ACRA Warns CSPs: Director Impersonation Fraud Rising; Reg. 28 Mandates Live Video Verification

by | May 6, 2026 | Accounting, Company Law, Income Tax, Tech News

The Accounting and Corporate Regulatory Authority (ACRA) of Singapore has alerted registered corporate service providers (CSPs) to a rising scheme where scammers use forged or doctored identification documents to appoint unwitting individuals as directors of newly incorporated companies.

These shell entities risk being used for money laundering or unauthorised borrowing. The advisory reinforces strict customer due diligence (CDD) obligations under the Corporate Service Providers Regulations 2025, particularly for non-face-to-face engagements.

Analysis of Impacts

  • Financial reporting integrity: Fraudulent director appointments can undermine the credibility of a company’s incorporation documents, statutory registers, and financial statements. Auditors may need to reassess the validity of management representations and the legal standing of transactions signed by illegitimate directors.

  • AML/CFT compliance risk: CSPs acting as gatekeepers face direct regulatory liability under Regulations 20–22. Failure to detect altered IDs or verify beneficial ownership increases exposure to money laundering and proliferation financing risks, triggering potential reporting obligations under the Suspicious Transaction Reporting (STR) framework.

  • Tax and loan implications: Unauthorised loans taken by scam-operated entities could create unenforceable debt or incorrect tax deductions for interest. Affected individuals falsely listed as directors may face personal liability for corporate debts or tax penalties if not promptly rectified.

  • Audit evidence for CSPs: External auditors reviewing a CSP’s compliance framework will scrutinise live video call records (Regulation 28) and CDD documentation. Gaps may lead to qualified opinions on internal controls over anti-money laundering processes.

Practical Issues

  • Remote transaction challenges: Regulation 28 mandates a live video call with at least one proposed director (non-nominee) or a member holding ≥50% voting rights for company incorporations or shelf company transfers. Practical difficulties include:

    • Scheduling calls across time zones for wholly remote clients.

    • Verifying that the video participant is the same person as the ID holder without real-time biometric tools.

    • Recording and storing video calls in a tamper-evident manner meeting retention rules under Regulation 30.

  • Red flag identification: CSPs must train staff to detect altered IDs, inconsistent customer behaviour, reluctance to show original documents, or proposed directors with no apparent link to the business. Judgment areas include distinguishing genuine remote business models from fraudulent patterns.

  • Beneficial ownership hurdles: Regulation 21 requires reasonable measures to verify beneficial owners – but in layered or foreign-owned structures, obtaining reliable independent sources (e.g., foreign registries or notarised records) can be delayed or impractical.

  • System and process upgrades: Many CSPs lack integrated workflow tools to flag non-face-to-face transactions automatically, schedule compliant video calls, and log audit trails. Upgrading IT systems before the next regulatory review may pose cost and resource constraints.

Action Points for CSPs

To mitigate regulatory and reputational risk, CSPs should take the following steps immediately:

  1. Review internal policies – Ensure CDD procedures explicitly address altered IDs, remote transaction risks, and the live video call mandate under Regulation 28.
  2. Enhance staff training – Focus on recognising forged documents, handling reluctant customers, and documenting video call verification steps.
  3. Implement record-keeping controls – Maintain secure, time-stamped logs of all live video calls and CDD records as required under Regulation 30.
  4. Update engagement letters – Clearly advise clients that remote director appointments are subject to video verification; refusal may result in termination of services.
  5. Monitor regulatory guidance – Refer to ACRA’s Guidelines for Registered Corporate Service Providers for detailed compliance examples (available at the provided URL).

Failure to perform robust CDD – especially in non-face-to-face incorporations – exposes CSPs to enforcement action, reputational damage, and potential liability for facilitating financial crime.