Crypto Law Profile
Malaysia’s SC Guidelines on Digital Assets govern IEO token offerings, IEO operators and digital asset custodians under the capital markets framework.
The Guidelines on Digital Assets are Malaysia’s operative Securities Commission Malaysia framework for digital token offerings, initial exchange offering (IEO) platforms and digital asset custody. The guidelines were first issued on 28 October 2020 and, according to the SC’s current guidelines page and the R3-2024 PDF, were most recently revised with effect from 19 August 2024. They sit within Malaysia’s capital markets framework because qualifying digital currencies and digital tokens are prescribed as securities under the Capital Markets and Services (Prescription of Securities) (Digital Currency and Digital Token) Order 2019.
The guidelines are issued by the SC under section 377 of the Capital Markets and Services Act 2007. They state that their purpose is to set requirements for fundraising through digital token offerings, operation of IEO platforms and digital asset custody. The SC’s broader digital assets page describes trading, issuance and safekeeping of digital assets in Malaysia as regulated by the SC.
The framework applies to three main groups:
The guidelines clarify the boundary with payments regulation: digital currencies and digital tokens are not recognised in the guidelines as legal tender or as a form of payment instrument regulated by Bank Negara Malaysia. The document also says it should be read with other relevant laws and SC guidelines, including payment services and foreign exchange administration laws administered by BNM.
For digital token offerings, the guidelines require an issuer to be a Malaysian-incorporated company, excluding an exempt private company and public-listed company, or a limited liability partnership. The issuer must have its main business operations in Malaysia and may raise funds only through an IEO. The guidelines also prescribe minimum financial requirements, Malaysian resident director requirements, fit-and-proper expectations and equity-holding restrictions until the IEO project is completed.
An issuer seeking to raise funds through an IEO must apply to an IEO operator and include fit-and-proper declarations and a white paper. The white paper is intended to support an investor’s assessment of the issuer, the IEO project, the token’s characteristics, use of proceeds, valuation treatment, risks and other material information. The guidelines further state that an issuer must not offer digital tokens before the IEO operator’s approval has been obtained.
IEO platform operators are subject to a registration framework. A person seeking to operate an IEO platform must be registered under the guidelines, and a platform that also seeks to facilitate trading of digital assets must also be registered as a digital asset exchange operator under the Guidelines on Recognized Market. The IEO operator provisions cover registration criteria, financial requirements, board and senior management obligations, responsible persons, business continuity, records, conflicts of interest, market monitoring and SC oversight powers.
The custody section treats safekeeping, storing, holding or maintaining custody of digital assets for another person as a capital market service for purposes of section 76A of the CMSA. Digital asset custodians are subject to registration, minimum financial resources, fit-and-proper criteria, technology risk expectations and operational duties.
Custodians must act in clients’ best interests, safeguard client rights and access to digital assets, prevent unauthorised access, maintain transparent fees, identify and manage business risks, maintain written policies and notify the SC of breaches or material changes. Conduct rules require secure storage, key-generation and key-management controls, security mechanisms such as multi-factor authentication, segregation of client assets from the custodian’s own assets and up-to-date transactional records. Transaction records must be retained for at least seven years.
As of 8 June 2026, the profile status is mapped as In force because the guidelines are published as the current SC digital assets guidelines and the R3-2024 revision became effective on 19 August 2024. The 2024 amendment summary states that the revision aligned affected IEO operator and digital asset custodian provisions with the SC’s Guidelines on Technology Risk Management and made housekeeping or editorial changes for clarity and consistency. This profile does not describe the guidelines as legal, tax, investment or compliance advice.
Issued by the SC under section 377 CMSA; applies where qualifying digital currencies and tokens are prescribed as securities.
Issuers must be Malaysia-incorporated or LLPs, operate mainly in Malaysia, meet financial and governance criteria, and raise funds through IEO.
IEO applications must include fit-and-proper declarations and a white paper covering the issuer, project, token, proceeds, valuation and risks.
IEO platform operators must register with the SC; platforms that also facilitate trading must also register as DAX operators.
Custodians must meet capital, risk, security, segregation, client asset safeguarding and recordkeeping requirements.
The SC may issue directions, suspend or defer IEOs, revoke IEO approvals and exercise powers under securities laws where conditions are met.
The R3-2024 revision aligned affected IEO operator and custodian requirements with the SC Guidelines on Technology Risk Management.
The 2019 Order came into operation, prescribing qualifying digital currencies and digital tokens as securities.
SC first issued the Guidelines on Digital Assets; the effective date was upon first issuance.
R1-2022 revision became effective according to the guidelines revision table.
R2-2024 revision became effective according to the guidelines revision table.
R3-2024 revision became effective and aligned selected provisions with technology risk guidelines.
Securities Commission Malaysia
Digital assets, Digital currency, Digital tokens
Mapped as a regulation because the guidelines create operative requirements for token offerings, IEO operators and digital asset custodians. The enacted date reflects the official first issuance date.
