Financial Crime World

Title: KYC Process Unveiled: Malaysian Financial Institutions’ Identity Verification Requirements for Individuals and Corporates

Overview

The Know Your Customer (KYC) process is a critical component of the Malaysian financial regulatory framework, designed to prevent money laundering and terrorist financing. This article provides an insight into the identity verification requirements for both individuals and corporations, as outlined by Malaysian financial institutions.

Individual Identity Verification Requirements

Onboarding Domestic Persons

  • Full name
  • Date of birth
  • Nationality
  • Permanent address
  • National Registration Identity Card (NRIC) number
  • Identity documents such as passports, identity cards, birth certificates, driving licenses, and a photograph

Onboarding International Persons

  • Additional requirements: Nationality and permanent address
  • Compulsory document: Passport
  • Institutions may request additional documents based on risk assessments

Corporate Identity Verification Requirements

  • Memorandum and Articles of Association
  • Certificate of Incorporation
  • Partnership agreements
  • Identification documents of directors
  • Registered office address
  • Principal place of business
  • Verification of the identity and authority of the person authorised to represent the company in transactions

Other KYC Requirements

Beneficial Ownership

  • Institutions must identify and verify the beneficial owner, conducting due diligence as extensively as for an individual customer

High-risk Categories

  • Enhanced due diligence measures are necessary for higher-risk customers, business relationships, or transactions
  • Approval from senior management before establishing a business relationship

Politically Exposed Persons (PEPs)

  • Institutions must take reasonable and appropriate measures to establish the source of wealth and funds of PEPs

Correspondent Banking

  • Institutions performing correspondent banking services must ensure they are not exposed to money laundering or terrorist financing risks
  • Gather detailed information on respondent banks
  • Scrutinize reputations and supervision of correspondent banks

No Relationship with Shell Banks

  • No relationship is permitted with shell banks for banks and other financial institutions in Malaysia

Non-face-to-face Transactions

  • Institutional policies and procedures to address associated risks
  • Effective identification and verification measures
  • Implement monitoring and reporting mechanisms

Regulatory Reporting and Penalties

Suspicious Activity Reports

  • Submission of SARs to the Financial Intelligence and Enforcement Department (FIEDE) for correspondent banking
  • No reporting requirements specified for other sectors

Penalties

  • Financial implications (RM1m fine for failure to report suspicion)
  • Legal consequences (up to 5 years in jail or both for tipping off)
  • Severe consequences for engaging or assisting in money laundering

External Reporting and Data Protection

  • No statutory obligation for banks to provide an external report on their AML systems and controls
  • The Personal Data Protection Act 2010 introduced in 2013
  • Protections for sensitive personal data, including explicit consent from data subjects for its processing