ELECTRONIC money (e-money) has become an increasingly popular payment instrument within the Malaysian market. Given the technological advances in the last decade, the surge of e-commerce transactions and the use of online payments during this pandemic, it is timely that Bank Negara Malaysia (BNM) is introducing updates to the regulation of e-money through the Exposure Draft of the Policy Document on Electronic Money. The Exposure Draft, when finalised, will supersede the current BNM Guidelines on E-Money issued in July 2008. The Exposure Draft aims to ensure the safety and reliability of e-money and enhance confidence about using or accepting e-money for the payment of goods and services. This article explores some proposed changes to the e-money regulations in the Exposure Draft.
Definition of e-money
The Financial Services Act 2013 (FSA) defines e-money as any payment instrument, whether tangible or intangible, that stores funds electronically in exchange for funds paid to the e-money issuer (EMI). E-money is used as a means of making payments to any person other than the EMI. Examples of EMIs include ShopeePay Malaysia Sdn Bhd, TNG Digital Sdn Bhd, and Alipay Malaysia Sdn Bhd.
Categories of EMIs
One of the main updates introduced by the Exposure Draft is the change of EMI characterisation. Under the 2008 Guidelines, EMIs were generally categorised as either:
> issuers of small e-money schemes; or
> issuers of large e-money schemes.
The Exposure Draft now defines these as either eligible EMIs or standard EMIs. An eligible EMI is one that has “substantial market presence”, meaning that it meets certain criteria prescribed in the Exposure Draft. These criteria relate to the number of users and the market share percentage based on the volume of e-money transactions. An eligible EMI would, in contrast, be subject to more stringent compliance obligations ranging from governance arrangements to minimum capital requirements.
Limited purpose e-money
The Exposure Draft also introduces a new concept of “limited purpose e-money”, where issuers of limited purpose e-money (limited purpose EMIs) will be exempt from requiring approval under Section 11 of the FSA. Examples of limited purpose e-money transactions include:
> e-money used for payments at a network of merchants within a single location or closed community (eg: a grocery shop in location A or a shopping mall with several merchants);
> e-money used for cash rewards/loyalty points;
> e-money used for refund purposes; and
> mobile prepaid airtime used to purchase digital content.
Limited purpose EMIs, although exempt from obtaining BNM approval, will still need to comply with the conditions imposed by BNM, such as:
> submitting an annual notification to BNM on the description, functionality and features of the limited purpose e-money being issued;
> submitting statistical information of the limited purpose e-money to BNM on an annual basis; and
> compliance with the Personal Data Protection Act 2010.
This introduction of “limited purpose e-money” is a welcomed change as it allows firms to update their business methods and adopt digital transactions without being subject to the fulfilment of onerous obligations that may be beyond their capacity. Users of such schemes, too, can have peace of mind knowing that BNM is still maintaining oversight through regulation of these limited purpose EMIs.
Operational and risk management and IT requirements
The Exposure Draft has also introduced enhancements to certain operational and risk management obligations that an EMI would be required to comply with. These stringent obligations include:
> maintaining effective business continuity management;
> managing outsourcing risks; and
> managing and mitigating fraud risks.
There are also additional obligations related to account management and compliance with white-labelling rules.
A significant update in the Exposure Draft is the added obligations of IT requirements, technology risk management and technology operations management.
These obligations will need to be read together with other policy documents issued by BNM such as the Interoperable Credit Transfer Framework; the Risk Management in Technology Policy; and the Operational Risk Integrated Online Network Policy.
It is clear that EMIs will need to understand the significant updates in the Exposure Draft and work on reviewing their policies to ensure compliance with the new requirements. This should be done by the time the draft is finalised, and may require merchants to seek legal and other advice to ensure compliance. The impact of the Exposure Draft will be that consumers and merchants can look forward to future e-money usage with increased confidence in safety and security.
This article was contributed by Lim Yee Ping of Christopher & Lee Ong.