In 2024, Bank Negara Malaysia amended the policy documents on Anti-Money Laundering, Countering Financing of Terrorism and Targeted Financial Sanctions to include countering proliferation financing (“PF”).
In the same year, the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Amendment Bill 2024 (“Bill”) was tabled in Parliament for its first reading[1], and Malaysia launched its fifth national risk assessment, an update to the previous assessment in 2020 (“NRA 2020”). Malaysia’s national risk assessment is a periodic and centralised risk evaluation conducted under the purview of the National Coordination Committee to identify, assess, and mitigate the nation’s exposure to money laundering (“ML”), terrorism financing (“TF”), and PF risks.
This article provides a quick introduction to PF, summarises the key findings from the NRA 2023, highlights key changes in the financial sector during this period, and briefly outlines the future risk trajectory of the financial sector.
1. Proliferation Financing
Bank Negara Malaysia defines PF as the act of raising, moving, or making available funds, other assets or other economic resources, or financing, in whole or in part, to persons or entities for purposes of weapons of mass destruction (“WMD”) proliferation, including the proliferation of their means of delivery or related materials (including both dual-use technologies and dual-use goods for non-legitimate purposes).
While PF is not a new concept, distinguishing it as a separate issue from ML and TF now requires specific risk assessments catered towards PF risks. As indicated by the Financial Action Task Force (“FATF”), proliferation of WMD poses a significant threat to international peace and security. FATF Recommendations require countries and the private sector to:
- identify, and assess the risks of potential breaches, non-implementation or evasion of the targeted financial sanctions related to PF, and
- take appropriate mitigating measures commensurate with the level of risks identified.
How is PF different from TF?
TF targets the “who”. TF is the act of providing financial support to terrorists or terrorist organisations to enable them to carry out terrorist acts or to benefit any terrorist or terrorist organisation (Bank Negara Malaysia).
PF is much wider than that, the risks are not just limited to terrorists or terrorist organisations. Funds and economic resources may be channelled through organisations, enterprises, or other entities which are not associated with terrorism. The moving of funds, however, through these entities, could be used towards fuelling the manufacture or distribution of WMD.
Unlike ML, the sources of funds for TF and PF can be derived from legitimate sources, for example, through salaries, revenue from legitimate business or donations including through non-profit organisations.
How to assess PF risks?
The methodology for conducting PF risk assessments is similar to that of ML and TF, i.e. risk assessment based on (a) customer risk; (b) country or geographical risk; (c) products and services risk; (d) transactions or delivery channels; and (e) any other information suggesting the customer is of higher risk.
As always, a thorough understanding of the customer is an important first step. In this regard, attention should be paid to “purpose of transaction” and the circumstances surrounding the transaction. When conducting an enterprise wide risk assessment, entities should pay attention to the entire operations of the entity, and this is where data analytics is crucial. It is important to bear in mind that a risk-based approach recognises there is no one-size-fits all approach in developing PF controls, and every entity is to manage its own resources and apply preventive measures that are commensurate to its risks.
An entity can channel more resources, from labour to capital expenditure, to high priority risks. This is particularly useful for start-ups with limited resources. As the entity decides its own risk mitigation processes, a fintech start-up with engineering capabilities may choose to engineer systems to automate reports and hire fewer compliance personnel. AML controls for lower rated risks may be reduced, which means the entity still meets the minimum required standards, but the degree, frequency, or intensity of the controls are lighter (FATF’s Guidance for a Risk-Based Approach, The Banking Sector (FATF, 2014).
2. NRA 2023
Scope and Methodology
Consistent with the scope and methodology adopted in the NRA 2020, the NRA 2023 consists of 2 risk assessments:
Each assessment is based on a wide range of quantitative and qualitative sources including, among others, ML prosecutions, investigation papers, financial intelligence, literature review, etc.
Key Findings of the NRA 2023
Key Changes in the Financial Sector since the NRA 2020
Labuan Banking Institutions (ML)
Labuan Money Brokers (ML/TF)
Pawnbrokers (TF)
Insurance Intermediaries (ML/TF)
Banking Institutions (TF)
Money Services Business (ML)
DPI Issuers (ML/TF)
Future Outlook of the Financial Sector
Our thoughts
The NRA 2023 also serves as a crucial navigational tool for high-risk industries in the private sector, helping them better understand the ML/TF/PF risks within their own operations, as well as those in sectors with which they interact.
A key area that could prove invaluable in strengthening the nation’s anti-ML, TF, and PF framework is the establishment of more robust public-private partnerships to bridge information gaps by enabling shared data analytics, secure information exchange and enhanced data mining capabilities, ultimately leading to more effective risk assessment and mitigation against the evolving risk landscape.
DFDL Compliance and Investigations Practice Group
DFDL’s compliance and investigations practice works side-by-side with other practice groups and leverages our expertise across a range of compliance risks including data protection, cyber security, anti-bribery and anti-corruption, anti-money laundering, legal design for UX/UI compliance, and human rights supply-chain due diligence. With our extensive experience in Asian emerging markets we can help in proactively assessing compliance risks, developing policies and procedures, as well as support with compliance failure mitigation and investigations.
[1] The Bill introduces new provisions in relation to, among others, proliferation financing and preventative measures to safeguard the nation’s financial system from being misused for criminal purposes.
[2] Sectors that are most vulnerable due to high exposure to ML/TF risks, given the size of the sector, its nature of business and the likelihood of ML/TF occurrences.
[3] Referred to as the ‘non-financial sectors’, including casinos, gaming outlets, registered estate agents, dealers in precious metals or precious stones, and gatekeeping service providers.
[4] These include, among others, jewellers, luxury jewellery/watch retailers, bullion dealers, jewellery manufacturers/wholesalers, etc.
The information provided here is for information purposes only and is not intended to constitute legal advice. Legal advice should be obtained from qualified legal counsel for all specific situations.
