Introduction
Bank Negara Malaysia’s recent RM520,000 administrative monetary penalty for targeted financial sanctions breaches is a strong reminder that TFS compliance in Malaysia must be treated as a critical part of financial crime prevention.
For financial institutions and reporting institutions, sanctions screening is not only a regulatory requirement. It is a frontline defense against terrorism financing, proliferation financing, and misuse of the financial system.
This enforcement action highlights an important lesson: having a screening process is not enough. Institutions must ensure that positive matches are properly identified, escalated, rejected, and acted on without delay.
What Happened in the BNM Enforcement Action?
On 24 June 2026, Bank Negara Malaysia announced that it had imposed an administrative monetary penalty of RM520,000 on a reporting institution for breaches relating to targeted financial sanctions requirements.
According to BNM, the breaches were identified during an on-site supervisory examination. The examination found that a specified entity listed under the Domestic List had been onboarded as a customer.
As a reporting institution, the organization was required to reject a potential customer when there was a positive match against individuals or entities listed in the Domestic List or the United Nations Security Council Resolutions List, also known as the UNSCR List.
The institution was also required to freeze the customer’s funds once the customer’s identity was confirmed as a specified entity.
However, BNM found that:
- A specified entity was onboarded as a customer.
- The potential match was not rejected despite being a positive match.
- There was a delay in freezing the customer’s account after confirmation.
- The breaches were linked to a lack of staff oversight and gaps in the institution’s standard operating procedure.
The institution later took remedial actions, including enhancing its SOP and conducting refresher training for relevant staff.
Why Targeted Financial Sanctions Compliance Matters
Targeted Financial Sanctions compliance is designed to prevent sanctioned individuals and entities from accessing the financial system.
In Malaysia, reporting institutions must ensure they have effective controls to detect, reject, and freeze accounts linked to specified entities. This is especially important for institutions involved in customer onboarding, account opening, financing, payment services, and other financial activities.
A weak sanctions screening process can expose institutions to serious risks, including:
- Regulatory penalties
- Reputational damage
- Operational disruption
- Audit and supervisory findings
- Exposure to terrorism financing or proliferation financing risks
- Loss of trust from regulators, customers, and business partners
This case shows that compliance failures may happen even when screening is in place. The real issue is often whether staff know what to do when a possible match appears.
Key Lessons for Financial Institutions in Malaysia
1. Sanctions Screening Must Happen Before Customer Onboarding
Customer screening should be completed before a potential customer is approved or onboarded.
If there is a positive match against the Domestic List, UNSCR List, or any applicable sanctions list, the institution must not proceed with onboarding until the matter is properly reviewed and resolved according to regulatory requirements.
This is a key part of AML/CFT/CPF and TFS compliance for financial institutions.
2. Positive Matches Must Be Escalated Immediately
A potential match should never be ignored or treated casually.
Staff must know how to identify a possible sanctions match, where to escalate it, and what documents or information must be reviewed. Clear escalation procedures help prevent delays and reduce the risk of human error.
Institutions should also maintain proper audit trails to show how each alert or match was reviewed and handled.
3. Confirmed Matches Require Immediate Action
Once a customer is confirmed as a specified entity, the institution must take the required action without delay.
This may include rejecting the potential customer, freezing funds, and following the relevant reporting or notification procedures. Any delay can create serious compliance exposure.
In the BNM case, the delay in freezing the customer’s account was one of the key issues highlighted.
4. SOPs Must Be Clear, Practical, and Updated
A standard operating procedure should not only exist on paper. It must be practical enough for staff to follow during real onboarding and screening situations.
A strong TFS SOP should clearly explain:
- When screening must be conducted
- Which lists must be checked
- How potential matches should be reviewed
- Who is responsible for approval or escalation
- What action must be taken for confirmed matches
- How quickly freezing action must be completed
- What records must be kept for audit purposes
Institutions should also ensure their SOPs reflect the latest AML/CFT/CPF and TFS Policy Document requirements.
5. Staff Training Is a Critical Control
The breaches in this case were partly attributed to a lack of staff oversight.
This shows why training is essential. Employees involved in onboarding, compliance, customer due diligence, operations, and account management must understand their role in sanctions screening.
Refresher training should be conducted regularly, especially when there are changes to policy documents, internal procedures, sanctions lists, or regulatory expectations.
Regulatory Requirements Remain Preserved Under the Updated Policy Document
The previous AML/CFT and TFS for FIs Policy Document was in effect from 1 January 2020 to 5 February 2024.
It has since been superseded by the Anti-Money Laundering, Countering Financing of Terrorism, Countering Proliferation Financing and Targeted Financial Sanctions for Financial Institutions Policy Document, also known as the AML/CFT/CPF and TFS for FIs PD, which took effect on 6 February 2024.
The relevant TFS requirements are preserved under paragraphs 27.6.1 and 27.6.2 of the updated Policy Document.
This means financial institutions must continue to ensure that their screening, escalation, rejection, and freezing processes are aligned with current regulatory expectations.
How Reporting Institutions Can Strengthen TFS Compliance
To reduce the risk of sanctions screening failures, reporting institutions should review their internal controls and ensure the following measures are in place:
- Screen customers before onboarding.
- Screen against the Domestic List, UNSCR List, and other relevant sanctions lists.
- Establish clear escalation procedures for potential matches.
- Reject positive matches in line with regulatory requirements.
- Freeze funds immediately when a customer is confirmed as a specified entity.
- Maintain updated SOPs for AML/CFT/CPF and TFS compliance.
- Conduct regular refresher training for relevant staff.
- Keep proper documentation and audit trails for every screening decision.
- Review screening systems regularly to ensure alerts are accurate and timely.
- Monitor existing customers on an ongoing basis, not only during onboarding.
A strong sanctions compliance framework requires more than technology. It requires trained people, clear processes, management oversight, and timely action.
Why Manual Screening Alone May Not Be Enough
As regulatory expectations increase, financial institutions can no longer rely only on manual checks or outdated internal lists.
Manual screening can create gaps, especially when:
- Staff miss a potential match.
- Lists are not updated quickly.
- Escalation procedures are unclear.
- Screening results are not properly documented.
- There is no audit trail for compliance review.
- Existing customers are not re-screened regularly.
Instant name screening and ongoing monitoring can help institutions identify risk earlier, reduce manual oversight, and maintain stronger compliance records.
Conclusion
BNM’s RM520,000 penalty is a clear reminder that sanctions screening compliance in Malaysia must be taken seriously.
For financial institutions and reporting institutions, the risk is not only failing to screen. The greater risk is failing to act when a positive match is identified.
Effective TFS compliance requires accurate screening, immediate escalation, proper rejection procedures, timely freezing action, updated SOPs, trained staff, and clear audit trails.
In today’s regulatory environment, sanctions screening cannot be treated as a basic administrative step. It must be treated as a key control to protect the institution, the financial system, and the wider economy from financial crime risk.
Frequently Asked Questions
What is targeted financial sanctions compliance?
Targeted financial sanctions compliance refers to the obligation of reporting institutions to screen customers against relevant sanctions lists and take required action when there is a confirmed match. This may include rejecting a potential customer or freezing funds linked to a specified entity.
Why is TFS compliance important for financial institutions in Malaysia?
TFS compliance helps prevent the Malaysian financial system from being misused for terrorism financing, proliferation financing, and other serious financial crime risks. It also helps institutions meet their AML/CFT/CPF and TFS regulatory obligations.
When should sanctions screening be conducted?
Sanctions screening should be conducted before customer onboarding and throughout the customer relationship. Institutions should also re-screen existing customers when sanctions lists are updated.
What lists should reporting institutions screen against?
Reporting institutions should screen against applicable sanctions lists, including the Domestic List and the United Nations Security Council Resolutions List, also known as the UNSCR List.
What happens if a reporting institution fails to comply with TFS requirements?
Failure to comply with TFS requirements may result in regulatory enforcement action, financial penalties, reputational damage, audit findings, and increased exposure to financial crime risks.
How can institutions improve sanctions screening compliance?
Institutions can improve compliance by using updated screening tools, maintaining clear SOPs, training staff regularly, escalating potential matches quickly, freezing confirmed matches without delay, and keeping proper audit trails.
Strengthen Your Screening Before Risk Enters Your Organisation
Financial crime risk often begins at onboarding. Organizations that screen early are better positioned to identify red flags before they become regulatory, financial, or reputational problems.
A reliable screening process helps institutions make faster, safer, and more compliant decisions when dealing with customers, employees, vendors, contractors, and business partners.
