Anti-Money Laundering Policy (Malaysia)
ANTI-MONEY LAUNDERING AND COUNTER-FINANCING OF TERRORISM (AML/CFT) POLICY
[Company Name] (SSM No. [Registration Number])
Effective Date: [Effective Date] | AML/CFT Compliance Officer: [Compliance Officer]
Issued pursuant to the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA 2001, Act 613) and Bank Negara Malaysia AML/CFT Policy Documents
1. PURPOSE AND LEGAL BASIS
[Company Name] is committed to full compliance with all applicable Malaysian anti-money laundering and counter-financing of terrorism (AML/CFT) laws and regulations. This policy establishes the AML/CFT compliance programme of [Company Name] in accordance with the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA 2001, Act 613), Bank Negara Malaysia's AML/CFT Policy Documents, and all applicable directives and guidelines issued by BNM.
Institution type: [Institution Type]
2. AML/CFT RISK ASSESSMENT
[Company Name] adopts a risk-based approach to AML/CFT compliance, assessing the inherent money laundering and terrorism financing risks arising from its customers, products, services, delivery channels, and geographic exposure. The following high-risk indicators and customer categories have been identified and are subject to enhanced due diligence and monitoring: [High Risk Indicators]
The AML/CFT risk assessment is reviewed and updated periodically, and whenever there are material changes to the company's business activities or customer base.
3. CUSTOMER DUE DILIGENCE (CDD)
[Company Name] applies the following standard CDD measures to all customers at onboarding and on an ongoing basis: [CDD Measures]
Enhanced Due Diligence (EDD) is applied to the following categories: [EDD Triggers]
EDD requires senior management approval, additional source-of-funds verification, and enhanced ongoing monitoring. For Politically Exposed Persons (PEPs), EDD is mandatory under Section 16(1) of AMLA 2001.
4. SUSPICIOUS TRANSACTION REPORTING (STR)
[Company Name] is required to file Suspicious Transaction Reports (STRs) with the Financial Intelligence Unit (FIU) of Bank Negara Malaysia under Section 14 of AMLA 2001 when a suspicion of money laundering or terrorism financing arises in connection with any transaction or attempted transaction.
STR filing procedure: [STR Procedure]
No person may disclose to a customer or any third party that an STR has been filed or that an investigation is pending ('tipping off' prohibition under Section 14(1A) of AMLA 2001). Failure to file an STR is a criminal offence under Section 14(3) of AMLA 2001.
Internal AML/CFT reporting channel: [Reporting Channel]
5. RECORD KEEPING
[Company Name] retains all CDD documents, account records, business correspondence, transaction records, and STR filings for a minimum of [Record Retention Period] from the date of the transaction or the end of the business relationship, in compliance with Section 17 of AMLA 2001. Records must be maintained in a manner that allows them to be retrieved promptly upon request by BNM examiners or other competent authorities.
6. STAFF TRAINING
All staff of [Company Name] who handle customer transactions, onboarding, or financial data receive AML/CFT training: [Training Frequency]. Training covers AMLA 2001 obligations, red flag indicators for suspicious transactions, CDD and EDD procedures, STR filing processes, and the consequences of non-compliance. Training records are maintained by [Compliance Officer].
7. NON-COMPLIANCE AND PENALTIES
Breach of this policy or of AMLA 2001 obligations may result in disciplinary action, including dismissal, as well as criminal prosecution under AMLA 2001. The principal offence of money laundering under Section 4 of AMLA 2001 is punishable by imprisonment up to fifteen years and a fine not less than five times the value of the proceeds of unlawful activity. Failure to file an STR is punishable by imprisonment up to three years or a fine not exceeding RM 100,000, or both.
Chief Executive Officer / Managing Director
________________
Signature
AML/CFT Compliance Officer
________________
Signature
What Is a Anti-Money Laundering Policy (Malaysia)?
An Anti-Money Laundering Policy in Malaysia sets out the standards and procedures the organisation expects its people to follow.
Money laundering is the process of concealing the origins of criminally obtained funds by passing them through legitimate financial channels to make them appear lawful. Under Section 4 of AMLA 2001, money laundering is a serious criminal offence punishable by imprisonment up to fifteen years and a fine up to five times the sum or value of the proceeds of illegal activities. Terrorism financing — providing or collecting funds for terrorist purposes — is separately criminalised under Section 130N of the Penal Code and Section 4 of AMLA 2001 as amended by the Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2015 (Amendment).
Bank Negara Malaysia (BNM) is the primary AML/CFT regulator for reporting institutions in Malaysia under AMLA 2001, which includes licensed banks, investment banks, insurance companies, takaful operators, money service businesses, and designated non-financial businesses and professions (DNFBPs) such as lawyers, accountants, company secretaries, and real estate agents. BNM issues AML/CFT policies through its Policy Documents and Regulatory Framework, including the AML/CFT — Sector 1 (Banking and Deposit-Taking Institutions) policy document and equivalent sector-specific documents.
The Financial Intelligence Unit (FIU) of Bank Negara Malaysia is the designated body for receiving Suspicious Transaction Reports (STRs) filed under Section 14 of AMLA 2001. All reporting institutions are required to file STRs with the FIU within a reasonable time after forming a suspicion that a transaction may involve proceeds of unlawful activity or is connected to terrorism financing. Failure to file an STR is an offence punishable by imprisonment up to three years or a fine not exceeding RM 100,000, or both.
An AML/CFT Policy formalises the organisation's risk-based approach to AML/CFT compliance, covering Customer Due Diligence (CDD) procedures, Enhanced Due Diligence (EDD) for high-risk customers and politically exposed persons (PEPs), transaction monitoring, suspicious transaction identification and reporting, staff training, record-keeping for a minimum of six years, and the appointment of a Compliance Officer responsible for AML/CFT matters.
The legal framework governing the Anti-Money Laundering Policy (Malaysia) in Malaysia draws on several key statutes and regulatory bodies. Under Malaysian law, the Contracts Act 1950 (Act 136) governs contractual obligations. The Companies Act 2016 (Act 777) regulates corporate entities through the Companies Commission of Malaysia (SSM). The Employment Act 1955 (Act 265) and the Department of Labour govern employment matters. The Personal Data Protection Act 2010 (Act 709) and the Personal Data Protection Department protect personal data. The Inland Revenue Board of Malaysia (LHDN) administers tax obligations. The Industrial Court adjudicates employment disputes under the Industrial Relations Act 1967 (Act 177). Parties executing a Anti-Money Laundering Policy (Malaysia) in Malaysia should confirm the document reflects current law, including any amendments enacted since the original drafting date. The Companies Act 2016 (Act 777) sets the foundational requirements.
When Do You Need a Anti-Money Laundering Policy (Malaysia)?
An AML/CFT Policy is mandatory for all reporting institutions under AMLA 2001 and BNM's AML/CFT regulatory framework.
An AML/CFT Policy is required for all licensed banks, investment banks, and development financial institutions under BNM's supervision, under the AML/CFT Policy Documents for Sector 1, Sector 2 (Insurance and Takaful), and Sector 3 (Development Financial Institutions).
An AML/CFT Policy is required for money services businesses (MSBs) licensed under the Money Services Business Act 2011, including money changers, remittance service providers, and wholesale currency businesses, under BNM's AML/CFT — Sector 4 (Money Services Business) policy document.
An AML/CFT Policy is required for Designated Non-Financial Businesses and Professions (DNFBPs) under Part IVA of AMLA 2001, including lawyers and law firms, chartered accountants in practice, company secretaries, real estate agents, casino operators, and dealers in precious metals or precious stones, when they perform specified transactions on behalf of clients.
An AML/CFT Policy is needed for fintech companies, digital asset exchanges, and payment system operators licensed under BNM's regulatory sandbox or operating under the Payment Systems Act 2003 or Digital Currency Exchange guidelines.
An AML/CFT Policy is required for subsidiaries or associated companies of multinational financial groups subject to the Financial Action Task Force (FATF) requirements, the US Bank Secrecy Act 1970, the UK Proceeds of Crime Act 2002, or the EU Anti-Money Laundering Directives, as the parent group's AML/CFT programme typically requires compliance across all jurisdictions of operation.
Parties in Malaysia should prepare a Anti-Money Laundering Policy (Malaysia) proactively rather than waiting for a dispute to arise. Courts interpret agreements based on the written terms rather than oral representations. Under Malaysian law, the Contracts Act 1950 (Act 136) governs contractual obligations. The Companies Act 2016 (Act 777) regulates corporate entities through the Companies Commission of Malaysia (SSM). The Employment Act 1955 (Act 265) and the Department of Labour govern employment matters. The Personal Data Protection Act 2010 (Act 709) and the Personal Data Protection Department protect personal data. The Inland Revenue Board of Malaysia (LHDN) administers tax obligations. The Industrial Court adjudicates employment disputes under the Industrial Relations Act 1967 (Act 177). Where the transaction involves regulated activities, prior approval from the relevant authority may be required before execution.
What to Include in Your Anti-Money Laundering Policy (Malaysia)
A thorough AML/CFT Policy for a Malaysian reporting institution must include the following essential elements.
Risk Assessment: A documented risk-based approach to AML/CFT compliance, identifying the inherent AML/CFT risks faced by the institution based on its customer base, products and services, delivery channels, and geographic exposure. The risk assessment must be reviewed and updated periodically and documented in writing.
Customer Due Diligence (CDD) Procedures: Procedures for identifying and verifying the identity of customers at account opening and on an ongoing basis, in accordance with BNM's AML/CFT Policy Documents. CDD must include collection of MyKad or passport details for individual customers, business registration details for corporate customers, and beneficial ownership identification for companies and trusts.
Enhanced Due Diligence (EDD): Additional due diligence measures applied to higher-risk customers and transactions, including politically exposed persons (PEPs) under Section 16(1) of AMLA 2001, customers from high-risk jurisdictions identified by FATF, complex or unusually large transactions, and customers presenting atypical business profiles.
Ongoing Transaction Monitoring: Procedures for ongoing monitoring of customer transactions and accounts to detect transactions or patterns inconsistent with the customer's known profile, business, or risk category, including the use of transaction monitoring systems where applicable.
Suspicious Transaction Reporting (STR): The procedure for identifying and filing Suspicious Transaction Reports (STRs) with the Financial Intelligence Unit (FIU) of Bank Negara Malaysia under Section 14 of AMLA 2001, including the obligation not to tip off the customer that an STR has been filed, under Section 14(1A).
Record Keeping: The obligation to retain all CDD documents, account files, business correspondence, and transaction records for a minimum of six years from the date of the transaction or the end of the business relationship, under Section 17 of AMLA 2001.
Appointment of AML/CFT Compliance Officer: Designation of a senior officer responsible for AML/CFT compliance, coordinating with BNM examiners, and filing STRs with the FIU.
Staff Training: An annual AML/CFT training programme covering AMLA 2001 obligations, red flag indicators for suspicious transactions, CDD procedures, and STR filing requirements.
Additional compliance elements for a Anti-Money Laundering Policy (Malaysia) used in Malaysia include: Under Malaysian law, the Contracts Act 1950 (Act 136) governs contractual obligations. The Companies Act 2016 (Act 777) regulates corporate entities through the Companies Commission of Malaysia (SSM). The Employment Act 1955 (Act 265) and the Department of Labour govern employment matters. The Personal Data Protection Act 2010 (Act 709) and the Personal Data Protection Department protect personal data. The Inland Revenue Board of Malaysia (LHDN) administers tax obligations. The Industrial Court adjudicates employment disputes under the Industrial Relations Act 1967 (Act 177). Forms-legal.com provides this template as a starting point for Malaysia-compliant documentation.
Cite this page
Reference this free template in an article, syllabus, or research note:
Forms Legal. (2026). Anti-Money Laundering Policy (Malaysia) (Malaysia) [Legal document template]. Forms Legal. https://forms-legal.com/malaysia/business/policies/anti-money-laundering-policy-malaysia
"Anti-Money Laundering Policy (Malaysia) (Malaysia)." Forms Legal, 2026, https://forms-legal.com/malaysia/business/policies/anti-money-laundering-policy-malaysia.
@misc{formslegal-anti-money-laundering-policy-malaysia,
author = {{Forms Legal}},
title = {Anti-Money Laundering Policy (Malaysia) (Malaysia)},
year = {2026},
howpublished = {\url{https://forms-legal.com/malaysia/business/policies/anti-money-laundering-policy-malaysia}},
note = {Free legal document template. Based on Companies Act 2016 (Act 777)}
}Also available for these jurisdictions:
Frequently Asked Questions
A Suspicious Transaction Report (STR) is a report filed with the Financial Intelligence Unit (FIU) of Bank Negara Malaysia under Section 14 of the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA 2001) when a reporting institution forms a suspicion that a transaction involves proceeds of unlawful activity or is connected to terrorism financing. An STR must be filed regardless of the amount of the transaction and regardless of whether the transaction was completed or refused. The obligation to file an STR is triggered by suspicion, not by transaction size.
A Cash Threshold Report (CTR) is a report required under Section 14A of AMLA 2001 (as introduced by the AMLA Amendment 2014) for cash transactions equal to or exceeding a threshold amount specified by BNM — currently RM 25,000 or its equivalent in foreign currency. Reporting institutions must submit CTRs to the FIU within a specified period of the transaction date, regardless of whether there is any suspicion of money laundering. CTRs are a preventive measure for monitoring large cash movements through the financial system.
Designated Non-Financial Businesses and Professions (DNFBPs) are non-bank entities and professions that are subject to AML/CFT obligations under Part IVA of the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA 2001). In Malaysia, DNFBPs include: (1) advocates and solicitors (lawyers) when they perform transactions for clients involving real property, management of client funds, bank accounts or securities, company formation, and trust arrangements; (2) chartered accountants in practice when they perform similar transactions on behalf of clients; (3) company secretaries licensed under the Companies Act 2016; (4) real estate agents licensed under the Valuers, Appraisers, Estate Agents and Property Managers Act 1981 (VAEA Act 1981) for property transactions; (5) casino operators licensed under the Pool Betting Act 1967 and Common Gaming Houses Act 1953; and (6) dealers in precious metals and precious stones for transactions above specified thresholds. DNFBPs are regulated for AML/CFT purposes by their respective regulators — Bank Negara Malaysia, Securities Commission, Legal Profession Committee, and others — and must implement CDD procedures, maintain records, and file STRs with the FIU.
The Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA 2001) imposes significant criminal penalties for AML/CFT compliance failures. Under Section 4, the principal offence of money laundering is punishable by imprisonment up to fifteen years and a fine of not less than five times the sum or value of the proceeds of illegal activities. Specific compliance failures include: failure to file a Suspicious Transaction Report (STR) under Section 14 — imprisonment up to three years or a fine not exceeding RM 100,000, or both; failure to maintain required records under Section 17 — imprisonment up to three years or a fine not exceeding RM 100,000; tipping off a customer about an STR under Section 14(1A) — imprisonment up to three years or a fine not exceeding RM 100,000. In addition to criminal sanctions, Bank Negara Malaysia may impose administrative penalties on reporting institutions, including financial penalties, suspension of licensed activities, publication of enforcement actions, and revocation of operating licences under the Financial Services Act 2013 or Islamic Financial Services Act 2013.
Customer Due Diligence (CDD) under Malaysia's AML/CFT framework is the process of identifying and verifying the identity of customers and beneficial owners before or during the establishment of a business relationship or the performance of a transaction. Under BNM's AML/CFT Policy Documents, CDD must be performed in the following circumstances: when establishing a new customer relationship; when conducting a one-off transaction above the prescribed threshold (currently RM 3,000 for wire transfers under FATF Recommendation 16); when there is doubt about the veracity or adequacy of previously obtained customer identification data; and whenever there is a suspicion of money laundering or terrorism financing, regardless of any applicable exemption or threshold. CDD measures include obtaining and verifying the full name, identity card or passport number, address, date of birth, and nationality of individual customers, and the legal name, registration number, registered address, and beneficial ownership structure of corporate customers. For corporate customers, beneficial ownership — persons who ultimately own or control 25% or more of shares or voting rights — must be identified and verified. Enhanced Due Diligence (EDD) applies to politically exposed persons (PEPs) and high-risk customers, requiring senior management approval, additional verification, and ongoing enhanced monitoring.
Malaysia's AML/CFT Policy and Anti-Bribery Policy operate as complementary but distinct compliance frameworks. The Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA 2001) addresses the detection and reporting of money laundering and terrorism financing, while Section 17A of the Malaysian Anti-Corruption Commission Act 2009 (MACC Act 2009) addresses corporate liability for bribery and corruption by associated persons. The MACC's Guidelines on Adequate Procedures (T.R.U.S.T. principles) identify financial controls and due diligence on third parties as components of adequate procedures — which overlap significantly with AML/CFT CDD obligations. For a company facing both AMLA 2001 obligations and the Section 17A adequate procedures defence, a comprehensive AML/CFT Policy reinforces the 'Risk Assessment' and 'Undertaking control measures' T.R.U.S.T. principles by demonstrating that the company applies systematic due diligence to all financial relationships. Companies seeking to establish both the AMLA 2001 compliance programme and the MACC Act 2009 adequate procedures defence should implement a unified compliance programme that addresses both sets of requirements with a common governance structure and reporting line to the Board's Audit Committee.
This template is provided for informational purposes only and does not constitute legal advice. Laws vary by jurisdiction and change over time. Consult a qualified attorney for advice specific to your situation.Full disclaimer
Found an error? Let us knowRelated Documents
You may also find these documents useful:
Anti-Bribery Policy (Malaysia)
A corporate Anti-Bribery and Anti-Corruption (ABAC) Policy for Malaysian companies, compliant with the Malaysian Anti-Corruption Commission Act 2009 (MACC Act) and the Corporate Liability Provision under Section 17A. Includes gifts policy, hospitality guidelines, and facilitation payments prohibition.
Whistleblower Policy (Malaysia)
A corporate Whistleblower Policy for Malaysian companies, aligned with the Whistleblower Protection Act 2010 (Act 711) and the MACC Act 2009. Covers reporting channels, confidentiality protections, non-retaliation commitments, and the investigation process for reported wrongdoing.
Privacy Policy (Malaysia)
A Privacy Policy for Malaysia that discloses how a website or business collects, uses, stores, and discloses personal data in compliance with the Personal Data Protection Act 2010 (PDPA 2010, Act 709) and its seven data protection principles. Required for all Malaysian websites and apps that collect personal data.