BNM’s Licensing Framework for Digital Banks
26 January 2021
On 31 December 2020, Bank Negara Malaysia (‘BNM’) issued the Policy Document on Licensing Framework for Digital Banks
(‘Framework Document’) and a set of Frequently Asked Questions
(‘FAQs’). The Framework Document came into effect on its date of issuance.
At the same time, BNM stated in a media release
that it may issue up to five licences to qualified applicants to carry out digital banking business or Islamic digital banking business and that applications for such licences may be submitted to BNM until 30 June 2021. BNM also stated that notification of grant of licences will be made in the first quarter of 2022.
The Framework Document applies to –
- an applicant for a licence under section 10 of the Financial Services Act 2013 (‘FSA’) or section 10 of the Islamic Financial Services Act 2013 (‘IFSA’) to carry on digital banking business or Islamic digital banking business (each a ‘digital banking business’) (‘applicant’);
- a licensed digital bank which is licensed to carry on a digital banking business under section 10 of the FSA or section 10 of the IFSA (‘licensed digital bank’);
- the shareholders (‘prospective shareholders’) requiring approval under section 90 of the FSA or section 102 of the IFSA for the holding of interest in shares of a proposed licensed digital bank (‘proposed licensee’); and
- the persons or entities requiring approval under section 90 of the FSA or section 102 of the IFSA before acquiring interest in shares of a licensed digital bank.
- in considering an application, BNM is to have regard to Part B of the Licensing Procedures Document before making its recommendations to the Minister of Finance (‘MoF’);
- an applicant should demonstrate its commitment in driving sustainable financial inclusion (including ensuring quality access and responsible usage of financial services), in particular to the underserved and unserved segments1, without jeopardising the interest of depositors2; and
- an applicant is to submit the information and documents set out in Part D of the Licensing Procedures Document, including –
- its business plan that complies with paragraph 12 of the Licensing Procedures Document and paragraph 10.3 of the Framework Document3; and
- an exit plan in accordance with the requirements set out in paragraph 10.3 of the Framework Document.
Part B of the Licensing Procedures Document requires, among others, BNM to have regard to the factors set out in Schedule 5 of the FSA or the IFSA, as applicable, including -
- the applicant’s character and integrity, which in the case of a body corporate, its reputation for being operated in a manner consistent with the standards of good governance and integrity;
- the soundness and feasibility of the applicant’s plans for the conduct and development of its digital banking business;
- the nature and sufficiency of the applicant’s financial resources;
- the applicant’s business record and experience;
- the competence, experience and suitability of the persons who will be involved in the applicant’s operations;
- whether the nature, scale and activities of the applicant’s corporate group will impede the effective regulation and supervision of the proposed licensee;
- whether the application will be in the best interest of Malaysia, having regard to–
- the effect of the investment on the level and nature of economic activity in Malaysia, including the effect on productivity, efficiency and quality of financial services;
- the contribution towards enhancing international trade and investment linkages between Malaysia and other countries;
- the effect of the investment on the stability of the financial system, including on conduct and behaviours that could pose a risk to the financial system; or
- the degree and significance of participation of Malaysians in the financial sector; and
- in the case of an application for an Islamic digital banking licence, that the aims and operation of the business will not involve any element that is contrary to Shariah.
The proposed licensee must be a public company incorporated in Malaysia under the Companies Act 2016, and must have a minimum capital funds of RM100 million, unimpaired by losses, during the foundational phase. 4
Suitability of prospective shareholders
As part of the application process, BNM will also assess the suitability of the prospective shareholders of the proposed licensee. In this regard, BNM will consider the matters set out in paragraph 7.9 of BNM’s Policy Document on Application Procedures for Acquisition of Interest in Shares and to be a Financial Holding Company
, which requires BNM to consider such matters as it deems relevant, including the factors set out in Schedule 6 of the FSA or the IFSA, as applicable, and the policy document on Shareholder Suitability. The factors in Schedule 6 that apply to the evaluation of prospective shareholders are substantially similar to the factors set out in Schedule 5 of the FSA or the IFSA summarised earlier in this article.
In addition, BNM will consider the ability of the prospective shareholders collectively to contribute to the proposed licensee in the following areas –
- risk management and compliance;
- use of transformative technology in the development and delivery of financial services;
- access to deep and robust customer analytics to improve and expand access to and responsible usage of financial services;
- serve as a source of financial strength for the proposed licensee; and
- provide the requisite Shariah expertise to the proposed licensee which is an Islamic digital bank.
Where a prospective shareholder will hold an aggregate interest in 50% or more of the shares in a proposed licensee, BNM may require the shareholder to organise its financial-related subsidiaries under a financial group, headed by an apex entity which is a licensed institution or a financial holding company under the FSA or the IFSA.
BNM may recommend the MoF to grant approval to a prospective shareholder which is a foreign entity to hold more than 50% equity interest in a proposed licensee if BNM is satisfied that it would not be detrimental to the safety and soundness of the proposed licensee or undermine the stability of the financial system.5
However, preference will be accorded to an application where controlling equity interest lies with Malaysians.6
The exit plan
As mentioned earlier, the Framework Document requires an applicant to submit an exit plan that covers the first five years of a proposed licensee’s operations. The exit plan is to enable the licensed digital bank to voluntarily unwind its business operations without regulatory intervention and in an orderly manner that does not cause disruption to its customers and the financial system.
The exit plan must, among others, include –
- a clear description of the potential triggers for exiting the business;
- likely options and related measures to be taken for exiting that minimises disruption to its customers and the financial system;
- potential impediments to the exit options and proposed measures to mitigate such impediments; and
- sources of funding and liquidity (without any assistance from BNM) for the exit and the estimated time frame for the exit.7
The foundational phase
Part C of the Framework Document provides for a foundational phase of three to five years from the commencement of operations of a licensed digital bank (‘foundational phase’
During the foundational phase, a licensed digital bank must at all times maintain at least RM100 million of capital funds unimpaired by losses and ensure that its total asset size does not exceed RM3.0 billion. A licensed digital bank will also be subject to the simplified regulatory framework set out in paragraph 14.1 of the Framework Document. During this phase, the licensed digital bank may only expand its business overseas with the approval of BNM.8
At the end of the foundational phase, a licensed digital bank -
- must have at least RM300 million of capital funds unimpaired by losses;
- must comply with all relevant regulatory requirements applicable to existing licensed banks or licensed Islamic banks, as the case may be; and
- will cease to be bound by the business limitations imposed during the foundational phase.
However, a licensed digital bank will be expected to continue serving the underserved or unserved segments as part of its business operations even after the end of the foundational phase.
A licensed digital bank must establish a registered office in Malaysia that enables BNM to communicate effectively with the licensed digital bank during the supervisory process.
Although a licensed digital bank may not establish any branch (i.e. a fixed place of business to facilitate customer transactions), it may establish physical offices for administrative purposes. These offices and the registered office may be used to handle face-to-face customer complaints.
A licensed digital bank may become a member of e-SPICK9
or enter into a commercial arrangement with an existing licensed bank or licensed Islamic bank for payment or collection of cheques. It may also participate in a shared ATM network and other cash-out services, or enter into commercial arrangements with licensed banks and licensed Islamic banks for the use of their self-service terminals, including ATMs, cash deposit machines, cash recycler machines and cheque deposit machines.
Subject to the requirements in BNM’s policy document on Agent Banking, a licensed digital bank is permitted to offer banking services through agent banking. However, the use of agent banking is to be kept to a minimum as a licensed digital bank is required to offer its services wholly or almost wholly through digital or electronic means.
According to the FAQs, a licensed digital bank may be involved in activities relating to digital assets, carry out capital market activities and accept foreign currency deposits, subject to compliance with the relevant regulatory requirements.10
In addition, a licensed digital bank may provide financial services beyond the underserved and unserved segments but such activities should not substantially detract it from, or compromise the delivery of, its commitments to serve the aforesaid segments.11
A licensed digital bank is not prohibited from offering its products to customers outside of Malaysia or from accepting customers outside of Malaysia, subject to compliance with the legal and regulatory requirements of the other country.12
However, BNM should be consulted before a licensed digital bank carries out any business or activity that is not for the purpose of or in connection with its digital banking business.13
According to the FAQs, BNM does not currently restrict a licensed digital bank from subscribing to cloud providers outside of Malaysia provided that all necessary safeguards are in place. In deploying cloud technology, a licensed digital bank must comply with the requirements under BNM’s policy document on Risk Management in Technology, which amongst others, include -
- consulting BNM before using any public cloud for critical systems14; and
- notifying BNM before using cloud services for non-critical systems.
In entering into commercial arrangements with third parties, a licensed digital bank is required to comply with BNM’s policy document on Outsourcing.
BNM has treaded cautiously into the realm of digital banks. By imposing a limit on the asset size of licensed digital banks and requiring such banks to provide an exit plan for the duration of the foundational phase, BNM has put in place measures to safeguard the integrity and stability of the financial system against risks that could arise from the unbridled growth of licensed digital banks.
Since the release of the first version of the exposure draft of the Framework Document on 27 December 2019, many companies, including financial service providers, tech-companies and “super-app” and telecommunications companies with huge customer databases, have expressed interest in joining forces to apply for digital banking licences. With the launch of the Framework Document and up to five digital banking licences up for grabs, the waiting is finally over. Let the games begin!
If you have any queries please contact Ms Lee Ai Hsian of our Fintech Practice
The underserved and unserved segments may include retail, micro and small medium enterprises (MSMEs). Refer to Question 11 of the FAQs for examples of the factors that BNM would consider in determining whether a segment is underserved or unserved.
This is part of the “best interest of Malaysia
” criterion under Schedule 5 of the FSA and the IFSA.
Refer to Question 5 of the FAQs for some of the key factors that BNM will consider in assessing the sustainability of an applicant’s business plan.
Question 4 of the FAQs states that the minimum capital funds of RM100 million must be transferred to the proposed licensee by way of paid-up capital before BNM issues its recommendation to the MoF to issue a digital banking licence to the proposed licensee.
Question 1 of the FAQs.
Paragraph 8.4 of the Framework Document.
Refer to Questions 17 to 19 of the FAQs for further discussions on the exit plan.
Question 14 of the FAQs. Question 14 also sets out some of the factors that BNM will consider in determining whether to allow the expansion overseas.
The acronym “e-SPICK” refers to the national cheque information clearing system.
Question 7 of the FAQs. A licensed digital bank, being a licensed bank under the FSA or IFSA, is permitted to undertake the capital market activities which a licensed bank or licensed Islamic bank, as the case may be, is allowed to carry out under the second column of Schedule 4 of the Capital Markets and Services Act 2007.
Question 10 of the FAQs.
Question 13 of the FAQs.
Question 8 of the FAQs. Note that section 14 of the FSA and section 15 of the IFSA prohibit a licensed bank from carrying on any business or activity within or outside Malaysia that is not for the purpose of or in connection with its licensed business.
Question 27 of the FAQs. BNM’s policy document on Risk Management in Technology defines a “critical system” as any application system that supports the provision of critical banking, insurance or payment services, where failure of the system may significantly impair a financial institution’s provision of financial services to customers or counterparties, business operations, financial position, reputation, or compliance with applicable laws and regulatory requirements; and “public cloud” as a fully virtualised environment in which a service provider makes resources such as platforms, applications or storage available to the public over the Internet via a logically separated multi-tenant architecture.