Both the Bank Negara Malaysia (BNM) and Companies Commission of Malaysia (SSM) play pivotal roles in Malaysia’s Anti-Money Laundering and Counter Financing of Terrorism (AML/CFT) efforts. While they share the common goal of combating financial crimes, their regulatory frameworks differ.
This article outlines the key distinctions between the two, focusing on regulatory scope, risk-based approaches, and reporting requirements, including beneficial ownership. By understanding these differences, organisations subject to both regulators can ensure compliance, mitigate risks, and avoid potential legal and financial penalties.
1. Regulatory Scope
| Aspect | BNM | SSM |
|---|---|---|
| Regulated Entities | Financial institutions, nonbank financial institutions (NBFIs), Designated Non-Financial Businesses and Professions (DNFBPs) | Company secretaries, Trust companies |
| Main Activities | Broader financial and non-financial services | Company formation, Trustee services, Nominee shareholders |
| Legal Framework | AMLA 2001, Financial Services Act 2013, Islamic Financial Services Act 2013 | AMLA 2001, Companies Act 2016 |
*AMLA 2001 refers to The Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA).
2. Applicability of AML/CFT Obligations
- Bank Negara Malaysia (BNM):
Broader AML/CFT obligations for all financial institutions, DNFBPs, and NBFIs. BNM’s guidelines cover a wide range of reporting institutions and include detailed Customer Due Diligence (CDD), Suspicious Transaction Reports (STRs), and compliance management systems. - Companies Commission of Malaysia (SSM):
Focuses primarily on company secretaries and requires them to maintain beneficial ownership (BO) records, conduct Customer Due Diligence (CDD), and file Suspicious Transaction Reports (STRs) if necessary. Additionally, they must perform comprehensive Institutional Risk Assessment (IRA) to identify and mitigate risks related to money laundering and terrorism financing.
3. Beneficial Ownership (BO) Reporting
The concept of Beneficial Ownership (BO) is critical not only for AML/CFT compliance but also for accounting transparency, corporate governance, and regulatory disclosure. A Beneficial Owner refers to the individual who ultimately owns, controls, or derives benefit from a legal entity or arrangement, even if the ownership is registered under another name. This distinction is essential, as the beneficial owner may not always be the legal owner listed in official records but may still exert significant influence or control over the entity’s decisions or assets.
Both Bank Negara Malaysia (BNM) and the Companies Commission of Malaysia (SSM) emphasise the importance of identifying and reporting BO to prevent misuse of legal entities for illicit purposes and to promote transparency across sectors.
| Aspect | BNM | SSM |
|---|---|---|
| Threshold for Ownership | 25% ownership interest or controlling ownership | 20% equity interest or voting shares |
| Filing Requirements | BO information must be maintained but only reported to BNM if requested | Required to file BO information annually with SSM and update changes |
| Register of Beneficial Owners | BO information maintained as part of CDD records | Mandatory to maintain at the company’s registered office |
4. Risk-Based Approach (RBA)
- Bank Negara Malaysia (BNM):
Institutions must implement a comprehensive RBA, conducting risk assessments throughout the customer lifecycle, including onboarding and ongoing due diligence. Enhanced measures are mandated for high-risk customers and jurisdictions. - Companies Commission of Malaysia (SSM):
Company secretaries are required to adopt a Risk-Based Approach by conducting an IRA to assess risks related to customers, geographical areas, and products. A review of the IRA is permitted when necessary. Policies for high-risk customers must be robust to mitigate ML/TF risks.
5. Reporting Obligations
| Aspect | BNM | SSM |
|---|---|---|
| Suspicious Transaction | All reporting institutions report suspicious transactions to FIED, BNM | Company secretaries report suspicious transactions to BNM |
| Record Retention Period | Six years, but may be extended if records are under investigation | Seven years for all CDD and related AML/CFT documentation |
6. Exemptions and Simplifications
Small-sized reporting institutions refer to designated non-financial businesses and professions (DNFBPs) that operate on a smaller scale. Bank Negara Malaysia generally considers the following as small-sized institutions:
- Law firms or accounting firms with five or fewer practising certificate holders.
- Company secretary firms with five or fewer licensed company secretaries.
- Dealers in precious metals and stones (DPMS) with an annual turnover below RM10 million and fewer than 30 employees.
For these small-sized reporting institutions, certain exemptions are allowed. Specifically, the requirement for Policies, Procedures, and Controls (PPC) under Section 11.2 does not apply. Instead, these institutions can adopt Bank Negara Malaysia’s (BNM) policy documents as their own. While these firms are exempted from creating detailed internal AML/CFT frameworks, they are still required to implement core elements of AML/CFT compliance.
| Reporting Institution | Exemptions Provided | Requirements |
|---|---|---|
| Lawyers and Accountants (≤ 5 practising certificate holders) | Exempted from developing new internal PPC, can adopt BNM policy documents directly. | Exempted from periodic review of AML/CFT policies, and are not required to establish an independent audit function for AML/CFT compliance |
| Company Secretaries (≤ 5 licensed) | Exempt from detailed internal policies; may use simplified CDD and screening. | No need for audit; employee screening required only during hiring. |
| Dealers in Precious Metals or Precious Stones (DPMS) (Turnover < RM 10 million, ≤ 30 employees) | Simplified AML/CFT procedures allowed, adopting BNM policy documents without additional internal frameworks, policies, or procedures beyond what is outlined by BNM. | Exempt ed from periodic policy reviews, independent audit function requirements , and detailed employee training, except for initial screening. |
Conclusion
Understanding your specific AML/CFT obligations is key to effective compliance. While the Companies Commission of Malaysia (SSM) regulates company secretaries under its AML/CFT framework, Bank Negara Malaysia (BNM) also plays a supervisory role, covering a wider range of reporting institutions—including legal professionals, accountants, dealers in precious metals and stones (DPMS), and company secretaries—especially when their activities fall under the definition of designated non-financial businesses and professions (DNFBPs) as outlined by BNM’s policy documents. Their requirements are complementary but distinct. The differences in thresholds, reporting, and risk-based approaches reflect each regulator’s unique focus. Together, these frameworks strengthen Malaysia’s defenses against money laundering and terrorism financing.
About Ingenique Solutions
Ingenique Solutions Pte Ltd delivers Anti-Money Laundering & Know Your Customer (KYC) screening and due diligence solutions to help small businesses and large enterprises meet their AML/CFT compliance requirements. It is trusted by 1,600+ companies in Hong Kong, Singapore, Malaysia, China and Taiwan, including government Ministry/ Agency, public listed companies, and top leading firms in various sectors.
Recent Posts:
- Navigating AML/CTF Compliance in Australia: A Guide for Tranche 2 Entities Under the Amendment to the AML/CTF Act Effective 2026
- The New Corporate Service Providers Regulations and Guidelines: Top 3 Requirements and Compliance Steps CSP Need to Know
- Singapore’s New AML/CFT Sentencing Framework for Nominee Directors: Implications for Corporate Service Providers
