Money laundering is often perceived as a problem of the underground economy, detached from mainstream business and capital markets. Recent enforcement action linked to Ops Viking demonstrates how inaccurate that assumption has become. Today, illicit funds do not merely circulate in parallel systems. Increasingly, they are expanding into regulated markets, established corporates and legitimate investment structures — sometimes at scale.
For Boards and Senior Management, the key question is: we all know that financial crime exposure exists, but whether it is understood, governed and prevented effectively? That remains a question mark.
The evolution of financial crime risk
At a fundamental level, money laundering involves disguising the origin of proceeds from criminal activity, so they appear legitimate. While this definition remains unchanged, the operating model has evolved significantly. Financial crime today operates with increasing sophistication, often functioning through transnational and highly coordinated networks that leverage legal entities, trusted intermediaries and complex transactional flows to obscure ownership, control and source of funds.
Importantly, laundering activity today rarely appears overtly suspicious. Instead, it is embedded within ordinary-looking corporate structures, trade flows and investment transactions, materially increasing exposure for legitimate businesses that may create greater financial crime risk exposure for businesses outside the traditional risk landscape.
How legitimate organizations become exposed
Most legitimate businesses do not intentionally facilitate money laundering. However, certain operating conditions increase vulnerability, including:
• Pressure to grow, recapitalize or survive economically
• Aggressive performance targets or transaction timelines
• Over reliance on trusted intermediaries
• Weak escalation and governance mechanisms
In such environments, capital or investment opportunities may be accepted without sufficient scrutiny of source of funds, ownership or economic rationale. Over time, these gaps can create entry points through which illicit funds become integrated into otherwise legitimate enterprises.
Trade based money laundering (TBML) and misuse of corporate structures
One of the most prevalent typologies today is TBML. By manipulating invoicing, pricing, documentation and settlement flows, significant value can be moved with limited visibility. Transactions often appear commercially plausible and are supported by documentation, reducing detection where controls operate in silos.
Complex corporate structures present a similar challenge. While shell and holding entities are not inherently illicit, they are frequently used to obscure ultimate beneficial ownership (UBO) through nominee arrangements, layered shareholdings or offshore vehicles. Formal compliance may be achieved, yet control and benefit remain concealed, underscoring the need for substance‑based assessment over form.
Structural red flags: indicators that warrant Board level attention
In many money laundering cases, the most telling warning signs are not transactional anomalies, but structural inconsistencies, such as corporate, ownership and governance features that lack a clear or proportionate commercial rationale.
Boards and Senior Management should be alert to structural red flags, including:
• Over‑engineered ownership structures with no clear commercial rationale
• Frequent or unexplained changes in ownership or control
• Nominee directors or shareholders lacking decision‑making substance
• Mismatch between stated business purpose and actual activity
• Circular or related‑party fund movements without economic justification
• Intermediary‑heavy structures that add opacity rather than value
Individually, these indicators may appear benign. Collectively, they often signal elevated financial crime risk. The key governance question is not whether arrangements are technically compliant, but whether the organization can clearly explain why they exist, who benefits and who ultimately controls them.
From Know-Your-Customer (KYC) to UBO transparency
Traditional KYC processes remain foundational but are no longer sufficient. Regulatory expectations globally now emphasize identification and verification of UBO: those who ultimately own, control or benefit from an entity or transaction.
The proliferation of family offices, nominee arrangements and offshore structures has increased both the complexity and importance of UBO transparency. The key question remains consistent: who ultimately exercises control and receives economic benefit?
The Crypto Bridge: Accelerating the layering of illicit funds
While cryptocurrency is not inherently illicit, its characteristics (e.g., speed, borderless and programmability) make it a powerful layering tool. In practice, crypto is rarely the final destination of illicit funds. Instead, it serves as a bridge between traditional financial channels, allowing value to move rapidly across borders and platforms before re‑entering the fiat system.
Although blockchain transactions are technically traceable, the challenge remains in identifying the real-world individuals or entities behind those transactions. Weak onboarding, inconsistent KYC standards and proxy use can obscure real‑world controllers, reinforcing the need to treat crypto exposure as part of broader financial crime and UBO risk.
Malaysia’s Financial Action Task Force (FATF) milestone: higher credibility, higher expectations
Malaysia’s move to regular follow‑up status under the FATF reflects meaningful progress in addressing previous AML deficiencies and restores international confidence in the framework. This supports reduced de‑risking, smoother cross‑border trade and improved investment attractiveness.
However, increased credibility also raises domestic expectations. As Malaysia strengthens its international standing within the global AML landscape, businesses operating within the country will likely face heightened expectations around transparency, governance, and financial crime controls. For Malaysian businesses, the implication is clear: easier international engagement paired with higher standards of transparency, governance and control.
A Board level imperative
Financial crime supervision is now risk‑based, not size‑based. Small and medium enterprises (SME) and large corporates alike face exposure. Effective AML frameworks are intelligence‑led, dynamic and embedded into decision‑making, not treated as back‑office compliance exercises.
Boards and Senior Management should regularly ask:
Across customers, products, geographic locations, suppliers, investments and M&A activity.
With real authority to challenge, delay or decline high risk relationships and transactions.
Beyond formal documentation, to economic substance.
Ultimately, inability to answer these questions is a governance risk that can directly impact organizational resilience, stakeholder trust, and long-term enterprise value.
As financial crime risks become increasingly sophisticated and embedded within legitimate business ecosystems, effective governance will depend on compliance frameworks, but also the Board’s ability to maintain clear visibility over ownership, control, and the movement of funds across the organization’s broader business environment.
