AML/CFT regulations in Malaysia

 Duty to undertake customer due diligence measures in all or any of the following circumstances:

1. Establishing or conducting a business relationship, conducting any transaction with a customer, or carrying out any activity for or on behalf of a customer, whether they are an occasional or usual customer.
2. The transaction or activity to be carried out exceeds the amount a competent authority may specify.
3. There is reasonable suspicion of the commission of a ML/TF offence.
4. There is reasonable doubt about the authenticity or adequacy of previously obtained customer identification data. 

In undertaking customer due diligence measures, a reporting institution shall:

1. Identify the customer
2. Verify their identity
3. Verify the identity and authority of any person claiming to act on behalf of a customer
4. Take reasonable steps to obtain and record information about the true identity of any person whose account is opened on their behalf, or a transaction or activity is conducted if there is reasonable doubt that the person is not acting on their own behalf
5. Take reasonable steps to verify the identity of a natural person [SS1] who owns or exercises effective control over a customer that is not a natural person.

 Duty to conduct ongoing due diligence on all accounts, business relationships, transactions, and activities. 

Duty to record any information, data or details obtained during the course of the customer due diligence and, upon request, in writing, provide a copy of such record to a competent authority. 

Duty to maintain any account, record, business correspondence and document relating to an account, business relationship, transaction or activity with a customer or any person as well as the results of any analysis undertaken. This may be the case for a period of at least 6 years from the date the account is closed or the business relationship, transaction or activity is completed or terminated. 

Duty to keep a record of any transaction involving the domestic currency or any foreign currency exceeding the amount specified by a competent authority for a period of at least six years from the date the transaction is completed or terminated. 

Duty to adopt, develop and implement internal programs, policies, procedures and controls to guard against and detect any offence under the Act. The programs shall include:

1. The establishment of procedures to ensure high standards of integrity of its employees and a system to evaluate the personal, employment and financial history of these employees.
2. On-going employee training programs, such as “know-your-customer” programs, as well as instructing employees on the record-keeping, reporting, due diligence and retention of records obligations.
3. An independent audit function to check compliance with such programs. 

Duty to designate compliance officers at management level in each branch and subsidiary who will be in charge of the application of the internal programs and procedures, including proper maintenance of records and reporting of suspicious transactions. 

Duty to develop audit functions to evaluate policies, procedures and controls implemented to comply with the Act.