Malaysia - Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act


    Malaysia - Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act

    The Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act of 5 July 2001 (‘the AMLATFA‘) provides for the offence of money laundering, the measures to be taken for the prevention of money laundering and terrorism financing offences and for the forfeiture of property involved in or derived from money laundering and terrorism financing offences, as well as terrorist property, proceeds of an unlawful activity and instrumentalities of an offence, and for matters incidental thereto and connected therewith. 

    Last Updated: July 22, 2019

  • Under Section 13 of the AMLAFTA, reporting institutions are required to keep a record of any transaction involving the domestic currency or any foreign currency exceeding such amount as the competent authority may specify. The record shall include the following: 

    •  the identity and address of the person in whose name the transaction is conducted; 
    • the identity and address of the beneficiary or the person on whose behalf the transaction is conducted, where applicablethe identity of the accounts affected by the transaction, if any; 
    • the type of transaction involved, such as deposit, withdrawal, exchange of currency, cheque cashing, purchase of cashier’s cheques or money orders or other payment or transfer by, through, or to such reporting institution; 
    • the identity of the reporting institution where the transaction occurred; and 
    • the date, time and amount of the transaction and also include such other information as the competent authority may specify in writing. 

    In addition, Section 14 of the AMLAFTA, requires reporting institutions to promptly report the following to the competent authority:  

    • any transaction exceeding such amount as the competenauthority may specify; 
    • any transaction where the identity of the person involved, the transaction itself or any other circumstances concerning that transaction gives any officer or employee of the reporting institution reason to suspect that the transaction involves proceeds of an unlawful activity or instrumentalities of an offence; and
    • any transaction or property where any officer or employee of the reporting institution has reason to suspect that the transaction or property involved is related or linked to, is used or is intended to be used for or by, any terrorist act, terrorist, terrorist group, terrorist entity or person who finances terrorism. For the purposes of this section, “transaction” includes any attempted transaction or proposed transaction.

    Furthermore, according to Section 15 of the AMLAFTA, a reporting institution shall provide for the centralisation of the information collected pursuant under Part IV of the AMLAFTA 

    Moreover, Section 16 of the AMLAFTA requires a reporting institution to comply with the following:  

    • not to open or operate any anonymous account or any account which is in a fictitious, false or incorrect name; 
    • not to establish or conduct any business relationship, transaction or activity involving a fictitious, false or incorrect name; and 
    • shall maintain accounts in the name of an account holderrecords or information of any business relationship, transaction or activity in the name of a customer. 
    • undertake customer due diligence measures in all or any of the following circumstances: establishing or conducting a business relationship, conducting any transaction with a customer or carrying out any activity for or on behalf of a customer, whether the customer is an occasional or usual customer, including when opening a new account or passbook, entering into any fiduciary transaction, renting of a safe deposit box, performing any other transaction or activity as the competent authority may specify; the transaction or activity to be carried out exceeds such amount as the competent authority may specify; there is reasonable suspicion of the commission of a money laundering offence or a terrorism financing offence; or there is reasonable doubt about the veracity or adequacy of previously obtained customer identification data.

    When undertaking customer due diligence measures, a reporting institution shall: 

    • ascertain the identity, representative capacity, domicile, legal capacity, occupation or business purpose of any person, whether he is an occasional or usual customer;  
    • verify, by reliable means or from an independent source, or from any document, data or information, the identity, representative capacity, domicile, legal capacity, occupation or business purpose of any person, through the use of documents which include identity card, passport, birth certificate, driver’s licence, constituent document or any other official or private document as well as other identifying information relating to that person, whether he is an occasional or usual customer;
    • verify the identity and authority of any person purporting to act on behalf of a customer in the opening of an account, the conduct of any transaction or the carrying out of any activity; 
    • take reasonable steps to obtain and record information about the true identity of any person on whose behalf an account is opened or a transaction or activity is conducted if there is reasonable doubt that the person is not acting on his own  behalf, particularly where the person is not conducting any commercial, financial or industrial operations in a foreign State where the person has his headquarters or domicile; and  
    • take reasonable steps to verify the identity of natural persons who own or exercise effective control over a customer who is not a natural person. 

    A reporting institution shall conduct ongoing due diligence on all accounts, business relationships, transactions and activities. 

    The competent authority shall, upon consultation with the relevant supervisory authority of a reporting institution, if any, issue such directions or guidelines to a reporting institution on the undertaking of customer due diligence measures as it considers necessary to achieve the following: 

    • to give full effect to internationally accepted standards for the detection or prevention of a money laundering offence or terrorism financing offence; and 
    • to specify additional customer due diligence measures to be undertaken by a reporting institution 

     A reporting institution shall record any information, data or details obtained under this section and shall, upon request in writing, provide a copy of such record to the competent authority.

    According to Section 17 of the AMLAFTA, a reporting institution shall also be subject to the following requirements: 

    • Notwithstanding any provision of any written law pertaining to the retention of documents, a reporting institution shall maintain any account, record, business correspondence and document relating to an account, business relationship, transaction or activity with a customer or any person as well as the results of any analysis undertaken, as the case may be, for a period of at least siyears from the date the account is closed or the business relationship, transaction or activity is completed or terminated. 
    • maintain records to enable the reconstruction of any transaction in excess of such amount as the competent authority may specify under Section 14 of the AMLAFTA, for a period of at least six years from the date the transaction is completed or terminated. 

    Additionally, Section 19 of the AMLAFTA requires reporting institution to adopt, develop and implemeninternal programmes, policies, procedures and controls to guard against and detect any offence under the AMLAFTA. 

    The Central Bank of Malaysia (‘BNM’) has issued the following guidance, in respect of Anti-Money Laundering and Counter Financing of Terrorism (‘AML/CFT’): 

    • Anti-Money Laundering and Counter Financing of Terrorism (AML/CFT) – Banking and Deposit-Taking InstitutionsSector 1 (available here) 
    • Anti-Money Laundering and Counter Financing of Terrorism (AML/CFT) – Insurance and Takaful, Sector 2 (available here) 
    • Anti-Money Laundering and Counter Financing of Terrorism (AML/CFT) – Money Services Business, Sector 3 (available here) 
    • Anti-Money Laundering and Counter Financing of Terrorism (AML/CFT) – Electronic Money and Non-Bank Affiliated Charge & Credit Card, Sector 4 (available here) 
    • Anti-Money Laundering and Counter Financing of Terrorism (AML/CFT) – Designated Non-Financial Businesses and Professions (DNFBPs) & Other Non-Financial, Sector 5 (available here) 
    • Anti-Money Laundering and Counter Financing of Terrorism (AML/CFT) – Digital CurrenciesSector 6 (available here) 
  • How OneTrust Helps

    OneTrust Vendorpedia simplifies third-party risk management by combining automation with aggregated vendor research to streamline the vendor engagement lifecycle, from onboarding to offboarding. The platform helps organizations conduct faster and more in-depth security and privacy reviews. 

    Vendorpedia is backed by the world’s largest and most up-to-date database of privacy and security laws, frameworks, and standards, which directly power and enrich OneTrust Vendorpedia. Research is generated by 30 in-house security and privacy experts and a network of 500 lawyers across 300 jurisdictions.  

    For additional details on Vendorpedia, read more here. 

Want to learn more? Login to the full DataGuidance platform.

About OneTrust

OneTrust is the #1 most widely used privacy, security and third-party risk technology platform trusted by more than 3,000 companies to comply with the CCPA, GDPR, ISO27001 and hundreds of the world’s privacy and security laws. OneTrust's three primary offerings include OneTrust Privacy Management Software, OneTrust PreferenceChoice™ consent and preference management software, and OneTrust Vendorpedia™ third-party risk management software and vendor risk exchange. To learn more, visit or connect on LinkedIn, Twitter and Facebook.