Standards & Governance
Assessment Methodology
Data Bureau (Singapore) publishes the structure, assumptions, and limitations of its assessment methodology in the interest of institutional transparency. Understanding how assessments are constructed allows applicants, counterparties, and regulators to evaluate the rigour behind every credential.
Section 1
How Assessments Are Structured
Every Data Bureau (Singapore) assessment is constructed across two layers. The first is a set of Foundational Requirements — binary pass/fail criteria that an entity must satisfy before any further assessment proceeds. These cover baseline conditions: active ACRA registration, no active winding-up proceedings, directors verified against disqualification records, no outstanding enforcement actions, and no listing on adverse trust registries. Failure on any single Foundational Requirement results in automatic disqualification, regardless of performance on any other criterion.
The second layer is the Structural Assessment — a multi-domain evaluation of the entity's standing across published assessment areas. For CBA-01, these domains are: Business Legitimacy, Reputation & Public Standing, Online Presence & Digital Footprint, Legal Standing & Regulatory Compliance, Financial Standing, and Operational Credibility. Each domain is evaluated using a combination of automated data checks (ACRA API, Scam.SG TrustScore engine), manual public record verification (MinLaw Insolvency Office, MAS Investor Alert List), and applicant-submitted documentation.
The weighting of domains and the specific evidence thresholds within each domain are not publicly disclosed. The published assessment areas (CBA-01-A) represent the necessary conditions for certification — they are not a sufficient specification of the complete assessment. Data Bureau (Singapore) reserves the right to apply proprietary sub-modules (CBA-01-B, CBA-01-C) and to decline certification where unpublished risk factors indicate material concern, even where all published criteria appear satisfied.
Section 2
Data Sources & Verification Methods
Data Bureau (Singapore)'s assessment draws from the following source categories. Each source is categorised by verification method and the type of information it provides.
| Source | Verification Method | Information Provided |
|---|---|---|
| ACRA Business Profile API | Automated | Entity registration status, UEN, registered address, business activities, directorship history, paid-up capital. Source of record for all entity identity verification. |
| Scam.SG Intelligence Platform | Automated | TrustScore ML Engine output, consumer complaint volume and category, adverse flag status. Proprietary database maintained by OnScam (SG) Pte. Ltd. |
| MinLaw Insolvency Office | Manual public lookup | Corporate winding-up and judicial management searches are conducted per entity. Individual bankruptcy searches are conducted per director. All checks are performed for every application. |
| MAS Investor Alert List | Manual cross-reference | Publicly accessible list of unregulated entities and individuals. Checked against all directors and the entity itself. |
| Digital Footprint Assessment | Manual | Domain registration verification, website consistency check, social media presence audit, impersonation signal detection. Assessor-conducted. |
| Applicant Documentation | Submitted by applicant via appointed agent | Director NRICs, management accounts, consent declarations. Subject to cross-verification against independent sources. |
| Consumer Complaints | Automated aggregate | Complaint volume, categories, and resolution status. Individual complaint text is not reviewed — aggregate signal only. |
Source Note
Data Bureau (Singapore) does not use social media monitoring, web scraping of non-public content, or any data sourced without the subject entity's knowledge except where the source is a public registry or government-operated database. This is a structural constraint of Data Bureau (Singapore)'s data governance framework, not merely a policy preference.
Section 3
Model Assumptions
Data Bureau (Singapore)'s assessment model operates on the following assumptions, which are published here in the interest of transparency:
Assumption 1 — Data currency
ACRA and MinLaw data is assumed current as of the date of the API query or manual lookup. Entities may have undergone material changes after the last filing date that are not yet reflected in official records. Data Bureau (Singapore)'s continuous monitoring is designed to detect such changes between assessment cycles, but does not guarantee real-time accuracy.
Assumption 2 — Complaint data
The Scam.SG TrustScore reflects complaints received through channels monitored by OnScam (SG) Pte. Ltd. Complaints filed through channels not monitored by Scam.SG are not captured. The absence of a complaint record does not constitute a positive finding of trustworthiness — it reflects the absence of adverse signals in monitored channels only.
Assumption 3 — Director integrity
Director integrity checks are conducted against publicly available disqualification records and the MAS Investor Alert List. Criminal records, civil judgments, and adverse findings in foreign jurisdictions are not systematically checked. Data Bureau (Singapore) does not have access to police databases or court records beyond publicly searchable information.
Assumption 4 — Financial standing
Financial standing is assessed through insolvency search results and, where provided, management accounts. Data Bureau (Singapore) does not conduct full financial audits. The financial assessment is a structured risk indicator, not an audit opinion.
Assumption 5 — Applicant honesty
Applicant-submitted documentation is assessed for internal consistency and cross-verified against independent sources. Data Bureau (Singapore) assumes that material misrepresentation — if present — will be detectable through cross-verification. Where material misrepresentation is subsequently discovered, the certificate is revocable with immediate effect.
Section 4
Known Limitations
No assessment system is without limitations. Data Bureau (Singapore) publishes the following known constraints of its current methodology. Publishing limitations is not a weakness — it is a condition of intellectual honesty that distinguishes a serious institution from a marketing exercise.
Limitation 1 — Point-in-time accuracy
A certificate reflects the entity's standing at the time of assessment, not at any future point. Continuous monitoring mitigates but does not eliminate the risk of status changes between assessment cycles. Data Bureau (Singapore)'s revocation capability allows real-time response to detected changes, but detection depends on the monitoring signals available.
Limitation 2 — Foreign jurisdiction gaps
For entities with significant operations, ownership, or directors in foreign jurisdictions, Data Bureau (Singapore)'s assessment coverage is limited to Singapore-accessible public records. Material risks arising from foreign regulatory actions or foreign court judgments may not be reflected in a Data Bureau (Singapore) assessment.
Limitation 3 — Complaint channel coverage
Data Bureau (Singapore)'s scam and complaint intelligence is sourced from Scam.SG's monitored channels. Complaints filed directly with government agencies (SPF, CASE, CCMC) and not shared with Scam.SG are not captured. Coverage will expand as data sharing agreements are established with additional agencies.
Limitation 4 — New entity risk
Entities incorporated within the preceding 12 months have limited historical data available for assessment. Reputation signals, complaint history, and operational track records are necessarily thin. Data Bureau (Singapore) applies heightened scrutiny to new entities and may require additional documentation or a conditional certificate with a shorter validity period.
Limitation 5 — Assessment scope
Data Bureau (Singapore) certifies the entity as an institution — not individual transactions, individual employees, or individual products. A certificate should not be interpreted as an endorsement of any specific product, service, or business conduct outside the assessed domains.
Section 5
Confidence Levels & Certification Outcomes
Data Bureau (Singapore)'s assessment produces one of four outcomes: Certified, Conditional, Not Certified, or Disqualified. These outcomes reflect the assessor's confidence that the entity meets the published standards, moderated by the quality and completeness of available evidence.
Certified
All Foundational Requirements satisfied. Structural Assessment completed across all domains with no material adverse findings. Evidence base is complete and internally consistent. Certificate issued with standard validity period and continuous monitoring active.
Conditional
All Foundational Requirements satisfied. Structural Assessment completed but one or more domains show a gap that does not rise to the level of disqualifying the entity, but that the assessor has determined requires remediation within a defined window. The certificate is issued with a conditional notation. The entity must address the identified gap within the specified period or the certificate will lapse.
Not Certified
One or more Foundational Requirements not satisfied, or the Structural Assessment reveals material adverse findings that preclude certification at this time. The entity may reapply after 90 days. The specific basis for the determination is communicated to the applicant through the appointed agent.
Disqualified
A Foundational Requirement is failed in a manner that reflects material misrepresentation, active fraud risk, or regulatory enforcement. The entity may not reapply for 12 months. Where misrepresentation is confirmed, the determination is a permanent record in the Data Bureau (Singapore) system.
When this methodology is updated, a Change Impact Announcement will be issued. View current announcements in Publications & Intelligence.
Version & Review
This methodology document applies to CBA-01 (Certificate of Business Authenticity) assessments conducted from March 2026. The methodology is reviewed annually and updated with each new standard release.
Version: 1.0 · Effective: March 2026 · Next scheduled review: March 2027