The Complete Guide to Using AI in the Financial Services Industry in Malaysia in 2025

Malaysia's push to make AI practical, safe and widespread is the backdrop for this guide: after the National AI Office (NAIO) formally launched on 12 December 2024, policymakers signalled a national push - an AI Code of Ethics, an AI Technology Action Plan and public‑sector adoption targets - to scale tools that already matter to banks and fintechs, from e‑KYC to credit underwriting and AI‑driven fraud detection; in fact, Bank Negara Malaysia and PayNet's National Fraud Portal used AI to cut the time to trace stolen funds from two hours to about 30 minutes.

Yet regulation lags in key areas (Malaysia's PDPA does not yet regulate automated decision‑making), so firms must balance rapid adoption with transparency and explainability as outlined in recent governance guidance.

For practitioners wanting hands‑on skills, short, workplace‑focused training like an AI Essentials for Work course can bridge the gap between policy and practical deployment.

Learn more about NAIO's mandate, Malaysia's AI governance and practical training options below.

Bootcamp	Length	Cost (early bird)	Syllabus
AI Essentials for Work	15 Weeks	$3,582	AI Essentials for Work syllabus | Nucamp Bootcamp

The financial services industry in Malaysia is a multi‑speed ecosystem where incumbent banks, a new wave of regulated digital banks and a bustling fintech scene - covering payments, digital lending, wealth tech, insurtech and embedded finance - are converging around real‑time rails and data‑driven services; the fintech market alone reached USD 656.40 million in 2024 and is forecast to expand to USD 2,883.21 million by 2033 (CAGR 15.95%), underscoring why players are racing to deploy AI across payments, underwriting and fraud detection (IMARC Malaysia fintech market report).

National infrastructure such as PayNet's RPP and DuitNow helped drive 1.9 billion real‑time transactions in 2023, turning instant payments into everyday rails for merchants, billers and consumers (Malaysia real-time payments analysis - ACI Worldwide).

Regulation and supervisory tools - from BNM and SC sandboxes to new frameworks for digital insurers and data rules - create pathways to scale while managing risk, documented in the latest fintech legal overview (Fintech laws and regulations in Malaysia (ICLG)); alongside rapid digital lending growth (over 800,000 loan requests processed recently), this mix of infrastructure, policy and market momentum explains why Malaysia is a regional hub for fintech experimentation and AI adoption.

Metric	Value (source)
Fintech market size (2024)	USD 656.40 Million (IMARC)
Fintech market forecast (2033)	USD 2,883.21 Million; CAGR 15.95% (IMARC)
Real‑time transactions (2023)	1.9 Billion (ACI Worldwide)
Digital lending volume (recent year)	>800,000 loan requests processed (IMARC)

Malaysia's AI scene in 2025 is a fast-moving mix of voluntary ethics, public investment and a yawning skills gap: the National Guidelines on AI Governance and Ethics (AIGE) set seven core principles - fairness, transparency, accountability and more - but remain non‑binding while the National AI Office (NAIO) rolls out an AI Technology Action Plan and public‑sector pilots (including a Google Workspace Gemini rollout to 445,000 officers) to translate guidance into practice; details and FAQs are available from the NAIO FAQ on AI Governance and Ethics (NAIO FAQ on AI Governance and Ethics).

Policy progress sits alongside big numbers and real pains in talent: the government has earmarked MYR 600 million for AI R&D and MYR 50 million for education, yet reports find only about 3,000 AI professionals in-country versus a projected need of 30,000 by 2030, and 81% of employers saying they struggle to hire AI talent.

Market adoption is tangible - 140 AI vendors generated about MYR 1 billion in revenue - and high‑impact financial use cases (fraud, e‑KYC, credit scoring) are already live, but regulatory gaps such as the PDPA's current silence on automated decision‑making mean firms must bake in explainability and governance now.

For a practical legal and policy snapshot, see the recent Malaysia AI practice guide that compares AIGE with global frameworks (Chambers and Partners - Malaysia AI practice guide (Artificial Intelligence 2025)).

Metric	Figure / Note	Source
Government AI funding (2025)	MYR 600M (R&D); MYR 50M (education)	Chambers and Partners - Malaysia AI practice guide (AI 2025)
Projected AI contribution by 2030	USD 115 billion to productive capacity	Chambers and Partners - Malaysia AI practice guide (AI 2025)
Current vs projected AI professionals	~3,000 today → ~30,000 by 2030	Chambers and Partners - Malaysia AI practice guide (AI 2025)
Microsoft training target	Train 800,000 Malaysians by 2025	Chambers and Partners - Malaysia AI practice guide (AI 2025)
AI solution provider revenue	140 providers, ~MYR 1 billion	Chambers and Partners - Malaysia AI practice guide (AI 2025)
NAIO launch	12 December 2024; rolling out AIGE and action plans	NAIO FAQ on AI Governance and Ethics

Key AI use cases in Malaysia's financial services in 2025 cluster around fraud and payments, where real‑time, cross‑institution intelligence is already changing outcomes: the National Fraud Portal (NFP) and graph‑AI tools such as FNA's Money Trails enable rapid tracing of illicit fund flows and mule‑account detection, feeding realtime risk scores and features to banks' models so suspicious transactions can be blocked before settlement (read more about the NFP rollout in Tookitaki's briefing on Malaysia's National Fraud Portal Tookitaki briefing on Malaysia's National Fraud Portal and FNA's award‑winning Money Trails solution FNA Money Trails award-winning solution).

Other high‑value AI use cases include e‑KYC/AML automation, AI‑driven credit scoring and portfolio optimisation, and prioritized, explainable alerts for investigations - functions regulators now expect as BNM tightens fraud rules (see Feedzai's guide to Bank Negara Malaysia electronic banking fraud regulations Feedzai guide to Bank Negara Malaysia electronic banking fraud regulations).

The payoff is tangible: funds frozen rose dramatically and investigation times collapsed from days to roughly 30 minutes, showing how shared, AI‑enabled rails can turn a scattered response into a four‑hour rescue mission for victims.

Metric	Figure / Note
Funds frozen (post‑NFP)	Increased from 0.5% to 30% (FNA / NFP)
Average investigation time	Reduced by ~70% to about 30 minutes (FNA / NFP)
Case resolution	Most cases resolved within four hours (FNA / NFP)
Regulatory deadline	BNM electronic banking fraud rules effective June 30, 2025 (Feedzai)

“In the past, tracing funds could take days - assuming all parties cooperated,” said the NFP project lead at PayNet. “Most cases are now resolved within four hours.”

Governance in Malaysia's financial sector is moving from aspiration to action: the National Guidelines on AI Governance and Ethics (AIGE) provide a seven‑point playbook - Fairness; Reliability, Safety & Control; Privacy & Security; Inclusiveness; Transparency; Accountability; and the Pursuit of Human Benefit and Happiness - that firms must map directly onto high‑stakes use cases such as credit scoring, underwriting and AML screening (Malaysia National Guidelines on AI Governance and Ethics (AIGE) overview).

Importantly, AIGE is voluntary today, not law, so regulators and institutions are filling the enforcement gap through sectoral guidance and the new National AI Office (NAIO) initiatives like an AI Technology Action Plan and an AI Code of Ethics - steps intended to turn principles into practical controls for banks and fintechs (Chambers and Partners Malaysia AI practice guide - trends and developments 2025).

For financial firms that rely on automated decision‑making, the so what? is immediate: Malaysia's PDPA currently does not regulate ADM, so embedding explainability, human‑in‑the‑loop checks and robust data governance is not optional but the fastest way to manage regulatory, reputational and operational risk as the country transitions from soft guidance to tighter rules - think of AIGE as a seven‑point compass for responsible deployment, not a set of legal handcuffs.

AI Principle	Purpose
Fairness	Avoid bias and discrimination
Reliability, Safety & Control	Ensure systems perform as intended
Privacy & Security	Protect personal data throughout the AI lifecycle
Inclusiveness	Make AI accessible and beneficial to all
Transparency	Disclose purpose, data and decision logic
Accountability	Assign responsibility for outcomes
Pursuit of Human Benefit & Happiness	Prioritise human‑centred outcomes

Data governance is now the linchpin for Malaysian banks and fintechs deploying AI: the PDPA Amendment and the new Cross‑Border Personal Data Transfer (CBPDT) Guidelines shift cross‑border flows to a risk‑based regime that requires Transfer Impact Assessments, and they broaden “sensitive” data to include biometrics - so training datasets and e‑KYC pipelines must be treated accordingly (Mayer Brown analysis of Malaysia PDPA amendments and CBPDT guidelines).

Operationally, organisations must appoint and register Data Protection Officers under the new rules (thresholds apply), make DPO contact details public within days, and be ready to notify the regulator within 72 hours and affected individuals within seven days for breaches that cause “significant harm” (Hogan Lovells explanation of Malaysia cross-border data transfer guidelines and mandatory DPO and breach rules); these deadlines turn data governance from a paperwork exercise into a live, auditable control.

Explainability and human‑in‑the‑loop safeguards are also on the horizon: PDPD consultations on automated decision‑making and profiling envisage rights to information, refusal of high‑impact ADM, and human review, so models used for credit scoring or automated underwriting must be traceable, minimally invasive and documented end‑to‑end - think of an audit trail that shows why a declined application was due to a specific feature, not an opaque “score.”

PDPA change	Key detail
Mandatory DPO	Applies where >20,000 data subjects or >10,000 sensitive records; must be registered and contactable
Data breach notification	Notify Commissioner within 72 hours; notify individuals within 7 days if likely to cause significant harm
Cross‑border transfers	Risk‑based regime requiring Transfer Impact Assessments (TIA); TIA valid up to 3 years
Penalties	Maximum fine increased to RM1,000,000 and up to 3 years' imprisonment

Technical architecture and a realistic implementation roadmap turn AI from a pilot into reliable, auditable production capability - Malaysian firms should follow a proven six‑phase approach (strategy, infra, data, models, deployment/MLOps, governance) drawn from the practical HP implementation guide, which notes 18–24 months is a typical enterprise timeline and that most failures stem from poor alignment and planning (six‑phase AI implementation guide for Malaysian enterprises).

Start by choosing the right deployment model - cloud for rapid scale, on‑prem for strict PDPA control, or hybrid for a phased migration - and size compute (GPU acceleration, high‑core CPUs, RAM, SSDs) and networking for real‑time use cases like fraud detection.

Build a governed data platform (data lake/warehouse + streaming pipelines, lineage and TIAs for cross‑border flows), pick frameworks and orchestration (TensorFlow/PyTorch, MLflow, Airflow, Kubernetes, Kafka) and bake in MLOps: CI/CD, drift monitoring, automated retraining and blue/green or canary rollouts so models can be updated with near‑zero business disruption.

Governance must align with Malaysia's AI Guidelines and NAIO signals - traceability, explainability and audit trails across the model lifecycle turn regulatory risk into operational resilience (see the Malaysia AI practice guide for governance context) (Malaysia AI practice guide - governance and trends).

Without that pit‑crew - data, infra and MLOps - high‑value models risk stalling the moment they leave the lab; with it, AI delivers repeatable, auditable value across products and rails.

Phase	Typical duration
Phase 1: Strategic alignment	2–3 months
Phase 2: Infrastructure planning	3–4 months
Phase 3: Data strategy	4–6 months
Phase 4: Model development	6–9 months
Phase 5: Deployment & MLOps	3–4 months
Phase 6: Governance & optimization	Ongoing

Ethics, accountability and IP in Malaysia's AI-driven finance sector are less academic checklist and more front-line risk: opaque, proprietary scoring models can silently raise loan prices or deny credit to people who look fine on paper - think of a small business owner with perfect payments turned down because an algorithm flagged

irregular income

- so the stakes are immediate.

Regulators and researchers argue the fix must focus on outcomes, not just inputs: introduce periodic, output‑based testing of lending models, give consumers a right to know algorithmic results and inferences, and use supervised sandboxes and open‑data initiatives to reduce

credit invisibility

for excluded groups, while keeping trade‑secret IP balanced against the need for explainability and auditability (see the SMU paper on algorithmic credit scoring SMU paper: The Role of Financial Regulators in the Governance of Algorithmic Credit Scoring, a concise call for supervisory testing and consumer rights).

Firms should also guard against proxy bias and narrow design teams - both common root causes of unfair outcomes discussed in the accessible review of credit‑scoring AI The Regulatory Review: A New Approach to Regulating Credit‑Scoring AI - and study real‑world impacts and mitigation techniques outlined in

When Algorithms Judge Your Credit

for practical examples and harms to avoid (Accessible Law: When Algorithms Judge Your Credit - AI Bias in Lending Decisions).

The practical takeaway: embed explainability, regular fairness testing and measured transparency into procurement and IP terms so innovation doesn't outpace accountability.

Proposed safeguard	Purpose / Source
Periodic output‑based fairness testing	Detect discriminatory outcomes, not just biased inputs (SMU paper)
Right to know algorithmic results	Empower consumers to verify and challenge decisions (SMU paper; Accessible Law)
Supervised sandboxes for excluded groups	Create representative training data in controlled settings (SMU paper)
Balanced IP and transparency clauses	Preserve trade secrets while enabling audits and explainability (Thereg Review)

Risk management for Malaysian banks and fintechs starts with realistic vendor selection and a clear build‑vs‑buy stance: despite RM163.6 billion in national digital investment and over 80% of banks launching AI initiatives, fewer than 15% have scaled into full production, so procurement choices must balance speed with auditability and data control (Backbase analysis of Malaysian banks' AI progress).

Prioritise partners who embed explainability, strong MLOps and hybrid deployment options so sensitive e‑KYC/biometric workflows - now a regulatory focus after BNM's biometric and National Fraud Portal reforms - stay compliant while defending against deepfakes and synthetic IDs (Bank Negara Malaysia e‑KYC and biometric reforms analysis).

When evaluating vendors, require documented evidence of low‑latency scoring, drift monitoring and audit logs, insist on clear IP and transparency clauses, and run small pilot integrations that prove integration with legacy cores before broad rollouts - an approach that captures the Adnovum guidance to choose cloud, on‑prem or hybrid based on security, control and TCO trade‑offs (Adnovum guidance on safe AI adoption in cloud or on‑premises).

The practical payoff: pick the right model and vendors up front and pilots stop being flashy demos and start delivering measurable reduction in fraud, false positives and regulatory risk.

Option	When to choose / Trade‑offs
Custom / On‑prem / Hybrid (Build)	Best for max data control, strict PDPA compliance, IP ownership; higher upfront cost but lower long‑term dependence on SaaS (Adnovum)
Standardised / SaaS (Buy)	Fast to market, lower initial cost, leverages vendor experience; may limit customization and complicate sensitive data flows

“Banks aren't just asking what AI can do,” he observes. “They're asking what it should do, and how to make it stick.” - Ashish Sharma, Backbase

Getting started with AI in Malaysia's financial services in 2025 means treating regulation and deployment as twin projects: respond to Bank Negara's ten‑week discussion paper (feedback due Oct 17, 2025) and use the year‑end window - when exposure drafts on Open Finance and Asset Tokenisation are expected - to pilot “win‑win‑win” use cases that augment human decisions (fraud detection, e‑KYC, personal finance tools) while instrumenting explainability, drift monitoring and human‑in‑the‑loop review.

Review BNM's discussion and timeline in Tech Wire Asia to understand priority areas and the F‑I‑N‑D agenda, align program governance with the seven‑principle AI Guidelines and NAIO signals in the Chambers practice guide, and start with a small, auditable pilot that proves low‑latency scoring and safe data flows before scaling.

Parallel to pilots, invest in practical skills for the people who will operate and challenge models - short courses like Nucamp AI Essentials for Work bootcamp teach prompt design, risk controls and workplace application so teams can turn regulatory scrutiny into operational advantage.

The pragmatic goal: validate modest, consumer‑centric pilots now so Malaysian firms can scale responsibly as sectoral rules and national action plans crystallise.

“We have released a Discussion Paper on Artificial Intelligence today, outlining our regulatory and developmental approach, including priority areas for industry-led collaboration and responsible adoption of AI in financial services.”