Subject: Re: Things you need to know – Malaysia AML/CFT Measures

If you are providing digital currency exchange services in Malaysia, your business will be subject to the anti-money laundering and counter financing of terrorism (AML/CFT) measures

Posted by Jun on December 22, 2017

On 14 December 2017, Bank Negara Malaysia (BNM), the central bank of Malaysia, issued the exposure draft to seek public consultation on the obligations of businesses providing digital currency exchange services in Malaysia. Businesses providing digital currency exchange services will be designated as a reporting institution under the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001.

We know most people will not have the time and patience to read through a 50-page document. Not to worry, the key points relevant to businesses and consumers will be highlighted here.

Dear digital currency exchange business owner…

Do you provide services for exchanging (a) digital currency for money, (b) money for digital currency, or (c) one digital currency for another digital currency? Do not be alarmed. Your operations in Malaysia will soon be subject to reporting obligations to increase transparency in the use of digital currencies. If you are providing digital currency exchange services in Malaysia, your business will be subject to the anti-money laundering and counter financing of terrorism (AML/CFT) measures - whether your business is incorporated in or operating from Malaysia is irrelevant.

  • Customer on-boarding/ Records

The customer on-boarding requirements are relatively straightforward and can mostly be satisfied by the provision of proper identification documents. Under the measures, you need to undertake ongoing review of the business relationship with your customers by scrutinising transactions undertaken by the customer and ensuring that the transactions are consistent with the risk profile of the customer. You must also keep customer records for at least six years after the end of the customer relationship.

  • Management information system

Your business must put in place a management information system to support your customer due diligence process. Not any system will make the cut though. Amongst other requirements, the system must be able to capture unusual transaction activity and transactions exceeding any internally specified threshold.

  • Compliance Officer

You will also most likely have to make one new hire. The AML/CFT measures require you to appoint a compliance officer who will be responsible for your business’ AML/CFT obligations. Apart from having a good grasp of the AML/CFT measures, do ensure that the job description states that the applicant will be assessed on his/her competency, probity, personal integrity and reputation. This is not a joke…the compliance officer is required to satisfy the “fit and proper” criteria set by the BNM.

  • Operational matters

Prior to the adoption of new digital currencies, products, services, business practices and technologies, you are required to assess the risk, document the risk analysis in writing, and take appropriate measures to manage and mitigate the risks. You will also need to submit digital currency activity statistics and financial information to the BNM monthly. In addition, please disclose how you have determined the prices for the exchange of digital currencies.

Lastly, please remember that the imposition of reporting obligations does not indicate the BNM’s licensing, authorisation or validation of digital currencies or your business. In other words, refrain from stating that your business is “regulated”.

“A reporting institution shall not represent itself as an entity authorised/ licensed by the Bank, or in any way create a legitimate expectation that its activities are regulated by the Bank”

Dear customers of digital currency exchange businesses…

With the imposition of AML/CFT measures, your digital currency exchange service provider may ask for more independent source documents (such as your national registration identity card or in the case of companies, certificate of incorporation) to verify your identity before you can use their services. If there is any doubt as to your identity, they may even require official identification documents certified by an official authority.

If you (the customer on record) are not the true owner, this should also be made known to the service provider.

As always, you should remember to be honest and act with integrity. The service provider is required to conduct ongoing review and evaluation of your profile, which includes scrutinising transactions you have undertaken. Your digital currency exchange provider is also obligated to promptly submit a suspicious transaction report to the BNM if your transaction appears to be unusual, illegal, have no clear economic purposes or involve proceeds from an unlawful activity.

To whom it may concern…

While the obligations are intended to increase transparency in the use of digital currencies, the BNM emphasised that “digital currencies are not recognised as legal tender in Malaysia”.

In BNM’s statement accompanying the release of the draft, it reiterated the now-familiar warning in many jurisdictions:

“Members of the public are advised to carefully evaluate the risks associated with dealings in digital currencies. This includes risks arising from high volatility in prices, the lack of deep markets and vulnerabilities to cyber-attack which can lead to significant losses. Users of digital currencies will also not be covered under established disputed resolution arrangements which exists for regulated financial institutions in the event of any dispute or losses”

Take care, speak soon.

Yours truly,


This article is for information purposes only and shall not be construed as legal advice.