EN | 简体 | 繁体

LegalTAPS (January 2019)

Download PDF File



The Financial Technology Regulatory Sandbox Framework

Fintech – A Boon or Bane?

Fintech, in its literal meaning, is a fusion of the terms “financial” and “technology”. Fintech is an industry whereby disruptive technological innovation is utilised in the provision of financial services.

In this early part of 21st century, retail financial services are being enhanced and digitalized via mobile wallets, electronic payment applications, robo-advisors for wealth & retirement planning, equity crowdfunding and peer-to-peer lending platforms. Fintech has been under the spotlight in recent years and is viewed as a competitor or rather, a potential replacement of the conventional banking services. On the outset, fintech can be divided into two broad categories, namely institutional and consumer-facing.

In Malaysia, fintech, especially in the area of electronic payment applications and mobile wallets, is slowly gaining traction in recent years. That being said, fintech is already widely used in some countries. Examples of the application of disruptive technology to the financial services industry around the world includes M-Pesa which is a system established in Kenya by Vodafone’s Kenyan associate, Safaricom, in 2007 as a simple method of texting small payments between users.1 Over the last decade, M-Pesa has since played the role of the banks by assisting and allowing people to borrow, spend and pay for products and services using mobile application, effectively bypassing the banks altogether. M-Pesa has expanded its services to Tanzania, India, Afghanistan, India and some countries in Middle East and Eastern Europe.2

In China, Alipay first appeared in 2004 as an escrow system on Taobao and slowly evolved as a seller-accreditation and partnered with all major Chinese banking institutions offering online payment services.3 With more users and cash sitting in Alipay’s deposit pool, Alipay has released a virtual wallet, Yu’EBao service, which is a money market fund for users’ deposits in their Alipay’s accounts.4 To ensure that a secured platform and sufficient protection are provided to the institution and consumers, certain rules and regulations were subsequently issued by the China’s Central Bank and the Chinese Securities Regulatory Commission.5

However, fintech does not merely cover electronic payment applications, and banking and financial services; it is poised to disrupt more than just the banking & financial industry. Fintech extends to the area of e-KYC (Know-Your-Customer), regtech, insurtech, artificial intelligence, blockchain technology, cryptocurrency, robo-advisors, e-currency exchanges and etc.6

While the presence of fintech in Malaysia is still nascent, examples from other countries such as China and the United States proved that the fintech industry has the potential to grow rapidly and consequently, draw nervous reactions from major players, financial institutions and regulators.

A Leash on Industry

The financial services system in Malaysia is highly regulated and is governed by several legislations as listed below:

  1. Capital Markets and Services Act 2007;
  2. Financial Services Act 2013 (“FSA 2013”);
  3. Islamic Financial Services Act 2013 (“IFSA 2013”);
  4. Money Services Business Act 2011 (“MSBA 2011”);
  5. Personal Data Protection Act 2010;
  6. Communication and Multimedia Act 1998;
  7. Anti-Money Laundering, Anti-terrorism Financing and Proceeds of Unlawful Activities Act 2001; and
  8. Computer Crimes Act 1997.

[Note: This list is not exhaustive]

To stimulate the growth of the fintech industry, our monetary regulator, the Central Bank of Malaysia (“BNM”), introduced the Financial Technology Regulatory Sandbox Framework (“Framework”) on 18 October 2016.7

Sandbox - A Playground for the Fintech Innovation

A regulatory sandbox is a framework set up by BNM to allow live testing of fintech innovations in a controlled environment under the BNM’s supervision, whilst being accompanied by the appropriate and adequate safeguards for a prescribed period.

In Malaysia, the regulatory sandbox, which is introduced by BNM, enables fintech innovation to be deployed and tested in a live environment (“Sandbox”), within specified parameters and timeframes. In the Sandbox, participants may test their product, service or solution (“Fintech Product”) under the control of a single entity, BNM, which ensures that all participants are aware of the details of the framework and that no legislations are being overlooked.

The Sandbox is not tool to circumvent existing laws, rules and regulations. Products or services that are regulated under the prevailing laws and regulations in Malaysia are not suitable to be tested under the Sandbox. In considering the applications made by the applicants to participate in the Sandbox, BNM has indicated that it will adopt an “informal steer” approach by providing guidance and advice on the modifications that can be applied to the proposed Fintech Product to comply with the prevailing laws and regulations.8

Eligible Body

According to the Financial Technology Enabler Group (“FTEG”)9, the Sandbox is accessible to all fintech companies and institutions (“Fintech Innovators”), including those without a presence in Malaysia.10 The Fintech Innovators with the potential to contribute to the creation of high value-added jobs in Malaysia will be assessed more favourably by BNM. In a gist, the following bodies may apply to enter the Sandbox:11

  1. a financial institution;
  2. a fintech company (i.e. company that utilises or plans to utilise fintech but excluding a financial institution) which collaborates with a financial institution;
  3. a fintech company intending to carry on:
    1. an authorised or registered business as defined in the FSA 2013;
    2. an authorised business as defined in the IFSA 2013;
    3. a money services business as defined in the MSBA 2011.

Eligibility Criteria

BNM has also set up certain eligibility criteria for entry into the Sandbox.12 The following is a brief summary of the requirements for entry as a participant in the Sandbox:

  1. the Fintech Product is genuinely innovative with the potential to render good quality in the provision of financial services and improve the Malaysian economy;
  2. appropriate and adequate assessment has been conducted by the applicant to demonstrate the usefulness and functionality of the Fintech Product and identified associated risks;
  3. the applicant has necessary resources to support testing by controlling and mitigating potential risk and losses;
  4. a realistic business plan is in place to deploy the Fintech Product on a commercial scale in Malaysia after its successful testing in the Sandbox; and
  5. the applicant or the Fintech Product is led and managed by persons with credibility and integrity.

In addition to that, an applicant is expected to identify the potential risks to financial consumers and financial institutions that are likely to arise from the testing of the Fintech Product. The applicant must also propose appropriate safeguards to address the identified risks.13


According to the Framework, BNM is committed to informing an applicant of its eligibility to participate in the Sandbox within fifteen (15) working days of receiving a complete appli-cation.14 Upon confirmation and acceptance of the application to participate in the Sandbox, and prior to the formal testing of the Fintech Product in the Sandbox, preparatory engagements will be held between BNM and the applicant whereby the followings are discussed and determined:15

  1. details of the testing parameters;
  2. specific measures to determine the success or failure of the test;
  3. an exit strategy; and
  4. a transition plan for the deployment of the Fintech Product on a commercial scale upon successful testing and “graduation” from the Sandbox.

Upon obtaining its approval from BNM, the participant may proceed with the live-testing of its Fintech Product in the Sandbox. During the testing period, the participant must ensure the proper maintenance of records to support reviews of the test by BNM.16 The participant must also submit interim reports and a final report to BNM in accordance with the agreed timeline.

It is also expected that BNM is willing to “relax” certain rules and regulations to enable testing in a way that the risks can be appropriately contained in a strong value-added proposition Fintech Product as this is the ultimate purpose of the Framework.

In normal circumstances, the initial testing period would not exceed 12 months from the start date of the testing period.17 Upon expiry of the testing period, the regulatory flexibility accorded to the participants will be deemed to expire automatically, unless the participant successfully obtains an approval from BNM.18 An example is the e-KYC service which is developed by CIMB Bank Berhad in collaboration with Paycasso Verify Ltd, whereby an extension of time is given until 30 April 2019 from its initial expiry date of 19 October 2018.19

Graduation from the Sandbox

Upon the completion of the testing period, BNM will then decide whether to allow the participant’s Fintech Product to be introduced to the market on a wider scale. When this is allowed, the Fintech Product is deemed to have “graduated” from the Sandbox and will thereafter be assessed based on the applicable approval, licensing and registration criteria under the prevailing laws and regulations, as the case may be.20

Framework as the Catalyst for the Growth of Fintech in Malaysia?

The benefits of the introduction of the Framework could be demonstrated in various perspectives. One of the primary purpose of the Sandbox is to ensure that the compliance and regulations are aligned with the rapid growth of Fintech Innovators without drowning the Fintech Innovators in prevailing laws and regulations, but at the same time, without compromising on security of consumers.


With the introduction of the Framework, BNM, as a regulator, adopts a fine line between safeguarding financial stability and promoting innovation and growth. The Sandbox enables a two-way learning whereby Fintech Innovators, become familiar with the laws and regulations that they should be adhering to, while BNM can have the opportunity to learn from Fintech Innovators about these emerging technologies.21 Greater visibility is created in the sense that BNM could observe and work with the Fintech Innovators in a safe, controlled, and live-testing environment.

The Framework reflects BNM’s long standing policy in striking an optimal balance between promoting fintech innovations whilst preserving financial stability and protecting consumers’ interest. With the Sandbox and the Framework, BNM is able to learn from Fintech Innovators and adapt to new and emerging risks emanating from the offering of new Fintech Products.22

It is also worth mentioning that the Fintech Innovators which collaborate with financial institutions can directly gain advantages from the support and guidance provided by the financial institutions in complying with the relevant and related regulatory requirements and effectively handle risk mitigations.23


Another primary aim of the Framework is to encourage investments from different players in the industry in the hopes of securing investment. Regulatory uncertainty would, directly or indirectly, discourage potential investors to invest in a Fintech Product that remains in an unregulated landscape as authorities and regulatory bodies may swoop in unexpectedly, decide that the operation of the Fintech Product is improper or even illegal and thereafter force the Fintech Innovator to either change its business model drastically or remove the Fintech Product from the market.24

Similarly, the investors would not intend to invest their monies in an overregulated market either, as overregulation has the potential of hindering innovation and adversely affect the growth rate of the Fintech Product and its ability to achieve a worthwhile return of their investments.

As a result, BNM intends for the Framework to boost investors’ confidence wherein every penny that they have invested in the Fintech products are secured and regulated under a supervised yet liberal environment.


Kate Lauer, who is an expert in global financial regulation, once said that “Crafting regulation and ensuring that the regulator understands the consumer protection risk is something that’s really critical ... to the healthy future of fintech…”.25 The truth is that not everyone knows what is fintech. Fintech is not a topic which a person on the Clapham omnibus will speak about in his or her daily conversation. Many customers of financial systems are not familiar to what they are using and do simply agree to the terms and conditions without understanding them. The Framework intends to put a stop to that problem. With the Framework, users are protected as the Fintech Product is tested properly before the Fintech Product is marketed to the general public. This in turn creates a safe environment for the average user, i.e. a person on the Clapham omnibus.

An Analysis on the Framework

Malaysia is not the only country which has embarked on this initiative. Countries around the world have introduced their own sandbox regulatory framework, each catered for catalysing the growth of fintech in the respective countries. One of the key differences which separates Malaysia’s Sandbox regime from the regulatory sandbox regimes of UK and Australia is the length of its testing stage. Whilst the participants of Malaysia’s Sandbox have at least 12 months to test their products in the sandbox, participants in UK and Australia get between 3 to 6 months.26 In my view, a longer testing period benefits the regime as a whole as it allows the Fintech Product to undergo a more substantial phase of product development and commercialisation. Any issues with the Fintech Product which were not identified and resolved during the initial stages can be remedied before the actual launch of the Fintech Product.

Since participants are exempted from specific regulations for the duration of the Sandbox, this allows the participants who face challenges in meeting all regulatory requirements to test or roll out their products under a more relaxed regulatory framework, albeit within a controlled environment. Other than that, constant engagement between BNM and the participants of the Sandbox may pave the way to a more practical regulatory framework in the future. As it now stands and as highlighted above, there is no single legislation which regulates the fintech industry in Malaysia. It remains to be seen whether the Malaysian government, under the leadership of Tun Dr. Mahathir bin Mohamad, has plans to introduce a regulatory framework for the fintech industry in the near future.

The Sandbox is not perfect. One of the weaknesses of the Sandbox is participants will have to make huge investments to make sure that their systems are fully developed and ready to be tested. This will not be an issue for the bigger market players who have secured funding in the earlier stages. However, this flaw could impact the smaller players.

The Way Forward for Our Future

Be that as it may, the introduction of the Sandbox will benefit Malaysia’s fintech landscape. Our neighbouring countries such as Singapore, Hong Kong and Thailand have introduced their own fintech regulatory sandbox framework. It is anyone’s guess as to which country will be the leader of South East Asia’s fintech industry. Perhaps it can be our own nation, Malaysia.

The views and opinions expressed in this article are those of the author and do not necessarily reflect the official policy or position taken by the relevant governmental agencies.

1 Michael Joseph, ‘M-Pesa: The Story of How The World’s Leading Mobile Money Service was Created in Kenya’ (Vodafone, 06 March 2017) https://www.vodafone.com/content/index/ what/m-pesa.html accessed 30 October 2018.
2 Kieron Monks, ‘M-Pesa: Kenya’s Mobile Money Success Story Turns 10’ (CNN, 24 February 2017) https://edition.cnn.com/2017/02/21/africa/mpesa-10th-anniversary/index.html accessed 30 October 2018.
3 Charlie Liu, ‘Everything You Need to Know about Alipay and WeChat Pay’ (Medium, 02 March 2017) https://medium.com/@charliecliu/everything-you-need-to-know-about-alipay-and-wechat-pay2e5e6686d6dc accessed 30 October 2018.
4 Eric Mu, ‘Yu’ebao: A Brief History of the Chinese Internet Financing Upstart’ (Forbes, 18 May 2014) https://www.forbes.com/sites/ericxlmu/2014/05/18/yuebao-a-brief-history-of-the-chinese-internet-financing-upstart/#45ddd98f3c0e accessed 30 October 2018.
5 He Wei, ‘Regulators Cheer on Online Finance with Watchful Eye’ (China Daily, 16 August 2013) http://www.chinadaily.com.cn/kindle/2013-08/16/content_16899179.htm accessed 30 October 2018.
6 Vincent Fong. ‘Fintech Malaysia Report 2018 – The State of Play for Fintech Malaysia’ (Fintech News, 18 July 2018) https://fintechnews.my/17922/editors-pick/fintech-malaysia-report-2018 accessed 30 October 2018.
7 BNM, Financial Technology Regulatory Sandbox Framework (BNM, 18 October 2016).
8 ibid para 1.4
9 The FTEG was established by BNM in June 2016 to support innovations that will enhance the quality, efficiency and accessibility of financial services in Malaysia. It is also responsible for formulating and enhancing regulatory policies to facilitate the adoption of technological innovations in the Malaysian financial services industry.
10 FTEG, ‘Financial Regulatory Sandbox Framework – FAQ’ (Financial Technology Enabler Group) https://www.myfteg.com/?page_id=1133 30 October 2018.
11 BNM (n 7) para 2.1
12 ibid para 5.1
13 ibid para 6.1
14 ibid para 7.3
15 ibid
16 ibid para 8.2
17 ibid para 9.2
18 ibid para 9.1
19 FTEG, ‘List of approved participants in Regulatory Sandbox’ (Financial Technology Enabler Group) https://www.myfteg.com/approved-participants-in-sandbox 30 October 2018.
20 BNM (n 7) para 9.3
21 Nicholas Borst and Sean Creehan, ‘How Regulatory Sandboxes are Shaping Fintech in Asia’ (Federal Reserve Bank of San Francisco, 29 November 2017) https://www.frbsf.org/banking/asia-program/pacific-exchanges-podcast/asia-fintech-sandboxes-regulation/ accessed 30 October 2018.
22 Aznan bin Abdul Aziz, ‘Financial Technology Enabler Group Chairman’s Opening Remarks at Finnovasia KL’ (BNM, 20 March 2017) http://www.bnm.gov.my/index.php?ch=en_speech&pg=en_speech&ac=721&lang=en accessed 30 October 2018.
23 BNM (n 7) para 5.2
24 Amy Matthews, ‘The Role of Regulatory Sandboxes in Fintech Innovation’ (Finextra, 10 September 2018) https://www.finextra.com/blogposting/15759/the-role-of-regulatory-sandboxes-in-fintech-innovation accessed 30 October 2018.
25 Borst and Creehan (n 21)
26 William Hallatt, ‘Hong Kong Launches Regulatory Sandbox In Wake Of Developments In Australia, Malaysia, Singapore And The UK’ (Conventus Law, 5 October 2016) http://www.conventuslaw.com/report/hong-kong-launches-regulatory-sandbox-in-wake-of/ accessed 30 October 2018.

Tay Hongyi
Tay & Partners
This email address is being protected from spambots. You need JavaScript enabled to view it.




In April 2018, the Dewan Rakyat passed the Malaysian Anti-Corruption Commission (Amendment) Bill 20181 (hereinafter referred to as the “Amended Act”) which criminalised companies for corrupt acts. Historically, the Malaysian Anti - Corruption Commission (MACC) Act 20092 (hereinafter referred as the “2009 Act”) dealt with grafts and corruptions committed by individuals only. The Amended Act paved a new development of governance to address issues of corporate corruption. This development could be said to be overdue in view of the rising number of corporate corruption on a massive scale in Malaysia. At the time of writing this article, the Amended Act has not yet come into force. The effective date is expected to be 1 January 2020 to give MACC time for public advocacy and for stakeholders to prepare for this new regime.

History Leading to Amendment

Malaysia is ranked at 62nd place and scored 47 out of 100 in the 2017 Corruption Perception Index3, an analytical statistics for corruption carried out by the watchdog organisation, Transparency International. This deterioration of 7 ranks as compared to in 2016 demonstrates a negative setting of corruption practices in the country, putting the nation behind our Asian neighbours such as Taiwan, Japan, Hong Kong and Singapore.

The 2009 Act is nearly a decade old and is struggling to combat modern operations and modus operandi of corruption activities. The 2009 Act received heavy criticisms from all corners due to its narrow implication of corruptions – applying mainly to agents (excluding the corporation itself). The 2009 Act demonstrates a rather short-sighted approach in capturing the “culprit in action” rather than the “real culprit of the action” benefitting from the fruits of the corruption practice.

Amendment Act 2018

The Malaysian Parliament decided to modernise the Act with reference to the UK Bribery Act 20104 (hereinafter referred to as “BA 2010”) and the Foreign Corrupt Practices Act5 from the United States of America. The Amended Act introduces a new Section 17A to the 2009 Act and directly addressed Article 26 of the United Nations Convention against Corruption (hereinafter referred to as “UNCAC”)6 which was signed by Malaysia in 2003. Article 26 of UNCAC requires member countries to “adopt such measures as may be necessary, consistent with its legal principles, to establish the liability of legal persons,”7 in the commission of corruption offences in the country within their legal enforcements.

The operative mechanism of Section 17A8 is the attribution of the corrupt acts of “a person connected with the commercial organisation” to the commercial organisation. Once corporate liability is established, two things will follow:

  1. First, the commercial organisation is liable to a maximum fine of ten times the sum of the gratification involved or one million ringgit, whichever is the higher; or to imprisonment of a term not exceeding 20 years, or both.
  2. Second, a director, controller, officer, partner or a person concerned with the management of its affairs is deemed to have committed that offence, unless he proves the act was committed without his consent or connivance, and he has taken due diligence to prevent the offence.

Who is a “Commercial Organisation”?

Although routinely referred to as corporate liability, Section 17A applies to partnerships (both under the Partnership Act 19619 and the Limited Liability Partnership 201210). Of course, it applies to companies incorporated under the Malaysian Companies Act 201611. Section 17A will also apply to any company or partnership incorporated or established anywhere outside Malaysia but which carries on business in Malaysia. Section 17A(8) has also extended into extra-territorial jurisdiction by including Malaysian incorporated companies and partnerships committing corrupt practices outside of Malaysia.

Deemed Liability to Include Controllers

The deemed liability provision extends to directors, managers, officer, partners, persons concerned with management and controller. The last of these categories of people is perhaps not so well understood in Malaysia as the Malaysian company law does not use the “controller” concept nor require a company to have a register of controller. Taking a leaf from the Singapore Companies Act (Cap 50), a “controller” comprises of an individual con-troller or a corporate controller. An individual controller is “an individual controller who has significant interest in, or significant control over, the company or the foreign company” 12 in relation to a company or foreign company. The latter simply means any legal entity, other than an individual who has significant interests or control in such.

Interestingly and frighteningly so, no distinction is made between an executive and non-executive director, and likewise between an active partner and a “sleeping” partner. Those who are implicated and do not wish to be deemed to be liable will have to show that he or she has taken due diligence to prevent the offence.

Persons Associated with the Commercial Organisation

Since Section 17A says that a commercial organisation commits the corrupt offence if a person associated with the commercial organisation commits the corrupt act, who exactly is such a person? The section provides that he or she is a director, partner, employee of the commercial organisation or a person who perform services for or on behalf of the commercial organisation. The latter category is wide and could include a whole range of entities or persons who might be capable of committing corruption on behalf of the commercial organisation. This would include contractors and potentially those down the supply chain of service providers.

Defence – Adequate Procedures

There is a defence (and potentially a complete defence) to corporate liability if the commercial organisation is able to show it has in place “adequate procedures” to prevent such corruption from happening. This defence is given in recognition of the fact that there are many organisations that are well managed but despite all the best controls a rogue person associated with it could still commit the offending conduct.

The Minister in charge is responsible for issuing guidelines on the adequate procedures under the Amended Act. At the time of writing of this article such a guideline has not been published but it is understood that a working draft is making its way or about to make its way through stakeholders for inputs, comments and consultation. There is however precedent for such guidelines and they can be found in the UK’s Ministry of Justice Guidance on the Bribery Act 2010 and also another by Transparency International.

Returning to Malaysia, many Malaysian organisations have applied ISO 37001:201613 which prescribes anti-bribery standard procedure for organi-sations to follow. The ISO Guidelines sets out for corporations the methods to prevent, detect and respond to common forms of bribery. In addition, it also lays down requirements and guidance for the establishment, implementation, maintenance and improvement of an anti-bribery management system. This may however not be the complete answer to what constitutes adequate procedure under Section 17A.


Section 17A(2) of the Amended Act14 increases the penalties to a maximum imprisonment of 20 years and/or fine of not less than 10 times the value of gratification or One Million Ringgit Malaysia (RM1,000,000.00) (whichever is higher).

Deferred Prosecution Agreement

As a compliment and perhaps a useful tool from both the perspective of the State and the commercial organisations, deferred prosecution agreement (hereinafter referred to as “DPA”) should be explored with the advent of corporate liability. Lengthy investigations and trials could sometimes wreak more damage on a corporation under a cloud of corruption than the actual indictment. Shareholders of a publicly listed company may be the real loser if the agony drags and potentially puts the company out of business. A DPA could, in an appropriate case, serve the public interest, and the interest of the commercial organisation and its shareholders. The mechanism of DPA is an alternative to the criminal trial but the companies concerned are bound to strict conditions, undertakings, reforms and usually payment of substantial financial penalties in return for a deferment in prosecution. Having said that, the State may reinstate prosecution if the conditions, undertakings and reforms are not strictly complied with.

The DPA was recently seen in the prosecution of a Singaporean-based company, Keppel Offshore & Marine Ltd (“Keppel O & M”). Keppel O & M was charged under the US Foreign Corrupt Practices Act in connection with a scheme of paying millions of dollars in bribes to certain Brazilian officials to secure business for the company. Under the DPA, Keppel O & M agreed to pay a penalty of more than US$422 million to settle the charges with relevant authorities of United States of America, Brazil and Singapore. 15As noted earlier, prosecution could be reinstated if the concerned organisation slips up again or fails to abide by its undertakings to the State.

Going Forward

With the impending Section 17A coming into force, commercial organisations should seriously look into their internal processes, procedures and conduct trainings to avail themselves of the defence. As they say, it all starts with leadership and commitment at the top to resolutely shun all forms of corrupt practices, and a necessary change of mind-set for some organisations.

1 Malaysian Anti-Corruption Commission (Amendment) Bill 2018
2 Malaysian Anti-Corruption Commission Act 2009
3 Transparency International, “Corruption Perceptions Index 2017” (Transparency International, 21 February 2018) https://www.transparency.org/news/feature/corrup-tion_perceptions_index_2017 accessed 23 October 2018
4 Bribery Act 2010
5 Foreign Corrupt Practices Act 1977
6 United Nations Convention Against Corruption 2003, Article 26
7 Ibid.
8 Supra note 1, s 17A(8)
9 Partnership Act 1961
10 Limited Liability Partnership Act 2012
11 Companies Act 2016
12 Companies Act (Singapore), s. 386AB
13 International Organisation for Standardisation, “ISO37001- Anti Bribery Management Systems” (International Organisation for Standardisation, --) https://www.iso.org/iso-37001-anti-bribery-management.html accessed 23 October 2018
14 Supra note 8, s. 4
15 Department of Justice - Office of Public Affairs, “Keppel Offshore & Marine Ltd. And U.S. Based Subsidiary Agree To Pay $422 Million In Global Penalties To Resolve Foreign Bribery Case” (2017).

Nicole Leong
Tay & Partners
This email address is being protected from spambots. You need JavaScript enabled to view it.



Protecting Technology in Malaysia

Introduction: How Technology is Protected in Malaysia

In Malaysia, there is more than one form of Intellectual Property (IP) rights available to protect technology, particularly, computer programs and software. The applicable laws are the Copyright Act 1987 (“CA”), the Patents Act 1983, (“PA”), the Trade Marks Act 1976 (“TMA”) and the Layout-Designs of Integrated Circuits Act 2000.

Patent Law

Patent rights protect a product or process resulting from an idea and not the idea itself. The basic criteria for an invention to be patentable are novelty, inventive step and industrial applicability.1 However, there are certain kinds of inventions which are specifically excluded from patentability, namely, discoveries, scientific theories and mathematical methods, schemes, rules or methods of doing business, performing purely mental acts or playing games.2 In view of the statutory exclusion of certain inventions, the question of obtaining patent protection for software has always been a concern since the basis of all computer programs and software are a set of instructions or method of data processing system which closely resemble mathematical methods of doing a particular act or business. The PA 1983 has in essence ruled out the patentability of computer software per se in Malaysia. However, the Intellectual Property Corporation of Malaysia (MyIPO) has recently provided some guidance on the examination of this area by providing that a computer program and software per se claimed by itself or as a record embodied on a carrier, or loaded into a known computer is not patentable, regardless of its content. However, the product of the practical application of the software or the process in the using of the computer programs or software may be patentable if the product or process makes a technical contribution to the art (for example, program-controlled machines and program-controlled manufacturing and control process is patentable).3

For grant of patents in Malaysia, an applicant may file a patent application directly with the Patent Office if he is domiciled or resident in Malaysia. A foreign applicant must however appoint a registered patent agent in Malaysia to act on its behalf in filing and prosecuting the application.4 The period of validity of a patent is 20 years from the filing date of the application.


The CA 1987 specifically refers to computer programs as being a literary work and are therefore, entitled to copyright protection.5 A ‘computer program’ is defined in Section 3 of the CA 1987 as follows:-

“expression, in any language, code or notation, of a set of instructions (whether with or without related information) intended to cause a device having an information processing capability to perform a particular function either directly or after either or both of the following:

  1. conversion to another language, code or notation;
  2. reproduction in a different material form”

Copyright is recognised as the main protection for the rights of the owner for computer programs and software per se. The law of copyright protects the expression of ideas but not the idea itself,6 therefore the concept or idea behind a software or program may not necessarily be protected by copyright until the time it is reduced to written form.7 In addition, copyright of such computer programs only subsists if the work is original and the creator is a qualified person or the work is made in Malaysia or the work is first published in Malaysia.8

Copyright is conferred on computer programs upon the creation of the work provided that all the statutory requirements have been fulfilled. There is no mandatory requirement as to registration for copyright protection. Although copyright is a non-registrable right in Malaysia and owners enjoy automatic protection, ownership can still be difficult to establish when there is an infringement by third parties. As such, it is advisable that the owner have documentation to prove ownership. The CA 1987 provides that copyright owners may declare ownership over the works by way of a statutory declaration or by filing a voluntary notification to the Controller of Copyright, and this will be prima facie evidence of the facts contained therein.9

Trade mark

Generally, all computer programs and software are provided by technology companies. These technology companies provide services and products using brands which function to indicate the origin and quality of the services and products. Brands are used by companies to distinguish their software or computer programs from those of other traders and also act as a marketing tool to enable customers to recognise the products bearing the trade mark. Therefore, it is very important for technology companies to protect the brands of the technology they provide by registering their trade mark because consumers perceive trade marks as an indicator of source of a particular product.

In Malaysia, registration of trade marks is not mandatory but registration would provide the proprietor with the right to sue for trade mark infringement in addition to the right to sue under common law for passing off. The proprietor of the trade mark may make an application to the Registrar to register its trade mark in the prescribed manner by virtue of the TMA.10 Once the Registrar approves the application and there is no opposition, the proprietor of the trade mark will be registered. Registration is prima facie evidence of trade mark ownership.11 The period of protection is 10 years, renewable for a period of every 10 years thereafter.12 As with patents, while local applicants may file applications on their own, foreign applicants will have to do so through registered trade mark agents.13

Layout Design of an Integrated Circuit

The Layout-Designs of Integrated Circuits Act 2002 provides a comprehensive protection of layout-designs in Malaysia. Under Section 2 of the 2002 Act, “layout-design of an integrated circuit” is defined as follows:-

“…the three-dimensional disposition of the elements of an integrated circuit and some or all of the interconnections of the integrated circuit or such three-dimensional disposition prepared for an integrated circuit intended for manufacture.”

The layout-design is eligible for protection automatically if the layout-design is an original design where, it is the result of its creator’s own intellectual effort and is not commonplace among creators and manufacturers of integrated circuit; the right holder of the layout-design was a qualifying person at the time of creation; and the layout-design has been fixed in a material form or incorporated into an integrated circuit.14 Similar to copyright, protection of a layout-design of integrated circuit is conferred on the creator upon the creation of the layout-design provided that all the statutory requirements are fulfilled. The owner may submit an affidavit asserting the ownership of the layout-design to prevent a dispute on the ownership and also to enforce the rights of a right holder by virtue of the 2002 Act. The affidavit will be prima facie evidence of the facts contained therein.15 The duration of protection is 10 years from the date of its commercial exploitation or 15 years from the date of creation if not commercially exploited.16

Technology License Agreement

A license agreement is a legally binding contract between a licensor, who is the owner of IP rights, and a licensee, who receives the grant of certain IP rights to legally use and exploit the IP, in exchange for a royalty fee or other types of payment or consideration. The ownership of the IP continues to remain with the licensor with the licensee merely receiving the right to use the IP within the scope of the license. In terms of technology licensing, the IP rights protecting the technology, for example, patents, industrial designs, know-how, trade secrets etc. would typically be the subject matter of a license.

1. Types of Licenses

Generally, there are three kinds of licenses, categorised according to the degree of ex-clusivity of rights granted to licensee. A license may be exclusive, sole or non-exclusive. Firstly, an exclusive license permits only the exclusive licensee to use the IP rights in the licensed territory to the exclusion of all others including the licensor. This means that, an exclusive license only allows one party to use the IP rights namely, the exclusive licensee. Secondly, a sole license permits the sole licensee and the licensor to use the IP rights in the licensed territory. Lastly, a non-exclusive license permits the non-exclusive licensee, the licensor and other persons to whom the licensor has granted the same rights granted by the licensor to the licensee to use the IP rights in the licensed territory. In the final scenario, there can be multiple licensees. Computer software license is one common example of a non-exclusive license because generally the owner of the software will grant licenses to numerous users for the use of the software.

2. Can Know-How be a Subject of Licenses?

Know-how is a form of trade secret which comprise of information of a technical nature, and/ or unique knowledge as well as skills regarding the manufacture or operation of the software or computer program. It encompasses technical and scientific information, such as formulae, methods and specification, as well as computer source coded which is not known to the public or is not easily accessible by the public. Although know-how is technical information which may not enjoy statutory protection, it has high economic value because of its secrecy that gives the owner an advantage over its competitors.

Know-how is often bundled together with other IP rights, and most commonly in a patent license agreement, so that the licensee can gain access to the information or knowledge which would otherwise not be known nor be readily accessible to the public. This is because in certain cases, it is not enough for the licensee to have the license rights to a patent without access to the technical information or knowledge which relates to the patent without which the licensee cannot use or exploit the related invention in an efficient way. It is common for there to be a license agreement for the exclusive rights under technical know-how which supplements other IP rights and this can be seen in the case of H&R Johnson Tiles Ltd & Anor v H&R Johnson (M) Bhd and Haw Par Brothers International Ltd & Anor v Jack Chiarapurk & Ors,17 where the parties entered into a patent and trade mark license agreement and a know-how license agreement.

In a license agreement for know-how, due to the secrecy of the know-how, the agreement should carefully define, the subject matter, the scope of granted rights and provide detailed and thorough provisions regarding confidentiality and non-disclosure.

3. License contracts

Patent Law

Section 36 of the PA 1983 gives the owner of a patent the exclusive right to conclude license contracts.18 When a patent license contract is concluded between the parties, the parties may voluntarily register the license with the Registrar.19 Although registration of licenses with the Registrar of Patents is not a mandatory requirement, parties would be well advised to do so because it is advantageous to the licensor and licensee particularly when there is a dispute subsequently on the facts and terms of the agreement.

In addition to voluntary licensing, the PA 1983 also provides for compulsory licenses in certain circumstances.20 Section 48 of the PA 1983 defines “compulsory licences” as follows:-

“ ‘Compulsory licence’ means the authorisation to perform in Malaysia without the agreement of the owner of the patent in respect of the patented invention any of the acts referred to in paragraph (1)(a), and subsection 36(3). ”

This provision may also be regarded as a Right of Government license as it is applied by the Government for reasons of public interest. Recently, the Ministry of Health, Malaysia made a decision to grant compulsory licensing under the Patents Act 1983 to exploit the patented drug Sofosbuvir in order to increase access to drugs for treating Hepatitis C.21 The compulsory license was granted despite the patented manufacturer having offered a vol-untary license to the Malaysian Government.22 The reasons given by the Malaysian Government for the grant of the compulsory license is that it is necessary to protect public health, enabling greater access as compulsory license would mean cheaper generic medication may be produced without the patent holder’s consent, whereas in voluntary licensing, the use of the patent depends on the terms of the license agreement including the licence fees payable to the owner.23 According to the Ministry of Health, Malaysia is the first country to initiate the Right of Government move through the provision of compulsory licenses under the PA 1983.24

Copyright and Layout-Design of an Integrated Circuit

The owner of the work has the rights to grant permission to other parties for the use of his copyright work or lay-out design through a license agreement.25 As mentioned earlier, copyright and layout-design of an integrated circuit are non-registrable rights in Malaysia and unlike patents, there are no provisions in the relevant statutes facilitating the registration of the licenses. However, the CA 1987 does provide that apart from copyright owners, a licensee may also make a voluntary notification to declare that the licensee has an interest in the copyright work that has been granted by license.26

Trade marks

Similar to patent law, a registered owner of a trade mark may grant, through a lawful contract, a right to license the use of the registered mark to any person and the parties may voluntarily register the licensee as a registered user of the said trade mark with the Registrar.27 If parties choose to register the license, the licensor is to submit an application to register the licence with the Registrar with the prescribed fee and documents as prescribed in Section 48 of the TMA 1976. The registration of the license is not mandatory.

4. Material terms in License Agreements

Most terms in a technology license agreement, if not all, are negotiable and may be presented in a way that reflects the needs and nature of the transaction. In drafting a license agreement, various factors and considerations need to be taken into account, particularly in areas concerning the extent of use of the licensed technology. It is vital for the license agreement to be clear and transparent for parties to be aware of their obligations thereunder.

While the parties to a license agreement have the freedom to incorporate terms that are the product of their negotiations, the following terms would typically be found in the agreement. It should be noted that they are not exhaustive and the decision as to whether to include them is ultimately a matter of discretion of the parties.


Sufficient information should be given for the parties to be identified. Such information may include company registration number, country of incorporation as well as registered and business addresses. Parties should also ensure that they have the right or authority to enter into the agreement. For licensors, this essentially means that they must have a good legal or beneficial title to the licensed technology, or are otherwise duly authorised by its ultimate owner to grant the license. The agreement should also state whether the rights granted under the license are extended to the licensee’s subsidiary companies or affiliates and, if so, the applicable conditions and such.

Subject Matter

Parties should define the type, scope, and extent of the IP rights that is licensed, the boundaries within which the licensee is allowed to use such rights. To promote certainty, descriptions of the IP rights and details of their registration, if any, should also be included. Licensors should further consider whether any restriction is to be imposed on the licensee in exploiting the IP rights. For instance, Licensors should contemplate if their licensees are al-lowed to sub-license the IP rights.

Field of Use and Territory

The agreement should state clearly the field of use and territorial or geographical scope of the licensee’s rights. A license may be granted on a worldwide basis or be limited to specific geographical areas. If the rights may be exploited in different territories, the agreement should include the rights of the licensee in the respective territories. Consideration should also be given to whether the rights granted are restricted to any particular fields or industries, or whether the licensee is also allowed to use it in other fields or industries.

Types of License

The agreement should indicate whether the licensee is granted an exclusive, non-exclusive or sole license. If it is exclusive, then the agreement should describe the degree of the exclusivity, for example whether it is exclusive only within a particular territory or industry or for a specific period of time.


Where it is likely that improvements will be made to the licensed technology during the term of the agreement, it is important to consider and specify the obligations and conditions for the entitlement of both parties in relation to such improvements.

Obligations of the Parties

The agreement should state clearly the specific obligations of the parties to the agreement. For licensors, matters such as the provision of technical assistance and know-how at various points in time as well as the obligation to maintain the IP rights should be addressed. As for licensees, the obligations will generally include matters such as payment of royalties, im-provements and quality of performance in respect to the use, promotion and sale of the licensed technology, protection of the licensed technology, compliance with legal and regulatory requirements, duty of confidentiality, and clear reference to the fact that the product is made under license.

Financial Considerations

Where royalties are the prerequisite for the grant of license, provisions should be made for the manner in which the royalties are calculated and the value of the licensed IP rights. Other issues to be addressed include the timing, frequency, currency, minimum guaranteed royalties and interest for late payments. Parties should also negotiate and decide on who should be responsible for the applicable taxes or duties.

Term of the License Agreement and Termination

The agreement should set out the term of the license, and whether the licensee has the right to renew or extend the term at the expiry of the initial period and the preconditions for doing so. The agreement should also spell out the conditions on which the agreement may be terminated. Material misrepresentations, non-performance of the material terms of the agreement and non-payment of royalties are among the usual conditions imposed for termination. In addition, the parties’ obligations upon termination should be set out. This may include matters such as the licensee’s obligation to cease exploiting the licensed technology, and return or destroy documents or information given to it by the licensor.

Representations and Warranties

Other than the usual representations found in a standard agreement, licensees may wish to incorporate representations in relation to the licensors’ ownership of and title to the licensed technology, and that it is free and clear of all encumbrances, liens and interests.


With the inclusion of an indemnity clause in the agreement, parties may take comfort in the fact that they will be compensated for losses incurred as a result of the other’s actions. This is particularly useful in protecting the parties from third party lawsuits arising from the other’s negligent acts or breach of the agreement.

1 Section 11 of the Patents Act 1983.
2 Section 13(1)(a) and (c) of the Patents Act 1983.
3 The Intellectual Property Corporation of Malaysia, “Guidelines for Patent Examination”, October 2011, pages 24-25.
4 Section 86 of the Patents Act 1983.
5 Section 3 of the Copyright Act 1987.
6 Section 7(2A) of the Copyright Act 1987.
7 Section 7(3)(b) of the Copyright Act 1987.
8 Section 7(3) (a) and Section 10 of the Copyright Act 1987.
9 Section 26A(1) and Section 42(1) of the Copyright Act 1987.
10 Section 25 of the Trade Marks Act 1976.
11 Section 30 and Section 36 of the Trade Marks Act 1976
12 Section 32 of the Trade Marks Act 1976.
13 Section 80 of the Trade Marks Act 1976.
14 Section 5 of the Layout-Designs of Integrated Circuits Act 2002.
15 Section 18 of the Layout-Designs of Integrated Circuits Act 2002.
16 Section 8 of the Layout-Designs of Integrated Circuits Act 2002.
17 [1998] 4 MLJ 13; [1991] 2 MLJ 428.
18 Section 36(1) of the Patents Act 1983.
19 Section 42 of the Patents Act 1983.
20 Section 49 of the Patents Act 1983.
21 Y.B. Datuk Seri Dr. S. Subramaniam. (2017, September 20). Press Statement Minister of Health 20th September 2017- Implementation of the Rights of Government for Sofosbuvir Tablet to Increase Access for Hepatitis C Treatment in Malaysia. Retrieved from https://kpkesihatan.com/2017/09/20/press-statement-minister-of-health-20th-september-2017-implementation-of-the-rights-of-government-for-sofosbuvir-tablet-to-increase-access-for-hepatitis-c-treatment-in-malaysia/
22 Report: Cabinet approves compulsory licence for Hepatitis C generics. (2017, September 14). Retrieved from http://www.themalaymailonline.com/malaysia/article/report-cabinet-approves-compulsory-license-for-hepatitis-c-generics#IkKAsmJaPyj1F2YU.97
23 Ibid, at 26 and 27.
24 Ibid, at 26.
25 Section 27 of the Copyright Act 1987 and Section 19(1) of the Layout-Designs of Integrated Circuit.
26 Section 26A of the Copyright Act 1987.
27 Section 48 of the Trade Marks Act 1976.

Lin lee(Website)
Lee Lin Li
Tay & Partners
This email address is being protected from spambots. You need JavaScript enabled to view it.