1. Home
  2. Corporate Services
  3. FinTech Licensing
  4. Malaysia
Last updated: April 2026
FinTech Licensing · Malaysia

Malaysia FinTech Licensing (BNM & SC)

Judge gavel striking courtroom — Malaysia FinTech Licensing (BNM & SC)

Navigate Bank Negara Malaysia and Securities Commission requirements for e-money, digital assets, and payment services in one of Southeast Asia's most active fintech markets.

Regulators
BNM + SC
DAX Capital
MYR 5M
Population
33M
Timeline
6–12 months

At a Glance

Payment RegulatorBank Negara Malaysia (BNM)
Crypto RegulatorSecurities Commission (SC)
Offshore OptionLabuan IBFC (3% tax)
Islamic FintechYes — SC Shariah guidelines
SandboxBNM Financial Technology Enabler Group (FTEG)
IEO/CrowdfundSC IEO Guidelines 2020

Malaysia's Dual-Regulator Fintech Landscape

Malaysia operates a split regulatory system for financial services: Bank Negara Malaysia (BNM) governs banking, insurance, and payment systems, while the Securities Commission Malaysia (SC) regulates capital markets, digital assets, and investment-related activities. Fintech companies often need to engage both regulators depending on the nature of their services.

Malaysia punches above its weight in fintech innovation for a country of 33 million people. The BNM FinTech Enabler Group (FTEG) runs a well-regarded regulatory sandbox, and Malaysia's digital banking framework (5 licences issued in 2022) has attracted global attention. The country is also a world leader in Islamic fintech — the SC's Shariah-compliant digital asset framework and BNM's Islamic finance expertise create unique opportunities for halal fintech products.

For crypto and digital asset businesses, the SC Malaysia is the primary regulator. The SC recognised its first Digital Asset Exchanges (DAX) in 2019–2020 and has since built out a comprehensive Digital Assets Guidelines framework covering exchanges, IEOs (Initial Exchange Offerings), and digital asset fund management.

Bank Negara Malaysia (BNM) Licence Types

BNM regulates payment services under the Financial Services Act 2013 (FSA) and the Islamic Financial Services Act 2013 (IFSA). The key fintech-relevant licences include:

Licence TypeActivityMin CapitalTimeline
E-Money IssuerIssuing stored-value instruments, prepaid wallets, e-walletsMYR 5M (large float); MYR 1M (small float < MYR 25M)6–12 months
Money Services Business (MSB)Currency exchange, remittance, wholesale currencyMYR 5M–50M depending on activity6–9 months
Payment System OperatorOperating interbank payment infrastructureMYR 20M+12–18 months
Digital BankFull digital banking licence (limited to 5 issued)MYR 300M (operational); MYR 100M transitional18–24 months
Issuer of Designated Payment InstrumentsCharge cards, debit/credit facilitiesMYR 20M9–15 months
E-Money Float Threshold: E-money issuers with outstanding float exceeding MYR 25 million at any time are classified as "large" issuers and face significantly higher capital requirements (MYR 5M paid-up) and BNM oversight, including mandatory float safeguarding in trust accounts.

Securities Commission: Digital Asset Exchange (DAX)

The SC Malaysia regulates digital assets under a recognition framework for market operators. A Recognised Market Operator (RMO) approval is required before operating a Digital Asset Exchange in Malaysia. As of 2025, approved DAX operators include Luno, MX Global (MXC), Tokenize, and SINEGY.

DAX Recognition Requirements

Paid-Up Capital

Minimum MYR 5 million paid-up share capital. Liquid assets (cash or government securities) of at least 50% of capital (MYR 2.5M) maintained at all times.

Fit & Proper

All controllers (≥5% shareholders), directors, and senior management must pass SC fit and proper assessment. No criminal convictions, no regulatory sanctions, strong financial integrity.

AML/CFT Framework

Comprehensive AML/CFT programme per SC's Anti-Money Laundering guidelines and AMLA 2001 obligations. Digital assets classified as "designated payment instrument" under Malaysian AML law.

Technology & Cybersecurity

SC Technology Risk Management Framework compliance. Mandatory penetration testing, incident response plan, hot/cold wallet segregation (at least 80% in cold storage), customer asset reconciliation procedures.

Customer Asset Segregation

Strict segregation of customer digital assets and fiat. Customer assets held in trust; DAX cannot use customer assets for proprietary trading or business operations. Monthly reconciliation reports to SC.

Listing Rules

Digital assets listed on a Malaysian DAX must meet SC's Digital Assets Assessment Framework. SC maintains a whitelist of approved digital assets; operators cannot list new tokens without prior SC approval.

Initial Exchange Offerings (IEO) Framework

The SC Malaysia's IEO Guidelines (issued 2020) created one of Asia's most structured frameworks for token fundraising. IEOs allow companies to raise capital through digital token offerings hosted on a SC-recognised DAX platform.

IEO Key Parameters

  • Maximum IEO fundraising: MYR 100 million per issuer per campaign
  • Retail investor cap: MYR 2,000 per issuer per IEO
  • Accredited investors (assets > MYR 3M): no individual limit
  • IEO host platform must be SC-recognised DAX operator
  • Issuer must publish SC-reviewed disclosure document (IEO White Paper)
  • 6-month token lock-up for founders and early team members
  • Digital assets issued must comply with SC's Digital Asset Assessment Framework
  • Post-IEO secondary trading only on SC-recognised DAX platforms

Islamic FinTech: Malaysia's Unique Advantage

Malaysia is the world's most developed Islamic finance market and has translated this strength into Islamic fintech regulation. The SC's Shariah Advisory Council (SAC) has issued specific rulings on digital assets, and both BNM and SC have frameworks for Shariah-compliant fintech products.

SC Shariah-Compliant Digital Assets

The SC's Digital Assets Guidelines allow for Shariah-compliant digital asset offerings. Issuers wishing to market tokens as Shariah-compliant must obtain a Shariah pronouncement from the SC's SAC or an SC-registered Shariah adviser confirming the token structure meets Islamic finance principles (asset-backed, no riba/interest, permissible underlying activity).

BNM Islamic Fintech

Under the IFSA 2013, fintech companies can obtain Islamic variants of BNM licences — e.g., an Islamic e-money issuer licence for Shariah-compliant digital wallets. BNM's FIKRA (formerly known as the Investment Account Platform) supports Islamic equity crowdfunding, and BNM's regulatory sandbox has approved multiple Islamic fintech pilots.

Global Islamic Fintech Opportunity: Malaysia's Islamic finance credibility makes it a natural hub for targeting the global Islamic digital economy — estimated at over USD 3 trillion. Malaysian-licensed entities regularly export Islamic fintech services to Gulf Cooperation Council (GCC) countries, Indonesia, and Bangladesh.

Labuan IBFC: Offshore Fintech Structure

Labuan is a Federal Territory of Malaysia that houses a separate offshore financial centre — the Labuan International Business and Financial Centre (IBFC). Labuan operates under its own regulatory framework (Labuan FSA) and offers significantly lower tax rates for international business, while retaining the benefit of Malaysia's double-tax treaty network (70+ treaties).

FeatureLabuan IBFCMainland Malaysia
Corporate tax3% on audited net profits (trading); 0% on non-trading income24% standard; 17% for small companies
DTA accessYes (via Malaysia's treaty network)Yes
Digital Asset LicenceLabuan Digital Token (LDT) regulation under LIFSSASC Digital Assets Guidelines (DAX/IEO)
Minimum substance2 locally-resident directors + 2 FTE staff in LabuanStandard Malaysian company requirements
Customer restrictionsMust primarily serve non-Malaysian customersCan serve Malaysian residents
Regulatory bodyLabuan FSA (LFSA)BNM / SC Malaysia

The Labuan Digital Token (LDT) framework, introduced in 2020 under the Labuan Financial Services and Securities Act (LFSSA), allows Labuan entities to issue, exchange, or provide custody of digital tokens for international customers. Labuan is particularly attractive for offshore crypto exchanges targeting Southeast Asian customers outside Malaysia.

BNM Financial Technology Enabler Group (FTEG) Sandbox

BNM's FTEG regulatory sandbox has been running since 2016 and has graduated over 30 fintech pilots to full licences. The sandbox allows fintech companies to test innovative products within defined parameters for up to 12 months, with the possibility of extension.

  • Sandbox available for payment, lending, insurance, and investment-related innovations
  • Participant cap typically limited to 1,000–10,000 customers during sandbox phase
  • Transaction value limits imposed to contain systemic risk
  • BNM assigns a dedicated relationship manager to each sandbox participant
  • Successful graduates receive expedited full licence processing
  • SC Malaysia runs a parallel sandbox for capital market fintech innovations

Licence Application Process

  1. Pre-Application Consultation

    Engage BNM FTEG or SC Digital Markets team for an informal pre-application discussion. Both regulators encourage early dialogue. Confirm which licence(s) are applicable and understand specific requirements for your business model before incurring full application costs.

  2. Incorporate Malaysia Entity

    Incorporate a Sdn Bhd (private limited company) via the Companies Commission of Malaysia (SSM). Minimum two shareholders and two directors (at least one Malaysian resident director required). Complete SSM registration typically within 1–3 working days.

  3. Build Compliance & Technology Infrastructure

    Draft AML/CFT programme per SC or BNM guidelines. Establish KYC workflows, transaction monitoring, and sanction screening. For DAX applicants, document technology risk management framework, cybersecurity controls, and customer asset segregation procedures.

  4. Submit Formal Application

    Submit application to BNM (via BNM eServices) or SC (via eServices portal) with complete documentation: corporate documents, business plan, financial projections, fit and proper declarations, AML/CFT programme, IT architecture description, and source of funds for capital injection.

  5. Regulatory Review & Interview

    BNM/SC will conduct document review and may invite key management for a formal regulatory interview. Technology inspections may be conducted for DAX applicants. Respond promptly to all information requests — delays extend overall timeline. Both regulators typically issue conditional approvals before final licence.

  6. Capital Injection & Licence Issuance

    Upon conditional approval, inject required capital into the licensed entity. Submit evidence of capital injection and fulfillment of conditions. Final licence issued by BNM or SC. For DAX, SC recognition order published on SC website. Begin commercial operations within 6 months of licence issuance or risk withdrawal.

Frequently Asked Questions

Cryptocurrency exchanges (Digital Asset Exchanges) in Malaysia are regulated by the Securities Commission Malaysia (SC) under the Capital Markets and Services Act 2007 and the Digital Assets Guidelines. Exchanges must obtain SC recognition as a Recognised Market Operator (RMO) before operating. Payment services (e-wallets, remittance) fall under BNM.
DAX operators must maintain minimum paid-up capital of MYR 5 million (approximately USD 1.1 million) and hold liquid assets of at least 50% of this amount (MYR 2.5M) in cash or government securities at all times. Capital requirements are higher than many offshore jurisdictions but reflect SC's rigorous investor protection standards.
Yes. Malaysia has a dedicated Islamic Digital Economy framework. The SC has issued guidelines for Shariah-compliant digital assets and IEOs. BNM's Shariah Advisory Council provides rulings on specific digital asset products. This makes Malaysia a global leader in halal fintech, opening access to Islamic investor markets in GCC countries and Southeast Asia.
A Labuan IBFC licence offers a low-tax offshore structure (3% on net profits from international business) with a reputable Malaysian regulatory framework under Labuan FSA. It is suited for crypto businesses targeting international customers outside Malaysia, with access to Malaysia's 70+ double-tax treaty network. Substance requirements apply: at least 2 FTE staff in Labuan.
BNM e-money licence applications typically take 6–12 months from formal submission. The process involves a pre-application consultation with BNM FTEG, formal submission with complete documentation, BNM review, possible follow-up requests for information, and conditional/final approval. Well-prepared applications with prior BNM consultation experience faster processing.
Setup costs typically range from RM 50,000 to RM 200,000 depending on your specific license category and the complexity of your compliance infrastructure. This includes application fees to Bank Negara Malaysia (BNM), legal consultation, compliance audits, and technology infrastructure assessments. Additional ongoing annual compliance costs generally run between RM 30,000 to RM 100,000 per year.
You must establish relationships with at least one BNM-approved banking institution for customer fund segregation and settlement purposes. Most licensed FinTech operators maintain accounts with major Malaysian banks such as Maybank, CIMB, or Public Bank to facilitate transaction processing and regulatory compliance. Bank selection is often reviewed by BNM during your license application assessment.
Yes, you must submit comprehensive AML/CFT policies, customer due diligence procedures, and transaction monitoring frameworks that comply with the Financial Action Task Force (FATF) standards and Malaysia's Anti-Money Laundering Act 2001. BNM requires detailed documentation of your Know Your Customer (KYC) processes, beneficial ownership verification, and suspicious activity reporting procedures. These documents typically require third-party compliance certification before submission.
Malaysia FinTech licenses must be renewed annually with BNM, typically between 30-60 days before expiration. The renewal process requires submission of updated financial statements, compliance reports, and any changes to your business operations or key management personnel. Renewal fees are generally lower than initial application fees but still range from RM 10,000 to RM 50,000 depending on your license category.
Malaysia's BNM framework is generally considered more prescriptive regarding capital requirements and corporate governance standards, while Singapore's Monetary Authority (MAS) approach is principles-based but with higher initial capital thresholds. Malaysia offers faster initial licensing timelines (6-12 months versus 12-18 months in Singapore) but requires more frequent regulatory reporting. Operating in both jurisdictions requires separate licensing and compliance infrastructure tailored to each regulator's specific requirements.
Licensed FinTech providers are subject to corporate income tax at the standard rate of 24% on Malaysian-sourced income, plus potential service tax (SST) of 6% on digital services depending on your specific business model. You must register with the Malaysian Inland Revenue Board (IRB) and maintain detailed transaction records for tax audit purposes. Digital token transactions may face different tax treatment depending on whether they are classified as revenue-generating activities or investment holdings.
BNM requires you to appoint a Chief Executive Officer, Chief Financial Officer, and Compliance Officer with demonstrated relevant experience in financial services or FinTech operations. All senior management members must pass BNM's fit-and-proper assessment, which includes background checks, financial history review, and relevant professional qualifications. You must also establish a Board of Directors or equivalent governance body with at least one independent member, and maintain an Audit Committee if your entity size exceeds RM 500 million in annual transaction volume.
Justice scales figurine law certificate — Crypto License
◆ KEY METRICS

Malaysia FinTech License Overview

8-12 weeks
Approval Timeline
BNM
Regulatory Authority
RM 300,000
Minimum Capital Requirement
5 Categories
License Types Available
3 years
License Validity Period
2026
Current Regulatory Year
◆ COST BREAKDOWN

Malaysia FinTech License Expenses

Application & Processing Fee
BNM regulatory filing and initial review
RM 50,000
Legal & Compliance Documentation
Articles of Association, compliance manual, risk management framework
RM 35,000
Due Diligence & Audit
Background checks, financial audit, governance assessment
RM 40,000
Compliance Technology & Infrastructure
AML/KYC systems, data security certification, monitoring tools
RM 60,000
Consultant & Advisory Services
CryptoLicenses.net regulatory guidance and submission support
RM 75,000
License Issuance & Annual Fee (Year 1)
BNM annual supervision fee and license certificate issuance
RM 25,000
Total First-Year Cost
Complete licensing pathway to operational status
RM 285,000
Practitioner Insight

Practical Licensing Insight

Based on CryptoLicenses.net consulting data, 2024-2026

MH
Dr. Marcus Hartmann
Senior Licensing Consultant · LL.M. International Financial Law
22 years in financial services regulation. Advised 400+ crypto licensing mandates across 60+ jurisdictions. Based in Zug, Switzerland.
Free Consultation

Ready to Get Licensed?

Tell us about your project and we'll identify the right jurisdiction, outline the requirements, and give you a realistic cost estimate — at no charge.

  • 🇨🇭 Swiss-registered firm, Zug
  • ⚡ Response within a few hours
  • 🔒 Strictly confidential
  • ✓ 80+ jurisdictions covered

Confidential · No obligation · No spam