Pragmax Consulting Founder Razin // Web3 Accountant Radio Ep5 Transcript

Posted by:

|

On:

|

Pragmax Consulting Founder Razin // Web3 Accountant Radio Ep5 Transcript

Razin Nizar is the founder of Pragmax Consulting, a compliance consulting firm.

In this conversation, we dive into:

1. Crypto Regulatory Scene in Malaysia

2. How to register for a license in Malaysia

3. What is the benefits / cost of entering Malaysia

4. Which city to start with in Malaysia

5. Why did Razin decide to enter the Web3 space?

6. What is the most important lesson learned in the Web3 space?

7. What is Razin looking forward to in the Web3 space?

And more! __________________________________

Connect with Razin & Pragmax Consulting👇 Linkedin: / razinnizar

Website: https://www.pragmaxconsulting.com/

Email: [email protected]

Okay, hi everyone, welcome to the Web3 Accounting Radio, the podcast where we dive into the fascinating world of Web3 finance and compliance. I’m today’s host, Diana, and my partner is Wei Xiang. Hello, Wei Xiang.

Hi, Diana. Today we are very privileged to have Razin with us. He’s a very experienced compliance officer and he started his own consulting firm.

So today we are very privileged to have him on the show to share with us a lot of compliance knowledge, especially in the Malaysia regulatory environment. Yeah, thank you Wei Xiang and Diana. It’s very happy to have our today’s guest, Razin.

Razin is the founder of Praxmax Consulting, a firm specializing in consulting and training on compliance, risk and governance. He is also a distinguished certified compliance and AML CFT practitioner with over a decade of expertise. His extensive experience spans diverse financial and fintech section across Asia Pacific, Europe and Africa, including digital asset exchange, e-money, merchant acquisition service, digital money lending, BNPL schemes, retail banking and asset management.

He has led compliance departments of major large fintech companies serving over 10 million customers, as well as Malaysia’s biggest regulated digital asset exchange. Hello Razin, nice to meet you today. Hello, nice to meet you.

Thank you so much for the lovely introduction. I’m very excited to be here. Yeah, thank you Razin.

So maybe we can start and you can share a little about the Malaysia regulatory environment with us. Yeah, before I start, I just want to also put a disclaimer that this is us just talking about the general guidance on compliance requirements. None of what I say should be constituted as an advice or a legal consultation.

But speaking of digital asset, in Malaysia, digital currencies are classified as securities. If you look at- Sorry Razin, Before we move further, can you please start by introducing Pragmax Consulting. This is a very important part of the show. Thank you so much for that. Yeah, thank you.

Thank you. Thank you again for the lovely introduction. I just want to share, I found Pragmax Consulting to basically solve my compliance challenges that I face as a compliance practitioner in fintech companies, including digital asset exchange.

So a lot of fintech companies I feel require a lot of more risk-based approach solutions. So I found Pragmax Consulting to provide that kind of solution to help fintech companies to meet compliance requirements with the existing current scale. So I’m very excited to be here to share my thoughts with you about the overview of regulatory environment and what can you do to be regulated.

Thank you. Okay. Yes.

Yeah. Okay. Continue.

About the regulatory scene in Malaysia. Okay. So absolutely.

So in Malaysia, digital currencies are actually classified as securities. It is classified as securities under a very mouthful order. So viewers, if you have pen and papers, please jot down.

So it is classified as securities under the capital markets and services in bracket prescription of securities in bracket digital currency and digital token order 2019. So for the purpose of this podcast, I think let’s just call it order 2019. So this order 2019 basically outlined three elements that a digital currency has to fulfill in order to be recognized as a security.

So element number one, it must be traded on a facility. Element number two, another person must expect a return in any form of value. And lastly, element number three, it must not be issued or guaranteed by any government body or central banks, which means CBDC is out of the equation.

On top of that, I also just want to highlight in Malaysia, we still have yet to recognize digital asset as a legal tender and stable coin is yet to be considered as approved digital asset, given the nature of it. Yeah. So because of this classification, registered digital business asset operators, which, you know, some of them includes crypto exchange, a registered crypto exchange, or they call it RMODAX, IEO, as well as digital asset custodian, they fall within the purview of the securities commission.

So because they fall within the purview of the Securities Commission, guidelines that are issued by Securities Commission apply. And some of the guidelines include requirements pertaining to governance, requirement pertaining to AML, CFT, requirements pertaining to cyber risk management, as well as advertising guidelines. Yeah, a lot of information, but on top of that, digital asset business operators are also considered as a reporting institution to the Central Bank of Malaysia, BNM.

So because of the cross-border nature of digital asset, foreign exchange policy apply. So there are a lot of requirements pertaining to cross-border transactions would apply here. Secondly, because it’s part of the capital market intermediaries umbrella, it is a reporting institution from the point of view of AML, CFT, whereby suspicious transactions are reported to the Central Bank of Malaysia.

Yeah. Before I move further, you know, is there anything pertaining to the compliance requirements that you think would be beneficial for our viewers? Yes. So just now you mentioned that stablecoins have not been recognized yet.

Stablecoins is a very hot topic in the industry currently. So do you see, or have you heard anything in the Malaysian space with regards to any Malaysia issuer stepping up to issue any Malaysian stablecoin or maybe a USD denominated stablecoin, but the issuer is based in Malaysia or currently because of the tight regulations, this is not in discussion yet. So far, there is no official discussion pertaining to stablecoins.

Reason being is, if you look at BNM annual report 2021, if I’m not mistaken, or 2022, you know, the stance being is that there are arguments or discussions that stablecoins might fall within the ambit of payment instrument. So that’s why it’s not under securities yet. But so far, there’s no official discussion or even indication that Malaysia is moving towards that.

There’s no official one. It is very interesting that you mentioned that digital asset is a security because just recently, I think US mentioned that Ripple itself is not a security, but of course, this is under the law and the law always change. And it’s also interesting in Hong Kong itself, they also accept that for whether a digital asset is a security or not, it’s also debatable, and they encourage users to apply for license because it’s debatable.

And yeah, so this is a very interesting discussion. But for BN itself to set a note out to industry players that digital assets are security might be a conservative approach, but it will encourage a regulation and at the end of the day, a safer place for retailers. Yeah.

So I mean, in such cases, which is the top two regulated exchanges in Malaysia currently? So the regulated sectors are the recognized market operator for digital asset exchange. So they call it RMODAX. Second one is the digital asset custodian.

And then the third one is the initial exchange offering. Although currently the registration for IEOs have been closed, but I really encourage viewers to constantly check the SC website to see if it’s going to be open in the future or not. Other industries such as DeFi is yet to be regulated.

As we’ve discussed earlier, Sablecoin is set to be approved as a digital asset. So, so far, there’s only three major sectors that are registered. There are a lot to be registered in Malaysia.

I see. So I know LUNO themselves, they are exchange regulated in Malaysia. The other one is tokenized.

Yeah. So currently in terms of RMODAX, there are six exchanges that have been regulated. LUNO is being one of the biggest digital asset exchange in Malaysia.

So it’s tokenized, MX Global, Synergy. Then there were two digital asset exchanges such as TORUM that recently got it registered this year. So it’s moving.

It’s expanding. The registered industry is expanding. Well, it looks like with new registration coming in, the crypto scene is very hot.

So I mean, with regards to registration, can you tell us a little bit about how do I register for a license in Malaysia itself if I have maybe a crypto headquarters in other parts of the world? Yep. Absolutely. So first of all, I think I want to break it down into like five stages of registration.

So stage one is consultation. Consultation refers to you being consulting with the SC. So in order to do that, you need to submit a letter of intention to the Securities Commission of Malaysia.

In that letter of intention, of course, you submit your intention, what sector that you want to register. And it’s based on the guidelines on recognized market. There’s no prohibition if you’re a foreign entity to register in Malaysia.

You just need to fulfill certain governance requirements such as fit and properness test, et cetera. So during this consultation period, typically you will need to book a meeting with the Securities Commission to present your business plan, present your business goal, present a value proposition. And this is also an opportunity for the SC to test whether you understand the relative requirements that may be imposed on you and also to test whether you are ready or not.

So upon this consultation, there could be an arrangement made between you and the SC. And then we move to stage two, which is, I believe, the most critical part of the registration process, which is the submission part. So for those potential applicants out there, feel free to look at the SC website.

There are two forms available on the website for RMO DAX as well as digital asset custodian. So in these forms, you are required to fill up the details of your company, the details of your directors, responsible person, shareholders, governance structure, value proposition, policies, operational readiness. On top of that, one thing that I’d like to mention is there’s also a requirement for your controls to have a third party attestation.

So these are all the requirements in the submission. My personal advice is to make sure that your first submission to be complete and of high quality, you know, from regulatory standpoint, point of view, it would definitely help you expedite your regular process if your submission is complete rather than quick and incomplete. So yeah, that’s submission.

After that, we’ll move to the assessment period. So this is the part where you’ll be assessed and query either in written form and or meeting or virtually. So in this part, you’ll definitely have rounds of engagement and interviews, whereby the SC will assess whether or not your current existing controls or what you’re proposing meet the regulatory requirements.

If no, what can be done? In my experience, at least the regulatory, the regulators have been very helpful and business friendly while protecting the integrity of the capital market industry. So this is the time where I believe be as transparent as you can with the regulators and share as much as information that you’re willing with them or you’re required with them so that you can make sure that the submission quality is further improved. Once it’s assessed, it comes in the decision-based stage.

This is when you know whether you’re going to proceed or not proceed. And lastly, it’s the stage of launching. Just in the stage of launch, just be prepared that there could be conditions applied to you.

The conditions could vary depending on the scale and complexity of your business. It could depend on your readiness as well. For example, you need to launch within X amount of time or you need 12 months before you can even launch.

So these are the things that you need to put in mind to before you submit to the SC. I see. So like approximately how long will it take? I mean, not a fixed period, but like a rough timeline? Yeah.

Obviously I can’t really speak on behalf of the SC, but I can speak from the point of view of what has happened. So there are crypto exchange that have been approved within a matter of six months to 12 months. So it really depends on the readiness of both parties.

I see. Nice. Nice.

Thanks for sharing all the key information, especially for registration itself to have a complete document, which I believe Pragma Consulting would be able to review. That is, I think, one key requirements. It’s strange, you know, in Singapore, the regulators might be tired of reviewing incomplete information.

Now they require an auditor and a lawyer to come in to say that the application is okay before they will review it. Yeah, absolutely. So that ties back to the requirement to have third party attestation.

Just bear in mind, a third party attestation may require a lot more than consulting, especially from the point of view of cyber risks, you know, you need to have an ISO certified attestation and so on. Yep. Yep.

So, okay. So what is the benefits of going into Malaysia in this time in terms of the crypto market? In Malaysia, interestingly, there’s a lot of, first of all, there’s high adoption rate. I’ll share an example.

The biggest, you know, the biggest crypto exchange in Malaysia have seen rise of consumers, you know, within four years of inception, that exchange, customer base is 800,000, which is a lot in four years. And based on Ernst & Young, Malaysian banking industry report, 82% of Malaysian consumers really rely on trust to make decisions when, you know, purchasing any financial products. So compliance or being registered is kind of, it’s a very valuable tool to obtain customer’s trust or to obtain customers, to influence customers to purchase your product.

So that’s definitely the most beneficial thing for a business. And number two, there is a huge, this is the most underrated benefit. There’s a potential to collaborate with the regulators.

So why is this important? So I’m sure in many jurisdictions as well, regulators would consult with private sectors before they issue out new guidelines or new requirements. So if you’re regulated, very, very, especially in the crypto industry, or especially in any industry that is considered as nascent or new, you have the opportunity to work with the regulators to shape and influence the revenue landscape during the development for the regulations. So this could be good in the long run, because you can give your input for the benefit of your customers.

And then the regulators can give their input for the benefits of the public. And in the long run, you know, it makes sense for your business to have this type of relationship and rapport. And then lastly, it’s all about operational resilience.

Again, I view compliance, a lot of people view compliance as a cost, but I view compliance as basically smart planning, basically anticipating risk in the future and establishing strategies to mitigate those risks. So obviously the third benefit is, you know, with being registered, with the existing requirements, you sort of know what are the things that you should do, because it’s stipulated in the guidelines, right? For example, AML, financial crime, a lot of requirements are already stipulated in the guidelines, you don’t have to scramble. I mean, it’s there, so you just follow and this is how you protect, not just your customer, but you protect yourself as well from being abused by financial crime.

So yeah, so that’s the benefits of being regulated. So what is the, some of the headwinds that exchangers would face? Yeah. So again, we talked about costs earlier and that’s the obvious cost.

So implementing compliance can be expensive and it might, you know, it might cause some resource strains. So some of the examples would be even in the stage of registration, again, you need to appoint a third party to conduct audit on your system readiness and to give assurance on your controls. On top of that, there’s, you know, AML, CFD requirements have been one of the biggest, I would say, pain points for not just crypto exchanges, most financial sectors that are required to do so.

In crypto exchange, another example would be, you know, from transaction monitoring point of view, you know, typical financial sector would probably just need to establish off-chain or fiat transaction monitoring, whereas crypto exchanges are required to implement both off-chain and on-chain transaction monitoring. So, you know, that’s basically double the monitoring that, you know, you have to abide to. That’s number one.

Number two, there’s definitely a discussion on how compliance or regulatory requirements can impair growth of the business. One of the examples that I could think of is in Malaysia, if you are a registered digital asset exchange, before you list the digital asset, you need to undergo very rigorous risk assessment and due diligence process. And on top of that, you can only list certain digital assets that have been approved by the SC.

So, you know, in comparison to unregulated crypto exchange, you know, they can list down as many cryptocurrencies as you can, you know, registered crypto exchange, you need to get SC’s approval. I think third, I would say challenges or threat that registered crypto exchange might face is actually from the public, from the point of public awareness. And I think there’s still a lot of work that needs to be done to raise awareness to the public on how, you know, safe regulated platforms are.

And especially with other financial institution partners, you know, there’s still a lot of questions on the legality even, and the safety of, you know, cryptocurrency. So there’s still a lot of work that needs to be done to raise awareness on cryptocurrency, for example. Okay.

So one last question from me before we go to the free talk session is for somebody looking to set up an office in Malaysia, what you are saying among the exchanges, which city would you recommend them to start with? Because I see Malaysia is very big, you know, we have KL, we have Malacca, we have Penang, we have Johor, even Sabah. So, I mean, from practicality point of view, definitely Kuala Lumpur, because this is where the Securities Commission are. I just want to share, if you are registered and in the process of registration itself, you will frequently meet with the regulators.

So logistically, it makes more sense to live in Kuala Lumpur, but there are crypto exchanges that are located outside of Kuala Lumpur, such as Penang. So Penang is a new sort of rising IT hub in Malaysia. So it’s not a blocker if you can’t set up in Kuala Lumpur, but yeah, Kuala Lumpur just makes more practical sense.

Thanks Razin for sharing the tip. Yes. Diana, can we move on to the free talk session? Yeah, sure.

Thanks for sharing a lot of professional insight in the regulation and compliance. And today’s free talk session, I have a few questions lined up that I’m particularly curious about, because I think Razin is a very excellent speaker and always shares some information about the compliance of the crypto. So the first question is that why did you decide to enter the Web3 space? What inspired you to enter this area at first? Thank you for that question.

So personally, I’m always a supporter of innovation. And I believe that Web3 world, for example, the core fundamental of it comes from decentralization, which is the focus is to empower customers or users. And at the same point, I came from the world of centralization where I can appreciate certain awareness of compliance.

So my goal is to spread awareness on the importance of both innovation as well as understanding the compliance maturity. So because I value the value of compliance, I want to spread awareness on crypto compliance. Why is it important and why it can be a business competitive advantage in the world of crypto? Okay.

So during your experience in the Web3, can you share maybe one key experience or lessons that you have learned in this area? Or maybe this experience and lessons will be very valuable for the other finance professionals to explore this area. Yes, certainly. I think there is a huge effort that needs to be done between the crypto players and other stakeholders.

And I think it’s great to appreciate that these two worlds, centralization versus decentralization, decentralization has a lot to learn from each other. In my opinion, there’s a huge gap of knowledge from these two worlds. So it’s important for us to keep in mind to, for example, decentralization, to be aware that there’s nothing fearful about understanding regulation.

And from outside of crypto, there’s nothing fearful to embrace innovation. So I guess that’s the biggest lesson I’ve learned working in these two different sectors. Yeah.

I think from your answer and the previous answer during the professional sharing, I think what I learned from you a lot today is we should embrace regulation. We should engage the regulators have a conversation while before the conversation being prepared ourselves. And that might serve a lot of finance or compliance professionals the best when they actually think of, oh, I want to be part of the Web3 compliance team.

You know, what kind of mindset should I have instead of treating the regulators like some very strict police? Yeah, absolutely. I completely agree. So as compliance practitioner myself, I don’t view compliance as merely following the rules.

I view compliance as an opportunity to work with the regulators and to figure out what is the best way to help crypto exchanges, to help, you know, regulators move forward safely. So, yeah. Yeah.

So I think they should engage directly with you to get the experience that you have, because I think a lot of the sharings cannot be done via the podcast itself. And there’ll be a lot from the offsite meeting. Yes.

Yeah. Thank you so much. So absolutely.

If you know, for viewers out there, if you need a specific consultation on compliance or advice on how to be registered, feel free to contact me at www.PragmaticsConsulting.com. Yeah. And I think many exchanges or firms in Malaysia will obey the regulation in the crypto space in Malaysia. So what are you looking for in the Web3 Finance on compliance? I’m looking for, specifically for compliance professionals in the Web3 world, I’m looking for to help crypto players to find the right tools to prepare themselves to manage compliance risks, as well as, you know, to prepare themselves to be registered.

I view due to the innovation, you know, there are many areas where compliance risks has way outpaced regulatory requirements. So I think compliance professionals, as well as, you know, those who embrace innovation should have that in mindset and think of how can you use compliance to protect your business assets and to protect the integrity of your business rather than merely following the rules. So basically that’s what I’m looking for.

I’m looking for innovation in the space of compliance as well. I see. So, I mean, Razin, would you like to use this chance to give a shout out to any of the compliance tools outside that you think, you know, they are doing very well or through the years they have been improving according to the demands of compliance, maybe one or two companies that you think are doing a good job.

I mean, if there’s none, there is none. It’s not compulsory to say something. So, absolutely.

I mean, I can give a shout out to both Chain Analysis and TRM. So the reason why is because when I did transaction monitoring between traditional financial institutions versus the crypto exchange, I find, you know, tools such as Chain Analysis and TRM to be a lot of, they provide a lot of help to detect and trace criminal activities. And they’ve done a great job at, you know, raising awareness of how valuable blockchain technology is in detecting terrorism financing activities and money laundering activities.

So shout out to them. And, you know, I’m not sponsored by them, but, you know, if you are a potential crypto exchange player, you know, these are the two compliance tools that I really admire. Thank you.

Thank you. I’m also a huge fan of the TRM newsletter and events that TRM organized in Singapore. It’s always very engaging and very fun.

Yeah, absolutely. So actually I have one more question that’s very curious. Could you provide some advice to some firms in Malaysia if they would like to protect themselves and what actions they can do to protect themselves to the greatest extent? I’m very sorry.

She’s asking if there’s Malaysia firms that have started interacting with crypto, what can they do to make sure that they are in compliance with the relevant crypto laws? Yeah. Yeah. Thank you.

As a starting point, I would advise, you know, potential applicants to read two primary guidelines. If you want to be registered at a crypto exchange, please refer to guidelines on recognized markets. And if you’re interested to register as a digital asset custodian, please refer to guidelines on the digital assets. And from there, you can understand what are the different requirements between this two sectors and you know, if you need consultation, you can contact myself or find yourself a consultant and you need to start engaging with third party attestators.

How about companies receiving crypto for their services? So if I am a business in Malaysia and I start receiving crypto, is there any compliance issue that I should be aware of? At this point, just want to re-iterate that payment in crypto currency is not considered as legal tender in malaysia. So that space is yet to be regulated. So it does not fall within the ambit of the regulators under the securities commission.

I see, so I can rephrase as it is highly advised not to receive payments in crypto in Malaysia as it is not regulated at the moment. Yes you can received payments but it is a grey area on whether a not that is considered a legal type of proceeds. It depends.

Ok, the happy time flies quickly. thank you so much for sharing your insights on todays podcast. And to our listeners, thank you for tuning in to Web3 Accountant Radio. If you enjoy this radio, please subscribe and leave a review. So do you have anything else to add to our listeners? Wei Xiang and Razin?

Nope, not for me

Thank You Razin today and thank you Wei Xiang

Thank You so much everyone.

Posted by

in