AML Compliance Guidelines: Malaysia

Malaysia is an upper-middle-income country with an emerging and growing economy in Southeast Asia. The country is located along the Strait of Malacca and is home to beautiful beaches, rainforests, and modern infrastructure. Located on one of the busiest trade routes, Malaysia is a regional center for trade and finance.

The country’s mature banking system with its thriving trade and investment sectors, makes it a favorable choice for both domestic and international businesses. This economic advantage that fuels the cross-border movement of goods and funds, however, also brings underlying challenges, especially in the form of money laundering and terrorist financing (ML/TF).

These illicit activities not only facilitate other crimes and undermine economic progress in Malaysia but also pose significant threats to regional security and economic stability.

Malaysia has established a strong Anti-Money Laundering (AML) regulatory framework designed to protect its financial ecosystem from these ML/TF risks. This framework also highlights Malaysia’s effort to align the country with international standards set by bodies such as the Financial Action Task Force (FATF).

What is Money Laundering?

Malaysia Anti-Money Laundering Act defines money laundering as any activity that involves hiding, using, or transferring property generated from illegal activities, or moving such property into or outside of Malaysia. Money laundering offenses also include engaging or facilitating structuring to avoid reporting obligations in certain threshold transactions.

What is AML?

AML or anti-money laundering is understood as all efforts, including laws, regulations, and controls to prevent, detect, and penalize money laundering activity.

Legal Framework for AML

Malaysia’s AML regulatory framework is set by the two primary statutes: the Anti-Money Laundering, Anti-Terrorism Financing, and Proceeds of Unlawful Activities Act 2001 (AMLA) and the Central Bank of Malaysia Act 2009. These two laws form the legal basis for combating financial crimes and securing the reputation of the country’s financial system.

The Anti-Money Laundering, Anti-Terrorism Financing, and Proceeds of Unlawful Activities Act 2001 (AMLA)

The AMLA is the primary legislation governing Malaysia’s AML and Counter-Terrorist Financing (CFT) efforts. Enacted in 2001 and later amended multiple times to address emerging risks, the AMLA provides an extensive legal framework for identifying, preventing, and prosecuting money laundering and terrorism financing activities. Key provisions of the AMLA include reporting obligations, customer due diligence (CDD) measures, asset seizure and freezing obligations, and penalties for non-compliance.

AMLA Malaysia Penalty for Non-Compliance

Any non-compliance with reporting obligations or other provisions of AMLA may result in fines as high as RM3 million, imprisonment for up to five years, or both. This underscores the importance of regular AML checks and staying compliant.

The Central Bank of Malaysia Act 2009

The Central Bank of Malaysia Act 2009 supports the AMLA by authorizing Bank Negara Malaysia (BNM), the central bank of the country, to oversee and enforce AML and CFT regulations within the financial sector. BNM has a central role in making sure that financial institutions adhere to their obligations under AML compliance.

Supervisory Authorities

In addition to the legislative framework, several governing bodies play critical roles in Malaysia’s AML ecosystem:

Bank Negara Malaysia (BNM)

As the primary regulator, BNM oversees the implementation of AML/CFT measures across the financial sector. Its responsibilities include issuing regulations, conducting inspections, and coordinating with other agencies to combat financial crime.

Financial Intelligence and Enforcement Department (FIED)

As a Financial Intelligence Unit (FIU) of Malaysia, operating under the BNM, the FIED serves as the central agency for receiving, analyzing, and disseminating information related to suspicious transactions. It acts as a link between reporting institutions and law enforcement agencies, assisting in timely investigation.

Labuan Financial Services Authority (LFSA)

The Labuan FSA is the central authority to regulate and supervise the institutions operating in the Labuan International Business and Financial Centre (IBFC). It issues circulars, guidelines, and directives to entities operating in the IBFC in order to assist them in ensuring compliance with their AML/CFT policy in Malaysia. The LFSA is also empowered to issue fines and penalties to the reporting institutions that fail to comply with LFSA guidelines, circulars, and provisions of AMLA.

Securities Commission Malaysia (SC)

Securities Commission of Malaysia ensures capital market intermediaries including virtual assets service providers (VASPs), adhere to the obligations mandated under the AML/CFT legislation in Malaysia. The SC is empowered to take civil, criminal or administrative actions to enforce compliance with applicable regulations.

Royal Malaysian Police (RMP)

The RMP plays a crucial role in investigating and prosecuting money laundering and terrorism financing crimes. Its specialized units, such as the Commercial Crime Investigation Department (CCID), work closely with BNM and other agencies to dismantle criminal networks.

Malaysian Anti-Corruption Commission (MACC)

Established under the Malaysian Anti-Corruption Commission Act 2009, MACC is the single point authority for the fight against corruption. Its core functions include receiving and investigating reports of suspected corruption cases to prevent any form of corruption or abuse of power in Malaysia. When taking up corruption cases it also pursues and investigates its money laundering aspects.

Attorney General’s Chambers (AGC)

The AGC provides legal expertise and prosecutorial support in AML/CFT cases. It ensures that investigations lead to successful prosecutions, thereby deterring future offenses.

Together, these laws, supervisory authorities, and governing bodies form a resilient and complex framework. Malaysia has created a system capable of addressing evolving financial crimes by combining strong legislation with effective supervision and enforcement. In the next section, we’ll explore who the reporting institutions are and what are the compliance obligations imposed under AML rules.

Who is subject to AML Laws?

The businesses and professions subject to AML Laws are referred to as “reporting institutions”. Following is a list of reporting institutions mentioned in the first schedule of the AMLA:

• Banks And Deposit-Taking Institutions
• Moneylenders
• Pawnbrokers
• Dealers In Precious Metals And Stones
• Real Estate Agents
• Casinos & Gaming Outlets
• Lawyers, Accountants & Trust And Company Service Providers
• Money Service Businesses
• Capital Markets Intermediaries
• Insurance And Takaful Operators
• Financial Intermediaries
• Leasing & Factoring Companies
• Trade Finance Companies
• Non-Bank Financial Institutions

Key Compliance Obligations

Under Malaysia’s AML framework, reporting institutions carry significant responsibilities to prevent, detect, and report money laundering and terrorism financing. These obligations are thoroughly outlined in the AMLA and reinforced by guidelines issued by the BNM. Below, we enlist key requirements and implications for reporting institutions.

Customer Due Diligence (CDD)

The CDD is one of the most crucial parts of KYC and AML compliance in Malaysia. It involves assessing the risk profiles of customers and verifying their identities. The customer due diligence process mandated by AMLA includes the following steps:

Identification & Verification:

• Assess who the person is, whether they are acting on behalf of someone else, where they are domiciled, and what their occupation or intended nature of business is for all occasional and regular customers.
• Verify through independent sources and documents whether the person is who they claim to be, if they are authorized to act on behalf of another, and confirm their address, occupation, or nature of business.
• If the customer is a corporate client, assess its nature of business, ownership and control structure, as well as identify and verify beneficial owners and directors of the company.

A reporting institution must perform CDD in these cases:

• Establishing or conducting a business relationship or transaction (for both occasional and usual customers)
• Transactions exceed the specified threshold
• There is suspicion of money laundering or terrorism financing
• Doubts about previously obtained customer identification data

Ongoing Monitoring AML:

Reporting institutions must conduct ongoing due diligence on customer relationships by:

• Monitoring transactions to ensure they align with the customer’s risk profile, business, and source of funds.
• Keeping customer information up-to-date.
• Examining purpose and economic background of business relationships or transactions that appear unusually large, complex, or lack apparent economic or legal purpose.
• The frequency and intensity of reviews should match the risks posed by the customer.

Enhanced Due Diligence (EDD):

Reporting institutions are required to apply additional measures for risk management to customers profiled as high risk from an ML/TF/PF perspective. This includes customers who are foreign PEP or who operate from a high-risk jurisdiction as determined by the FATF. Enhanced Due Diligence measures may include:

• Establishing the customer’s source of funds or source of wealth (both if PEP)
• Finding out additional information on the customer
• Obtaining senior management approval to engage further with the client
• Increasing the frequency and intensity of the ongoing monitoring

BNM policy document on AML/CFT recommends monitoring media or other reliable sources that suggest a customer may be linked to criminal activity that could generate proceeds of crime, hence indicating suspicion or a red flag for ML risks.

Securities Commission Malaysia guidelines on red flag indicators highlight the importance of adverse media screening in identifying red flags. Specifically, it states that a customer who has adverse media reports that he/she is linked, directly or indirectly, to a known terrorist organization or is engaged in terrorist activities is a red flag indicator.

Suspicious Transaction Reporting (STR)

STRs are the core objective of an AML/CFT program. Institutions should have internal procedures to identify and report suspicious activities. Employees should be trained to detect red flags which indicate suspicious behavior as provided in various AML guidelines in Malaysia.

Record Keeping

Financial institutions and DNFBPs are required to maintain detailed records of customer transactions, identification documents, and AML policy documents. Records must be retained for a minimum of six years after terminating the business relationship, as obligated by the Anti-Money Laundering Act Malaysia.

Ongoing Training

Reporting institutions are required to provide ongoing training to employees on AML/CFT regulations and best practices, to ensure staff is adequately equipped and aware to carry out responsibilities.

Malaysia Sanctions Compliance

Targeted Financial Sanctions (TFS)

Targeted financial sanctions (TFS) are measures to freeze assets or restrict funds from being made available to specific or designated individuals or entities, either directly or indirectly. The objective of TFS measures is to prevent funds and other assets from being raised, moved or used for spreading weapons of mass destruction or terrorist activities.

Applicable Sanctions

All individuals and entities in Malaysia, including reporting institutions, are obliged to adhere to the sanctions imposed by the United Nation Security Council Resolutions (UNSCR) as well as the domestic list by the Minister of Home Affairs (MOHA).

Sanctions Screening

Reporting institutions are required to maintain and update a database consisting of UN Sanctions lists and domestic sanction lists in Malaysia. RIs are obliged to screen their customers, beneficial owners, beneficiaries, and related persons against the applicable sanctions lists. The screening process should be conducted as part of a CDD process and on an ongoing basis whenever there’s any update or change in the sanctions list.

Positive Matches

If a positive match against the applicable sanctions lists is found, reporting institutions are required to:

• Reject transaction for new or potential customer
• Freeze any funds or assets of existing customers
• Report the relevant supervisory authority of the match
• File an STR with the Malaysian FIU (FIED, Bank Negara Malaysia)

Recent Developments:

Malaysia has introduced several changes to its AML regulatory framework to fight the evolving financial crimes. Trade-based money laundering (TBML) is a growing concern worldwide. That’s why the need for AML checks in trade finance is more important than ever before. Some of these developments are discussed below.

Legislative Amendments:

The most recent developments in Malaysia’s AML CFT policy were introduced by the amendments to the AMLA. New legislative amendments expanded AML obligations to DNFBPs such as real estate and dealers in precious metals and stones. Recognizing the growing role of cryptocurrencies in financial transactions, VASPs now require registration and authorization before commencing their operations including obligations to conduct due diligence and suspicious transaction reporting. The amendments also introduced harsher penalties for non-compliance and expanded the liability to include individual accountability. This means penalties now can be imposed on directors, officers, and employees responsible for non-compliance of the reporting institution. These legislative updates show Malaysia’s unwavering commitment to stay ahead of evolving financial crimes and strengthened supervision to protect its financial system.

High-Profile Enforcement Actions:

In addition to recent legislative amendments, Malaysia has demonstrated its resolve in combating money laundering and terrorism financing through various enforcement actions including high profile money laundering cases. The convictions secured and the pursuit of the fugitives involved in the 1MDB scandal has sent a strong message that Malaysia is serious about tackling the menace of money laundering and holding financial criminals accountable. Scandals like 1MDB also led governing bodies to strengthen oversight of politically exposed persons and increase transparency in state-linked entities.

Malaysia FATF Update

In its latest Mutual Evaluation Report, the FATF acknowledged Malaysia’s progress in many areas and revised its rating with some recommendations. As of the last report the country is largely or fully compliant with all FATF recommendations except 2 which are still partially compliant. While some recommendations remain for further improvement, Malaysia’s achievements reflect its commitment to maintaining a robust and effective AML framework.

Best Practices Guidelines

Compliance with the AML framework requires a proactive and strategic approach. For financial institutions and DNFBPs, compliance is not just a legal obligation but also a matter of reputation management and operational safety. Following are some practical guidelines and best practices that can help reporting institutions meet their AML KYC compliance obligations efficiently.

Conduct Risk Assessment

Conduct a comprehensive risk assessment of the business to evaluate the risks associated with different products and services, delivery channels, and geographic locations where your business operates (such as countries known for weak AML policy and high corruption indices will require increased monitoring). Different customer segments pose different levels of risk such as PEPs and customers from high-risk jurisdictions require enhanced due diligence. Couple results of business-wide risk assessment with the client risk assessment to determine the accurate risk profile of each customer.

Implement Internal Controls

Implement strong internal controls by assigning roles and responsibilities to AML compliance officers, implementing transaction monitoring systems, and conducting periodic internal audits to identify any gaps.

Train Employees

Deliver customized training packages according to the needs of different departments, use real-world scenarios and case studies to demonstrate how financial criminals operate, and involve senior management to communicate the importance of compliance. Conduct ongoing refreshers to keep employees informed about regulatory updates and emerging threats.

Leverage Technology

Technology plays a key role in improving the efficiency and accuracy of AML compliance solutions. Use automated AML compliance software to screen customers against applicable sanctions lists, PEP databases, and adverse media reports. If you’re a company involved in the crypto business, use blockchain technology and couple it with your data “travel rule” to track and verify the authenticity of transactions.

Stay Updated on Regulatory Changes

Stay informed of regulatory changes by subscribing to official regulatory alerts, monitoring global trends, collaborating with industry peers, and consulting with legal experts to adapt quickly and avoid costly compliance failures.

These best practices enable businesses to build a strong and effective AML compliance program that meets Malaysia’s evolving AML requirements.