Guest Article | The Fight Against Money Laundering

Muhamad Nazri Shaidon explains how Malaysia is preparing for the upcoming mutual evaluation 2024-25 in its attempt to tackle money laundering and terrorist financing.

Stepping up the fight against money laundering activities is a crucial task that involves concerted efforts from governments, regulatory bodies and reporting institutions under the Anti-Money Laundering, Anti-terrorism and Proceeds of Unlawful Activities Act (AMLA) 2001. Money laundering is the process of disguising the origins of illegally obtained money, typically by passing it through a complex sequence of banking transfers or commercial transactions.

As a member of the Financial Action Task Force and the Asia Pacific Group on Money Laundering, Malaysia is subjected to ongoing review by means of mutual evaluation exercises. This assesses the country’s level of compliance and the effectiveness of international standards – i.e. Financial Action Task Force recommendations – relating to anti-money laundering, countering the financing of terrorism and countering the financing of proliferation of weapons of mass destruction.

Malaysia was previously assessed in 2014‑15, and the findings and recommendations were published in Malaysia’s Mutual Evaluation Report 2015. The upcoming mutual evaluation of Malaysia will take place between April 2024 and December 2025.

The designated non-financial businesses and professions sector also plays a critical role in the global effort to combat money laundering and terrorist financing, as recognised by the Financial Action Task Force.

The mutual evaluation process is a key component of the anti-money laundering and counter financing of terrorism framework, where a country’s measures are assessed against international standards. Malaysia’s mutual evaluation in 2024-25 is likely to be conducted by the Financial Action Task Force or a regional body.

Preparing for mutual evaluation

To prepare for this evaluation, the designated non-financial businesses and professions sector should consider the following steps.

1. A comprehensive risk-based approach

Implement a robust risk-based approach to anti-money laundering and countering the financing of terrorism measures. Tailor preventive measures based on the identified risk levels, including customer due diligence, transaction monitoring and enhanced due diligence. The risk-based approach entails two assessments: institutional risk assessment; and customer risk profiling:

Institutional risk assessment

A reporting institution is expected to identify risk factors that affect its business and address the impact on the reporting institution’s overall money laundering and financing of terrorism risks. For this, non-financial businesses and professions are required to take sufficient steps to identify, assess and understand their risk at the institutional level, taking into consideration all relevant risk factors.

Customer risk profiling

For customer risk profiling, non-financial businesses and professions are expected to consider the inherent risks arising from the types of products, services and distribution channels that the customers are using and implement appropriate measures to manage and mitigate the risks identified therein. This requires granular and well-defined risk categories for better customer segmentation and clearly defined scenarios where a customer should be automatically rated as high risk, regardless of other factors.

There are common factors that may influence a customer’s risk ranking, depending on the customer risk profiling methodology. For example, if the beneficial owners are identified as politically exposed persons or relative close associates, originate from high-risk jurisdictions, operate high-risk business or have adverse criminal or media records.

2. Customer due diligence

The designated non-financial businesses and professions sector must conduct due diligence on clients, business partners or other entities with whom the company engages especially in financial transactions. This due diligence is part of the process of anti-money laundering and countering the financing of terrorism to ensure that the company is not unwittingly involved in money laundering activities. Companies must collect customer information as required by internal standard operating procedures or policies.

Due diligence should not be viewed as a mere checklist or tick-box exercise. Rather, it is a comprehensive and ongoing process that requires careful examination of various factors. It is a comprehensive and dynamic process that involves in-depth analysis, ongoing assessment and adaptability. It is a crucial step in minimising risks and making informed decisions in various business contexts.

3. Appointment of a compliance officer

The appointment of a compliance officer is a critical step for organisations aiming to adhere to laws, regulations and internal policies. A compliance officer plays a key role in ensuring that the company operates within the legal and ethical boundaries of its industry by developing and implementing compliance policies and procedures and communicating policies to employees.

The compliance officer should have a deep understanding of anti-money laundering and countering the financing of terrorism, strong analytical skills and the ability to communicate effectively with various stakeholders. Additionally, they should be independent and have the authority to enforce compliance measures within the organisation. The role of a compliance officer is crucial in maintaining the integrity of the organisation and ensuring it operates ethically and legally.

4. Beneficial ownership transparency

Companies must identify beneficial owners based on cascading steps. For the onboarding of legal entities, they must have internal standard operating procedures for the identification of ultimate beneficial owners.

One of the common issues with the identification and verification of beneficial owners is that identification stops after a limited number of layers, resulting in the process stopping short of true beneficial owners who are natural persons. Companies are required to exercise reasonable measures to identify the beneficial owners through an understanding of the ownership and control structure of the customer. Therefore, they must rely on supporting documents, such as constitutions, directors’ resolutions, minutes of meetings, charters, trust deeds, partnership agreements, joint venture agreements and others.

Companies are also required to obtain nine data points on the beneficial owner as follows:

• Name
• Identity card number/passport number
• Residential and mailing address
• Date of birth
• Nationality
• Occupation type
• Name of employer or nature of self-employment/ nature of business
• Contact number
• Purpose of transaction

5. Sanction screening

Businesses are required to conduct sanctions screening on existing, potential or new customers against the United Nations Security Council resolution list and domestic list. These state the names and particulars of specified/designated entities as declared by the United Nations Security Council or Minister of Home Affairs, as part of the customer due diligence process and ongoing due diligence.

For customers who are legal persons, reporting institutions are required to screen the name of the customer; i.e. among but not limited to companies, bodies corporate, foundations, partnerships, associations and other similar entities, as well as the beneficial owners; i.e. directors and shareholders, including nominees, against the sanctions lists.

Businesses are required to ascertain that potential matches are true matches and not false positives. It is their responsibility to take further measures or steps (e.g. make further inquiries for additional information) to determine whether the potential match is a true match.

Upon confirmation of sanctioned entities and/ or related parties, they are required to reject a potential customer, block transactions (where applicable) to prevent the dissipation of the funds, and report a suspicious transaction report to the Central Bank of Malaysia (BNM).

6. Training and capacity building

Non-financial businesses and professions may be involved in training employees, especially those in key positions, to recognise and address potential money laundering risks. This includes being aware of red flags and suspicious transactions and behaviour.

• Technology and innovation: Embrace technological solutions to enhance anti-money laundering and countering the financing of terrorism measures. Implement advanced analytics, artificial intelligence and other innovative tools to detect and prevent financial crimes more effectively.
• Continuous monitoring and evaluation: Establish a system for continuous monitoring and evaluation of measures. Regularly assess the effectiveness of policies and procedures, make necessary adjustments and address emerging risks promptly.

By taking a proactive and comprehensive approach to strengthen its framework, Malaysia can demonstrate its commitment to combating money laundering and terrorist financing during the mutual evaluation process.

Enforcement actions

These are examples of enforcement actions taken by the Central Bank of Malaysia.

• TNG Digital Sdn Bgd (TNGD): TNGD was found guilty of failure to conduct sanctions screening on the names of its customers, and of failure to ascertain and make further inquiries that its customer matched with the United Nations Security Council Resolutions List or the Minister of Home Affairs Domestic List. It contravened the Financial Services Act 2013 s 48(1)(a), read together with the Anti-Money Laundering and Countering Financing of Terrorism and Targeted Financial Sanctions for Financial Institutions policy document. TNGD was fined RM 600,000. (18 May 2023)
• MPI Generali Insurans Berhad (MPGB): MPGB was found guilty of failure to conduct sanctions screening before onboarding new customers. It contravened the Financial Services Act 2013 s 48(1)(a) and was fined RM 260,000. (29 December 2022)
• Mandiri Remittance International Sdn. Bhd: Mandiri Remittance was found guilty of failure to identify and verify the beneficial owners for the remittance transactions. It contravened the Money Services Business Act 2011 s 74(3) and fined RM 134,400. (12 April 2022)
• Takaful Ikhlas Family Berhad: Takaful Ikhlas was found guilty of failure to conduct sanctions screening and failure to flag high-risk customers’ certificates under the Islamic Financial Services Act 2013 s 58(1)(a) and fined RM612,000. (7 October 2022)
• Wawasan Ilham (M) Sdn. Bhd: Found guilty of failure to conduct customer due diligence under the Money Services Business Act 2011 s 74(4) and fined RM151,200. (1 March 2022)

Source: Central Bank of Malaysia website.

Central Bank of Malaysia enforcement action in 2023

The Central Bank of Malaysia (Bank Negara Malaysia) is the competent authority that regulates and coordinates anti-money laundering and countering the financing of terrorism in Malaysia. When a central bank issues a serious warning regarding enforcement actions, it typically indicates that there may be non-compliance or serious violations within the financial system that need to be addressed. Enforcement actions can include penalties, fines, regulatory measures or other interventions to ensure compliance with financial regulations and maintain the stability of the financial system.

These actions may be taken concurrently with, and are separate and distinct from, criminal proceedings that are under the sole purview of the Attorney General. The designated non-financial businesses and professions sector should take lessons learned from the enforcement action taken by the Central Bank of Malaysia.

 

Author biography

Muhamad Nazri Shaidon is Head of AML Advisory and Training at various Law Enforcement Agencies in Malaysia. He is also a Certified Financial Investigator (AML/CFT).

"Stepping up the fight against money laundering activities is a crucial task that involves concerted efforts from governments, regulatory bodies and reporting institutions under the Anti-Money Laundering, Anti-terrorism and Proceeds of Unlawful Activities Act (AMLA) 2001."

Muhamad Nazri Shaidon, Head of AML Advisory and Training