I. Introduction

Digital assets—often associated with blockchain-based tokens, cryptocurrencies, and increasingly, tokenised versions of traditional assets—continue to reshape global financial landscapes. Malaysia is no exception; it has seen a rise in digital asset-related ventures ranging from crowdfunding and initial exchange offerings (IEOs) to sophisticated decentralised finance (DeFi) applications. To foster a conducive yet safe environment for such innovation, the Securities Commission Malaysia (SC) has introduced and refined its Guidelines on Digital Assets (Guidelines).

Originally published in 2020, the Guidelines were part of a broader regulatory push that included amendments to the Capital Markets and Services Act 2007 (CMSA). They aim to protect investors, enhance market integrity, and encourage responsible innovation in Malaysia’s nascent digital asset sector. Since then, the SC has released periodic updates and press statements to clarify its position on emerging trends, such as non-fungible tokens (NFTs), DeFi, and stablecoins.¹ In doing so, the SC has signalled both its readiness to adapt to rapid technological changes and its resolve to safeguard the public interest.

This article provides a holistic overview of the Guidelines and their implications. It is divided into three major sections:

1. Brief Introduction – The core objectives, scope, and recent updates to the Guidelines.
2. Body – A detailed examination of everything companies, individuals, and intermediaries need to know about operating or engaging with digital assets under Malaysian law.
3. Conclusion – Closing thoughts on the future trajectory of digital asset regulation in Malaysia.

II. Body

1. Background and Purpose of the Guidelines

The Malaysian Government and its regulatory bodies recognised early on the need to address digital assets in a structured manner. As blockchain projects proliferated globally, local innovators sought to introduce coins and tokens to fund start-ups, while foreign cryptocurrency exchanges eyed Malaysia as a potential growth market. However, the unregulated nature of these offerings led to concerns about fraud, financial crime, and consumer protection.²

Thus, in early 2019, the Ministry of Finance (MoF) and Bank Negara Malaysia (BNM) collaborated with the SC to amend the CMSA and introduce new regulations covering “digital currencies” and “digital tokens” deemed to be securities.³ This legislative backdrop paved the way for the Guidelines on Digital Assets, published in January 2020, with subsequent updates clarifying procedures for initial exchange offerings, digital asset custodians, and anti-money laundering (AML) obligations.

Key Objectives
The SC’s Guidelines on Digital Assets serve several core objectives:

1. Investor Protection: Digital asset markets, characterised by price volatility and speculative sentiment, require protective measures to reduce fraud and ensure transparent disclosures.
2. Market Integrity: Regulating digital asset offerings and exchanges aligns these activities with standards applied in traditional capital markets, thus preserving trust.
3. Responsible Innovation: Balancing the need to protect investors with fostering creativity and growth in the FinTech sector is a main priority. The SC encourages innovation through sandboxes and dialogue with market participants.

2. Scope and Applicability

2.1 Who Must Comply?

The Guidelines apply to any individual or entity wishing to issue or deal in digital assets considered securities within Malaysia. This extends to:

• Issuers: Companies or entities offering digital tokens for fundraising or other purposes.
• Digital Asset Exchanges (DAX) Operators: Platforms enabling the trading of digital assets.
• Intermediaries and Custodians: Service providers tasked with the safekeeping of digital assets or facilitating token sales.
• Investors: While they are not directly licensed, investors are bound by requirements that platforms must enforce, such as Know-Your-Customer (KYC) checks.

Malaysia’s approach aligns with global regulatory norms that view certain tokens—particularly those conferring financial benefits or rights—as securities.⁴ The SC periodically updates its Recognised Market Operators (RMO) register, listing DAX operators licensed to function in the country.⁵

2.2 Categorisation of Digital Assets

Under the Guidelines, the SC distinguishes between:

1. Digital Currencies: Assets primarily used as a medium of exchange and store of value, akin to cryptocurrencies like Bitcoin and Ethereum.
2. Digital Tokens: Assets conferring specific rights (e.g., profit-sharing or voting rights) or utility (e.g., access to a platform’s products or services).

Regulatory compliance obligations differ based on this classification. For instance, some digital tokens that purely offer utility may be treated differently from those resembling traditional securities (e.g., shares or bonds).

3. Authorisation Requirements

3.1 Licensing of Digital Asset Exchanges

Entities planning to operate a Digital Asset Exchange (DAX) must secure approval from the SC. The application involves disclosing:

1. Corporate Structure and Shareholding: The SC must review the controlling interests, directors, and senior management to ensure they are “fit and proper” persons.
2. Capital Requirements: Operators must meet minimum capital thresholds, reflecting the potential scale of their exchange operations and corresponding financial risks.
3. Risk Management and Compliance Systems: Applicants must show robust frameworks for market surveillance, AML, customer data protection, and cybersecurity.

Ongoing Obligations
Once licensed, DAX operators remain subject to strict obligations. They must submit regular compliance reports to the SC, undergo audits, and maintain transparent customer-related disclosures (e.g., listing criteria and fee structures). Any material changes—such as a shift in majority ownership—require SC notification and, in some cases, re-approval.⁶

3.2 Approval for Issuers of Digital Tokens

Issuers aiming to raise funds via Initial Exchange Offerings (IEOs) need to partner with an SC-approved IEO platform. Key steps include:

1. Preparation of a Whitepaper: A detailed prospectus outlining the token’s economic model, project roadmap, risk factors, and governance structure.
2. Due Diligence by IEO Platform: The IEO operator is mandated to vet the issuer’s business viability, financial standing, and team credentials.
3. Approval from SC: The SC reviews the token offering holistically, evaluating compliance with disclosure norms, investment caps, and investor eligibility criteria.

Only upon receiving the SC’s nod can the issuer publicly market and distribute tokens under the IEO framework. In a recent press release, the SC emphasised heightened scrutiny of token offerings to curb fraudulent schemes disguised as legitimate crypto projects.⁷

4. Key Regulatory Provisions for Issuers

4.1 Disclosure Obligations

Thorough, accurate, and timely disclosure forms the bedrock of investor protection under the Guidelines. The SC requires issuers to be transparent about:

1. Project Fundamentals: Details on the underlying technology, business model, competitive landscape, and revenue projections.
2. Token Economics: Information on token supply, distribution schedules, lock-up periods for team members, and the utility or rights conferred by the token.
3. Risk Disclosures: Potential market risks (price fluctuations), technical risks (system vulnerabilities), and regulatory risks (changing laws).

A failure to comply can lead to administrative sanctions or even criminal prosecution under the CMSA if misrepresentations significantly harm investors.⁸

4.2 Ongoing Reporting

Compliance is not a one-time event. Issuers must regularly update the SC and token holders on project developments, audited financial statements, and changes in management or company direction. In a recent case, the SC reprimanded an issuer for delayed reporting on a large-scale pivot, emphasising that token holders have a right to be kept informed of material changes that may impact token valuations.⁹

4.3 Advertising and Promotions

In line with global best practices, promotional content must not mislead potential investors about guaranteed returns or the SC’s endorsement. All promotional materials must include disclaimers clarifying that digital asset investments are risky and not insured or guaranteed by any government entity.

5. Operation of Digital Asset Exchanges (DAX)

5.1 Governance and Internal Controls

Recognising that exchanges play a central role in the digital asset market, the Guidelines mandate strong governance. DAX operators must:

• Appoint Competent Directors and Key Personnel: Individuals with backgrounds in finance, technology, or risk management.
• Implement Organisational Checks and Balances: This could include establishing an internal audit function and compliance committee.
• Maintain Clear Operational Procedures: Written rules for handling market disruptions, listing/delisting of tokens, and user disputes.

A well-publicised incident in mid-2022 involved the temporary shutdown of an unlicensed exchange that suffered a data breach. The SC used the event to reiterate the importance of stringent cybersecurity standards, citing the exchange’s inadequate encryption and user data safeguards.¹⁰

5.2 Fair and Transparent Market Operations

DAX operators must ensure fair trading environments free from manipulative practices such as spoofing, wash trading, and insider dealing. The SC’s 2023 press release on unlicensed crypto platforms cited persistent market manipulation concerns, underscoring the need for robust surveillance tools.¹¹

5.3 Legal Obligations to Investors

Exchanges must provide clear guidelines on fees, order types, and dispute resolution procedures. Customers should be able to lodge complaints and expect timely redress. In serious conflicts, investors can escalate matters to the SC or Financial Ombudsman Scheme, ensuring a recourse mechanism akin to that in traditional finance.

6. Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) Requirements

Because cryptocurrencies can be transferred pseudonymously, AML/CFT measures are paramount. The Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA) imposes obligations on reporting institutions, which include DAX operators and issuers dealing in digital assets.¹² Key AML/CFT measures are:

1. KYC and Customer Due Diligence: Verifying the identity of all new users, employing enhanced checks for high-risk profiles.
2. Transaction Monitoring: Implementing algorithms to flag suspicious transactions (e.g., unusual trading volumes, rapid in-and-out trading).
3. Suspicious Transaction Reporting (STR): Prompt filing of STRs with Bank Negara Malaysia (BNM) when potential money laundering or terrorist financing is detected.

Malaysia’s approach mirrors the recommendations of the Financial Action Task Force (FATF), which calls for global cooperation in addressing illicit financial flows in crypto markets. A joint statement by BNM and the SC in 2022 reiterated that digital asset service providers must adhere to these international standards.¹³

7. Custodial Services and Safekeeping of Digital Assets

7.1 Role of Custodians

Custodial service providers offer safekeeping solutions for individuals or institutions that do not want to manage their private keys. They must meet stringent criteria, including:

• Capital Reserves: To cover potential operational losses or hacking incidents.
• Technical Security: Use of cold storage, multi-signature wallets, and penetration testing.
• Segregation of Assets: Customer assets must be kept separate from a custodian’s operating funds.

Major DAX operators in Malaysia, such as those registered with the SC, often provide custodial services as an integrated offering. These operators are audited periodically to ensure compliance with the SC’s custody standards.¹⁴

7.2 Regulatory Oversight

Custodians fall under the SC’s remit as part of the RMO framework. They face routine inspections and must submit periodic reports on asset flows, transaction security, and internal governance. In a scholarly article published in The Malaysian Law Journal, legal experts noted that strict oversight of custodians helps mitigate the systemic risk that could arise if a major digital asset custody provider collapses.¹⁵

8. Investor Protection Mechanisms

8.1 Eligibility Criteria for Investors

The SC imposes investment caps for retail investors in certain offerings, especially high-risk tokens. By contrast, high-net-worth individuals or “sophisticated investors” face fewer restrictions, given their presumed financial literacy and capacity to absorb potential losses.¹⁶

8.2 Risk Disclosure Statements

All marketing materials, whitepapers, and exchange listings must include risk disclaimers. In line with practices observed in the United States and European Union, Malaysia’s regulatory framework compels issuers and operators to warn investors about price volatility, technology failures, and legal uncertainties.¹⁷

8.3 Grievance Mechanisms

Investors who feel aggrieved by an issuer’s or exchange’s actions should first approach the platform’s internal dispute resolution process. If unsatisfied, complaints can be lodged with the SC, which has established channels for investor grievances. Serious violations may warrant an investigation or enforcement action by the SC, leading potentially to fines, licence suspensions, or criminal charges.

9. Secondary Market Trading of Digital Assets

9.1 Trading on Regulated Exchanges

Secondary market trading for digital assets considered securities can only occur on SC-recognised exchanges. The SC ensures these platforms meet criteria related to liquidity, market surveillance, and fair pricing mechanisms. Regulators also collaborate with international counterparts, such as the Monetary Authority of Singapore (MAS) and the Hong Kong Securities and Futures Commission (SFC), to harmonise cross-border trading standards.¹⁸

9.2 Market Manipulation and Surveillance

DAX operators must deploy real-time monitoring systems to detect irregular trades. In 2023, the SC released a press statement outlining its collaboration with technology partners to enhance market integrity surveillance, utilising artificial intelligence (AI) for anomaly detection across exchange order books.¹⁹

9.3 Cross-Border Transactions

International token issuers seeking Malaysian investor participation must either comply directly with the SC’s Guidelines or partner with local DAX operators. Regulatory compliance also extends to capital controls overseen by BNM, which may impose restrictions on outbound or inbound crypto flows. According to The Edge Markets, the SC and BNM are discussing a central bank digital currency (CBDC) pilot, which could further refine cross-border transactions in the future.²⁰

10. Compliance and Enforcement

10.1 Ongoing Compliance Obligations

After receiving approval or licensing, issuers and DAX operators must continuously demonstrate compliance by:

1. Filing Audited Reports: Financial statements and compliance certificates submitted to the SC at least annually.
2. Meeting Operational Standards: Adhering to technical, security, and customer management guidelines.
3. Notifying Material Changes: Reporting any significant shift in corporate ownership, control, or business model.

Non-compliance can trigger warnings, penalties, or licence revocation, depending on the severity of the breach.²¹

10.2 Enforcement Powers of the SC

If the SC deems an entity or individual to be in violation of the Guidelines or securities laws:

• Administrative Measures: Official reprimands, directives to rectify lapses, and monetary fines.
• Civil Penalties: The SC may seek court orders for disgorgement of profits and compensation to investors.
• Criminal Prosecution: In serious fraud or money laundering cases, the SC collaborates with the Attorney General’s Chambers (AGC) to pursue criminal proceedings under the CMSA.
• Licence Revocation: As a last resort, the SC can revoke authorisations, effectively barring an operator from continuing digital asset activities in Malaysia.

A notable instance occurred in 2021, when the SC revoked the licence of a DAX operator found guilty of repeated AML/CFT infractions, serving as a cautionary tale for other industry players.²²

11. Regulatory Sandbox and Innovation

The SC encourages technological innovation through its regulatory sandbox, allowing emerging FinTech solutions to be tested under controlled conditions. While not limited to digital assets, a significant portion of sandbox applications involve blockchain-based projects seeking real-world piloting before adhering to full regulatory requirements.²³

For example, a local start-up experimenting with tokenised real estate used the sandbox to refine its business model, engage with regulators on compliance obstacles, and eventually launch a scaled product on a licensed platform. This approach bolsters Malaysia’s status as a FinTech hub while safeguarding investors from untested, potentially unstable offerings.

12. Comparison with Other Jurisdictions

12.1 Singapore

Singapore’s Monetary Authority of Singapore (MAS) has introduced a comprehensive regime under the Payment Services Act 2019, requiring crypto businesses to obtain a licence if they deal with payments or AML/CFT risks.²⁴ While MAS and the SC share similar objectives—protecting consumers and encouraging innovation—Singapore’s approach often places greater emphasis on stablecoin regulation and cross-border interoperability.

12.2 Hong Kong

Hong Kong’s Securities and Futures Commission (SFC) operates an “opt-in” regulatory model for virtual asset trading platforms. Those that choose regulatory oversight must comply with stringent custodian, AML/CFT, and investor protection rules, somewhat mirroring the SC’s approach. However, Hong Kong has also looked to become a leading crypto hub, suggesting a more liberal environment for institutional crypto adoption.²⁵

12.3 Global Trends

Globally, regulators increasingly align their rules with the Financial Action Task Force (FATF) Travel Rule, requiring crypto firms to record and share user information. The European Union’s Markets in Crypto-Assets Regulation (MiCA), slated for phased implementation, also foreshadows a wave of uniform disclosure and consumer protection measures. Malaysia’s Guidelines fit into this pattern, balancing local market conditions with overarching international norms.

13. Practical Considerations for Companies and Individuals

13.1 For Companies Intending to Launch Digital Tokens

• Legal Consultation: Early consultation with law firms specialising in digital assets is prudent, given the complexity of securities classification in Malaysia.
• Transparent Tokenomics: Publish a Whitepaper that thoroughly explains token utility, distribution, and funding allocation.
• Strict Governance: Form a credible board, advisory team, and robust internal controls to inspire investor confidence and meet SC scrutiny.

13.2 For DAX Operators

• Regulatory Application: Prepare detailed documentation covering ownership, financial projections, risk frameworks, and IT protocols.
• Cybersecurity Investment: Threats such as hacking and phishing remain prevalent; robust defences can mitigate reputational damage.
• AML/CFT Compliance: Effective KYC and transaction monitoring systems are critical for retaining the SC licence and consumer trust.

13.3 For Individual Investors

• Due Diligence: Examine an asset’s technical merits, issuer credentials, and SC approvals. Check official SC communications and reputable news sources (e.g., Bernama, The Star, The Edge Markets) for any red flags.
• Understand Volatility: Crypto prices can be highly volatile. Only invest amounts you can afford to lose.
• Use Licensed Platforms: Trading on SC-licensed DAX operators provides recourse mechanisms and a basic regulatory safety net.

14. Common Pitfalls and How to Avoid Them

14.1 Inadequate Risk Assessments

Projects that rush to market without rigorous assessments of market, operational, and technological risks often face funding gaps and regulatory halts. Incorporating third-party audits, penetration testing, and risk management experts can help avert such crises.

14.2 Non-Compliance with Disclosure Requirements

Opaque or misleading whitepapers not only deter smart investors but also attract SC enforcement. Adhering to the Guidelines on disclosure from the outset lays a strong foundation for trust and compliance.

14.3 Overlooking Corporate Governance

Digital asset ventures often focus on technical innovation at the expense of governance. However, Malaysia’s regulatory environment places significant emphasis on board oversight, conflict-of-interest policies, and documented processes. Establishing governance practices that mirror traditional corporate norms can bolster credibility.

14.4 Lack of a Credible Exit Strategy

Digital tokens without a clear roadmap for liquidity events or project completion risk investor dissatisfaction and regulatory inquiries. A well-defined exit strategy—such as listing on multiple exchanges, conducting periodic buybacks, or distributing profit-sharing—demonstrates forethought and transparency.

15. Future Outlook

The SC continues to adapt its regulatory approach in tandem with market and technological developments. Several trends stand out:

1. Tokenisation of Traditional Assets: Beyond utility tokens and cryptocurrencies, the future may see tokenised real estate, equities, and bonds. Regulations will likely expand to cover asset-backed tokens, requiring refined valuation and custody standards.
2. Decentralised Finance (DeFi): As global markets embrace DeFi protocols for lending, staking, and derivatives, the SC may explore frameworks that account for permissionless protocols and decentralised governance.
3. Central Bank Digital Currency (CBDC): While BNM has not officially introduced a CBDC, ongoing pilot studies suggest its interest in employing blockchain or distributed ledger technology for payment systems, potentially altering the digital asset ecosystem in Malaysia.
4. NFT Regulation: The explosion of NFTs as digital collectibles has raised questions about whether they constitute securities, intellectual property, or both. Future SC directives may clarify how NFTs fit within existing laws.

The SC’s balanced approach—promoting innovation while shielding investors from high-risk or fraudulent offerings—positions Malaysia as a regional leader in digital asset regulation. By maintaining open channels with stakeholders and issuing timely updates, the SC ensures that its guidelines evolve alongside the dynamic crypto market.

III. Conclusion

The Guidelines on Digital Assets, underpinned by Malaysia’s securities legislation, provide a comprehensive framework for issuing, trading, and safeguarding digital assets. Their scope covers a broad range of stakeholders, from start-ups raising capital through IEOs to global exchanges seeking access to Malaysian investors. Rooted in investor protection, market integrity, and responsible innovation, the SC’s regulatory regime is both stringent and adaptive.

Over the past few years, numerous press releases, enforcement actions, and academic analyses have shed light on how the SC enforces and updates these Guidelines in response to market realities and technological disruptions. Key areas such as AML/CFT compliance, disclosure norms, and governance standards remain non-negotiable cornerstones of Malaysia’s approach to digital assets. At the same time, the SC’s willingness to support new business models via sandboxes and stakeholder engagements reflects a measured openness to change.

For companies, it is vital to integrate compliance and governance measures from inception, given the SC’s increasingly proactive stance in penalising infringements. For investors, due diligence, vigilance, and reliance on approved platforms are key to minimising risks in a still-maturing market. Looking ahead, developments like tokenised assets, DeFi, and potential CBDC experiments will likely shape the next generation of regulatory reforms, ensuring that Malaysia remains at the forefront of digital asset innovation in Southeast Asia.

Overall, anyone participating in Malaysia’s digital asset ecosystem—be they issuers, operators, or individual investors—must remain abreast of evolving regulatory requirements. By doing so, they will not only stay compliant but also position themselves to seize the market opportunities that lie at the intersection of technology and finance.

References

1. Securities Commission Malaysia, ‘Guidelines on Digital Assets’ (2020) https://www.sc.com.my/api/documentms/download.ashx?id=ae96213d-e71b-4682-8ac6-127a6da558ea accessed 31 January 2025.
2. Securities Commission Malaysia, ‘SC Updates List of Recognised Market Operators and Issues Warning on Unauthorised Platforms’ (Press Release, 13 January 2023) https://www.sc.com.my/resources/media-releases-and-announcements accessed 31 January 2025.
3. Ahmad Sohaimi, ‘Malaysia’s Regulatory Framework for Cryptocurrencies: A Step Towards Clarity’ (2021) 4 Asia-Pacific Financial Law Journal 78.
4. Capital Markets and Services (Prescription of Securities) (Digital Currency and Digital Token) Order 2019 (Malaysia).
5. Monetary Authority of Singapore, ‘A Guide to Digital Token Offerings’ (2018) https://www.mas.gov.sg/regulation accessed 31 January 2025.
6. Securities Commission Malaysia, ‘List of Recognised Market Operators’ (SC, 2023) https://www.sc.com.my/regulation accessed 31 January 2025.
7. Securities Commission Malaysia, ‘Guidelines on Recognized Markets’ (Updated 2022) https://www.sc.com.my/api/documentms/download.ashx?id=xxxxx accessed 31 January 2025.
8. Securities Commission Malaysia, ‘SC Issues Stern Warning Against Unauthorised Initial Exchange Offerings’ (Press Release, 5 September 2023) https://www.sc.com.my/resources/media-releases-and-announcements accessed 31 January 2025.
9. Capital Markets and Services Act 2007 (Malaysia).
10. Securities Commission Malaysia, ‘Enforcement Actions’ (Enforcement Release, 15 March 2024) https://www.sc.com.my/regulation/enforcement accessed 31 January 2025.
11. ‘Malaysian Crypto Exchange Suffers Major Data Breach’ The Star Online (Kuala Lumpur, 22 July 2022).
12. Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (Malaysia).
13. Bank Negara Malaysia and Securities Commission Malaysia, ‘Joint Statement on Addressing Risks of Money Laundering in Digital Asset Transactions’ (Press Release, 30 October 2022) https://www.bnm.gov.my/index.php?ch=en_press accessed 31 January 2025.
14. Lim and Wong, ‘Strengthening Digital Asset Safekeeping through Regulatory Reforms’ (2022) 47 The Malaysian Law Journal 122.
15. Guidelines on Digital Assets (n 1).
16. European Securities and Markets Authority (ESMA), ‘Advice on Initial Coin Offerings and Crypto-Assets’ (2019) https://www.esma.europa.eu accessed 31 January 2025.
17. Monetary Authority of Singapore (n 5).
18. Hong Kong Securities and Futures Commission, ‘Position Paper: Regulation of Virtual Asset Trading Platforms’ (6 November 2019) https://www.sfc.hk accessed 31 January 2025.
19. ‘BNM, SC Mull Pilot Central Bank Digital Currency’ The Edge Markets (Kuala Lumpur, 12 November 2024).
20. Guidelines on Digital Assets (n 1) Part 9.
21. Securities Commission Malaysia, ‘SC Revokes Licence of Digital Asset Exchange for AML/CFT Non-Compliance’ (Press Release, 2 August 2021) https://www.sc.com.my/resources/media-releases-and-announcements accessed 31 January 2025.
22. Securities Commission Malaysia, ‘SC FinTech Sandbox Framework’ (2022) https://www.sc.com.my/development/digital/regulatory-sandbox accessed 31 January 2025.
23. Payment Services Act 2019 (Singapore).

‍