Financial Crime World

New Rules for Electronic Know-Your-Customer (e-KYC) Procedures Announced by Bank Negara Malaysia

Date: 29 April 2024

Bank Negara Malaysia (BNM) has issued a new policy document on Electronic Know-Your-Customer (e-KYC) procedures along with a set of frequently asked questions (FAQs) on 15 April 2024. This document supersedes the previous policy issued in June 2020.

Application of e-KYC Policy

The e-KYC policy applies to various financial institutions (FIs), including:

  • Licensed banks
  • Investment banks
  • Life insurers
  • Islamic banks
  • Family takaful operators
  • Prescribed development financial institutions
  • Approved issuers of designated payment instruments
  • Approved issuers of Islamic payment instruments
  • Licensed money services businesses

Purpose of the Updated Policy

  • Ensuring safe and secure application of e-KYC technology in the financial sector
  • Facilitating BNM’s oversight capabilities
  • Maintaining effective anti-money laundering, countering financing of terrorism, and countering proliferation financing (AML/CFT/CPF) control measures

FI Obligations

FIs must:

  • Obtain board approval for overall risk appetite and internal framework for implementing e-KYC solutions
  • Use secure and effective authentication factors
  • Identify and verify individuals through document verification, biometric matching, and liveness detection
  • Verify legal entities by establishing business legitimacy, identifying and verifying the entity, the appointed authorized person, and beneficial owners
  • Assess risks and classify potential legal entities
  • Perform due diligence on technology provider and e-KYC solution

Technology Provider Requirements

  • Assessed by an independent external assessor
  • Certified where possible

Continuous Monitoring

  • Address potential e-KYC solution vulnerabilities
  • Meet requirements for higher-risk financial products

Compliance by Money Services Business Sector

Entities in the money services business sector must comply with e-KYC identification and verification requirements for both individuals and legal entities.

Record Keeping

Maintain and make available records of e-KYC solution performance on a monthly basis for BNM review.

Regulatory Process

The regulatory process for FI implementation of e-KYC varies depending on FI type, with some FIs able to implement after 14 working days while others requiring BNM approval.

Enhancements to e-KYC Requirements

  • assessment of three modules of the e-KYC solution by an external independent assessor
  • alternative safeguards for onboarding individuals without existing bank accounts

For further information about e-KYC procedures, refer to the Revised Policy Document and its accompanying FAQs.

About the Authors

  • Lee Ai Hsian: Partner, Banking and Finance Practice, Skrine
  • Javene Fan: Associate, Banking and Finance Practice, Skrine