification details are governed by ACRA’s prevailing rules and are described as such — confirm the current requirements with ACRA or qualified counsel before relying on them.
What a CSP is in Singapore
A corporate service provider (CSP) — often called a corporate secretary or company-formation agent — is the firm that sets up companies and keeps them compliant on their owners’ behalf. It is the professional layer between a business and the registrar.
A typical CSP does some or all of: incorporating companies, acting as the named company secretary, providing a registered office address, filing statutory notifications with ACRA, maintaining statutory registers, running the annual-return cycle, and — for some clients — acting as a nominee director.
- Filing agent: lodges statutory transactions with ACRA through BizFile+ on the client’s behalf.
- Named officer: often supplies the company secretary, and sometimes a nominee director.
- Registered office: frequently provides the company’s registered address and handles official mail.
- Compliance keeper: tracks deadlines, keeps registers current and prepares the annual return.
How a CSP is registered — from RFA/QI to the CSP Act 2024
Because a CSP handles company formation and beneficial-ownership information, it sits at a money-laundering pressure point — so it is a regulated activity, registered and supervised by ACRA.
Historically, firms providing these services registered with ACRA as Registered Filing Agents (RFAs) and had to act through Qualified Individuals (QIs). The Corporate Service Providers Act 2024 then consolidated and strengthened this into a dedicated CSP regime.
| Element | What it means | Basis |
|---|---|---|
| Registered CSP | A firm must be registered with ACRA to provide corporate services by way of business, complete customer due diligence before providing services, and keep records for at least 5 years. | Corporate Service Providers Act 2024 — verified |
| Registered Qualified Individual (RQI) | Each CSP must have at least one RQI — a qualified person answerable for its regulated conduct. | Corporate Service Providers Act 2024 — verified |
| RFA / QI (earlier framework) | The pre-existing filing-agent registration and its Qualified Individuals, which the CSP Act builds on. Registration categories, transition and qualification criteria are set by ACRA. | ACRA’s prevailing rules — confirm with ACRA / counsel |
The Corporate Service Providers Act 2024 came into force on 9 June 2025 (Corporate Service Providers Regulations 2025, S 292/2025). The exact registration categories, fees, transition arrangements and qualification criteria for the RFA/QI and CSP/RQI regimes are governed by ACRA’s current rules — we do not assert specific clause numbers we have not verified. See the Resources explainers The CSP Act 2024 and Who must register as a CSP.
The Registered Qualified Individual (RQI)
The RQI is the person the regime holds answerable for a CSP’s conduct. There are limits on how thinly one RQI can be spread, and a separate threshold for acting as a nominee director.
- Every CSP must have at least one RQI (verified, CSP Act 2024).
- An RQI may act for a limited number of CSP firms — the cap is expressed by number of firms (approximately two, subject to case-by-case application), not by number of companies.
- A separate rule applies to acting as a nominee director for more than 50 companies, which triggers a capacity assessment under a distinct rule set.
To be confirmed by counsel: the exact RQI firm cap and the nominee-director capacity threshold should be confirmed against the Regulations with qualified counsel before you rely on a specific number. The common error is to state the cap in terms of “number of companies” — the cap is by number of CSP firms. Not legal advice. See the RQI explainer and nominee-director requirements.
What a CSP is responsible for
Two kinds of duty run in parallel: the corporate-secretarial work itself, and the compliance obligations that come with being a regulated firm.
| Duty | In practice | Where it sits |
|---|---|---|
| Corporate-secretarial administration | Incorporations, officer and address changes, share transactions, statutory registers, annual returns — filed on time and correctly. | Engagement + Companies Act 1967 |
| Customer due diligence | Identify and verify each client and its beneficial owners before acting; apply enhanced measures for higher risk; keep it current. | CSP Act 2024 — verified |
| Record-keeping | Retain due-diligence and transaction records for at least 5 years. | CSP Act 2024 — verified |
| Professional conduct | Act with integrity and independence, avoid facilitating misuse of a company, and report suspicion where required. | CSP Act 2024 & AML/CFT framework — clauses to be confirmed by counsel |
Professional conduct & due-diligence duties
A CSP is a gatekeeper. Because it forms companies and holds ownership information, it is expected to know who it is really acting for and to refuse or report misuse.
- Run CDD before providing services, and enhanced due diligence on higher-risk clients (PEPs, opaque structures, higher-risk jurisdictions).
- Keep the client picture current through periodic review.
- Maintain records for at least 5 years so the work is reconstructable on inspection.
- Where suspicion of money laundering or a related offence arises, the firm has a reporting obligation (under the CDSA) — filed by the firm’s MLRO, not by any software.
The full AML/CFT obligation framework — firm-wide risk assessment, CDD, EDD, ongoing monitoring, screening, record-keeping, STR, and internal policies/training/compliance officer — is set out on MAS, AML/CFT & the CSP Act 2024. Exact clauses are to be confirmed by counsel. Not legal advice.
The CSP’s relationships — with ACRA and with clients
A CSP answers in two directions at once: upward to the regulator, and across to the client whose company it administers.
| Relationship | Nature | What it demands |
|---|---|---|
| With ACRA | Registered and supervised firm; filing agent. | Register and maintain an RQI, complete CDD, keep records, submit to inspection, file clients’ transactions accurately and on time. |
| With the client | Professional engagement, often as agent and named officer. | Act on instructions within the law, keep the client compliant, but not follow an instruction that would facilitate wrongdoing. |
| With the company (as officer) | Where the CSP supplies the secretary or a nominee director. | The duties of that office attach personally to the individual — including a resident-director or secretary’s statutory responsibilities. |
Common liability risks
The role concentrates a few recurring exposures. Knowing them is half of managing them.
- Missed statutory deadlines — a filing not lodged on time can attract penalties for the company and its officers, and reflects on the CSP that was engaged to handle it.
- CDD failures — acting for a client whose ownership was never properly verified is the classic AML exposure; regulatory action can follow.
- Nominee-director exposure — acting as a director carries the full personal duties of that office, not just an administrative role.
- The resident-director / secretary vacancy trap — a resignation that leaves the company below the statutory floor cannot proceed until it is fixed.
- Record gaps — being unable to reconstruct what was done, and why, on inspection.
To be confirmed by counsel: the specific penalties and offences attaching to these risks are set by the Companies Act 1967, the CSP Act 2024 and the CDSA — we do not assert amounts we have not verified. Confirm exposure with qualified counsel. Not legal advice.
How CorpSec AI supports the practice
CorpSec AI is built around exactly this role — it does the corporate-secretarial and compliance legwork and leaves the professional judgement to you.
- CDD gate — a document cannot go out before due diligence is done (live); screening runs on demo data until a provider is connected.
- Compliance calendar & filing steps — deadlines computed from each company’s data so nothing is missed.
- Resident-director / secretary guards — the workflow checks the statutory floor before it drafts a cessation.
- Append-only audit log & CDD dossier — a reconstructable, 5-year-friendly record for inspection.
- Roles & four-eyes approval — including an RQI role — so responsibility is clear.
CorpSec AI supports the firm’s obligations; it does not discharge them. The RQI and the MLRO are people in your firm with legal responsibilities the software helps them meet. See KYC & compliance and Team & roles.
Frequently asked questions
What is the difference between an RFA/QI and a CSP/RQI?
They are the earlier and current framings of the same regulated activity. Firms historically registered with ACRA as Registered Filing Agents (RFAs) acting through Qualified Individuals (QIs). The Corporate Service Providers Act 2024 (in force 9 June 2025) put CSP registration and the Registered Qualified Individual (RQI) on a dedicated statutory footing. The exact registration categories and any transition are set by ACRA — confirm the current rules with ACRA or counsel.
Does a one-person firm need an RQI?
Every registered CSP must have at least one Registered Qualified Individual (verified, CSP Act 2024). Whether the same person can be both the firm and its RQI, and the precise qualification criteria, are governed by ACRA’s rules — confirm with ACRA or counsel.
Is CorpSec AI a CSP or an RQI?
No. CorpSec AI is software your CSP firm uses. Registration as a CSP and the RQI (and MLRO) roles rest with people in your firm; the product supports the work but does not replace those responsibilities.
This is a product guide for CorpSec AI. Where a feature runs on demo data or is not yet released, it is labelled as such. Compliance references are general information for Singapore corporate service providers, not legal advice.