News and developments
Regulating Malaysia’s FinTech and What to Expect in 2022
By Tiu Gi Gyn
FinTech Landscape in Malaysia
The convergence of financial services and technology is not new as the use of digital innovation in finance sector can be traced back to the 1990s. As advances in technology is evolving, combined with the shift in consumer behaviour and social-economic activities around the world, new business solutions and market opportunities for FinTech have emerged. Over the past decade, we saw large organisations, leading banks and financial institutions in Malaysia expanding their footprint by adopting new technology for their front and back-office systems to meet customers’ demands. Meanwhile, a range of new entrants comprising of local and foreign startups, specialised FinTech companies, consortiums of financial firms in collaboration with technology companies have sprouted rapidly to compete alongside with the traditional financial services providers. These FinTech players are the cornerstones in reshaping payments, money-exchange, lending and wealth management to be more diverse, inclusive, competitive and accessible.
In 2020 and 2021, the FinTech sector thrived significantly as the Covid-19 pandemic and implementation of the Movement Control Order in Malaysia intensified the need for digital connectivity to replace physical interactions between service providers and consumers. According to the Malaysia Fintech Report 2021 published by the Fintech News Malaysia (with reference to statistics obtained from the Central Bank of Malaysia and the Securities Commission Malaysia), the number of FinTech companies in Malaysia have reached 233 in 2020, while the spike in mobile banking usage and cashless payment options became an inevitable trend as consumers continue to adapt the ‘new normal’ to fit their lifestyle. Consequentially, mobile banking transactions grew more than double from RM200 billion in 2019 to RM460 billion in 2020 given the increase in mobile banking subscribers to 20.2 million in 2020 as compared to 17.2 million in 2019. The transaction volume for online banking, e-wallet, and merchant registration for QR code acceptance surged by 49%, 131% and 164% respectively compared to 2019.
Electronic payments and e-wallets are currently leading the FinTech space in Malaysia. Other FinTech sub-sectors are progressively gaining popularity amongst technological-savvy users and retail investors. These sub-sectors include:
Digital fundraising through the Malaysian capital markets
Digital trading and advisory (‘WealthTech’)
InsurTech
There have been significant interests from various startups and companies offering InsurTech solutions such as end-to-end digital insurance, digital insurance broker and financial aggregation business.
Regulators’ Approach to FinTech
The key regulators are the Central Bank of Malaysia (“BNM”) and the Securities Commission Malaysia (“SC”). Both BNM and SC have been supportive of the FinTech ecosystem, working collaboratively with the Malaysia Digital Economy Corporation (“MDEC”) to facilitate digitalisation and create conducive environment for the ecosystem.
In September 2015, the Alliance of FinTech Community (aFINity) was launched by the SC to nurture FinTech development in capital markets. It aims to facilitate interactions between the SC and various FinTech players (including financial institutions, government agencies, startups and investors), where constructive discussions can take place for the FinTech community to explore new ideas and solutions, exchange insights with the SC at policy formulation stage, and obtain clarity on regulatory matters.
The SC also organizes a FinTech conference annually, commonly known as SCxSC Conference (which stands for Synergistic Collaborations by the SC), for policymakers, innovators, investors and financial service providers to come together and promote awareness on local, regional and global FinTech developments and trends.
As the BNM recognises that certain FinTech business models do not fit into any specific legislation, the Regulatory Sandbox was introduced in October 2016 to enable companies and startups to test new ideas and business models in a live environment without worrying about the regulatory impediments, within a tailored authorization process. According to the BNM’s Annual Report 2020, a takaful operator has recently received approval to live test its peer-to-peer family takaful product through the BNM’s Regulatory Sandbox, and 4 other fintech companies have advanced to the preparation stage for live testing of their solutions.
In the third quarter of 2020, MDEC in collaboration with BNM, established FinTech Booster Programme, to assist FinTech startups (both local and foreign) with insights in respect of regulatory compliance, business and technology relevant for developing new products and services.
In order to promote the P2P financing and ECF markets, the Government also plays a part by increasing its investment through the Malaysia Co-Investment Fund (MyCIF) by allocating RM50 million in matching grant for P2P financing and RM30 million matching grant for ECF respectively.
Although the regulators are aware that they need to be flexible to welcome new entrants and take a more business-friendly approach in allowing sectorial growth, both the BNM and the SC are also cautious in their licensing and approval processes, where only new operators with proper capability and resources will be selected to ensure adequate safeguards and system integrity are in place, and to prevent over-crowding in the FinTech space in Malaysia.
Malaysia’s FinTech Regulatory Framework
There is no specific legislation governing the FinTech sector. FinTech companies remain subject to the existing legislations and regulatory framework applicable to the traditional financial services companies depending on the nature of activities undertaken and types of products or services they offer.
It is pertinent to carefully assess the activities in determining which framework would apply. For example, if a FinTech company carries on any regulated activity which involve banking, investment banking, insurance or takaful, payment system and payment instruments, or related activities under the Financial Services Act 2013 (“FSA”) or the Islamic Financial Services Act 2013 (“IFSA”), and money changing and remittance businesses governed under the Money Services Business Act 2011 (“MSBA”), then such FinTech company must observe and comply with the relevant provisions under the FSA / IFSA and MSBA, which are under the BNM’s administration and supervision.
On the other hand, the SC regulates activities that fall under the Capital Markets and Services Act 2007 (“CMSA”) which include, amongst others, the provision of corporate finance, financial planning and/or investment advice, dealing with derivatives, fund/asset management and stockbroking.
It is noted that the licensing regime for FinTech activities can be broadly divided into 3 categories: ‘License’, ‘Approval’ or ‘Registration’, each represents the degree of the regulatory standards based on the risks they may pose to financial and monetary stability, consumer/investor protection and credit/market risk components that may impact the Malaysian economy. “License” being the most stringent and “Registration” are for less risky activities. Some sub-sectors are regulated by more strictly than others. For example, remittance and money exchange service provider are subjected to licensing by BNM[4] as compared to the registration requirement for the provision of merchant acquiring services.[5]
In addition to the above, there are various guidelines and policies formulated by the BNM (issued pursuant section 266 of the FSA and section 277 of the IFSA) and the SC (section 377 of the CMSA confers the power to issue guidelines as the regulator deems fit) respectively. These guidelines and policies serve as guidance for the FinTech players to address issues applicable to their activities.
Below are some of the pertinent regulatory guidelines and policies (non-exhaustive) issued by the BNM:
The Anti-Money Laundering, Anti-Terrorism Financing, and Proceeds of Unlawful Activities Act 2001 (the AMLA 2001), which took effect on January 2, 2018, any transaction involving the local currency or any foreign currency above the amount specified by the competent authority must be kept on file or promptly reported to the competent authority. The BNM also released the Digital Currencies (Sector 6) Anti-Money Laundering and Counter-Terrorism Financing Regulations. The Sector 6 Policy Document establishes minimal rules and standards that a reporting institution must adhere to in order to improve the transparency of digital currency transactions, including risk assessment and customer due diligence.
The BNM issued an electronic know-your-customer (e-KYC) policy document (e-KYC Policy Document) on June 30, 2020, that is applicable to all financial institutions and sets out the minimum requirements and standards that a financial institution must follow when implementing e-KYC for the identification and verification of individuals. The e-KYC Policy Document, outlines the requirements for FinTech services providers to obtain board approval on its overall risk appetite and internal mechanism governing the implementation of e-KYC which impose accountability on the board, to use an appropriate combination of authentication factors to verify a customer's identity through e-KYC, and to use artificial intelligence to automate the decision to verify a customer's identity through e-KYC.
Other than the above, the SC issued comprehensive regulatory guidelines and policy documents for recognised market operators (“RMOs”), digital currencies and digital assets ecosystem players, digital investment management (“DIMs”) and the most recently, the licensing framework for digital banking.
The SC first issued the Guidelines for Recognised Market Operators on 11 December 2015 (“RMO Guidelines”). A recognised market covers alternative trading venue, marketplace or facility that brings together purchasers and sellers of capital market products. Save for an IEO operator which is subject to registration under the DA Guidelines, all operators for ECF, P2P, DAX, PCF and E-Services platform (“ESP”) are required to register as a recognised market operator pursuant to section 34 of the CMSA, and adhere to the ongoing terms and obligations set out in the RMO Guidelines. The RMO Guidelines have been recently revised effectively on 22 November 2021 aim to:
The Capital Markets and Services (Prescription of Securities) (Digital Currency and Digital Token) Order 2019 came into force on 15 January 2019 (“Order”). Pursuant to the Order, all digital currencies and digital tokens that satisfy the requirements in the Order are prescribed as securities for purposes of securities laws. Additionally, the SC issued the Guidelines on Digital Assets (“DA Guidelines”) in October 2020. In line with digital currencies and digital tokens being prescribed as securities, these DA Guidelines set out the requirements relating to fundraising activity through digital token offering, operationalisation of IEO platform and provision of digital asset custodian (DAC) functions. Any person who intends to make available, offer for purchase, or issue an invitation to purchase digital currencies or tokens needs to seek the SC’s authorisation and obtain prior approval from an IEO operator. An IEO operator acts as an adviser, book runner and underwriter for companies that wish to raise up to RM100 million for innovative blockchain projects through digital tokens issuance. As IEO operator has similar roles as investment banks, it would require an IEO licence and compliance with the stringent requirements relevant to IEO as set out under the DA Guidelines. Since the SC’s introduction of a new framework for IEO operators in October 2020, companies that have applied for an IEO licence, amongst others include, Green Packet Bhd, Managepay Systems Bhd, MyEG Services Bhd and Wetokenize Sdn Bhd.
The CMSA 2007 regulates a DIM, which is a type of fund management. Section 58 of the CMSA 2007 requires DIM firms who provide automated discretionary portfolio management services to apply for a Capital Market Services Licence (“CMSL”) from the SC. Chapter 13 of the Compliance Fund Management Companies Guidelines imposes additional requirements on the DIM, as well as its board of directors and compliance officer, in addition to the requirements that fund management companies are typically subject to in the Guidelines on Compliance Function for Fund Management Companies issued on 14 March 2005 (revised on 4 May 2019, and the latest revision issued on 21 December 2021 with specific amendments relating to rebates and soft commissions to streamline the Guidelines on Unit Trust Funds is scheduled to take effect by 1 March 2022) (“FMC Guidelines”). StashAway Malaysia was the first DIM to get a CMSL in order to begin operations in 2018.
Digital banks and Islamic digital banks must apply for a licence with the BNM pursuant to Section 10 of the FSA or Section 10 IFSA (whichever applicable). BNM issued the a more simplified Licensing Framework for Digital Banks (“DBL Framework”) in December 2020, which outlines the procedures for applications to establish a digital bank in Malaysia. The DBL Framework emphasises on financial inclusion, requiring applicants for a digital banking licence to provide quality access and responsible use of financial services, particularly to underserved or unserved markets such as retail, micro, small, and medium businesses, in a long-term manner.
Future of Malaysia’s FinTech
On July 2, 2021, the BNM announced via its press release that a total of 29 applicants have submitted proposals for digital banking licences. Barring any difficulties, the highly anticipated event for 2022 would be that, Malaysia will become the second country in ASEAN to issue digital banking licenses, after Singapore which issued 4 digital banking licences in 2020. In 2019, Hong Kong led the Asia Pacific area with 8 licences issued. The BNM intends to grant a maximum of 5 digital banking licences to qualifying candidates, each with a RM3 billion asset threshold requirement for the first 5 years of operation. This serves as a fundamental phase for licensees to establish their viability and solid operations, as well as for the Bank to monitor the licenced digital banks' performance and associated risks.
In line with industry digitalisation efforts, the regulators have been playing pivotal roles to strengthen Malaysia’s capabilities and growth in the areas of FinTech and enforcement:
In conclusion, the competition in the banking and finance sector will undoubtedly be very steep going forward. Balancing competition, service efficiency and market stability would likely be a challenge given that FinTech in Malaysia is still in its infancy stage, while regulators will have to constantly adapt and change its regulatory perimeters to deal with emerging providers from time to time.
[1] ECF Statistics as at September 2021, Securities Commission Malaysia.
[2] P2P Statistics as at September 2021, Securities Commission Malaysia.
[3] Securities Commission Malaysia Annual Report 2020.
[4] Section 4 of the MSBA.