On 30 December 2022, the Central Bank of Malaysia, Bank Negara Malaysia (“BNM”) issued a new Policy Document on Electronic Money (“Policy Document”). The new Policy Document supersedes the Guidelines on Electronic Money (“Superseded Guidelines”) issued by BNM on 31 July 2008 and officially came into effect on 30 December 2022, except for certain paragraphs which will only come into effect on 30 December 2023.
This article sets out the key changes introduced by the new Policy Document.
The new Policy Document has introduced certain changes to the e-money regulatory framework, which include, inter alia:
- Re-categorisation of e-money issuers
- Enhanced corporate governance requirements
- Revised operational and risk management requirements
- Enhanced Information Technology (“IT”) requirements
Over the past decade, electronic money (“e-money”) has evolved and grown significantly due to the proliferation of mobile technology such as Quick Response (QR) codes and mobile applications. The form of e-money has also evolved from traditional stored value cards to network-based solutions such as online accounts or e-wallets.
Given the increasing prominence of e-money in the financial landscape, revisions in the e-money regulatory framework are required to strengthen the safety and reliability of e-money issued by e-money issuers (“EMIs”), as well as to preserve public confidence in using or accepting e-money.
The notable changes introduced by the Policy Document are outlined below.
Re-categorisation of EMIs
Previously, EMIs were categorised into two types of e-money schemes (i.e. “small schemes” and “large schemes”), depending on wallet size and aggregate outstanding e-money liabilities. The new Policy Document now categorises EMIs into the following three categories:
- Standard EMI: refers to an EMI other than an Eligible EMI;
- Limited Purpose EMI: refers to an EMI that issues e-money as described in Appendix 2 of the Policy Document (e.g. e-money which can only be used within a single set of premises in Malaysia). Generally, a Limited Purpose EMI will not be subject to the requirements under the Policy Document other than, inter alia, the requirement imposed on a non-bank EMI to maintain minimum capital funds; and
- Eligible EMI: refers to an EMI which fulfils the criteria set out in Appendix 1, that is, an EMI that has:
- at least 500,000 active users for a consecutive period of six months, beginning 2017;
- a market share of at least 5% of the total e-money transaction volume in Malaysia for a given year, beginning 2017;
- a market share of at least 5% of the total e-money transaction value in Malaysia for a given year beginning 2017; or
- a market share of at least 5% of the total outstanding e-money liabilities in Malaysia for a given year, beginning 2017.
Compared to Standard and Limited Purpose EMIs, this category of EMI is subject to higher regulatory expectations.
Enhanced corporate governance requirements
Part B of the Policy Document sets out BNM’s expectations with respect to the governance arrangements for an EMI. The requirements range from those relating to the composition of the EMI’s board to the requirements and responsibilities of senior management roles.
Revised operational and risk management requirements
Part C of the Policy Document sets out additional operational and risk management-related conditions to be satisfied by EMIs. Some of the salient conditions are set out below:
Revised minimum capital funds requirements
Currently, a large e-money scheme issuer needs to maintain minimum capital funds of RM5 million or 8% of its outstanding electronic money liabilities, whichever is higher, and a small e-money scheme issuer needs to maintain minimum capital funds of RM100,000.
From 30 December 2023 onwards, the minimum capital funds that will have to be maintained by EMIs will be as follows:
- Standard EMI: RM1 million or 8% of its outstanding electronic money liabilities, whichever is higher; and
- Eligible EMI: RM5 million or 8% of its outstanding electronic money liabilities, whichever is higher.
Revised threshold for approval requirement with respect to increase in purse limit
Previously, a large e-money scheme issuer had to obtain BNM’s approval to increase its maximum purse limit to any amount above RM1,500. Under the new Policy Document, an EMI will only be required to obtain BNM’s approval if the increase in purse limit is above RM5,000, or if there will be any changes to the functionality or the product features of the e-money in question.
In any case, there is also a notification requirement with respect to any increase in wallet limit which is below the RM5,000 threshold, and where such increase does not involve any changes in functionality and product features of the e-money.
Safeguarding of funds
Notwithstanding the issuance of the Policy Document, the following requirements under the Superseded Guidelines will continue to apply until 30 December 2023.
Under the Superseded Guidelines, an issuer of a large e-money scheme must deposit funds collected in exchange for the e-money issued in a trust account with a licensed banking institution, and such funds may only be used to make refunds to users and make payment to merchants. The funds may only be invested in high quality liquid ringgit assets (i.e. deposits placed with licensed banking institutions, debt securities issued or guaranteed by Federal Government and BNM, Cagamas debt securities etc.). Issuers who are unable to restrict their activities to e-money business only must deposit and maintain an additional 2% of their outstanding e-money liabilities in the trust account at all times.
For issuers of a small e-money scheme, the funds collected in exchange for the e-money issued must be placed in a deposit account with a licensed banking institution and separated from its other accounts. It should be managed by the issuer in a manner akin to a trust account arrangement. The issuer should ensure that the funds in the deposit account may only be used to refund users and make payment to merchants, and the funds must not be invested in any form of assets other than bank deposits.
From 30 December 2023 onwards, similar safeguarding requirements under Paragraph 16 of the Policy Document will be applicable to the EMIs. In addition, the Policy Document has incorporated new requirements including the following:
- Where a non-bank EMI’s total outstanding e-money liabilities are greater than the funds in the trust account, a non-bank EMI will be encouraged to deposit funds into the trust account within one (1) working day to ensure that the funds in the trust account are at all times sufficient to cover the total outstanding e-money liabilities
- An EMI will be encouraged to spread out the placement of funds received in exchange for e-money issued in bank accounts maintained at several banking institutions to mitigate risk exposure to any single banking institution
- A non-bank EMI will have to ensure that it has sufficient liquidity for its daily operations. At a minimum, an EMI would be required to maintain a liquidity ratio of one
Refunds and withdrawal
The Policy Document has introduced new requirements with respect to the withdrawal and refunds of e-money. Insofar as the withdrawal of e-money is concerned, an EMI must ensure, inter alia:
- any physical cash withdrawal outside Malaysia using e-money is undertaken in foreign currency only; and
- where e-money balances are remitted into a bank account, any withdrawal of funds from the e-money account must be paid into the customer’s own bank account with a banking institution only, unless the EMI participates in the Real-time Retail Payments Platform (RPP) and offers credit transactions by which the withdrawal of e-money balances may be made to other bank or e-money accounts.
From 30 December 2023 onwards, an EMI will be required to obtain BNM’s prior approval before entering into a new material outsourcing arrangement or making any material changes to an existing material outsourcing agreement. The Policy Document sets out enhanced requirements for outsourcing arrangements, which include, inter alia, the specific clauses to be included in an outsourcing agreement as well as the requirements relating to outsourcing outside Malaysia and outsourcing involving cloud services.
An EMI must obtain BNM’s prior written approval before entering into a white labelling agreement for the first time or making any material changes to its existing white labelling arrangement.
Prohibition of promotion or cross-selling of financial products or services
A non-bank EMI is prohibited from using its e-money platform or system to promote or cross-sell any financial products or services except with BNM’s prior written approval.
Enhanced IT requirements
Part D of the Policy Document sets out comprehensive IT-related requirements with respect to technology risk management, technology operational management, cybersecurity management, technology audit, internal awareness and training, including control measures relating to mobile technology such as internet applications, mobile applications and devices, and Quick Response (QR) code etc. The requirements set out under Part D of the Policy Document will come into force on 30 December 2023.
This article has been prepared with the assistance of Associates Nicole Leng, Aniq Ikhwan bin Ishak and Yung Jia Heng.