Malaysia -- Regulatory Status Regulatory Overview

Malaysia has adopted a structured and evolving regulatory framework for virtual assets (which it primarily refers to as "digital assets") rather than a ban or a complete free-for-all. The approach can be described as partial but moving towards comprehensive, particularly concerning investor protection, financial stability, and anti-money laundering/counter-terrorism financing (AML/CFT).

Regulatory Approach: Partial but Evolving Towards Comprehensive

Malaysia's regulatory approach is strategic, focusing on regulating specific aspects and participants within the digital asset ecosystem that pose risks to financial stability, investor protection, and market integrity. It categorizes certain digital assets as securities and imposes licensing requirements on exchanges and fundraising platforms.

Key characteristics:

• Risk-based: Regulations are introduced where risks are most apparent (e.g., trading, fundraising, AML/CFT).
• Phased: The framework has evolved over time, starting with AML/CFT and then expanding to encompass capital market activities.
• Technology-neutral where possible: Applying existing securities laws to digital assets that exhibit characteristics of securities.
• Focus on investor protection and market integrity: Especially for digital assets deemed as securities.
• Emphasis on AML/CFT: A core pillar of all digital asset regulation.

Primary Regulatory Bodies

1. Securities Commission Malaysia (SC)

   • Role: The primary regulator for digital assets that are deemed "securities" under Malaysian law. It oversees the offering, trading, and intermediation of such digital assets. This includes licensing Digital Asset Exchanges (DAXes) and regulating fundraising via Initial Exchange Offerings (IEOs).
   • Website: https://www.sc.com.my
   • Digital Assets Specific Page: https://www.sc.com.my/regulation/guidelines/digital-assets

2. Bank Negara Malaysia (BNM) – Central Bank of Malaysia

   • Role: Primarily responsible for the financial system's stability, payment systems, and Anti-Money Laundering/Counter-Terrorism Financing (AML/CFT). BNM designates "virtual asset service providers" (VASPs) as reporting institutions under the AMLATFPUAA, requiring them to report suspicious transactions and adhere to AML/CFT measures. BNM also monitors the broader implications of digital assets on financial stability, monetary policy, and payment systems, including stablecoins and central bank digital currencies (CBDCs).
   • Website: https://www.bnm.gov.my

Key Legislation Names and Dates

1. Capital Markets and Services Act 2007 (CMSA 2007)

   • Date: Enacted 2007 (amended periodically).
   • Relevance: Provides the foundational legal framework for the SC to regulate capital market activities. Digital assets deemed as "securities" fall under the purview of this Act.
   • URL (SC Legislation page): https://www.sc.com.my/regulation/legislation/acts/cmsa

2. Capital Markets and Services (Prescription of Securities) (Digital Currency and Digital Token) Order 2019

   • Date: Effective 15 January 2019.
   • Relevance: This is a crucial piece of legislation. It formally prescribes digital currencies and digital tokens as "securities" if they are traded on a digital asset exchange or offered through an Initial Exchange Offering (IEO) platform. This brought certain virtual assets squarely under the SC's regulatory ambit.
   • URL (SC Media Release announcing guidelines): https://www.sc.com.my/resources/media-releases-and-announcements/sc-issues-guidelines-on-digital-assets (The Order itself is a gazetted law, not always directly linked as a PDF on the SC site, but its effect is explained in the guidelines and press releases.)

3. Guidelines on Digital Assets (Revised as of October 2023)

   • Date: First issued 2019, revised multiple times (latest revision October 2023).
   • Relevance: Issued by the SC, these guidelines provide detailed requirements for:
     • Persons seeking to operate a Digital Asset Exchange (DAX).
     • Persons seeking to operate an Initial Exchange Offering (IEO) platform.
     • Issuers of digital tokens through an IEO platform.
     • Custodians for digital assets.
   • URL: https://www.sc.com.my/api/documentms/download.ashx?id=ee851174-8b63-44f2-9844-4824578b7a42 (Direct PDF link to the Guidelines on Digital Assets, dated 27 October 2023).

4. Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLATFPUAA 2001)

   • Date: Enacted 2001 (amended periodically).
   • Relevance: This Act is the cornerstone of Malaysia's AML/CFT regime. BNM leverages this Act to designate "virtual asset service providers" (VASPs) as "reporting institutions," compelling them to implement robust AML/CFT measures, conduct customer due diligence, and report suspicious transactions.
   • URL (BNM Legislation page): https://www.bnm.gov.my/legislation/acts/aml-cft

5. Policy Document on Anti-Money Laundering, Countering Financing of Terrorism and Targeted Financial Sanctions for Financial Institutions (AML/CFT and TFS Policy Document)

   • Date: Various iterations, latest effective 1 January 2020 (with subsequent clarifications/revisions).
   • Relevance: Issued by BNM, this policy document details the specific AML/CFT obligations for various financial institutions, including virtual asset service providers (VASPs) operating in Malaysia. It outlines requirements for risk assessment, customer due diligence, record-keeping, and suspicious transaction reporting.
   • URL: https://www.bnm.gov.my/documents/20124/960527/PD_AML+CFT+and+TFS_FI.pdf (Direct PDF link to BNM's AML/CFT and TFS Policy Document, updated as of 17 April 2023).

Current Stance on Crypto Trading and Exchanges

Crypto trading and exchanges are legal in Malaysia, but strictly regulated and only permissible through licensed entities.

• Legality: Engaging in crypto trading and establishing crypto exchanges is legal, provided they comply with the SC's regulatory framework.
• Licensing Requirement: Any entity that wishes to operate a Digital Asset Exchange (DAX) in Malaysia, or an Initial Exchange Offering (IEO) platform, must be licensed by the Securities Commission Malaysia (SC). Operating without an SC license is illegal and carries severe penalties.
• Investor Protection: The SC's framework focuses heavily on investor protection, requiring licensed DAXes to implement robust cybersecurity measures, adequate capital, clear rules for listing digital assets, dispute resolution mechanisms, and transparent fee structures.
• AML/CFT Compliance: Licensed DAXes and IEO platforms are designated as reporting institutions under the AMLATFPUAA and must comply with BNM's stringent AML/CFT requirements. This involves "Know Your Customer" (KYC) procedures, transaction monitoring, and suspicious transaction reporting.
• List of Licensed DAXes: The SC publicly maintains a list of licensed Digital Asset Exchanges. As of my last update, licensed DAXes typically include operators like Luno, SINEGY, Tokenize Technology, and MX Global. It is crucial for users to verify that they are using an SC-licensed platform.
  • URL (SC Licensed and Registered Persons - filter by Digital Asset Exchange): https://www.sc.com.my/regulation/licensing/licensed-and-registered-persons

In summary: Malaysia has taken a clear stance to regulate the digital asset space, particularly where it intersects with capital market activities and financial crime. This provides a level of legitimacy and structure while aiming to protect investors and maintain financial stability.