AML/CFT Compliance Solutions

If your organisation is a reporting institution under AMLA, you are required to appoint a compliance officer, train your staff, and keep records that prove both. We cover all three: self-paced awareness e-learning for staff, professional training for your compliance officer, and an outsourced Compliance Officer if you would rather not hire one.

Reporting institutions DNFBPs Money services businesses HRD Corp claimable

HRD Corp Registered Training Provider Malaysia HRD Corp SBL-Khas Claimable

AML/CFT is not the same as anti-bribery.

AML/CFT sits under AMLA and is supervised by Bank Negara Malaysia. It is about customer due diligence, suspicious transaction reporting, and the compliance officer role.

Anti-bribery sits under the MACC Act, including Section 17A corporate liability. If that is what you are looking for, go to Integrity & Governance Solutions instead.

Many organisations need both.

Are you a reporting institution?

If you fall into one of these groups, AMLA obligations apply to you. For DNFBPs they are generally triggered once a transaction reaches a defined threshold, or when you facilitate a specified category of activity.

Financial and non-bank financial institutions

Banks, insurers, credit providers, and other institutions supervised by Bank Negara Malaysia.

Money services businesses

Remittance operators, money changers, and currency exchange licensees under the Money Services Business Act.

Payment and e-money providers

E-money issuers, e-wallet operators, merchant acquirers, and fintechs handling customer funds.

DNFBPs

Lawyers, accountants, company secretaries, real estate agents, and dealers in precious metals and stones.

What AMLA expects of you

A reporting institution is expected to run an AML/CFT compliance programme. In practice that comes down to the following.

Appoint a compliance officer

The compliance officer is the reference point for AML/CFT matters and carries primary responsibility for submitting suspicious transaction reports to Bank Negara Malaysia. The appointment, or any change to it, must be notified to BNM in writing within 10 working days.

Train your staff, and prove it

Ongoing awareness training for staff who deal with customers or transactions, with records to evidence who was trained and when. The record is what a supervisor asks for.

Customer due diligence

Know who your customer is, understand the purpose of the relationship, and apply enhanced scrutiny where the risk is higher.

Report suspicious transactions

Escalate and report suspicious transactions, and understand the tipping-off prohibition. Staff need to know what a red flag looks like and what to do when they see one.

Keep records

Retain customer and transaction records so that they can be reconstructed and produced on request.

Review and sustain the programme

Risk assessments, policy updates, and refresher training as the business and the guidance change. This is not a one-off exercise.

How we help

Three parts. Take one, or take all three as a programme.

For your staff

AML/CFT awareness e-learning

Self-paced awareness training for every employee who deals with customers or transactions. Runs on our LMS, so staff complete it on any device, sit an assessment, and receive a verifiable certificate. You get completion reports by department, which is the record a supervisor will ask to see.

  • Money laundering red flags
  • Customer transaction risk indicators
  • Suspicious transaction reporting
  • The tipping-off prohibition

For your compliance officer

Compliance officer training

Professional training for the person carrying the compliance officer responsibility. Two levels, depending on whether they are new to the role or already running a programme and need to go deeper on risk assessment and supervisory expectations.

  • The compliance officer's legal duties
  • Building the AML/CFT programme
  • Risk assessment and CDD in practice
  • Handling and filing an STR

If you would rather not hire

Compliance Officer as a Service

We designate an experienced officer for your organisation on a retainer or on-demand basis instead of a full-time hire. We run the risk assessment, handle the BNM notification, put the compliance programme in place, and stay on for monitoring and reporting.

  • Qualified officer designated for you
  • BNM notification handled
  • Policies, monitoring, and reporting
  • Retainer or on-demand

How an engagement works

If you take the full programme, this is the sequence.

1

Assess

We review your operations against your AMLA obligations and tell you where the gaps are. If you are already compliant, we say so rather than manufacture work.

2

Appoint

Either we train your own compliance officer, or we designate one of ours. If it is ours, we handle the notification to Bank Negara Malaysia within the required timeline.

3

Train

Staff awareness training goes out on the LMS. Everyone completes it at their own pace, sits the assessment, and receives a certificate. You receive the completion report by department.

4

Sustain

Refresher cycles, updated risk assessments, and reporting as the business changes and BNM guidance moves. The training record keeps building, which is the point.

Common questions

Who is a reporting institution under AMLA?

Financial and non-bank financial institutions, money services businesses, e-money issuers and payment providers, and DNFBPs. DNFBPs means lawyers, accountants, company secretaries, real estate agents, and dealers in precious metals and stones. For DNFBPs the obligations are generally triggered once a transaction reaches a defined threshold, or when the firm facilitates a specified category of activity.

Does my company need to appoint an AML compliance officer?

If you are a reporting institution, yes. The compliance officer is the reference point for AML/CFT matters and carries primary responsibility for submitting suspicious transaction reports to Bank Negara Malaysia. The appointment, or any change to it, must be notified to BNM in writing within 10 working days.

Can the compliance officer role be outsourced?

We provide a Compliance Officer as a Service arrangement, where an experienced officer is designated for your organisation on a retainer or on-demand basis rather than a full-time hire. We run the risk assessment, handle the BNM notification, implement the compliance programme, and manage ongoing monitoring and reporting.

Is AML/CFT staff training mandatory?

Reporting institutions are expected to run an AML/CFT compliance programme that includes ongoing staff awareness training, with records to evidence it. We deliver this as self-paced e-learning on our LMS, with an assessment and a verifiable certificate for each participant and completion reports by department.

Is AML/CFT training HRD Corp claimable?

Yes. We are an HRD Corp registered training provider and the training content is claimable under the SBL-Khas scheme. We supply the documentation needed to support your eTRiS claim.

How is this different from anti-bribery compliance?

They are separate regimes with different regulators. AML/CFT sits under AMLA and is supervised by Bank Negara Malaysia, covering customer due diligence, suspicious transaction reporting, and the compliance officer role. Anti-bribery sits under the MACC Act, including the Section 17A corporate liability provision, and concerns bribery, gratification, and adequate procedures. If you need that instead, see Integrity & Governance Solutions. Plenty of organisations need both.

Not sure whether AMLA applies to you?

Tell us what your business does and how many staff you have. We will tell you whether you are a reporting institution, what you are actually required to do, and what it would cost to get there.