If your organisation is a reporting institution under AMLA, you are required to appoint a compliance officer, train your staff, and keep records that prove both. We cover all three: self-paced awareness e-learning for staff, professional training for your compliance officer, and an outsourced Compliance Officer if you would rather not hire one.
HRD Corp SBL-Khas Claimable
AML/CFT is not the same as anti-bribery.
AML/CFT sits under AMLA and is supervised by Bank Negara Malaysia. It is about customer due diligence, suspicious transaction reporting, and the compliance officer role.
Anti-bribery sits under the MACC Act, including Section 17A corporate liability. If that is what you are looking for, go to Integrity & Governance Solutions instead.
Many organisations need both.
If you fall into one of these groups, AMLA obligations apply to you. For DNFBPs they are generally triggered once a transaction reaches a defined threshold, or when you facilitate a specified category of activity.
Financial and non-bank financial institutions
Banks, insurers, credit providers, and other institutions supervised by Bank Negara Malaysia.
Money services businesses
Remittance operators, money changers, and currency exchange licensees under the Money Services Business Act.
Payment and e-money providers
E-money issuers, e-wallet operators, merchant acquirers, and fintechs handling customer funds.
DNFBPs
Lawyers, accountants, company secretaries, real estate agents, and dealers in precious metals and stones.
A reporting institution is expected to run an AML/CFT compliance programme. In practice that comes down to the following.
Appoint a compliance officer
The compliance officer is the reference point for AML/CFT matters and carries primary responsibility for submitting suspicious transaction reports to Bank Negara Malaysia. The appointment, or any change to it, must be notified to BNM in writing within 10 working days.
Train your staff, and prove it
Ongoing awareness training for staff who deal with customers or transactions, with records to evidence who was trained and when. The record is what a supervisor asks for.
Customer due diligence
Know who your customer is, understand the purpose of the relationship, and apply enhanced scrutiny where the risk is higher.
Report suspicious transactions
Escalate and report suspicious transactions, and understand the tipping-off prohibition. Staff need to know what a red flag looks like and what to do when they see one.
Keep records
Retain customer and transaction records so that they can be reconstructed and produced on request.
Review and sustain the programme
Risk assessments, policy updates, and refresher training as the business and the guidance change. This is not a one-off exercise.
Three parts. Take one, or take all three as a programme.
For your staff
AML/CFT awareness e-learning
Self-paced awareness training for every employee who deals with customers or transactions. Runs on our LMS, so staff complete it on any device, sit an assessment, and receive a verifiable certificate. You get completion reports by department, which is the record a supervisor will ask to see.
For your compliance officer
Compliance officer training
Professional training for the person carrying the compliance officer responsibility. Two levels, depending on whether they are new to the role or already running a programme and need to go deeper on risk assessment and supervisory expectations.
If you would rather not hire
Compliance Officer as a Service
We designate an experienced officer for your organisation on a retainer or on-demand basis instead of a full-time hire. We run the risk assessment, handle the BNM notification, put the compliance programme in place, and stay on for monitoring and reporting.
If you take the full programme, this is the sequence.
Assess
We review your operations against your AMLA obligations and tell you where the gaps are. If you are already compliant, we say so rather than manufacture work.
Appoint
Either we train your own compliance officer, or we designate one of ours. If it is ours, we handle the notification to Bank Negara Malaysia within the required timeline.
Train
Staff awareness training goes out on the LMS. Everyone completes it at their own pace, sits the assessment, and receives a certificate. You receive the completion report by department.
Sustain
Refresher cycles, updated risk assessments, and reporting as the business changes and BNM guidance moves. The training record keeps building, which is the point.
Who is a reporting institution under AMLA?
Financial and non-bank financial institutions, money services businesses, e-money issuers and payment providers, and DNFBPs. DNFBPs means lawyers, accountants, company secretaries, real estate agents, and dealers in precious metals and stones. For DNFBPs the obligations are generally triggered once a transaction reaches a defined threshold, or when the firm facilitates a specified category of activity.
Does my company need to appoint an AML compliance officer?
If you are a reporting institution, yes. The compliance officer is the reference point for AML/CFT matters and carries primary responsibility for submitting suspicious transaction reports to Bank Negara Malaysia. The appointment, or any change to it, must be notified to BNM in writing within 10 working days.
Can the compliance officer role be outsourced?
We provide a Compliance Officer as a Service arrangement, where an experienced officer is designated for your organisation on a retainer or on-demand basis rather than a full-time hire. We run the risk assessment, handle the BNM notification, implement the compliance programme, and manage ongoing monitoring and reporting.
Is AML/CFT staff training mandatory?
Reporting institutions are expected to run an AML/CFT compliance programme that includes ongoing staff awareness training, with records to evidence it. We deliver this as self-paced e-learning on our LMS, with an assessment and a verifiable certificate for each participant and completion reports by department.
Is AML/CFT training HRD Corp claimable?
Yes. We are an HRD Corp registered training provider and the training content is claimable under the SBL-Khas scheme. We supply the documentation needed to support your eTRiS claim.
How is this different from anti-bribery compliance?
They are separate regimes with different regulators. AML/CFT sits under AMLA and is supervised by Bank Negara Malaysia, covering customer due diligence, suspicious transaction reporting, and the compliance officer role. Anti-bribery sits under the MACC Act, including the Section 17A corporate liability provision, and concerns bribery, gratification, and adequate procedures. If you need that instead, see Integrity & Governance Solutions. Plenty of organisations need both.
Tell us what your business does and how many staff you have. We will tell you whether you are a reporting institution, what you are actually required to do, and what it would cost to get there.