Canada    FinTech Guide    Chapter 11    Malaysia

11. Identification
Malaysia  Malaysia

It is well established that existing customer due diligence (CDD) procedures are tedious, unpleasant, and expensive. Without a doubt, the digitalisation and implementation of an enhanced CDD procedure will be well received.

Legal Affairs

Generally, CDD procedures are carried out to address issues with regard to money laundering and terrorism financing. Banks are classified as Sector 1 reporting institutions and are required to comply with anti-money laundering policies issued by the Central Bank of Malaysia ("BNM"), particularly the Anti-Money Laundering and Counter Financing of Terrorism Policy for Banking and Deposit-Taking Institutions (Sector 1) (“Sector 1 AML/CFT Policy”) . There is no requirement to obtain a license in Malaysia for purposes of identification services. In principle, banks are required to conduct its own identification procedure for the on-boarding of customers.

The Sector 1 AML/CFT Policy does not specifically provide for requirements with regard to CDD procedures which are digitalised or carried out online, but does recognise that CDD can be carried out by banks without face-to-face encounter with a new customer .

Banks may also outsource the function of identification to a third party.

The third party FinTechs would in turn need to satisfy the banks that it:

  • can immediately obtain the necessary information concerning the identification procedure;
  • has an adequate identification procedure;
  • has proper measures in place for record keeping requirements;
  • can immediately upon request, produce information obtained from the identification procedure and to provide copies of the relevant documentation; and is properly regulated and supervised.

Economic Conditions

According to the Lexis Nexis® Risk Solutions study, financial institutions in Asian markets are spending approximately US$1.5 billion annually on CDD. Unfortunately there is insufficient data to indicate who the market leaders are.


In the case of an outsourcing or agency relationship, such a relationship shall be regarded as synonymous with the bank and not a third party for the purposes of the Sector 1 AML/CFT Policy.

Contributing Authors

Lee Hishammuddin Allen & Gledhill

Adlin Abdul Majid
Kuala Lumpur, Malaysia

Andrew Ean Vooi Chiew
Kuala Lumpur, Malaysia

Search by:

Chapter Index:

1. Payment Services / Mobile Payment

2. Asset and Portfolio Management

3. Consulting and Broking Services / Robo-advisory / Auto-trading

4. Trading Platforms / Social Trading Platforms / Signal Following

5. Crowdfunding / Crowdinvesting / Crowdlending

6. Virtual Currency - Bitcoin

7. Loan Services / Factoring / Loan Broking / Finetrading

8. Online Banking Services

9. Analytics and Research / Data Management / Risk Management

10. Accounting

11. Identification

12. Online-pawning

13. InsurTech

14. RegTech

15. Initial Coin Offerings (ICOs)

The information in this guide provides a general overview at the time of publication and is not intended to be a comprehensive review of all legal developments nor should it be taken as opinion or legal advice on the matters covered. It is for general information purposes only and readers should take legal advice from a Multilaw member firm.

Publication Date: 1 May 2018