Blockchain 2020

Last Updated June 17, 2020


Law and Practice


Adnan, Sundra & Low was established in August 1975 and has operated under its present name since June 1982. The firm has been consistently ranked as a premier law firm in Malaysia with a reputation for delivering quality and effective legal services and solutions and being committed to achieving its clients’ commercial objectives. The firm's expertise spans multiple practice areas, and its core competencies include banking and finance, capital markets, civil aviation, corporate and commercial, dispute resolution, Islamic finance and real estate.

Efforts involving blockchain technology in Malaysia are industry-driven and backed by blockchain communities in Malaysia as well as by relevant government agencies. Initiatives to do with the application of blockchain technology in Malaysia have increased substantially in 2019.

One of the most significant initiatives in respect of blockchain development in Malaysia is the creation of the Blockchain Researcher Lab programme in Malaysia by the Malaysia Blockchain Association and the Malaysian Global Innovation & Creativity Centre (MaGIC), a government agency which aims to provide continuous technical exposure to its attendees. This programme aims to spread awareness and knowledge about blockchain technology to develop talent and encourage innovation among Malaysians.

Although the application of blockchain is much broader than just digital assets, given the nascent and volatile nature of cryptocurrencies and the involvement of blockchain technology in the financial sector for the creation of tokens and the trading of cryptocurrencies, several regulations and guidelines in relation to digital currencies and digital tokens have been introduced into the Malaysian regulatory framework, including the Capital Markets and Services (Prescription of Securities) (Digital Currency and Digital Token) Order 2019 (Order 2019), the amended Guidelines on Recognised Markets (RM Guide) and the Guidelines on Digital Assets (DA 2020).

In October 2018, CIMB Group Bhd teamed up with blockchain developer Ripple to enhance CIMB’s proprietary remittance product to open new payment corridors to improve cross-border remittances.

In October 2019, HSBC led Malaysia’s first-ever live pilot blockchain letter of credit transaction in Malaysia. The companies who were involved in this digitisation of trade are both active players in the packaging and chemicals industry in Malaysia and Singapore. The use of blockchain has helped increase the velocity of cross-border trade between Malaysia and Singapore.

The involvement of blockchain technology in the Malaysian financial sector proves that financial institutions in Malaysia are generally very receptive to this technology. Besides the financial sector, blockchain technology is also being utilised in the energy sector. EPC Blockchain is a start-up that (i) utilises blockchain technology to allow their customers to track energy consumption and; (ii) offers the possibility of monetising carbon credits from energy projects, which will benefit small project developers.

In March 2019, the then Deputy Minister of Agriculture and Agro-based Industries of Malaysia announced that consideration was being paid to utilising blockchain technology in food and agricultural supply chains. These initiatives show that blockchain technology is developing beyond the purview of cryptocurrencies in Malaysia.

On 1 November 2019, Malaysia’s stock exchange, Bursa Malaysia Berhad completed its first securities borrowing and lending proof-of-concept blockchain technology solution. This was designed to increase the efficiency, speed and capacity of securities lending supply and borrowing demand. This constitutes an important part of Bursa Malaysia’s plans to employ emerging technology to execute securities borrowing and lending transactions together with collateral management and corporate action management services related thereto.

Whilst blockchain technology is not, in itself, currently regulated in Malaysia; but, since 2019, several guidelines and regulations have been enacted and published in Malaysia to facilitate dealings with digital assets. Order 2019 which came into force on January 2019 sets out the criteria for digital currency and digital tokens to be prescribed as securities for the purposes of securities law in Malaysia.

The Securities Commission Malaysia (SC) has now registered three recognised market operators (RMOs) to establish and operate digital asset exchanges (DAXs) in Malaysia. Other than these RMOs, entities not approved by the SC were required to cease all activities immediately and return all monies and assets collected from investors.

The SC then amended its Guidelines on Recognised Markets to introduce new requirements for electronic platforms that facilitate the trading of digital assets. It should be noted that digital exchanges were previously subject to the Anti-Money Laundering and Counter Financing of Terrorism (AML/CFT) – Digital Currencies (Sector 6) Guide issued by the Central Bank of Malaysia (Bank Negara Malaysia – BNM) on February 2018. However, given the amendments made to the Guidelines on Recognised Markets by the SC, digital exchanges are currently subject to the Guidelines on Prevention of Money Laundering and Terrorism Financing for Capital Market Intermediaries issued by the SC.

The Guidelines on Digital Assets were subsequently published by the SC in January 2020, setting out the requirements for issuers seeking to raise funds through a digital token offering and for the registration of a platform operator to operate an initial exchange offering (IEO) platform. The DA 2020 will only be brought into force in the second half of 2020.

Any use of blockchain technology by market participants, whether in the financial sector or in a commercial sector that does not fall within the above-mentioned guide or order, will require an assessment to determine whether it is subjected to any existing regulatory framework, and if so, which requirement or guide applies.

Malaysia has been a member of the Financial Action Task Force (FATF) since February 2016 and has been progressing in addressing the technical compliance requirements necessary to combat money laundering and terrorist financing. Recommendation 15 of the FATF, which requires virtual asset service provider to be regulated for anti-money laundering and combating the financing of terrorism purposes was introduced in October 2018. Given that a digital asset exchange is already required to be registered as a reporting institution under the Anti-Money Laundering and Counter Financing of Terrorism (AML/CFT) – Digital Currencies (Sector 6) Guide and is also subjected to the Guidelines on Prevention of Money Laundering and Terrorism Financing for Capital Market Intermediaries issued by the SC, Malaysia is compliant with the FATF standards. In addition, the BNM has also published a guide on Anti-Money Laundering Countering Financing of Terrorism and Targeted Financial Sanctions for Designated Non-Financial Business and Professions & Non-Bank Financial Institutions in line with the international standards established by the FATF.

In Malaysia, the use of blockchain technology is governed by the SC when it is related to the offering and trading of digital tokens.

The SC has, via Order 2019, set out the requirements for an issuer seeking to raise funds through digital token offering and also requirements for operators of platforms offering digital tokens. The SC also regulates platforms that facilitate the exchange of digital assets by imposing registration requirements. As stated in 2.1 Regulatory Overview, with the amendments made to the Guidelines on Recognised Markets, digital assets are now under the purview of the SC in respect of the prevention of anti-money laundering and terrorism financing. 

Besides the regulators mentioned in 2.3 Regulatory Bodies, Malaysia does not, to date, have any self-regulatory organisations or trade groups that oversee or monitor businesses or individuals using or developing blockchain technologies.

Nevertheless, an industry association, the Fintech Association of Malaysia (FAOM), was established in 2017 to connect, and initiate conversations between, its members/stakeholders and regulators. This is with the aim both of supporting financial technology innovation in Malaysia and of ensuring continuous development in the industry. Since the coming into force of Order 2019, FAOM has aimed to monitor the release of any new regulatory guidelines governing the offering and trading of digital assets and actively seeks input from its members and industry participants to elevate Malaysia as one of the preferred destination for blockchain development.

An international non-profit social enterprise has also been established in Malaysia – the Malaysian Blockchain Association (MBA). The MBA aims to build a sustainable blockchain community through Malaysian co-operation. Also worth noting is MaGIC, a government agency tasked with realising the aspirations of the National Entrepreneurship Policy 2030 of Malaysia and contributing to the evolution of Malaysia into an entrepreneurial nation.

The Malaysia Digital Economy Corporation (MDEC), a government-owned institution responsible for the management of the country’s Multimedia Super Corridor, a special economic zone and high-technology business district providing exclusive incentives to information technology businesses. Whilst such businesses include blockchain, MDEC will continue to pilot the Digital Freelancer Programme, a work visa programme for tech freelancers to work in Malaysia short term, to fulfil a demand for blockchain-capable talents.

The Malaysian judiciary heard a case related to cryptocurrency in October 2018. The court in this case held that although cryptocurrency is not legal tender in Malaysia, the trading of cryptocurrency is not illegal. Most importantly, the court in this case classified cryptocurrency as a commodity since fiat currency was used to purchase the cryptocurrency. This decision has been upheld by the High Court and is currently pending appeal before the Court of Appeal.

The impact of this decision is not so much on blockchain technology itself but on the classification of cryptocurrencies in Malaysia. With the enactment of Order 2019 and the judgement from this case, cryptocurrencies are being classified as both securities and commodities. It should however be noted that the judgement was held before the enactment of Order 2019 and that the case was decided in relation to the Contracts Act 1950.

Following the coming into force of Order 2019 in January 2019 and the subsequent issuance of the RM Guide, the SC has now listed, on its official webpage, the registered digital assets exchanges in Malaysia. As stated in 2.1 Regulatory Overview, at the time of writing, there are only three registered digital assets exchanges in Malaysia.

The SC has also been regularly updating its webpage to list those exchanges which are not permitted to operate in Malaysia and has encouraged investors and members of the public to refer to these lists when dealing with digital assets exchanges.

To date, no significant enforcement actions have been taken against businesses utilising blockchain technology by regulators.

The Financial Technology Regulatory Sandbox Framework (Sandbox Framework) was introduced by the BNM in October 2016 to provide a conducive regulatory environment for financial technology to be deployed. This framework aims to enable innovation in financial technology to be tested in a live environment within specific parameters and timeframes. The Sandbox Framework is applicable to both financial institutions and fintech companies intending to carry on authorised or registered business, as defined in the Financial Services Act 2013 or the Islamic Financial Services Act 2013, or money services business as defined in the Money Services Business Act 2011.

The Sandbox Framework makes clear that its purpose is not to be used to circumvent any existing laws and regulations in Malaysia. As a result, the Sandbox Framework is not suitable for any proposed services or products that have been appropriately addressed by the existing regulations and framework.

With only limited guidelines and legislation in respect of digital assets in Malaysia, financial institutions and fintech companies in Malaysia that are working on blockchain-based projects may benefit from this framework, subject to the eligibility criteria as provided by the framework.

The Inland Revenue Board Malaysia (IRBM) has yet to issue any guidelines in respect of the tax regime for businesses using blockchain or businesses engaging in cryptocurrency transactions. However, in 2018, whilst cryptocurrency business was still unregulated, the Chief Executive Officer of the IRBM announced that even if cryptocurrency businesses were not regulated, they would still be subject to Malaysian income tax for income accruing in or derived from Malaysia. As such, it would appear that cryptocurrency businesses currently being regulated by the SC will be subject to tax laws in Malaysia.

The Income Tax (Exemption) (No 10) Order 2018 (Order 2018) that came into force in January 2019 provides that qualifying companies engaging in a promoted activity for the Multimedia Super Corridor are exempted from the payment of income tax in respect of the statutory income derived from certain, promoted income-generating activities for a period of five years commencing from a date to be determined by the Minister. Blockchain is, among others, a promoted activity pursuant to this order.

The MDEC has also issued a guide that elaborates on the description of core income generating activities that correspond with the promoted activity pursuant to Order 2018.

Malaysia does not have any governmental body established specifically for enhancing blockchain as an industry, or investment in it, in Malaysia. However, there are several previously established governmental bodies that focus on the use and enhancement of technology in Malaysia.

The Malaysian Industry-Government Group for High Technology (MIGHT) is a non-profit company under the purview of the Prime Minister’s Department that is responsible for developing Malaysia’s hi-tech businesses. Development of blockchain technology is, among others, an area of focus for MIGHT.

MIMOS Berhad (MIMOS) is a strategic agency under the Ministry of International Trade and Industry that contributes to transforming local industrial output through patentable technology platforms, products and solutions. MIMOS has been organising public seminars in relation to blockchain technology.

MaGIC is an agency under the Entrepreneur Development and Co-operatives Ministry that strives to build a sustainable entrepreneurship ecosystem in Malaysia and has been holding events in relation to the implementation of blockchain technology in businesses.

Order 2019, the RM Guide and the DA 2020 do not provide for the determination of ownership of digital assets. It should, however, be noted that the DA 2020 provides that a cooling-off period of a minimum of six business days, commencing from the date of receipt of the investor’s investment, must be given to an investor who is investing in a digital token offering. The exercise of this right will entitle the investor to a refund amounting to the sum equivalent to the purchase price paid for the digital token and any other charges imposed upon purchasing the digital token.

Order 2019 sets out the criteria of digital currencies and digital tokens in order for these digital assets to be prescribed as securities for the purposes of securities law in Malaysia.

Digital Currency

Order 2019 defines a digital currency as a digital representation of value that:

  • is recorded on a distributed ledger, whether cryptographically secured or otherwise:
  • functions as a medium of exchange; and
  • is interchangeable with any money, including through the crediting or debiting of an account.

Digital Tokens

Digital tokens are defined as digital representations which are recorded on a distributed digital ledger, whether cryptographically secured or otherwise.

Pursuant to Order 2019, a digital token will only be prescribed as a security for the purposes of securities laws if that digital token represents a right or interest of a person in any arrangement made for the purpose of, or having the effect of, providing facilities for the person, where:

  • the person receives the digital token in exchange for a consideration;
  • the consideration or contribution from the person, and the income or returns, are pooled;
  • the income or returns of the arrangement are generated from the acquisition, holding, management or disposal or any property or assets or business activities;
  • the person expects a return in any form from the trading, conversion or redemption of the digital token or the appreciation in the value of the digital token;
  • the person does not have day-to-day control over the management of the property, assets or business of the arrangement; and
  • the digital token is not issued or guaranteed by any government body or central banks, as may be specified by the SC.

Order 2019 also makes clear that digital currency and digital token prescribed as securities under Order 2019 is not a share in debenture of a body corporate or unincorporated body or a unit in a unit trust scheme or prescribed investments scheme.

Order 2019 and the DA 2020 do not provide for the definition of a stablecoin, nor do they have a separate framework for stablecoins. Currently, if a stablecoin falls within the definition of digital assets as provided by Order 2019, that stablecoin will be treated as a security and will be subject to Malaysian securities law.

The BNM and the SC have made clear that cryptocurrencies are not legal tender in Malaysia. However, in the event where a digital token serves as a payment instrument, that digital token may only be used in exchange for the issuer’s goods and services as disclosed in the issuer’s white paper approved by the IEO operator.

The current regulatory framework in Malaysia does not distinguish between fungible and non-fungible tokens.

The types of market in Malaysia for digital assets are largely dependent on the ambit of services provided by the registered digital exchanges. There are currently no rules governing the types of services that an exchange may provide.

Currently, there is only trading of fiat currency for cryptocurrencies and vice-versa in Malaysia. The DA 2020 provides that trading of digital assets may only be carried out on a DAX that is registered with the SC. Although the RM Guide provides for regulatory guidelines governing DAXs, it does not prescribe the operational framework for the trading of cryptocurrencies.

Nonetheless, the three registered DAXs in Malaysia (for more on which, please refer to 2.1 Regulatory Overview) are operating on a similar framework. In order to trade in cryptocurrencies, one has to create an account with a DAX by providing all relevant details to verify one’s identity. Thereafter, one will need to deposit fiat currency into the account created to trade on cryptocurrencies. It should be noted that only an approved digital asset may be traded in Malaysia.

An IEO operator is required, under the DA 2020, to carry out due diligence and critical assessment on the issuer of digital assets to understand and verify the business of the issuer to ensure that the issuer does not engage in any business practices appearing to be deceitful, oppressive or improper, whether unlawful or not.

See 2.1 Regulatory Overview, for the circumstances under which digital exchanges are required to be registered as reporting institutions under the anti-money laundering regime in Malaysia.

See 2.3 Regulatory Bodies for the regulation of the market for digital assets.

There are no specific regulations in Malaysia that address fraudulent or manipulative practices in the markets for digital assets. Generally, any fraudulent practices by businesses or individuals will fall under the purview of the Royal Malaysian Police, which have broad authority over, and responsibility for, the maintenance of law and order, the preservation of the peace and the prevention and detection of crime. Offences related to digital assets will fall within the purview of the Penal Code. For example, it is an offence under Section 378 of the Penal Code to dishonestly take any movable property without consent (commonly known as theft) and Section 412 of the Penal Code makes cheating an offence. This is however subject to the court’s interpretation of “movable property” and whether or not it will be expanded to include digital assets.

There is currently no regulatory limit on the ability of a digital asset exchange to re-hypothecate digital assets.

Wallet providers for fiat currencies in Malaysia (more commonly known as e-money providers) are required to be licensed under the Financial Services Act 2013. There are, however, no specific regulations in Malaysia that governs wallet providers of digital assets.

Capital Requirements

The DA 2020 is the guideline governing digital token offerings in Malaysia (more commonly known as initial coin offerings in other jurisdictions). An issuer is required to have a physical presence in Malaysia by incorporating a company in Malaysia and having its main business operations carried out there. An issuer is also required to have a minimum paid-up capital of MYR500,000 and any additional financial requirements that the SC may impose that are commensurate with the nature of the issuer’s business.


Besides capital requirements, the DA 2020 also provides for the governance of the issuer. Board members and senior management of the issuer are subject to the fit and proper criteria, as prescribed by the DA 2020. In addition to the fit and proper criteria, members of the board and senior management of the issuer company must, in aggregate, hold at least 50% in equity holding of the issuer company, on the date of the issuance of the digital tokens. Until completion of the digital token’s project, these members are prohibited from selling, transferring or assigning more than 50% of their initial equity holdings. Any new member of the board or senior management, who purchased their equity holding in the issuer post-issuance of the digital token, is also subject to this prohibition.

IEO Operator Approval

Approval from an IEO operator is required before an issuer can offer any digital tokens to any person. To obtain such approval, an issuer must submit its application in a form and manner as may be prescribed by the IEO operator. This application will also include a fit and proper declaration of its Board members and senior management and the issuer’s white paper.

White paper

Chapter 5 of the DA 2020 provides for the content requirements of a white paper. The purpose of the white paper is to enable investors to make an informed assessment of the digital token and should include among other things, the following information:

  • key characteristics of the digital token;
  • objective or purpose of the digital token offering, including detailed information on the underlying business or project to be managed and operated by the issuer;
  • brief description of the directors, senior management, key personnel and advisers including name, designation, nationality, address, professional qualifications and related experience;
  • associated challenges and risks as well as mitigating measures thereof; and
  • any rights, conditions or functions attached to digital tokens including any specific rights attributed to a token holder.

Most importantly, a white paper must include the following statement as prescribed by the DA 2020:

“Investors are reminded that Bank Negara Malaysia (the Bank) does not recognise digital tokens as legal tender nor as a form of payment instrument that is regulated by the Bank and the Bank will not provide any avenues of redress for aggrieved token holders.”

In order to obtain an approval from the IEO operator, the issuer must be able to demonstrate that the proposed project or business provides an innovative solution or a meaningful digital value proposition for Malaysia. After the approval has been obtained, the issuer may only carry out an offering of digital tokens through an IEO platform and not through any other means.

Additional Requirements and Timetable

It should also be noted that the fund raising per issuer is limited to 20 times the issuer’s shareholder’s funds and is subject to a ceiling of MYR100 million.

It should be noted that the DA 2020 will only be brought into force in the second half 2020 and, until its coming into force, no person is permitted to offer or issue any digital tokens in Malaysia.

As mentioned in 5.1 Initial Coin Offerings, all offerings of a digital token may only be carried out through an IEO. An application to the SC is required if a company seeks to be an IEO platform operator. Once registered, the operator is a recognised market operator governed by the Capital Market and Services Act 2007 (CMSA).

The DA 2020 also provides for the regulatory framework in respect of the operation of an IEO. An IEO platform operator must be a company incorporated in Malaysia with a minimum paid-up capital of MYR5 million. The company will only be registered as an IEO operator if the SC is satisfied that the criteria in Chapter 12 of the DA 2020 have been fulfilled. Similar to an issuer, an IEO operator is also subject to a governance framework in the DA 2020 that provides for, among other things, the following:

  • the obligations of the board of members;
  • risk management; and
  • conflicts of interest.

In determining whether to approve the digital token offering, the IEO operator must carry out the necessary assessment and due diligence. The SC has also announced that during the first phase of the implementation of the DA 2020, the SC will work with an IEO operator in assessing eligible issuers.

There is currently no specific legislation in Malaysia that prohibits investment funds or collective investment schemes from investing in digital assets. Existing guidelines applicable to investment funds will therefore be applicable in respect of investment in digital assets. Nonetheless, the DA 2020 has prescribed limits on what a person may invest in digital tokens:

  • for angel investors (as defined in the DA 2020) – a maximum of MYR500,000 within a 12-month period;
  • for retail investors – a maximum of MYR2,000 per issuer with a total investment limit not exceeding MYR20,000 within a 12-month period; and
  • for sophisticated investors – no restriction.

There are no specific regulations in Malaysia that govern broker-dealers or other financial intermediaries that deal in digital assets.

One major distinction between a smart contract and a traditional contract is the dependence of a smart contract on the use of code in computer language, where the terms of the smart contract will be recorded on a specific block encoded to the blockchain. These computer codes are a series of instructions that will be executed immediately and automatically lead to the next instruction.

There are no specific regulations in Malaysia that govern the execution of smart contracts. As a result, in determining the enforceability of smart contracts in Malaysia, reference should be made to the Contracts Act 1950. Generally, a smart contract should adhere to the legal requirements of a valid contract. The fundamental elements of a valid contract are offer and acceptance, consideration, intention to create a legal relationship and certainty of terms. Nevertheless, the current framework has to be reviewed to provide legal certainty on the operation of smart contracts in Malaysia.

There is currently no legislation in Malaysia that imposes a fiduciary duty upon developers of blockchain-based networks. Malaysian courts have yet to have the opportunity to hear any cases in respect of a blockchain developer’s liability. Nonetheless, blockchain developers should still be subject to a contractual duty and/or a duty of care under the tort of negligence.

There is currently no legislation in Malaysia that governs decentralised financial platforms.

Digital assets that fulfil criteria stipulated in Order 2019 are categorised as securities. Securities are often pledged as collateral for loans in Malaysia via the creation of a charge. However, pledging digital assets as collateral has yet to occur in Malaysia.

There is no legislation in Malaysia that governs the custody of digital assets.

The right of privacy is not explicitly recognised in the Federal Constitution, nor in common law, in Malaysia. The coming into effect of the Personal Data Protection Act 2010 (PDPA) in November 2013 was, therefore, a revolutionary step in affording greater protection to Malaysians over their personal data and privacy. The PDPA is the legislation governing the use of and processing of the personal data of individuals involved in commercial transactions involving user data. The PDPA does not explicitly recognise the right to be forgotten, as stipulated in the European Union’s General Data Protection Regulation. Nonetheless, such a right can be implied from the retention principle as stipulated in the PDPA.

According to the retention principle, personal data processed for any purpose shall not be kept longer than is necessary for the fulfilment of that purpose. Secondly, it is the data user’s responsibility to take all reasonable steps to ensure that all personal data is destroyed or permanently deleted if it is no longer required for the purpose for which it was to be processed. Section 38 of the PDPA further provides a data subject the right to withdraw his or her consent to the processing of personal data. Upon receiving the notice, the data user shall cease to process the personal data of the data user.

It should be noted that the retention principle and the right awarded to data subjects to remove their personal data stored on blockchain upon revocation of consent are incompatible with the immutable nature of blockchain technology.

As discussed in 8.1 Data Privacy, the PDPA is the main legislative framework governing the processing of personal data in commercial transactions. In addition to the retention principle and the right to revoke consent, there are other principles and provisions within the PDPA that are incompatible with the nature of blockchain-based products and services, which are deliberately designed to render unilateral modification of data difficult or even impossible.

For example, the data integrity principle requires a data user to take reasonable steps to ensure that the personal data it holds is accurate, complete, not misleading and kept up-to date. Section 34 of the PDPA further provides that the data subject has the right to rectification, allowing the data subject to request in writing that the data user makes the necessary correction to the personal data. This right arises when the data subject knows that his or her personal data is inaccurate, incomplete, misleading or not up-to-date.

These rights and principles are inconsistent with the anatomy of blockchain, which allows for new data to be added onto the chain but not for existing data to be updated or amended. The current PDPA is not equipped to tackle innovative technologies like blockchain and Malaysian regulators have yet to address this issue. Nonetheless, reference should be made to the Guidelines on Management of Cyber-Risk that was published by the SC on 31 October 2016, which sets out, among other things, the requirements of cyber-risk policies and procedures and requirements for managing cyber-risk that are applicable to all capital market entities. Pursuant to this guideline, the management of all capital market entities are responsible for establishing and implementing cyber-risk policies and procedures that are commensurate with the sensitivity and confidentiality of data that each entity maintains.

Financial institutions that offer blockchain-related services should also be mindful of the Guidelines on Data Management and Management Information System published by the BNM that set out high level guiding principles on sound data management and management information systems that financial institutions should observe when developing internal data-management capabilities.

There is no legislation in Malaysia that governs the mining of cryptocurrencies.

There is no legislation in Malaysia that governs the staking of tokens.

Adnan, Sundra & Low

Level 11, Menara Olympia
No. 8, Jalan Raja Chulan
50200 Kuala Lumpur

+603 2070 0466

+603 2078 3382
Author Business Card

Trends and Developments


Adnan, Sundra & Low was established in August 1975 and has operated under its present name since June 1982. The firm has been consistently ranked as a premier law firm in Malaysia with a reputation for delivering quality and effective legal services and solutions and being committed to achieving its clients’ commercial objectives. The firm's expertise spans multiple practice areas, and its core competencies include banking and finance, capital markets, civil aviation, corporate and commercial, dispute resolution, Islamic finance and real estate.

What is Blockchain?

Blockchain is a type of distributed ledger technology (DLT), a public ledger that stores all the transactional data or digital events executed or shared among participating parties (nodes). Before a transaction can be stored in the ledger, the data will be encrypted and verified by other participating parties, after which a new block of data will be added to the chain and be visible to all users on a public and unpermissioned blockchain, or to only known participants in a private and permissioned blockchain. Most importantly, once a block is created, it can neither be deleted nor amended. The ideology behind blockchain is to create an open-source, neutral, decentralised, borderless and network-resilient technology.

The mention of blockchain is often in relation to cryptocurrencies because Bitcoin was the first use case of a public blockchain. The emergence of blockchain and cryptocurrencies has also created another category of digital assets known as digital tokens. In Malaysia, digital currency (also known as cryptocurrency in other jurisdictions) is defined as a representation of value which is recorded on a distributed ledger – whether cryptographically secured or otherwise – that functions as a medium of exchange and is interchangeable with any money, including through the crediting or debiting of an account. Whereas a digital token is defined as a digital representation which is recorded on a distributed digital ledger, whether cryptographically secured or otherwise. Digital tokens are offered to investors via initial coin offerings – an innovative method of fund raising. It should be emphasised that the application of blockchain has evolved beyond the financial sector.

Non-financial use

In recent years, blockchain has been deployed in several non-financial sectors in Malaysia. For example, the Sustainable Energy Development Authority (SEDA) Malaysia has utilised blockchain technology and launched a pilot programme for peer-to-peer (P2P) energy trading that commenced on November 2019 and will last for eight months. P2P energy trading occurs when a solar photovoltaic producer (also known as a prosumer) sells excess solar electricity on an energy trading platform to other consumers. This P2P energy trading is one of the strategies explored under the Renewable Energy Transition Roadmap 2035 that aims to realise the government’s target of 20% renewable energy in the national power mix by 2025 as it will encourage more people to install solar panels on their rooftops.

Besides that, blockchain has also been used in asset tagging in Malaysia. The International Islamic University Malaysia was the first university in Malaysia to tag a QR code that links to a blockchain on educational certificates. By doing so, authentication of certificates can be done by just scanning the QR code. This simple process will be able to simplify verification processes and deter the growth of the black market for educational certificates.

Regulatory Environment of Blockchain In Malaysia

The nature of blockchain technology, its anonymity and virtual freedom from any governmental control, has created new opportunities for money laundering and terrorist financing. To mitigate the risk of the technology being used for those purposes, any person carrying on activities or business on a digital currency exchange is treated as a reporting institution and subjected to the provisions in the Anti-Money Laundering and Counter Financing of Terrorism (AML/CFT) – Digital Currencies (Sector 6) Standards and Guidelines issued by the Central Bank of Malaysia (Bank Negara Malaysia).

Through the enactment of the Capital Markets and Services (Prescription of Securities) (Digital Currency and Digital Token) Order 2019 (Order 2019), all digital currencies and digital tokens that meet the criteria stipulated in Order 2019 will be prescribed as securities for the purposes of securities law in Malaysia. All platforms that facilitate the trading of digital assets must be registered as Digital Asset Exchange (DAX) Operators under the Guidelines on Recognised Market (RM Guide) issued by the Securities Commission of Malaysia (SC). The RM Guide sets out, amongst others, the requirements for the registration of a DAX Operator, the obligations of a DAX Operator and the ongoing requirements of a DAX Operator.

Generally, a DAX Operator must be locally incorporated with a minimum paid-up capital of MYR5 million and satisfy the criteria for registration as stipulated in the RM Guide. Upon registration, the DAX Operator will be a recognised market operator pursuant to Section 34 of the Capital Markets and Services Act 2007. Acknowledging that the offering of digital tokens can support the growth of small and medium-sized enterprises and micro-businesses in Malaysia, and with the aspiration to create more hi-tech companies in Malaysia, a guide on the offering of digital tokens was also published by the SC in 2020 (Guidelines on Digital Assets).

Regulations in Malaysia are not just in respect of the application of blockchain in digital assets. The Income Tax (Exemption) (No 10) Order 2018 was enacted to provide financial incentive for companies carrying out promoted activities in Malaysia. The promoted activities within the order include the provision of services in relation to blockchain. Companies should note that not all activities related to blockchain will fall within this order, a full description as to what may be considered as a promoted activity is provided by the Malaysia Digital Economy Corporation. The services include provision of product design; engineering and simulation services to various industries that require the use of high-end workstations, cloud platforms and sufficient bandwidth (design and simulation services); provision of cybersecurity services that include threat alert, threat research, technical support, remote diagnostics and remedy (cybersecurity services); and software design and development services.

How Does the Framework in Malaysia Differ from Other Jurisdictions?


A decade after the emergence of cryptocurrencies and their underlying technology, regulators around the world are still grappling for the right approach to take in regulating the technology and/or its creation. Malta, determined to be a leading Blockchain location, was the first jurisdiction in the world to introduce not one but three pieces of legislation to provide a comprehensive regulatory framework regulating both blockchain and digital assets. Firstly, a new authority was established to support the development of innovative technology arrangements and services relating to distributed or decentralised ledger technology. Secondly, innovative technology service providers in Malta are required to be certified and will be treated as professionals with fiduciary duties imposed upon them. Thirdly, a regulatory regime for virtual financial assets and the offering of those assets (commonly known as an initial coin offering) has also been introduced. Generally, there are three broad categories of digital assets in Malta, namely digital assets governed by existing securities law, digital assets governed by the new virtual financial asset regime and unregulated digital assets. The Maltese financial authority has also published a guide setting out the test used in determining the category of a digital asset.


The second jurisdiction to which we would like to make reference is Malaysia’s neighbouring country – Singapore, the second most popular location for initial coin offerings after the USA. Unlike other jurisdictions, the Monetary Authority of Singapore has made clear that before any digital token could be offered or traded on a platform in Singapore, the issuer or operator should seek legal opinion as to whether the digital token will be considered as securities subject to securities law in Singapore under the provisions of the Securities and Futures Act (Chapter 289). Otherwise, any other activities related to a non-security digital token will most probably fall under the purview of the Payment Services Act 2019 under the categories of e-money sale and/or virtual currency services.

The UK

In the UK, digital assets have been split into three categories, exchange tokens, utility tokens and security tokens. Only tokens that have the characteristics of “specified investment” under the Regulated Activities Order will be regulated under the existing securities regulatory regime. Nonetheless, although utility tokens may not be a specified investment, one must be mindful that any category of digital assets might meet the definition of e-money, and hence be subject to the Electronic Money Regulations 2011 (EMR 2011). According to the Financial Conduct Authority (FCA) – Guidance on Cryptoassets, an e-money token is a category of token by itself. EMR 2011 defines e-money as electronically stored monetary value, as represented by a claim on the electronic money issuer, which is issued on receipt of funds for the purpose of making payment transactions, accepted by a person other than the electronic money issuer and is not excluded by Regulation 3 of EMR 2011. The guide further provides that exchange tokens like Bitcoin will hardly fall within the definition of e-money as there is no central authority or body against whom the tokens represent a claim and they are not usually issued on receipt of funds. Nonetheless, the FCA further emphasised that definitive judgment can only be made on a case-by-case basis.


In comparison with the three jurisdictions above, there are only two categories of digital asset in Malaysia, namely digital currency and digital tokens. A closer inspection of Order 2019 will make one realise that the framework in Malaysia is almost a blanket categorisation, where most digital assets will be considered as securities, and hence susceptible to securities law in Malaysia. This framework will require any person who wishes to deal with such digital assets to obtain authorisation from the SC, including wallet providers for storing digital currencies. Furthermore, Order 2019 will most probably render (Malaysia’s low-cost airline) AirAsia's plan of tokenising its loyalty programme points to be traded as digital currency in ASEAN as securities when such tokens are intended to be used solely for a consumptive purpose. We are of the view that further regulation should be enacted to distinguish utility tokens from security tokens to absolve utility tokens from being subject to securities law. Utility tokens are often described as a category of digital asset that grant the holder access to a digital platform or service. Security tokens on the other hand are purely an investment instrument. The main distinction between a security token and utility token is that holder of utility token intends to use and consume that token as opposed to holding it for investment purposes only.

Looking Forward – Issues Surrounding Digital Assets


Besides prescribing digital assets as securities for the purpose of securities law and issuing guidelines governing initial coin offerings, there are other issues that have to be taken into consideration. For example, the treatment of digital assets for taxation purposes in Malaysia. The current tax system in Malaysia does not have a specific regime to deal with e-commerce or digital businesses. Currently, there is no capital gains tax in Malaysia for the sale of investments or capital assets, except those related to land and buildings, hence digital assets held for long term investment by a company are arguably not subject to any tax. Companies should however be mindful that income derived from frequent trading of digital assets might be liable for income tax. However, what we can be certain of is that digital assets exchanges are subject to corporate income tax like any other business in Malaysia.

Recognising the need to reform the Malaysian tax system, a Tax Reform Committee was formed in September 2018 by the Ministry of Finance under Malaysia’s previous government. Among the main objectives of this committee are to reduce the existing tax gap, address tax leakage, explore new sources of revenue, study the taxation of the digital economy and review the effectiveness of various tax incentives as provided by the laws. As of April 2020, the committee has yet to recommend any reforms in respect of digital economy taxation.


Besides the tax treatment of digital assets, another important aspect is the legal status of digital assets in Malaysia – will these digital assets be treated as property in Malaysia? This is a fundamental legal consideration because only property is capable of ownership and will grant the owner proprietary rights that are enforceable against the world. The adoption of English common law has been long practised by Malaysia's courts by virtue of Section 3 of the Civil Law Act of 1956. Therefore, it will be useful to examine the approach adopted by the English courts.

Although there is no definition of property in case law or legislation, Lord Wilberforce, in National Provincial Bank v Ainsworth has provided us with an authoritative description of what amounts to property: it must be definable, identifiable by third parties, capable in its nature of assumption by third parties and have some degree of permanence or stability.

The English High Court (Commercial Court) in a more recent case granted a proprietary injunction on the basis that cryptocurrencies constitute property for the purposes of the interim application under English law and that cryptocurrencies fulfil all four criteria stipulated in the Ainsworth case. This judgment undoubtedly demonstrates the ability of the legal system to evolve alongside technological innovation and has also provided greater certainty for cryptocurrency holders. We await the opportunity for Malaysian courts to decide on the legal status of cryptocurrencies to provide greater certainty to Malaysian investors.

Consumer protection

Another issue that should be taken into consideration is consumer protection. The Securities Industry Dispute Resolution Centre (SIDREC) is a body approved by the SC to handle capital market-related disputes between investors and its members. A member is obliged to participate in SIDREC’s dispute resolution service if the dispute fulfils the criteria under its "mandatory scheme". The dispute has to be against a SIDREC member and the claimant must be an individual investor or sole proprietor. The dispute must involve a capital market product or service purchased from or offered by a SIDREC member. Finally, the monetary claim must not exceed MYR250,000 Nevertheless, digital assets investors should be mindful that, as of December 2019, none of the digital asset exchanges operating in Malaysia are members of SIDREC. Hence, recourse to such a dispute resolution framework is not an option available to digital assets investors.


The introduction of a regulatory framework governing digital assets has received a positive response from market participants who view this as a big step towards bringing digital assets into the mainstream. Despite this, financial planners in Malaysia are not rushing to recommend that their clients invest in digital assets because a better understanding of digital assets is required before adding them to one’s portfolio.

The current framework is definitely a starting point in providing legal certainty and greater protection to investors in digital assets. Further review will be required in the second half of 2020 when the Guidelines on Digital Assets comes into force. Based on the discussions above, it is evident that much more work is needed to be done to provide a more comprehensive regulatory framework in respect of digital assets. We think that investors in Malaysia will benefit if the regulators stipulate the kind/criteria of digital assets that will not be regulated under Malaysian’s securities law and whether such digital assets will be completely unregulated or be subject to other legislation. We do not intend to further predict the approach that regulators will adopt but we are of the view that collaboration and communication between regulators and the industry are vital in developing a framework that appropriately manages the risk that digital assets entail and at the same time supports the development of digital economy.

In respect of blockchain, there are no signs that Malaysia will follow in the footstep of Malta by certifying technology providers. The only regulation that addresses the technology (indirectly) is the Income Tax (Exemption) (No 10) Order 2018. We are of the opinion that this incentive will provide a more conducive environment for entrepreneurs to explore the potential of blockchain, especially in the non-financial sectors. Finally, our concluding remark is that knowledge of a technology and its application are vital before regulating that technology, only then will regulations be able to safely encourage innovation.

Adnan, Sundra & Low

Level 11, Menara Olympia
No. 8, Jalan Raja Chulan
50200 Kuala Lumpur

+603 2070 0466

+603 2078 3382
Author Business Card

Law and Practice


Adnan, Sundra & Low was established in August 1975 and has operated under its present name since June 1982. The firm has been consistently ranked as a premier law firm in Malaysia with a reputation for delivering quality and effective legal services and solutions and being committed to achieving its clients’ commercial objectives. The firm's expertise spans multiple practice areas, and its core competencies include banking and finance, capital markets, civil aviation, corporate and commercial, dispute resolution, Islamic finance and real estate.

Trends and Development


Adnan, Sundra & Low was established in August 1975 and has operated under its present name since June 1982. The firm has been consistently ranked as a premier law firm in Malaysia with a reputation for delivering quality and effective legal services and solutions and being committed to achieving its clients’ commercial objectives. The firm's expertise spans multiple practice areas, and its core competencies include banking and finance, capital markets, civil aviation, corporate and commercial, dispute resolution, Islamic finance and real estate.

Compare law and practice by selecting locations and topic(s)


Select Topic(s)

loading ...

Please select at least one chapter and one topic to use the compare functionality.