KUALA LUMPUR - Banks that fail to properly conduct or document Minimum Due Diligence (MDD) face serious consequences, as Bank Negara Malaysia (BNM) can issue directives for remedial action, impose administrative monetary penalties, restrict certain business activities, or increase supervisory oversight, says legal expert Datuk J. Shamesh.
He said under the Anti-Money Laundering and Counter-Financing of Terrorism (AML/CFT) framework, MDD refers to simplified customer due diligence (CDD) that a bank or reporting institution must carry out before establishing a customer relationship or executing a transaction.
"For individuals and beneficial owners, simplified CDD requires banks to obtain identity and company documents, keep records of customers’ transactions, including business correspondence and maintain any analysis conducted by the bank, such as ML/TF risk assessments and reviews of suspicious transaction reports submitted internally or to BNM.
"All records must be retained for at least six years after the completion of a transaction, the end of a business relationship, or the completion of an occasional transaction.
"The records must also be kept in a form that is admissible as evidence for regulatory purposes," he said.
Shamesh added that banks may apply MDD only when a customer is assessed as low risk for money laundering or terrorism financing.
This includes routine transactions or dealings with financial institutions, money services businesses and non-bank payment providers that have simple ownership structures and no unusual activity.
"The bank must first conduct a risk assessment and ensure there are no red flags.
"MDD cannot be used if the customer or transaction is high risk, involves a politically exposed person (PEP), or if the true owner cannot be clearly identified. The bank must also record and justify why minimum due diligence was applied," he said.
He cited a case where MBSB Bank Berhad was fined RM560,000 last year for failing to submit a suspicious transaction report despite internal red flags.
"In addition to regulatory action, failures in due diligence may expose banks to civil liability. In PAX Investments Limited v Standard Chartered Bank Malaysia Berhad [2025] CLJU 2902, the plaintiff company in liquidation sued the defendant bank for losses arising from unauthorised and suspicious transactions.
"The key issue before the court was whether the bank owed a duty of care to act diligently in monitoring the account and guarding against fraudulent transactions.
"The court held that the underlying principle that banks should guard against fraud remains relevant and that the defendant bank owed a duty to exercise reasonable diligence.
"The court further held that the bank failed to act diligently in the circumstances of the case.
"This decision demonstrates that inadequate monitoring and failures in due diligence may result not only in regulatory sanctions by BNM but also in civil liability for losses suffered by customers," he said.