The Financial Technology Law Review: Malaysia


It is fair to say that the respective regulators of the financial and capital markets sectors in Malaysia have encouraged fintech developments and, where necessary, proactively adjusted the regulatory framework to facilitate growth. For example, the Malaysian Securities Commission (the SC) was one of the first regulators in the Association of Southeast Asian Nations (ASEAN) region to introduce equity crowdfunding (ECF) guidelines.

There is no specific regulation or special licence for fintech companies in Malaysia. Regulation and licensing requirements are dependent upon the nature of fintech businesses that the company engages in. The Central Bank of Malaysia (the BNM) and the SC are the main regulatory bodies that regulate fintech. The past year has seen the BNM and the SC taking steps to regulate specific areas of fintech, including platform operators and issuers of digital assets, through the issuance of various guidelines and amendments to existing laws and regulations.

There are no tax incentives specifically catering to fintech companies. However, there are tax incentives and preferential tax rates available for certain categories of businesses that could be applicable to fintech start-ups, depending on their business areas. For example, the Malaysia Digital Economy Corporation Sdn Bhd (MDEC) offers a corporate tax exemption for technology start-ups in the Malaysian Digital Hub. At the close of 2019, MDEC announced the government's approval of the Guidelines on MSC Malaysia Financial Incentives for existing Multimedia Super Corridor (MSC) Malaysia status companies impacted by Malaysia's participation in the Organisation for Economic Co-operation and Development Base Erosion and Profit Shifting taxation initiatives.

As part of advancing the nation's digital economy initiative, Finance Minister Mr Lim Guan Eng (as he then was) announced a one-off digital incentive offered by the government to Malaysian citizens. In a move to encourage the adoption of cashless payments in Malaysia, each eligible citizen was entitled to receive a monetary incentive via e-wallet credits through one of three e-wallet operators who partnered with the government under the initiative: Touch 'n Go eWallet, Boost and GrabPay.


i Licensing and marketing

A large number of fintech players in Malaysia are involved in the payments and cryptocurrency sectors. A fintech company should always consider in advance whether any licence, approval or registration is required from a regulatory authority, as there is no one-size-fits-all regulation that applies to every fintech player. The regulations that apply will depend on the specific scope of activities of the fintech product or service the company has to offer. Generally, the BNM regulates payment services and currency administration while the SC regulates activities related to capital markets.

The table below captures typical as well as upcoming fintech businesses and their respective regulators and licensing rules, if any.

Fintech serviceRegulatory bodyLicensing/approval/registration
E-money – a payment instrument that stores funds electronically in exchange of funds paid to the issuer and is able to be used as a means of making payment to any person other than the issuer; it can be issued in different forms such as a digital wallet (e-wallet), which is a type of prepaid account in which a user can store their money for any future online transaction.The BNME-money issuers must obtain approval from the BNM pursuant to Section 11 of the Financial Services Act 2013 (the FSA 2013). According to Division 1, Part 1, Schedule 1 of the FSA 2013, businesses that require approval include those that issue designated payment instruments.
Merchant acquiring service – a business of an operator of a payment system that enters into a contract with a merchant for the purpose of accepting payment instruments for payment of goods and services.The BNMMerchant acquiring services is one of the registered businesses under Schedule 1, Part 2 of the FSA 2013. As such, a person must register with the BNM and comply with the requirements in Section 17 to carry on a merchant acquiring service.
ECF – enables individuals to invest in a start-up in exchange for shares in that particular company.The SCUnder the Guidelines on Recognised Markets issued on 17 May 2019 pursuant to the Capital Markets and Services Act 2007 (the CMSA 2007) (the RM Guidelines), an ECF operator must register as a recognised market operator (RMO) with the SC.
Property crowdfunding (PCF) – a form of fundraising that envisages a homebuyer obtaining funds to pay for the property's purchase price through investments from multiple investors, through an online platform facilitating such transactions.The SCUnder the RM Guidelines, a PCF operator must register as an RMO with the SC.
Digital currencies or tokens offered through initial exchange offerings (IEOs) or initial coin offerings (ICOs) – an issuer, typically an early-stage venture, that seeks to raise funds through offering of digital currencies or tokens.The SCThe Capital Markets and Services (Prescription of Securities) (Digital Currency and Digital Token) Order 2019 (Order 2019) which recognises digital currencies and digital tokens as securities came into force on 15 January 2019. With that, any person who intends to make available, offer for purchase, or issue an invitation to purchase digital currencies or tokens needs to seek authorisation of the SC to do so.
Further, an issuer must obtain approval from an IEO operator to offer digital tokens as per the Guidelines on Digital Assets issued on 15 January 2020 pursuant to the CMSA 2007 (the DA Guidelines).* An IEO operator refers to an electronic platform operator which is registered pursuant to the DA Guidelines to operate an IEO platform, while IEO refers to offering of digital tokens by an issuer through an electronic platform.
Peer-to-peer lending (P2P) – a platform enabling individuals to lend money without the use of a bank or a financial institution as an intermediary.The SCUnder the RM Guidelines, a P2P operator must register as an RMO with the SC.
Digital asset exchange (DAX) – an electronic platform which facilitates the trading of digital currencies and digital tokens.The SCUnder the RM Guidelines, a DAX operator must register as an RMO with the SC. Additionally, the trading of any digital asset is subject to the approval of the SC.
Digital investment management (DIM) – a company carrying on the business of fund management incorporating technologies into its automated discretionary portfolio management services.The SCDIM is a regulated activity pursuant to Part 1, Schedule 2 of the CMSA 2007, and as such must obtain a capital markets services licence from the SC pursuant to Section 58 of the CMSA 2007.
Digital banking – a banking business or Islamic banking business carried on primarily or wholly through digital or electronic means.The BNMDigital banks and Islamic digital banks must apply for a licence with the BNM pursuant to Section 10 of the FSA 2013 or Section 10 of Islamic Financial Services Act 2013 (the IFSA 2013) (whichever applicable). This is subject to the Exposure Draft for Licensing Framework for Digital Banks issued by the BNM on 27 December 2019 being finalised as a policy document and coming into effect.
Insurance and takaful aggregation business – a business of providing services through any electronic means that: (a) sources, aggregates and compares insurance or takaful products of more than one licensed person; and (b) makes referrals to any such licensed person in respect of the procurement of such insurance or takaful products; or (c) arranges the procurement of such insurance or takaful products through such electronic means.The BNMBased on the Exposure Draft for Insurance and Takaful Aggregation Business Registration Procedure and Requirements issued by the BNM on 18 June 2019 (the ITAB Exposure Draft), any persons intending to become a registered insurance and takaful aggregator will be required to be registered under the FSA 2013 to carry on insurance and takaful aggregation business. An amendment to the FSA 2013 is expected to be effected to set out the scope of insurance and takaful aggregation business.
* The DA Guidelines are expected to come into force in the second half of 2020.

Credit information services

The BNM's credit bureau, which operates under the Central Bank of Malaysia Act 2009 (the CBA 2009), collects credit-related information on borrowers from lending institutions and supplies the credit information back to the institutions in the form of a credit report via an online system known as the central credit reference information system (CCRIS).

The CCRIS automatically processes the credit-related data received from participating financial institutions and synthesises the information into credit reports, which are made available to the financial institutions and the borrowers, upon request. The credit report contains information on outstanding credit facilities obtained by the borrower, information on credit applications that have been approved in the previous 12 months and pending credit applications made by the borrower.

Subject to approval by the BNM, credit reporting agencies (CRAs) must be registered under the Credit Reporting Agencies Act 2010. There are currently three CRAs that have obtained approval from the BNM, namely Credit Bureau Malaysia Sdn Bhd, CTOS Data Systems Sdn Bhd and RAM Credit Information Sdn Bhd.

Digital advisory or asset management company

A DIM is a form of fund management regulated under the CMSA 2007. DIM companies providing automated discretionary portfolio management services must obtain a capital markets services licence from the SC pursuant to Section 58 of the CMSA 2007.

Besides the requirements that fund management companies are typically subject to the Guidelines on Compliance Function for Fund Management Companies issued on 14 May 2019 pursuant to the CMSA 2007 (the FMC Guidelines). These impose additional requirements on the DIM itself (e.g., risk management, and algorithm design and oversight) as well as on its board of directors and compliance officer.

In 2018, StashAway Malaysia was the first DIM company to obtain a capital market services licence from the SC to commence operations.

Marketing of fintech products and services

Marketing of fintech products and services depends on whether the fintech company is providing services and products that are regulated in Malaysia. In particular, the following fintech products and services are subject to certain marketing rules:

  1. Digital assets issued through an IEO – An issuer is required to ensure that all information disseminated for marketing or promotion is consistent with the contents of its White Paper for investors, which is appropriately displayed in all marketing and promotional materials, including its website. An issuer must not engage any third-party individual or entity, other than an IEO operator, to endorse or represent the issuer with the intended purpose of marketing, promoting, gaining publicity or soliciting funds for its digital token offering.
  2. DIM – Any representations, including in the form of an electronic communication made to clients must be conducted with due care, skill and diligence to enable the clients to make balanced and informed decisions. The DIM company must provide clients with, among other things, adequate information about the DIM company's shareholding, business address, relevant conditions or restrictions under which its business is conducted, key personnel and persons with whom clients may have contact, and subsequent changes made thereafter. Any advertisements or promotional materials issued by a DIM company must be fair, accurate and timely and must include specific matters identified under the FMC Guidelines, including risk of investments and any conflict of interest that may arise from investments.

ii Cross-border issues

Regulated or licensed activities cannot be passported from another jurisdiction into Malaysia. Fintech companies licensed in a foreign jurisdiction that intend to offer their services or products in Malaysia must obtain the relevant licences and approvals under the applicable Malaysian laws.

Presently, all ECF, P2P, DAX, PCF and IEO operators are required to be locally incorporated. There are also additional requirements for issuers on ECF, P2P and IEO platforms to be locally incorporated. Besides the requirement for issuers on IEO platforms to be locally incorporated, the issuer must also carry out its main business operations in Malaysia and its board of directors must include at least two directors whose principal or only place of residence is in Malaysia.

Malaysia has a liberal foreign exchange policy whose rules apply depending on residency status. Non-resident investors are free to undertake any type of investment in ringgit assets or foreign currency assets in Malaysia (direct or portfolio investment) without any restriction, and to repatriate divestment proceeds, profits, dividends or any income arising from investments in Malaysia. Similarly, residents without domestic ringgit borrowing are free to invest in foreign currency assets onshore and abroad.

Digital identity and onboarding

In 2001, it was made compulsory for all Malaysians to hold a national identity card known as 'MyKad', which contains an individual's name, address, race, citizenship status, religion and an inbuilt chip that stores fingerprint biometric data. The MyKad is primarily used as an official identification document to verify an individual's identity and can also be used as an ATM card, an e-wallet and a transit card.

The MyKad also enables Malaysians to access MyEG – an electronic government (e-government) service platform – that provides an array of government services such as renewal of foreign workers' permits, replacement of national identity cards, payment of parking summons, car insurance and road tax renewals, and temporary transfers of vehicle ownership. The e-government services are also available to companies. A representative of a company would be required to provide their MyKad as a verification tool in order to access the e-government services.

As the MyKad is a physical identification document used to verify a person's identification, it does not qualify as a digital identity. In August 2019, the Minister for Communications and Multimedia (the Minister) announced the Cabinet's approval of the implementation of the National Digital Identity initiative. According to the Minister, although the National Digital Identity is an advanced method of authenticating a user's identity online, it does not substitute the MyKad, nor will it be made compulsory.

The Minister further added that the Malaysian Communications and Multimedia Commission (MCMC) will conduct a detailed nine-month study to identify a holistic National Digital Identity framework, which will include recommendations to the government on appropriate implementation models, taking into account the existing MyKad and private infrastructure, among other factors. The MCMC commenced this comprehensive study to establish a user-centric National Digital Identity framework for Malaysians on 21 November 2019, and will be working with relevant stakeholders to gather their views on potential use cases for the National Digital Identity platform. The study will include local contextual analysis, implementation strategy, operating model, technology and enabling policies as well as related legislations.

When proposing the National Digital Identity in October 2018, the Minister stated that the scheme aimed to provide a 'verifiable platform of trust' to reduce the possibility of fraud, which is common in e-commerce transactions. The National Digital Identity will provide a platform to verify the identity of an individual, thus reducing the scope of such crimes.

As the framework is still being formulated, it is not known whether it will extend to fintech businesses and non-residents of Malaysia.

Digitised onboarding is a relatively new process in the financial services sector. Efforts to introduce digitised onboarding in the financial services sector in Malaysia are highlighted by the BNM issuing the Exposure Draft for Electronic Know-Your-Customer (e-KYC) on 16 December 2019 (e-KYC Exposure Draft). The e-KYC Exposure Draft sets out proposed requirements and guidance in implementing e-KYC solutions for the onboarding of individuals to the financial sector and the proposed requirements outlined in the exposure draft are aimed at enabling safe and secure application of e-KYC technology in the financial sector, facilitating the BNM's continued ability to carry out effective supervisory oversight over financial institutions, and ensuring effective anti-money laundering and counter financing of terrorism (AML/CFT) control measures are in place.

In 2017, CIMB Bank Berhad was the first Malaysian bank to receive the BNM's regulatory sandbox approval to implement the e-KYC method for customer-identity verification. In implementing e-KYC, financial service providers may be subject to the Personal Data Protection Act 2010 (the PDPA 2010), which sets out the seven data protection principles including the general principle establishing the legal requirements for processing data, notice, choice, disclosure, data security, integrity and retention, and rights of access.

Digital markets, payment services and funding

As stated in Section II, the regulations that apply will depend on the specific scope of activities of the fintech product or service the company has to offer. The relevant licence, approval or regulations required for the relevant fintech product or service is set out in Section II above.

The SC, which regulates activities related to capital markets appears to also be regulating specific areas of fintech relating to ECF, P2P, PCF and DAX pursuant to the CMSA 2007. These respective areas of fintech are also subject to additional requirements as set out in the RM Guidelines. For ECF and P2P financing, the RM Guidelines impose additional requirements on platform operators (e.g., operation of trust account, obligations and managing conflict of interest) and the issuer (e.g., limit to funds raised on platform and disclosure requirement). Investors may also be subject to a restriction on investment amounts, depending on the status of the investor. Additional requirements relating to a PCF platform would mainly be imposed on the platform operator (e.g., criteria to qualify, prohibition on financial assistance, obligations, exit certainty, eligibility and obligations of homebuyers, disclosure requirements, client's asset protection), although homebuyers would also be subject to certain restrictions on the amount of funds permitted to be raised through a PCF platform, and only a property that satisfies the criteria prescribed under the RM Guidelines is eligible to be hosted on a PCF platform. Among other things, DAX operators are prohibited from providing financial assistance to investors to invest or trade in digital assets on its platform.

On the other hand, the BNM regulates payment systems and currency administration, and, therefore, the operation of a payment system and the issuance of a designated payment instrument requires the approval of the BNM pursuant to the FSA 2013.

Collective investment schemes, which consists of unit trusts, real estate investment trusts, exchange-traded funds, closed-end funds, sustainable and responsible investment funds, foreign collective investment schemes and ASEAN collective investment schemes, are presently governed by the SC. It appears that fintech schemes presently do not fall within the scope of collective investment schemes although certain fintech products and services are regulated pursuant to the CMSA 2007.

The RM Guidelines allow for trading of investment notes and Islamic investment notes on a PCF platform provided that such investment note has been hosted and successfully funded through the PCF platform. In this regard, a PCF operator would be required to comply with the relevant requirements in the RM Guidelines (e.g., disclosure of information; adequate arrangements to deter market manipulation, manage error trades; manage systems error, failure or malfunction; make available pre-trade and post-trade information on non-discriminatory basis to all users on a timely basis).

Any disclosure of client data or product data to third parties is subject to the PDPA 2010.

Cryptocurrencies, initial coin offerings (ICO) and security tokens

Order 2019 recognises digital currencies and tokens as securities and would therefore be subject to applicable securities law (i.e., the CMSA 2007). Any person who offers or issues an invitation to purchase digital currencies or tokens will need to seek authorisation of the SC to do so.

Digital tokens are regulated as securities where they represent a right or interest of a person in any arrangement made for the purpose of, or having the effect of, providing facilities for the person where:

  1. the person receives the digital token in exchange for a consideration;
  2. the consideration or contribution from the person, and the income or returns, are pooled;
  3. the income or returns of the arrangement are generated from the acquisition, holding, management or disposal of any property or assets or business activities;
  4. the person expects a return in any form from the trading, conversion or redemption of the digital token or the appreciation in value of the digital token;
  5. the person does not have day-to-day control over the management of the property, assets or business of the arrangement; and
  6. the digital token is not issued or guaranteed by any government body or central bank as may be specified by the SC.

On 15 January 2020, the SC further issued the DA Guidelines, which outline the framework for fundraising through digital token offerings in Malaysia. The DA Guidelines set out requirements for an issuer to carry out all digital token offerings through an IEO operator registered with the SC. An issuer must be a company incorporated in Malaysia and carry out its main business operations in Malaysia. The issuer's board of directors must have at least two directors whose principal or only place of residence is in Malaysia. It is pertinent to note that an issuer must not be hosted concurrently on multiple IEO platforms or on an ECF platform.

Additionally, the IEO operator must also be a locally incorporated company and is required to carry out the necessary assessment and due diligence to verify the business of the issuer as well as to understand the features of the digital tokens that are to be issued. In the event that the IEO operator wishes to facilitate the trading of digital assets on its platform, the IEO operator must also register with the SC as a DAX operator.

The DA Guidelines also emphasise that if a digital token serves as a payment instrument, the digital token may only be used in exchange for the issuer's goods and services disclosed in the issuer's White Paper, which is approved by the IEO operator.

Separately, the RM Guidelines were also amended to include the requirements for DAX operators to be registered as RMOs. DAX operators who are not approved by the SC are required to cease all activities immediately and return all monies and assets collected from investors.

Amendments made to the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (the AMLA 2001), which came into effect on 2 January 2018, sought to extend the scope of a reporting institution to include any person who carries out activities that provide services in relation to the exchange of digital currencies. The reporting obligations pursuant to the AMLA 2001 include keeping a record of or promptly reporting to the competent authority any transaction involving the domestic currency or any foreign currency exceeding such amount as the competent authority may specify. The BNM also issued the Anti-Money Laundering and Counter Financing of Terrorism – Digital Currencies (Sector 6), which came into effect on 27 February 2018 (the Sector 6 Policy Document). The Sector 6 Policy Document sets out minimum requirements and standards that a reporting institution must observe to increase the transparency of activities relating to digital currencies including in relation to risk assessment and customer due diligence.

It remains to be determined if cryptocurrencies are subject to tax law, as there is no specific provision for digital currency in the Income Tax Act 1967. However, Malaysia's Inland Revenue Board (IRB) appears to be paying more attention to the tax position of cryptocurrencies. In an update release dated 12 January 2018 by Luno, a London-based digital exchange, the IRB temporarily froze the bank account of Bitx Malaysia, Luno's local entity in Malaysia. The bank account was frozen pending tax investigations. In an update release dated 2 February 2018, Luno stated that the IRB had agreed to unfreeze the bank account while in the process of completing the investigation.

Digital assets

Other new business models

There is no specific law governing the use of self-executing contracts (smart contracts) in Malaysia. However, these contracts would need to adhere to the general principles of creating a legally valid contract, including offer and acceptance, consideration and intention to create a legal relationship. The increased number of fintech companies that offer smart contract development services demonstrates the increasing demand for smart contracts in Malaysia, which may affect the need to regulate smart contracts in Malaysia.

The Electronic Commerce Act 2006 (the ECA 2006) recognises the validity of a contract that is formed wholly or partly in electronic form. Communication of proposals and acceptance of proposals in the form of electronic messages is recognised as a valid and enforceable contract. Furthermore, the ECA 2006 provides that the Digital Signature Act 1997 (the DSA 1997) applies to any digital signature used as an electronic signature in any commercial transaction. The DSA 1997 states that where a document is signed with a digital signature it shall be as legally binding as a document signed with a handwritten signature, an affixed thumbprint or any other mark.

Third-party websites comparing or providing information about financial products are not regulated per se. However, the BNM recently issued the ITAB Exposure Draft whereby, upon coming into effect, any person carrying out such business must register with the BNM pursuant to the FSA 2013. Activities of price-comparison sites would also be subject to existing laws, such as the Competition Act 2010 (the CA 2010) and the PDPA 2010. The main prohibitions against anticompetitive agreements or abuse of dominance would govern the activities of price-comparison sites. In other words, cases actioned in other jurisdictions as being anticompetitive or potentially so can be actioned under the provisions of the CA 2010. For example, where:

  1. price-comparison sites have been found to facilitate information exchange between competitors; or
  2. the use of most-favoured-nation clauses leads to one comparison site always having the best deals, making it harder for other sites to effectively compete in the market, thus leading to the foreclosure of these other sites from the market.

Intellectual property and personal data protection considerations are further discussed in Section VII.

Artificial intelligence (AI) has made headway in the local banking sector in the form of chatbots. RHB Bank Berhad launched an AI-powered messenger platform that operates in real time to streamline the credit card application process. Hong Leong Bank Berhad and the CIMB Group have also launched virtual assistants by employing AI technology. Presently, there are no special rules applicable to the use of AI in financial products as imposed by the BNM. However, businesses modelled based on AI would still be subject to existing laws.

Intellectual property and data protection

Fintech business models and related software can be protected by various intellectual property rights, namely copyright and patent. Alternatively, protection as confidential information under common law in Malaysia is also available, depending on the nature of the business model. Software is generally protected by copyright under the Copyright Act 1987, with no requirements for registration.

Patent protection is available for new inventive steps involving industrially applicable products and processes. In short, it provides a wider range of protection than copyright as it protects the idea or concept rather than just the work (e.g., source codes for software) – hence, business models would likely gain patent protection by filing a patent application.

If an employee develops an original work during his or her term of employment, the default rule is that ownership of the copyright vests in the employer. Alternatively, if a contractor develops an original work, the default rule is that the contractor continues to own the original work. However, it is common for employees and contractors to be bound by written contractual obligations that specify ownership of the intellectual property they develop, and these default rules may be overridden. Compensation, if any, owed to the author of the copyright work would also depend on the nature of the relationship or the agreements entered into between the parties. Fintech companies should ensure that their employees and contractors enter into agreements specifying the rules on ownership of intellectual property.

The PDPA 2010 would also apply to fintech companies if they process any personal data (e.g., client data). Apart from the seven principles set out in the PDPA 2010, there are no rules that apply specifically to the digital profiling of clients. A data subject must consent to the processing of the personal data unless the processing is necessary for specific exempted purposes. Although the PDPA 2010 does not define or prescribe any formalities in terms of consent, the Personal Data Protection Regulations 2013 provide that the data user must keep a record of consent from data subjects and that the Personal Data Protection Commissioner or an inspection officer may request this.

There is no system of registration for confidential information. Business models and software can be protected if they are confidential in nature, disclosed in circumstances imposing confidentiality and there is actual or anticipated unauthorised use or disclosure of the information.

In addition, financial institutions in Malaysia are subject to secrecy rules in relation to customer affairs or account information as per Section 133 of the FSA 2013.

Year in review

The following highlights the SC and BNM initiatives in the regulation of fintech services in Malaysia.

The recognition of digital currencies and tokens as securities through Order 2019 has paved the way for the regulation of cryptocurrencies in Malaysia and has introduced some level of certainty as to the permissibility of offering and trading digital currencies and tokens. It is worth noting, however, that the coming into effect of Order 2019 and amendments made to the RM Guidelines to introduce requirements for DAX operators has resulted in a sharp decline in the number of DAX operators in the market, as currently there are only three DAX operators registered as RMOs with the SC, namely Luno Malaysia Sdn Bhd, Sinegy Technologies (M) Sdn Bhd and Tokenize Technology (M) Sdn Bhd.

Following the government's initiative to provide an alternative financing avenue for first-time home buyers, the SC released a PCF framework. This is pursuant to the amendments made to the RM Guidelines issued on 17 May 2019 setting out a new chapter on additional requirements applicable to a PCF operator. On 25 September 2019, EdgeProp Sdn Bhd became the first PCF operator registered as an RMO with the SC. The SC also announced eight new RMOs consisting of three ECF operators and five P2P operators in 2019. To date, there are 21 ECF and P2P operators registered as RMOs with the SC.

In line with the BNM's efforts to support the development of technology-based innovations in the financial sector, the BNM issued the Exposure Draft on Licensing Framework for Digital Banks on 27 December 2019. The Exposure Draft outlines the proposed framework for entry of digital banks with innovative business models seeking to offer banking products and services to address market gaps in the underserved and unserved segments. The BNM will be issuing up to five licences to qualified applicants to establish digital banks to conduct either conventional or Islamic banking business in Malaysia. Digital banks will also be required to comply with the requirements under the FSA 2013 or the IFSA 2013, whichever is applicable, including relevant requirements relating to standards on prudential, business conduct and AML/CFT. The BNM aims to finalise the policy document by the first half of 2020.

Outlook and conclusions

The advent of fintech has brought about the need for regulation in the fintech industry. The approach taken by the BNM and the SC suggests that fintech is welcomed, although regulation for the sector is still necessary. While regulations have started to be introduced in a number of areas in fintech, it remains to be seen how these regulations will be enforced, especially after the DA Guidelines come into effect.

With ECF, P2P and PCF platforms coming into play, as well as the growing popularity of DIM services, Malaysians now have the opportunity to diversify their investment portfolios. The guidelines and regulations of these platforms by the SC minimise investment risks and create a more reliable environment for Malaysians to invest their money.

There is also great anticipation for the second half of 2020 once the Digital Banks Exposure Draft has been finalised as a policy document and comes into effect. It is expected that this will enocurage the foray of non-banking players into the banking industry.


1 Shanthi Kandiah is a partner at SK Chambers. She was assisted in writing this chapter by Thong Xin Lin and Nimraat Kaur.

Get unlimited access to all The Law Reviews content