How Can Financial Institutions Fight Money Laundering in Malaysia?

7 mins

Malaysia’s top court recently ordered ex-prime minister Najib Razak to begin a 12-year jail sentence after maintaining a guilty verdict on charges related to the scandal at state fund 1Malaysia Development Berhad (1MDB). His wife also received a 10-year prison sentence for corruption charges. 

The notorious multi-billion dollar 1MDB scam has an important role in Malaysia’s current anti-money laundering (AML) scenario. Since the scandal came to light, Malaysia has been keen to formulate new laws and revamp existing laws in its fight against financial crimes. The country has upgraded its AML norms to match international standards while addressing the growing compliance issues related to its fast-growing digitalisation in financial services. 

In this article, we will look into Malaysia's current financial crime landscape, especially after the growth of fintech in the country. We will also explore the gaps in current approaches to fight financial crime and look at ways in which financial institutions can address AML compliance in an effective manner. 

Growing Digitalisation and Financial Crime Threats

Having a large digitally savvy population, Malaysia has seen rapid growth in technology adoption within its financial sector. Digital banking is a high-growth sector in the country due to its significant banking penetration at 92%. By 2026, about 40% of the country’s population would have a digital bank account, according to research.  

While cryptocurrencies are not legal tender in the country, cryptocurrency exchanges are legal with registration requirements under the Malaysian Securities Commission. Among other criteria, crypto exchanges need to demonstrate their ability to manage the AML risks associated with their business. There have also been proposals for reforms in crypto regulation in the country to help “expand the participation of young people in cryptocurrencies”. 

The country has been vulnerable to criminal activities such as corruption, terrorist financing, fraud, drug trafficking, smuggling, wildlife trade and tax crimes. The growth of digital banking and payment methods would mean that criminals now have more or “better” avenues to launder their ill-gotten money. 

While the country has up-to-date AML legislations, regulated financial institutions should ensure their implementation with AML compliance programmes involving adequate human and efficient technological resources. 

 Fighting money laundering in Malaysia-1


AML Requirements for Financial Institutions

In its 2019 AML policy document for financial institutions, the Bank Negara Malaysia noted that the globalisation of the financial services industry and advancement in technology, including the emergence of new players and innovative products, pose challenges to regulators and law enforcement agencies alike in curbing criminal activities. 

In view of the evolving risks and the potential development opportunities brought about by the era of digitalisation, the central bank has proposed some enhancements to the existing AML/CFT reporting obligations. 

In line with the international standards established by the Financial Action Task Force (FATF), the reporting obligations are risk-informed. They would also ensure that areas of higher risk are subject to enhanced controls by regulated financial institutions, including banks, money service businesses and providers of designated payment instruments. The major AML/CFT requirements in the policy document are given below: 

  • Application of Risk-Based Approach 

Reporting institutions must have risk management functions proportionate to the nature, scale and complexity of their activities and risk profile. They should also take appropriate steps to identify, assess and understand their money laundering/terrorist financing (ML/TF) risks at the institutional level in relation to their customers, countries or geographical areas and products, services, transactions or delivery channels. The institutions should also have policies, procedures and controls to manage and

mitigate ML/TF risks. Furthermore, reporting institutions must conduct risk profiling on their customers and assign ML/TF risk rating that is commensurate with their risk profile.

  • AML/CFT Compliance Programme

Reporting institutions are required to implement AML/CFT programmes, which correspond to their ML/TF risks and business size. The board of directors of the companies are responsible for maintaining accountability and oversight in establishing AML/CFT policies, while the senior management should implement them by allocating resources and appointing a Compliance Officer. The Compliance Officer acts as the reference point for AML/CFTmatters within the reporting institution. The board is also required to ensure regular independent audits of the internal AML/CFT measures. 

  • Customer Due Diligence (CDD)

Reporting institutions should conduct CDD on customers and persons conducting the transactions when:

  • establishing business relations;
  • providing money-changing and wholesale currency business;
  • providing wire transfer services;
  • providing electronic money (e-money);
  • carrying out occasional transactions involving an amount equivalent to RM25,000 and above, including in situations where the transaction is carried out in a single transaction or through several transactions in a day that appear to be linked;
  • carrying out cash transactions involving an amount equivalent to RM25,000 and above;
  • it has any suspicion of ML/TF, regardless of amount; or
  • it has any doubt about the veracity or adequacy of previously obtained information

The central bank prescribes certain standard CDD measures such as:


  • Identifying an individual customer and beneficial owner
  • Understanding the nature of business of corporate customers, their ownership and control structure and maintaining the information relating to the identity of their directors and shareholders through a public register and other reliable sources
  • Understanding the nature of the customer’s business and its ownership and control structure for customers that are legal arrangements
  • Getting relevant information and documents from customers that are clubs, societies and charities, counterparties and beneficiary accounts
  • Conducting simplified CDD where ML/TF risks are assessed to be low
  • Performing enhanced CDD where the ML/TF risks are assessed as higher risk
  • Conducting ongoing due diligence on the business relationship with its customers to understand deviations in risk level and keep information up-to-date

  • Politically Exposed Persons (PEPs)

Take reasonable measures to determine the extent to which individuals are directly engaged or involved in the activity of the PEP. Financial institutions should put in place a risk management system to determine whether a customer or a beneficial owner is a foreign PEP or domestic PEP or a person carrying out a prominent function at an international organisation. 

  • Cash Threshold Report

Submit cash threshold reports to the Financial Intelligence and Enforcement Department, Bank Negara Malaysia, for transactions (single or multiple) within the same account in a day for amounts of RM25,000 and above. They also must establish a reporting system for the submission of cash threshold reports to the Financial Intelligence and Enforcement Department. 

  • Suspicious Transaction Report

Financial institutions must promptly submit a suspicious transaction report, with all required and relevant information, to the Financial Intelligence and Enforcement Department whenever they suspect or has reasonable grounds to suspect that a transaction appears unusual, has no clear economic purpose, appears illegal, involves proceeds from an unlawful activity or indicates that the customer is involved in ML/TF. They also need to establish a system for the submission of suspicious transaction reports.

  • Record Keeping

Reporting institutions must keep the relevant records, including any accounts, files, business correspondence and documents relating to transactions, in particular, those obtained during the CDD process. This should include documents used to verify the identity of customers and beneficial owners and the results of any analysis undertaken. The records maintained must remain up-to-date and relevant.

  • Management Information System

Have an adequate manual/electronic management information system (MIS) to complement its CDD process. The MIS should provide the reporting institution with timely information on a regular basis to enable the reporting institution to detect irregularities and/or any suspicious activity. 

  • Targeted Financial Sanctions 

Stay up-to-date with the relevant United Nations Security Council Resolutions (UNSCR) relating to combating the financing of terrorism and proliferation financing and maintain a sanctions database on the UNSCR list and Domestic List issued by the Minister of Home Affairs.

They should also conduct sanctions screening on existing, potential or new customers against the Domestic List and UNSCR List. Where applicable, screening shall be conducted as part of the CDD process and ongoing due diligence. The institutions should submit a suspicious transaction report upon determination of any positive match with the lists for conducted as well as attempted transactions.

Use Technology to Fight Financial Crime”: How Can Tookitaki Help? 

Headquartered in Singapore, Tookitaki is an award-winning Regtech company. Our AML solution helps financial institutions strengthen their risk coverage and mitigate risks seamlessly in the ever-evolving world of regulatory compliance. 

Our innovation, called federated learning, is based on a concept called the “Hub and Spoke.” This helps break away from silos while providing our customers with better access to an extensive network for enhanced security and protection. 

The Hub is our "AFC Ecosystem” that combines Tookitaki's network of experts and our library of typologies. 

The AML  ecosystem is a community-driven, first-of-its-kind initiative and is based on a deep democratization approach that allows everyone in the anti-money laundering field to collaborate and combine expertise to combat financial crime in a single network ecosystem. 

The Spoke is Tookitaki’s Anti-Money Laundering Suite or AMLS. The AMLS is an end-to-end operating platform optimised by AI that detects and prevents suspicious money trails while managing alerts.

The AMLS comprises multiple modules, such as Transaction Monitoring, Smart Screening, and Customer Risk Scoring solutions seamlessly integrated to provide a one-stop compliance solution. Tookitaki’s Case Manager solution collates the alerts from all solutions in an interactive manner, offering companies speedy alert disposition and easy regulatory report filing.

Talk to our expert to learn more about our AML solution and how Tookitaki can be your partner of choice for enhancing risk-based AML compliance programmes as required by Malaysian regulators.