Table of Contents
Malaysia anti money laundering laws are becoming more demanding as regulators respond to digital finance, cross-border crime, and FATF expectations. For financial institutions, fintechs, insurers, capital market firms, and designated non-financial businesses, AML is now a board-level risk issue, not a back-office checklist.
Overview of Malaysia Anti Money Laundering Laws and AML/CFT Framework
Malaysia’s anti money laundering and counter terrorism financing regime matters in 2025–2026 because enforcement is growing, Bank Negara Malaysia is actively inspecting firms, and the Financial Action Task Force expects Malaysia to maintain a risk-based system aligned with its 40 Recommendations. The framework targets money laundering and terrorism financing, proliferation financing, corruption, fraud, drug trafficking, and other financial crimes that can move illicit funds through the financial ecosystem.
This guide answers:
-
Who counts as a reporting institution under AMLA?
-
Which laws shape the money laundering, anti terrorism, and counter-financing regimes?
-
The key obligations: risk assessment, customer due diligence, reporting obligations, monitoring transactions, sanctions screening, and records.
-
Penalties for money laundering offenses and AML failures.
-
How RegTech tools such as ZIGRAM can support AML compliance.
Malaysia’s ML/TF model is risk-based. Controls must match the risks posed by customers, products, geographies, delivery channels, and business relationship types.
Core Legal Framework for Anti Money Laundering and Anti Terrorism Financing in Malaysia
Malaysia’s legal framework for AML, anti terrorism financing, and proceeds of crime is built around primary legislation, sector laws, and regulator guidance.
The Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001, or AMLATFPUAA, is the primary legislation governing anti-money laundering and counter-terrorism financing in Malaysia, providing a comprehensive legal framework for the prosecution of money laundering offenses and the implementation of preventive measures.
Malaysia’s AML regulatory framework is primarily established by the AMLATFPUAA and the Central Bank of Malaysia Act 2009, which together form the legal basis for combating financial crimes and ensuring the integrity of the financial system.
The Financial Services Act 2013 regulates conventional financial sector entities, including banks and insurers.
The Islamic Financial Services Act 2013 governs Islamic financial services and Islamic financial institutions, including Islamic banks and takaful operators.
The Terrorism (Suppression of Financing) Act 2013 addresses terrorist financing activities, targeted financial sanctions, and the financing of a terrorist act.
AMLA has been amended several times, including in 2014, 2017, 2020, and 2024, to address global trends such as beneficial ownership transparency, proliferation financing, and sanctions evasion.
Policy documents from Bank Negara Malaysia, Securities Commission Malaysia, and the Labuan Financial Services Authority operationalize these rules for reporting institutions.
The Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA)
AMLA came into force in 2002 and remains Malaysia’s main statute for criminalising money laundering, terrorist financing, and dealing with proceeds from unlawful activities.
Key AMLA features include:
AMLA defines money laundering as dealing with, receiving, transferring, disguising, concealing or converting cash or property involved in criminal activities, including dirty money generated for economic gain.
Over 200 offences are classified under the AMLA, including corruption, bribery, fraud, tax evasion and illegal gaming schemes.
AMLA defines reporting institutions and serious offences in a way broadly aligned with FATF standards.
AMLA includes customer due diligence, suspicious transaction reporting, record-keeping, access powers, asset freezing, and forfeiture.
AMLA designates Bank Negara Malaysia as Malaysia’s financial intelligence unit for suspicious transaction report analysis and wider financial intelligence.
AMLA’s First Schedule lists covered sectors, including banks, insurers, money changers, trust companies, and DNFBPs.
The AMLA includes provisions to address excessive wealth, requiring the suspect to explain the source of their wealth in relation to their known income.
Seizure mechanisms allow authorities to freeze bank accounts, cash, luxury assets, and properties during investigations, and properties can be forfeited to the government even without a conviction if deemed proceeds of unlawful activities.
Sector-Specific Acts: FSA 2013, IFSA 2013 and Terrorism (Suppression of Financing) Act 2013
The sectoral laws make AML obligations operational for regulated firms.
Under the FSA and IFSA, entities must implement risk-based AML/CFT measures, including transaction monitoring, suspicious activity reporting, and enhanced due diligence for higher-risk customers and products.
The Terrorism (Suppression of Financing) Act 2013 supports targeted financial sanctions, asset freezing, and action against entities involved in terrorism financing.
Together, AMLA, FSA, IFSA and sanctions laws create a comprehensive regime against money laundering and terrorism financing, including laundering, anti terrorism financing controls for proliferation risks.
Regulators, Supervisors and Financial Intelligence in Malaysia’s AML Framework
The regulatory framework for anti-money laundering in Malaysia functions through a system of multi-agency enforcement and stringent compliance mandates. Bank Negara Malaysia is central, but not alone.
Bank Negara Malaysia is the primary regulatory authority responsible for overseeing and enforcing anti-money laundering and CFT regulations in Malaysia, issuing guidelines and conducting inspections to ensure compliance.
Securities Commission Malaysia regulates AML/CFT compliance for capital market intermediaries, including brokers and funds, and has the authority to take civil, criminal, or administrative actions to enforce compliance.
The Labuan Financial Services Authority supervises Labuan entities, including firms operating in the Labuan International Business and Financial Centre.
The National Coordination Committee to Combat Money Laundering and Terrorism Financing, chaired by Bank Negara Malaysia, coordinates AML/CFT efforts across regulatory bodies to align Malaysia’s framework with FATF standards.
The Royal Malaysia Police and the Malaysian Anti-Corruption Commission play key roles in the investigation. The Royal Malaysia Police investigates money laundering linked to organized crime, while the MACC investigates public corruption.
The Public Prosecutor and law enforcement agencies have extensive powers to immobilize and seize properties suspected of being tied to money laundering activities.
Bank Negara Malaysia (BNM) and the Financial Intelligence Unit (FIU)
BNM’s Financial Intelligence and Enforcement Department houses the financial intelligence unit, which receives STRs and cash threshold reports.
In practice, businesses interact with BNM through:
Electronic STR and regulatory reporting channels.
Thematic reviews, supervisory letters, and onsite inspections.
AML/CFT policy documents covering CDD, EDD, sanctions and anti terrorism financing.
National and sector risk assessments on money laundering and terrorism.
BNM also represents Malaysia in FATF and APG work, supporting international cooperation and cross-border information sharing.
Who Must Comply: Reporting Institutions and Covered Sectors
AMLA applies to reporting institutions listed in its First Schedule, going beyond traditional banks.
Covered businesses typically include:
Banking institutions, investment banks, insurers, and takaful operators.
Money services businesses, including remittance firms and money changers.
Capital market intermediaries, fund managers, and brokers.
Trust companies, company secretaries, lawyers, accountants, and real estate agents.
Dealers in precious metals and stones, casinos, and other DNFBPs.
Fintechs, e-money issuers, digital banks, online remittance apps, and crypto exchanges regulated by BNM or SC.
Boards, senior management, and AML officers must ensure group-wide AML/CFT programmes where Malaysian firms are part of cross-border groups.
Key Obligations Under Malaysia’s AML and Anti Terrorism Financing Laws
For compliance teams, the day-to-day programme is built around key obligations:
Risk assessment and enterprise-wide controls.
Customer due diligence and enhanced due diligence.
Ongoing monitoring of customer transactions.
Suspicious transaction reporting.
Record-keeping and audit trails.
Targeted financial sanctions.
Governance, training, and independent review.
Implementing a risk-based approach is essential for businesses to identify and mitigate money laundering and terrorism financing risks, requiring them to assess the risk level of customers and transactions and apply appropriate measures accordingly. Failure can lead to regulatory action, reputational harm, and personal liability.
Risk Assessment and Enterprise-Wide AML/CTF Programme
Firms must regularly assess ML/TF risk across products, customers, channels, and geographies.
A good risk assessment should:
Cover customer types, countries, products, delivery channels, and suspicious transaction patterns.
Feed directly into CDD rules, transaction monitoring thresholds, and sanctions controls.
Be approved by the board or senior management.
Be tested through an independent audit.
Regulated businesses must submit internal compliance structures to independent audits to maintain operational integrity and ensure regulatory alignment. This should not be a paper exercise; it should shape live controls.
Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD)
Businesses must conduct Customer Due Diligence to verify the identity of customers and assess the risk of money laundering or terrorism financing associated with them, which includes collecting key information about the customer and their business activities.
Customer Due Diligence is a fundamental compliance requirement that involves verifying the identity of customers to ensure they are not engaging with individuals or entities involved in criminal activities. CDD includes collecting key information such as the customer’s full name, address, identification documents, and information about the nature of the customer’s business.
CDD also includes identifying beneficial ownership, understanding the purpose of the business relationship and assigning a risk rating.
Enhanced due diligence applies to:
politically exposed persons.
complex trust structures or shell entities.
cross-border trade finance with unclear counterparties.
high-risk sectors or jurisdictions.
Higher-risk customers with unusual wealth or transaction patterns.
For higher-risk customers, businesses are required to conduct Enhanced Due Diligence, which involves deeper scrutiny of the customer’s background, financial history, and sources of wealth. EDD may also require senior management approval and more frequent reviews.
For good due diligence reports check Due Diliger
Ongoing Monitoring, Transaction Monitoring and Financial Intelligence
Ongoing monitoring of customer transactions is a critical component of CDD, requiring businesses to constantly assess the risk of customers by reviewing their transactions, especially when there is a significant change in their financial activity.
Monitoring should detect:
Unusual cash deposits followed by rapid transfers.
Cross-border payments with no clear business rationale.
Trade-based money laundering through over-invoicing or under-invoicing.
Mule accounts and rapid pass-through flows.
Shell entities with unclear beneficial ownership.
Alerts should be investigated, escalated and, where appropriate, converted into suspicious transaction reporting to the FIU.
Suspicious Transaction Reporting (STR) and Other Reporting Duties
Suspicious Transaction Reporting is a core obligation under Malaysia’s Anti-Money Laundering, Anti-Terrorism Financing, and Proceeds of Unlawful Activities Act 2001, which mandates that reporting institutions have internal procedures to identify and report suspicious activities.
Under AMLA, businesses in Malaysia are required to report any suspicious transactions that may involve money laundering or terrorism financing activities to the relevant authorities, such as Bank Negara Malaysia. Businesses are also required to report any transaction that they suspect may involve money laundering, terrorism financing, or other illegal activities by submitting a Suspicious Transaction Report to the relevant authorities, such as BNM.
The submission of a Suspicious Transaction Report must be done promptly and without notifying the involved parties to avoid tipping off the criminals or jeopardizing ongoing investigations. Tipping off provisions in AMLA prohibit businesses from disclosing suspicions of unlawful activity or the filing of an STR to clients or third parties.
Record-Keeping and Documentation Requirements
To comply with AML regulations, businesses are required to maintain comprehensive records of all transactions and customer identification for a minimum period of five years, ensuring that these records are accessible for regulatory inspections.
Records should include:
Identification documents and CDD files.
Enhanced due diligence files and source-of-wealth checks.
Account files and business correspondence.
Customer transactions and transaction records.
STR rationale, internal approvals, and training logs.
Firms should maintain comprehensive records in searchable digital systems so regulators can review such property, records, and related evidence without undue delay.
Targeted Financial Sanctions, Screening and Anti Terrorism Financing Controls
Reporting institutions must implement targeted financial sanctions against persons and entities designated under UN Security Council Resolutions and domestic lists.
This requires screening:
Customers and beneficial owners at onboarding.
Counterparties, related parties, and payment messages.
Existing customers through ongoing monitoring.
Sanctions, terrorism, and proliferation financing lists.
When a true match is identified, the institution must freeze assets, escalate internally, report to authorities and prevent movement of the property involved.
Internal Controls, Governance and AML Training
A strong AML framework usually includes:
A management-level compliance officer or MLRO.
Written AML/CFT policies for CDD, EDD, STR filing, sanctions, records and escalation.
Role-specific training on money laundering, terrorist financing and red flags.
Independent review or internal audit.
Clear board reporting.
A mid-sized bank may separate name screening, monitoring and investigations teams. A fintech may centralise these functions but use automated case management to enforce compliance consistently.
Enforcement, Penalties and Notable Money Laundering Cases in Malaysia
Malaysian enforcement has become more active. BNM imposed RM18.9 million in AML/CFT penalties in 2024, while Malaysian authorities continue to use AMLA in corruption, fraud, and asset recovery cases.
Key penalty points include the following:
Under AMLA, penalties for non-compliance can include fines up to RM3 million or imprisonment for up to five years, or both.
The maximum penalty for failing to submit a suspicious activity report and conduct customer due diligence measures is MYR one million, approximately US$225,000.
Engaging in money laundering activities, such as knowingly disguising proceeds from unlawful activities, may result in a fine of up to MYR 5 million, US$1,124,000, or five times the laundered value, whichever is higher, along with imprisonment for a term not exceeding fifteen years upon conviction.
Non-compliance with STR, record-keeping, or sanctions obligations can attract separate penalties under AMLA and sectoral laws.
Regulators may issue compound fines, remediation directives, public reprimands, license suspension, or fit-and-proper consequences.
Notable money laundering cases include 1MDB-related prosecutions and asset recovery, Najib Razak’s conviction involving corruption and money laundering, and actions against financial institutions for AML control failures. These cases show that Malaysia’s system targets both individual misconduct and institutional weaknesses.
Regulatory Inspections and The Role of the Enforcement Department
BNM’s enforcement department and supervisory teams conduct onsite and offsite inspections.
Expect focus on:
Governance and board oversight.
Risk assessment quality.
CDD, EDD and beneficial ownership files.
Monitoring transactions and alert handling.
STR decisions and audit trails.
Sanctions screening and data quality.
Prepare by keeping policies current, retaining evidence, rehearsing system walkthroughs and ensuring the board understands AML risk.
International Cooperation, FATF Standards and Malaysia’s Mutual Evaluation
The Financial Action Task Force is an international body that Malaysia is a member of, which sets global standards for AML/CFT practices and requires member countries to adhere to its 40 recommendations to combat financial crimes.
The Financial Action Task Force has set 40 recommendations that Malaysia, as a member, must adhere to maintain its standing in the global financial community, which includes implementing a risk-based approach to combat money laundering and terrorism financing.
Malaysia’s 2025 FATF/APG mutual evaluation assesses technical compliance and effectiveness, including financial intelligence, international cooperation, beneficial ownership, and supervision. Ratings such as “compliant,” “largely compliant,” or “partially compliant” affect confidence in Malaysia as a financial centre.
Cross-border tools include mutual legal assistance, Egmont Group FIU exchanges and coordinated actions against money laundering and terrorism networks. Multinational firms must align Malaysian requirements with group policies and other countries’ financial crime laws.
Emerging Risks: Trade-Based Money Laundering, Crypto Assets and ESG-Linked Financial Crime
Emerging risks include:
Trade-based money laundering and invoice manipulation.
Misuse of shell companies and opaque beneficial ownership structures.
Crypto assets, digital asset exchanges, and new payment rails.
Environmental crime, greenwashing, and ESG-linked financial crime.
Sanctions evasion and proliferation financing.
Institutions should update risk assessments, monitoring scenarios and diligence measures as typologies change.
How RegTech Solutions Like ZIGRAM Help Malaysian Institutions Stay Compliant
Technology helps turn AMLA obligations into repeatable controls. ZIGRAM provides AI-powered RegTech solutions for AML, financial crime compliance and emerging risk management across multiple jurisdictions, including Malaysia.
ZIGRAM tools support Malaysian compliance teams through:
-
PreScreening.io for sanctions, watchlists, and name screening.
-
Transact Comply for transaction monitoring and alert workflows.
-
Entity Hero for entity risk assessment, beneficial ownership, and network risk.
-
DueDiliger for structured due diligence reports.
-
Dragnet Alpha and SATOC for adverse media and risk intelligence.
-
Doss Engine for document intelligence, case files, and record management.
These tools support enhanced due diligence, suspicious transaction report workflows, audit-ready comprehensive records and risk-based ongoing monitoring aligned with BNM expectations. Book a demo to see how your Malaysian AML framework can be automated and benchmarked against operational best practice.
Practical Compliance Checklist and Next Steps for Malaysian Businesses
Use this checklist to strengthen AML compliance:
Confirm whether your business is a reporting institution under AMLA.
Identify applicable BNM, SC, or Labuan FSA rules.
Appoint an AML officer or MLRO.
Perform a documented enterprise-wide risk assessment.
Update policies for CDD, EDD, STR, sanctions, and records.
Verify customers, beneficial owners, and entities involved in higher-risk structures.
Deploy screening and transaction monitoring controls.
Train staff to report suspicious activities.
Test controls through an independent audit.
Use recent national risk assessments, BNM policy documents, and sectoral guidelines as benchmarks.
Proactive investment in anti money laundering and anti terrorism financing controls protects your business, your customers, and the integrity of Malaysia’s financial system.
