AML/CFT Compliance for Jewellery and Watch Dealers in Malaysia: What You Actually Need to Do
If you're a jewellery or watch dealer in Malaysia, you're classified as a Designated Non-Financial Business and Profession (DNFBP) under AMLA. That means Bank Negara Malaysia expects you to conduct customer due diligence, appoint a Compliance Officer, submit annual reports, and file suspicious transactions — with penalties up to RM3 million for non-compliance. This guide covers what you actually need to do.
Who Regulates AML/CFT for Jewellery Dealers?
Bank Negara Malaysia (BNM) is the competent authority for AML/CFT supervision of Dealers in Precious Metals and Stones (DPMS). While KPKT handles pawnbroker licensing, BNM oversees your anti-money laundering obligations.
Key Legislation
- Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA)
- Central Bank of Malaysia Act 2009
- AML/CFT and TFS for DNFBPs and NBFIs Policy Document (effective 3 May 2021)
AMLA Amendment Act 2025
In December 2024, Parliament passed amendments to strengthen AML/CFT supervision. Key changes:
- Personal liability expanded — directors, officers, and employees can now be held personally accountable for compliance failures
- Countering Proliferation Financing (CPF) provisions added
- Enhanced enforcement powers for BNM
Are You a "Reporting Institution"?
Under AMLA, jewellery and watch dealers fall under Dealers in Precious Metals and Stones (DPMS), classified as DNFBPs. If you:
- Buy or sell gold, silver, platinum, or other precious metals
- Deal in precious stones (diamonds, rubies, sapphires, etc.)
- Trade in luxury watches
- Operate a jewellery retail or wholesale business
You are a reporting institution with AML/CFT obligations.
Small Business Threshold
DPMS with annual turnover below RM10 million and fewer than 30 employees may qualify for certain exemptions. However, core obligations like appointing a Compliance Officer and filing suspicious transactions still apply.
Step 1: Appoint a Compliance Officer
This is mandatory — you cannot operate without one.
Compliance Officer Responsibilities
- Ensure the business complies with all AML/CFT requirements
- Submit Suspicious Transaction Reports (STR) to BNM
- Submit Cash Threshold Reports (CTR) when required
- Maintain and update internal policies and procedures
- Conduct staff training
- Liaise with BNM during inspections
How to Register Your Compliance Officer
- Appoint a suitable person (can be the business owner for small operations)
- Notify BNM through amlcft.bnm.gov.my/co/
- Receive your CO number via registered email
- Use this CO number for all BNM submissions
Step 2: Establish Internal Policies and Procedures
Every reporting institution must have documented AML/CFT policies. BNM calls this your Internal Policies, Procedures and Controls (IPPC).
Your IPPC Must Cover
- Customer Due Diligence (CDD) procedures
- Enhanced Due Diligence (EDD) for high-risk customers
- Record keeping requirements
- Transaction monitoring processes
- Suspicious transaction identification and reporting
- Sanctions screening procedures
- Staff training program
- Risk assessment methodology
Step 3: Customer Due Diligence (CDD)
CDD is the core of AML compliance. You must verify who your customers are before — or during — transactions.
When to Conduct CDD
- Establishing a new business relationship
- Conducting occasional transactions above threshold
- When you suspect money laundering or terrorism financing
- When you doubt previously obtained customer information
What CDD Requires
| Customer Type | Information Required |
|---|---|
| Individual | Full name, IC/passport number, address, occupation, purpose of transaction |
| Corporate | Company name, registration number, nature of business, directors, beneficial owners |
| Acting for another | Identity of both the representative and the beneficial owner |
Verification Methods
- Individuals: MyKad, passport, or other government-issued ID
- Companies: SSM registration, company documents
- Beneficial owners: Ownership structure documents, director verification
CDD Form Template
BNM provides a Customer Due Diligence Form template on the DNFBP Portal (dnfbpportal.bnm.gov.my). Use this as your baseline.
Step 4: Enhanced Due Diligence (EDD)
For high-risk customers, standard CDD isn't enough. You must apply Enhanced Due Diligence.
Who Requires EDD?
- Politically Exposed Persons (PEPs) — local or foreign
- Customers from high-risk jurisdictions (FATF grey/black list countries)
- Complex ownership structures with unclear beneficial ownership
- Customers with unusual transaction patterns
- Non-face-to-face business relationships
EDD Measures
- Obtain senior management approval for the relationship
- Establish source of wealth and source of funds
- Conduct enhanced ongoing monitoring
- More frequent review of the relationship
Step 5: Transaction Monitoring and Reporting
Cash Threshold Report (CTR)
For selected reporting institutions, you must file a CTR when:
- Single or multiple cash transactions within the same day
- Total amount of RM25,000 or above
Suspicious Transaction Report (STR)
This is where your judgment matters. You must file an STR when you suspect — or have reasonable grounds to suspect — that funds are:
- Proceeds of unlawful activity
- Related to money laundering
- Related to terrorism financing
STR Filing Deadline
Submit within the next working day after the Compliance Officer establishes the suspicion.
Red Flags for Jewellery Dealers
| Category | Warning Signs |
|---|---|
| Customer behaviour | Reluctant to provide ID, pays only in cash for large purchases, unusually nervous |
| Transaction patterns | Multiple just-below-threshold transactions, immediate resale of purchased items |
| Payment methods | Third-party payments, cash from unknown sources, structured deposits |
| Business nature | Customer's stated occupation doesn't match transaction value, no logical business reason |
Tipping Off is Criminal
Never tell your customer that you've filed — or are about to file — an STR. Tipping off is a criminal offence under AMLA.
Step 6: Sanctions Screening
You must screen customers against:
- UN Security Council sanctions lists
- Malaysian domestic sanctions lists
- Other relevant watchlists
When to Screen
- At customer onboarding
- Periodically during the relationship
- When lists are updated
BNM has taken enforcement action against businesses that failed to screen against Targeted Financial Sanctions (TFS) lists.
Step 7: Record Keeping
Maintain comprehensive records for at least 6 years:
What to Keep
- Customer identification documents (copies)
- CDD and EDD records
- Transaction records
- Business correspondence
- Internal reports and analysis
- STR copies (do not share with customer)
Format
Records can be physical or electronic, but must be:
- Retrievable within reasonable time
- Available for BNM inspection
- Protected from unauthorized access
Step 8: Annual DCR Submission
The Data and Compliance Report (DCR) is an annual self-assessment submitted to BNM.
What DCR Covers
- Your AML/CFT risk assessment
- Compliance program implementation
- CDD statistics
- STR filing statistics
- Training conducted
- Issues identified and remediation
DCR Timeline
| Activity | Timeline |
|---|---|
| Reporting period | Calendar year (Jan-Dec) |
| Submission opens | Mid-October |
| Submission deadline | 31 January (following year) |
Consequences of Non-Submission
Failure to submit DCR before the deadline can result in enforcement action under AMLA. BNM publishes enforcement actions publicly.
Step 9: Staff Training
Your employees must understand AML/CFT obligations.
Training Should Cover
- What money laundering and terrorism financing look like
- CDD procedures
- Red flag identification
- How to escalate suspicious activities
- Record keeping requirements
- Consequences of non-compliance
Training Frequency
- New staff: During onboarding
- All staff: At least annually
- When regulations change: As needed
Penalties for Non-Compliance
AMLA penalties are severe:
| Offence | Maximum Fine | Maximum Imprisonment |
|---|---|---|
| General non-compliance | RM3,000,000 | 5 years |
| Failure to submit STR (Section 14) | RM1,000,000 | — |
| CDD failures (Section 16) | RM1,000,000 | — |
| Compliance program failures (Section 19) | RM1,000,000 | — |
Personal Liability
Under the 2025 amendments, directors, officers, and employees can be held personally liable — not just the company.
Recent Enforcement
In May 2025, BNM imposed over RM3.7 million in penalties on two financial institutions for AML/CFT failures including inadequate CDD and delayed sanctions screening. BNM actively enforces these requirements.
BNM Compliance Inspection: What to Expect
BNM conducts compliance reviews of reporting institutions. Be prepared for:
Document Requests
- AML/CFT Policy document
- Risk assessment documentation
- CDD records for sampled customers
- STR filing records
- Training records
- Compliance Officer appointment notification
On-Site Inspection
- Interviews with Compliance Officer and staff
- Review of actual customer files
- Testing of your CDD process
- Verification of sanctions screening
Compliance Calendar
| When | What |
|---|---|
| Ongoing | CDD for new customers, transaction monitoring, sanctions screening |
| Next working day | STR submission (when suspicion established) |
| Monthly | Review transaction patterns, update screening lists |
| Annually | Staff training, risk assessment review, DCR submission (by 31 Jan) |
| As needed | Update policies when regulations change, notify BNM of CO changes |
Resources
- BNM DNFBP Portal: dnfbpportal.bnm.gov.my
- AML/CFT Portal: amlcft.bnm.gov.my
- Compliance Officer Registration: amlcft.bnm.gov.my/co/
- Policy Documents: amlcft.bnm.gov.my/aml/cft-policies
The Insurance Connection
AML/CFT compliance protects you from regulatory penalties — but what protects your inventory? For jewellery and watch dealers holding high-value stock, jewellers block insurance provides the coverage you need.
Compliance and insurance work together: one protects your licence, the other protects your assets.
Key Takeaways
- BNM regulates AML/CFT for jewellery and watch dealers as DNFBPs
- Compliance Officer appointment is mandatory — register with BNM
- CDD required for all customers, EDD for high-risk
- STR filing deadline: Next working day after suspicion established
- CTR threshold: RM25,000 cash in a day (check if applicable to your category)
- Record keeping: Minimum 6 years
- DCR submission: Annually by 31 January
- Penalties: Up to RM3 million fine and 5 years imprisonment
- Personal liability now extends to directors and officers
AML/CFT compliance isn't optional for Malaysian jewellery and watch dealers. The requirements are extensive, but they're manageable with proper systems. Start with your Compliance Officer appointment, build your policies, and maintain your records. BNM is watching — and enforcing.
Read other articles
