New regulations affecting Labuan service companies
New data protection legislation has been introduced in Malaysia. Labuan service companies do not need to register but do need to be compliant with the principles established in the Act. Additionally, new regulations relating to fit and proper persons in Labuan should be noted by Lloyd’s service companies established in Labuan.
Personal Data Protection Act
The Personal Data Protection Act (PDPA) came into force on 15 November 2013, and compliance is required with immediate effect. It introduces new registration and compliance requirements for data users in Malaysia – including Lloyd’s service companies in Labuan. The PDPA applies to any person or entity processing or controlling personal data in respect of commercial transactions. Lloyd’s service companies in Labuan are included in the definition of “data users” and must comply with the principles laid out in the Act. These principles cover obtaining consent from and transparency with the data subject, restriction of the processing and disclosure of data, security provisions, limits on retention and secure disposal of data, accuracy of data and subject access rights. The principles are available in full here.
The Act also establishes a requirement for certain classes of data user to register with the newly established Personal Data Protection Commissioner (the “Commissioner”), however it has now been established that Labuan service companies are not required to register. Obtaining final legal advice about the new compliance requirements for Labuan service companies has caused the delay in sharing this information.
Guidelines on Fit and Proper Person Requirements
The Labuan Financial Services Authority has also issued revised Guidelines on Fit and Proper Person Requirements. These were released on 12 February 2014 and will come into effect on 1 January 2015.
The revised guidelines seek to provide further clarity on the expectations of Labuan FSA on the suitability of relevant persons of a Labuan Financial Institution (as defined in the Act). Among others, the revision includes a modified scope of relevant persons and an internal fitness and propriety policy to be developed by financial institutions to reflect their application of the revised guidelines. The full guidelines are available here.