- The Capital Markets and Services (Prescription of Securities) (Digital Currency and Digital Token) Order 2019, issued by the minister of finance on 8 January 2019 in exercise of the powers conferred by Capital Markets and Services Act 2007;
- The Guidelines on Recognised Markets, revised by the Securities Commission Malaysia on 17 May 2019 pursuant to the Capital Markets and Services Act 2007;
- The Guidelines on Digital Assets, revised by the Securities Commission Malaysia on 28 October 2020 pursuant to the Capital Markets and Services Act 2007;
- The Capital Markets and Services Act 2007;
- The Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA); and
- The Anti-Money Laundering and Counter Financing of Terrorism (AML/CFT) – Digital Currencies (Sector 6) issued by the Central Bank of Malaysia.
Currently, the Guidelines on Recognised Markets revised by the Securities Commission Malaysia on 17 May 2019 govern entities that provide services relating to digital assets.
Under the guidelines, an entity that wishes to provide services relating to digital assets must be registered and approved as a recognised market operator (RMO) by the Securities Commission.
As per the guidelines, the Securities Commission merely allows digital asset exchange operators to register as RMOs.
On 28 October 2020 the Securities Commission revised the Guidelines on Digital Assets to allow and regulate the operation of initial exchange offerings (IEOs) and digital asset custodians (DACs). Under the revised guidelines, interested parties may register as an IEO platform operator or DAC and submit their applications to the Securities Commission on or before 15 February 2021, at the time of writing.
Save and except as mentioned above, the Securities Commission expressly prohibits the operation of offering or crowdfunding activities involving digital asset such as initial coin offerings (ICOs).
The Securities Commission of Malaysia is the primary regulator and enforcement agency that is responsible for governing and enforcing the applicable laws and regulations relating to digital assets. However, the Securities Commission will only look into matters concerning securities per se.
Other governmental agencies possess enforcement powers under the same laws, such as AMLA. For example, the Central Bank of Malaysia and the Malaysian Anti-corruption Commission have jurisdiction to freeze bank accounts under AMLA should the subject matter concern illegal proceeds originating from corruption or money laundering.
In general, if there is any general criminal conduct – regardless of whether it involves digital asset or other activities, such as fraud – the Royal Malaysia Police has the power to take necessary action under all applicable laws, including AMLA.
It is evident from the overall development and legal treatment of digital assets that the regulators are relatively conservative in their approach, in comparison to their counterparts in neighbouring jurisdictions, such as Singapore and Thailand. However, due to the rapid development and growing acceptance of digital assets by the public, the regulators have been forced to enact relevant laws and regulations in order to regulate and control the application of digital assets in Malaysia.
To date, the Securities Commission has merely regulated one prescribed activity in relation to digital assets: digital asset exchange.
In order to promote responsible innovation in the digital asset industry and to manage emerging risks that the public at large may encounter, the Securities Commission has revised and issued the Guidelines on Digital Assets to make provision for the issuance of IEO. This may be seen as a positive and welcoming approach to the digital asset industry.
We have yet to see any notable enforcement action in relation to digital assets in Malaysia. However, the Securities Commission maintains and publishes from time to time an investors’ alert list of persons who are operating a recognised market without authorisation or carrying on regulated activities without a licence, such as persons operating a digital asset exchange or conducting ICO activity.
In Malaysia, ‘virtual currencies’ have been legally defined as ‘securities’ as per the Capital Markets and Services (Prescription of Securities) (Digital Currency and Digital Token) Order 2019, with the generic name of ‘digital currency’/‘digital token’ or, more commonly, ‘digital assets’.
In summary, a ‘digital asset’ is a digital representation of value or otherwise which is recorded on distributed ledger technology, whether cryptographically secured or otherwise.
A lawsuit is pending in the Malaysian courts involving the definition and/or judicial treatment of digital assets. Robert Ong Thien Cheng v Luno Pte Ltd was initiated in the Sessions Court of Malaysia, where Luno filed a claim against Ong to return Bitcoins that had been mistakenly transferred by Luno. Luno won in the Sessions Court.
Ong appealed unsuccessfully to the High Court of Malaya. He filed a final appeal to the Court of Appeal, where the matter is now pending. The main argument of law articulated in the High Court was whether Bitcoin is a ‘thing’ capable of being returned under Section 73 of the Contracts Act 1950, which states: “Liability of a person to whom money is paid, or thing delivered, by mistake or under coercion, must repay or return it” (emphasis added).
The High Court judge who heard the appeal from the Sessions Court – the Honourable Gunalan A/L Muniandy v agreed with the Sessions Court judge that cryptocurrency is a form of commodity as real money, even though it is not legal tender.
However, he went on to decide that as cryptocurrencies have been defined as securities in Malaysia, there is indeed value attached to Bitcoins, in the same way that value is attached to shares. In short, Bitcoin is thus a ‘thing’ that is capable of being returned under the Contracts Act.
This is the latest judicial treatment of cryptocurrency to date; the decision of the Court of Appeal – the second-highest ranking court of law in Malaysia after the Federal Court – is now awaited.
The regulator does not differentiate between initial coin offerings and securities token offerings in Malaysia, as cryptocurrencies have been defined as securities. Therefore, all kinds of cryptocurrencies are securities in Malaysia and fall under the purview and jurisdiction of the Securities Commission.
There are no clear guidelines or regulations concerning stablecoins or stable tokens. They will thus still fall under the category of securities.
Electronic money falls under the jurisdiction of the Central Bank of Malaysia. The Central Bank has made it very clear that cryptocurrency is not legal tender in Malaysia.
From the users’ market perspective, the mainstream digital assets in Malaysia appear to be Bitcoin, Ethereum and USDT. However, the Securities Commission has only allowed four kinds of digital assets to be listed and traded on the country’s three licensed exchanges: Bitcoin, Ethereum, XRP and Litecoin.
Currently, licensed exchange operators merely offer trading and wallet services.
However, pursuant to the new Guidelines on Digital Assets, the Malaysian market may soon offer digital asset custodian services.
In general terms, digital asset service providers in Malaysia must be incorporated in the form of private companies limited by shares, and with a competent board of directors whose members fulfil the fit and proper criteria determined by the Securities Commission from time to time. The board of directors has the primary responsibility of overseeing the company’s operations and the conduct of management team members.
Service providers are generally financed by shareholders’ funds. The Securities Commission also requires that companies have a certain minimum amount of paid-up capital before approval may be granted. A company must further obtain prior approval from the Securities Commission in advance of any changes in the composition of the board of directors or changes to shareholdings that will result in a direct or indirect change of controlling rights.
Digital asset exchange operators (DAXOs) must apply to the Securities Commission to become licensed DAXOs under the category of recognised market operator pursuant to the Guidelines on Recognised Markets revised by the Securities Commission on 17 May 2019.
A DAXO is allowed to accept legal currency (ie, ringgit) from users, to be deposited into a trust account that is maintained with a licensed financial institution or bank.
Each DAXO must submit its market abuse policy prior to grant of a licence and must adhere to this policy at all material times The Guidelines on Recognised Markets set out the general principles for various policies to be implemented, but the details of execution are subjective, depending solely on the views and approval of the Securities Commission.
The banking industry in Malaysia is not prepared to accept digital assets. In fact, Malaysian banks will close a client’s bank account directly if they discover from their ongoing know-your-client monitoring that the account contains funds generated by digital assets.
Labuan is a federal territory designated as an offshore special economic zone by the federal government. It is situated in the state of Sabah, located to the east of Malaysia. The Labuan Financial Services Authority does issue licences for the operation of businesses involving digital assets, such as credit token licences and money broker licences. However, those licensed business entities in Labuan are reportedly experiencing difficulties in opening and maintaining bank accounts with Malaysian financial institutions.
Malaysian banks have adopted an extremely conservative approach towards digital assets – primarily due to the stringent duties and obligations imposed by the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 and the strict anti-money laundering policies imposed by the Central Bank of Malaysia.
No meaningful answer can be provided at this point in time, as it would be based on speculation only.
Although digital assets are not recognised as legal tender in Malaysia, there are no provisions or guidelines that prohibit or restrain the use and acceptance of digital assets as consideration for the sale of goods or provision of services.
The main implications that the mainstream adoption of digital assets might have for the banking system are from a commercial perspective, such as conversion from conventional fiat-related products (eg, fixed deposits, bonds, unit trusts) to digital assets – perhaps with a higher appreciation of value and investment return.
None of these are currently regulated or indeed available in Malaysia.
Malaysia has no specific legislation that governs or promotes blockchain technology. The personal data protection and legality of smart contracts could hinge on the potential legal issues associated with its use. As yet, however, blockchain technology has not been adopted widely in either the public or private sector.
A mere technology service provider to licensed entities will not be considered a licensed or registered person under the applicable guidelines.
The existing legislation pertaining to technology-based crimes does not sufficiently cover the adoption of blockchain technology and digital assets. As such, in the event of a cyber-crime involving or requiring a definition of ‘blockchain technology’, the existing legal definitions may not sufficiently or succinctly close potential legal loopholes.
The Personal Data Protection Act 2010 (PDPA) was approved by the Parliament on 5 April 2010 and received royal assent on 16 June 2010.
The PDPA regulates the processing of personal data by users in commercial transactions and protects the interests of data subjects.
The PDPA makes no specific or special provision for digital assets. As far as commercial transactions are concerned, any personal data collected will therefore fall under the purview of the PDPA and all provisions thereof must be observed.
The cybersecurity legislative framework in Malaysia consists of the following, among others:
- the Digital Signature Act 1997;
- the Computer Crimes Act 1997;
- the PDPA;
- various offences under the Penal Code; and
- the Communications and Multimedia Act 1998.
As far as digital assets are concerned, in the event of criminal conduct involving digital assets – including ransomware or fraud – the Computer Crimes Act and Penal Code can address this situation.
However, the cyber-related laws make no provision for digital assets specifically, except in relation to securities law offences.
The Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA) is the main statute dealing with money laundering and all forms of financial crime.
Pursuant to AMLA, the Securities Commission and the Central Bank of Malaysia have issued relevant guidelines and policies to require designated reporting institutions – such as licensed exchange operators, financial institutions and banks, lawyers and accountants – to comply with the duties and obligations set out in such guidelines or policies.
For example, reporting institutions must conduct know-your-client (KYC) and extended KYC procedures in accordance with the principles and framework enacted by the authorities. Reporting institutions must also file a suspicious transaction report with the competent authorities if they have reason to believe that any transaction is suspicious.
On 31 December 2019, the National Anti-Financial Crime Centre Act 2019 received royal assent. This statute provides for the establishment of the National Anti-Financial Crime Centre and for the coordination of integrated operations relating to financial crime between the relevant government entities and enforcement agencies.
The consumer protection legislation in Malaysia consists of the Consumer Protection Act 1999 and the Contracts Act 1950. However, the Consumer Protection Act makes no specific provision for digital assets. The legal definition of ‘digital assets’ from a contractual perspective, as discussed in question 2.1, will also be of relevance here.
None, except as regard the legal treatment of digital assets from a contractual perspective – in particular, whether they are capable of being returned, restored or recovered under the law, in order to protect the rights of consumers.
Not at this moment.
On 13 May 2019 the Inland Revenue Board of Malaysia (IRB) published its Guidelines on Taxation of Electronic Commerce Transactions. As yet there are no specific provisions in the Income Tax Act 1967 that govern e-commerce transactions.
In the guidelines, the IRB has adopted a similar legal definition of ‘digital assets’ to that set out in the Capital Markets and Services (Prescription of Securities) (Digital Currency and Digital Token) Order 2019.
The IRB then addresses activities involving digital assets, which include the following:
- mining digital currencies or digital tokens; and
- buying and selling digital currencies or digital tokens.
These activities are categorised as ‘e-commerce transactions’ under the guidelines.
The guidelines further state that any income relating to e-commerce transactions is deemed to be derived in Malaysia if it is associated with any activities conducted in Malaysia, regardless of whether the income is received in Malaysia or otherwise. Therefore, any income received or obtained from the above activities involving digital asset will be subject to income tax.
The current approach to digital assets in Malaysia is relatively conservative, so the landscape has been slow to develop. Prior to any interference by the regulator, Malaysians were actively involved in the trading of digital assets and fundraising activities using digital assets. However, this also led to a significant increase in frauds and scams, which became an issue requiring urgent action by the regulator. This led to the issue of the latest guidelines by the Securities Commission to regulate digital assets.
However, it should be made clear that the regulator does not interfere with or regulate the use of digital assets as a payment method or medium in commercial or business activities.
In view of the emerging risks in the digital asset industry, the Securities Commission has revised and issued the Guidelines on Digital Assets, to allow and regulate initial exchange offerings and digital asset custodians. Any application must be made to the Securities Commission on or before 15 February 2021. It is anticipated that the Securities Commission may further enhance the guidelines thereafter.
On another note, there are rumours that the Securities Commission is preparing to regulate the operation of digital asset wallet operators in Malaysia. However, this has yet to be officially announced by the Securities Commission.
Digital asset service providers and operators that intend to enter Malaysia should seek trusted legal advice, given that this is a relatively new area of law in Malaysia. They should inform themselves of the various licences and approvals that may be granted under the existing regulations, whether in Malaysia (onshore) or Labuan (offshore).
The Securities Commission treats the emergence of digital assets in the securities industry seriously, in order to protect and safeguard the interests of investors and the general public.