Malaysia

Identity Verification & KYC For Malaysia

Q: Is MyKad sufficient for AMLA-compliant onboarding?

Yes. MyKad is the primary identity document for Malaysian citizens and commonly used for customer due diligence under BNM AML/CFT requirements.

Q: Can foreigners onboard using passports?

Yes. Foreign passports must be supported by valid immigration documentation where applicable.

Q: What is the STR reporting authority in Malaysia?

Suspicious Transaction Reports are submitted to Bank Negara Malaysia pursuant to AMLA.

Q: What documents are required for KYB in Malaysia?

Typically SSM company profile, certificate of incorporation, directors/shareholders listing and beneficial ownership register information.

Q: How long must AML records be retained?

Reporting institutions must retain records for at least five years under AMLA.

Q: How are bin/binti names handled in screening?

Matching logic accounts for patronymic naming structures to reduce false positives.

Q: Does Malaysia require local data residency?

PDPA governs personal data processing. Organisations may adopt local hosting strategies depending on sectoral requirements.

Q: What causes onboarding drop-off in Malaysia?

Poor MyKad image capture and inconsistent name formatting are common operational friction points.

Built for reporting institutions regulated under the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA), supervised by Bank Negara Malaysia (BNM) and the Securities Commission Malaysia (SC).

Operational performance for Malaysia KYC

Our Numbers Speak Volumes

97.78%

Pass rates

< 5 secs

IDV
Verification

75%

eIDV
Verification

Evidence-Ready Checks Across People & Businesses

Individual Documents We Verify

We Verify 20+ Individual Documents of Malaysia

Lihat semua Dokumen yang disokong

MyKad (Malaysian Identity Card)

Primary identity document for Malaysian citizens under the National Registration Act 1959; chip-based smart card used for core customer due diligence under AMLA and BNM e-KYC requirements.

MyPR (Permanent Resident Identity Card)

Issued to permanent residents; used for identity and residency verification in regulated onboarding.

MyKAS (Temporary Resident Card)

Issued to temporary residents; used where applicable for identity confirmation.

Malaysian International Passport (ePassport)

ICAO-compliant biometric passport with MRZ and embedded chip; accepted for domestic and cross-border onboarding.

Foreign Passport + Valid Pass (Employment/Long-Term Social Visit Pass)

Used for non-citizens residing in Malaysia; validated alongside immigration-issued documentation.

Malaysian Driving Licence (JPJ Licence)

Accepted as supplementary identification only; not sufficient alone for AMLA-compliant onboarding.

Business Entity Identity

SSM Company Profile (Companies Commission of Malaysia)

Confirms company registration number, status, directors, shareholders and registered address under the Companies Act 2016.

Certificate of Incorporation (Section 17, CA 2016)

Legal confirmation of incorporation.

Business Registration Certificate (ROB)

For sole proprietorships and partnerships registered under the Registration of Businesses Act 1956.

Business Tax Identity

Income Tax Reference Number (LHDN)

Confirms tax registration with the Inland Revenue Board of Malaysia.

Sales and Service Tax (SST) Registration Number

Required for entities meeting SST thresholds under the Sales Tax Act 2018 and Service Tax Act 2018.

Ownership & Control (UBO)

Register of Beneficial Owners (Section 60A, CA 2016)

Mandatory internal register of beneficial owners maintained by companies.

Beneficial Ownership Reporting to SSM

Companies must lodge beneficial ownership information with SSM under current regulatory framework.

Directors and Shareholders Listing

Extracted from SSM records for AML screening.

Languages We Cover

Document Text Handling

Malay and English document parsing, reflecting Malaysia’s bilingual regulatory and identity documentation.

Name Matching Controls

Name matching controls for bin/binti patronymic structures and abbreviated middle names common in Malaysian identity records.

Evidence Consistency

Cross-record consistency checks between MyKad, passport, SSM records and banking documentation.

GOVERNANCE & CONTROLS

Audit-Ready Decisions, Lower Operational Drag

Fewer Avoidable Re-submissions

Optimised capture for MyKad format and bilingual documentation.

Cleaner Audit Trails

Structured logs aligned with AMLA and BNM supervisory expectations.

Better Name Matching Outcomes

Handles bin/binti formats and abbreviated naming structures.

One Workflow, One Back Office

KYC, KYB and AML screening managed in one operational view.

National ID-first flow design

MyKad-first onboarding reflects Malaysia’s identity ecosystem.

Malaysia IDV/KYC Challenges

MyKad Identity Fraud

Stolen MyKad data enables impersonation in remote onboarding flows. Since MyKad is widely used across sectors, data leakage incidents increase fraud risk.

Beneficial Ownership Gaps

Incomplete Section 60A disclosures delay KYB and increase compliance exposure. Companies must maintain internal BO registers. However, a common inaccurate filings create AML risk.

Bin/Binti Screening Errors

Patronymic naming formats trigger sanctions false positives. “bin” and “binti” inconsistently captured across systems. Additionally, abbreviations increase matching errors.

STR Documentation Pressure

AMLA requires structured STR reporting and minimum five-year record retention. Reporting institutions must document suspicion rationale. Additionally, weak audit logs increase supervisory risk.

Shufti’s IDV/KYC Solutions for Malaysia

KYC Solutions

Face Verification

Biometric liveness detection reduces impersonation risk in Malaysia’s mobile-first digital onboarding environment.

Age Verification

Selfie-based age estimation combined with document verification fallback where required for regulated sectors such as online gaming and age-restricted commerce.

Address Verification

Shufti verifies Malaysian address-bearing documents including utility bills (Tenaga Nasional, Air Selangor), telecom invoices (Telekom Malaysia, Maxis) and bank statements (Maybank, CIMB, Public Bank).

Document Verification

Verification of MyKad, MyPR, passports and supporting documents — handling bilingual fields and chip-enabled ID formats.

KYB Solutions

Business Verification

Validation of SSM registration details, directors, shareholders and beneficial ownership information.

Enhanced Due Diligence (EDD)

Structured risk profiling for high-risk sectors including money services businesses and digital asset operators — aligned to AMLA risk-based requirements.

AML Screening

Business AML Screening

Screening against UN sanctions, Malaysian domestic directives and global PEP databases — covering entity and controlling persons.

Transaction Screening

Ongoing monitoring aligned to AMLA obligations and BNM supervisory expectations.

REGULATORY ALIGNMENT

Built to Fit Malaysia's Compliance Landscape

Bank Negara Malaysia (BNM)

The central bank of Malaysia is responsible for maintaining monetary and financial stability and regulating banking institutions. It also oversees AML/CFT compliance to ensure the integrity of the financial system is preserved.

Securities Commission Malaysia (SC)

The Securities Commission regulates and supervises Malaysia’s capital markets, including exchanges and investment firms. It ensures transparency, investor protection, and enforcement against market misconduct.

Financial Intelligence Function (FIF) – Bank Negara Malaysia (under AMLA)

The Financial Intelligence function operates under BNM to combat money laundering and terrorism financing. It receives, analyzes, and disseminates financial intelligence in accordance with AMLA requirements.

Companies Commission of Malaysia (SSM)

SSM manages the registration of companies and businesses under Malaysia’s corporate laws. It maintains official corporate records and promotes good governance and regulatory compliance.

Inland Revenue Board of Malaysia (LHDN / HASiL)

LHDN administers direct taxation and ensures tax compliance at the national level. It manages taxpayer registration, assessments, and enforcement actions.

National Registration Department (JPN)

JPN oversees civil registration and identity documents such as MyKad and birth certificates. It plays an important role in national identity verification and record management.

Malaysian Communications and Multimedia Commission (MCMC)

MCMC regulates the communications and multimedia industry, including telecommunications and digital services. It promotes industry development while ensuring compliance with national communications laws.

Personal Data Protection Commissioner (PDPA 2010)

The Commissioner enforces Malaysia’s Personal Data Protection Act 2010. It ensures that organizations process personal data responsibly and comply with privacy regulations.

Deployment Options

Deployment can be carried out via a cloud environment (within Malaysia, such as Kuala Lumpur) or on-premise, supporting local governance requirements and BNM supervisory expectations related to AML/KYC data controls.

Regulatory Alignment

Aligned with Customer Due Diligence (CDD) obligations, record-keeping, and reporting requirements under AMLA.

Record-Keeping Controls

AMLA requires the retention of Customer Due Diligence and transaction records for at least six years, subject to regulatory directives.

Security and Encryption Approach

Appropriate technical and organizational measures, including encryption and access controls, support PDPA security requirements as well as AML compliance obligations.

Data Controls & Privacy for Malaysia

Malaysia AML Sources Supporting Decision-Making

Dewan Rakyat Malaysia

Central Bank of Malaysia

Ministry of Home Affairs, Malaysia

Securities Commission Malaysia (SC)

Bank Negara Malaysia – AML/Regulatory Enforcement

Frequently Asked Questions

Is MyKad sufficient for AMLA-compliant onboarding?

Yes. MyKad is the primary identity document for Malaysian citizens and commonly used for customer due diligence under BNM AML/CFT requirements.

Can foreigners onboard using passports?

Yes. Foreign passports must be supported by valid immigration documentation where applicable.

What is the STR reporting authority in Malaysia?

Suspicious Transaction Reports are submitted to Bank Negara Malaysia pursuant to AMLA.

What documents are required for KYB in Malaysia?

Typically SSM company profile, certificate of incorporation, directors/shareholders listing and beneficial ownership register information.

How long must AML records be retained?

Reporting institutions must retain records for at least five years under AMLA.

How are bin/binti names handled in screening?

Matching logic accounts for patronymic naming structures to reduce false positives.

Does Malaysia require local data residency?

PDPA governs personal data processing. Organisations may adopt local hosting strategies depending on sectoral requirements.

What causes onboarding drop-off in Malaysia?

Poor MyKad image capture and inconsistent name formatting are common operational friction points.

Build KYC, KYB & AML-ready programs for Malaysia with Shufti.

Check Pricing Request Demo

Independently Audited. Globally Certified.

Certified to Global Standards

PROVEN WORKFLOWS

Use Cases for Controlled Growth in Malaysia

Fintech

Forex

Banking

Gaming

Gig Economy

Crypto

Marketplace

Fintech

Forex

Banking

Gaming

Gig Economy

Crypto

Marketplace

Fintech

Forex

Banking

Gaming

Gig Economy

Crypto

Marketplace

Support Compliant Fintech Growth

Fintech providers must balance digital onboarding with AMLA compliance and PDPA data protection requirements. eKYC and fraud detection become critical as digital payments expand.

Learn More Try Now

Protect Forex & Remittance Operations

Money service businesses face high AML scrutiny due to cross-border exposure. Strong identity verification and transaction monitoring are essential to prevent mule accounts and regulatory breaches.

Learn More Try Now

Strengthen Banking Controls

Banks operate under BNM AML/CFT guidelines requiring structured CDD, beneficial ownership verification, and suspicious transaction reporting. MyKad verification and transaction monitoring remain key operational pressures.

Learn More Try Now

Gaming Compliance Controls

Gaming operators must implement AML monitoring and age verification in line with AMLA and sector requirements. Cash-based environments increase fraud and compliance risks.

Learn More Try Now

Enable Verified Gig Workforce

Gig platforms must verify worker identities using MyKad and manage large-scale onboarding. Inconsistent documentation and tax data gaps increase compliance risk.

Learn More Try Now

Secure Digital Assets & Crypto

Digital asset exchanges regulated by the Securities Commission Malaysia must implement strong AML controls and customer verification. Cross-border flows increase monitoring and due diligence requirements.

Learn More Try Now

Secure Digital Marketplaces

Marketplaces must verify sellers in line with AMLA requirements and BNM reporting expectations. Mule accounts, identity misuse, and cross-border transactions increase audit risk and onboarding friction.

Learn More Try Now