Playbook: Onboard a new client
From an empty workspace to a fully set-up client company with its compliance calendar lit up — the whole journey, click by click.
Before you start
You need a CorpSec AI workspace (see Getting started) and the basic details of the new client: company name and UEN, and ideally its financial year-end, registered address and officers. A write-enabled role (Preparer or above) is required.
Legal basis — why KYC comes first
Onboarding is a regulated event, not just data entry. The provisions below are from CorpSec AI’s verified citation table; this is general information, not legal advice.
- CDD before service: a registered CSP must complete customer due diligence before providing services, keep records for at least 5 years, and have at least one Registered Qualified Individual — the Corporate Service Providers Act 2024 (in force 9 June 2025; verified). This is why CorpSec AI blocks document generation until CDD is passed.
- Beneficial ownership: the company must maintain its register of registrable controllers — internal update within 7 days, ACRA central register within 2 business days (verified). Onboarding is when you first capture the 25%+ controllers.
- Director & secretary checks: at least one director ordinarily resident in Singapore (section 145(1), verified) and a secretary resident in Singapore (section 171(1) — exact vacancy sub-clause to be confirmed by counsel).
For the underlying obligations see MAS, AML/CFT & the CSP Act and the Resources explainer AML/CFT obligations for CSPs.
Step 1 — Add the company
Open Companies and click Add company. Enter the name and UEN (a director is optional) and save. The company now appears in your list, ready for work.
- Companies → Add companyCreate the client entity with its name and UEN.
- Fill in what you haveAdd the registered address, financial year-end and officers so the AI can draft accurately. A fuller profile means fewer questions later.
Onboarding several at once? Import them from a spreadsheet instead — see Import an existing book.
Step 2 — Run KYC so the client clears the gate
Open a task against the company, go to the Compliance tab, and click Start KYC. Work through due diligence: run screening, set the risk rating, complete any enhanced due diligence, and check the beneficial-ownership look-through. When CDD is passed, the client clears the compliance gate.
This step is not optional busywork — until CDD is passed, CorpSec AI will block any document generation for the client. Do KYC first. Note that screening runs on demo data until a provider is connected (see KYC & compliance).
Step 3 — Generate the engagement letter
In the task conversation, ask the AI to draft the client-facing paperwork — for example "Draft the engagement letter for corporate secretarial services." It uses your fee schedule and the company’s details. Review it in the Document tab, tweak wording by commenting on the text, and send it for signature.
- Ask for the engagement letterThe AI drafts it from your fee schedule and the company profile.
- Review and adjustSelect any wording you want changed and comment; the AI makes the pinpoint edit.
- Send to signCopy the signing link to the client to collect an e-signature.
Step 4 — Handle first resolutions and appointments
New clients often need first board resolutions — appointing officers, adopting a constitution, opening a bank account. Create a task for each (or use the built-in onboarding workflow), and let the AI draft the resolutions. Each one goes through review, approval and, where needed, signing.
Step 5 — Watch the compliance calendar light up
Once the company has its details (especially the financial year-end), CorpSec AI works out its recurring deadlines — annual return, AGM, and so on — and shows them on the Calendar. That is the sign your client is fully onboarded: nothing recurring will slip, because it is now tracked.
These deadlines are calculated from the company’s financial year-end using standard Singapore timelines, so make sure the FYE is set correctly.
Common pitfalls & edge cases
- Drafting before CDD passes. The hard gate blocks document generation until CDD is passed. Trying to produce the engagement letter or first resolutions before screening will be blocked — do KYC first.
- Beneficial-ownership look-through stopping too early. A 25%+ corporate shareholder is not the end — trace up to the ultimate individual controller so the RORC is populated correctly (see the RORC playbook).
- FYE left blank. Without a financial year end, the compliance calendar cannot compute the AGM and annual-return deadlines. An onboarded client with no FYE is not fully set up.
- Resident-director / secretary gap missed at setup. Onboarding is the moment to confirm the company has a resident director (s145(1)) and a resident secretary (s171(1)) — catch a gap now, not at the first filing.
- Treating demo-data screening as a production decision. Screening runs on demo data until a provider is connected — do not record a clear screening result as if it were a live watchlist check.
- Higher-risk client onboarded without EDD. A high-risk rating should trigger enhanced due diligence before proceeding, not after the first piece of work.
Onboarding is a regulated event, not data entry. CDD before service is the hard gate; the resident-director, secretary, FYE and controller checks all belong here so the client is compliant from day one. Not legal advice.
Frequently asked questions
What is the one thing I must not skip?
KYC. Until CDD is passed, the compliance gate blocks document generation for the client — so screening and risk rating come before any drafting.
Do I have to create each resolution as a separate task?
You can, or you can use a bundled onboarding workflow that lays out the steps for you. Either way the AI does the drafting and you confirm.
How do I know onboarding is complete?
The client’s KYC shows cleared, the engagement letter is signed, and the compliance calendar is showing its recurring deadlines.
This is a product guide for CorpSec AI. Where a feature runs on demo data or is not yet released, it is labelled as such. Compliance references are general information for Singapore corporate service providers, not legal advice.