REGULATORY & COMPLIANCE
BNMBank Negara Malaysia — Central bank & regulator. All EMI licensing decisions go through BNM.
EMIE-Money Issuer — Company licensed by BNM to issue e-wallets / stored value (e.g. Touch 'n Go, GrabPay). HeiTech is applying for Standard EMI.
PSPPenang Smart Parking — The e-wallet product inside the parking app that needs to become EMI-compliant.
AMLAAnti-Money Laundering Act — Full name: Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001. The Malaysian law all financial institutions must comply with.
AMLAnti-Money Laundering — The controls & practices to detect and prevent money laundering. AMLA is the law; AML is the work you do to comply.
CFTCountering Financing of Terrorism — Controls to detect and prevent transactions that fund terrorist activities.
CPFCounter Proliferation Financing — Controls to prevent financing of weapons of mass destruction.
TFSTargeted Financial Sanctions — Freezing assets / blocking transactions for people on international watchlists.
NRANational Risk Assessment — Malaysia's official sector-wide ML/TF risk assessment published by BNM. PSP/DPI: ML risk = Medium, TF risk = Medium-High (2023 NRA).
CUSTOMER VERIFICATION
KYCKnow Your Customer — Process of verifying customer identity before onboarding (name, IC, address, etc.).
eKYCElectronic KYC — KYC done digitally/remotely without physical meeting. This is Box 2.
CDDCustomer Due Diligence — Thorough identity verification & risk assessment required for all e-money customers.
OCDDOngoing Customer Due Diligence — Periodic review of customer transactions and risk profile — not a one-time exercise.
ECDDEnhanced CDD — Stricter checks for high-risk customers, PEPs, and FATF blacklisted countries. Requires senior management approval.
Non-FTFNon-Face-to-Face — Customer onboarding without physical meeting. PSP is 100% Non-FTF (app registration), hence BNM written approval required under §14D.16.3.
PEPPolitically Exposed Person — Politicians, senior government officials, military officers & their family members. Higher risk for corruption/ML; require extra scrutiny.
SANCTIONS & WATCHLISTS
FATFFinancial Action Task Force — International body setting global AML/CFT standards. Publishes Black list (high-risk) and Grey list (increased monitoring) countries.
UNSCRUN Security Council Resolution — UN sanctions on specific countries, entities, or individuals. All financial institutions must screen against this list.
MOHAMinistry of Home Affairs — Malaysia's domestic terrorism/sanctions list (gazette-published). Must screen customers against this.
MONITORING & REPORTING
MISManagement Information System — Monitoring dashboard providing transaction data, risk profiles & anomalies to management. This is Box 1.
STRSuspicious Transaction Report — Formal report filed to BNM when a transaction appears suspicious. Mandatory under AMLA.
FIEDFinancial Intelligence & Enforcement Dept — The BNM department that receives STRs and handles enforcement actions.
FINSFinancial Intelligence Network System — BNM's online portal for submitting STRs digitally. HeiTech still applying for access.
ERMEnterprise Risk Management — Company-wide risk management framework. AML/CFT requirements are embedded within HeiTech's ERM.
IT / SECURITY
PentestPenetration Test — Controlled security testing of your own system to find vulnerabilities. BNM requires this before go-live.
SPASecurity Posture Assessment — Broader assessment of overall security health — configuration, architecture, and policies.
ISMSInformation Security Management System — Framework for managing information security (ISO 27001). HeiTech holds SIRIM ISMS certification.
INTERNAL ROLES
COCompliance Officer — Person responsible for ensuring HeiTech follows all BNM rules. Has authority to file STRs and escalate issues.
KRPKey Responsible Person — Senior individuals whose appointments must be notified to BNM (CEO, Head of e-Money, CO, etc.).
CRRC / RMCRisk Management Committee — Internal committee reviewing and approving risk matters. AML reports presented here quarterly.