Why Your Company May Require a Nominee Director
Under Singapore law, every company must have at least one director who is a resident of Singapore. This requirement is particularly relevant for foreign entrepreneurs who are in the process of applying for an Employment Pass. Until the pass is approved, they cannot act as the sole director of their company.
The Role of a Nominee Director
To meet the local director requirement, companies often appoint a Nominee Director. This individual formally holds the position of director but does not participate in the daily management or operations of the business. Their primary function is to help the company remain compliant with local regulations.
Appointing a Nominee Director: What to Consider
Engaging a trusted and experienced service provider is essential when appointing a Nominee Director. It ensures compliance with regulatory requirements and provides peace of mind during the interim period while the business owner secures the necessary work passes.
Appointing a local director for your Singapore company is not just a formality—it comes with legal responsibilities and compliance obligations. Factors such as your business structure, industry, and shareholder composition can significantly affect the scope of a director’s duties and liabilities. To ensure proper compliance and mitigate potential risks, we strongly recommend consulting our professional advisors before making any decisions regarding the appointment of a local director.
What Is a Corporate Secretary?
A Corporate Secretary is a key officer responsible for ensuring that your company complies with Singapore’s legal and regulatory requirements. This includes:
- Filing statutory returns with ACRA (Accounting and Corporate Regulatory Authority)
- Maintaining statutory registers (e.g., of directors and shareholders)
- Updating company records and resolutions
Why Is a Corporate Secretary Important?
Under Singapore law, every company must appoint a corporate secretary within 6 months of incorporation. The corporate secretary plays a crucial role by:
- Ensuring legal compliance
- Managing administrative and governance tasks
- Keeping directors and shareholders informed of their obligations
Failure to appoint one may result in penalties or fines from ACRA.
Do Small Companies Need a Corporate Secretary?
Yes. Regardless of size, all companies must appoint a corporate secretary.
Small businesses often outsource this role to experienced providers (e.g., Sleek) to save cost and ensure professional support without hiring in-house staff.
Who Can Be a Company Secretary in Singapore?
A company secretary must:
- Be a Singapore resident
- Be at least 18 years old
- Be qualified and experienced in corporate compliance
Accepted qualifications include membership in: - Institute of Singapore Chartered Accountants (ISCA)
- Chartered Secretaries Institute of Singapore (CSIS)
Note: A sole director cannot act as the corporate secretary.
What Are Company Secretarial Services?
Company secretarial services involve:
- Corporate compliance advisory
- Maintaining statutory registers and records
- Filing annual returns
- Mediating internal disputes between directors or shareholders
- Ensuring board meetings and resolutions are properly documented
This service acts as a backbone of good governance, especially important during periods of change or conflict.
How to Switch to Esin’s Corporate Secretarial Services?
Contact Esin to initiate your company transfer in.
Notify your current service provider and authorize the transfer.
Esin will take care of onboarding and compliance transition efficiently.
In addition to corporate secretarial services, Esin also offers registered address services. We’re happy to assist with any questions—whether it’s about general compliance matters or switching from your existing provider.
What Is a Data Protection Officer (DPO) and Why Is the Role Important?
A Data Protection Officer (DPO) is tasked with leading an organisation’s data protection efforts and ensuring full compliance with Singapore’s Personal Data Protection Act (PDPA). Under the PDPA, any organisation that collects, uses, or discloses personal data must designate at least one individual to be responsible for data protection matters. The DPO plays a crucial role in developing and implementing the organisation’s data governance framework to secure personal information and minimise data-related risks.
What Are the Core Responsibilities of a DPO?
The role of a DPO spans across various areas of data governance and regulatory compliance. The key duties typically include:
- Ensuring Adherence to the PDPA
The DPO is responsible for overseeing the organisation’s compliance with PDPA requirements, which includes evaluating and enhancing data protection systems, policies, and internal workflows. - Risk Identification and Reporting
The DPO proactively identifies data protection risks and ensures these are communicated to senior management, allowing timely intervention and mitigation. - Promoting Awareness and Education
A DPO is expected to conduct training and awareness initiatives for employees to foster a culture of data protection. This also extends to educating third-party partners (e.g., vendors, contractors) about PDPA compliance, particularly when they handle personal data on the company’s behalf. - Managing Data-Related Requests and Complaints
Serving as the main point of contact for data protection matters, the DPO responds to access or correction requests and handles complaints related to personal data use, both internally and externally. - Policy Development and Implementation
The DPO must design and maintain appropriate data protection policies tailored to the organisation’s needs, ensuring staff are guided on how to manage personal data responsibly and lawfully. - Liaising with the Personal Data Protection Commission (PDPC)
The DPO acts as the organisation’s representative in dealings with the PDPC, ensuring prompt and accurate communication, especially during audits, investigations, or when regulatory updates arise.
Who Is Eligible to Be Appointed as a DPO?
In Singapore, the PDPA allows flexibility in appointing a DPO, focusing more on capability than on formal qualifications or age. Key criteria include:
- Internal or External Appointment: Organisations can either appoint an internal staff member who understands internal processes or engage an external professional or consultancy with relevant expertise.
- Competency-Based Selection: While there is no age restriction, the appointed DPO must have sufficient knowledge of Singapore’s data protection laws and be able to manage privacy-related risks effectively.
How to Appoint and Register a DPO in Singapore?
There is no legally prescribed method for appointing a DPO, but companies must publicly provide their DPO’s business contact details as part of their PDPA obligations.
For ACRA-registered entities, the DPO’s appointment can be registered through the BizFile+ portal. The general process is as follows:
- Log in to BizFile+ using CorpPass or SingPass.
- Navigate to “eServices” and select the DPO registration/update section.
- Enter required information, including company UEN, website, phone number, and DPO’s full contact details and designation.
- Review and submit the form to complete the registration.
For non-ACRA entities such as charities or voluntary groups, registration should be made directly through the PDPC’s website, following the commission’s specific guidance.
What Are the Advantages of Appointing a DPO?
Designating a DPO delivers significant benefits, including:
- Regulatory Compliance: Ensures the organisation meets PDPA obligations and reduces the risk of enforcement actions or fines.
- Enhanced Reputation and Trust: Demonstrates accountability in data handling, boosting client and stakeholder confidence.
- Improved Data Management: Encourages structured processes for collecting, storing, and managing data efficiently and securely.
- Effective Liaison with Authorities: Facilitates smooth interactions with the PDPC, especially in times of audits or investigations.
- Risk Mitigation: Implements best practices to reduce the chances of data breaches or cyber incidents.
What Challenges May Arise in Appointing a DPO?
Despite its benefits, the DPO role can present operational challenges:
- Resource Constraints: SMEs may find it difficult to allocate budget and manpower to support a dedicated DPO function.
- Regulatory Complexity: The evolving nature of data protection regulations demands ongoing upskilling and vigilance.
- Role Conflict: In smaller setups, DPO responsibilities may be added to an employee’s existing duties, affecting focus and performance.
- Cultural Shift: Establishing a privacy-first culture takes time and requires strong internal advocacy and leadership.
What Are the Risks of Non-Compliance?
Failure to appoint a DPO or comply with the PDPA can result in regulatory investigations and enforcement actions. While the law doesn’t mandate specific penalties solely for not appointing a DPO, broader non-compliance can lead to significant consequences, including:
- Warnings or directions from the PDPC
- Financial penalties up to SGD 1 million or 10% of annual turnover, depending on the nature and impact of the violation
How Can Esin Assist with DPO Services?
Esin offers end-to-end support for businesses navigating the complexities of PDPA compliance. Their services include:
- Advising on suitable candidates or third-party arrangements for the DPO role
- Registering the appointed DPO with ACRA
- Providing ongoing support to ensure the organisation remains compliant with evolving data protection requirements
We recommend consulting with our advisors for more information on Pass applications and gaining a clearer understanding of DPO.
What is the RORC (Register of Registrable Controllers)?
The Register of Registrable Controllers (RORC) is an official record that holds the details of individuals or legal entities who have been identified as Registrable Controllers of a company. This register is a regulatory requirement aimed at enhancing corporate transparency in Singapore.
Who Qualifies as a Registrable Controller (RC)?
A Registrable Controller is either an individual or a corporate entity that exercises “significant interest” and/or “significant control” over the company.
- Significant Interest typically refers to:
- Holding more than 25% of the company’s shares, or
- Controlling more than 25% of the total voting power in the company.
- Significant Control may arise when an individual or entity:
- Has the authority to appoint or remove directors;
- Controls the majority of votes at board meetings;
- Holds at least 25% of voting rights in members’ resolutions; or
- Exercises or is entitled to exercise significant influence or control over the company.
Who Has Access to a Company’s RORC?
Access to the RORC is strictly controlled to ensure confidentiality and regulatory compliance:
- Company Officers: Directors and company secretaries are responsible for maintaining the RORC and can access its contents.
- Regulatory Authorities: Information filed in the central RORC maintained by ACRA is not publicly accessible and is only made available to law enforcement agencies when necessary for the enforcement of laws, such as during investigations into offences like money laundering.
- Public Access: The general public, including shareholders and auditors, do not have access to the central RORC.
What Types of Companies Can Issue Shares in Singapore?
In Singapore, the ability to issue shares is typically reserved for the following types of companies:
- Private companies limited by shares
- Public companies limited by shares
- Unlimited companies
Each has its own shareholder structure and regulatory conditions.
What Are the Key Rules Around Share Issuance in Singapore?
Companies in Singapore must follow specific rules when issuing shares, including:
- Minimum share capital: S$1
- 100% foreign or local shareholding is permitted
- Shares can be issued in any currency
- Different share classes can be created with tailored rights
- Share issuance requires shareholder approval
- Shares are generally transferable, unless restricted by the constitution
What Is Considered Share Capital in Singapore?
Share capital refers to the funds invested by shareholders in exchange for ownership. It includes:
- Paid-up capital: Amount fully paid by shareholders
- Unpaid capital: Outstanding payment not yet collected, often seen in small companies
What Types of Shares Can Be Issued by Singaporean Companies?
Singapore companies can issue a variety of share types based on their needs:
- Ordinary shares
- Non-voting shares
- Preference shares
- Alphabet shares (e.g., Class A, B, C)
- Management shares
- Redeemable shares
- Deferred shares
Each type carries different voting, dividend, and liquidation rights.
Who Can Become a Shareholder in Singapore?
Shareholders can be:
- Individuals or corporate entities
- Locals or foreigners (100% foreign ownership is allowed)
To become a shareholder, one must purchase shares, which confers ownership rights but not obligations to company debt or asset ownership.
What Rights Do Shareholders Have in a Singapore Company?
Shareholders enjoy several rights, including:
- The right to vote on company matters
- The right to attend or call general meetings
- The right to dividends
- The right to fair treatment
- The right to company assets upon winding up
What Responsibilities Do Shareholders Have?
Shareholders are expected to:
- Pay for their shares as agreed
- Attend meetings and participate in major decisions
- Contribute to the company’s strategic direction and growth
How Can a Company Issue New Shares in Singapore?
To issue shares, a company must:
- Obtain shareholder approval via an ordinary resolution
- File a Return of Allotment with ACRA via BizFile+ within 14 days
The return must include details like:
- Number and class of shares issued
- Payment status (paid or unpaid)
- Shareholder information (name, address, or UEN for corporate shareholders)
All private limited companies are subject to mandatory annual audits, unless they meet at least two of the following three criteria:
- Annual revenue does not exceed S$10 million;
- Total assets at the end of the financial year do not exceed S$10 million;
- The company has no more than 50 employees.
For companies that are part of a corporate group, these thresholds are assessed at the group level. This means that even if a Singapore company is small on its own, it may still require an audit based on the consolidated financial size of the group.
How are auditors regulated in Singapore?
Auditors in Singapore (referred to as public accountants) are regulated by ACRA under the Accountants Act, through the Public Accountants Oversight Committee (PAOC). The PAOC ensures the integrity and independence of audit regulation and comprises members from the public sector, business community, and audit profession (with a majority being non-accountants).
ACRA ensures that public accountants maintain high standards by:
- Requiring registration with proper qualifications, audit experience, and membership with the Institute of Singapore Chartered Accountants (ISCA)
- Conducting regular Practice Monitoring Programme (PMP) inspections to assess compliance with Singapore Standards on Auditing (SSA)
- Evaluating quality controls of accounting firms under the Singapore Standards on Quality Management (SSQM 1 & 2)
How can we choose a qualified auditor for our Singapore company?
In Singapore, statutory auditors must be registered public accountants with ACRA. To support Audit Committees—especially in listed companies—ACRA has developed the Audit Quality Indicator (AQI) Disclosure Framework, which provides transparency on key indicators such as:
- Audit team experience and industry specialisation
- Time spent by senior team members on the audit
- Results of internal and external quality inspections
These indicators help companies evaluate audit quality and select the most appropriate audit firm for their needs. You may also verify a public accountant’s registration status via ACRA’s BizFile+ portal.
Can foreign accounting firms provide audit services in Singapore?
Only public accountants who are registered with ACRA are allowed to issue audit opinions and sign off on statutory financial statements in Singapore. Foreign auditors or firms must first register with ACRA and meet local requirements — including relevant qualifications, audit experience, and membership with the Institute of Singapore Chartered Accountants (ISCA) — before they can practise as public accountants here. Alternatively, foreign firms can either partner with a local audit firm or set up a Singapore-registered entity and complete the registration process with ACRA.
What ongoing obligations do appointed auditors have in Singapore?
Once registered, public accountants must comply with a set of professional obligations, including:
- Adhering to the Code of Professional Conduct and Ethics
- Keeping their technical knowledge current through Continuing Professional Education (CPE)
- Undergoing periodic audit inspections under ACRA’s Practice Monitoring Programme (PMP)
- Maintaining internal quality control systems that comply with SSQM 1 and 2
These regulations ensure that auditors uphold high standards of integrity, accuracy, and professionalism in the Singapore financial reporting ecosystem.