GH GambleHub

Malaysia - legal regime

(Section: "Markets and Jurisdictions")

1) Mode picture

Malaysia follows a prohibitive-permissive model: gambling is generally prohibited, but narrow exceptions to offline casino licenses and numerical lotteries are enforced.

Online casinos/betting/poker for Malaysian audiences - banned.
Strong interdepartmental law enforcement link: domain/application blocking, payment filtering, raids and equipment seizures.
There are additional state-level Sharia bans on gambling for Muslim citizens.

2) Regulatory framework and institutions

Key Federal Acts

Common Gaming Houses Act 1953 - ban on gambling houses and participation in them, criminal liability.
Betting Act 1953 - ban on bookmaking/betting without permission.
Lotteries Act 1952 - number forecast.
AML/CTF - AML/CTF responsibilities for lotteries/casinos and payment loop.

Institutions and roles

MOF (Ministry of Finance) - licenses/supervision of lotteries and fiscal fees.
Royal Malaysia Police - investigations, raids, prosecutions.
MCMC (communication/media) - blocking sites/applications, prescriptions to platforms.
Bank Negara Malaysia (BNM) - payment route control, e-wallet/banks, AML/CFT.
State courts (Syariah Courts) - for Muslims: fines/sanctions for participation, promotion, visiting gambling establishments.

3) What is allowed/forbidden

Allowed (by license):
  • The only casino (Resorts World Genting) with offline format and access regulations.
  • Number Lotteries (NFOs): A limited list of licensed operators with offline sales and controlled channels.
Prohibited:
  • Any online money games and distance betting aimed at Malaysia.
  • Unlicensed offline games: underground "gambling houses," "cyber cafes" with slot software, home sweepstakes.
  • Advertising/affiliate promotion of unlicensed games, including for offshore. com».

4) Federation vs states and sharia specificity

At the federal level - criminal prohibitions and narrow licenses.
At the state level: Sharia bans are in effect for Muslims (especially tough - Kelantan, Terengganu, Kedah, etc.). Even where lotteries are available to non-Muslims, Muslims are prohibited from participating.
The practice of control varies: targeted bans on lottery points of sale and enhanced raids against "gray" halls are possible.

5) Online environment: locks and payments

MCMC and communication providers periodically block domains/IP/applications that distribute gambling content.
BNM, banks, PSP and e-wallet: banning routes to gambling MSS/merchants, monitoring "pseudo-merchants," closing suspicious accounts/wallets.
Marketplaces/platforms undertake to remove applications and promotions of illegal immigrants.

6) Access, age, behavior at sites

Casino (offline): strict entry control, KYC/ID checks, age restrictions, admission features for citizens/tourists.
Lotteries: sale offline through a licensed network with agreed age filters and regulations.

7) Advertising and Communications

Creatives who incite gambling or promise "guaranteed winnings" are prohibited, "without risk."

You cannot target a Malaysian audience with gambling ads, even if the servers/company are outside the country.
Media, agencies and influencers promoting offshore casinos/bookmakers are responsible.

8) AML/KYC and consumer protection

KYC/CDD/EDD for casinos/lotteries and payment providers; sanction/PEP screening.
Transactional monitoring: split cash, quick cashing, connectivity of devices/cards/e-wallet.
STR/CTR: mandatory reporting of suspicious/large transactions; retention logs.
RG tools (offline): visible warnings, self-exclusion/access restrictions according to local procedures.

9) Taxes, fees and accounting (high level)

For licensed segments - special excise/gambling fees and corporate taxes; the detailed fiscal model depends on the category (casino vs lottery).
Separate accounting: ticket office/tickets/jackpots/computers; otchetnost↔billing reconciliation; audit.
Fiscal parameters are periodically adjusted; Updating before budgeting is required.

10) Enforcement and sanctions

Desk/field inspections, police raids, equipment seizures, arrests of organizers/accomplices.
Network block measures against domains/mirrors and applications.
Payment restrictions: blocking merchants/wallets, revoking PSP licenses with complicity.
Fines/criminal liability are increased for repeated violations, use of proxy/cloaking, involvement of minors.

11) Road map (playbook)

B2C gambling operators

💡 Online launch to Malaysia is not possible. Offline casino - closed license; lotteries - only in the mode of existing licensed NFOs.

B2B suppliers (non-gaming and legal adjacent zones)

1. Focus on non-gaming: anti-fraud/AML analytics, information security, payment security, IDV/KYC - for legal industries.
2. Contractual framework: SLA, DPIA/data security, strict prohibition of "gaming features" and Malaysian target.
3. Marketing: compliance log, geo/age filters, readiness for instant off-switch.
4. Technique: WORM logs, encryption, RBAC/SoD, DR/BCP; reporting uploads to auditors/authorities.

12) Technical requirements (for infrastructure and suppliers)

Certifications (customer/category required), version control, secure SDLC.
WORM event chain logs, NTP synchronization, retention.
Encryption at rest/in transit; secret management; network segmentation.
DR/BCP with target RPO/RTO; regular pentests/scans; IDS/IPS.

13) Compliance checklists

Legal regime

  • Confirmed: no gambling component/Malaysian target
  • MCMC/Police/BNM (fast off-switch) prescription procedures
  • Responsible officers: Compliance/AML/Ads/IT-Security

AML/KYC

  • CDD/EDD; sanctions/RAP; SoF/SoW by Trigger
  • STR/CTR procedures; log/dossier retention
  • Monitor "pseudo-merchants" and anonymous routes

IT/Security

  • WORM logs, NTP; encryption; RBAC/SoD; secret management
  • DR/BCP tests; pentests/scans; IDS/IPS
  • Secure uploads/interfaces for auditing

Marketing/PR

  • No "guaranteed win "/" no risk"
  • Geo-filters (excluding Malaysia); compliance log
  • Instant Creative/Landing Call Procedure

14) First year KPI

Compliance: 0 incidents on advertising/payments/content to Malaysia

Information security: MTTR incidents; closing high-vulns on time; successful DR tests

AML: proportion of valid STRs; reduction of attempts of "pseudo-merchants"

Marketing: 100% compliance with geo-filters; no hits across Malaysia

15) FAQ

Is it possible to launch an online casino for a Malaysian audience with an offshore license?
No, it isn't. Online gambling targeting Malaysia is banned and blocked (MCMC/BNM/law enforcement).

Are private poker clubs legal?
No, with the exception of clearly licensed offline formats - underground clubs are subject to criminal liability.

Can Muslims buy lottery tickets?
States in sharia logic prohibit Muslims from participating in gambling; violation entails sanctions in Syariah courts.

Is there a "white" path for B2B?
Yes - non-gaming services (information security, anti-fraud/AML, identification, payment security, consulting) outside the gambling component and without targeting Malaysia.

Note

Law enforcement practice and fiscal parameters are periodically updated. For legally significant decisions, it is necessary to verify the current texts of laws/by-laws, MCMC/BNM notifications and state policies on sharia bans.

Contact

Get in Touch

Reach out with any questions or support needs.We are always ready to help!

Start Integration

Email is required. Telegram or WhatsApp — optional.

Your Name optional
Email optional
Subject optional
Message optional
Telegram optional
@
If you include Telegram — we will reply there as well, in addition to Email.
WhatsApp optional
Format: +country code and number (e.g., +380XXXXXXXXX).

By clicking this button, you agree to data processing.