← Industry Insights
Compliance Solution

AMLA Malaysia: The Anti-Money Laundering Act and Compliance Guide for 2026

Updated Jun 2026 · 10 min read
SHAREinXf
AML Malaysia: Anti-Money Laundering in Malaysia in 2025

AMLA Malaysia refers to the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001. Think of it as the law that governs how firms in the country detect and report money laundering. Who must comply? AMLA answers that, and it also fixes the records firms keep along with the penalties for getting any of it wrong. What follows walks through the legislation, the regulators behind it, and the changes that landed after Malaysia's 2025 mutual evaluation.

Money laundering has climbed the priority list for Malaysia's government and the institutions it supervises. Financial crime keeps rising. Pair that with the pressure to enforce a serious legal standard against laundering and terrorism financing, and the topic stops being optional. Below, we open with the legal and regulatory framework of AML in Malaysia. From there the guide moves through the core components of the Act, then the screening controls firms lean on day to day, before closing on the risks and trends now shaping the work.

Malaysia's 2025 FATF Review and What Follows

Malaysia came through its FATF and Asia/Pacific Group mutual evaluation in strong shape. Assessors made their on-site visit in February 2025. Adoption of the joint Mutual Evaluation Report followed in October 2025, with publication that December. Malaysia landed in Regular Follow-Up, which is the best outcome the process offers, and Bank Negara Malaysia credited progress on both technical compliance and real-world effectiveness.

Few reviews go this deep. Assessors held more than 70 meetings with public authorities. Add to that 45 private sector entities they sat down with. That group ran from banks to virtual asset service providers, and designated non-financial businesses came into it too. Their finding was that Malaysia had strengthened its defences against illicit finance since 2015. One gap stood out, and compliance teams should note it. Turning money laundering investigations into prosecutions and actual convictions is still a struggle. For firms, the upgraded rating raises the bar. Supervisors will want to see the framework working in practice, not just on paper.

What AMLA Malaysia Covers

The Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 is the key piece of anti-money laundering legislation in the country. Legal requirements for reporting institutions sit in it, along with the consequences of failing to meet them. Behind its arrival was a direct trigger: rising incidents of financial crime. Amendments have followed several times since, as Malaysia worked to align with standards set by bodies such as the Financial Action Task Force (FATF).

Malaysia has built a broad set of AML legal provisions to fight money laundering effectively. Customer due diligence is one demand the rules make. Firms also have to report suspicious transactions and retain records. On top of that, every firm needs a compliance program sized to its own AML/CFT risk. Underpinning all of it is the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLATFPUAA).

Several bodies share oversight of AML compliance:

  • Bank Negara Malaysia (BNM): The central bank holds the main mandate for implementing the AML regulations.
  • Securities Commission Malaysia (SC): Oversees the capital market and the compliance of financial service providers in that space.
  • Malaysian Anti-Corruption Commission (MACC): Primarily focused on corruption, which frequently overlaps with money laundering activity.
  • Royal Malaysia Police: Investigates and prosecutes money laundering and terrorism financing offences.

Who Counts as a Reporting Institution

AMLA frames its obligations around "reporting institutions," and the category runs wider than banks alone. Licensed banks, Islamic banks, and development financial institutions carry the fullest set of duties, including enterprise-wide risk assessments and detailed transaction monitoring. Sitting alongside them are money service businesses, remittance operators, and e-money issuers. Their CDD and reporting obligations look broadly equivalent even where their risk patterns differ.

The third group is the one firms most often overlook. Designated Non-Financial Businesses and Professions, or DNFBPs, reach a long way beyond finance. Lawyers and accountants fall inside the net. So do real estate agents, company secretaries, and dealers in precious metals and stones. Their obligations are threshold-triggered. Duties apply once a transaction reaches a defined cash value or the firm starts facilitating a category of activity the Act captures. If you work in one of these sectors and assume AMLA is a banking problem, the rules say otherwise.

Customer Due Diligence Under AMLA

Customer Due Diligence sits at the heart of the Act. BNM's policy document sets three CDD tiers. Which one applies turns on the customer's risk profile and the nature of the relationship, not on what is convenient for the firm. Standard CDD covers all new customers unless conditions for simplified CDD are met. At that tier, the firm identifies and verifies the customer. Documenting the purpose and intended nature of the relationship comes next, along with a customer risk assessment at onboarding.

Enhanced Due Diligence, or EDD, kicks in for higher-risk cases. That includes politically exposed persons and customers connected to high-risk jurisdictions. EDD means gathering more information and securing senior approval before the relationship proceeds, which gives the firm a fuller view of the risk it is taking on.

Record retention ties the process together. Several categories have to be kept. Documents gathered during CDD are one. Transaction records and business correspondence are another, and so is any risk analysis or suspicious transaction report the firm produces. The retention period runs at least six years after the transaction completes or the relationship ends. Regulators can ask to see all of it, so the clock matters.

What Is AML Screening?

AML screening is the process of checking customers and transactions against watchlists and risk data to catch money laundering before it takes hold. Onboarding is where it starts. After that, it carries on for the life of the relationship through ongoing transaction monitoring. A reporting institution screens a new customer's name, then keeps checking as sanctions lists update and behaviour shifts. Skip it, and a firm has no reliable way to know whether it is doing business with a sanctioned party or a known launderer.

Three checks make up the core of most programs. Sanctions screening tests names against government and international restriction lists. PEP screening flags politically exposed persons who warrant closer review. Adverse media screening surfaces negative news that may signal risk long before it reaches an official list. Each plays a distinct role. A thin program that runs one but skips the others leaves obvious gaps.

Sanction Screening in AML

Sanction screening checks whether a customer, beneficial owner, or related party appears on a sanctions list. Governments and bodies such as the UN maintain these lists. Named on them are individuals and companies, and whole countries land there too, subject to economic and trade restrictions often tied to terrorism or proliferation risk. For a Malaysian reporting institution, screening against the relevant lists is not optional. Done right, it stops the firm from handling funds for a restricted party.

Most of the time the process follows a clear sequence. First, the firm verifies the customer's identity at the start of the relationship. Then that identity is screened against the applicable lists. Any match gets investigated rather than waved through, because false positives are common and a real hit carries serious consequences. Screening then continues on an ongoing basis, since a customer who was clean at onboarding can appear on a list later. Strong matching logic matters here. Tune it too loose and analysts drown in false positives. Too tight and a genuine match slips past.

Name Screening and PEP Screening

Name screening is the broader discipline that sanctions and PEP checks sit within. Comparing a customer's details against multiple data sources at once is the job, and the hard part is rarely the lookup itself. Names transliterate differently. Spelling varies, and the same name repeats across thousands of unrelated people, so the screening engine has to balance catching true matches against flooding the team with noise.

PEP screening is a specific slice of that work. A politically exposed person holds a prominent public role, which brings a higher risk of bribery or corruption, so regulators expect closer scrutiny. Screening flags whether a customer is a PEP, applies enhanced due diligence if so, and keeps monitoring the relationship over time. A minister flagged at onboarding does not stop being a PEP. Their risk can climb with a change in office, which is why one-time screening falls short. Records of each screen should be retained for regulators to review on request.

How to Choose AML Screening Software

Picking AML screening software comes down to a few questions that cut through the feature lists. How current and how wide is the underlying data? Coverage has to span the sanctions sources your risk profile demands, plus PEP data and adverse media. Can the matching logic be tuned, so the team is not buried under false positives or, worse, missing real ones? Does ongoing monitoring run automatically, or does someone have to remember to re-screen?

Fit with your own stack matters too. A tool that screens well but cannot push alerts into your case workflow creates manual handoffs that slow everything down. Look at how the software handles sanctions screening end to end, from the initial check to alert resolution, and weigh whether it scales as your customer base grows. The right choice depends on your sector, your transaction patterns, and the regulators you answer to.

Book an AML Screening Demo

Money Laundering Risks in Malaysia

Malaysia's geography, strong financial sector, and open borders all create money laundering exposure. The main risks include:

  • Corruption: Corruption feeds both terrorism financing and money laundering, and it remains a persistent channel for moving illicit funds through the system.
  • Drug and human trafficking: These offences generate large volumes of cash that need to be laundered to look legitimate.
  • Cybercrime: As financial services move online, cyber-enabled financial crime has become a growing source of risk.

Penalties Under AMLA Malaysia

AMLA sets out the money laundering offences and the penalties that follow a conviction. Under Section 4 of the Act, a person convicted of money laundering faces imprisonment for a term not exceeding 15 years. A fine comes with it, set at not less than five times the value of the proceeds or instrumentalities involved, or five million ringgit, whichever is higher. These rank among the steepest financial crime penalties in Malaysia.

Beyond the criminal track, the Act lets law enforcement freeze and seize property linked to money laundering, then forfeit it outright, cutting off the financial base that crime depends on. Failure to file suspicious transaction reports carries its own legal exposure. Hence the reason timely suspicious activity reports to the BNM Financial Intelligence Unit sit at the centre of every compliance program. Taken together, these consequences reinforce Malaysia's commitment to AML compliance.

Malaysia has kept pace with new risks by updating its rules and supervising more actively. On 5 February 2024, Bank Negara Malaysia issued revised policy documents, with effect from the following day. Coverage ran to anti-money laundering and the countering of terrorism financing. Countering proliferation financing and targeted financial sanctions came in the same set. Both financial institutions and DNFBPs fall within scope, and the revisions raised the baseline for how firms run their programs.

The bigger shift came through legislation. A 2024 amendment bill, later enacted as the AMLA (Amendment) Act 2025, broadened the framework to cover proliferation financing and targeted financial sanctions. It introduced a new offence of financing restricted activity, meaning the provision of financial services or property used in the proliferation of weapons of mass destruction. The amendment also extended the reach of dealing restrictions beyond Malaysian citizens and locally incorporated bodies to any person inside or outside the country. And it gave supervisors the power to take administrative action, such as imposing monetary penalties, for breaches. As of mid-2025, the amendment awaited its in-force date by notification in the Gazette, so firms should track the commencement notice rather than assume the new offence is already live.

On the technology side, the Financial Technology Regulatory Sandbox Framework brings fintech firms into the wider AML system and tests that they meet the rules as they grow. Two goals run side by side here. Malaysia is tightening controls on illicit finance while keeping room for the digital financial sector to develop.

How KYC Hub Supports AML Compliance in Malaysia

KYC Hub's AML screening and ongoing monitoring solution gives Malaysian reporting institutions an end-to-end way to meet the obligations AMLA sets. Exhaustive AML screening comes first, so customers and counterparties are checked against the sanctions and watchlists that matter. Continuous monitoring and AML alerts then keep the relationship under review after onboarding, which is exactly where the Act expects ongoing diligence to live.

Two further pillars round out the picture. Global adverse media intelligence surfaces negative news that can flag risk before it lands on an official list. Connections between entities are the other half. Network intelligence helps teams see the links that simple name checks miss. Backed by global data coverage, the platform gives compliance teams a single place to screen, monitor, and resolve alerts rather than stitching together separate tools. For a DNFBP or a remittance operator trying to scale without scaling its false-positive workload, that consolidation is the practical win.

Book an AML Screening Demo

[ FREQUENTLY ASKED QUESTIONS ]

Any questions? We got you.

What is AMLA Malaysia?

AMLA Malaysia is the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001, the primary law governing anti-money laundering in the country. It sets the obligations for reporting institutions and the penalties for non-compliance.

What is AML screening?

AML screening is the process of checking customers and transactions against sanctions lists, PEP databases, and adverse media to detect money laundering risk. It runs at onboarding and continues throughout the customer relationship as part of a risk-based approach.

What is sanction screening in AML and KYC?

Sanction screening is the check that tests a customer, beneficial owner, or related party against government and international sanctions lists. It is a core part of the KYC process and helps a firm avoid handling funds for a restricted individual, company, or country.

When is AML screening required?

AML screening is required at the start of a customer relationship and on an ongoing basis afterward. Reporting institutions screen new customers during onboarding and then re-screen them as sanctions lists update and customer risk changes over time.

What is AML testing?

AML testing is the periodic, independent review of a firm's AML program to confirm its policies, procedures, and controls work as intended. AMLA expects reporting institutions to run regular evaluations alongside employee training as part of an effective compliance program.

Is Malaysia a high-risk country for AML?

Malaysia is not regarded as a high-risk country for AML, though it does carry some vulnerabilities, mainly because of its exposure to international trade and cash-based transactions in certain sectors.

Which authority oversees AML compliance in Malaysia?

Bank Negara Malaysia (BNM) is the primary authority overseeing AML compliance, alongside other bodies such as the Securities Commission Malaysia and the Malaysian Anti-Corruption Commission.

What is the penalty for AMLA violations in Malaysia?

Under Section 4 of AMLA, a money laundering conviction can carry imprisonment of up to 15 years plus a fine of at least five times the value of the proceeds involved, or five million ringgit, whichever is higher. Other breaches can draw fines, imprisonment, or administrative penalties depending on severity.

How does Malaysia participate in international AML efforts?

Malaysia works with international organizations such as the FATF to strengthen its AML framework and share information about money laundering activity. Its 2025 mutual evaluation placed it in Regular Follow-Up, the strongest outcome the process offers.

[ KYC HUB ]

Screen and monitor for financial crime in real time

Sanctions, PEP and adverse-media screening with ongoing transaction monitoring and case management.

Explore the AML screening & monitoringBook a demo
[ RELATED READING ]
How Anti-Money Laundering Software Works: Your guide in 2026
[ Compliance Solution ]

Anti Money Laundering Tool: How It Works in 2026

An anti money laundering tool screens customers, watches their transactions, and reports what looks suspicious. Here is how the technology really works in 2026 and how to choose it.

Apr 2026 · 21 min read
AI in Transaction Monitoring by 2026: What Will Actually Work
[ Transaction Monitoring ]

AI in Transaction Monitoring by 2026: What Will Actually Work

Learn how AI in transaction monitoring by 2026 enables real-time detection, adaptive risk scoring, and next-gen AML compliance.

Jan 2026 · 14 min read
Top Revolutionary AML Trends Shaping Compliance in 2026
[ Compliance Solution ]

AML Trends in 2026: What Compliance Teams Need to Know

A practical guide to the AML trends shaping compliance programs in 2026, from AI-driven detection and risk-based strategy to crypto, sanctions, and trade-based laundering risk.

Dec 2025 · 6 min read