Learn everything you need to know about crypto regulations in Malaysia.
Crypto adoption is on the rise worldwide, and Malaysia is no exception. While the country doesn’t consider digital assets to be legal tender, it still defines them as a form of securities. Meanwhile, Malaysia has been continuously working to provide a coherent legal framework for digital assets and service providers of these assets.
We at Sumsub have prepared a complete guide to Malaysian crypto regulations. You’ll learn about the regulatory authorities overseeing the industry, as well as the main requirements for service providers to work legally in the country.
According to the Malaysia’s Prescription Order 2019, digital assets are separated into two categories:
The document also specifies in what cases digital currencies and digital tokens are considered securities.
Companies that wish to operate in Malaysia have to define whether they deal with digital tokens or digital currencies. Based on this, companies fall into one of the following categories:
The main regulator for digital asset service providers in Malaysia is the Securities Commission Malaysia (SCM). Any company that wishes to operate in Malaysia and provide services with assets qualified as securities has to register with the SCM.
The SCM regulates digital assets in Malaysia through the Capital Markets & Services (Prescription of Securities) (Digital Currency and Digital Token) Order 2019, which enables the SCM to set guidelines on offering and trading of digital assets.
RMO-DAX companies have to follow the Guidelines on Recognized Markets. Meanwhile, DAC and IEO have to comply with the Guidelines on Digital Assets.
Companies must also follow the Anti-Money Laundering and Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001, as well as related guides from the SCM, in addition to the Personal Data Protection Act 2010.
In order to register, the business must be a Malaysian-incorporated company unless specified otherwise by the SCM. The exact criteria varies depending on the type of services provided. For example, IEO and DAC that wish to legally operate in Malaysia have to satisfy the following criteria:
An IEO applicant must have a minimum paid-up capital of RM5,000,000 (approximately $1.07 mln). However, the SCM may at any time impose additional financial requirements commensurate with the nature, operations, and risks posed by a given company. Finally, the IEO company must immediately notify the SCM if there’s a possibility of a breach of the minimum financial requirement.
A digital asset custodian must have a minimum paid-up capital of RM500,000 (approximately $107,000) and shareholders’ funds of RM500,000 maintained at all times.
Meanwhile, digital asset exchanges must be locally incorporated and have a minimum paid-up capital of RM5 million (approximately $1.07 mln) and, for DAX operators operating a Digital Broker model, an additional RM 5 million in shareholders’ funds must be maintained at all times.
The rest of the criteria for RMO-DAX differ from those set for IEO companies.
The complete list of criteria can be found in the Guidelines on the Recognized Market.
Registered companies have to implement and carry out a set of procedures to comply with AML regulations. This includes:
Per AML requirements, digital asset service providers have to follow the Travel Rule. Therefore, regulated companies have to share information on originators and beneficiaries of wire transfers or digital asset transactions.
This includes the following information about the originator and beneficiary:
From the originator—
From the beneficiary—
A receiving company is required to have effective risk-based policies and procedures for determining:
More information on the Travel Rule can be found here, as well as in our help center.
Crypto in Malaysia is legal. However, Malaysia doesn’t recognize digital assets as legal tender or as a payment instrument. According to the Prescription Order 2019, they are recognized as securities.
The main regulator for digital asset service providers in the country is the Securities Commission Malaysia (SCM).
Yes, it applies. Information between initiator and beneficiary company has to be shared whenever a crypto transfer occurs.