In March 2025, the Securities Commission Malaysia (SC) issued a revised version of its Guidelines on Advertising for Capital Market Products and Related Services, effective for advertisements issued from November 1, 2025. These changes, widely publicized, include severe penalties of up to RM10 million and/or imprisonment of up to 10 years for the unlicensed promotion of capital market products. Understandably, many content creators, social media “finfluencers,” affiliates, and crypto-ecosystem operators are feeling anxious: “Does this mean we cannot promote anything?”, “Will we be caught even though we are non-custodial?”, “What is the threshold of regulated activity here?”
First, some core legal reference points:
The Guidelines are issued by the SC pursuant to section 377 of the Capital Markets and Services Act 2007 (CMSA). The SC also updated a separate “Guidance Note on the Provision of Investment Advice” (July 18, 2024) specifically addressing “finfluencers” or those who on social media give investment recommendations. Under the CMSA (Schedule 2), providing “investment advice” or carrying on a business of advising others about securities/derivatives is itself a regulated activity and requires a license. The revised Guidelines (March 2025) clarify that individuals (including finfluencers) who are not formally engaged by an advertiser but who independently promote capital market products/services will also be considered “advertisers” under the Guidelines. The penalties are severe for unlicensed promotion of capital market services (fines up to RM10 million, imprisonment up to 10 years) if found guilty under regulated activity offences.
Against that backdrop, you see why many firms feel “chilled” about any promotional activity in Malaysia. The scope seems broad (especially social media) and the penalties high.
Key Legal Context & Why The Anxiety
In Malaysia, considering the main regulatory bodies (Securities Commission Malaysia (SC/ASSE), Bank Negara Malaysia (BNM), Ministry of Domestic Trade and Cost of Living (KPDN), etc.), and the legal classifications (legal, illegal, unregulated, unlicensed, etc.). It behoofs all business owners and market participants to understand the change in laws as to how it applies to their business.
Malaysia, considering the main regulatory bodies (Securities Commission Malaysia (SC/ASSE), Bank Negara Malaysia (BNM), Ministry of Domestic Trade and Cost of Living (KPDN), etc.), and the legal classifications (legal, illegal, unregulated, unlicensed, etc.).
For the purpose of clarity and certainty its important to properly identify the regulatory compliance and responsibility matrix that overlaps and joint regulatory jurisdiction I’ll go between the different regulatory bodies and also understand the area of focus without actually getting into presumptuous mass hysteria in terms of what constitutes the different level of jurisdiction and purview of the different agencies
Regulatory Jurisdiction and Legal Purview
| Regulator | Jurisdiction/Focus Area |
|---|---|
| Securities Commission Malaysia (SC/ASSE) | Regulates digital assets that are securities; ICOs; exchanges (RMO); fundraising |
| Bank Negara Malaysia (BNM) | Regulates fiat currency, payments, remittance, AMLA compliance |
| KPDN (Ministry of Domestic Trade) | Focus on fair trade, consumer rights, product and service marketing |
| MCMC (Malaysian Communications and Multimedia Commission) | Oversees online communications, advertising, digital platforms |
| Police/Enforcement Agencies | Investigates fraud, scams, illegal fundraising, criminal offences |
Classification Framework for Crypto Activities
| Classification | Definition | Applicable Scenario | Regulatory Implication | Regulatory Body Involved |
|---|---|---|---|---|
| Legal & Compliant | Activities that fall under existing regulations, entities are registered/licensed with SC or BNM | A crypto exchange registered under SC’s Recognized Market Operator (RMO) list | Fully legal. Subject to AMLA, CMSA, and other regulations. | SC (ASSE), BNM |
| Legal but Unregulated | Activities not explicitly illegal but outside existing legal frameworks | Blockchain dev tools, non-tokenized decentralized apps, or overseas platforms with no direct Malaysian user targeting | Not banned, but may be high-risk for consumers; not protected by local laws | No specific regulator; overlaps may occur |
| Unlicensed but Regulated | Activity falls under regulation but operator lacks proper licensing in Malaysia | A foreign crypto platform offering trading services to Malaysians without SC licensing | Considered non-compliant under CMSA; could be sanctioned | SC |
| Illegal | Prohibited activities under current law | Ponzi schemes disguised as crypto investments, fraudulent ICOs, fake exchanges | Criminal liability (up to 10 years and/or fines under AMLA, CMSA) | SC, BNM, Police, KPDN |
| Unregulated Tokens | Digital assets not considered securities, thus outside SC jurisdiction | Utility tokens, governance tokens not used as speculative investment | Not illegal, but may fall under consumer protection laws if promoted | KPDN, MCMC |
| Misleading/Unlawful Advertising | Marketing crypto products/services in a misleading manner | Promoting “guaranteed returns” or unlicensed crypto investments to public | Offence under Consumer Protection Act, Trade Descriptions Act | KPDN, MCMC |
Concluding Thoughts
While the revised rules of the SC introduce stricter oversight and higher penalties, that does not mean all marketing activity in the crypto/protocol space is foreclosed. On the contrary: firms that are transparent, non-custodial, technology-centric, and avoid the hallmarks of “brokerage + client funds + guaranteed returns” are well placed to operate in this environment — and actually stand out as trustworthy players.
The regulatory shift can be viewed less as a chilling blanket and more as a market differentiation lever: those who comply will gain trust, those who cut corners will be exposed. For GIS, by emphasizing your strong legal awareness, your non-custodial architecture, and your alignment with investor/user protection, you signal upstream maturity — and that will resonate with partners, users, and regulators alike.
In short: understand the law, design accordingly, market responsibly — and you will navigate the new landscape not with fear, but with confidence.
