Bank Negara Malaysia (BNM) has released an exposure draft aimed at strengthening anti-money laundering and counter financing of terrorism (AML/CFT) measures for electronic money (e-money) providers, which took effect on 31 January 2025.
The updated guidelines target a range of financial crime risks and introduce stricter obligations for customer due diligence, transaction monitoring, and governance standards. This development is particularly significant for Malaysia’s FinTech sector and e-wallet providers, who now face enhanced regulatory expectations, claims Flagright.
A central requirement is robust customer due diligence (CDD). E-money issuers must now verify customer identities more thoroughly, incorporating mandatory sanctions screening against both domestic and UN lists. The policy also highlights the need for enhanced due diligence for high-risk users or corporate clients, especially those involving politically exposed persons (PEPs) or high transaction volumes. These checks must be continuously reviewed and updated, underscoring the shift toward ongoing risk assessment rather than one-time onboarding processes.
Sanctions screening is now explicitly non-negotiable. E-money firms are required to screen every new customer and re-screen existing ones regularly to avoid onboarding sanctioned individuals. The use of automated tools is recommended to streamline the process and avoid errors, as manual processes are seen as insufficient. BNM’s stance on this was made clear following a 2023 enforcement action where a major e-wallet provider was fined for allowing sanctioned individuals to register due to screening lapses.
Transaction monitoring is another focal point, with BNM emphasising the importance of real-time systems to detect suspicious behaviour. E-money issuers must monitor account activity to ensure it aligns with expected customer behaviour, flagging inconsistencies or red flags for investigation. The policy encourages the use of rules-based engines or AI-powered models for effective and scalable surveillance.
The exposure draft also introduces a risk-based control framework based on the type of e-money provided. Limited-purpose products such as store-only gift cards are exempt from many requirements, while open-loop e-wallets fall under the full scope of BNM’s AML/CFT expectations. Larger or high-volume issuers are classified as “Eligible EMIs” and must meet even stricter standards, such as stronger capital requirements and more intensive transaction oversight.
Governance and licensing are now tightly interlinked. E-money firms must prove they have comprehensive AML/CFT controls and effective senior management oversight in order to gain or retain a licence. Board-level accountability, appointment of compliance officers, routine audits, and continuous staff training are all part of the revised governance structure. Failure to meet these standards could not only result in fines but also risk licence suspension.
One cautionary example involved TNG Digital, which was fined RM600,000 in 2023 after it failed to properly screen names against sanctions lists. Despite reporting the breach voluntarily, BNM still enforced a substantial penalty. The case highlighted how even a minor oversight can have serious regulatory and reputational consequences.
These developments are ushering in a new era where compliance infrastructure must be not just adequate but auditable, efficient, and scalable. Manual processes can no longer cope with the speed and complexity of today’s e-money transactions. BNM has made clear that e-money issuers must adopt modern RegTech solutions capable of real-time monitoring, intelligent risk scoring, and automated reporting.
Platforms like Flagright are emerging as vital tools in this space. Flagright provides Malaysian FinTechs and wallet providers with AI-powered AML compliance solutions that align closely with BNM’s evolving standards. Its real-time transaction monitoring and dynamic risk scoring enable rapid detection and prevention of suspicious activity. Meanwhile, its AI-driven sanctions screening drastically reduces false positives, allowing compliance teams to focus on genuine threats.
The platform also supports full case management with built-in audit logs, ensuring every compliance action is recorded and available for regulatory scrutiny. With no-code tools, compliance rules can be updated quickly to match new regulations, a key feature given the rapidly changing risk landscape. Flagright’s infrastructure is also localised for the Malaysian market, offering data residency and templates tailored to BNM requirements.
As regulatory demands increase, such platforms provide a crucial bridge between compliance requirements and operational capability. By automating key elements of the AML/CFT programme, FinTech firms can focus on scaling their services confidently while maintaining regulatory integrity.
In conclusion, the 2025 BNM policy draft sends a clear message: AML compliance is no longer optional or secondary—it’s a core business function. FinTechs and e-wallet issuers in Malaysia must now adopt a proactive, technology-first approach to regulatory compliance. Those who invest in robust systems and governance frameworks will be better positioned to avoid penalties, retain customer trust, and thrive in a tightening regulatory climate.
Copyright © 2025 FinTech Global
