Diving into Malaysia Data & Compliance Report (DCR) 2024

Malaysia Data & Compliance Report

In an era of heightened regulatory scrutiny, financial and non-financial institutions must navigate complex reporting requirements to remain compliant with Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) regulations. A crucial element in this compliance journey is the DCR introduced by Bank Negara Malaysia (BNM) as part of the Anti-Money Laundering, Anti-Terrorism Financing, and Proceeds of Unlawful Activities Act 2001 (AMLA). Since its implementation, the DCR has become an indispensable tool for firms in designated sectors, enabling self-assessment and regulatory oversight.

What is the Malaysia Data & Compliance Report (DCR)?

The DCR is a structured, periodic compliance report required by BNM, targeting specific reporting institutions (RIs), including lawyers, accountants, company secretaries, registered estate agents, and dealers in precious metals or stones. Established as a regulatory instrument, the DCR assesses a firm’s compliance with AML/CFT guidelines and helps institutions identify potential vulnerabilities to money laundering (ML), terrorism financing (TF), and proliferation financing (PF). Beyond compliance, DCR reporting allows firms to introspectively review and strengthen their internal risk management processes.

Who Must Submit the DCR?

According to the AMLA, submission of the DCR is mandatory for RIs involved in gazetted activities. Firms that are newly registered, dormant, or have not engaged in any gazetted activities in the reporting years (2022–2023) may declare their status of non-applicability via the Designated Non-Financial Businesses and Professions (DNFBP) portal.

Key sectors required to submit the DCR include

  • Lawyers and notaries public 
  • Accountants 
  • Company secretaries 
  • Registered estate agents 
  • Dealers in precious metals and stones 

 

Firms exempted from DCR submission include those undergoing on-site reviews or thematic assessments in 2024, as well as those strictly employed internally by non-reporting entities (e.g., government agencies). 

Reporting Requirements: A Step-by-Step Overview

Each year, the DCR submission period begins in October and concludes by mid-January of the following year. The DCR 2024 submission window remains open until January 15, 2025, and no extensions will be granted. Before initiating the report, firms must appoint a Compliance Officer (CO), who will oversee the process and act as a liaison with BNM.

Primary Sections of the DCR

  1. Institutional and Business Information: Firms must provide essential business details, including the firm’s structure, sector designation, and CO information. This section also examines international affiliations or branch operations to assess a firm’s global exposure. 
  2. Risk Assessment: This section is pivotal as it requires firms to conduct thorough ML/TF/PF risk assessments across type of product/services, transaction volumes, payment methods, and value of transactions. Firms are expected to detail their risk management framework and highlight risk drivers or factors influencing their business model. 
  3. AML/CFT Compliance Program: Firms must demonstrate their AML/CFT compliance policies, including customer due diligence (CDD), risk-based screening of clients, employee training, and audit functions. Large institutions must further document employee screening processes and AML/CFT program efficacy, detailing how they address risk at various transaction points. 
  4. Sanctions Screening: As part of their AML/CFT obligations, firms are required to screen clients against sanctions lists. Firms must indicate the sources and updates of these lists and verify that sanctioned individuals or entities do not conduct business through their services. 
  5. Client Profile and Transactions: This segment breaks down client demographics, transaction values, and payment methods, requiring firms to account for cash transactions and categorize them by value. This data helps to determine potential exposure to ML/TF risks, especially among high-cash industries. 

Compliance Strategy and Best Practices

To navigate the complex DCR submission requirements, firms can adopt several best practices to maintain compliance and optimize their reporting processes: 

  1. Standardize Data Collection: Implement standardized templates to gather and organize data required for the DCR. Comprehensive data collection across client types, transaction values, and cash payments will ensure that all relevant information is readily available. 
  2. Train Compliance Teams: Ensure that compliance officers and team members are well-versed in DCR guidelines, risk assessment methodologies, and AML/CFT compliance policies. Continuous training helps in maintaining up-to-date knowledge and adapting to regulatory changes effectively. 
  3. Use Self-Assessment Tools: BNM recommends that institutions utilize the DCR report card as a self-assessment tool. Regularly reviewing this data can help firms identify compliance gaps and enhance their AML/CFT measures, ultimately lowering exposure to regulatory risk. 
  4. Leverage Technology for Client Screening: Employ automated systems for client onboarding and sanctions screening to streamline the CDD process. Technology-driven solutions, such as artificial intelligence, can assist in identifying suspicious transactions and ensure that all clients are vetted against relevant sanctions lists. 

Non-Applicability and Declaration Process

Firms not involved in gazetted activities during the reporting period must declare their status through the DNFBP portal, selecting the “Declaration of Non-Applicability” option. This applies to dormant firms, newly established entities, or firms winding down operations. A firm that does not submit a DCR nor declare its non-applicable status could face regulatory scrutiny, as non-compliance with the DCR requirement carries enforcement actions.

Conclusion

For RIs, the DCR represents more than a compliance requirement; it is a roadmap to understanding and enhancing AML/CFT protocols within the business. As BNM continues to advance its supervisory framework, timely and accurate DCR submissions help firms mitigate financial crime risks and support Malaysia’s broader financial security goals. By approaching DCR submission with a structured compliance strategy and technology-assisted solutions, firms can not only meet regulatory obligations but also strengthen their internal controls and reputational integrity in the marketplace.

1. Is submission mandatory for small-sized firms?

Yes, the DCR is mandatory for all RIs, regardless of firm size. However, certain AML/CFT requirements, such as independent audits, may have simplified guidelines for smaller firms.

2. What are the consequences of failing to submit the DCR?

Failure to submit a complete and accurate DCR within the deadline may result in enforcement action from BNM. Firms are strongly advised to maintain compliance and ensure accuracy in the submission.

3. How are DCR submissions handled for groups of companies?

If a firm operates multiple entities (e.g., separate accounting and company secretarial firms), each entity must file a DCR for its specific activities.

[Unauthorized copying and redistribution prohibited] ⓒ2024 Premia TNC. All rights reserved.
This content is protected by copyright law. Copying, redistribution, and secondary processing without prior approval are prohibited, and violations may result in legal liability.