Public Consultation
Consultation Scope
The public consultation covered the proposed assessment framework for the Certificate of Corporate Secretarial Practice (CSP-18). The draft standard was published on 3 February 2026 via the Data Bureau (Singapore) consultations portal at databureau.com.sg/consultations. The consultation invited responses from ACRA-registered Corporate Service Providers, Registered Qualified Individuals, professional associations, and any member of the public with a substantive interest in the proposed framework.
The draft standard proposed an assessment architecture across six domains: Regulatory Standing and Institutional Legitimacy, AML/CFT/KYC Compliance, Statutory and Regulatory Filing Governance, Employment and Human Resource Compliance, Operational Governance and Client Protection, and Public Institutional Presence and Brand Integrity. A 100-point scoring model was proposed, with a minimum pass threshold of 75 points and a Distinction threshold of 90 points. Four domains were designated Mandatory — Regulatory Standing, AML/CFT/KYC Compliance, Statutory Filing Governance, and Public Institutional Presence — each carrying an individual minimum pass threshold that must be satisfied before the aggregate score is computed.
Submissions Received
Data Bureau (Singapore) received fourteen (14) substantive written responses during the consultation period. Respondents included sole-proprietor CSPs, boutique secretarial firms, multi-service providers offering combined secretarial and accounting services, and two professional association representatives. Respondents are referenced anonymously as R1 through R14. No identifying information is published.
Themes Raised
Responses were reviewed and categorised into five substantive themes.
Six respondents (R1, R3, R5, R7, R11, R13) raised concerns about the evidentiary requirements in the AML/CFT/KYC Compliance domain. The specific concern was whether a written AML/CFT policy alone would satisfy the domain criteria, or whether ongoing operational evidence — including completed CDD records and STR assessment logs — was required. Several respondents indicated that smaller CSP operators maintain compliant practices but do not systematically document every step, and asked how the assessing panel would treat documented policy against demonstrated operational practice.
Five respondents (R2, R6, R8, R12, R14) questioned whether the individual mandatory domain thresholds — particularly the 65% minimum for AML/CFT/KYC Compliance and Statutory Filing Governance — were calibrated appropriately for sole-proprietor and micro-firm CSPs. The concern was that a single evidentiary gap in a mandatory domain could result in an automatic Not Certified outcome regardless of strong performance in other domains.
Four respondents (R4, R9, R10, R13) asked how the assessing panel determines the sample of client filings reviewed under the Statutory and Regulatory Filing Governance domain. Respondents operating large client portfolios asked whether the sample size would scale with portfolio size, and whether the panel's sampling methodology was published or disclosed to the applicant in advance.
Two respondents (R3, R7) raised a structural question: where the firm is a sole proprietorship and the sole practitioner is the designated RQI, several criteria addressing the firm's institutional governance appeared to presuppose a separation between firm-level governance and the individual practitioner. These respondents asked how Domain A and Domain B criteria would be applied where the firm and the RQI are the same individual.
Two respondents (R5, R14) noted that the Corporate Service Providers Act 2024 registration window had only recently closed and that a proportion of newly registered CSPs had not yet established full public-facing institutional infrastructure — including operational websites, named personnel listings, and consistent brand identity. These respondents asked whether Domain F criteria would apply equally to CSPs registered within the prior 12 months.
Data Bureau's Response to Each Theme
Theme 1 — AML/CFT Compliance Evidence Standards
Data Bureau (Singapore) assesses AML/CFT compliance on the totality of the evidence submitted, not on policy documents alone. A written policy is a necessary component of the AML/CFT domain. It is not sufficient. Operational evidence — including documented CDD procedures, records of client risk tiering, and evidence of at least one internal STR assessment — forms part of the required evidence package. The standard reflects the position of the ACRA Guidelines for Registered CSPs, which require both documented frameworks and demonstrably operational practices.
The concern about smaller operators was noted. The standard does not treat firm size as a mitigating factor. Every criterion reflects a verifiable, immediately assessable condition calibrated to what a registered CSP is required to maintain under the CSP Act 2024 regardless of scale.
No amendment adopted. The evidence requirements are consistent with existing regulatory obligations.
Theme 2 — Mandatory Domain Threshold for Smaller Operators
The mandatory domain architecture reflects a structural judgement: there are conditions that no certified CSP should fall below, regardless of how well it performs in other areas. AML/CFT compliance and filing governance are two of those conditions. The mandatory threshold is set at 65% — not 100% — specifically to accommodate evidentiary limitations while maintaining a meaningful floor.
The institution considered whether a compensatory mechanism across mandatory domains should be introduced for smaller operators. This was not adopted. The mandatory domain structure is a feature of the standard's integrity, not an artefact of its calibration. Introducing compensation would remove the categorical assurance that certification is intended to provide.
No amendment adopted.
Theme 3 — Client Portfolio Sampling Methodology
The concern about sampling transparency was accepted. The adopted standard retains panel discretion over sample size and composition — this is necessary to preserve assessment integrity and prevent applicants from pre-selecting a favourable sample. However, the evidence checklist (published separately) was amended to disclose the sampling approach: panels draw from across the client base, with sample size scaled to portfolio volume, and the applicant is notified of the sample scope at the point of evidence package acceptance. Applicants with portfolios below a defined threshold are assessed on their full client base rather than a sample. This amendment was incorporated into the evidence checklist, not the standard itself.
Theme 4 — RQI Designation Where the Firm Is a Sole Practitioner
The concern was well-founded. In sole-practitioner CSPs, certain institutional governance criteria — including the firm's board-level policy approval and the separation of the compliance function from the operational function — cannot be applied as written without adaptation. The adopted standard was amended to include an interpretive note clarifying that where the firm consists of a single practitioner who is also the designated RQI, institutional governance criteria referencing board or management-level functions are assessed against the practitioner's documented personal governance practices — including dated policy reviews, self-certification records, and documented decision logs — rather than against a formal board or committee structure.
Theme 5 — Public Institutional Presence for Newly Registered CSPs
Domain F criteria apply uniformly to all CSP-18 applicants, including those registered recently. A CSP that assists companies in establishing their legal identity must itself maintain an unambiguous and accountable public presence. The Corporate Service Providers Act 2024 registration requirement, and the compliance obligations it carries, were publicly known in advance of the mandatory registration deadline. The period since registration has been sufficient for the minimum Domain F requirements — including an operational website and consistent business name representation — to be established.
The mandatory threshold for Domain F is 6 out of 10 points. This reflects a calibration that does not require a fully developed institutional communications infrastructure — it requires a verifiable, functional, and honest public presence.
No amendment adopted.
Material Changes Made to the Adopted Standard
The following changes were made to the CSP-18 standard as a direct result of consultation feedback:
Evidence checklist amended to disclose the panel's portfolio sampling approach, including the notification of sample scope to the applicant at the point of evidence package acceptance, and the full-portfolio assessment rule for smaller client bases (Theme 3).
Interpretive note added to the adopted standard clarifying the application of institutional governance criteria to sole-practitioner CSPs where the firm and the designated RQI are the same individual (Theme 4).
Feedback Considered and Not Adopted
Compensatory Mechanism Across Mandatory Domains (Theme 2)
Multiple respondents proposed that strong performance in non-mandatory domains should be capable of compensating for a marginal shortfall in a mandatory domain. This was considered and not adopted. The mandatory domain architecture is a categorical commitment — not a scoring preference. Introducing a compensatory mechanism would convert a structural safeguard into a discretionary one. The institution's position is that the 65% mandatory threshold already incorporates calibration for smaller operators; the mechanism itself will not be altered.
Reduced Evidence Requirements for Newly Registered CSPs (Theme 5)
One respondent proposed that CSPs registered within the prior 12 months be assessed against a reduced subset of Domain F criteria during an initial transition period. This was considered and not adopted. Graduated compliance for newer entrants is inconsistent with the standard's purpose: CSP-18 is not an attainment programme — it is a certification of existing practice. An entity that does not yet meet the standard should not hold the certificate until it does.
Conclusion
Data Bureau (Singapore) thanks all respondents for their engagement with the CSP-18 consultation. The feedback received informed two targeted amendments to the adopted standard and its supporting documentation. The institution considers that the adopted CSP-18 framework appropriately reflects the compliance obligations of Singapore's newly licensed corporate secretarial sector and provides a meaningful, independent standard above the baseline of ACRA CSP registration.
The adopted CSP-18 standard is published in the Data Bureau (Singapore) Publications & Intelligence section at databureau.com.sg/resources/publications.