The CSP Act 2024: what corporate service providers must do (2026)
A complete, plain-English guide to Singapore’s Corporate Service Providers Act 2024 — registration, AML/CFT duties, RQIs, nominee directors, record-keeping and penalties.
What is the Corporate Service Providers Act 2024?
The Corporate Service Providers Act 2024 (the “CSP Act”) is Singapore’s dedicated law regulating corporate service providers. It came into force on 9 June 2025, alongside the Corporate Service Providers Regulations 2025, and is administered by the Accounting and Corporate Regulatory Authority (ACRA).
It replaces the older filing-agent regime with a full licensing-style framework. Every business that provides corporate services in or from Singapore — company formation, registered office, acting as or arranging directors and nominee shareholders, or transacting with ACRA on others’ behalf — must now register with ACRA as a CSP and comply with anti-money-laundering and counter-terrorism-financing (AML/CFT/PF) obligations.
The Act’s purpose is transparency and gatekeeping: CSPs sit at the entry point of Singapore’s corporate ecosystem, so the law makes them accountable for knowing who they act for and blocking misuse of Singapore entities.
Who must register as a CSP?
You must register if you carry on a business of providing any corporate service in or from Singapore. The trigger is providing the service by way of business to other persons — not doing it for your own company.
Covered corporate services include:
- Forming corporations or other legal entities on behalf of others.
- Acting as, or arranging for another person to act as, a director or secretary of a company.
- Acting as, or arranging for another person to act as, a nominee shareholder.
- Providing a registered office, business or correspondence address for others.
- Carrying out transactions with ACRA (filings, lodgements) on behalf of others.
What are the main obligations under the CSP Act 2024?
Registration is only the start. Once registered, a CSP must run an AML/CFT programme and meet several ongoing duties. In short: know your client, screen them, assess risk, keep records, and report what looks suspicious.
| Obligation | What it means in practice |
|---|---|
| Register with ACRA | Every CSP entity registers before providing corporate services by way of business. |
| Appoint an RQI | Have at least one Registered Qualified Individual who provides or supervises corporate services. |
| Customer due diligence (CDD) | Identify and verify every customer and the beneficial owners behind them. |
| Enhanced due diligence (EDD) | Apply extra scrutiny to high-risk clients — PEPs and higher-risk jurisdictions. |
| Screening | Screen customers and beneficial owners against sanctions and watchlists. |
| Risk assessment | Assess and document money-laundering / terrorism-financing risk. |
| Record-keeping | Keep CDD and transaction records for at least 5 years. |
| Suspicious transaction reports | File an STR with the authorities when there are grounds for suspicion. |
| Nominee director controls | Run a fit-and-proper assessment before arranging any nominee director; disclose nominee status. |
What are the AML/CFT duties in detail?
The heart of the CSP Act is the AML/CFT/PF regime. A CSP must perform customer due diligence on every client — identifying and verifying the customer and the natural persons who ultimately own or control them (the beneficial owners).
For higher-risk clients — such as politically exposed persons (PEPs) or clients connected to higher-risk jurisdictions — a CSP must apply enhanced due diligence, including additional verification and senior-management approval. All customers and beneficial owners are screened against sanctions and watchlists, and the CSP maintains a documented risk assessment. Records must be kept for at least five years, and any grounds for suspicion trigger a suspicious transaction report (STR).
For the full breakdown, see our dedicated guide on the AML/CFT obligations for CSPs.
What is a Registered Qualified Individual (RQI)?
Every registered CSP must have at least one Registered Qualified Individual (RQI) — a person who holds the relevant qualifications, has completed mandatory AML/CFT/PF training, and either provides or supervises the CSP’s corporate services. The RQI is the accountable human behind the CSP’s compliance.
Read the full explainer: What is a Registered Qualified Individual (RQI)?
What are the nominee director rules?
A CSP must not arrange for anyone to act as a nominee director unless it is satisfied the person is fit and proper — assessing their conduct, competence, capacity and integrity, and confirming they are not disqualified. Nominee status and the identity of nominators must be disclosed to ACRA, and nominee status is made publicly visible on the register.
A person who acts as a nominee director by way of business without being arranged by a registered CSP commits an offence. See: Nominee director requirements under the CSP Act 2024.
What are the penalties for non-compliance?
The CSP Act carries real teeth. Penalties scale with the breach:
- Breaching AML/CFT/PF obligations — a fine of up to S$100,000 per breach, and senior management can be personally liable.
- Failing to ensure a nominee director is fit and proper — a fine of up to S$100,000.
- Providing corporate services without registering as a CSP — widely reported by law-firm briefings as a fine of up to S$50,000, imprisonment of up to 2 years, or both, with additional daily fines for continuing offences. Confirm the exact figures against the CSP Act as enacted before relying on them.
- Acting as a nominee director by way of business outside a registered CSP — commonly cited as a fine of up to S$10,000; confirm against the CSP Act as enacted.
When did the CSP Act 2024 take effect, and what should I do now?
The Act and the CSP Regulations 2025 commenced on 9 June 2025. Existing filing agents were reported to have a transitional grace period (commonly cited as about six months) to register — confirm the current transition timeline with ACRA.
Practically, a CSP should: confirm its ACRA registration, designate an RQI, put a written AML/CFT programme in place, run CDD/EDD and screening on every client, keep records for at least five years, and build a fit-and-proper process for any nominee directors it arranges. CorpSec AI operationalises each of these steps so the AI does the work and you confirm.
Frequently asked questions
When did the CSP Act 2024 come into force?
The Corporate Service Providers Act 2024 and the CSP Regulations 2025 took effect on 9 June 2025.
Do all corporate service providers have to register with ACRA?
Yes. Every business that provides corporate services in or from Singapore by way of business must register with ACRA as a CSP before providing those services.
What is the maximum penalty under the CSP Act 2024?
Breaching AML/CFT/PF obligations, or failing to ensure a nominee director is fit and proper, can each attract a fine of up to S$100,000, and senior management may be held personally liable.
What must a CSP do to comply?
Register with ACRA, appoint at least one Registered Qualified Individual, perform customer and enhanced due diligence, screen clients, assess risk, keep records for at least five years, file suspicious transaction reports, and assess nominee directors as fit and proper.
Sources
This article is general information for Singapore corporate service providers, not legal or professional advice. Verify against the primary sources above and your own professional judgement.