Contributed By Adnan, Sundra & Low
Efforts involving blockchain technology in Malaysia are industry-driven and backed by blockchain communities in Malaysia as well as by relevant government agencies. Initiatives to do with the application of blockchain technology in Malaysia have increased substantially in 2019.
One of the most significant initiatives in respect of blockchain development in Malaysia is the creation of the Blockchain Researcher Lab programme in Malaysia by the Malaysia Blockchain Association and the Malaysian Global Innovation & Creativity Centre (MaGIC), a government agency which aims to provide continuous technical exposure to its attendees. This programme aims to spread awareness and knowledge about blockchain technology to develop talent and encourage innovation among Malaysians.
Although the application of blockchain is much broader than just digital assets, given the nascent and volatile nature of cryptocurrencies and the involvement of blockchain technology in the financial sector for the creation of tokens and the trading of cryptocurrencies, several regulations and guidelines in relation to digital currencies and digital tokens have been introduced into the Malaysian regulatory framework, including the Capital Markets and Services (Prescription of Securities) (Digital Currency and Digital Token) Order 2019 (Order 2019), the amended Guidelines on Recognised Markets (RM Guide) and the Guidelines on Digital Assets (DA 2020).
In October 2018, CIMB Group Bhd teamed up with blockchain developer Ripple to enhance CIMB’s proprietary remittance product to open new payment corridors to improve cross-border remittances.
In October 2019, HSBC led Malaysia’s first-ever live pilot blockchain letter of credit transaction in Malaysia. The companies who were involved in this digitisation of trade are both active players in the packaging and chemicals industry in Malaysia and Singapore. The use of blockchain has helped increase the velocity of cross-border trade between Malaysia and Singapore.
The involvement of blockchain technology in the Malaysian financial sector proves that financial institutions in Malaysia are generally very receptive to this technology. Besides the financial sector, blockchain technology is also being utilised in the energy sector. EPC Blockchain is a start-up that (i) utilises blockchain technology to allow their customers to track energy consumption and; (ii) offers the possibility of monetising carbon credits from energy projects, which will benefit small project developers.
In March 2019, the then Deputy Minister of Agriculture and Agro-based Industries of Malaysia announced that consideration was being paid to utilising blockchain technology in food and agricultural supply chains. These initiatives show that blockchain technology is developing beyond the purview of cryptocurrencies in Malaysia.
On 1 November 2019, Malaysia’s stock exchange, Bursa Malaysia Berhad completed its first securities borrowing and lending proof-of-concept blockchain technology solution. This was designed to increase the efficiency, speed and capacity of securities lending supply and borrowing demand. This constitutes an important part of Bursa Malaysia’s plans to employ emerging technology to execute securities borrowing and lending transactions together with collateral management and corporate action management services related thereto.
Whilst blockchain technology is not, in itself, currently regulated in Malaysia; but, since 2019, several guidelines and regulations have been enacted and published in Malaysia to facilitate dealings with digital assets. Order 2019 which came into force on January 2019 sets out the criteria for digital currency and digital tokens to be prescribed as securities for the purposes of securities law in Malaysia.
The Securities Commission Malaysia (SC) has now registered three recognised market operators (RMOs) to establish and operate digital asset exchanges (DAXs) in Malaysia. Other than these RMOs, entities not approved by the SC were required to cease all activities immediately and return all monies and assets collected from investors.
The SC then amended its Guidelines on Recognised Markets to introduce new requirements for electronic platforms that facilitate the trading of digital assets. It should be noted that digital exchanges were previously subject to the Anti-Money Laundering and Counter Financing of Terrorism (AML/CFT) – Digital Currencies (Sector 6) Guide issued by the Central Bank of Malaysia (Bank Negara Malaysia – BNM) on February 2018. However, given the amendments made to the Guidelines on Recognised Markets by the SC, digital exchanges are currently subject to the Guidelines on Prevention of Money Laundering and Terrorism Financing for Capital Market Intermediaries issued by the SC.
The Guidelines on Digital Assets were subsequently published by the SC in January 2020, setting out the requirements for issuers seeking to raise funds through a digital token offering and for the registration of a platform operator to operate an initial exchange offering (IEO) platform. The DA 2020 will only be brought into force in the second half of 2020.
Any use of blockchain technology by market participants, whether in the financial sector or in a commercial sector that does not fall within the above-mentioned guide or order, will require an assessment to determine whether it is subjected to any existing regulatory framework, and if so, which requirement or guide applies.
Malaysia has been a member of the Financial Action Task Force (FATF) since February 2016 and has been progressing in addressing the technical compliance requirements necessary to combat money laundering and terrorist financing. Recommendation 15 of the FATF, which requires virtual asset service provider to be regulated for anti-money laundering and combating the financing of terrorism purposes was introduced in October 2018. Given that a digital asset exchange is already required to be registered as a reporting institution under the Anti-Money Laundering and Counter Financing of Terrorism (AML/CFT) – Digital Currencies (Sector 6) Guide and is also subjected to the Guidelines on Prevention of Money Laundering and Terrorism Financing for Capital Market Intermediaries issued by the SC, Malaysia is compliant with the FATF standards. In addition, the BNM has also published a guide on Anti-Money Laundering Countering Financing of Terrorism and Targeted Financial Sanctions for Designated Non-Financial Business and Professions & Non-Bank Financial Institutions in line with the international standards established by the FATF.
In Malaysia, the use of blockchain technology is governed by the SC when it is related to the offering and trading of digital tokens.
The SC has, via Order 2019, set out the requirements for an issuer seeking to raise funds through digital token offering and also requirements for operators of platforms offering digital tokens. The SC also regulates platforms that facilitate the exchange of digital assets by imposing registration requirements. As stated in 2.1 Regulatory Overview, with the amendments made to the Guidelines on Recognised Markets, digital assets are now under the purview of the SC in respect of the prevention of anti-money laundering and terrorism financing.
Besides the regulators mentioned in 2.3 Regulatory Bodies, Malaysia does not, to date, have any self-regulatory organisations or trade groups that oversee or monitor businesses or individuals using or developing blockchain technologies.
Nevertheless, an industry association, the Fintech Association of Malaysia (FAOM), was established in 2017 to connect, and initiate conversations between, its members/stakeholders and regulators. This is with the aim both of supporting financial technology innovation in Malaysia and of ensuring continuous development in the industry. Since the coming into force of Order 2019, FAOM has aimed to monitor the release of any new regulatory guidelines governing the offering and trading of digital assets and actively seeks input from its members and industry participants to elevate Malaysia as one of the preferred destination for blockchain development.
An international non-profit social enterprise has also been established in Malaysia – the Malaysian Blockchain Association (MBA). The MBA aims to build a sustainable blockchain community through Malaysian co-operation. Also worth noting is MaGIC, a government agency tasked with realising the aspirations of the National Entrepreneurship Policy 2030 of Malaysia and contributing to the evolution of Malaysia into an entrepreneurial nation.
The Malaysia Digital Economy Corporation (MDEC), a government-owned institution responsible for the management of the country’s Multimedia Super Corridor, a special economic zone and high-technology business district providing exclusive incentives to information technology businesses. Whilst such businesses include blockchain, MDEC will continue to pilot the Digital Freelancer Programme, a work visa programme for tech freelancers to work in Malaysia short term, to fulfil a demand for blockchain-capable talents.
The Malaysian judiciary heard a case related to cryptocurrency in October 2018. The court in this case held that although cryptocurrency is not legal tender in Malaysia, the trading of cryptocurrency is not illegal. Most importantly, the court in this case classified cryptocurrency as a commodity since fiat currency was used to purchase the cryptocurrency. This decision has been upheld by the High Court and is currently pending appeal before the Court of Appeal.
The impact of this decision is not so much on blockchain technology itself but on the classification of cryptocurrencies in Malaysia. With the enactment of Order 2019 and the judgement from this case, cryptocurrencies are being classified as both securities and commodities. It should however be noted that the judgement was held before the enactment of Order 2019 and that the case was decided in relation to the Contracts Act 1950.
Following the coming into force of Order 2019 in January 2019 and the subsequent issuance of the RM Guide, the SC has now listed, on its official webpage, the registered digital assets exchanges in Malaysia. As stated in 2.1 Regulatory Overview, at the time of writing, there are only three registered digital assets exchanges in Malaysia.
The SC has also been regularly updating its webpage to list those exchanges which are not permitted to operate in Malaysia and has encouraged investors and members of the public to refer to these lists when dealing with digital assets exchanges.
To date, no significant enforcement actions have been taken against businesses utilising blockchain technology by regulators.
The Financial Technology Regulatory Sandbox Framework (Sandbox Framework) was introduced by the BNM in October 2016 to provide a conducive regulatory environment for financial technology to be deployed. This framework aims to enable innovation in financial technology to be tested in a live environment within specific parameters and timeframes. The Sandbox Framework is applicable to both financial institutions and fintech companies intending to carry on authorised or registered business, as defined in the Financial Services Act 2013 or the Islamic Financial Services Act 2013, or money services business as defined in the Money Services Business Act 2011.
The Sandbox Framework makes clear that its purpose is not to be used to circumvent any existing laws and regulations in Malaysia. As a result, the Sandbox Framework is not suitable for any proposed services or products that have been appropriately addressed by the existing regulations and framework.
With only limited guidelines and legislation in respect of digital assets in Malaysia, financial institutions and fintech companies in Malaysia that are working on blockchain-based projects may benefit from this framework, subject to the eligibility criteria as provided by the framework.
The Inland Revenue Board Malaysia (IRBM) has yet to issue any guidelines in respect of the tax regime for businesses using blockchain or businesses engaging in cryptocurrency transactions. However, in 2018, whilst cryptocurrency business was still unregulated, the Chief Executive Officer of the IRBM announced that even if cryptocurrency businesses were not regulated, they would still be subject to Malaysian income tax for income accruing in or derived from Malaysia. As such, it would appear that cryptocurrency businesses currently being regulated by the SC will be subject to tax laws in Malaysia.
The Income Tax (Exemption) (No 10) Order 2018 (Order 2018) that came into force in January 2019 provides that qualifying companies engaging in a promoted activity for the Multimedia Super Corridor are exempted from the payment of income tax in respect of the statutory income derived from certain, promoted income-generating activities for a period of five years commencing from a date to be determined by the Minister. Blockchain is, among others, a promoted activity pursuant to this order.
The MDEC has also issued a guide that elaborates on the description of core income generating activities that correspond with the promoted activity pursuant to Order 2018.
Malaysia does not have any governmental body established specifically for enhancing blockchain as an industry, or investment in it, in Malaysia. However, there are several previously established governmental bodies that focus on the use and enhancement of technology in Malaysia.
The Malaysian Industry-Government Group for High Technology (MIGHT) is a non-profit company under the purview of the Prime Minister’s Department that is responsible for developing Malaysia’s hi-tech businesses. Development of blockchain technology is, among others, an area of focus for MIGHT.
MIMOS Berhad (MIMOS) is a strategic agency under the Ministry of International Trade and Industry that contributes to transforming local industrial output through patentable technology platforms, products and solutions. MIMOS has been organising public seminars in relation to blockchain technology.
MaGIC is an agency under the Entrepreneur Development and Co-operatives Ministry that strives to build a sustainable entrepreneurship ecosystem in Malaysia and has been holding events in relation to the implementation of blockchain technology in businesses.
Order 2019, the RM Guide and the DA 2020 do not provide for the determination of ownership of digital assets. It should, however, be noted that the DA 2020 provides that a cooling-off period of a minimum of six business days, commencing from the date of receipt of the investor’s investment, must be given to an investor who is investing in a digital token offering. The exercise of this right will entitle the investor to a refund amounting to the sum equivalent to the purchase price paid for the digital token and any other charges imposed upon purchasing the digital token.
Order 2019 sets out the criteria of digital currencies and digital tokens in order for these digital assets to be prescribed as securities for the purposes of securities law in Malaysia.
Order 2019 defines a digital currency as a digital representation of value that:
Digital tokens are defined as digital representations which are recorded on a distributed digital ledger, whether cryptographically secured or otherwise.
Pursuant to Order 2019, a digital token will only be prescribed as a security for the purposes of securities laws if that digital token represents a right or interest of a person in any arrangement made for the purpose of, or having the effect of, providing facilities for the person, where:
Order 2019 also makes clear that digital currency and digital token prescribed as securities under Order 2019 is not a share in debenture of a body corporate or unincorporated body or a unit in a unit trust scheme or prescribed investments scheme.
Order 2019 and the DA 2020 do not provide for the definition of a stablecoin, nor do they have a separate framework for stablecoins. Currently, if a stablecoin falls within the definition of digital assets as provided by Order 2019, that stablecoin will be treated as a security and will be subject to Malaysian securities law.
The BNM and the SC have made clear that cryptocurrencies are not legal tender in Malaysia. However, in the event where a digital token serves as a payment instrument, that digital token may only be used in exchange for the issuer’s goods and services as disclosed in the issuer’s white paper approved by the IEO operator.
The current regulatory framework in Malaysia does not distinguish between fungible and non-fungible tokens.
The types of market in Malaysia for digital assets are largely dependent on the ambit of services provided by the registered digital exchanges. There are currently no rules governing the types of services that an exchange may provide.
Currently, there is only trading of fiat currency for cryptocurrencies and vice-versa in Malaysia. The DA 2020 provides that trading of digital assets may only be carried out on a DAX that is registered with the SC. Although the RM Guide provides for regulatory guidelines governing DAXs, it does not prescribe the operational framework for the trading of cryptocurrencies.
Nonetheless, the three registered DAXs in Malaysia (for more on which, please refer to 2.1 Regulatory Overview) are operating on a similar framework. In order to trade in cryptocurrencies, one has to create an account with a DAX by providing all relevant details to verify one’s identity. Thereafter, one will need to deposit fiat currency into the account created to trade on cryptocurrencies. It should be noted that only an approved digital asset may be traded in Malaysia.
An IEO operator is required, under the DA 2020, to carry out due diligence and critical assessment on the issuer of digital assets to understand and verify the business of the issuer to ensure that the issuer does not engage in any business practices appearing to be deceitful, oppressive or improper, whether unlawful or not.
See 2.1 Regulatory Overview, for the circumstances under which digital exchanges are required to be registered as reporting institutions under the anti-money laundering regime in Malaysia.
See 2.3 Regulatory Bodies for the regulation of the market for digital assets.
There are no specific regulations in Malaysia that address fraudulent or manipulative practices in the markets for digital assets. Generally, any fraudulent practices by businesses or individuals will fall under the purview of the Royal Malaysian Police, which have broad authority over, and responsibility for, the maintenance of law and order, the preservation of the peace and the prevention and detection of crime. Offences related to digital assets will fall within the purview of the Penal Code. For example, it is an offence under Section 378 of the Penal Code to dishonestly take any movable property without consent (commonly known as theft) and Section 412 of the Penal Code makes cheating an offence. This is however subject to the court’s interpretation of “movable property” and whether or not it will be expanded to include digital assets.
There is currently no regulatory limit on the ability of a digital asset exchange to re-hypothecate digital assets.
Wallet providers for fiat currencies in Malaysia (more commonly known as e-money providers) are required to be licensed under the Financial Services Act 2013. There are, however, no specific regulations in Malaysia that governs wallet providers of digital assets.
The DA 2020 is the guideline governing digital token offerings in Malaysia (more commonly known as initial coin offerings in other jurisdictions). An issuer is required to have a physical presence in Malaysia by incorporating a company in Malaysia and having its main business operations carried out there. An issuer is also required to have a minimum paid-up capital of MYR500,000 and any additional financial requirements that the SC may impose that are commensurate with the nature of the issuer’s business.
Besides capital requirements, the DA 2020 also provides for the governance of the issuer. Board members and senior management of the issuer are subject to the fit and proper criteria, as prescribed by the DA 2020. In addition to the fit and proper criteria, members of the board and senior management of the issuer company must, in aggregate, hold at least 50% in equity holding of the issuer company, on the date of the issuance of the digital tokens. Until completion of the digital token’s project, these members are prohibited from selling, transferring or assigning more than 50% of their initial equity holdings. Any new member of the board or senior management, who purchased their equity holding in the issuer post-issuance of the digital token, is also subject to this prohibition.
IEO Operator Approval
Approval from an IEO operator is required before an issuer can offer any digital tokens to any person. To obtain such approval, an issuer must submit its application in a form and manner as may be prescribed by the IEO operator. This application will also include a fit and proper declaration of its Board members and senior management and the issuer’s white paper.
Chapter 5 of the DA 2020 provides for the content requirements of a white paper. The purpose of the white paper is to enable investors to make an informed assessment of the digital token and should include among other things, the following information:
Most importantly, a white paper must include the following statement as prescribed by the DA 2020:
“Investors are reminded that Bank Negara Malaysia (the Bank) does not recognise digital tokens as legal tender nor as a form of payment instrument that is regulated by the Bank and the Bank will not provide any avenues of redress for aggrieved token holders.”
In order to obtain an approval from the IEO operator, the issuer must be able to demonstrate that the proposed project or business provides an innovative solution or a meaningful digital value proposition for Malaysia. After the approval has been obtained, the issuer may only carry out an offering of digital tokens through an IEO platform and not through any other means.
Additional Requirements and Timetable
It should also be noted that the fund raising per issuer is limited to 20 times the issuer’s shareholder’s funds and is subject to a ceiling of MYR100 million.
It should be noted that the DA 2020 will only be brought into force in the second half 2020 and, until its coming into force, no person is permitted to offer or issue any digital tokens in Malaysia.
As mentioned in 5.1 Initial Coin Offerings, all offerings of a digital token may only be carried out through an IEO. An application to the SC is required if a company seeks to be an IEO platform operator. Once registered, the operator is a recognised market operator governed by the Capital Market and Services Act 2007 (CMSA).
The DA 2020 also provides for the regulatory framework in respect of the operation of an IEO. An IEO platform operator must be a company incorporated in Malaysia with a minimum paid-up capital of MYR5 million. The company will only be registered as an IEO operator if the SC is satisfied that the criteria in Chapter 12 of the DA 2020 have been fulfilled. Similar to an issuer, an IEO operator is also subject to a governance framework in the DA 2020 that provides for, among other things, the following:
In determining whether to approve the digital token offering, the IEO operator must carry out the necessary assessment and due diligence. The SC has also announced that during the first phase of the implementation of the DA 2020, the SC will work with an IEO operator in assessing eligible issuers.
There is currently no specific legislation in Malaysia that prohibits investment funds or collective investment schemes from investing in digital assets. Existing guidelines applicable to investment funds will therefore be applicable in respect of investment in digital assets. Nonetheless, the DA 2020 has prescribed limits on what a person may invest in digital tokens:
There are no specific regulations in Malaysia that govern broker-dealers or other financial intermediaries that deal in digital assets.
One major distinction between a smart contract and a traditional contract is the dependence of a smart contract on the use of code in computer language, where the terms of the smart contract will be recorded on a specific block encoded to the blockchain. These computer codes are a series of instructions that will be executed immediately and automatically lead to the next instruction.
There are no specific regulations in Malaysia that govern the execution of smart contracts. As a result, in determining the enforceability of smart contracts in Malaysia, reference should be made to the Contracts Act 1950. Generally, a smart contract should adhere to the legal requirements of a valid contract. The fundamental elements of a valid contract are offer and acceptance, consideration, intention to create a legal relationship and certainty of terms. Nevertheless, the current framework has to be reviewed to provide legal certainty on the operation of smart contracts in Malaysia.
There is currently no legislation in Malaysia that imposes a fiduciary duty upon developers of blockchain-based networks. Malaysian courts have yet to have the opportunity to hear any cases in respect of a blockchain developer’s liability. Nonetheless, blockchain developers should still be subject to a contractual duty and/or a duty of care under the tort of negligence.
There is currently no legislation in Malaysia that governs decentralised financial platforms.
Digital assets that fulfil criteria stipulated in Order 2019 are categorised as securities. Securities are often pledged as collateral for loans in Malaysia via the creation of a charge. However, pledging digital assets as collateral has yet to occur in Malaysia.
There is no legislation in Malaysia that governs the custody of digital assets.
The right of privacy is not explicitly recognised in the Federal Constitution, nor in common law, in Malaysia. The coming into effect of the Personal Data Protection Act 2010 (PDPA) in November 2013 was, therefore, a revolutionary step in affording greater protection to Malaysians over their personal data and privacy. The PDPA is the legislation governing the use of and processing of the personal data of individuals involved in commercial transactions involving user data. The PDPA does not explicitly recognise the right to be forgotten, as stipulated in the European Union’s General Data Protection Regulation. Nonetheless, such a right can be implied from the retention principle as stipulated in the PDPA.
According to the retention principle, personal data processed for any purpose shall not be kept longer than is necessary for the fulfilment of that purpose. Secondly, it is the data user’s responsibility to take all reasonable steps to ensure that all personal data is destroyed or permanently deleted if it is no longer required for the purpose for which it was to be processed. Section 38 of the PDPA further provides a data subject the right to withdraw his or her consent to the processing of personal data. Upon receiving the notice, the data user shall cease to process the personal data of the data user.
It should be noted that the retention principle and the right awarded to data subjects to remove their personal data stored on blockchain upon revocation of consent are incompatible with the immutable nature of blockchain technology.
As discussed in 8.1 Data Privacy, the PDPA is the main legislative framework governing the processing of personal data in commercial transactions. In addition to the retention principle and the right to revoke consent, there are other principles and provisions within the PDPA that are incompatible with the nature of blockchain-based products and services, which are deliberately designed to render unilateral modification of data difficult or even impossible.
For example, the data integrity principle requires a data user to take reasonable steps to ensure that the personal data it holds is accurate, complete, not misleading and kept up-to date. Section 34 of the PDPA further provides that the data subject has the right to rectification, allowing the data subject to request in writing that the data user makes the necessary correction to the personal data. This right arises when the data subject knows that his or her personal data is inaccurate, incomplete, misleading or not up-to-date.
These rights and principles are inconsistent with the anatomy of blockchain, which allows for new data to be added onto the chain but not for existing data to be updated or amended. The current PDPA is not equipped to tackle innovative technologies like blockchain and Malaysian regulators have yet to address this issue. Nonetheless, reference should be made to the Guidelines on Management of Cyber-Risk that was published by the SC on 31 October 2016, which sets out, among other things, the requirements of cyber-risk policies and procedures and requirements for managing cyber-risk that are applicable to all capital market entities. Pursuant to this guideline, the management of all capital market entities are responsible for establishing and implementing cyber-risk policies and procedures that are commensurate with the sensitivity and confidentiality of data that each entity maintains.
Financial institutions that offer blockchain-related services should also be mindful of the Guidelines on Data Management and Management Information System published by the BNM that set out high level guiding principles on sound data management and management information systems that financial institutions should observe when developing internal data-management capabilities.
There is no legislation in Malaysia that governs the mining of cryptocurrencies.
There is no legislation in Malaysia that governs the staking of tokens.