Staying abreast of financial regulations is crucial for Designated Non-Financial Businesses and Professions (DNFBPs). On 5 February 2024, Bank Negara Malaysia updated the DNFBP AML Policy effective 6 February 2024. These updates align with Financial Action Task Force (FATF) standards, expand coverage for proliferation financing, broaden institutional risk assessment and compliance programmes, and introduce a group-wide programme for enhancing the nation’s anti-money laundering and counter-terrorism financing framework.
Key Updates on DNFBP AMLA Policy and Regulations
1. Expanded Scope for Financial Institutions
- The policy document now includes provisions for Anti-Money Laundering (AML), Countering Financing of Terrorism (CFT), Countering Proliferation Financing (CPF), and Targeted Financial Sanctions (TFS) for financial institutions.
- Reporting institutions must assess proliferation financing (PF) risks and implement appropriate mitigation measures to prevent abuse by designated individuals and entities.
2. Reporting Institutions’ Gazetted Activities
- Accountants: Must comply when engaging in activities such as buying/selling property, managing client funds, and creating or managing legal entities.
- Company Secretaries: Obligations include acting as formation agents for legal entities and providing registered office services.
- Lawyers: Must follow regulations when involved in property transactions, managing client funds, and managing legal entities.
3. Definitions for Ownership, Risk Verification, DNFBP, and NRA
- Accurate Information: Verification of beneficial owner information using reliable, independently sourced documents. The extent of verification varies based on the risk level.
- Beneficial Owner: The natural person who ultimately owns or controls a customer, including indirect control through legal arrangements. This includes control exercised through a chain of ownership or other indirect means.
- DNFBP Group: A parent company in Malaysia or any legal entity controlling and coordinating its branches or subsidiaries, all adhering to group-level AML/CFT policies and procedures.
- National Risk Assessment (NRA): Includes sectoral, thematic, and emerging risk assessments.
4. Institutional PF Risk Assessment and Risk Mitigation Requirements
- Institutions must identify, assess, and understand PF risks in relation to their business’s nature, size, and complexity.
- Institutions should document PF risk assessments, keep them updated, and provide information to supervisory authorities.
- Institutions must implement policies, procedures, and controls to manage PF risks.
- Enhanced controls are required for higher PF risks, ensuring full implementation of targeted financial sanctions.
5. Introduction of DNFBP Group and Group-Wide Programme
A vertical structure has been introduced between the parent company/head office and subsidiaries/branches. Reporting institutions that act as a parent company or head office for another reporting institution are now required to implement the following measures:
- Establish a framework for AML/CFT/CPF compliance programmes at the group level.
- Appoint a Group Compliance Officer at the management level.
- Develop policies and procedures for sharing information required for customer due diligence (CDD) and ML/TF/PF risk management.
- Ensure the provision of customer, account, and transaction information from branches and subsidiaries when necessary for AML/CFT/CPF purposes.
- Implement safeguards on the confidentiality and use of exchanged information.
These updates reflect Bank Negara Malaysia’s commitment to strengthening the financial system against evolving threats. Staying informed and compliant with these regulations is essential for professionals in the non-financial sector.
Article contributed by Ingenique Malaysia.
