Lessons From Touch n Gos Financial Services Act 2013 Breach

Lessons From Touch ‘n Go’s Financial Services Act 2013 Breach

It’s not every day Malaysia’s largest digital payment provider is slapped with a RM600,000 fine. 

But that’s precisely what happened when Bank Negara Malaysia (BNM) found Touch ‘n Go in violation of the Financial Services Act 2013

While the figure is a drop in the bucket for Touch ‘n Go, closer inspection reveals an entirely avoidable incident, which means that’s still RM600,000 gone for nothing.

In this post, we’ll take a closer look at:

  1. Details conerning Touch ‘n Go’s oversight
  2. Lessons we can take forward as business owners and directors regardless of industry

Let’s go!

Touch ‘n Go’s Financial Oversight 

On two separate occasions over three years ago, Touch ‘n Go allowed two individuals sanctioned under the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities to access their e-wallet services.

Upon discovery, Touch ‘n’ Go voluntarily reported their findings to Bank Negara Malaysia, and on September 1 2023, the latter imposed an Administrative Monetary Penalty (AMP) of RM600,000 on the former for contravening the Financial Services Act 2013 (FSA).

What’s the Financial Services Act 2013?

The Financial Services Act 2013 is a piece of legislation that governs financial institutions and other relevant entities operating within Malaysia, including payment systems including Touch ‘n Go.

The FSA regulates the operation of such entities and is enforced by Bank Negara to promote financial stability and protect consumer interest.

What offence did Touch ‘n Go commit under the FSA?

Touch ‘n Go breached section 48(1) of the Financial Services Act, which states the following:

Every institution shall at all times: 

  • comply with the standards as may be specified by the Bank under subsection 47(1) which are applicable to such institution; 
  • ensure that its internal policies and procedures are consistent with the standards as may be specified by the Bank under  subsection 47(1); and
  • whether or not standards have been specified by the Bank under subsection 47(1), manage its business, affairs and  activities in a manner consistent with sound risk management and governance practices which are effective, accountable, and transparent

Put simply, Touch ‘n Go as a financial institution must follow rules set by Bank Negara Malaysia, including BNM’s Anti-Money Laundering, Countering Financing of Terrorism and Targeted Financial Sanctions, which requires Customer Due Diligence to be carried out. 

By failing to meet the standards of Customer Due Diligence, Touch ‘n Go breached the FSA and was subsequently penalised.

What’s Customer Due Diligence?

We’ll just directly cite an excerpt from Bank Negara’s official definition:

Customer Due Diligence is the process of identifying and verifying the identity of your customer.  A reporting institution must be satisfied that the customers are whom they say they are. This includes knowing:

  • the identity of the customer
  • the identity of beneficial owner i.e. people behind the transaction
  • the identity of person conducting transaction if the transaction is done on behalf of someone else or the person you dealing with is a representative appointed by a legal person
  • why the transaction is undertaken

In the case of Touch ‘n Go, this includes screening applicants to ensure they are not sanctioned under the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Order 2014.

As you already know, Touch ‘n Go failed to do this twice (to their knowledge), costing them RM600,000.

Lessons for Business Owners & Directors

While this story is highly relevant to other financial service providers in Malaysia, as a Company Secretary firm, we believe all business owners and company directors in Malaysia could learn a thing or two here. 

At the end of the day, this is a story about statutory compliance, and we believe the manner in which Touch ‘n Go handled their mistake is exemplary.

1. Maintain Extensive Records

The actual breaches were only detected by Touch ‘n Go three years later. Some might scoff the delayed discovery, but can we acknowledge this demonstrates that Touch ‘n Go maintains records with enough detail to dig back that far into the past.

How many other businesses can say the same? 

Keep in mind that Section 167 of the Companies Act 2016 requires companies to maintain accounting and financial records for at least seven years and you realise many companies are just one oversight away from a heavy penalty.

Action item: Maintain good accounting and bookeeping records, and for goodness sake use accounting software.

2. Don’t Hide Statutory Breaches

We don’t like speculating, but we’ll tentatively guess that Touch ‘n Go did not intentionally breach the FSA – it was an honest mistake, and mistakes happen. Unfortunately, not every process can be automated, and human error will always be part of life.

By self-reporting to Bank Negara Malaysia, Touch ‘n Go not only gained goodwill (or at least minimised negative backlash) but avoided committing an additional offence by withholding this knowledge from the authorities.

Action item: When you discover you have broken statutory law, it is almost always best to come clean.

3: Statutory Compliance Requires Specific Knowledge 

Take one glance at the lengthy requirements Bank Negara imposes on financial institutions in Malaysia and you might forgive Touch ‘n Go for their oversight – statutory compliance is not something you pick up after a quick five minute read!

While the mistake was only discovered three years later, without a competent team, Touch ‘n Go might never have discovered it until much later. Worse, it might have been discovered by Bank Negara, perhaps incurring more serious penalties and undoubtedly reflecting far more negatively on Tough ‘n Go.  

For the average company director or business owner, this is where a competent Company Secretary makes your life easier.

Action item: Appoint MISHU as your Company Secretary and rest easy!

Let MISHU handle your statutory compliance

Co sec Manager Fenny

Leave a Reply

Your email address will not be published. Required fields are marked *

please include country code

Scroll to top