Malaysia: Practical Guide: E-Money Licensing

As of January 2019, there are 39 non-bank providers authorised to issue e-money in Malaysia, as well as five banks. Numerous local firms sit alongside US giants PayPal and Google Payment, and Chinese mobile payment behemoths Alipay and WeChat Pay, on the central bank’s register of non-bank e-money issuers. This E-Money Licensing Guide sets out the legal criteria that firms must meet to gain authorisation from the central bank, as well as information on the application process, common pitfalls and other important considerations.

Introduction

According to legal experts in the country, Bank Negara Malaysia, the central bank, is generally supportive of a shift away from cash and towards electronic payment services, and providers eyeing the Malaysia market and considering applying for authorisation should keep in mind where their offering fits into that vision.

“One thing applicants should bear in mind is understanding where Malaysia is going as it relates to financial services,” said Sue Wan Wong, a payments regulatory expert and partner at Wong Partners in Kuala Lumpur. “There are certain initiatives the central bank has communicated, and one is the fact it would like to move towards a cashless society. The e-wallet is one way to achieve that goal.

“Applicants should appreciate these goals and understand there are these frameworks, and think about whether they can fit their models within the frameworks and objectives the central bank would want to achieve. The number of licensed e-money providers is increasing, and that is testament to the drive for a cashless society in Malaysia.”

Becoming an authorised e-money provider

For a firm seeking authorisation as an e-money provider, one of the most important considerations is how long its application will take. There is no specific time charter that binds the central bank, but Wong said in her experience “it has taken anywhere between three and six months”.

“The reason for that sort of timeframe is that it’s a function of the quality of the information provided to the central bank,” the lawyer said. “There’s a prescribed application form that needs to be completed, and supporting documents that need to go in.

“The more complete the application that is provided, along with all the relevant information needed, then the review process is faster. But, invariably, the central bank will also have questions around the documents or information provided, and that’s the reason it takes three to six months.”

In some instances, Wong said that clients have put together an application relatively quickly, but have then taken longer to respond when the central bank has requested additional information or documents.

"The efficiency of that process is really what contributes to the timing,” she said.

There are several variables that could have an impact on the application process. For instance, some entities may already be part of a financial services group, while others are new market entrants.

“For the former, they typically would have a lot of supporting documents on operational guidelines, compliance processes and anti-money laundering/know your customer (AML/KYC), as well as stats. Documents are more readily at hand,” Wong explained.

“But for the latter, particularly if they’re not already part of a financial institution, that is usually one of the areas where it takes longer to get everything in place. They are practically starting from scratch.”

Another variable is some entities prefer to submit what it has first then supply additional documents later, even though that can push back the timeline.

Meetings with the central bank

A common question for would-be licensees is whether approval involves face-to-face meetings with the central bank, or whether the entire process can be done remotely. Theoretically and technically, authorisation can be granted without the firm meeting with officials in person, but in Wong’s experience applicants have almost always favoured at least some degree of in-person interaction.

“That’s because you want to be able to sit down with the regulator and walk it through your business model; it is far easier to exchange views and communicate your model if you do it in front of the regulator,” she said.

“We’ve seen a combination of approaches, though. There could be meetings with the regulator to run them through the model, for example to describe the technology that will power the e-wallet, but if there are further questions the central bank has been amenable with taking the responses in writing or by conference call.”

A related factor is that the central bank is also keen for participants in the financial services sector to have individuals physically located in Malaysia — not least so it has a point of contact for compliance purposes.

“That shows a commitment to running the business in-country, and someone on the ground would appreciate what’s happening in Malaysia,” Wong said.

“Our experience is that generally they will want to see some of the senior management team be on the ground, and the applicant would need to identify someone that is going to run the compliance team. Ultimately, the central bank will want to know it has someone it can pick up the phone and call if there are issues.”

Having a management team in the country also plays into another aspect of applying for authorisation as an e-money provider: the chief executive and directors will need to prove to the central bank they are fit and proper.

The regulator will “look at the corporate structure, tracing its way up the tree”, Wong said.

“How far up they trace depends on the group. If it is a publicly listed entity that stops at the PLC level, but if it is a private limited company or a start-up, it will want to see who are the shareholders, the individual founders.”

The Interoperable Credit Transfer Framework (ICTF)

There are considerations e-money firms should make that are not strictly part of their applications for authorisation. For Wong, one example is the interoperable credit transfer framework (ICTF), for which guidelines have already been issued by the central bank.

“The ICTF acts as a platform that e-wallet providers can join and allow their users to make payments to other wallets, using that payment rail,” the lawyer said. “Applicants should think about whether that’s what they want to do, as part of their model.”

Although the framework has already come into force, Wong said the central bank appears to be taking a phased approach to its introduction.

“The first phase was the banks, which are now already on board, and the next group should be the wallet providers,” she said. “The timeline has been pushed back a few times though, so we’re not entirely certain when the wallet providers will come onstream.”

‘Closed loop’ e-money services

Some firms offering services linked to e-money may not have to seek authorisation at all. Malaysia’s regulatory framework does not extend to e-money products with a limited scope, known as closed-loop payment instruments.

“If it’s closed loop, that’s not subject to regulation, so entities should assess their model and decide whether it would fit within an open or closed loop system,” Wong said. “Closed loop, in essence, means that when you convert fiat into electronic money it is only going to be used to pay the issuer of the electronic money.”

An example of a closed loop e-money instrument could be a prepaid card issued by a chain of coffee outlets, that can only be used at that chain’s stores.

There have been cases where a product started with a limited scope but then broadened out. Touch ‘n Go, for instance, started as a pre-loaded prepaid card for use only at toll roads. It later expanded to parking, railways and buses, before forming partnerships with other retailers. The point at which an entity other than the e-money issuer is taking payment via such a card is the point at which it is no longer classed as closed-loop.

Main Regulation

The main piece of legislation for e-money providers seeking authorisation is the Financial Services Act 2013 (758). The following sections are relevant to licensing:

  • Section 9 (Application for authorisation)
  • Section 12 (Requirements on minimum capital funds or surplus of assets over liabilities)
  • Section 26 (Application, annual renewal fees and levy contributions)
  • Section 47 (Power of bank to specify standards on prudential matters)
  • Section 60 (Fitness and propriety criteria)
  • Section 64 (Recordkeeping)
  • Section 125 (Safeguarding of users’ funds)

Licensing Authority

Licensing authority: E-money operators must apply for a licence from Bank Negara Malaysia (BNM), the central bank of Malaysia.

Licensing Requirements

Initial Capital Requirement

Section 12 of the Financial Services Act 2013 provides minimum capital requirements. Section 12 paragraph (4) of  the act provides that capital funds are defined as “paid up” capital funds as may be specified by the bank. These capital requirements must be maintained at all times while e-money issuance services are being provided.

As provided by Schedule 1 (Minimum capital funds requirement) of the Financial Services (Minimum Amount of Capital Funds) (Approved Person) Order 2013 PU(A) 204/2013, authorised e-money providers are subject to the following minimum capital requirements:

Category

Minimum capital funds (MYR)

Large electronic money scheme, i.e. those storing more than MYR200 per user or keeping outstanding electronic money liabilities exceeding MYR 1m for six consecutive months

5m or 8 percent of its outstanding electronic liabilities, whichever is higher

Small electronic money scheme, i.e. those storing less than MYR200 per user or keeping outstanding electronic money liability inferior than MYR1m

100,000

Safeguarding of Users' Funds

Section 125(1)(b) of the Financial Services Act 2013 states that approved issuers of designated payment instruments must maintain one or more accounts in a licensed bank for customers, separate from its own account.

The Guideline on Electronic Money contains provisions on safeguarding users’ funds, depending on the nature of the scheme. Large electronic money issuers must establish a trust account subject to the following:

  • Funds deposited in the account may not have any purpose other than refunding users and paying merchants. Issuers must ensure that, at all times, the total available funds is higher than the total outstanding e-money liabilities. Collected funds should be managed and deposited separately from working capital funds.
  • The investment of stored funds is restricted to high-quality liquid MYR-denominated assets, which are limited to deposits placed with licensed institutions. Investment earnings must not be used for any purpose other than refunding users and paying merchants if they do not exceed the total outstanding e-money liabilities.
  • Fees and charges in connection with the administration of the trust account must not come from funds originating from the trust account itself, unless the amount held exceeds the total outstanding e-money liabilities.
  • A copy of the trust deed must be submitted to the central bank.

Small electronic money issuers may keep users’ funds in a deposit account with a licensed institution, independent from other accounts and managed by the issuer, similar to a trust account scheme. The following restrictions apply:

  • Funds deposited in the account may not have any purpose other than refunding users and paying merchants. Issuers must ensure that, at all times, the total available funds is higher than the total outstanding e-money liabilities.
  • The investment of stored funds is restricted to bank deposits. Investment earnings must not be used for any purpose other than refunding users and paying merchants, unless the funds exceed the total outstanding e-money liabilities.

Establishment of a Legal Person

E-money providers must be incorporated in accordance with the Companies Act 1965.

The Submission Requirements paper states that prospective licensees must provide a certified true copy of their respective memoranda and articles of association, or other constituent documents under which they are established.

Fitness & Propriety

Section 60 of the Financial Services Act 2013 establishes that, in general terms, the following principles must guide the fitness and propriety criteria applicable to a chairman, director, chief executive or senior officer of an e-money issuer:

  • Probity, personal integrity and reputation
  • Competency and capability
  • Financial integrity

Appendix I of the Guideline on Electronic Money provides an enhanced list of fitness and propriety criteria, which must be observed when appointing directors or senior managers at a large electronic money issuer.

Application Fees

Section 26(b) of the Financial Services Act 2013 empowers the central bank to establish application fees payable by prospective applicants. Part C of the Submission Requirements paper states that applicants must pay a MYR500 fee no later than seven working days from the date of submission. The payment transaction must be instructed via RENTAS with TRN code OBT01, account number 1547010015.

Key Ongoing Compliance Requirements

Annual Fees

Section 26(a) of the Financial Services Act 2013 empowers the central bank to impose annual fees on authorised entities. However, when approached by PaymentsCompliance, a central bank spokesperson said: “There is neither any annual licensing renewal process nor annual levy/fees imposed for an approved e-money issuers.”

Reporting

The Guideline on Electronic Money provides that e-money issuers must submit monthly statistical reports of their operations to the central bank’s Payment Systems Policy Department, within 15 days from the end of the relevant month. They must also submit yearly audited financial statements within three months of the end of the financial year, in addition to meeting any further requests for information from the regulator.

External Audit Requirement

Part C of the Guideline on Electronic Money requires large e-money issuers, upon request from the central bank, to submit independent audit reports of their e-money system. Section 72 of the Financial Services Act sets out six potential issues that auditors must report to the central bank, such as breaches of regulatory requirements, fraud offences or financial irregularities.

Recordkeeping

Section 64 of the Financial Services Act states that regulated institutions must maintain proper records of accounting and information to produce its financial statements. Records must be kept so they can be conveniently and properly audited, and financial statements must be produced in accordance with approved accounting standards.

Chapter 7 of the Guideline on Electronic Money introduces, as a principle, an obligation upon e-money issuers to adopt operational and governance arrangements including maintaining separate records of their e-money activities.

In addition, the guidelines introduce security-related obligations which state that e-money issuers must ensure they can provide, in a timely and accurate manner, audit trails, statistical information and reports.

E-money issuers must also comply with the domestic anti-money laundering and counter-terrorist financing regulatory framework. Under the central bank’s guidance on “Anti-Money Laundering and Counter Financing of Terrorism (AML/CFT) – Electronic Money and Non- Bank Affiliated Charge & Credit Card (Sector 4)", e-money issuers are required to keep relevant records of accounts, files, business correspondence and documents relating to transactions, particularly those collected when carrying out customer due diligence activities.

Records must be kept for a period of at least six years from the completion of a transaction, the termination of a business relationship or date of an occasional transaction.

Credits

This guide has been written in conjunction with Sue Wan Wong, a payments regulatory expert and partner at Wong Partners in Kuala Lumpur.

Sue Wan Wong is a partner in the Corporate, Commercial & Securities Practice Group. She was recognised in 2015 by Asian Legal Business in their inaugural "The ALB 40 Under 40", a list which showcases the brightest young legal minds in Asia. Sue Wan was also named Leading Lawyer in Labour & Employment, Insurance & Reinsurance and Mergers & Acquisitions in 2008 and 2009, and was also recognised as Leading Lawyer in Insurance & Reinsurance and Mergers & Acquisitions from 2010 to 2012 by Asialaw.

She is a member of the US-ASEAN Business Council (Financial Services Committee) and she is the Secretary of the Fintech Association of Malaysia.