Bank Negara Malaysia’s recent action against Zurich Malaysia is a useful reminder that sanctions screening is not only about running a name check once. It is about using current lists, reviewing potential matches, and acting promptly when a true match is identified.
The Edge Malaysia reported that Zurich Malaysia was fined RM1.56 million over breaches linked to sanctions screening and the use of an outdated database. The report said Zurich General Insurance Malaysia Bhd paid RM1.04 million, while Zurich General Takaful Malaysia Bhd paid RM520,000.
What the case highlights
The key issue was not that screening was irrelevant or optional. It was that the screening process depended on data that was not updated quickly enough. The report also noted that BNM rules require sanctions databases to be updated “without delay upon publication of the Domestic List” and that existing, potential and new customers must be screened against the Domestic List and United Nations Security Council Resolutions list as part of customer due diligence.
For compliance teams, the practical lesson is clear: a sanctions screening workflow needs to be current, repeatable and reviewable. A stale database can create a gap between what the regulator expects and what the organisation can prove it checked at the time.
How Kyboa helps address this type of risk
Kyboa is designed to support a structured screening and ongoing CDD workflow. Names are screened against global sanctions, PEP and watchlist sources, with automated list updates depending on the source schedule. This includes international sanctions sources as well as Malaysia-relevant lists.
Malaysia-relevant screening coverage
For Malaysia, Kyboa’s screening coverage includes the primary sanctions list issued by the Ministry of Home Affairs. This source is checked weekly. Kyboa also screens against United Nations sanctions lists and a wider set of global sanctions sources, many of which are checked daily or more frequently depending on source availability.
Additional Malaysia-relevant watchlist and regulatory sources include:
- Malaysia Ministry of Home Affairs sanctions list
- Bank Negara Malaysia Financial Consumer Alert List
- Malaysia Securities Commission Investor Alert List
- Malaysia Securities Commission Audit Oversight Board enforcement actions
These examples are highlighted because this was a Malaysia enforcement case. Kyboa also maintains broader global sanctions and watchlist coverage for cross-border screening workflows.
Why monitoring and alerts matter
The report also referred to a failure to freeze funds and submit a report to BNM after determining that funds were linked to one specified entity. That is not only a screening issue; it is also a review, escalation and operational follow-up issue.
Kyboa cannot replace a firm’s legal obligations, internal controls or reporting decisions. However, entity monitoring and alerts can help surface relevant changes earlier. If an existing customer later appears on a sanctions list, or if a repeated screening produces a material new match, the platform can help bring that change into the review workflow instead of leaving it buried in manual periodic checks.
The broader compliance lesson
This case is part of a wider trend: regulators increasingly expect firms to show that screening is current, documented and operationally embedded. A one-off check at onboarding is not enough where customer relationships continue over time.
For Malaysian insurers, brokers, fintechs and other regulated or semi-regulated firms, the practical question is not simply whether screening is performed. It is whether the organisation can show what was screened, which lists were current at the time, what matches were reviewed, and whether follow-up actions were taken when needed.
That is the gap Kyboa is built to support: practical sanctions screening, ongoing monitoring and audit-ready records for real-world compliance workflows.
