28th January 2020

Anti-Money Laundering in Malaysia

How to Comply With Anti-Money Laundering in Malaysia?

Malaysia is a regional and global political power with the third-largest economy in Southeast Asia, following Indonesia and Thailand. Attracting business interests from across the world, and with high investment in the technology and digital sectors, Malaysian fintech has grown in prominence in recent years. As a result, financial regulators have had to adapt in order to safeguard their financial systems against emerging AML/CFT threats

Accordingly, companies should ensure they understand how to comply with AML in Malaysia and what their priority AML/CFT considerations should be.

1. Financial Authorities

The Malaysian financial system is overseen by Bank Negara Malaysia (BNM), which acts as the country’s regulator and central bank. The bank was established by the Central Bank of Malaysia Act 2009 and operates under the authority of Malaysia’s main articles of banking legislation: the Financial Services Act 2013 and the Islamic Financial Services Act 2013, which covers the Islamic banking sector. BNM sets AML/CFT policy in Malaysia, adopting a risk-based supervisory approach and issuing periodic guidance to Malaysian financial institutions in line with the recommendations of the Asia/Pacific Group on Money Laundering (APG)

BNM is joined in its supervision of the Malaysian financial system by the Securities Commission (SC), which acts as the regulatory authority for the capital market, and the Labuan Financial Services Authority (Labuan FSA), which specifically regulates the Labuan International Business Financial Centre, the special economic zone on the island of Labuan.

2. Malaysia AML Legislation

The Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA) is the primary piece of AML/CFT legislation in Malaysia. The Act defines the offenses of money laundering and the financing of terrorism and sets out the measures that financial institutions must take to detect and prevent those criminal activities. It also details the investigatory powers that authorities have in the prosecution of money laundering and terrorism financing cases.

The Labuan Financial Services Authority issues its own guidelines, directives, and circulars to financial institutions within the special economic zone. 

Fintechs: There is no specific AML/CFT legislation applicable to fintechs in Malaysia. All fintech businesses operate under the country’s existing legislative infrastructure. Provisions have, however, been made to extend some AML/CFT regulation to fintechs:

  • BNM launched the Financial Technology Regulatory Sandbox Framework in 2016. The framework aims to eventually deliver a regulatory environment that works with the needs of Malaysia’s fintechs. 
  • The framework adapts existing AML/CFT regulations to the environments in which fintechs operate, aiming to protect their innovative objectives.

3. Data Privacy and the Cloud

The primary piece of data protection legislation in Malaysia is the Personal Data Protection Act 2010 (PDPA), which specifically concerns the treatment of personal data in commercial contexts. The PDPA requires commercial data users, such as banking and financial institutions, to register as data users and comply with the relevant regulations.  

The PDPA is limited to Malaysia, which means that personal data processed outside the country is not subject to its rules. Similarly, the PDPA has no specific provisions for the treatment of personal data online. 

4. Transaction Monitoring

The AMLA imposes certain monitoring obligations on banks and financial institutions in Malaysia that must be integrated into internal AML/CFT programs. Those monitoring programs should reflect the level of risk the institution faces and must monitor continuously to address new and emerging risks. In practice, financial institutions must monitor for:

  • Transactions in unusually large amounts or in unusual patterns;
  • Transactions that have no clear purpose;
  • Transactions that appear illegal or involve proceeds from illegal activities; and
  • Transactions originating or being directed to countries with high levels of AML/CFT risk.

Where suspicious activity is detected, financial institutions must promptly submit a suspicious activity report (SAR) to BNM. 

5. Payment Sanctions Screening

6. AML Onboarding and Monitoring

AMLA requires banks and financial institutions to conduct ongoing customer due diligence (CDD) checks on all customer accounts, relationships, transactions and activities. CDD checks should establish and verify a customer’s identity during onboarding and then throughout the ongoing relationship to ensure that the customer’s risk profile has not changed. 

AMLA’s risk-based approach also mandates CDD checks on customers’ PEP status and on any adverse media stories against them.

7. Upcoming Regulatory Changes

The complexity of Malaysia’s AML/CFT regulations means that banks and financial institutions must expend significant administrative effort to achieve compliance and avoid potential errors and penalties. 

To overcome that challenge, ComplyAdvantage employs a range of cutting-edge screening tools: our automated AML/CFT solutions deliver speed and efficiency to your AML program, complementing the expertise of employees with smart technology and passing the benefits onto customers and clients. 

AML Compliance Solutions

Learn More

Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.

Copyright © 2021 IVXS UK Limited (trading as ComplyAdvantage).