How to Comply With AMLA Malaysia
Malaysia is a regional and global political power with the third-largest economy in Southeast Asia, following Indonesia and Thailand. Attracting business interests from across the world, and with high investment in the technology and digital sectors, Malaysian fintech has grown in prominence in recent years. As a result, financial regulators have had to adapt in order to safeguard their financial systems against emerging AML/CFT threats, and comply with AMLA Malaysia.
Accordingly, companies should ensure they understand how to comply and what their priority AML/CFT considerations should be in order to prevent money laundering in Malaysia. Below we have outlined 7 of the key considerations.
1. Malaysian financial authorities
The Malaysian financial system is overseen by Bank Negara Malaysia (BNM), which acts as the country’s regulator and central bank. The bank was established by the Central Bank of Malaysia Act 2009 and operates under the authority of Malaysia’s main articles of banking legislation: the Financial Services Act 2013 and the Islamic Financial Services Act 2013, which covers the Islamic banking sector. BNM sets AML/CFT policy in Malaysia, adopting a risk-based supervisory approach and issuing periodic guidance to Malaysian financial institutions in line with the recommendations of the Asia/Pacific Group on Money Laundering (APG).
BNM is joined in its supervision of the Malaysian financial system by the Securities Commission (SC), which acts as the regulatory authority for the capital market, and the Labuan Financial Services Authority (Labuan FSA), which specifically regulates the Labuan International Business Financial Centre, the special economic zone on the island of Labuan.
2. AMLA legislation in Malaysia
The Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA) is the primary piece of AML/CFT legislation in Malaysia. The Act defines the offenses of money laundering and the financing of terrorism and sets out the measures that financial institutions must take to detect and prevent those criminal activities. It also details the investigatory powers that authorities have in the prosecution of money laundering and terrorism financing cases.
The Labuan Financial Services Authority issues its own guidelines, directives, and circulars to financial institutions within the special economic zone.
Fintechs: There is no specific AML/CFT legislation applicable to fintechs in Malaysia. All fintech businesses operate under the country’s existing legislative infrastructure. Provisions have, however, been made to extend some AML/CFT regulation to fintechs:
- BNM launched the Financial Technology Regulatory Sandbox Framework in 2016. The framework aims to eventually deliver a regulatory environment that works with the needs of Malaysia’s fintechs.
- The framework adapts existing AMLA Malaysia regulations to the environments in which fintechs operate, aiming to protect their innovative objectives.
3. Data privacy and the cloud
The primary piece of data protection legislation that relates to money laundering in Malaysia is the Personal Data Protection Act 2010 (PDPA), which specifically concerns the treatment of personal data in commercial contexts. The PDPA requires commercial data users, such as banking and financial institutions, to register as data users and comply with the relevant regulations.
The PDPA is limited to Malaysia, which means that personal data processed outside the country is not subject to its rules. Similarly, the PDPA has no specific provisions for the treatment of personal data online.
4. Transaction monitoring and AML in Malaysia
The AMLA Malaysia imposes certain monitoring obligations on banks and financial institutions in Malaysia that must be integrated into internal AML/CFT programs. Those monitoring programs should reflect the level of risk the institution faces and must monitor continuously to address new and emerging risks. In practice, financial institutions must monitor for:
- Transactions in unusually large amounts or in unusual patterns;
- Transactions that have no clear purpose;
- Transactions that appear illegal or involve proceeds from illegal activities; and
- Transactions originating or being directed to countries with high levels of AML/CFT risk.
Where suspicious activity is detected, financial institutions must promptly submit a suspicious activity report (SAR) to BNM.
5. Payment sanctions screening
Under the AMLA Malaysia, sanctions screening is an important priority for banks and financial institutions, which must report any sanctions alerts to BNM. Institutions must not only screen new customers against sanctions lists but conduct regular checks on existing customers to ensure risk profiles have not changed. Sanctions imposed in Malaysia are based on United Nations Security Council resolutions and can be found in the Ministry of Home Affairs’ List of Sanctioned Entities and List of Sanctioned Individuals.
6. AML onboarding and monitoring
AMLA Malaysia requires banks and financial institutions to conduct ongoing customer due diligence (CDD) checks on all customer accounts, relationships, transactions and activities. CDD checks should establish and verify a customer’s identity during onboarding and then throughout the ongoing relationship to ensure that the customer’s risk profile has not changed.
AMLA’s risk-based approach also mandates CDD checks on customers’ PEP status and on any adverse media stories against them.
7. Upcoming AML regulatory changes in Malaysia
Malaysia’s Financial Technology Regulatory Sandbox Framework is intended to help integrate fintechs with Malaysia’s wider AML/CFT regime over the coming years. Beyond the framework, an upcoming change to the Anti-Money Laundering and Counter Financing of Terrorism rules will see the introduction of minimum standards for money-changing services during the onboarding of new customers online or via mobile devices.
How ComplyAdvantage can help
The complexity of money laundering in Malaysia regulations means that banks and financial institutions must expend significant administrative effort to achieve compliance and avoid potential errors and penalties.
To overcome that challenge, ComplyAdvantage employs a range of cutting-edge screening tools: our automated AML/CFT solutions deliver speed and efficiency to your AML program, complementing the expertise of employees with smart technology and passing the benefits onto customers and clients.
Originally published 28 January 2020, updated 29 July 2024
Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.
Copyright © 2024 IVXS UK Limited (trading as ComplyAdvantage).