Proposed new commission for startups and venture capital in Malaysia

On 30 September 2018, the Communications and Multimedia Minister, Gobind Singh Deo announced that his ministry is planning to set up a new commission (“Commission”) to develop startups and venture capital industry in Malaysia.

Essentially, the Commission aims to streamline efforts in view of developing startups and venture capital in Malaysia.The proposed Commission will be empowered by an act of Parliament thus giving the Commission greater power and authority to be able to address issues facing the growth of the startup ecosystem. Some of the proposed powers include promoting policies and creating legislation and offering funding that will help startups scale fast.  In the interim, a temporary group will be set up to build the structure of the Commission.

To illustrate, Agensi Inovasi Malaysia (“AIM”) was set up via an act of Parliament under the Akta Agensi Inovasi Malaysia in 2010. The AIM was created in view of promotion of an “innovation economy” and achieving the country’s aspirations of becoming a high-income nation status.

In our view, the Commission is indeed a laudable effort by the minister. However, the scope of powers of the proposed Commission should be clearly defined, or else there may be overlap with between existing agencies such as Malaysian Global Innovation & Creativity Centre, Cradlle Fund Sdn Bhd,  Malaysia Venture Capital Management Berhad and ministries namely Ministry of Finance and Ministry of Science, Technology and Innovation to name a few.

Presently, venture capital firms are regulated by the Securities Commission of Malaysia under the Guidelines on the Registration of Venture Capital and Private Equity. However, startups in Malaysia is not regulated by a single regulator per se, however a startup may be regulated by different regulators depending on the nature of the startup’s business. For instance, a startup involved in logistics may fall within the purview of the Ministry of Transport.

Generally, Companies Commission of Malaysia (“CCM”) takes precedence as the statutory body governing startups as most startups are private limited companies under the Companies Act 2016.  However, the CCM does not distinguish between a technology startup or a traditional brick and mortar business. In our view, CCM may be a good source for statistics for the Commission to be able to identify the number of technology startups incorporated in Malaysia.

At this articles goes to press, we have not heard of any update on the proposed Commission as to whether there’d be any draft bill  prior to its proposed tabling in the next Parliament sitting. In our view, the setting up of the Commission is a positive step in the right direction, and an important move that perhaps was long overdue.

[via The Star]

Exposure Draft on Risk Management Technology issued by Bank Negara Malaysia

On 4th September 2018, Bank Negara Malaysia (“BNM”) issued an exposure draft of the Risk Management in Technology policy document which sets out the BNM’s expectations with regard to financial institutions’ technology risk management framework and practices proportionate to the size and complexity of the financial institutions.

The policy will apply to all licensed financial institutions such as licensed banks, licensed insurers, licensed takaful operators, prescribed development financial institutions, operators of a designated payment system and eligible issuers of e-money.

As technology capability is being continuously enhanced and financial institutions are closely adopting technology innovations in providing their services to customers, BNM has implemented a notification-based approach for selected low risk enhancements to the e-banking, Internet insurance and Internet takaful services.

Subsequently, BNM has further expanded the notification-based approach by requiring all financial institutions to notify the Bank prior to implementing all e-banking/Internet insurance/Internet takaful services (introduction of new technology to the financial institutions or to the industry) or any material enhancements to the existing e-banking/Internet insurance/Internet takaful services.

The key requirements and standards that BNM is proposing to introduce are summarised as follows:

1. Governance

 The Board and senior management shall have an overall responsibility for ensuring effective implementation of sound and robust technology risk management for the financial institution to sustain its operations and deliver financial services. In fulfilling this role, the Board must provide oversight and guidance in the formulation of the technology risk appetite, strategic plan and other associated risk frameworks commensurate with the nature and complexity of the business. Any formulated plans in relation to the technology risk management framework (“TRMF”) must be periodically reviewed at least biennially to commensurate with the changes in risk profiles and business environments. Senior management must translate the Board’s strategic insights and implement the approved TRMF and Cyber Resilience Framework (“CRF”) into specific policies and procedures within the approved risk appetite and risk tolerance, supported by effective reporting and escalation procedures.

 2. Technology Risk Management

 A financial institution must ensure that an independent enterprise-wide technology risk management function—

  • is made responsible for the implementation of TRMF and CRF; and
  • plays an advisory role on critical technology projects, including escalating issues in a timely manner.

Further to this, a financial institution must designate a Chief Information Security Officer (CISO)

to be responsible for the technology risk management function and ensure that the CISO has sufficient authority, independence and resources. The CISO shall—

  • Be independent from day-to-day technology operations;
  • Be well aware of current and emerging technology risks affecting the industry which could potentially affect the financial institution’s risk profile; and
  • Be appropriately certified.

3. Technology Operations Management

 A financial institution must establish a robust framework for managing technology projects. The framework shall clearly establish the following:

  • Project governance including the project oversight, roles and responsibilities, approval requirements, ownership and reporting structure;
  • Project planning, initiation and implementation strategies that cover feasibility studies including evaluation of acquisition vs in-house developed systems, project timelines and deliverables, resources as well as vendor management where appropriate;
  • Monitoring and reporting procedures on the project progress, performance and resources;
  • Escalation process and procedure for resolution of issues to ensure proper deliberation at the appropriate level. Issues that cannot be resolved at the project level shall be escalated to senior management or the designated Board level committee; and
  • Project closure, comprehensive documentation and post implementation review procedures.

 4. Cybersecurity Management

A financial institution must ensure that there is enterprise-wide focus for effective cyber risk management as it is a collective responsibility of business and technology lines.

5. Technology Audit

 A financial institution must ensure that the scope, frequency and intensity of technology audit commensurate with the complexity, sophistication and criticality of technology systems and applications. A financial institution must ensure internal audit has relevant technology audit competencies and is familiar with the financial institution’s technology operations.

6. Internal Awareness and Training

A financial institution must provide adequate and regular technology and cybersecurity awareness education (such as measures to mitigate social engineering attacks) for all staff in undertaking their respective roles. A financial institution must establish mechanisms to measure the effectiveness of the training.

This cybersecurity awareness education must reflect current cyber threats landscape and to be conducted at least annually. A financial institution must provide adequate training to continuously enhance technology operations, cyber security and risk management staff’s technical competencies and capacity commensurate with the requirements of their roles and responsibilities.


Here in Malaysia,  Financial institutions will need to strengthen its cyber defenses to ensure that its systems and customer data are afforded greater protection, and therefore should take the opportunity to review its existing systems, frameworks and processes to ensure that it meets the proposed requirements.

This includes revising any existing policies that are similar to the TRMF and CRF to ensure that it meets the proposed requirements by BNM. Financial Institutions can now begin identifying appropriately qualified candidates for the various offices and positions; given the competition for talent in this space.

Similar practices have also been adopted by the Monetary Authority of Singapore under their Technology Risk Management Guidelines in June 2013  which seeks to prescribe similar guidelines on Technology Risk Management practices.

The proposed exposure paper can be found here.

Islamic finance as a tool for social justice

Ashley Freeman, partner of Gateway welcoming the audience during the evening session jointly organised by IIFC – Gateway

On  10 September 2018, a member of our law firm, Izwan Zakaria attended the Islamic Finance News (IFN) Forum in Istanbul Turkey. The event was jointly organised by the Istanbul Islamic Finance Consultancy (IIFC) and Gateway LLP (Gateway) in Istanbul, Turkey.

Gateway is an international Islamic consultancy consisting of leading Shariah practitioners which are multi-jurisdictional and multi-disciplinary. Gateway offers advisory services globally. The firm’s founding partner, Siti Zurina Sabarudin is one of the consultants based in Malaysia.

A day before the conference, a reception was jointly organised by IIFC and Gateway. In a welcoming remark by Ashley Freeman,  a partner at Gateway, he spoke about the newly established IIFC which is set to be a key-player in Turkey’s economic flagship project “Istanbul International Financial Center” due to be formally opened in 2019. Both IIFC and Gateway will be cooperating closely to assist clients already operating in the Islamic economy as well as new clients wishing to enter the sector.

During the conference, the panelists discussed on the future of Islamic finance. Key issues discussed ranges on addressing social justice and how Islamic finance can empower humanity.  The panelists agreed that the focus should go beyond on broadening Islamic economy and not just narrowly defined scope of Islamic finance.

The speakers raised the issue on improving ways on how Islamic instruments such as waqf (Islamic endowment), zakat (charitable alm) and sukuk (Islamic finance certificate/bond) can help improve lives. In the evening, during a key note speech by Daud Vicary Abdullah, a well respected Islamic finance leader with over 45 years experience based in Malaysia, Daud Vicary spoke about how funds raised through the zakat mechanism in a small state of Perlis can make a real and lasting difference to help Kenyan farmers suffering from extreme drought.  The case study of Kitui County’s 2017 ‘Ndengu Revolution’ was discussed during the panel session afterward by Abbas Gullet, Secretary General of Kenya Red Cross.

Daud Vicary Abdullah, a prominent Islamic finance practitioner and Izwan Zakaria, a member of Zurinalaw

Interestingly, many speakers mentioned and praised Malaysia repeatedly for its forward thinkingness in revamping its regulatory framework many years ago to promote the adoption of Islamic banks. These included encouraging the use of Islamic instruments in finance such as sukuk and Shariah compliance instruments in financing projects. However, the panelists also suggested that there may have been certain plateau over the years as to the future of Islamic finance and whether it should be broaden to also consider Islamic economy as a whole.

According to IIFC, the event is the largest Islamic finance event organised in Turkey in recent years.

On a side note, our associate had also completed a two days’ programme, ‘Foundation Certificate in Islamic Finance Practice’ held by IIFC – Gateway.


Gateway is a global ethical-Islamic professional services firm with more than 40 advisers in 18 countries. More information about Gateway can be found at 

IIFC is a comprehensive professional services firm headquartered in Istanbul. IIFC provides a broad range of services across four key business disciplines in Islamic finance. More information about IIFC can be found at

If you would like any further information or need advice on Islamic finance matters, please contact our please contact our law firm at +03-76245215, or e-mail at

Evolution of Blockchain Regulations: The Malaysian Perspectives

On 26 September 2018, the firm’s team attended The Southeast Asia’s International Blockchain or better known as BLOCFEST. The two days’ event was held at  Shangri-La Hotel, Kuala Lumpur. The firm’s founding partner, Siti Zurina Sabarudin was invited to present her experience on recent blockchain regulations titled ‘The Evolution of Blockchain Regulations: The Malaysian Perspectives’.

For a copy of the slides, please click the link below for a copy.

Download a copy of the presentation slides here

If you wish to watch the recorded video of the presentation, please visit our Facebook’s page below.

Watch the Presentation ‘The Evolution of Blockchain Regulations: The Malaysian Perspectives’

Siti Zurina speaking on the various regulated and fintech businesses

In the beginning of her presentation, Siti Zurina highlighted the significant developments in the last three years by notable regulators namely Securities Commission (SC) and the Bank Negara Malaysia (BNM).  For instance, the BNM started The Financial Technology Enabler Group (FTEG) was a good step and aimed towards promoting fintech startups to participate in a regulatory sandbox within the BNM’s framework. Similarly, the SC has been active in issuing notices to the public on any initial coin offerings advising the public to exercise caution or restraint before deciding to invest.

The first challenge discussed is on the BNM’s approach in addressing the rise of digital currency exchanges. Earlier in February this year, the BNM had published a guidelines for digital currencies aimed towards cryptocurrency exchanges with the aim to reduce anti money laundering risks by ensuring such firms to be recognised as reporting institutions similar to other entities such as banks and money changers. This by no means that digital currencies has been recognised as legal tender in Malaysia.

However, there is a certain optimism in the BNM’s approach toward regulation and its progressiveness. In other words, the approach taken by BNM and SC is not restrictive by simply banning ICOs unlike certain jurisdictions such as China.

Another legal issue discussed is on data protection and privacy. In summary, blockchain service providers (ie operators or owners of such platforms) should distinguish whether the blockchain is to be made public or private. Private blockchain may seem to be more suited towards financial institution and government agencies. In such scheme, service level agreements will bind the service operator and participants. Also, it is important to note that laws are territorial in nature, and therefore, the regulator may need to consider whether present laws may need to be revised in order to have an extraterritorial effect to tackle the open nature of blockchain technologies such as platforms based in cloud servers which may be located outside the jurisdiction. A case in point is the recent introduction of European Union’s General Data Protection Regulation (GDPR) which may extend to entities which may not operate within the EU’s territories.

The final matter discussed is on initial coin offerings. In a case study published in ‘A Guide to Digital Tokens Offering’ by the Singapore’s Monetary Authority of Singapore (MAS), it appears that the legal position taken by the MAS may be similar in Malaysia. Essentially,  digital token may fall under the definition of ‘securities’ under the Capital Markets and Services Act 2007. In other words, compliance with obtaining approval from Securities Commission (SC) and disclosure requirements to SC, are required.

Siti Zurina (on left) speaking as one of the panelists in the panel discussion

After the presentation, Siti Zurina Sabarudin also participated as one of the panelists for the panel discussion, entitled “How Can Regulators Share Learnings in the Region, and not in Silos?”. The panel comprised  Abdul Fattah Yatim (Chairman, Malaysia’s National Standards Technical Committee on Blockchain and Distributed Ledger Technologies), Cris D. Tran (Country Head, Infinity Blockchain Ventures (IBV) Malaysia / Director, QRC Group) and Luis Buenaventura (Founder, Bloom / Creator, Cryptopop). The moderator of the panel was Floyd D’Costa (Co-Founder, Black Armour, Blockchainworx SG).

If you wish to watch the recorded video of the panel discussion, please visit our Facebook’s page by clicking on the link below.

Video Recording of Panel Session Titled “How Can Regulators Share Learnings in the Region, and not in Silos?”

One of the main issues raised during the discussion is on the approaches taken by different regulators in Southeast Asia particularly in the Philippines, Malaysia and Singapore respectively. The panelists discussed that some regulators have been progressive in adopting friendly regulations such as the Philippines, Gibraltar and Singapore in embracing blockchain technologies. To illustrate, Philippines’s Securities and Exchange Commission (SEC) had approved a draft rules for initial coin offerings (ICO) which covers the minimum standards required in an ICO. Sometime in July this year, Gibraltar launched The Gibraltar Blockchain Exchange which aims to position itself as a leading token sale platform and other digital assets exchange. Singapore on the other hand, through its Monetary Authority of Singapore (MAS), had published ‘A Guide to Digital Token Offerings’ in late 2017 which seeks to elaborate upon how ICOs will be subject to Singapore’s securities laws.

A major conclusion made during the discussion is the importance for regulators to ‘step up’ in their current review of the existing regulatory framework in light of the evolution of new technologies. Certain areas found to be inconsistent or incompatible may need to be addressed. This certainly requires various collaboration between the regulators and other ecosystem players in the industry to ensure that Malaysia remains a choice of jurisdiction that is progressive in welcoming new innovations.

For more information about the regulatory framework on blockchain technologies and initial coin offerings in Malaysia, please contact our law firm at +03-76245215, or e-mail at

Tealive vs Chatime : Settled Out of Court

After almost two years of court and arbitration proceedings, the owners of Tealive and Chatime have finally reached a mutual agreement.In a joint statement released today, 30 August 2018, Loob Holding Sdn Bhd (Tealive) and La Kaffa International Co Ltd (Chatime) announced that both companies have reached an out-of-court settlement to amicably resolve all disputes and both parties have agreed to withdraw all ongoing proceedings in Malaysian courts as well as arbitration in Singapore.

Previously on the 5th July 2018 the Court of Appeal has rejected the application by Tealive’s Loob Holding Sdn. Bhd.(“Loob”) to stay a prohibitory injunction granted in favour of Chatime’s La Kaffa International Co Ltd(“La Kaffa”) in relation to the restraint of trade was granted by the Court of Appeal on 27th June 2018. Loob has now applied to the Federal Courts to reverse the ruling on the prohibitory injunction granted in favour of La Kaffa.

What happened?

La Kaffa terminated the franchise arrangement it had entered into with Loob on the grounds that alleged breaches were committed by Loob such as withholding payments and using unapproved raw materials.

Loob then went on to open Tealive, a similar business to Chatime with a replication of Chatime’s menu, layout, outlets and team.

La Kaffa sought out injunctions against Loob to stop Loob from selling similar products as theirs and to return its properties such as the operating manuals.

The Court of Appeal allowed the injunction to stop Loob (Tealive) from continuing its business in selling similar products as La Kaffa (Chatime) in Malaysia. Loob subsequently sought for a stay on the injunction which was then dismissed by the Court of Appeal.

Loob applied to the Federal Courts to reverse the ruling on the injunction granted in favour of La Kaffa.

Both Partiees have now finally reached a mutual agreement and have decided to settle the dispute out of court.

What is the law?

La Kaffa’s case was largely based on breaches of terms in the agreements as well as s failure to comply with Section 27 of the Malaysian Franchise Act 1998.

La Kaffa claimed that the agreements entered contained terms with regard to the restraint of trade on similar businesses of the franchisor of which Loob was in breach.

Further to this, Section 27 of the Malaysian Franchise Act 1998 requires a franchisee to give a written guarantee to its franchisor that he/she, including its directors, the spouses and immediate family members and employees shall not carry on any other business similar to the franchised business operated by the franchisee during the franchise terms and for two years after the expiration or earlier termination of the franchise agreement.

In the case above, the continuance of Loob operating Tealive outlets similarly in the bubble tea business was a breach of the franchise agreements as well as a contravention of Section 27 of the Malaysian Franchise Act 1998 .


If franchisees were able to compete with the Franchisor at the end of the term of the franchise agreement once they have already been acquainted with the protected business know-how, this may be used to the detriment of the Franchisor and would deter most franchisors from entering into a franchise arrangement to begin with.

Fortunately, the Malaysian Franchise Act requires the Franchisee and its employees to comply with their restraint of trade covenants during the term of the franchise agreement and for a period of two years after the expiration or termination of the franchise agreement. These provisions are not only designed to protect the brand reputation that has been built by the franchisor but to also protect his intellectual property rights.

Key Take-Aways From the Chatime vs. Tealive Case

  • This case between Loob and La Kaffa provides an example to franchisors and franchisees about the operation and enforceability of restraint provisions under Malaysian law.
  • When entering an agreement, parties should identify restraint of trade clauses and assess whether they will be able to comply with the restraint of trade provisions and to be fully aware of the accompanying restrictions. The courts will not necessarily agree that the restraint is unreasonable.
  • If franchising in Malaysia (or considering doing so), franchisors should review their restraint of trade and governing law clauses to ensure they are effective as well as ensure a written guarantee is obtained from the franchisee in accordance with Section 27 of the Malaysian Franchise Act 1998.
  • If you are appointed as a franchisee, you have been granted a right by the franchisor to operate a business using the bran and concepts owned and developed by the franchisor and you are also bound by the rules of the franchise agreement and law.
  • As a franchisee you cannot freely misuse the franchisor’s intellectual property, open a side business with an identical product, or replace ingredients without prior approval from the franchisor.

Private equity and venture capital in Malaysia: Summary of regulatory framework

In recent months, we have received many interests on private equity /venture capital applicants seeking to be registered as a private equity/ venture capital firms in Malaysia.

We have prepared a high level summary presentation which aims to provide an overview of the key practical issues including the types of registration provided under the Securities Commissions’ guidelines. Click the link below for a copy of the presentation.

Presentation Summary on Private Equity /Venture Capital Regulatory Framework in Malaysia

Attachment A – Definitions of ‘sophisticated person’: Schedule 6 and 7 of the Capital Markets and Services Act 2007 

Attachment B – Criteria and requirements for ‘fit and proper’ imposed on responsible person  

The slides also provides common issues surrounding application based on our experience that arises during registration and the relationship between the portfolio company’s managers and the private equity funds. Details on the conditions and responsibilities imposed by the Securities Commission on the responsible person of the applicant are also included. The typical mechanics involved in establishing a private equity/ venture capital fund in Malaysia is included as well.

Zurinalaw acts for some of Malaysia’s most prominent venture capital and private equity firms. We have the  experience and the network to help you establish your new venture capital or private equity fund and to position it for growth. For more information about the regulatory framework on private equity and venture capital in Malaysia, please contact Siti Zurina Sabarudin at +03-76245215, or e-mail at

Zurinalaw participates in a panel session on startups organised by Malaysia Digital Economy Corporation

The event poster

On Wednesday, 15 August 2018, Zurinalaw had the pleasure of attending the inaugural event organised by Malaysia Digital Economy Corporation (MDEC) under its Malaysia Digital Hub banner. Titled ‘Common Legal Issues’, the panel session was organised at WORQ Coworking Space located in TTDI.

Our senior associate, Izwan Zakaria (sitting in the middle), sharing his views on common legal issues faced by startups and potential ways to overcome or reduce their legal risks.

In a panel session, Zurinalaw was represented by Izwan Zakaria, our senior associate, who is spearheadeding ‘’, the legal startup focused on empowering small businesses and startups on business compliance.

Other ecosystem partners on the panel session were Aloysius Lim representing ShakeUp Online, a legal tech startup backed by ZICO Holdings Inc, BurgieLaw, an online legal platform and Edwin Lee Yong Cieh, cofounder of CanLaw and partner of GLT Law.

Participants during the event

During the session, the panelists discussed on the following issues:

  • why you need a founders agreement
  • when do you need to set up a new company
  • how to do an early fundraising – difference types of fundraising options
  • how Terms Sheets, Subscription Agreements and Shareholders’ Agreements work
  • alternative forms of fundraising such as crowdfunding and peer to peer investments
  • employment issues, including critical issues when engaging contractors like copywriters and web designers
  • IP issues: do you need to register a trademark

(from left) Marlyn Perone, partner at Zurinalaw, one of the guests, Siti Zurina Sabarudin, founding partner at Zurinalaw, and Izwan Zakaria, senior associate at Zurina

For further information on Zurinalaw, please visit or contact Siti Zurina Sabarudin at +03-76245215, or e-mail at

Zurinalaw wins ‘Intellectual Property Rights Advisory Firm’ Award from Malaysia Venture Capital Association

Our Siti Zurina Sabarudin, founding partner and Izwan Zakaria, senior associate at the MVCA annual dinner

Messrs Zurina is pleased to announce that the firm had received the ‘Intellectual Property Rights Advisory Firm’ Award during the Malaysian Venture Capital & Private Equity Association.


The award ceremony, which was held on 31 July 2018 at the Sime Darby Convention Centre was attended by investment professionals and private equity / venture capital principals and other ecosystem players from both private and government agencies.

(from left) Executive Director Salihin Group Ahmad Izwan Adnan, Founding Partner Salihin Group Salihin Abang, Vice President, Issuer Development Bursa Malaysia Salihudin Mohd Razali, and Founding Partner Zurinalaw Siti Zurina Sabarudin

“We are extremely happy with our award at this year’s MVCA award, especially when 2018 also marks our 3rd anniversary,” said founding partner Siti Zurina Sabarudin.

“I would also like to acknowledge and congratulate my our lawyers Shazlinaah Kamaludeen, Izwan Zakaria, Marlyn Perone, Geetha Thiyagarajan, Chan Hong and our support team Nadiah  Abdullah and Umar Razak for the utmost faith and conviction that we are the best in what we do,” added Siti Zurina. “Moreover, winning the intellectual property rights advisory firm award is a market-wide recognition of our leading intellectual property practice and reflects the firm’s commitment to the technology related business.”

(from left) Executive Director Captii Ventures Ng Sai Kit, Founding Partner Zurinalaw Siti Zurina Sabarudin, and Executive Chairman Captii Ventures Anton Syazi Ahmad Sebi

For further information on Zurinalaw, please visit or contact Siti Zurina Sabarudin at +03-76245215, or e-mail at