Everything you need to know about AML compliance in Malaysia
Malaysia is one of the biggest economies in Asia, attracting a wide range of international companies. At the same time, the Malaysian government is taking steps to ensure that its business sector is free of illegal activity. That’s why the country has been continuously developing its Anti-Money Laundering (AML) regulatory framework, introducing its main AML Act back in 2001 and adapting new legislation ever since.
Malaysia’s latest AML legislation came into effect in 2020 and consists of two policy requirements:
These new regulations have changed reporting and due diligence obligations for businesses. In addition, Bank Negara Malaysia (BNM) regularly issues standards and guidelines targeting reporting institutions.
To help you adapt to Malaysia’s regulatory environment, we at Sumsub prepared this article on the country’s main AML laws and the requirements each institution must follow.
The main AML Act in Malaysia refers to affected entities as “reporting institutions”. This term encompasses the following types of businesses:
Affected entities have to comply with the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA). The regulation consists of rules on customer due diligence measures, recordkeeping, reporting, and penalties.
When it comes to investigating money laundering activities in Malaysia, there are several government institutions in charge:
Bank Negara Malaysia (BNM) is the designated competent authority and regulator under the AMLA. It’s responsible for examining the level of compliance of affected institutions. The BNM has also created a Financial Intelligence Unit (FIU) to analyze suspicious activity reports provided by companies.
Companies should implement due diligence measures, which include identifying and verifying the identity of customers and beneficial owners, assessing the purpose and intended nature of the business relationship, and conducting ongoing monitoring of client transactions. This includes obtaining at least the following information about customers:
When working with legal persons/other companies, the following information should be collected:
Companies should also conduct sanctions screening on existing, potential, or new customers against the Domestic List and UNSCR List. Where applicable, screening shall be conducted as part of the Customer Due Diligence process and ongoing due diligence.
Companies also have to conduct ongoing monitoring of their customers, which includes:
Companies should keep records of their customers for at least six years after the end of the relationship or final transaction. According to AMLA, the following information should be collected and kept:
Companies are obliged to send reports to the FIU as soon as suspicion arises. AMLA states that the following reasons can be considered sufficient grounds for the report:
The maximum penalty for failing to submit a suspicious activity report, conduct CDD measures, or keep records is MYR one million (approximately $215,000).