The Register of Registrable Controllers (RORC) has quietly become the most heavily enforced ACRA register in 2026. Two reinforcing developments have driven this: the higher penalty regime introduced by the first tranche of the CALA Act 2025 on 6 May 2026, which raised the maximum fine for register failures to S$25,000, and the parallel rollout of the Corporate Service Providers Act 2024 framework on 9 June 2025, which channels almost every company change through a registered CSP that is itself subject to AML / CFT scrutiny.

If you are a director — particularly of a foreign-owned, multi-tier, or trust-held Singapore company — you should run a structured RORC health check before ACRA does. This article walks through who counts as a registrable controller, what 2026 enforcement actually looks like, the evidence trail ACRA expects, and a practical health-check methodology you can run in an afternoon.

What is the RORC, and why does ACRA care?

The RORC is the company’s internal register of beneficial owners — those who, directly or indirectly, hold a “significant interest” in the company or exercise “significant control” over it. The legal basis sits in Sections 386AF to 386AL of the Companies Act 1967, originally introduced in 2017 and progressively tightened since. Companies must keep the RORC at their registered office (or with their CSP), update it within prescribed timelines after any change, and lodge the information with ACRA’s central register.

ACRA cares because the RORC is the keystone of Singapore’s anti-money-laundering and counter-terrorism-financing regime. It is the principal mechanism by which Singapore demonstrates to the FATF that the beneficial ownership of every Singapore company can be identified. When the RORC is wrong, the entire AML chain downstream — KYC at the bank, transaction monitoring, sanctions screening — is wrong. Hence the enforcement focus. For the foundational rules, see our overview of the Register of Controllers.

Who is a registrable controller?

The Companies (Register of Controllers and Nominee Directors) Regulations 2017 set out two basic limbs:

Limb 1: Significant interest

  • Holds (directly or indirectly) more than 25% of the issued shares of the company; or
  • Holds (directly or indirectly) shares with more than 25% of the voting rights; or
  • Holds the right to share in more than 25% of any capital or profits of the company.

Limb 2: Significant control

  • Holds the right (directly or indirectly) to appoint or remove directors holding a majority of voting rights at board meetings; or
  • Has the right to exercise, or actually exercises, significant influence or control over the company.

“Indirectly” is the crucial word. If shares are held through one or more intermediate entities, you must trace through the chain of ownership until you reach a natural person (or, if the chain ends in a listed entity or sovereign wealth fund, the relevant entity itself). For trust-held companies, the trustee, the settlor (if not deceased), and any protector who exercises control are typically all registrable.

What does 2026 enforcement actually look like?

Three changes have made enforcement materially tighter than it was even 18 months ago:

1. Higher maximum fine

The CALA Act first tranche raised the maximum fine for register failures (including RORC) to S$25,000. This is not a notional penalty — ACRA has signalled that material or repeat failures will be prosecuted at meaningful fractions of the cap.

2. CSP-side cross-checks

Since 9 June 2025, every CSP-channelled transaction (incorporations involving foreign owners, nominee director appointments, share transfers, beneficial-owner changes) requires the CSP to perform AML KYC and to retain a five-year evidence trail. Where the CSP’s records and the company’s RORC diverge, ACRA can — and now does — issue inquiry notices.

3. BizFile automated reminders and inconsistency flags

BizFile cross-references the company’s filed RORC against the Annual Return shareholder list, the Register of Members, and (where relevant) the Register of Nominee Directors. Inconsistencies trigger automated reminders in the first instance and inquiry notices if the gap is not closed within prescribed periods.

The combined effect: the days when an out-of-date RORC could quietly sit on a CSP’s shelf for two AGM cycles are over. ACRA’s enforcement posture in 2026 is closer to “verify on every change” than “audit on inspection”.

The evidence trail ACRA expects

For each registrable controller, the company should be able to produce, on request:

  1. The declaration form signed by the controller (or, in the case of a corporate controller, the senior officer authorised to bind it). The declaration should state the basis on which the person is a controller (which limb), the controller’s name, NRIC or passport details, residential address, and the date the person became a controller.
  2. A source-of-control diagram (an organigram) tracing the ownership chain from the company up to the natural-person controller. For multi-tier groups this is non-trivial and should be refreshed at every change.
  3. Supporting documents — share certificates, share transfer instruments, trust deeds (or a trustee’s certificate where the deed is private), shareholder agreements, voting agreements, and any other documents that establish or evidence control.
  4. Annual confirmation — a signed annual confirmation from each registrable controller that the information remains current. ACRA increasingly expects this annual artefact during compliance audits.

The 14-day filing rule still applies: any change in a registrable controller (new controller, change of details, ceasing to be a controller) must be reflected on the RORC and lodged with ACRA’s central register within 14 days.

The 2026 RORC health-check methodology

Set aside an afternoon and run through the following:

Step 1: Reconstruct the ownership tree from primary records

Pull the Register of Members, the latest share transfer instruments, and the most recent Annual Return. From those primary records, build (or refresh) the source-of-control diagram up to natural persons. Do this independently of the existing RORC — you are checking whether the RORC matches reality, not the other way around.

Step 2: Apply both limbs to each person in the tree

For every natural person in the ownership tree, work through Limb 1 (significant interest) and Limb 2 (significant control) systematically. Do not stop at 25% shareholding — voting agreements, board-appointment rights, and shareholders’ agreement veto rights can each create a Limb 2 controller who is not visible from share ownership alone.

Step 3: Compare with the existing RORC and the lodged ACRA central register

Identify gaps and surplus entries. Common findings: a controller who became one but was never lodged; a controller who ceased but was never removed; a beneficial owner whose residential address has changed and was never updated; a trust-held company where the protector was never identified.

Step 4: Refresh declarations and supporting documents

For each current controller, obtain (or re-obtain) the declaration form, a source-of-control diagram, and the supporting documents. For each former controller, document the date they ceased and the basis (sale, redemption, restructuring).

Step 5: File the corrections within 14 days

Any corrections to the central register must be lodged via BizFile within 14 days of the company becoming aware of the discrepancy. Where a long-standing error is discovered, ACRA’s practice is to accept a single corrective filing accompanied by a brief written explanation; this is materially better than waiting for ACRA to find the error.

Special cases worth highlighting

Family offices and trust-held companies. Where a Singapore Pte Ltd sits inside a family-office structure, the controllers are typically the trustee plus the settlor and (if applicable) the protector. The trust deed needs to be reviewed each year — many discretionary trusts allow the protector to change, and that change is a registrable event. See our family office setup guide.

Variable Capital Companies (VCCs). VCCs are required to maintain a Register of Beneficial Owners under the Variable Capital Companies Act 2018, separate from but parallel to the Companies Act RORC. The same enforcement intensity applies.

Companies after a share transfer or reorganisation. Share transfers — even between two trusted parties — are the single most common trigger of RORC errors. The 14-day clock starts at completion, not at filing of the share transfer return. See our guide on types of business entities in Singapore for the underlying structural context.

Nominee shareholders. Where shares are held by a nominee, the registrable controller is the beneficial owner the nominee represents — not the nominee. This is one of the most common areas of historical error in RORC records, particularly for legacy structures established before 2017.

Statutory references

Sections 386AF to 386AL of the Companies Act 1967, the Companies (Register of Controllers and Nominee Directors) Regulations 2017, and the Corporate Service Providers Act 2024 are the principal sources. Acts and regulations are at Singapore Statutes Online. ACRA’s RORC practice direction and the central register lodgement portal are at ACRA.

Conclusion

The RORC has gone from a once-a-year compliance afterthought to a board-level register-hygiene priority. The combination of higher penalties, CSP-side AML checks, and BizFile cross-references means that even small inconsistencies tend to surface — and once they do, the remediation is far more costly than the prevention. A structured annual health check, ideally tied to the AGM cycle, is the simplest way to keep the register clean and the enforcement risk low.

If you would like a hand running a 2026 RORC health check or refreshing the source-of-control diagrams for a multi-tier or trust-held structure, our team at Raffles Corporate Services regularly handles this work for owner-managed and foreign-owned Singapore companies.

— The Editorial Team, Raffles Corporate Services