Crypto Travel Rule Regulations in



Securities Commission Malaysia

Travel Rule required from
Travel Rule regulation still pending
April 1, 2022
Content last updated
June 6, 2023

Cryptocurrency regulation in Malaysia began with the Securities Commission Malaysia (SCM) publishing the Capital Markets and Services Order of 2019, which classified certain digital currencies and tokens as securities. In 2021, the SCM transposed crypto Travel Rule requirements to the Malaysia national framework through an amendment to the Guidelines on Prevention of Money Laundering and Terrorism Financing for Reporting Institutions in the Capital Market, Guidelines SC-GL/AML-2014 (R2-2021. The Crypto Travel Rule came into force in Malaysia on April 1, 2022.

Timeline of regulatory action:

1. Is cryptocurrency legal in Malaysia?

In Malaysia, cryptocurrencies are legal and classified as securities under Order 2019, but they are not recognized as legal tender or payment instruments by the country's central bank, Bank Negara Malaysia.

2. Are there any AML crypto regulations in Malaysia?

Yes. Malaysian VASPs must comply with the AML guidelines outlined in the Guidelines SC-GL/AML-2014 (R2-2021).

3. Who regulates cryptocurrency in Malaysia?

The Securities Commission Malaysia (SCM) regulates cryptocurrencies through Order 2019.

4. Are there licensing or registration requirements for VASPs in Malaysia?

Cryptocurrency exchanges in Malaysia must register with the SCM to operate per the Guidelines on Recognized Markets.

View Malaysian VASPs on the Notabene Network

Explore the Network

FATF Travel Rule Requirements in Malaysia

1. Is the Crypto Travel Rule mandated in Malaysia?

Yes. On April 26, 2021, the SCM introduced amendments to the Guidelines SC-GL/AML-2014 (R2-2021) that set forth Travel Rule requirements in the region.

2. Did Malaysia permit a grace period to comply with the Crypto Travel Rule?

Yes. Travel Rule requirements entered into force in Malaysia on April 1, 2023, roughly 11 months after the AML Guidelines were published.

Complying with the Crypto Travel Rule in Malaysia

1. What is the minimum threshold for the Crypto Travel Rule in Malaysia?

No de minimis threshold applies, according to Malaysia’s Crypto Travel Rule requirements; the same scope of information is to be transmitted regardless of the transaction amount.

2. What personally identifiable information is required to be shared for the Crypto Travel Rule in Malaysia?

Malaysian Originator VASPs must collect and share the following personally identifiable information with the Beneficiary VASP:

From our workshops with Malaysian VASPs, we have learned that collecting and verifying the Place of Birth is not standard practice as part of the customer due diligence process. Hence, Malaysian VASPs routinely opt to transmit the Originator’s Address instead of Date and Place of Birth.

3. Are there differences in customer PII requirements for cross-border transfers versus transfers within Malaysia?

Although paragraph 9.2.1 of the Guidelines specifically mentions cross-border transactions. "A reporting institution which is an ordering institution must ensure that the message or instruction for cross-border wire transfer are accompanied by the following: (...)"), the current stance of the SCM is that the same scope of Travel Rule information transmission obligations apply regardless of whether the transaction is cross-borders or with a Malaysian counterparty.


4. What are the non-custodial or self-hosted wallet requirements in Malaysia?

There is no written rule on the requirements applicable when transacting with self-hosted wallets. However, this is part of VASP's travel rule policies & procedures reviewed by the supervisory authorities. 

5. What are the Beneficiary VASP obligations in Malaysia?

A beneficiary institution must take reasonable measures, including post-event or real-time monitoring where feasible, to identify transfers that lack the required originator information or beneficiary information. [1]

A beneficiary institution must have effective risk-based policies and procedures for determining- (a) when to execute, reject, or suspend a wire transfer lacking the required originator or beneficiary information; and (b) the appropriate follow-up action. [2] 

Why choose Notabene for Crypto Travel Rule Compliance in Malaysia?

Notabene stands as the optimal solution for Crypto Travel Rule compliance in Malaysia. Its trusted partnerships with registered digital asset exchanges, wide reachability with the Notabene Network, and comprehensive compliance solutions tailored to Malaysia's regulatory requirements make it the ideal choice. Notabene has a proven track record of assisting VASPs globally and locally, further solidifying its reliability.

Currently, there are four registered digital asset exchanges operating under cryptocurrency regulations in Malaysia: Luno Malaysia, MX Global, SINEGY Technologies, and Tokenize Technology. All of these exchanges have selected Notabene to fulfill their Travel Rule compliance needs. To engage with them and send Travel Rule-compliant transactions, simply utilize the Notabene Network.

By opting for Notabene, VASPs can ensure the efficient and secure transmission of Travel Rule-compliant transactions. This demonstrates their commitment to meeting the regulatory obligations set by the Securities Commission Malaysia.

Notabene's commitment to privacy + security:

Bank-grade security for an insecure world
  • Passed rigorous security reviews by more than 50 institutions, including global banks and top 20 crypto exchanges
  • Annual SOC 2 Type II Audit for Security and Data Privacy Categories
  • Regular penetration testing by security audit leader Cobalt
Industry’s strongest protection for your customer data
  • Industry’s only escrowed exchange of encrypted PII
  • Compliant with EU GDPR, Singapore PDA
  • Plug-and-play Travel Rule end-user data consent component
Enterprise White Glove features
  • 24h/7 days a week uptime
  • Configurable enterprise SLA
  • SOC2 compliant disaster recovery and business continuity plans
Learn more about our commitment to security
This content is provided for general informational purposes only. By using the content, you agree that the information on this content does not constitute legal, financial or any other form of professional advice. No relationship is created with you, nor any duty of care assumed to you, when you use this content. The content is not a substitute for obtaining any legal, financial or any other form of professional advice from a suitably qualified and licensed advisor. The information on this content may be changed without notice and is not guaranteed to be complete, accurate, correct or up-to-date.

Help us keep this page up to date! Any comments, corrections or suggestions on this page can be sent to