Print Friendly, PDF & Email

Peer-to-Peer (P2P) Financing Legal Framework in Malaysia


Peer-to-peer (“P2P”) lending is a form of debt financing which allows individuals to borrow and lend money via a digital platform without the use of financial institution as an intermediary. P2P financing is a web-based innovation that broadens the ability of entrepreneurs and small business owners to unlock capital from a pool of individual investors in small amounts and provides a quick turnaround time to obtain financing for their businesses, through an online digital platform.[1] Despite its moneylending in nature, P2P lending does not fall under the purview of the Moneylenders Act 1951 (“MA 1951”).

Instead, it is governed by the Capital Markets and Services Act 2007 (“CMSA 2007”) and regulated by the Securities Commission (“SC”). On 13 April 2016, the SC has issued the Guidelines on Recognized Markets[2] (the “Guidelines”) to regulate the practice of P2P in Malaysia. This article discusses on the regulatory insight of the P2P as well as analysis of the practical issues behind the P2P operational mode and examined the prospect of P2P in financial market in Malaysia.


A. P2P Operator

A P2P operator is a body corporate, which operates a P2P platform. Pursuant to Section 34 of the CMSA 2007, a P2P operator is required to be registered as a Recognized Market Operator with the SC.[3] Hence, a P2P operator is exempted and is not subjected to the MA 1951.[4]

According to Chapter 13.04 of the Guidelines, a P2P operator must be locally incorporated body corporate with a minimum paid up capital of RM5 million.[5]

The Guidelines also specify the obligations of a P2P operator, which includes, inter alia, maintaining a transparent risk scoring system for the investment notes, conducting risk assessment on the prospective issuers to ensure its fit and properness and ensuring the compliance of its rules.[6]

In addition, as stipulated under Chapter 13.09 of the Guidelines, a P2P platform is required to maintain a trust account in a licensed institution for the fund raised by the issuer and also for the monies received for the repayments to the investors.[7] However, where an Islamic investment note is executed on a P2P platform, the P2P operator must ensure that the trust account is Shariah compliant.

Furthermore, a P2P operator must adopt a risk-scoring system, which rates all issues, offers or invitations to subscribe or purchase investment note or Islamic investment on the platform. The Guidelines also set limits on investments on the platform. Retail investors may invest on any P2P platform to a maximum of RM50,000.00 at any period of time.[8] However, the Guidelines do not set any limit on investment by sophisticated investors and angel investors.


B. P2P Issuer

A P2P issuer is the borrower, which is hosted on a P2P platform. Under Chapter 13.20 of the Guidelines, only locally registered sole proprietorships, partnerships, incorporated limited liability partnerships, private limited and unlisted public companies are permitted to be issuers.[9] An issuer is only allowed to be hosted concurrently on multiple P2P platforms if for different purposes, subject to disclosure requirements to the P2P operator.

The SC does not impose any limit on the amount of funds that may be raised by an issuer on a P2P platform. Pursuant to Chapter 13.27 of the Guidelines, an issuer is permitted to keep any amount, which was raised on a P2P platform provided that the issuer has raised at least 80% of the target amount. However, the issuer is not allowed to keep any amount, which exceeds the initial target amount.


C. Practical Issues to Consider

i. Electronic Contracts and Digital Signatures

One issue that may arise from P2P lending is the issue of the validity of electronic contracts and digital signatures. Fortunately, with the coming into force of the Electronic Commerce Act 2006 (“ECA 2006”), Malaysia has begun to recognise electronic contracts and digital signatures as valid and enforceable. Under Section 7 of the ECA 2006, the fact that a contract was formed by electronic means shall not render it as unenforceable.

Section 9 of the ECA 2006 stipulates that any legal requirements which requires signature of a person on a document shall be fulfilled if the digital signature is attached to the electronic message, adequately indicates a person’s approval and appropriate for the purpose of the signature. Digital signatures are also governed by the Digital Signature Act 1997. Therefore, any electronic contracts and digital signatures involved in a typical P2P transaction are recognised by the law.

ii. Consumer Protection

The Consumer Protection Act 1999 (“CPA 1999”) protects consumers against unfair practices and imposes minimum product standards.If a term or condition in a contract is unfair, it may be declared as unenforceable or void under the CPA1999. Commencing from 1 July 2013, all online businesses have to comply with the Consumer Protection (Electronic Trade Transactions) Regulations 2012 (“Regulations”). The Regulations require online market place operators to disclose certain information stipulated in the Schedule of the Regulations.

The Guidelines issued by the SC also impose disclosure requirements on both the P2P operators and issuers. Although the types of information required are not entirely similar, this shows that adequate disclosure of information is important to accord adequate protection to the investors and online users. Therefore, the disclosure requirements imposed by the Guidelines are important for maintaining the credibility of the P2P operator sand issuers.

iii. Personal Data Protection

A P2P operator will invariably collect personal data in the course of a P2P lending transaction. Hence, such P2P operator will be subject to the Personal Data Protection Act 2010 (“PDPA 2010”). In collecting and processing the personal data, the P2P operator must ensure compliance with the personal data protection principles as stipulated under Section 5. Some of the key measures to ensure continuing compliance with the PDPA are by obtaining the user’s consent, setting out a privacy notice and making available information in relation to the personal data being stored.


P2P Market in Malaysia

Up to date there are six P2P operators successfully registered with SC under the Guidelines in Malaysia and have come into operation in 2017.[10] This makes Malaysia the first country in the ASEAN region to regulate P2P financing.

While previously the registration only open by batches in certain timeframe, it was reported that the prospective companies are now allowed to lodge in such application at any time provided that the requirement under the Guidelines is fulfilled. P2P operators now consider as registered market operator and subjected under the CMSA 2007. This initiative (P2P) together with equity crowdfunding (ECF) by Malaysian capital market regulator (SC) aims to address funding needs of SMEs to raise working capital or capital for growth especially during the early stage financing for start-up entrepreneurs. To meet the investment needs of the emerging digital generation and increase investor participation, SC has introduced its Digital Investment Services framework in 2017 as digital agenda for the capital market, aims to provide investors with a more convenient, costeffective, accessible and convenient channel for investors to manage and grow their wealth.[11] The framework also stressed to reinforce investor’s protection, specific conduct requirements that commensurate with the distinctive characteristics of this new business model i.e. corporate governance in the digital investment management business.[12]



P2P is digital lending marketplace that disrupt the predominant banking financial services model. It is considered as SC’s digital agenda in supporting government’s agenda of ‘digital economy’ that will enhance access to financing, increase investor participation, augment the institutional market and develop a synergistic financial technological ecosystem. However P2P operator needs to give serious consideration on other issues that may affect due to the nature of its business, such as electronic contracts, consumer protection and personal data protection.

As digital platform prone to cyber risks, P2P operator should always exercise its due diligence and offer a safe transaction to the consumers. P2P has its own market in Malaysia and will be an attractive alternative towards conventional financial services in this region.



  2. Guidelines on Recognized Markets, SC-GL/6-2015 (R1-2016).
  3. Section 34 of the Capital Markets and Services Act 2007.
  4. Section 2A(1) and Item 12 of the First Schedule of the Moneylenders Act 1951.
  5. Chapter 13.04 of the Guidelines on Recognized Markets.
  6. Chapter 13.05 of the Guidelines on Recognized Markets.
  7. Chapter 13.05 of the Guidelines on Recognized Markets.
  8. Chapter 13.33 of the Guidelines on Recognized Markets.
  9. Chapter 13.20 of the Guidelines on Recognized Markets.


Written by:

Dr. Noorfajri Ismail (

Rohamina Jamil (Senior Associate)