The way Malaysians transact has changed dramatically in recent years, with e-money becoming an essential part of daily financial activities. From buying groceries to paying for services, digital wallets and online payments have revolutionised commerce.
However, with rapid digitalisation comes the need for stronger regulations to protect consumers and ensure financial stability. Recognising this, Bank Negara Malaysia (BNM) has introduced a new and revised policy document on e-money, which came into effect on January 31, 2025.
Replacing the 2022 guidelines, the new framework establishes stricter governance, enhanced cybersecurity measures, and improved financial safeguards to keep pace with the evolving digital payments landscape.
The Structure of the BNM New E-Money Policy
The new e-money policy comprises five major parts, each focusing on different aspects of regulation and oversight. The first section provides an overview of key terms and establishes the regulatory framework. The second section sets out corporate governance requirements for e-money issuers, ensuring that proper oversight mechanisms are in place.
The third part outlines risk management protocols, fund safeguarding measures, and conditions for outsourcing key operations. Information technology and cybersecurity standards are comprehensively covered in the fourth section, ensuring that issuers adopt stringent digital security measures.
The fifth and final part details compliance requirements, reporting obligations, and mandates for issuers to be members of financial consumer protection schemes.
Under the revised policy, BNM has also introduced a classification system that groups e-money issuers into four categories based on their scale and nature of operations.
The first category, known as Eligible E-Money Issuers, comprises large-scale operators with over 500,000 active users or those holding at least a 5% market share in transaction volume or outstanding liabilities. Standard E-Money Issuers fall into the second category, comprising smaller issuers that do not meet the eligibility criteria of the first group.
The third classification, Non-Bank E-Money Issuers, includes companies that issue e-money but are not affiliated with licensed banking institutions. Lastly, Limited Purpose E-Money Issuers are entities that offer closed-loop e-money systems such as gift cards, loyalty programs, or prepaid mobile credits. All of which are exempted from certain regulatory requirements.
Regulatory obligations are scaled to an issuer’s size and risk profile through this classification. The aim is to avoid placing excessive burdens on smaller operators while still maintaining strict oversight of larger ones.
Strengthened Governance Framework
The revised policy places significant emphasis on governance and transparency. Under the new rules, Eligible E-Money Issuers must have a board of directors that includes at least one-third independent members.
Additionally, they must establish separate audit and risk management committees to oversee financial stability and operational integrity. To prevent conflicts of interest, the policy prohibits active politicians from holding senior positions in e-money firms.
Moreover, issuers offering Shariah-compliant e-money must appoint qualified Shariah advisors to ensure compliance with Islamic financial principles.
These governance measures aim to enhance accountability and promote prudent management within the e-money industry. It is made to ensure that consumers and merchants can trust the reliability of digital payment providers.
Financial Stability and Business Continuity
To ensure financial resilience, BNM has introduced revised capital fund requirements. Standard E-Money Issuers must maintain at least RM1 million in capital or an amount equivalent to 8% of outstanding e-money liabilities, whichever is higher. Eligible E-Money Issuers face a stricter requirement, needing to hold a minimum of RM5 million or 8% of outstanding liabilities. This is as prescribed by the Bank under section 12(1) of the FSA and IFSA.
Additionally, non-bank e-money issuers are required to deposit funds collected from customers in trust accounts with licensed banking institutions. This safeguarding mechanism ensures that consumer funds remain protected in case an issuer encounters financial distress or ceases operations.
Acknowledging the fast-evolving nature of digital finance, the policy mandates that e-money issuers develop a comprehensive business continuity management framework. Issuers must establish a business continuity plan. Such plan must be able to identify potential disruptions, set recovery objectives, and outlines strategies to ensure uninterrupted service.
Furthermore, each issuer must maintain a valid exit strategy for three years. The strategy must detail how operations will be wound down in an orderly manner, protecting customer funds and ongoing transactions.
Safeguards are in place to prevent financial and operational failures, so that e-money industry disruptions do not negatively affect consumers.
Technology, Security, and Third-Party Risk Management
Given the increasing reliance on digital platforms, BNM has introduced stringent IT and cybersecurity requirements to protect the integrity of e-money transactions. Issuers must implement a Technology Risk Management Framework (TRMF) to secure their digital infrastructure against cyber threats.
Additionally, they are required to comply with enhanced security protocols. These include data encryption, multi-factor authentication, and advanced fraud detection systems.
For issuers that rely on cloud computing services, the policy mandates strict governance over cloud data storage and operational security. These requirements ensure that e-money systems remain resilient against cyberattacks and unauthorised breaches.
The revised e-money policy by BNM allows e-money issuers to offer white-label solutions to third parties while imposing strict oversight to maintain accountability. Issuers engaging in white-labelling arrangements must conduct thorough due diligence on their partners. Partners are required to establish clear contractual agreements outlining roles and responsibilities and to maintain full control over customer funds.
Similarly, any outsourcing of critical operations must receive prior approval from BNM. Issuers are also required to ensure that outsourced functions, such as payment processing or customer service operations, meet the same regulatory standards as in-house operations. These measures prevent operational risks associated with third-party partnerships and ensure that e-money services remain secure and reliable.
Consumer Protection, Regulatory Implications, and the Future of E-Money Issuers
To enhance consumer trust in e-money, the policy introduces several protections for users. E-money issuers must offer clear and transparent refund policies, ensuring that disputed transactions or account closures result in refunds within 14 days. Wallet limits above RM5,000 require explicit approval from BNM, and all transactions must incorporate fraud detection mechanisms.
Moreover, e-money issuers must be registered members of the Financial Ombudsman Scheme (FOS) to provide consumers with an avenue for dispute resolution. These protections reinforce confidence in e-money as a safe and reliable payment method while ensuring regulatory compliance.
The revised policy introduces both challenges and opportunities for e-money issuers. The increased compliance requirements may impose additional operational costs, particularly for non-bank issuers who must meet governance and IT security obligations. However, these measures will enhance consumer confidence, ultimately driving greater adoption of e-money services.
Furthermore, with clearer regulatory guidelines, issuers can innovate more freely. It will help them develop new digital financial products that align with BNM’s risk management expectations. This regulatory certainty paves the way for sustainable growth in Malaysia’s digital payment sector, fostering transparency and security in financial transactions.
As Malaysia continues its journey toward a cashless society, adherence to these regulatory frameworks will be crucial in shaping the future of e-money services in the country. With these measures in place, the digital payments industry is poised to thrive, balancing innovation with robust security and compliance standards.
Featured image credit: Edited from Freepik