date of birthnamenationalitypermanent addresspassport numberoccupationidentity cardpassportbirth certificatedriving licensephotograph
articles of associationidentification documents of directorsauthorisation person to represent the companyidentification document of person to represent the companyregistered office address
Kad pengenalan Malaysia
Electronic Commerce Act 2006; Digital Signature Act 1997
Anti Money Laundering Act (“AMLA”) at a Glance” summary: http://www.amlc.gov.ph/amla.html The Bangko Sentral ng Pilipinas (“BSP” (local central bank)) issues “Key Prudential Regulations” on Money Laundering for bank and non-bank financial institutions regulated by the BSP
In broad terms there is no minimum threshold for the following:
a) establishing businesses relationships;
b) wire transfers;
c) if there is suspicion of ML/TF; and
d) if there is doubt about veracity or adequacy of previously obtained information.
Otherwise:
For banks and deposit taking institutions: Money changing and wholesale currency business - RM3,000 (approx. USD690) and above; occasional transactions - RM50,000 (approx. USD11,510) and
above in a single transaction or several transactions in a day that appear to be linked; cash transactions - RM50,000 (approx. USD11,510) and above in a day.
For insurance and takaful: May perform simplified CDD on customer, beneficial owner and beneficiary if:
a) all insurance policies are sold with premium amount below RM5,000 (approx. USD1,150); or
b) any single premium insurance policy is below RM10,000 (approx. USD2,300).
For money service businesses: Money changing and wholesale currency business - RM3,000 (approx. USD690) and above:
a) RM3,000 (approx. USD690) to RM10,000 (approx. USD2,300), sighting and keying in customer/beneficial owner identification information; and
b) above RM10,000 (approx. USD2,300), sighting and keying in customer/beneficial owner identification information and making a copy of identification document.
For licensed casino: Any transaction involving RM10,000 (approx. USD2,300) and above (exchange cash for cash chips, exchange cash/vouchers for chip warrants, request for cheques or wire transfers for
payments of winnings/capital, use of membership cards/temporary cards in respect of e-cash out facility). CDD is also required on the third party when customer requests RM10,000 (approx. USD2,300) and
above to be paid to a third party.
For licensed gaming outlets: Appropriate thresholds are decided internally based on their own risk assessment. Thresholds are not publicly disclosed.
For dealers in precious metals and stones: Any cash transaction equivalent to RM50,000 (approx. USD11,510) and above, either as a single transaction or multiple transactions on a given day
reporting institutions should obtain at least: full name; date of birth; nationality; permanent and mailing address and NRIC/passport number. Institutions should verify the identity, representative
capacity, domicile, legal capacity, occupation or business purpose of any person, as well as other identifying information on that person, whether an occasional or usual client, through the use of documents
such as an identity card, passport, birth certificate, driving licence, or any other official or private photograph bearing document.
Where a particular individual is commonly known by two or more different names, the individuals shall not use one of those names to open an account with the reporting institutions, unless he/she has
disclosed the other names to the reporting institutions. The reporting institution should make a record of the different names by which the individual is commonly known as and upon request provide the
information to the competent authority
reporting institutions should require the company/business to provide original documentation and copies should be made of each of the following documents:
a) Memorandum and Articles of Association/Certificate of Incorporation/partnership;
b) identification documents of directors/shareholders/partners;
c) authorisation for any person to represent the company/business;
d) identification document of the person authorised to represent the company/business in its dealing with the reporting institution; and
e) registered office address and principle place of business
The reporting institution must identify and verify the beneficial owner. They should conduct customer due diligence on the natural person that ultimately owns or controls the customer's transaction when they suspect the transaction is conducted on behalf of a beneficial owner and not the customer who is conducting such a transaction. The customer due diligence conducted should be as stringent as that imposed on an individual customer.
Local AML guidance requires an enhanced customer due diligence process for higher risk categories of customers, business relationships or transactions. Enhanced due diligence should include at least obtaining more detailed information from the customer and through publicly available information, in particular, on the purpose of the transaction and source of funds; and obtaining approval from the Senior Management of the reporting institution before establishing the business relationship with the customer. Examples of higher risk customers are individuals with high net worth, non-resident customers, individuals from locations known for their high rates of crime (e.g. drug producing, trafficking, smuggling), countries or jurisdictions with inadequate AML/CFT laws and regulations as highlighted by the FATF, PEPs, legal arrangements that are complex (e.g. trusts, nominee companies), cash based businesses and businesses/activities identified by the FATF as of higher money laundering and/or terrorist financing risk
Once a PEP (local and foreign) is identified, the reporting institution should take reasonable and appropriate measures to establish the source of wealth and funds of such a person.
Section 20 of the sectorial guidelines for banks and financial institutions, deals with correspondent banking: S. 20.1 Reporting institutions providing correspondent banking services to respondent banks are required to take the necessary measures to ensure that it is not exposed to the threat of ML/TF through the accounts of the respondent banks such as being used by shell banks. S. 20.2 In relation to cross-border correspondent banking and other similar relationships, reporting institutions are required to: a) gather sufficient information about a respondent bank to understand fully the nature of the respondent bank’s business, and to determine from publicly available information the reputation of the respondent bank and the quality of supervision exercised on the respondent bank, including whether it has been subject to a ML/TF investigation or regulatory action; b) assess the respondent bank’s AML/CFT controls against the AML/CFT measures of the country or jurisdiction in which the respondent bank operates; c) obtain approval from Senior Management before establishing new correspondent banking relationships; and d) clearly understand the respective AML/CFT responsibilities of each institution. S. 20.3 In relation to “payable-through accounts”, reporting institutions are required to satisfy themselves that the respondent bank: a) has performed CDD obligations on its customers that have direct access to the accounts of the reporting institution; and b) is able to provide relevant CDD information to the reporting institution upon request. S. 20.4 Reporting institutions shall not enter into, or continue, correspondent banking relationships with shell banks. Reporting institutions are required to satisfy themselves that respondent banks do not permit their accounts to be used by shell banks. For the non-financial institution sector, there is no specific guideline for correspondent banking.
For banks and other financial institutions, the guidelines state that they should not establish or have any business relationship with shell banks. There is no such prohibition for the non-financial sector.
Reporting institutions may establish non face-to-face business relationships with its customers. Non face-to-face relationships can only be established if the reporting institutions have in place policies and
procedures to address any specific risks associated with non face-to-face business relationships.
Reporting institutions are required to be vigilant in establishing and conducting non face-to-face business relationships (e.g. through the Internet) and are required to establish appropriate measures for
identification and verification of customer identity that shall be as effective as that for face-to-face customers and to implement monitoring and reporting mechanisms to identify potential ML/TF activities.
Reporting institutions may use the following measures to verify the identity of non face-to-face customer such as:
a) requesting additional documents to complement those which are required for face-to-face customer;
b) developing independent contact with the customer; or
c) verifying customer information against any database maintained by the authorities.
Financial Intelligence and Enforcement Department, Bank Negara Malaysia
http://amlcft.bnm.gov.my/AMLCFT05a.html
There are no specific obligations in the non-financial sector. For banking and financial institutions, the obligations are contained at Appendix 1 of the following document:
No
Yes: a) failing to report suspicion (RM1m (approx. USD230,344) fine); b) tipping of (RM3m (approx. USD691,032) or jail (max 5 years) or both); and c) engaging or assisting in money laundering (jail (max 15 years) and the higher of five times the value of the proceeds or RM5m (approx. USD1.2m))
No
No
No
No
N/A
N/A
N/A
N/A
the law only came into effect on 15 Nov 2013
the same law applies to corporate data in a number of scenarios however these have not yet been fully explained
yes. Sensitive personal data is any personal data consisting of information as to the physical or mental health or condition of a data subject, his political opinions, his religious beliefs or other beliefs of a similar nature, the commission or alleged commission by him of any offence or any other personal data. Due to the nature of sensitive personal data, a higher restriction is imposed for data users in processing it. A data user must not process sensitive personal data without the explicit consent of the data subject.
The Personal Data Protection Act 2010 came into force on 15 Nov 2013. At this early stage, there is some uncertainty over how the transfer of these types of reports (e.g. for KYC etc.) will be impacted, if at
BNMA
2015
reporting institutionsidentification&verificationadditional documentsindependent contactverifying information
Malaysia’s electronic signature law does not contain any restrictions on the type of agreement it applies to when using a digital signature.
Section 62 requires the use of a digital signature (sometimes called advanced electronic signatures) where the law requires a signature.
Summary of law
Malaysia’s Digital Signature Act is modeled on the UNCITRAL Model Law on Electronic Signatures but does not permit the use of electronic signatures when a signature is required on a document. Instead, Malaysia requires the use of a digital signature. However, some documents may not require a signature to be enforceable. In these situations, an electronic signature solution may be appropriate to track and manage the final, approved version of a document.
N/A
N/A
Yes, a risk based approach is approved. However a specific approach is not detailed and it remains the responsibility of the reporting institution to devise an approach
Original documents must be provided and the reporting institution should make copies, as required. Certified true copies/duly notarised copies may be accepted.
N/A
The Financial Services Act 2013 contains secrecy provisions under section 133 (http://www.bnm.gov.my/documents/act/en_fsa.pdf).