Introduction
Cryptocurrencies and various
virtual assets (VAs) are transforming the international financial environment
by facilitating rapid, decentralized, and borderless transactions.
Even so, these very features also
introduce certain vulnerabilities, particularly concerning money laundering
(ML), terrorism financing (TF), and proliferation financing (PF).
In response to these challenges,
the Financial Action Task Force (FATF) has established global standards aimed
at regulating virtual asset service providers (VASPs) and reducing the
incidence of financial crime.
Although Malaysia is not a
significant centre for crypto-related criminal activities, the nation
recognizes the escalating risks and has initiated measures to align its
regulatory frameworks with the FATF's recommendations.
FATF Standards and the Global
Challenge
In 2019, the FATF revised
Recommendation 15 and its Interpretive Note (R.15/INR.15) to encompass virtual
assets and VASPs within the framework of anti-money laundering and
counter-terrorism financing (AML/CFT) regulations.
A significant aspect of this
revision is the Travel Rule, which mandates that VASPs disclose identifying
information regarding both originators and beneficiaries during virtual asset
transfers.
Still, a review conducted by FATF
in 2023 indicated that more than 75% of jurisdictions are either partially
compliant or entirely non-compliant, with over half showing no advancement in
the implementation of the Travel Rule i.e. the information that should
accompany transfers of funds and certain crypto assets.
This inconsistency on a global
scale enables criminal and terrorist organizations to take advantage of
jurisdictions with lax enforcement.
Additionally, emerging
technologies such as decentralized finance (DeFi), unhosted wallets also
referred to as cold storage or self-custody wallets and non-fungible tokens
(NFTs) further complicate regulatory oversight due to their decentralized and
peer-to-peer characteristics.
These trends highlight the
pressing need for nations to revise their regulatory and enforcement strategies
while fostering greater international cooperation.
Malaysia’s VA Risk Landscape
and VARA 2024 Findings
Although Malaysia's virtual asset
(VA) market is relatively small, the 2024 Virtual Asset Risk Assessment (VARA)
conducted by the National Coordination Committee to Counter Money Laundering
(NCC) identifies emerging threats.
The NCC is the highest
governmental committee in charge of coordinating, implementing and monitoring
the development of national AML/CFT regime in Malaysia.
Illicit activities related to
virtual assets in Malaysia represent less than 1% of global incidents,
primarily involving fraud, drug trafficking, and illegal gambling.
To date, there have been no
reported cases of terrorist financing or proliferation financing associated
with virtual assets in the country.
However, Malaysia remains
indirectly vulnerable to global threats. Foreign Virtual Asset Service
Providers (VASPs), which frequently offer anonymous services and complex
products such as mixers or mining pools, are increasingly exploited for illegal
activities, occasionally routing transactions through Malaysian platforms.
As well, cross-border
transactions involving widely used cryptocurrencies like Bitcoin (BTC),
Ethereum (ETH), and Tether (USDT) present further risks.
Despite these challenges, the
findings of the 2024 VARA indicate that Malaysia's detection mechanisms,
including suspicious transaction reporting and regulatory oversight, are
functioning effectively.
Nonetheless, ongoing vigilance is
essential to navigate the increasing complexity of the virtual asset landscape.
Enforcement Strategies and
Institutional Responses
Malaysia's framework for
Anti-Money Laundering and Counter Financing of Terrorism, spearheaded by Bank
Negara Malaysia (BNM) and the Securities Commission (SC), has initiated
regulatory measures for VASPs.
On the other hand, achieving full
compliance with the FATF standards, particularly regarding the implementation
of the Travel Rule, remains a critical objective.
It is imperative that amendments
to the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful
Activities Act 2001 (AMLA) explicitly address the emerging risks associated
with unhosted wallets, decentralized finance (DeFi) platforms, and stablecoins.
In the realm of law enforcement,
the Royal Malaysia Police (PDRM), particularly through its Commercial Crime
Investigation Department (CCID), must establish specialized cybercrime units
focused on virtual asset investigations.
These units require comprehensive
training in blockchain forensics, transaction tracing, and monitoring of the
dark web. By collaborating with blockchain analytics firms such as Chainalysis
or Elliptic, PDRM can enhance its capabilities to track and disrupt illicit
activities involving cryptocurrencies.
Also, the Malaysian
Anti-Corruption Commission (MACC) is crucial in identifying public officials
who may be involved in corruption or negligence related to cryptocurrencies.
As digital assets are
increasingly utilized to obscure wealth, MACC must employ forensic tools to
uncover hidden wallets and monitor undeclared holdings effectively.
To optimize these efforts,
Malaysia should consider institutionalizing a permanent task force that
includes representatives from PDRM, MACC, BNM, and the SC.
Strengthening international
cooperation, particularly with ASEAN partners and Interpol, will facilitate
intelligence sharing and bolster cross-border investigations.
By taking a leadership role in
regional regulatory harmonization, Malaysia can help bridge enforcement gaps
throughout Southeast Asia, thereby enhancing the overall effectiveness of its
AML/CFT framework.
Private Sector Compliance and
Long-Term Strategy
An effective Anti-Money
Laundering (AML) and Counter Financing of Terrorism (CFT) framework requires
active participation from the private sector. In the context of Malaysia, it is
essential for VASPs to implement robust know-your-customer (KYC) protocols.
These protocols should include
the obligation to report any suspicious activities and to adopt technologies
that comply with the Travel Rule.
Furthermore, the government can
enhance the resilience of these platforms against cyber threats, such as
hacking and ransomware, by offering incentives aimed at improving cybersecurity
measures.
Beyond enforcement actions,
Malaysia should cultivate a forward-thinking regulatory environment. This
involves supporting fintech startups through the creation of regulatory
sandboxes, which allow for innovation within a controlled framework.
Moreover, specialized training
programs should be developed for AML/CFT personnel to equip them with knowledge
regarding the specific risks associated with cryptocurrencies.
Active participation in the FATF
working groups that focus on financial technology (fintech) and regulatory
technology (regtech) is also crucial for fostering collaboration and sharing
best practices in this rapidly evolving sector.
Conclusion
The FATF has emphasized the
critical need for a cohesive global regulatory framework for virtual assets.
However, the extent to which these standards are implemented varies
significantly among different jurisdictions.
In Malaysia, the current risks
linked to virtual assets are considered manageable; however, there is a
discernible increase in these risks, particularly due to the involvement of
foreign Virtual Asset Service Providers (VASPs) and the rise in cross-border
transactions.
The 2024 VARA report indicates
that Malaysia's existing regulatory framework is predominantly effective. For
example, the SC oversees digital assets in Malaysia through the Capital Markets
& Services (Prescription of Securities) (Digital Currency and Digital
Token) Order 2019, which has allowed the SC to establish guidelines for the
offering and trading of digital assets.
However, it is essential for the
nation to implement proactive strategies to address emerging threats.
By improving regulatory
compliance, enhancing enforcement capabilities, and promoting collaboration
with the private sector, Malaysia can position itself as a regional frontrunner
in the secure and innovative governance of virtual assets.
© All rights are reserved.
22.04.2025
Comments