Money Laundering in Malaysia 2025–How to Comply with New AML Regulations

Malaysia is one of the biggest economies in Asia, attracting a wide range of international companies. Following major corruption scandals, the Malaysian government is taking steps to ensure its business sector is free of illegal activity and aligns with FATF standards. This is part of the reason why the country has been continuously developing its KYC laws, as well as its Anti-Money Laundering (AML) and Counter Financing of Terrorism (CFT) regulatory framework, introducing its main AML Act back in 2001 and adapting new legislation ever since.

What is money laundering in Malaysia?

In a bid to combat fraud, corruption, and terrorism, the government is taking steps to strengthen money laundering laws in Malaysia. But just what does money laundering mean in the country? 

Bank Negara Malaysia (BNM), the country’s central bank and financial regulator, defines money laundering as: “a process of converting cash, funds or property derived from criminal activities to give it a legitimate appearance.” 

In other words, money laundering is the ‘cleaning’ or ‘laundering’ of illicit funds (often referred to as ‘dirty money’) and concealing the source of these illicit funds. These funds are considered ‘dirty’ due to deriving from unlawful activities and criminal acts, thus needing to be ‘laundered’. The last stage of money laundering is putting the ‘laundered’ funds back into the legitimate financial system through legal means. 

Examples of ‘dirty money’ in accordance with the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA) include money made from “serious offences” or “foreign serious offences” listed in the Second Schedule of the AMLA such as corruption, fraud, drug trafficking, human trafficking, terrorism financing, theft, and robbery. 

Dirty money can come in the form of cash, property, financial assets (e.g., bank deposits or investments), or any economic gain or advantage obtained through illegal means. Dirty money could also be located within or outside Malaysia and may involve legal or equitable interests in such property.

Malaysia’s definition of money laundering aligns closely with that of other international players, such as the United Nations’ definition: “the processing of criminal proceeds to disguise their illegal origin.” 

More specifically in Malaysia, Section 4(1) of AMLA states that someone commits money laundering when they do any of the following:

• Engage directly or indirectly in transactions involving the proceeds of an unlawful activity or the instrumentalities of an offence
• Acquire, receive, possess, disguise, transfer, convert, exchange, carry, dispose of, or use the proceeds of an unlawful activity or the instrumentalities of an offence
• Remove the proceeds of an unlawful activity or the instrumentalities of an offence from Malaysia or bring them into the country
• Conceal, disguise or impede the establishment of the true nature, origin, location, movement, disposition, title of, rights with respect to, or ownership of the proceeds of an unlawful activity or the instrumentalities of an offence.

BNM considers there to be three phases of money laundering:

• Placement—Moving funds away from its source, such as via gambling or currency exchanges
• Layering—Disguising the trail of these funds such as by hiding them in shell companies
• Integration—Making the funds appear legal so they are available for use, such as through the purchase of property.

Check out this guide to learn about the three stages of money laundering, as well as common money laundering schemes: The Three Stages of Money Laundering and How Money Laundering Impacts Business

What is AML/CFT in Malaysia?

The terms Anti-Money Laundering (AML) and Counter Financing of Terrorism (CFT) are commonly used in Malaysia, alongside terms such as Targeted Financial Sanctions (TFS) and, more recently, Countering Proliferation Financing (CPF). 

In summary, these terms are used to refer to regulations set out to combat financial crimes, including anti-money laundering in Malaysia, the financing or terrorism, the breaching of sanctions, and proliferation financing (i.e., the provision of funds or financial services to destabilizing parties who may use these funds to develop weapons of mass destruction like nuclear or chemical bombs).

Recent AML/CFT developments in Malaysia

Malaysia’s recent inclusion of CPF in its documentation is part of a recent tightening of AML/CFT measures to align with FATF standards, particularly in preparation for its FATF mutual evaluation in 2025. One such change is the updated policy document issued by BNM for 2024, including the use of CPF. 

Meanwhile, in December 2024, a bill to amend the AMLA was tabled and subsequently passed in the Malaysian parliament. The main objective of this bill is to strengthen AML and CFT supervision and enforcement. However, this bill also introduces provisions related to the financing of restricted activities, like CPF, and provides checks on “excessive wealth” to assist in the country’s fight against corruption.

Another noteworthy recent change is the Companies (Amendment) Act 2024, which sets out to increase scrutiny of beneficial ownership in Malaysia.

The 2024 amendment to Malaysia’s AML legislation builds upon the framework established in 2020 and introduces  two key policy requirements: 

• AML/CFT/CPF and Targeted Financial Sanctions for Financial Institutions
• AML/CFT/CPF and Targeted Financial Sanctions for Designated Non-Financial Businesses and Professions (DNFBPs) & Non-Bank Financial Institutions (NBFIs).

Recent regulations have changed reporting and due diligence obligations for businesses. In addition, BNM regularly issues standards and guidelines targeting reporting institutions.

Who’s affected?

The main AML Act in Malaysia refers to affected entities as “reporting institutions”. This term encompasses the following types of businesses:

• Financial institutions (e.g., banks, insurance companies)
• Casinos
• Crypto companies 
• Lawyers and accountants
• Trust companies 
• Real estate agents
• Dealers in precious metals and stones.

Company directors, AML and Compliance Officers along with other key persons, may also be considered liable in the event of a company being found guilty of money laundering offences.

Key AML regulations and laws in Malaysia

Reporting entities have to comply with several Anti-Money Laundering Acts and guidelines such as the following key AML laws and regulations:

• The Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA): This regulation consists of rules on customer due diligence measures, recordkeeping, reporting, and penalties.
• Penal Code [Act 574]: This contains provisions related to serious offenses.
• Financial Services Act 2013 (FSA) [Act 758]: This regulates financial institutions (e.g., banks, insurers) and imposes AML/CFT requirements.
• Islamic Financial Services Act 2013 (IFSA) [Act 759]: This governs Islamic financial institutions (e.g., Islamic banks, takaful operators) and integrates AML/CFT obligations for these entities.
• Companies Act 2016 [Act 777]: This governs corporate entities and requires transparency in beneficial ownership, aiding AML/CFT efforts to prevent shell companies and money laundering.

When it comes to investigating money laundering activities in Malaysia, there are several government institutions in charge: 

• The Central Bank of Malaysia (Bank Negara Malaysia)
• The Malaysian Anti-Corruption Commission 
• Royal Malaysian Customs 
• The Inland Revenue Board of Malaysia 
• Labuan Financial Service Authority 
• The Companies Commission of Malaysia
• Securities Commission Malaysia
• The Ministry of Domestic Trade and Costs of Living 
• Public Prosecutor.

Who are the regulators?

BNM is the primary regulator for AML/CFT compliance within the Malaysian financial sector, including banks, insurance companies, and other financial institutions. BNM issues policies, guidelines, and directives for reporting institutions while supervising compliance with AML regulations.

Another Malaysian regulator is the Securities Commission Malaysia (SC). The role of the SC is to regulate AML/CFT compliance for entities in the capital markets, including brokers and funds. Meanwhile, the Malaysian Anti-Corruption Commission (MACC) is a body responsible for investigating money laundering cases.

Finally, the National Coordination Committee to Combat Money Laundering and Terrorism Financing (NCC) chaired by BNM coordinates AML/CFT efforts across regulators and aligns Malaysia’s framework with FATF standards. 

BNM has also created a Financial Intelligence Unit (FIU) to analyze suspicious activity reports provided by companies and help adhere to BNM AML/CFT guidelines.

Money laundering cases in Malaysia

There have been many high-profile money laundering cases in Malaysia, but perhaps the most well-known is the multi-billion dollar 1MDB scandal involving the former prime minister Najib Razak. This is also part of the reason why money laundering in Malaysia has been in the spotlight in recent years. 

In summary, billions of dollars had been embezzled from the Malaysian state development fund 1MDB, designed to further the development of green energy and tourism in the country. The scandal involved banks, financial institutions, and individuals in multiple countries, including Goldman Sachs (which paid a US$3.9 billion fine for its role), Swiss banks (such as BSI Bank, which was fined and closed), and Singaporean entities (such as BSI Singapore, which was also fined and shut down). This subsequently led to the conviction of the Malaysian prime minister Najib Razak as well as Jho Low, a Malaysian financier and central figure in the scandal. Low allegedly orchestrated the scheme among other individuals involved in the money laundering scandal.

Millions of dollars had been transferred to Najib’s bank account from an account linked to 1MDB. As a result, in 2018, the Malaysian Anti-Corruption Commission (MACC) arrested Najib as part of the investigation. The former prime minister was convicted, sentenced to 12 years in prison, and fined millions of dollars for abuses of power, money laundering, and criminal breaches of trust. 

The scandal revealed inadequate oversight by Bank Negara Malaysia, the MACC, and other regulators. 1MDB’s transactions bypassed proper scrutiny, and financial institutions failed to detect or report suspicious activities, highlighting the need for stricter monitoring. 

The repercussions of this affair are still going and, in 2024, Najib was ordered to enter a defense in a second corruption trial related to the 1MDB scandal.

It is worth mentioning that Najib is not the only former prime minister to have been implicated in money laundering in Malaysia. For instance, in 2023 the MACC arrested Muhyiddin Yassin as part of an investigation into money laundering and abuses of power. While he was acquitted for these charges later in 2023, in November 2024, Muhyiddin appeared in court again to plead not guilty in further charges connected to the AMLA. 

If found guilty, Muhyiddin could face millions in fines and a custodial sentence of up to 15 years.

Private entities also need to be careful in adhering to AML obligations in Malaysia, with many cases of companies facing penalties for financial crimes. For example, on July 14, 2022, the Kuala Lumpur Sessions Court penalized a company director for money laundering offenses related to failing to cooperate with an investigation by the Securities Commission Malaysia. 

The director was fined RM2,258,000 and sentenced to one-day imprisonment. The offenses, committed over nearly three years, violated the AMLA, demonstrating a failure in AML compliance within the operations of the private company. 

This case prompted the Malaysian judiciary’s commitment to enforce financial crime laws and likely pushed further regulatory action by BNM and the SC to strengthen AML/CFT compliance.

Money laundering penalties in Malaysia

The AMLA sets out the penalties for money laundering in Malaysia, and these penalties vary depending on the type of violation. For example, the maximum penalty for failing to submit a suspicious activity report and conduct CDD measures is MYR one million (approximately US$225,000).

However, engaging in money laundering activities such as knowingly disguising proceeds from unlawful activities may result in more serious sentences. This can lead to a fine of up to MYR 5 million (US$1,124,000) or five times the laundered value, whichever is higher, in addition to liability of imprisonment for a term not exceeding fifteen years upon conviction. 

How to stay compliant

To comply with AML, CFT, and CPF regulations in Malaysia, companies should implement due diligence measures. These include identifying and verifying the identity of customers and beneficial owners, assessing the purpose and intended nature of the business relationship, and conducting ongoing monitoring of client transactions.

In relation to identifying customers who are natural persons, this includes obtaining at least the following information:

• Full name
• National Registration Identity Card (NRIC) number or passport number or reference number of any other official documents of the customer or beneficial owner
• Residential and mailing address
• Date of birth
• Nationality
• Occupation type
• Name of employer or nature of self- employment or nature of business
• Contact number (home, office or mobile)
• Purpose of transaction.

Suggested read: The APAC Sentinel: Effective Transaction Monitoring Tactics

With regard to customer due diligence for companies/legal persons, the following information should be collected:

• Name, legal form, and proof of legal formation, such as Certificate of Incorporation/Constitution/Partnership Agreement (certified true copies/duly notarised copies may be accepted), or any other government-issued documentation to verify the identity of the customer/legal person.
• The powers that regulate and bind the customer such as directors’ resolution, as well as the names of relevant persons in a Senior Management position.
• The address of the registered office and, if different, a principal place of business.

Companies should also conduct sanctions screening on existing, potential, or new customers against the Domestic List and UNSCR List. Where applicable, screening shall be conducted as part of the Customer Due Diligence process and ongoing due diligence. 

Companies also have to conduct ongoing monitoring of their customers, which includes:

• Scrutinizing transactions undertaken throughout the course of the relationship to ensure that the transactions being conducted are consistent with the reporting institutions knowledge of the customer, their business, and risk profile, including (where necessary) their source of funds as part of a more enhanced customer due diligence.
• Ensuring that documents, data, or information collected under the CDD process is kept up-to-date and relevant, by undertaking reviews of existing records particularly for higher-risk customers.

Recordkeeping obligations

Companies should keep records of their customers for at least six years after the end of the relationship or final transaction. There have also been proposals to increase this recordkeeping obligation to seven years. According to the AMLA, the following information should be collected and kept:

• The identity and address of the person in whose name the transaction is conducted
• The identity and address of the beneficiary or the person on whose behalf the transaction is conducted, where applicable
• The identity of the accounts affected by the transaction, if any
• The type of transaction involved, such as deposit, withdrawal, exchange of currency, cheque cashing, purchase of cashier’s cheques or money orders or other payment or transfer by, through, or to such reporting institution
• The identity of the reporting institution where the transaction occurred
• The date, time, and amount of the transaction. 

Suspicious transaction reporting

Companies are obliged to send reports to the FIU as soon as suspicion arises. AMLA states that the following reasons can be considered sufficient grounds for a report:

• Any transaction exceeding such amount as the competent authority may specify
• Any transaction where the identity of the person involved, the transaction itself, or any other circumstances concerning that transaction gives any officer or employee of the reporting institution reason to suspect that the transaction involves proceeds of an unlawful activity or instrumentalities of an offense
• Any transactions that could be in breach of sanctions or counter proliferation financing regulations
• Any transaction or property where any officer or employee of the reporting institution has reason to suspect that the transaction or property involved is related or linked to, is used, or is intended to be used for or by, any terrorist act, terrorist, terrorist group, terrorist entity, or person who finances terrorism.

In summary, Malaysia has recently experienced significant changes in its AML/CFT regulatory framework, with one of the main reasons being major cases of money laundering that have put Malaysia’s AML regulations very much in the spotlight. Staying up to date with regulatory changes and complying with the mandated AML obligations is essential for businesses operating in the country.

Failure to comply with changing regulations could lead to potentially severe penalties and legal consequences as Malaysia strengthens its commitment to fighting fraud and corruption.