Skip to main content

Malaysia’s Latest AML Reforms: What Compliance Professionals Need to Know (2024–2025)

 As the global financial landscape evolves, Malaysia continues to refine its Anti-Money Laundering and Counter Financing of Terrorism (AML/CFT) framework to stay ahead of illicit threats. In 2024 and 2025, significant regulatory updates have been introduced by Bank Negara Malaysia (BNM), reflecting the country’s strong commitment to safeguarding financial integrity and aligning with global standards set by the Financial Action Task Force (FATF).


In this post, we highlight the most important AML/CFT developments compliance teams should be aware of — from new requirements around proliferation financing to enhanced expectations on beneficial ownership transparency.


🧠 1. Proliferation Financing Now a Core Compliance Focus

One of the most impactful changes is the formal inclusion of proliferation financing (PF) in Malaysia’s AML/CFT policy documents. Financial institutions (FIs), non-bank financial institutions (NBFIs), and designated non-financial businesses and professions (DNFBPs) are now required to:


  • Assess their exposure to PF risks
  • Implement appropriate mitigation controls
  • Escalate PF-related red flags within their compliance frameworks


This marks a pivotal shift in the regulatory landscape, aligning Malaysia’s approach with international priorities surrounding the financing of weapons of mass destruction.


📊 2. Enhanced Reporting and Risk-Based Monitoring

Regulatory expectations for Cash Threshold Reports (CTR) and Suspicious Transaction Reports (STR) have been updated. Institutions must now provide more precise data to support intelligence-led investigations by authorities.

Compliance teams are encouraged to revisit their internal monitoring thresholds, ensure data completeness, and refine the triggers used in their transaction monitoring systems.


🧍 3. Clearer Definitions and Stronger Beneficial Ownership Rules

Malaysia has revised key AML definitions to reduce ambiguity and improve implementation. This includes clarifying:


  • The meaning of beneficial owner
  • The roles of nominator and nominee
  • What constitutes up-to-date information

These refinements go hand-in-hand with changes to the Companies Act, which now imposes stricter requirements around beneficial ownership disclosure. Legal entities must ensure they maintain and report accurate ownership structures — a crucial step toward improving transparency and tackling the misuse of shell companies.

🏢 4. Group-Wide Compliance Programs Now Mandatory

If your organization is part of a financial group or holds multiple reporting licenses, you’ll need to implement a group-wide AML/CFT/CPF program. This includes:


  • Common policies and procedures
  • Information sharing between branches and subsidiaries
  • Coordinated training and oversight


This requirement ensures consistent compliance standards across entities — regardless of whether they operate locally or internationally.


🧾 5. Raising the Bar on Employee Vetting and Training

Employee screening is also under the spotlight. Institutions must:


  • Keep detailed records of their staff onboarding and vetting processes
  • Train staff on how to identify and escalate AML, CFT, and PF risks
  • Regularly update training modules to reflect new typologies and red flags

This is especially important for DNFBPs, who are now held to higher expectations when it comes to staff readiness and internal escalation protocols.


🗺️ 6. National Risk Assessment 2023: A New Risk Landscape

Malaysia’s latest National Risk Assessment (NRA), published in 2023, highlights evolving threats across key sectors — including cross-border criminal activities and abuse of legal persons. Compliance professionals should review this document and incorporate its findings into their enterprise-wide risk assessments.


Final Thoughts

These recent updates reflect a clear direction: compliance programs must now be more risk-informed, integrated, and globally aligned. Whether you’re operating in banking, insurance, crypto, or as a legal or accounting firm, these changes will likely affect your day-to-day operations and long-term compliance strategies.


If your institution hasn’t yet reviewed its AML/CFT framework in light of these changes, now is the time. Start with your risk assessments, update your internal controls, and ensure your people are trained and prepared.


For full details and access to the revised policy documents, visit Bank Negara Malaysia’s AML/CFT portal.




📌 Follow this blog for ongoing insights into regulatory updates, compliance best practices, and practical implementation strategies in Malaysia’s financial sector.


Labels:

Comments

Post a Comment

Popular posts from this blog

Key Regulatory Compliance Updates for Malaysia’s Banking Sector (2025)

As Malaysia continues to strengthen its financial ecosystem, 2025 brings several key regulatory updates that banks and financial institutions must prioritize. Bank Negara Malaysia (BNM), is rolling out targeted reforms to address rising risks, digital innovation, and global sustainability standards. Here’s a concise summary of the major changes shaping compliance in Malaysia’s banking industry this year. 🛡️ 1. Strengthening Internal Compliance Functions BNM has issued updated guidance on how financial institutions should structure and maintain their compliance functions. The focus is on: Independent compliance units with direct reporting lines to senior management and the board Clear accountability frameworks to manage regulatory risks Proactive monitoring and reporting of potential compliance breaches These enhancements are part of BNM’s broader aim to promote a culture of integrity and governance within financial institutions. 🌍 2. Climate Risk Disclosure and ESG Integration En...
Post a Comment
Read more

History of the PDPA in Malaysia

📜 The Evolution of Malaysia’s Personal Data Protection Act (PDPA) In an age where data is currency, Malaysia’s journey toward robust personal data protection began well before the global spotlight turned to privacy rights. Here’s how the PDPA came to life — and where it’s headed. 🔹 1. Laying the Groundwork (Early 2000s – 2010) Long before personal data became a global concern, Malaysia had already started to recognize the risks of unregulated data usage. Laws like the  Computer Crimes Act 1997  and the  Electronic Commerce Act 2006  addressed elements of cybersecurity and digital transactions, but there was no dedicated framework for safeguarding personal data. Seeing the rise of e-commerce, social media, and digital services, the government began drafting legislation to regulate how personal information is collected, used, stored, and shared — particularly in the private sector. 📅 2. The PDPA is Passed (2010) The result of these efforts...
Post a Comment
Read more