Malaysia Anti Money Laundering Guidelines – Overview and Summary of Requirements

  • By: Staff Editor
  • Date: March 20, 2013
Webinar All Access Pass Subscription


Malaysia’s Guidelines on Anti-Money Laundering was drawn up in accordance with the Anti-Money Laundering and Anti-Terrorism Financing Act 2001 (AMLATFA). This article gives a brief overview of the requirements.
The Guidelines are applicable to the reporting institutions including branches and subsidiaries outside Malaysia carrying on any activity listed in the First Schedule to the AMLATFA.
Customer Acceptance Policy
  • Every reporting institution should develop customer acceptance policy and procedures to address the establishment of business relationship with the customer.
  • The reporting institution should take into consideration the following factors when creating the risk profile of a particular customer
    • the origin of the customer and location of business
    • background or profile of the customer
    • nature of the customer’s business
    • structure of ownership for a corporate customer
    • any other information suggesting that the customer is of higher risk.
Customer Due Diligence
  • Every reporting institution must obtain satisfactory evidence in terms of the identity and legal existence of any person applying to do business with it.
  • The customer due diligence should be conducted for individual and corporate customers as well as clubs, societies and charities.
  • The customer due diligence should comprise the following -
    • identify and verify the customer
    • identify and verify beneficial ownership and control of such transaction
    • obtain information on the purpose and intended nature of the business relationship/transaction
    • conduct ongoing due diligence and scrutiny, to ensure the information provided is updated and relevant.
Legal Arrangements
The reporting institution needs to establish whether the customer is acting on behalf of another person as a party to a legal arrangement, for example, a trustee or nominee.
Beneficial Ownership and Control
The reporting institution should conduct stringent customer due diligence on the beneficiary owner.
Reliance on Intermediaries for Customer Due Diligence
The reporting institution who uses the services of intermediaries to introduce business may rely on the customer due diligence conducted by such intermediaries but the ultimate responsibility remains with the reporting institution.
Non-face-to-face Business Relationship
  • The reporting institution should have in place policies and procedures to address any specific risks associated with non-face-to-face business relationships.
  • The reporting institution should establish effective appropriate measures for customer verification which may include:
    • requisition of additional documents to complement those which are required for face-to-face customers
    • independent contact with the customer
    • verification of customer information against databases maintained by the authorities.
Foreign Politically Exposed Persons (PEPs)
  • The reporting institution should have a risk management framework to determine whether current or new customers are PEPs.
  • The decision to enter into or continue business relationships with PEPs should be made by the Senior Management of the reporting institution at the head office.
  • The reporting institution should conduct enhanced ongoing due diligence on PEPs as well as their family members or close associates, throughout its business relationships with such PEPs.
Higher Risk Customers
  • Higher risk customers include - High net worth individuals; Non-resident customers from locations known for their high rates of crime (e.g., drug producing, trafficking, smuggling) and cash-based businesses etc.
  • The reporting institution should conduct enhanced customer due diligence on high risk customers.
  • These should be approved by the Senior Management of the reporting institution prior to establishing any business relationship with the customer.
Existing Customers
The reporting institution should take the necessary measures to ensure that the record of existing customers remains updated and relevant.
Retention Period
The reporting institution should keep all the relevant records related to transactions for at least six years after the transaction has been completed or after the business relations with the customer have ended.
Audit Trail
The reporting institution must ensure that the retained documents and records are able to create an audit trail on individual transactions.
The reporting institution should retain the relevant document in the form that is acceptable under section 3 of the Evidence Act 1950, secure and retrievable, upon request, in a timely manner.
Ongoing monitoring
The reporting institution should conduct ongoing customer due diligence to examine and clarify the purpose of any transaction or business relationship that appears unusual.
Management Information System
  • The reporting institution should have in place an adequate management information system to complement its customer due diligence.
  • The purpose of management information system is to provide the reporting institution with timely information about any suspicious activity.
Special Attention
  • The reporting institution should establish internal criteria (“red flags”) to detect suspicious transactions.
  • The reporting institution should also monitor transactions with regards to business relationships and transactions with individuals, businesses, companies and financial institutions from countries highlighted as insufficiently implementing the internationally accepted AML/CFT measures.

 Suspicious Transaction Reporting

  • The reporting institution is required to promptly submit a suspicious transaction report to the Financial Intelligence Unit in Bank Negara Malaysia
  • The reporting institution should provide the necessary information surrounding the suspicious transaction as required in the suspicious transaction report form.
Reporting Mechanisms
  • The reporting institution should appoint one or more officers at the Senior Management level to be the compliance officer responsible for the submission of suspicious transaction reports to the Financial Intelligence Unit in Bank Negara Malaysia.
  • Similarly, the reporting institution should appoint a compliance officer at each branch and subsidiary.
Triggers for Submission of Suspicious Transaction Report
  • The reporting institution should consider submitting a suspicious transaction report when it is unable to complete the customer due diligence process on any new or existing customer that is unreasonably evasive or uncooperative.
  • The reporting institution should also consider submitting a suspicious transaction report when any of its customer’s transaction or attempted transaction fits the reporting institution’s list of “red flags”.
AML Compliance Program
  • The reporting institution’s Board of Directors and Senior Management should be aware of the money laundering risks associated with all its business products and services.
  • The Board of Directors should establish an effective internal control system for AML
  • The Senior Management should establish an appropriate employee assessment system to ensure staff integrity.
  • The reporting institution should ensure that the roles and responsibilities of the compliance officer are clearly defined and documented.
  • The reporting institution must conduct awareness and training programs on AML practices and measures for its employees.
  • The Board of Directors is responsible to ensure regular independent audit of the internal AML measures and processes.


Additional Resources

Read the Malaysia Guidelines on Anti Money Laundering in full here.

Best Sellers
You Recently Viewed