Presenting at ANZA's "The Informer Guide to Working in Singapore - Part 3"

On Tuesday 10 September I'll be presenting with ANZA on the "The Informer Guide to Working in Singapore". We will be providing you with the tools and knowledge you need to make sure you stay on top of the operational and compliance obligations of your new business. Please use this link to find out more and to book your ticket.

Data Protection Enforcement in Singapore

Since it began publishing its enforcement decisions in 2016, Singapore's Personal Data Protection Commission has made public 76 of its decisions: 22 in 2016, 19 in 2017, 29 in 2018 and a relatively sedate six so far in 2019 (but with undoubtedly more to come).

As one might expect for a subject which was largely unknown to us until the advent of the internet, the chief culprits among those who have come under the PDPC's scrutiny have been the providers of IT services (mainly those involved in website design and hosting). Other sectors which feature prominently in the decisions are intensive users of personal data: retailers, financial services, real estate (primarily real estate management) and, perhaps surprisingly, professional associations (inadvertently disclosing member details), as the chart shows below.

Spotlight on Health.png

Spotlight on Health Services

Health services do not figure highly in the number of enforcement actions, but dwarf all other sectors in terms of the magnitude of fines the sector has attracted. Following a well-publicised incident involving SingHealth last year, for example, the fines imposed by the PDPC exceeded all those imposed between 2016 and 2018 put together. We can expect the health services sector to come under further scrutiny when the PDPC's investigation of a data breach involving the disclosure of 800,000 blood donors held by Singapore’s Health Sciences Authority is concluded.

Recurring Themes

One of the recurring themes to emerge from the PDPC's decisions is the common misconception, amongst smaller businesses, in particular, that a privacy policy, on its own, is enough to comply with the obligation to develop and implement policies and practices with respect to the handling and processing of personal data. Many small businesses fall into the trap of thinking that if they develop a privacy policy they have complied with the law. They haven't. Bud Cosmetics were fined SGD 11,000 for that mistake, and we can expect the PDPC to increase the fines it imposes for this type of error, in order to, as Voltaire has put it: 'encourager les autres' ('encourage the others'). It is, sadly, inevitable that someone will be made a costly example.

Another theme likely to feature more prominently in future decisions is cross-border data transfer. Many businesses are understandably keen to develop online trading, and are only too happy to engage the services of a website hosting service outside of Singapore, but fail to consider the implications of doing so. Do the laws governing a website hosted outside of Singapore provide protection comparable to Singapore data protection law, for example? If not, that is, in itself, a breach of section 26 of Singapore's Personal Data Protection Act, as the hapless Bud Cosmetics recently found to its regret.

Patience has its limits

It is worth noting that the PDPC is still being relatively generous with the penalties it imposes, often issuing warnings and directing remedial steps, if they have not already been taken by the time its decision is issued. That will undoubtedly change over time, however. What remains to be seen is how much patience the PDPC is prepared to exercise as it waits for Singapore's business community to get its data protection house in order. An uneducated guess is that, more than six years after the Personal Data Protection Act came into force, that patience is now starting to wear a bit thin.

If you have any questions or concerns, please email us at info@cslb-asia.com.

Presenting at The Assembly Hall’s “Essential Guide to Starting a Small Business” workshop.

On Friday 13 September, I will be presenting at The Assembly Hall’s “Essential Guide to Starting a Small Business” workshop alongside Jacqueline Van Herk of Sugar and Spice Consultancy, Claire Bull of Think Virtual Marketing and Kate Donnan of Delilah Creative. We will be covering the below topics that will assist you with setting up your business.

  1. How to register and set up your business

  2. How to set up and take charge of your finances

  3. Creating a brand for your business

  4. Setting up your website 

To find out more and to get your tickets please use this link or please email us at info@cslb-asia.com.

ACRA’S ‘Naughty Corner’

Breaches of the Companies Act by directors of Singapore Companies are, regrettably, commonplace.   The Accounting and Corporate Regulatory Authority (ACRA)’s response to a breach will vary, depending upon its severity, the public interest and the harm done.  In this article we look at the most common type of breaches, but specifically the failure to hold an Annual General Meeting (AGM) or to lodge the Annual Return (AR).

ACRA’S ‘Naughty Corner’

ACRA maintains a list of sections of the Companies Act which are more frequently honoured in the breach than the observance:

  • 142(1) (failure of a company to have a registered office address);

  • 143(1) (failure to notify the Registrar of Companies of any change in the situation of the registered office address and office hours);

  • 144 (failure to publish a company’s name and registration number);

  • 145(1) (requirement to have at least one director ordinarily resident in Singapore);

  • 148(1), 154(1) and 155(1) (acting as director of a company whilst disqualified)

  • 173A(1) (failure to notify the Registrar of Companies of changes in the register of directors, managers, secretaries and auditors);

  • 175 (failure to hold an Annual General Meeting (AGM) within the stipulated timeframe;

  • 197 (failure to lodge the Annual Return (AR) of the company within the stipulated timeframe;

  • 401 (providing a false and misleading statement); and

  • 405 (carrying on business without registering a corporation and for improper use of words Limited and Berhad).

AGMS and ARS

Sections 175 and 197 deserve particular mention, because of the severity of the fines which can be imposed.  In August last year, for example, a director of several Singapore companies was convicted and fined SGD 16,800 after pleading guilty to 14 breaches of sections 175 and 197.

ACRA’s responses to breaches of the Companies Act range from imposing compulsory attendance at sessions aimed at educating the offender about their statutory duties, issuing a warning, offering a penalty or fee in lieu of prosecution (currently SGD 300 per breach with respect to sections 175 and 197), striking off a company, disqualifying or banning an offender from being a director, to prosecution.

In the example given above, the director’s conduct was sufficiently serious to merit prosecution, but the fine imposed was one that might be regarded as light in the circumstances, given that directors who fail to hold an AGM and/or file the AR can be fined up to SGD 5,000 per charge. Moreover, directors who are convicted of three or more filing related offences within a period of five years can be disqualified by ACRA and banned from being a director, or banned from taking part in the management, of a local or foreign incorporated company in Singapore, for five years.  Disqualification or a ban can have serious consequences, particularly for small companies, where continuation of the business is typically reliant on the active participation of one or only a few directors. 

Note that not all companies are required to hold an AGM.  Section 175A(1) of the Companies Act lists the criteria that need to be fulfilled in order to be exempted, but care needs to be exercised because the exemptions themselves can be disapplied in certain circumstances.  The best advice, if in doubt as to whether an exemption applies, is to check with your company secretary.

Liability For Past Failures 

A question we are often asked is whether an individual who accepts an appointment as a director can be liable for breaches of the Companies Act which took place before he or she became a director.  The short answer is yes: directors have a statutory duty to ensure that their company complies with the Companies Act, regardless of when in the past those breaches took place.

The easiest way to avoid inheriting compliance problems is to carry out some simple due diligence: check the company’s Bizfile profile before accepting an appointment.  If delays are evident, their rectification should be insisted upon before an appointment is taken up.  Compliance breaches are, in any event, often symptomatic of wider and deeper governance issues within a company, and should act as a warning sign to a prospective director that all may not be well at the company he or she is intending to join.

If you have any questions or concerns, please email us at info@cslb-asia.com.

Expansion plans for CSLB Asia in 2019

We are very excited to share with you our expansion plans for CSLB Asia in 2019.

Led by Katherine Chapman, we are expanding our service offering to Australia and Hong Kong.

Steven Dewhurst has now joined CSLB Asia full-time as a director. Steven was previously a partner with an international law firm and will now lead our legal and financial services consulting business in Asia and Australia, and expand the Corporate Advisory arm of our business.

We are expanding the level of support we provide to clients for bookkeeping and accounting services, led by Carol Liao, Finance Manager, based in Singapore.

We continue our ongoing support to the Singapore Community with Work Pass and Immigration assistance and we are keeping abreast of all MOM updates.

We would like to take this opportunity to wish you a happy Christmas and looking forward to an exciting 2019.

The Assembly Hall's 'Essential Guide to Starting a Small Business' course

I'm very excited to join The Assembly Hall’s community and be a part of the 'Essential Guide to Starting a Small Business' course. I'll be presenting on how to set up your business in Singapore on Tuesday 27th February from 7pm. For more details, including how to register as well as with finding out about the other presenters please follow the link.

If you would like more information, please email us at info@cslb-asia.com.

EntrePass – enhanced scheme

EntreBlog.jpg

How do the changes to the EntrePass scheme affect you?

Launched in 2003, the EntrePass was devised as a work visa for foreign entrepreneurs to establish their business here in Singapore. On 3 August 2017, changes were made to the scheme by the Ministry of Manpower (MoM), paving the way for entrepreneurs to establish innovative businesses Singapore. The enhanced scheme is a part of Singapore’s Smart Nation Initiative.

If you are an entrepreneur looking to apply or are already an EntrePass holder, here is what you need to know about the changes. Firstly, two of the three basic eligibility criteria have been reformed:

  • S$50,000 paid-up capital requirement scrapped (new). Applicants no longer need to seek capital before applying for an EntrePass. This is to recognise the importance of expertise and talent and allow entrepreneurs in the early stage of their business to still apply.

  • EntrePass renewal is now deferred until the end of the first year (new). The EntrePass holder will need to prove the progress of the business at the end of the first year before being granted an extension for another year. Thereafter, EntrePass renewals will be valid for 2 years to provide more certainty for global entrepreneurs in scaling up their business.

  • The company must be less than 6 months old on the date of application, if registered. If the company has not been registered, this can be done after EntrePass approval has been given.

Assessment criteria changes were introduced to allow global start-up talent to enter Singapore on government support during the exploration stage. Whether the applicant is an entrepreneur, innovator or investor, they must meet one of the following seven conditions:

Entrepreneur

  • Have funding from a Government-recognised VC or business angel

  • Hold intellectual property

  • Have a research collaboration with an IHL or research institute in Singapore

Innovator

  • Be an incubatee at a Government-recognised incubator/accelerator

  • Have business network and entrepreneurial track record (new)

  • Have extraordinary achievements in key areas of expertise (new)

Investor

  • Have investment track record (new)

New Partner agencies for application evaluation. In addition to SPRING Singapore, the enhanced EntrePass scheme will see the inclusion of two new partner agencies, Infocomm Media Development Authority and the National Research Foundation, supported by SGInnovate. These will work with the Ministry of Manpower to evaluate the applications in their respective sectors.

Changes to business spending and number of locals employed. In this area, entrepreneurs will see their business spending requirements reduced and favourable changes regarding the number of locals employed.

Table 1.png

Renewal. Entrepreneurs must abide by these changes in order to obtain EntrePass renewal, in addition to providing proof of business activities such as payment receipts, CPF contributions and shareholding information.

Changes to Dependant’s Pass (DP) have also been revised with EntrePass holders able to qualify for DPs for their spouses/children upon meeting Year 2 renewal criteria.

Table 2.png

If you have any general questions about the changes to the EntrePass or you would like to enquire about how we can help you with your work pass matters, then please do get in contact.

Changes to the Personal Data Protection Act

DP Image.jpg

The Personal Data Protection Commission (PDPC) in Singapore has announced changes to the Personal Data Protection Act (PDPA). These amendments will affect all organisations, including sole proprietors, in Singapore and so it is important to understand the implications.  

In accordance with the PDPA, it is now mandatory for all organisations to employ a dedicated Data Protection Officer (DPO). This is to help companies develop and implement policies and procedures and remain compliant with all personal data protection obligations.  

The PDPC has stated these key points: 

  • All organisations, including sole proprietorships, must designate at least one person to become a DPO to ensure the organisation complies with the PDPA. 

  • At least one (if you have more than one) of your DPO’s email or phone details must be available to the public and that person must be easily reached if contacted. 

  • Even though your DPO must be contactable, they do not need to be based in Singapore. 

  • The position does not need to be filled by an employee and can be outsourced to a third party. 

  • The DPO must have the appropriate expertise and knowledge to comply with the PDPA. 

  • You can register your DPO at www.pdpc.gov.sg/dpo-contact. It is not required under law to disclose the details but you are strongly encouraged to. 

Having your own DPO will help you to mitigate data violations in the growing digital age. The crucial role will involve: 

  • Ensuring compliance with PDPA when developing and implementing policies and processes for handling personal data; 

  • Fostering a data protection culture among employees and communicate personal data protection policies to stakeholders; 

  • Managing personal data protection related queries and complaints; 

  • Alerting management to any risks that might arise with regard to personal data; and 

  • Liaising with the PDPC on data protection matters, if necessary. 

Once you have selected your DPO, if they do not have the relevant skills required it is not a problem. The PDPC has developed a training and competency framework, which has been designed to equip them with all the skills and knowledge they require in order to comply with regulations now and in the future. It also provides the role with professional accreditation. 

An alternative to employing an in-house DPO is to engage CSLB Asia to do the job for you. We have already completed the specialised training and can effectively fulfil your DPO role immediately. This will allow you to hit the ground running, saving you time and disruption, as we professionally handle all the data requirements for you. We are happy to work with you to register as your DPO so you can get compliant immediately! 

In our role as your DPO we will ensure that you: 

  • Remain compliant with PDPA requirements, even as they are updated. 

  • Be able to focus on your core business while adhering to all PDPA obligations. 

  • Leverage CSLB Asia’s readily available knowledge base and capabilities in Data Protection. It is important to comply with the new regulations. Your company collects sensitive data about your customers, employees and members on a daily basis. Failure to protect this data can lead to a fine of up to $1 million per breach under the Act so it makes sense to take action as soon as possible.  

If you have any general questions about the new regulations or you would like to enquire about our DPO services, then please do get in contact with us.

What you need to know about the new regulatory requirements regarding registrable controllers and register of nominee directors

As of 31 March 2017, the Accounting and Corporate Regulatory Authority (ACRA) announced changes to the Companies Act and Limited Liability Partnerships (LLP’s) Act. These changes were introduced to reduce compliance costs; make ownership and control of business entities more transparent; and increase efforts to position Singapore as a trusted and clean international business hub.

The most significant change introduced affects all Singapore companies and LLP’s, including foreign companies registered to do business here in Singapore. From now, all companies are required to keep a register of beneficial owners, significant controllers and nominee directors.

These new requirements apply to the following entities:

  • All companies and Limited Liability Partnerships (LLP’s) incorporated / registered in Singapore. These will be obliged to maintain registers of controllers and of nominee directors.
  • Foreign companies registered in Singapore. However, these will only need to maintain a register of controllers.

However, some entities are exempted and these include:

  • Singapore-incorporated companies listed on an approved exchange.
  • Singapore financial institutions, and their wholly owned subsidiaries.
  • Companies (Singapore as well as foreign) listed on a foreign securities exchange with regulatory disclosure requirements and adequate transparency obligations regarding beneficial owners. However, the wholly owned subsidiaries of these companies are not exempt.

So what is a register of registrable controllers?

It is a record of all individuals or corporate bodies within a company that have a significant interest in, or significant control over, it:

  • A person with “significant control” - has the right to appoint or remove a majority or directors or has the permission to use significant influence or control over specified matters.
  • A person with “significant interest” - has an interest more than 25% of the shares held and/or 25% of voting rights in the company.

If you are unsure about the rules determining whether a particular person appears on a company’s register of registrable controllers then please do contact us or visit the ACRA website.

It is also important to know that a company’s obligation extends beyond just the register itself but how the company acquires the information:

  • A company is required to take reasonable steps to find out and identify their registrable controllers. It must send out a notice to each member and each director of the company at least once annually, whether electronically or in hard copy format. Addressees have 30 days to reply to the notice and companies have two days to update their register with the information received.
  • A company must keep the particulars in the register accurate and up-to-date and must send out such a notice once it is alerted to a possible change.
  • If the company does not receive a response to an enquiry, the company may state in the register that the particulars of the relevant registrable controller have not been confirmed. The company is not required to ensure that a response is received. 

What is a register of nominee directors?

All Singapore-incorporated companies are also required to keep a register of nominee directors from 31 March 2017. Unlike the register of registrable controllers, a company is not required to ascertain whether it has any nominee directors. It is the obligation of the nominee director to notify the company of his status and particulars of his nominator.

A nominee director is a person who is accustomed or under an obligation, whether formal or informal, to act in accordance with the directions, instructions or wishes of any other person, e.g. a contract, trusts or informal arrangement. 

Additional Information

You must also be aware that ACRA has made it mandatory for the registers to be available at any time for inspection by themselves and law enforcement authorities. However, the registers are not for public review.

The new registers must also be located at either a company’s registered office in Singapore or at some other location in Singapore. ACRA must be informed where the register is kept. There is currently no exemption from this requirement.

As always, it is important that companies comply with these new regulations, Failure to do so constitutes a criminal offence and the offender can be liable to a fine of up to S$5,000.

Please contact us via email at info@cslb-asia.com if you want to find out how these changes affect your company. Alternatively, additional guidelines and information is available at www.acra.gov.sg/CA_2017

The Start-Up Workshop with Business Women Network

On 22 February, I will be speaking at an information morning held by Business Women Network to discuss options for Dependant Pass holders who would like to work in Singapore.

For more details and to register please visit: 
http://www.businesswomennetworksg.com/start-up-workshop.html

Singapore Employment Pass New Salary Criteria

CSLB-Asia-business-man-image

As a part of MOM’s continuous review of the manpower needs to support the Singapore economy, MOM have issued a press release updating the employment pass (EP) salary criteria for foreigner’s applying for an employment pass to work in Singapore from 1 January 2017.

From 1 January 2017, the qualifying salary for new EP applications will be raised from $3,300 to $3,600.  All new EP applications will be assessed on the new qualifying salary subject to meeting other criteria based on academic qualifications and work experience. The current practice of assessing new EP applications for applicants with many years of work experience and the requirement to command higher salaries will continue.

Employers will have sufficient time to adjust to the new salary threshold for their existing EP holder employees as follows:

a. EP’s expiring before 1 January 2017: Renewal: for a duration of up to three years, based on existing EP criteria ($3,300 threshold).

b. EP’s expiring between 1 January 2017 and 30 June 2017 (both dates inclusive): Renewal:  Will be able to renew, for a duration of one year, based on the existing EP criteria ($3,300 threshold).

c. 1 July 2017 onwards: Renewal: Will have to meet the new criteria ($3,600) for renewal, for a duration of up to three years.

If you have queries regarding the changes to the qualifying salaries for new EP applications and your current EP holder employees, please contact us at CSLB Asia via email at info@cslb-asia.com.