By Iva Karen
KUALA LUMPUR, June 23 – Financcial institutions in Malaysia must treat Ongoing Due Diligence (ODD) as a continuous responsibility, not a one-time task, in order to prevent misidentifying legitimate customers as suspicious, says an anti-money laundering and counter-financing of terrorism expert.
Muhamad Nazri Shaidon said ODD is a key requirement under global anti-money laundering (AML) standards set by the Financial Action Task Force (FATF), and is locally enforced by Bank Negara Malaysia (BNM) under its AML/CFT and Targeted Financial Sanctions (TFS) Policy Document.
“ODD is more than just compliance — it’s about protecting customers and maintaining the integrity of the financial system. Outdated information can lead to false red flags, unnecessary account freezes, and strained customer relationships. We must shift from a reactive mindset to a proactive culture,” he said.
With nearly a decade of experience in Bank Negara (BNM) Financial Intelligence and Enforcement Department, Muhamad Nazri said ODD involves updating customer information, monitoring transaction patterns, and reassessing risk profiles when changes in customer behaviour or circumstances are detected.
He said, financial institutions are expected to remain alert to these shifts over the entire duration of the customer relationship.
One common scenario, Nazri explained, is when a low-risk customer, such as a student, experiences a lifestyle shift that’s not reflected in the bank’s system.
“A student who later becomes a business owner might suddenly see increased cash flow. If the bank hasn’t updated the profile, these legitimate activities may look suspicious.”
He added that BNM guidelines call for customer reviews based on risk ratings: high-risk individuals annually, medium-risk every two to three years, and low-risk customers at least every five years.
However, changes in status such as becoming a Politically Exposed Person (PEP) or starting business ties with high-risk countries, should trigger immediate reassessment.
Nazri also stressed that responsibility for ODD cannot fall solely on compliance departments.
“Frontline staff and relationship managers are the first to spot behavioural or profile changes. They must be empowered and trained to act, not just report,” he said.
He said, trigger events that warrant ODD include significant shifts in transaction volume, changes in employment or income status, and alerts that cannot be explained due to missing customer information.
Nazri noted that without proper systems to detect these changes, banks risk filing unnecessary Suspicious Transaction Reports (STRs) or severing relationships with legitimate clients.
To build a more effective ODD framework, Nazri recommends that banks assign clear roles across departments, conduct ongoing training, and adopt data-driven systems for monitoring and analysis. “We have the technology. Now it’s about execution and accountability,” he added.
Financial institutions that successfully embed ODD into their everyday operations will be better equipped to manage regulatory expectations, reduce risk exposure, and foster stronger customer trust.
“Ultimately, ODD isn’t just about ticking boxes for regulators. It’s about being a responsible gatekeeper in the fight against financial crime without penalising innocent customers in the process,” Nazri said.
–WE