RORC and beneficial-owner register under CSP Act 2024 — Complete 2026 guide

The Register of Registrable Controllers (RORC) and the beneficial-owner register under the Corporate Service Providers Act 2024 (CSP Act 2024) form Singapore’s transparency framework for ultimate ownership and control of companies, limited liability partnerships and limited partnerships. The CSP Act 2024 transferred and elevated the previous Companies Act and LLP Act controller-register obligations into a single, more robust statutory regime, with shorter filing windows, broader sanctions for breach and a clear role for corporate service providers (CSPs) as gatekeepers.

Raffles Corporate Services works with a panel of corporate and employment law firms; this article is general information, not legal advice.

What the RORC is and what it captures

The RORC is a register maintained by each Singapore-incorporated company (and by each LLP and LP) of every person who exercises significant control over the entity. Under the CSP Act 2024 the test for “registrable controller” has been clarified and aligned with the Financial Action Task Force ultimate beneficial owner framework: a person is a controller if they directly or indirectly hold more than 25 per cent of the voting rights or shares of the entity, or otherwise exercise significant control through arrangements such as veto rights, board appointments or contractual control.

The information captured in the RORC includes the controller’s full legal name, identification number, nationality, residential address, date of becoming a controller, and the nature of the controller’s interest (voting rights, shares, or other forms of control). The entity must take reasonable steps to identify its controllers and is responsible for the accuracy of the register.

What changed when the CSP Act 2024 came into force

Three changes stand out. First, beneficial-owner information that companies must maintain has been consolidated and held centrally with ACRA, while the entity-level RORC continues to exist as a working document. Second, CSPs that perform corporate secretarial functions are placed under direct ACRA oversight with conduct standards, AML/CFT obligations and customer due diligence requirements anchored in the CSP Act 2024. Third, the timeframes have been tightened: entities now have 14 days (down from 30 days under the prior regime) to update the RORC after a change in registrable controller, and CSPs have a parallel obligation to update central records promptly.

The CSP Act 2024 also creates a clearer chain of accountability. Section 26 of the CSP Act 2024 establishes that a CSP performing controller-register functions on behalf of a client may be held responsible for breaches arising from the CSP’s failure to obtain and verify controller information, regardless of any client contractual representation.

Who needs to maintain a RORC and submit beneficial-owner data

The obligation applies to every Singapore-incorporated company (other than narrow exempt categories), every LLP and every LP. Specific exemptions apply to listed companies whose shareholdings are already disclosed under the Securities and Futures Act 2001 transparency framework, to Singapore financial institutions whose ownership is reported to MAS, and to wholly owned subsidiaries of such exempt entities where the immediate parent is itself exempt.

For private companies, no carve-out exists based on size. A two-shareholder, S$1 paid-up Pte Ltd has the same RORC obligation as a S$500 million holding company. Family offices, holding companies of operating businesses and special-purpose investment vehicles all fall squarely within the regime, which is why multi-jurisdiction family office structures need careful upstream mapping before any Singapore vehicle is incorporated.

Identifying a registrable controller — the practical test

The test has two limbs. The first limb (the voting/shares test) catches any person who directly or indirectly holds more than 25 per cent of voting rights or shares. “Indirectly” includes interests held through a chain of intermediaries, including trusts and partnerships, and requires the entity to look through legal layers. The second limb (the significant influence or control test) catches persons who exercise significant control even without crossing the 25 per cent threshold — for example, through veto rights over budget or appointments, through the ability to appoint or remove a majority of directors, or through contractual rights such as those in a shareholder agreement or trust deed.

For complex trust structures, the controller is generally the settlor with retained control, the trustee, the protector with veto powers, or any beneficiary with a vested entitlement to more than 25 per cent. Discretionary beneficiaries without vested rights are not automatically controllers but may be if the practical facts show influence.

Cost, timeline and process for setting up the RORC

Setting up the RORC at incorporation is a low-cost mechanical step. For most CSPs, RORC set-up is bundled into the standard incorporation fee (typically S$300 to S$700 incorporation-inclusive in Singapore). Maintenance is included in standard annual corporate secretarial retainers, which run S$600 to S$1,800 per year for a straightforward holding company.

Process: at incorporation, the CSP issues notices to all known shareholders and beneficial owners under Section 386AF of the Companies Act 1967, requiring them to confirm their controller status. The entity must take reasonable steps to identify any indirect or beneficial controllers (including issuing follow-up notices). Within 30 days of incorporation, the RORC is established with confirmed controller details. Thereafter, the 14-day update rule applies for any change.

Step-by-step CSP Act compliance for an existing company

Existing companies needed a CSP Act 2024 readiness check during 2024–2025. The current state-of-play steps are: Step 1 — confirm the entity’s RORC is up to date with all required fields, including residential addresses for individual controllers and registered office addresses for corporate controllers. Step 2 — confirm all controllers have responded to the Section 386AF notices and that “unverified” status has been resolved. Step 3 — confirm the CSP (or in-house secretary) has performed the requisite customer due diligence on each controller, including identity verification and source-of-funds review where required. Step 4 — confirm central register submissions to ACRA are current. Step 5 — embed the 14-day update rule into the entity’s compliance calendar.

For companies where directors and EP-holders overlap, see also Singapore EP holder start business directorship 2026 for the work-pass dimension of director appointments — controller updates may interact with MOM disclosures.

Penalties and enforcement under the CSP Act 2024

Breaches of the RORC and beneficial-owner register obligations attract financial penalties on both the entity and its officers. Standard maximum fines are S$5,000 per officer per breach, rising to S$25,000 where the breach is intentional or persistent. For CSPs, breaches of the customer due diligence and record-keeping obligations attract additional sanctions including licence suspension or revocation under the CSP Act 2024 enforcement framework.

Practical enforcement has stepped up. ACRA conducted thematic reviews in 2025 that surfaced more than 6,000 entities with stale or incomplete RORC entries, leading to remediation notices and a smaller number of financial penalties. Compliance with the 14-day update rule has therefore become a regular touchpoint in board calendars.

How RORC interacts with other transparency regimes

The RORC sits alongside the ACRA central register of nominee directors, the ACRA central register of nominee shareholders, the AML/CFT customer due diligence obligations of CSPs, banks and other regulated firms, and the FATF mutual evaluation framework. Information disclosed in the RORC is generally not publicly searchable, but is accessible to ACRA, IRAS, MAS, the Commercial Affairs Department and other Singapore law enforcement agencies. CSPs typically share controller information with relevant counterparties under standard onboarding requests.

For specific vehicles see also our nominee director in Singapore guide — nominee directors do not affect the controller analysis (the underlying principal remains the controller) but require parallel disclosure on the nominee director register.

FAQs

Is the RORC publicly searchable? No. The RORC and the central beneficial-owner records are accessible only to specified law enforcement and regulatory agencies, not to the general public. A separate, narrower public summary is available for listed companies and other limited cases.

What if a controller refuses to provide their details? The entity should issue a Section 386AF notice in writing, document follow-up steps, and report the non-response to ACRA via the prescribed channels. The entity should also restrict the controller’s voting rights and dividend entitlements pending compliance, where permitted by the constitution.

Does a single-shareholder Pte Ltd still need a RORC? Yes. The RORC obligation applies regardless of the number of shareholders. A single-shareholder Pte Ltd will simply have one entry in the RORC.

Are nominee shareholders separate from the RORC? Yes. Nominee shareholders are recorded on a separate ACRA register; the underlying beneficial owner is recorded in the RORC.

What is the relationship between the RORC and the CSP’s AML file? The CSP must hold and retain customer due diligence documentation on each controller (identification documents, source-of-funds evidence where required, ongoing monitoring). This is separate from the RORC but the two records should be consistent.

Need help with this? Call, SMS or WhatsApp +65 8501 7133, or email [email protected]. Raffles Corporate Services maintains compliant RORCs and central register filings for Singapore companies, LLPs and LPs — book a corporate secretarial review to confirm your records meet the CSP Act 2024 standard.