Anti-money laundering (AML) and countering the financing of terrorism (CFT) compliance has moved well beyond the domain of financial institutions. In 2026, Singapore private limited companies and their directors face a significantly expanded set of AML/CFT obligations — driven by the commencement of the Corporate Service Providers Act, the implementation of the Corporate and Accounting Laws (Amendment) Act 2025 (CALA 2025), and Singapore’s ongoing Financial Action Task Force (FATF) commitments.

This guide sets out what Singapore company directors need to understand about their AML/CFT responsibilities — and what they should be doing to comply.

Why AML/CFT Applies to Singapore Companies

Singapore’s AML/CFT framework rests on the premise that any company can be misused as a vehicle for money laundering or terrorist financing — particularly shell companies, holding entities, and businesses with complex ownership structures. MAS and ACRA have progressively extended AML/CFT obligations to cover not just financial institutions but also corporate service providers (CSPs), lawyers, accountants, and — through their intermediaries — the companies they serve.

For Singapore company directors, the key AML/CFT obligations arise in four areas: beneficial ownership transparency, nominee director and shareholder disclosure, customer due diligence through your CSP, and sanctions screening.

Beneficial Ownership: The Register of Registrable Controllers

Every Singapore company is required to maintain a Register of Registrable Controllers (RORC) — an internal record of individuals who ultimately own or control more than 25% of the company’s shares or voting rights, or who otherwise exercise significant control. This requirement has been in place since 2017, but CALA 2025 significantly strengthened the regime.

From 6 May 2026, companies must lodge their RORC information with ACRA via BizFile+, making controller information accessible to public authorities (though not to the general public). The lodgement must be updated within 2 business days of any change to the register.

Directors who fail to maintain an accurate RORC or to lodge updates within the prescribed period face fines of up to S$5,000 per officer per breach under CALA 2025. Directors who knowingly provide false information face criminal penalties.

Your corporate secretary should be maintaining the RORC as part of the corporate secretarial retainer and should be prompting directors to provide updated controller information whenever there is a change in shareholding or control.

Nominee Directors and Shareholders

If your company uses nominee directors or shareholders — a common arrangement for foreign-owned Singapore companies — you must maintain a Register of Nominee Directors and a Register of Nominee Shareholders. These registers must disclose the identity of the nominator (the beneficial owner behind the nominee) and must be kept at the company’s registered office.

Under CALA 2025, nominee directors have an enhanced obligation to declare their nominee status to the company and to update the register when the nominator changes. Nominees who fail to declare face fines of up to S$5,000. Companies that fail to maintain these registers face similar penalties.

This is an area where many foreign-owned Singapore companies have historically been non-compliant. The combination of CALA 2025 penalties and ACRA’s enhanced enforcement posture in 2026 means this gap must be closed urgently.

The Corporate Service Providers Act and AML/CFT

The Corporate Service Providers Act (CSPA), which came into force on 6 May 2026 alongside CALA 2025, requires all entities providing corporate secretarial and related services to register with ACRA and comply with AML/CFT obligations. This includes customer due diligence (CDD) — verifying the identity of directors, beneficial owners, and controllers before and during the engagement.

What this means for company directors: your corporate service provider is now legally required to:

  • Verify your identity and the identity of the company’s beneficial owners
  • Screen you and the company against sanctions lists and politically exposed persons (PEP) databases
  • File Suspicious Transaction Reports (STRs) with the Suspicious Transaction Reporting Office (STRO) if they identify activity that raises AML/CFT concerns
  • Conduct enhanced due diligence for higher-risk clients (such as companies with complex ownership structures or operations in high-risk jurisdictions)

If your current corporate service provider has not conducted any form of CDD on your company — has never asked you to complete a KYC form, verify your identity documents, or disclose your ultimate beneficial owner — this is a red flag. A CSP that is not complying with its own AML/CFT obligations puts you at regulatory risk.

Director Duties in Relation to AML/CFT

While AML/CFT compliance is primarily administered through the corporate service provider, directors themselves bear several non-delegable duties:

  1. Know your business. Directors must understand how the company’s funds flow — where money comes from, where it goes, and whether any transactions are unusual or inconsistent with the company’s stated business purpose. Wilful blindness is not a defence.
  2. Approve AML/CFT policies. Companies with their own AML/CFT obligations (such as licensed entities, financial services firms, or companies with MAS licences) must have a board-approved AML/CFT policy. Directors must formally approve this policy and review it at least annually.
  3. Do not facilitate suspicious transactions. If a director is aware of a transaction that may involve the proceeds of crime or the financing of terrorism, they have an obligation to report it. Facilitating or concealing such transactions is a serious criminal offence under the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act and the Terrorism (Suppression of Financing) Act.
  4. Cooperate with your CSP’s CDD process. When your CSP asks for updated identity documents, beneficial ownership declarations, or source-of-funds information, respond promptly and accurately. Providing false information to your CSP is itself a criminal offence.

Sanctions Screening

Singapore companies must not conduct business with sanctioned individuals or entities. Singapore implements UN Security Council financial sanctions and may also give effect to US OFAC, EU, and other international sanctions regimes depending on the company’s business relationships and counterparties.

Directors should ensure that any new significant business relationship — particularly with new foreign investors, suppliers in higher-risk jurisdictions, or customers paying in cash or cryptocurrency — is screened against relevant sanctions lists before the relationship commences.

Practical Steps for Directors in 2026

Here is a practical checklist for Singapore company directors:

  1. Confirm your RORC is up to date and has been lodged with ACRA via BizFile+ (required from 6 May 2026).
  2. Confirm all nominee directors and shareholders are declared in the relevant registers, with nominator details recorded.
  3. Confirm your corporate service provider is registered under the Corporate Service Providers Act and has conducted CDD on the company and its beneficial owners.
  4. Review any unusual transactions in the company’s bank accounts over the past year — any that are inconsistent with the business purpose, involve unfamiliar counterparties, or are structured to avoid reporting thresholds.
  5. For regulated entities or companies with a formal AML/CFT programme: review the AML/CFT policy, confirm it has been board-approved within the last 12 months, and ensure staff training records are current.

Conclusion

AML/CFT compliance is no longer optional or peripheral for Singapore companies. CALA 2025 and the CSPA have created a comprehensive, interlocking compliance framework that requires active participation from directors — not just delegating everything to a CSP and assuming all is well. Directors who take a proactive approach to AML/CFT compliance will be better positioned to deal with ACRA enquiries, due diligence requests from banks and investors, and the increasing scrutiny that Singapore’s enhanced enforcement environment brings.

If you would like to review your company’s AML/CFT compliance posture or need to appoint an ACRA-registered corporate service provider who can assist with RORC maintenance and CDD, contact Raffles Corporate Services at [email protected] or +65 8501 7133.

— The Editorial Team, Raffles Corporate Services