Name
Global FinTech Guide
Country _ Name
Malaysia
SectionTitle
KYC requirements
Body
The know your customer or know your client (KYC) guidelines and regulations for financial services require that professionals try to verify the identity, suitability, and risks involved with maintaining a business relationship.

Legal affairs

National regulatory framework regarding AML and effective date of the regulations

The Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (“AMLA”) is the primary statute governing the AML regime in Malaysia. It was gazetted as law on 5 July 2001.

FIs are also required to comply with the AML/CFT Policy. 

In addition, BNM issued an electronic know-your-customer (e-KYC) policy document (e-KYC Policy Document) on June 30, 2020, that is applicable to all FIs and sets out the minimum requirements and standards that a FI must follow when implementing e-KYC for the identification and verification of individuals. The e-KYC Policy Document outlines the requirements for FIs to obtain board approval on its overall risk appetite and internal mechanism governing the implementation of e-KYC which impose accountability on the board, to use an appropriate combination of authentication factors to verify a customer’s identity through e-KYC, and to use artificial intelligence to automate the decision to verify a customer’s identity through e-KYC.

National regulator or relevant authority for AML controls

BNM is the designated competent authority and regulator under AMLA.

Customer Due Diligence

Conduct of a typical KYC identification process

Generally, pursuant to the AML/CFT Policy, standard CDD measures include:

    a) Identifying an individual customer and beneficial owner by obtaining information such as full name, national registration identity card or passport number and background information;
    b) For customers that are legal persons, FIs must verify the customer’s information by obtaining relevant information such as certificate of incorporation etc., the powers that regulate and bind the customer such as director’s resolution as well as the names of senior management personnel;
    c) Identify and take reasonable measures to verify the identity of beneficial owners; and
    d) Identify and maintain information relating to the identity of directors and shareholders of the customers.

Enhanced CDDs are required to be carried out where the money laundering and terrorism financing are assessed as higher risk. An enhanced CDD requires the FI to take additional measures, which include obtaining additional information, enquiring on the source of wealth or funds, and obtaining approvals from senior management of the FI before establishing such business relationship with the customer. 

The AML/CFT Policy also sets out specific CDD processes for money-changing and wholesale currency business, wire transfers, e-money. Additionally, the AML/CFT also sets out similar CDD processes to be complied with by insurance and takaful entities, money services business and non-bank issuers of designated payment instruments and designated Islamic payment instruments. 
 

Possibility to meet customer due diligence requirements by relying on third parties who are obliged by law themselves to comply with AML regulations

Yes, it is possible to meet CDD requirements by relying on third parties, provided that the relationship between the FI (i.e. institutions that are obligated to comply with the reporting obligations provided in AMLA) and the third party must be governed by an arrangement that clearly specifies the rights, responsibilities, and exp

Authors

Close

Choose country