What is Malaysia’s new AML/CFT Framework?
In 2019, Malaysia’s central bank and financial regulator, Bank Negara Malaysia (BNM), revised its existing AML/CFT framework by introducing two policy documents applicable to two broad categories of financial entities. The first document is for financial institutions (FIs) such as banks, payments providers, insurers and money services businesses. The second document is for non-bank financial intermediaries (NBFI) and designated non-financial businesses and professions (DNFBP), a group which includes legal firms, real estate agencies, accountants, trusts and casinos.
The AML/CFT measures mandated by the policy documents came into effect on January 1, 2020. The documents specifically affect the way both FIs and NBFI/DNFBPs in Malaysia implement their risk-based AML/CFT programs and appoint personnel to oversee them.
With the new regime in effect, all obligated firms in Malaysia should ensure their AML/CFT programs are compliant…
The FI policy document consolidates four separate and previously sector-specific AML/CFT documents (along with relevant supplementary guidance). The consolidated document covers all FIs, which means banking and deposit-taking businesses, insurance and takaful (sharia) businesses, money services businesses and non-bank issuers of payment instruments.
Broadly, the policy document imposes new AML/CFT responsibilities, requiring FIs to review their existing customer due diligence (CDD) and screening measures. This includes:
Board Oversight: Boards of FIs must now oversee and approve their firm’s AML/CFT policies directly. Boards must also oversee their firm’s review mechanisms and the use of non-face-to-face onboarding methods.
Senior Management: FI senior management must now take responsibility for the implementation and the management of AML/CFT programs. This responsibility extends to training and appointing fit-and-proper compliance officers and ensuring those officers have suitable communication channels.
Customer Due Diligence: FI AML/CFT compliance officers must make sure their firm’s CDD policies are applied effectively. The document requires FIs to carry out CDD when handling transactions of over RM25,000, changing money, handling wire-transfers or e-services, or establishing new business relations. In more detail, those CDD requirements involve:
- Establishing the identity of customers or beneficial owners.
- Establishing the nature or purpose of the business relationship.
- Understanding a customer’s business control structure.
- Implementing enhanced due diligence measures (EDD) for higher risk customers or activities.
Employees appointed to oversee AML/CFT must be made aware that they could be held personally responsible for any compliance failures.
The second policy document, imposes the same AML/CFT compliance responsibilities (as applicable to FIs) on the boards, senior management and compliance officers of NBFI/DNFBP firms. In more detail, the NBFI/DNFBP document applies to:
- Trust companies and company secretaries
- Lawyers and notaries
- Real estate agents and public engaged for buying or selling property
- Casinos and gaming establishments
- Client asset management
- Organization of company contributions
- Purchase and sale of business entities
- Creation or management of legal entities or arrangements
Both the FI and the NBFI/DNFBP documents have been in effect since January 1, 2020. If firms have customers that are registered persons, state-owned corporations or government-linked companies, a 12-month grace period is in effect from that date to allow them time to implement the required CDD measures.
As a member of the Asia Pacific Group on Money Laundering (APG) and an FATF observer nation, Malaysia is committed to maintaining international AML/CFT standards. Accordingly, anti-money laundering in Malaysia is primarily regulated by the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA): under AMLA, failure to comply with the revised AML/CFT framework could result in a fine of up to RM1 million or up to three years in prison, or both depending on the severity of the offense.