Skip to main content

Malaysia’s Response to FATF Virtual Asset Risks

Introduction

Cryptocurrencies and various virtual assets (VAs) are transforming the international financial environment by facilitating rapid, decentralized, and borderless transactions.

Even so, these very features also introduce certain vulnerabilities, particularly concerning money laundering (ML), terrorism financing (TF), and proliferation financing (PF).

In response to these challenges, the Financial Action Task Force (FATF) has established global standards aimed at regulating virtual asset service providers (VASPs) and reducing the incidence of financial crime.

Although Malaysia is not a significant centre for crypto-related criminal activities, the nation recognizes the escalating risks and has initiated measures to align its regulatory frameworks with the FATF's recommendations.

FATF Standards and the Global Challenge

In 2019, the FATF revised Recommendation 15 and its Interpretive Note (R.15/INR.15) to encompass virtual assets and VASPs within the framework of anti-money laundering and counter-terrorism financing (AML/CFT) regulations.

A significant aspect of this revision is the Travel Rule, which mandates that VASPs disclose identifying information regarding both originators and beneficiaries during virtual asset transfers.

Still, a review conducted by FATF in 2023 indicated that more than 75% of jurisdictions are either partially compliant or entirely non-compliant, with over half showing no advancement in the implementation of the Travel Rule i.e. the information that should accompany transfers of funds and certain crypto assets.

This inconsistency on a global scale enables criminal and terrorist organizations to take advantage of jurisdictions with lax enforcement.

Additionally, emerging technologies such as decentralized finance (DeFi), unhosted wallets also referred to as cold storage or self-custody wallets and non-fungible tokens (NFTs) further complicate regulatory oversight due to their decentralized and peer-to-peer characteristics.

These trends highlight the pressing need for nations to revise their regulatory and enforcement strategies while fostering greater international cooperation.

Malaysia’s VA Risk Landscape and VARA 2024 Findings

Although Malaysia's virtual asset (VA) market is relatively small, the 2024 Virtual Asset Risk Assessment (VARA) conducted by the National Coordination Committee to Counter Money Laundering (NCC) identifies emerging threats.

The NCC is the highest governmental committee in charge of coordinating, implementing and monitoring the development of national AML/CFT regime in Malaysia.

Illicit activities related to virtual assets in Malaysia represent less than 1% of global incidents, primarily involving fraud, drug trafficking, and illegal gambling.

To date, there have been no reported cases of terrorist financing or proliferation financing associated with virtual assets in the country.

However, Malaysia remains indirectly vulnerable to global threats. Foreign Virtual Asset Service Providers (VASPs), which frequently offer anonymous services and complex products such as mixers or mining pools, are increasingly exploited for illegal activities, occasionally routing transactions through Malaysian platforms.

As well, cross-border transactions involving widely used cryptocurrencies like Bitcoin (BTC), Ethereum (ETH), and Tether (USDT) present further risks.

Despite these challenges, the findings of the 2024 VARA indicate that Malaysia's detection mechanisms, including suspicious transaction reporting and regulatory oversight, are functioning effectively.

Nonetheless, ongoing vigilance is essential to navigate the increasing complexity of the virtual asset landscape.

Enforcement Strategies and Institutional Responses

Malaysia's framework for Anti-Money Laundering and Counter Financing of Terrorism, spearheaded by Bank Negara Malaysia (BNM) and the Securities Commission (SC), has initiated regulatory measures for VASPs.

On the other hand, achieving full compliance with the FATF standards, particularly regarding the implementation of the Travel Rule, remains a critical objective.

It is imperative that amendments to the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA) explicitly address the emerging risks associated with unhosted wallets, decentralized finance (DeFi) platforms, and stablecoins.

In the realm of law enforcement, the Royal Malaysia Police (PDRM), particularly through its Commercial Crime Investigation Department (CCID), must establish specialized cybercrime units focused on virtual asset investigations.

These units require comprehensive training in blockchain forensics, transaction tracing, and monitoring of the dark web. By collaborating with blockchain analytics firms such as Chainalysis or Elliptic, PDRM can enhance its capabilities to track and disrupt illicit activities involving cryptocurrencies.

Also, the Malaysian Anti-Corruption Commission (MACC) is crucial in identifying public officials who may be involved in corruption or negligence related to cryptocurrencies.

As digital assets are increasingly utilized to obscure wealth, MACC must employ forensic tools to uncover hidden wallets and monitor undeclared holdings effectively.

To optimize these efforts, Malaysia should consider institutionalizing a permanent task force that includes representatives from PDRM, MACC, BNM, and the SC.

Strengthening international cooperation, particularly with ASEAN partners and Interpol, will facilitate intelligence sharing and bolster cross-border investigations.

By taking a leadership role in regional regulatory harmonization, Malaysia can help bridge enforcement gaps throughout Southeast Asia, thereby enhancing the overall effectiveness of its AML/CFT framework.

Private Sector Compliance and Long-Term Strategy

An effective Anti-Money Laundering (AML) and Counter Financing of Terrorism (CFT) framework requires active participation from the private sector. In the context of Malaysia, it is essential for VASPs to implement robust know-your-customer (KYC) protocols.

These protocols should include the obligation to report any suspicious activities and to adopt technologies that comply with the Travel Rule.

Furthermore, the government can enhance the resilience of these platforms against cyber threats, such as hacking and ransomware, by offering incentives aimed at improving cybersecurity measures.

Beyond enforcement actions, Malaysia should cultivate a forward-thinking regulatory environment. This involves supporting fintech startups through the creation of regulatory sandboxes, which allow for innovation within a controlled framework.

Moreover, specialized training programs should be developed for AML/CFT personnel to equip them with knowledge regarding the specific risks associated with cryptocurrencies.

Active participation in the FATF working groups that focus on financial technology (fintech) and regulatory technology (regtech) is also crucial for fostering collaboration and sharing best practices in this rapidly evolving sector.

Conclusion

The FATF has emphasized the critical need for a cohesive global regulatory framework for virtual assets. However, the extent to which these standards are implemented varies significantly among different jurisdictions.

In Malaysia, the current risks linked to virtual assets are considered manageable; however, there is a discernible increase in these risks, particularly due to the involvement of foreign Virtual Asset Service Providers (VASPs) and the rise in cross-border transactions.

The 2024 VARA report indicates that Malaysia's existing regulatory framework is predominantly effective. For example, the SC oversees digital assets in Malaysia through the Capital Markets & Services (Prescription of Securities) (Digital Currency and Digital Token) Order 2019, which has allowed the SC to establish guidelines for the offering and trading of digital assets.

However, it is essential for the nation to implement proactive strategies to address emerging threats.

By improving regulatory compliance, enhancing enforcement capabilities, and promoting collaboration with the private sector, Malaysia can position itself as a regional frontrunner in the secure and innovative governance of virtual assets.

© All rights are reserved.

22.04.2025

https://www.malaysiakini.com/columns/741138

Comments

Popular posts from this blog

Smart Security, Free Society: Malaysia’s Data Dilemma

In today’s digitally driven world, national security is no longer confined to borders or traditional threats. Cyberattacks, disinformation campaigns, and asymmetric warfare have become the new frontiers of conflict. Malaysia, strategically located in Southeast Asia and increasingly exposed to regional tensions and internal vulnerabilities, must strengthen its security apparatus. However, doing so must not come at the cost of civil liberties. Malaysia can enhance its security strategy by leveraging insights from advanced data platforms like those pioneered by Palantir Technologies, while maintaining strong democratic oversight to safeguard the fundamental freedoms protected by the Federal Constitution. Palantir Technologies, a U.S.-based company, gained prominence in the aftermath of the September 11 attacks. Its core software, Gotham, was designed to integrate fragmented intelligence and provide real-time, actionable insights to military and intelligence agencies. Over the years,...

Syringe Attacks in Malaysia and France: Random Violence or Terrorism? - Part 3

The syringe attack on the 12-year-old son of Pandan MP and former Economy Minister, Datuk Seri Rafizi Ramli, has shaken Malaysia. What initially appeared as a rare and bizarre incident now echoes a disturbing pattern witnessed abroad, notably in France. In June 2025, during the Fête de la Musique festival, over 145 people across France reported being pricked with syringes in crowded public areas. In both cases, the weapon of fear was not a gun or bomb but a syringe. When viewed together, the Rafizi incident and the mass needle attacks in France reveal an alarming global trend of unconventional, psychological violence that leaves behind not just physical uncertainty but emotional trauma. The question we must now ask is: are these acts simply random criminality, or should they be treated with the gravity of terrorist attacks? A Pattern Beyond Borders In France, the attacks spanned multiple cities, with 13 confirmed cases in Paris alone. Victims included women, men, and even min...

Constitution of Malaysia: An Introduction Part 5

7 (1) No person shall be punished for an act or omission which was not punishable by law when it was done or made, and no person shall suffer greater punishment for an offence than was prescribed by law at the time it was committed. (2) A person who has been acquitted or convicted of an offence shall not be tried again for the same offence except where the conviction or acquittal has been quashed and a retrial ordered by a court superior to that by which he was acquitted or convicted.