Guidelines on Recognized Markets

GUIDELINES ON RECOGNIZED MARKETS SC-GL/6-2015(R14-2026) 1st Issued : 11 December 2015 Revised : 20 May 2026

GUIDELINES ON RECOGNIZED MARKETS List of Revisions Revision Series Revision Date Effective Date of Revision Series Number 1st Revision 13.04.2016 02.05.2016 SC-GL/6-2015 (R1-2016) 2nd Revision 25.01.2019 31.01.2019 SC-GL/6-2015 (R2-2019) 3rd Revision 17.05.2019 17.05.2019 SC-GL/6-2015 (R3-2019) 4th Revision 16.04.2020 16.04.2020 SC-GL/6-2015 (R4-2020) 5th Revision 05.05.2020 05.05.20201 SC-GL/6-2015 (R5-2020) 6th Revision 06.01.2021 06.01.2021 SC-GL/6-2015 (R6-2021) 7th Revision 22.11.2021 22.11.2021 SC-GL/6-2015 (R7-2021) 8th Revision 15.11.2022 15.11.2022 SC-GL/6-2015 (R8-2022) 9th Revision 28.11.2022 28.11.2022 SC-GL/6-2015 (R9-2022) 10th Revision 19.04.2023 19.04.2023 SC-GL/6-2015 (R10-2023) 11th Revision 06.02.2024 06.02.2024 SC-GL/6-2015 (R11-2024) 12th Revision 19.08.2024 19.08.2024 SC-GL/6-2015 (R12-2024) 13th Revision 06.01.2025 06.01.2025 SC-GL/6-2015 (R13-2025) 14th Revision 20.05.2026 20.05.20262 SC-GL/6-2015 (R14-2026) 1 Save for the requirement to have policies and procedures on anti-corruption and whistleblowing under subparagraph 6.02(d)(ii) of these Guidelines, which will take effect on 1 June 2020. 2 For DAX operators registered prior to 20 May 2026, the DAX operator must ensure that it complies with the financial requirements under paragraph 15.03 by 20 May 2028 (interim period). However, the DAX operator must continue to comply with the minimum paid-up capital requirements as set out in the previous Guidelines [SC-GL/6-2015(R13-2025)] during the interim period.

CONTENTS PART A: GENERAL CHAPTER 1 Introduction 1 PART B: REQUIREMENTS FOR REGISTRATION CHAPTER 2 Registration and Application for Registration 8 CHAPTER 3 Criteria for Registration 9 CHAPTER 4 Key Persons 12 PART C: TERMS AND CONDITIONS, DIRECTIONS AND ON-GOING OBLIGATIONS CHAPTER 5 15 Terms and Conditions and Directions CHAPTER 6 17 Obligations CHAPTER 7 23 Submission of Rules CHAPTER 8 24 Reporting Requirements PART D: CESSATION, WITHDRAWAL AND REVIEW OF STATUS CHAPTER 9 25 Cessation of Business or Operations CHAPTER 10 26 Withdrawal of Registration CHAPTER 11 27 Review of Status

PART E: OFFERING OF ISLAMIC CAPITAL MARKET PRODUCTS CHAPTER 12 28 [Deleted] PART F: ADDITIONAL REQUIREMENTS RELATING TO A RECOGNIZED MARKET THAT IS A CROWDFUNDING PLATFORM CHAPTER 13 29 Equity Crowdfunding Platform CHAPTER 14 42 Peer-to-Peer Financing Platform PART G: ADDITIONAL REQUIREMENTS RELATING TO A DIGITAL ASSET EXCHANGE CHAPTER 15 53 Digital Asset Exchange PART H: ADDITIONAL REQUIREMENTS RELATING TO A PROPERTY CROWDFUNDING PLATFORM CHAPTER 16 74 Property Crowdfunding Platform PART I: ADDITIONAL REQUIREMENTS RELATING TO AN E-SERVICES PLATFORM CHAPTER 17 81 E-Services Platform PART J: REQUIREMENTS RELATING TO APPLICATION FOR TAX EXEMPTION CHAPTER 18 85 Certification in Respect of Tax Exemption on Investment Made in an Investee Company PART K: SUBMISSION CHAPTER 19 87 Submission

APPENDIX 1 88 DOCUMENTS TO BE SUBMITTED APPENDIX 2 93 FIT AND PROPER CRITERIA APPENDIX 3 95 THIRD-PARTY VALIDATOR APPENDIX 4 96 TAX EXEMPTION ORDER APPENDIX 5 97 INVESTOR REPORT INFORMATION TO BE SUBMITTED BY AN ECF OPERATOR FOR VERIFICATION BY THE SC SCHEDULE 1 98 DECLARATION ON SYSTEM AND OPERATIONAL READINESS

1 PART A: GENERAL CHAPTER 1 Introduction 1.01 The Guidelines on Recognized Markets (Guidelines) are issued by the Securities Commission Malaysia (SC) pursuant to section 377 of the Capital Markets and Services Act 2007 (CMSA) read together with subdivision 4, division 2 of Part II CMSA. 1.02 These Guidelines set out the requirements for— (a) the registration of a person as a recognized market operator (RMO); and (b) on-going requirements applicable to a RMO. 1.03 A RMO must be structured as a body corporate unless specified otherwise by the SC. 1.04 These Guidelines seek to replace the Guidelines on Regulation of Markets issued on 11 December 2015, under section 34 of CMSA, and shall be read together with other relevant SC’s guidelines. 1.05 In addition to complying with these Guidelines, any proposal relating to offering of Islamic capital market products on or through the recognized market must also comply with the Guidelines on Islamic Capital Market Products and Services. 1.06 These Guidelines do not apply to— (a) a technology service provider who merely provides the infrastructure, software or the system to a RMO; (b) an operator of a communication infrastructure that merely enables orders to be routed to an approved stock market or derivatives market; (c) an operator of a financial portal that aggregates content and provides links to financial sites of service and information provider; or (d) an operator of a facility that provides information concerning prices of securities or derivatives, and a person is not reasonably expected to sell, purchase or exchange securities or derivatives based solely on the information. 1.07 The SC may, upon application, grant an exemption from or a variation to the requirements of these Guidelines, if the SC is satisfied that— (a) such variation is not contrary to the intended purpose of the relevant requirements in these Guidelines; or

2 (b) there are mitigating factors which justify the said exemption or variation. The SC’s approach to the regulation of markets 1.08 The securities and derivatives market operated, provided or maintained by an operator can be classified into three types of markets that are subject to different levels of regulation i.e. approved market, exempt market and recognized market. The level of regulation imposed will depend on the proposed market characteristics, including the structure of the market; sophistication of market users and rights of access; types of products traded; and risks posed by such markets. 1.09 An approved market refers to a stock market of a stock exchange or derivatives market of a derivatives exchange, which are approved pursuant to section 8 of the CMSA3 . The level of regulation on an approved market requires direct regulation subject to stringent requirements to ensure integrity of its market is maintained through fair, orderly, transparent and efficient market operations. 1.10 An exempt market is a stock market or derivatives market which has been declared as an exempt stock or derivatives market pursuant to section 7 of the CMSA. Such market may be exempted when it has already been subjected to other forms of regulation. 1.10A A recognized market essentially covers an alternative trading venue, marketplace or facility that brings together purchasers and sellers of capital market products. The level of regulation in comparison to approved markets is not as stringent. Terms and conditions may be imposed on the RMO to commensurate with the risk profile, nature and scope of the proposed recognized market operations. Circumstances where a person may be considered to be operating, providing or maintaining a market in Malaysia 1.11 A person may be considered to be operating, providing or maintaining a stock market or a derivatives market in Malaysia if— (a) the stock market or derivatives market is operated, provided or maintained in Malaysia; or (b) the stock market or derivatives market is located outside Malaysia and actively targets Malaysian investors. 1.12 A stock market or derivatives market will be considered to be operated, provided or maintained in Malaysia where the component parts of the stock market or derivatives market when taken together are physically located in Malaysia even if any of its component parts, in isolation, is located outside Malaysia. 3 An example of an approved market is the stock market operated by Bursa Malaysia Securities Bhd.

3 1.13 A stock market or derivatives market that is located outside Malaysia will be considered as actively targeting Malaysian investors if the operator or the operator’s representative, promotes directly or indirectly that market in Malaysia. 1.14 In deciding whether there is direct or indirect promotion of the stock market or derivatives market, the following may be taken into consideration by the SC: (a) Advertising the stock market or derivatives market, products or in the case of equity crowdfunding, an issuer hosted on the platform, in any publication in Malaysia; or (b) Sending direct mail or e-mail to Malaysian addresses marketing or promoting the stock market or derivatives market. 1.15 Notwithstanding the above factors, in determining whether a stock market or a derivatives market is targeted at Malaysian investors, the SC will assess all relevant facts and circumstances taking into account the protection of Malaysian investors and the integrity of Malaysian capital markets. 1.16 These Guidelines comprise of the following parts: (a) Requirements for the registration of the RMO as set out in Part B of these Guidelines; (b) Terms and conditions and on-going obligations of a RMO as set out in Part C of these Guidelines; (c) Provisions on cessation of business, withdrawal of registration and review of status of a RMO as set out in Part D of these Guidelines; (d) [Deleted]; (e) Additional requirements applicable to a recognized market that is a crowdfunding platform as set out in Part F of these Guidelines; (f) Additional requirements applicable to a recognized market that is a digital asset exchange as set out in Part G of these Guidelines; (g) Additional requirements applicable to a recognized market that is a property crowdfunding platform as set out in Part H of these Guidelines; (h) Additional requirements applicable to a recognized market that is an e-services platform as set out in Part I of these Guidelines; (i) Requirements relating to application for tax exemptions as set out in Part J of these Guidelines; and

4 (j) Requirements relating to submission to be registered as an RMO as set out in Part K of these Guidelines. Definitions 1.17 Unless otherwise defined, all words used in these Guidelines shall have the same meaning as defined in the CMSA. In these Guidelines, unless the context otherwise requires— approved exchange means a stock exchange or a derivative exchange approved under section 8 of the CMSA; approved market means a stock market or a derivative market of an approved exchange; compliance officer means the principal person responsible for compliance function; controller has the same meaning as provided in subsection 60(7) of the CMSA, which means a person who— (a) is entitled to exercise, or control the exercise of, not less than 15% of the votes attached to the voting shares in the RMO; or (b) has the power to appoint or cause to be appointed a majority of the directors of the RMO; or (c) has the power to make or cause to be made, decisions in respect of the business or administration of such RMO, and to give effect to such decisions or cause them to be given effect to; fit and proper means meeting the criteria as set out in Appendix 2 of these Guidelines; foreign operator means a body corporate or a limited liability partnership incorporated outside Malaysia who establishes, operates or maintains a stock market or derivatives market; independent director means a director who– (a) is not an executive director of the RMO and its related corporation;

5 (b) is not a substantial shareholder of the RMO or any of its related corporation; (c) is not a family member of any officer or substantial shareholder of the RMO or any of its related corporation; (d) is not acting as a nominee or representative of any executive director or substantial shareholder of the RMO or any of its related corporation; (e) in the last two years, has not been engaged for the provision of services by, or in any business transaction with, the RMO or any of its related corporation under such circumstances as may be specified by the SC; or (f) is not presently a partner, director (except as an independent director) or substantial shareholder, as the case may be, of a firm or corporation that has engaged in any transaction with the RMO or any of its related corporation under such circumstances as may be specified by the SC; investment note means any contract, agreement, note or any other document evidencing a monetary loan, executed or offered, on or through an electronic platform, where an investor expects a financial return, but does not include– (a) any right, option or interest in respect thereof; (b) a cheque, banker’s draft or any other bill of exchange or a letter of credit; (c) a banknote, guarantee or an insurance policy; or (d) a statement, passbook or other document showing any balance in a current, deposit or savings account; Islamic investment note means any contract, agreement, note or any other document evidencing undivided ownership or investment in any assets in compliance with Shariah

6 principles and concepts endorsed by the Shariah Advisory Council, and is executed or offered, on or through an electronic platform where an investor expects a financial return, but does not include– (a) any right, option or interest in respect thereof; (b) a cheque, banker’s draft or any other bill of exchange or a letter of credit; (c) a banknote, guarantee or a takaful policy; or (d) a statement, passbook or other document showing any balance in a current, deposit or savings account; licensed institution means– (a) a licensed bank as defined under Financial Services Act 2013; (b) a licensed Islamic bank as defined under Islamic Financial Services Act 2013; or (c) a licensed investment bank as defined under Financial Services Act 2013; Malaysian means a person who resides or has a registered address in Malaysia; officer means any director or employee of the RMO; person in breach means a person who breaches the rules of a recognized market; recognized market operator (RMO) means an operator who is registered pursuant to section 34 of the CMSA; recognized self-regulatory organisation means a person declared to be a recognized self￾regulatory organisation under section 323 of the CMSA; senior management means— (a) a person, by whatever named called, having the authority and responsibility for the planning,

7 directing or controlling activities of a RMO, including the responsible person, chief executive, chief operating officer or chief financial officer; and (b) any other person performing any function as may be specified by the SC. sophisticated investors means any person who– (a) is determined to be a sophisticated investor under the Guidelines on Categories of Sophisticated Investors; or (b) acquires any capital market product or Islamic capital market product offered or traded on a recognized market where the consideration is not less than two hundred and fifty thousand ringgit or its equivalent in foreign currencies for each transaction whether such amount is paid for in cash or otherwise; subsidiary has the same meaning as provided in section 4 of the Companies Act 2016; third-party validator means a person who is engaged by an applicant in accordance with Appendix 3 to provide a validation under paragraph 3.01(p).

8 PART B: REQUIREMENTS FOR REGISTRATION CHAPTER 2 Registration and Application for Registration Registration 2.01 The SC may register a person as a RMO, subject to the person satisfying the criteria set out in these Guidelines. 2.02 For the purposes of these Guidelines, an application for the registration as a RMO must be made by the operator of the stock market or derivative market. 2.03 Upon receiving an application for registration as a RMO under these Guidelines, the SC may exercise its power under subsection 35(3) of the CMSA to treat the said application as an application to be an approved exchange. Before exercising its power, the SC may consider the factors as provided in paragraph 11.03. Application for registration 2.04 An applicant is required to submit to the SC the relevant forms and documents as specified in Appendix 1 of these Guidelines and any other information as may be required by the SC. 2.04A An applicant must consult the SC prior to making an application for registration and provide the SC with sufficient information and documentation to ensure a meaningful discussion. 2.05 In the case where an applicant is regulated by another sectorial regulator, the applicant must also submit to the SC a no objection or approval letter from the relevant sectorial regulator when making the application to the SC.

9 CHAPTER 3 Criteria for Registration 3.01 The SC may register an applicant as a RMO if the applicant satisfies the SC that— (a) the applicant will be able to operate an orderly, fair and transparent market in relation to the securities or derivatives that are offered or traded on or through its platform; (b) the applicant will be able to carry out its obligations as set out under these Guidelines; (c) the information or document that is furnished by the applicant to the SC is not false or misleading nor does it contain any material omission; (d) the applicant is not in the course of being wound up or otherwise dissolved; (e) no receiver, receiver and manager or an equivalent person has been appointed within or outside Malaysia, or in respect of any property of the applicant; (f) the applicant has not, whether within or outside Malaysia, entered into a compromise or scheme of arrangement with its creditors, being a compromise or scheme of arrangement that is still in operation; (g) the applicant, applicant’s directors, senior management, compliance officer and controller are fit and proper; (h) there are no other circumstances which are likely to— (i) lead to the improper conduct of operations by the applicant or by any of its directors, senior management or controller of the applicant; or (ii) reflect discredit in the manner it operates its market; (i) the applicant’s business model has a value proposition or will contribute to the overall development of the capital market; (j) the applicant will appoint at least one responsible person as required under Chapter 4 of these Guidelines; (k) the rules of the market it seeks to operate make satisfactory provisions— (i) for the protection of investors and public interest; (ii) to ensure proper functioning of the market;

10 (iii) to promote fairness and transparency; (iv) to manage any conflict of interest that may arise; (v) to promote fair treatment of its users or any person who subscribe for its services; (vi) to promote fair treatment of any person who is hosted, or applies to be hosted, on its platform; (vii) to ensure proper regulation and supervision of its users, or any person utilising or accessing its platform, including suspension and expulsion of such users or persons; and (viii) to provide an avenue of appeal against the decision of the RMO; (l) the applicant will be able to take appropriate action against a person in breach including directing the person in breach to take any necessary remedial measure; (m) the applicant will be able to manage risks associated with its business and operation including demonstrating the processes and contingency arrangement in the event the applicant is unable to carry out its operations; (n) the applicant has sufficient financial, human and other resources for the operation of the recognized market, at all times; (o) the applicant has appropriate security arrangements which include maintaining a secured environment pursuant to the Guidelines on Technology Risk Management and other relevant guidelines; and (p) the applicant has submitted a validation by a third-party validator as to whether the RMO’s operational policies and procedures are in compliance with the relevant SC’s guidelines. 3.02 In the case of a foreign operator, in addition to the requirements under paragraph 3.01, the SC may register the foreign operator as a RMO, if the applicant satisfies the SC that— (a) the operator is authorised to operate a stock market or derivatives market, or carry out activity of a similar nature in a foreign jurisdiction; (b) the operator is from a comparable jurisdiction with whom the SC has regulatory arrangements on enforcement and supervision; and (c) it is in the best interest of Malaysia to register the foreign operator as a RMO. 3.03 In determining the best interest of Malaysia, the SC will give regard to any one or more of the following:

11 (a) The area of specialisation and level of expertise that can be offered to the capital market including the effect on productivity, transference of skills and efficiency and quality of capital market services; (b) The risk posed on the systemic stability of the capital market including activities and conduct that will likely impact the orderly functioning of the capital market; (c) The contribution towards attracting investments, enhancing market linkages and promoting vibrancy in the capital market; (d) The ability in developing strategic or nascent sectors in the capital market; or (e) The degree and significance of participation of Malaysians in the capital market. 3.04 Before the RMO is allowed to fully operationalise the recognized market, the RMO must submit to the SC— (a) a written declaration by the RMO’s board and responsible person in the format set out in Schedule 1 confirming that the RMO has, in relation to the recognized market,— (i) sufficient human, financial and other resources to carry out its operations; (ii) adequate securities measures, systems capacity, business continuity plan and procedures, risk management, data integrity and confidentiality, record keeping and audit trail, for daily operations and to meet emergencies; (iii) sufficient IT and technical support arrangements which include system readiness; and (iv) complied with all terms and conditions imposed by the SC required to be fulfilled by the RMO prior to operationalising the recognized market; and (b) a copy of the finalised rulebook which complies with the relevant SC guidelines.

12 CHAPTER 4 Key Persons Directors 4.01 A RMO must ensure that members of its board are fit and proper and are suitably qualified. 4.02 A RMO must notify the SC immediately via email, followed by submission of the relevant forms within 14 days of any appointment, reappointment, redesignation or vacancy of the position of director. 4.03 Where a member of the board becomes subject to any disqualification or becomes otherwise unfit to hold office, the RMO must ensure that such person vacates the position immediately. 4.04 The RMO must immediately notify the SC of a director’s disqualification or when a director becomes unfit to hold office, when the position is vacated. Appointment of responsible person 4.05 A RMO must appoint at least one responsible person on a full-time basis. 4.05A A RMO must ensure its responsible persons are fit and proper. 4.06 A person appointed as a responsible person must be a chief executive of the RMO or any person who is primarily responsible for the operations or financial management of the RMO. 4.07 At all times, the responsible person must undertake the role of the main contact person for the purpose of liaising with the SC and perform any duty as may be directed by the SC. 4.07A A RMO must notify the SC immediately via email, followed by submission of the relevant forms within 14 days of any appointment or vacancy of the position of responsible person. 4.08 A RMO must take the necessary steps and ensure that any vacancy of the position of responsible person shall be filled within six months from the date of vacancy. In the interim, the RMO must identify and appoint a suitable person who will be able to take on and be responsible for the functions of the vacated position.

13 Senior management 4.09 A RMO must ensure that an individual appointed to fulfil any position within its senior management is fit and proper and has the necessary professional skills and qualification, experience, and competence to fulfil the responsibilities and duties of that position. 4.10 A RMO must notify the SC immediately via email, followed by submission of the relevant forms within 14 days of any appointment or vacancy of the position of chief executive. 4.11 A RMO must take the necessary steps and ensure any vacancy in relation to the position of senior management shall be filled within six months from the date of vacancy. In the interim, the RMO must identify and appoint a suitable person who will be able to take on and be responsible for the functions of the vacated position. Compliance officer 4.12 The RMO must appoint a dedicated compliance officer on a full-time basis, to carry out compliance function on all matters provided in these Guidelines and its own internal policies and procedures. Guidance for paragraph 4.12 A compliance officer appointed by a RMO is required to be employed solely to carry out the compliance function of the RMO and is not permitted to take on other roles within the RMO. 4.13 Paragraph 4.12 shall not apply to a RMO that is an e-services platform operator. 4.14 The compliance officer appointed by the RMO must meet the following minimum qualification and experience requirements: (a) A degree or professional qualification from an institution recognised by the government of Malaysia with at least three years of relevant experience in the financial industry; or (b) A relevant diploma from an institution recognised by the government of Malaysia with at least five years of relevant experience in the financial industry. 4.15 To enable the compliance officer to discharge his duties properly and independently, the RMO must ensure the following: (a) The compliance officer is fit and proper; (b) The roles and responsibilities of the compliance officer is clearly defined and documented;

14 (c) The compliance officer has the necessary authority, resources and access to all relevant information to carry on his roles and responsibilities; and (d) The compliance officer must not be placed in a position where there is possible conflict of interest with his responsibilities. 4.16 A RMO must notify the SC immediately via email, followed by submission of the relevant forms within 14 days of any appointment or vacancy of the position of compliance officer. 4.17 A RMO must take the necessary steps and ensure that any vacancy in relation to the position of compliance officer shall be filled within six months from the date of vacancy. In the interim, the RMO must identify and appoint a suitable person who will be able to take on and be responsible for the functions of the vacated position.

15 PART C: TERMS AND CONDITIONS, DIRECTIONS AND ON-GOING OBLIGATIONS CHAPTER 5 Terms and Conditions and Directions 5.01 The SC may, in registering a RMO, impose any term or condition, and at any time vary, add or remove any term or condition. 5.01A The terms or conditions imposed under paragraph 5.01 may include the terms and conditions required to be complied with prior to the RMO commencing its business or operationalising a recognized market or on-going terms and conditions that must be complied by the RMO as long as it is registered or such other period as determined by the SC. 5.01B For the purpose of paragraph 5.01A, the terms and conditions may, among others, include: (a) Requiring a RMO’s platform to be fully operational within nine months from the date of the SC’s approval; (b) Requiring a RMO to have and maintain its shareholders’ fund at a minimum of RM2.5 million for a period as may be determined by the SC; and (c) Requiring a RMO to host or facilitate the offering or trading of at least one issuer or capital market product, as the case may be, on the RMO’s platform within 12 months from the date on which the RMO fully operationalise its platform. 5.02 The SC may issue a direction to the RMO, the board, senior management, controller or any other person regarding— (a) compliance with the requirements of the securities laws, these Guidelines and any other relevant SC guidelines; (b) the conduct of business or operations of the recognized market; (c) the appointment or removal of the responsible person; (d) fees payable; (e) restrictions on the types of investors or participants who may have access to a recognized market; (f) the capital market products or Islamic capital market products that may be traded on or through a recognized market;

16 (g) the services that may be offered; (h) the requirement to notify the SC of any changes to the RMO’s business; (i) the requirement to submit periodic reports to the SC; (j) the requirement to maintain relevant records; and (k) any other matter as the SC considers necessary for the protection of investor or the proper functioning of a recognized market. 5.03 The SC may direct the RMO to remove the director, senior management or compliance officer within such period as may be specified in such direction, if— (a) the person is not fit and proper; or (b) it would be contrary to public interest for the person to continue to hold the position of director, senior management or compliance officer of the RMO. 5.03A The SC may direct a RMO to conduct a periodic assessment of the RMO’s compliance with any or all of its regulatory obligations and submit to the SC the report on the extent to which it has complied with the regulatory obligations. 5.04 Notwithstanding paragraph 5.03A, the SC may at any time conduct periodic assessment on the RMO in relation to the RMO’s compliance with any or all of its regulatory obligations and request documents or other assistance as required. 5.05 [Deleted] 5.06 Unless otherwise determined by the SC, any direction issued by the SC under this Chapter 5 shall take effect immediately notwithstanding that an application to review the direction has been made to the SC.

17 CHAPTER 6 Obligations RMO’s obligations 6.01 A RMO must— (a) monitor and ensure compliance of its rules; (b) ensure fair treatment of its users; (c) ensure that all disclosures are fair, accurate, clear and not misleading; (d) obtain and retain self-declared risk acknowledgement forms from its users prior to them investing in a recognized market; (e) provide prior disclosure to investors that any loss resulting from the investors’ trading or investment through the recognized market is not covered by the Capital Market Compensation Fund; (f) ensure that all fees and charges payable are fair, reasonable and transparent; (g) ensure that it does not engage in any business practices appearing to the SC to be deceitful, oppressive or improper (whether unlawful or not) or which otherwise reflect discredit on his method of conducting business; (h) carry out continuous awareness and education programmes; (i) have in place processes to monitor anti-money laundering, counter terrorism financing and counter proliferation financing requirements,4 including having adequate investor on-boarding arrangements and processes; (j) disclose and display prominently on its platform, any relevant information relating to the recognized market including— (i) all necessary risk warning statements, including all risk factors that users may require in making a decision to participate on the platform; (ii) information on rights of investors relating to investing or trading in a recognized market; (iii) criteria for access to the recognized market; 4 These requirements are set out in the Guidelines on Prevention of Money Laundering and Terrorism Financing for Reporting Institutions in the Capital Market and Guidelines on Implementation of Targeted Financial Sanctions Relating to Proliferation Financing for Capital Market Intermediaries.

18 (iv) education materials, including comparative information where necessary; (v) fees, charges and other expenses that it may charge, impose on its users; (vi) information about complaints handling or dispute resolution and its procedures; (vii) information on processes and contingency arrangement in the event the RMO is unable to carry out its operations or cessation of business; and (viii) any other information as may be specified by the SC; (k) provide to the SC access to any register required to be maintained under these guidelines and disclose any other information as the SC may require; (l) must notify the SC of the occurrence of any event which would trigger the activation or execution of the business continuity plan, in such form and manner as may be specified by the SC; and (m) in the event of any technology incident, cyber incident or near miss event— (i) take all necessary and immediate appropriate actions to mitigate any potential losses; and (ii) immediately notify and submit a report to the SC in accordance with paragraphs 10.03 and 10.04 of the Guidelines of Technology Risk Management. (n) establish, implement and maintain processes and contingency arrangements to protect client funds and assets in the event the RMO is unable to carry out its operations or ceases its business; (o) conduct an audit at least once every three years to assess the RMO’s compliance to the provisions of these Guidelines and ensure that the audit findings and necessary corrective measures to be undertaken are tabled to the board; Guidance to paragraph 6.01(o) At a minimum, the audit must be conducted once every three years. However, the frequency of the audit conducted by a RMO should commensurate with the RMO’s business model and risk assessment. As such, the RMO should carry out such audit more frequently as necessary depending on the RMO’s type of business and level of risk.

19 (p) establish change management controls and appropriate approval processes in relation to changes made to the RMO’s IT systems including web and mobile applications; (q) deal with clients’ complaints and disputes in a fair, transparent, timely and efficient manner which includes ensuring that– (i) the clients are kept abreast of the review of a complaint regularly; and (ii) records of all complaints received and the outcome of the review of such complaints are complete and properly maintained; (r) communicate with the SC and other regulators in an open and professional manner; (s) provide the SC with documents and information when requested and within the time limits prescribed, or where such time limit is not prescribed, within a reasonable time; (t) carry on its activities with proper safeguards in place to protect clients’ assets and information; and (u) establish, maintain and consistently review the effectiveness and relevancy of the controls, policies and procedures to ensure compliance with these Guidelines. Prior approval or notification for the change in controller, shareholders and business particulars Controller 6.02 A RMO must obtain the SC's prior approval in circumstances where any proposed change in the direct or indirect shareholding of the RMO will result in the change in its controller. 6.03 [Deleted] Shareholders 6.04 A RMO must notify the SC at least 14 days before effecting any changes in shareholders. Business particulars 6.04A A RMO must notify the SC within fourteen 14 days on any changes to the RMO’s business particulars.

20 Guidance to paragraph 6.04A Change in the RMO’s business particulars covers instances where there is a change of the RMO’s name, business address and registered address. Notification shall be made in the form prescribed by the SC. Prior notification of new business, shares or interests within or outside Malaysia 6.05 A RMO must notify the SC, at least 14 days prior to— (a) establishing or acquiring any new business; (b) ceasing or disposing any existing business; or (c) acquiring new interests or shares or disposing any existing interests or shares, within or outside Malaysia. Board and senior management’s obligations 6.06 The RMO’s board must— (a) ensure the RMO complies with all the requirements under these Guidelines including any direction issued or any term or condition imposed by the SC; (b) ensure the responsible person carries out his responsibilities and duties; (c) identify and manage risks associated with the business and operations of the RMO, including having in place an effective business continuity plan and conduct business impact assessments; Guidance to paragraph 6.06(c) A business impact assessment should be conducted by a RMO where there are any events or proposals which may have potential significant impact to its business or operations. This includes where the RMO proposes to undertake any new business such as acquiring shares or interests within or outside Malaysia in relation to other businesses under paragraph 6.05. The RMO must carry out an assessment on the impact of such proposal to its existing business operations and resources. (d) establish and maintain controls, policies and procedures to— (i) effectively and efficiently manage actual and potential conflicts of interest;

21 (ii) implement anti-corruption and whistleblowing measures that are appropriate to the nature, scale and complexity of its business5 ; (iii) monitor trading and other market activity to detect non-compliance with the securities laws or its rules; (iv) deal with complaints relating to the operations of its market or the conduct of its participants; and (v) ensure compliance with all relevant laws, regulations and guidelines including Personal Data Protection Act 2010; (e) immediately notify the SC— (i) of any irregularity or breach of any provision of the securities laws, these Guidelines or its rules, including any alleged or suspected violations of any law or guidelines in relation to anti-money laundering, terrorism financing and proliferation financing by its participants; (ii) of any material change in the information submitted to the SC; or (iii) if it becomes aware of any matter which adversely affects or is likely to adversely affect its ability to meet its obligations or to carry out its functions under these Guidelines. Senior management’s obligations 6.06A The RMO’s senior management must– (a) implement and adhere to the controls, policies and procedures approved by the board; (b) manage risks associated with the business and operations of the RMO, including having in place an effective business continuity plan and conduct business impact assessments; (c) frequently and adequately apprise the board on the operations of the RMO and ensuring that the RMO complies with all the requirements under these Guidelines including any direction issued or any term or condition imposed by the SC; (d) ensure records maintained are accurate and properly secured; and (e) comply with the reporting requirements and submit accurate information to the SC in a timely manner. 5 The policies and procedures on anti-corruption shall be guided by the Guidelines on Adequate Procedures issued pursuant to section 17A (5) of the Malaysian Anti-Corruption Commission Act 2009.

22 Outsourcing obligations 6.07 The RMO’s board remains accountable for all outsourced functions. 6.08 The RMO’s board must establish effective policies and procedures for its outsourcing arrangement including a monitoring framework to monitor the service delivery and performance reliability of the service provider. 6.09 A RMO must ensure that the service provider has adequate policies and procedures to monitor the conduct of any appointed sub-contractor. 6.10 A RMO must perform an assessment on a service provider on a periodic basis, as part of its monitoring mechanism under paragraph 6.09 and submit a report of the assessment to its board and senior management. 6.11 A letter of undertaking is also required from the service provider or sub-contractor stating that the SC will have access to all information, records and documents relating to the material outsourced arrangements. 6.12 A RMO must notify the SC of any adverse development arising in the outsourcing arrangement of any outsourced function that could significantly affect the RMO, within two weeks from the occurrence of the event.

23 CHAPTER 7 Submission of Rules 7.01 For the purposes of this chapter, “rules” means the rules or directions, by whatever name called and wherever contained, governing the management, operations or procedures of the RMO, or the offering or trading of capital market product on the RMO’s platform. 7.02 A RMO must submit to the SC for its review, any proposed rules or any proposed amendments to existing rules prior to introducing any new rules or effecting any change to its existing rules. The submission shall include— (a) the text of the proposed rules or amendments; (b) an explanation of the purpose of the proposed rules or amendments; and (c) the RMO’s board resolution approving the proposed rules or amendments. 7.03 Notwithstanding paragraph 7.02, a RMO is only required to give the SC a written notice of any proposed rules or amendments as set out under Form 12, no later than 14 days prior to effecting such proposed rules or amendments. 7.04 Where the SC is of the opinion that any proposed rules or amendment does not fall within the scope of Form 12, the SC may direct the RMO to submit such proposed rules or amendments for its review. 7.05 The SC may at any time, direct a RMO to vary or amend any rule of the RMO submitted as it deems necessary.

24 CHAPTER 8 Reporting Requirements 8.01 A RMO must submit to the SC the following: (a) An annual compliance report to demonstrate the RMO’s compliance with any conditions imposed by the SC pursuant to the registration of the RMO as well as the CMSA; (b) Its latest audited financial statements, within three months after the close of each financial year or such period that the SC may allow; and (c) Any information required by the SC for the purpose of administrating securities laws in the form and manner as may be specified by the SC. 8.02 A RMO must comply with all reporting obligations and submit accurate reporting to the SC in a timely manner.

25 PART D: CESSATION, WITHDRAWAL AND REVIEW OF STATUS CHAPTER 9 Cessation of Business or Operations 9.01 The RMO shall not cease the business or operations of a recognized market without prior engagement with the SC. 9.01A Unless otherwise permitted by the SC, the cessation shall not take effect until the SC is satisfied that adequate arrangements have been made to meet all the liabilities and obligations of the RMO that are outstanding. 9.02 Without prejudice to Chapter 5 of these Guidelines, the SC may issue a direction or impose any term or condition for the purposes of ensuring the orderly cessation of the business or operations of the recognized market.

26 CHAPTER 10 Withdrawal of Registration 10.01 The SC may withdraw the registration of a RMO if— (a) the RMO fails to meet the requirements under paragraphs 3.01, 3.02 or 3.04 of these Guidelines; (b) the RMO fails or ceases to carry on the business or activities for which it was registered for a consecutive period of six months; (c) the RMO contravenes any obligation, condition or restriction imposed under these Guidelines; or (d) fails to pay any fee or levy prescribed by the SC. 10.02 The RMO may, by notice in writing, apply to the SC to withdraw its registration and provide reasons for its withdrawal. 10.03 The withdrawal of a RMO’s registration under paragraph 10.01 shall not— (a) take effect until the SC is satisfied that adequate arrangements have been made to meet all the liabilities and obligations of the RMO that are outstanding at the time the notice of the withdrawal is given; and (b) operate so as to— (i) avoid or affect any agreement, transaction or arrangement entered into on the recognized market operated by the RMO, whether the agreement, transaction or arrangement was entered into before or after the withdrawal of the registration; or (ii) affect any right, obligation or liability arising under any such agreement, transaction or arrangement.

27 CHAPTER 11 Review of Status 11.01 As provided under section 36B CMSA, the SC may, on application by a RMO or on the SC’s own initiative, review the status of a RMO. 11.02 Following the review, the SC may require a RMO to make an application for the recognized market to be an approved market under section 8 CMSA if the SC is of the opinion that the recognized market would be more appropriately regulated as an approved market. 11.03 In conducting review of the status of a RMO, the SC may consider the following factors: (a) The size and structure, or proposed size and structure, of the recognized market Consideration will be given to the size and structure of the market, including the volume and value of transactions conducted on the market, the number of investors trading on the market and the number of participants; (b) The nature of the services provided, or to be provided, by the recognized market This relates to the range of services provided by the market, such as whether the market offers the full range of services which includes the provision of quotes, matching of orders, clearing and settlement and provision of data services; (c) The type of the capital market products traded, or to be traded, on the recognized market This relates to the different type of capital market products traded on the market. A market that offers a variety of products or products that are highly complex or risky may pose a greater risk to the capital market and thus should be regulated as an approved market; and (d) The nature of the investors or participants, or proposed investors or participants, who may use or have an interest in the recognized market Consideration will be given to the level of sophistication of the investors or participants, the systemic importance of the participants and the impact of any failure of the market on the investors or participants and the broader financial sector.

28 PART E: OFFERING OF ISLAMIC CAPITAL MARKET PRODUCTS CHAPTER 12 [Deleted]

29 PART F: ADDITIONAL REQUIREMENTS RELATING TO A RECOGNIZED MARKET THAT IS A CROWDFUNDING PLATFORM CHAPTER 13 Equity Crowdfunding Platform Definitions 13.01 For the purposes of this chapter, unless context otherwise requires— angel investor refers to an individual— (a) who is a tax resident in Malaysia; and (b) whose total net personal assets exceed RM3 million or its equivalent in foreign currencies; or (c) whose gross total annual income is not less than RM180,000 or its equivalent in foreign currencies in the preceding twelve months; or (d) who, jointly with his or her spouse, has a gross total annual income exceeding RM250,000 or its equivalent in foreign currencies in the preceding 12 months; ECF operator means a RMO who operates an equity crowdfunding (ECF) platform; ECF platform means an equity crowdfunding platform registered by the SC; issuer means a person who is hosted on an ECF platform to offer its shares on the ECF platform; latest practicable date means a date whereby the information disclosed should remain relevant and current as at the date of issue of the prospectus; microfund means an entity that meets the conditions set out in paragraph 13.18.

30 ECF operator 13.02 All other requirements stated in these Guidelines are applicable to an ECF operator, unless otherwise stated. 13.03 All ECF operators must be locally incorporated and have a minimum paid-up share capital of RM5 million. Obligations of ECF operator 13.04 In addition to the obligations specified in Chapter 6, an ECF operator must— (a) carry out a due diligence exercise with due care on prospective issuers planning to use its platform; (b) ensure that all relevant documents relating to the prospective issuer and fundraising exercise including the documents set out in paragraph 13.24 have been obtained; (c) review and consider all documents and information relating to the prospective issuer with the purpose of assessing whether the prospective issuer should be hosted on the ECF platform; (d) ensure the issuer’s disclosure document lodged with the ECF operator is verified for accuracy and made accessible to investors through the ECF platform; (e) where an issuer is a public company, assess and subject to compliance with the requirements under this Part, register the issuer’s prospectus, including any supplementary prospectus, furnished to the ECF operator. In assessing the issuer’s prospectus and supplementary prospectus (if any), the ECF operator must ensure that the prospectus and supplementary prospectus (if any) includes the information required under this Part and that its contents are not false or misleading or containing any material omission; (f) inform investors of any material adverse change to the issuer’s proposal as set out under paragraph 13.09; (g) ensure that the fundraising limits imposed on the issuer are not breached; and (h) ensure that the investment limits imposed on investors are not breached. 13.05 The scope of the due diligence exercise by an ECF operator shall include taking reasonable steps to— (a) conduct background checks on the issuer to ensure fit and properness of the issuer, its directors, senior management and controller; and

31 (b) verify the business proposition of the issuer. Operation of trust account 13.06 An ECF operator must establish systems and controls for maintaining accurate and up￾to-date records of investors’ monies held. 13.07 The ECF operator must ensure that investors’ monies are properly safeguarded from conversion or inappropriate use by its officers. 13.08 The ECF operator shall— (a) establish and maintain in a licensed institution one or more trust accounts designated for the funds raised by an issuer hosted on its platform; (b) ensure that the trust accounts under paragraph 13.08(a) are administered by an independent registered trustee; and (c) only release the funds to the issuer after the following conditions are met: (i) The targeted amount sought to be raised has been met; (ii) The shares have been issued to the investors; (iii) There is no material adverse change relating to the offer before the issue of shares; and (iv) The cooling-off period of at least six business days have expired. 13.09 For the purpose of subparagraph 13.08(c), a material adverse change concerning the issuer, may include any of the following matters: (a) The discovery of a false or misleading statement in any disclosures in relation to the offer; (b) The discovery of a material omission of information required to be disclosed in relation to the offer; or (c) There is a material change or development in the circumstances relating to the offering or the issuer. 13.10 Notwithstanding paragraph 13.08(c), the ECF operator may impose any other additional conditions precedent before releasing the fund, provided that they serve the investors’ interest.

32 Managing conflict of interest 13.11 The ECF operator, including its individual directors and shareholders, must disclose to the public on its platform if— (a) it holds any shares in any of the issuers hosted on its platform; or (b) it pays any referrer or introducer, or receives payment in whatever form, including payment in the form of shares, in connection with an issuer hosted on its platform. 13.12 Notwithstanding paragraph 13.11, an ECF operator’s shareholding in any of the issuers hosted on its platform shall not exceed 30 per cent. 13.13 The ECF operator is prohibited from providing direct or indirect financial assistance to investors, to invest in shares of an issuer hosted on its platform. Permitted and non-permitted issuers 13.14 Only locally incorporated companies and limited liability partnerships will be allowed to be hosted on the ECF platform. 13.15 The following entities are prohibited from raising funds through an ECF platform: (a) Exempt private company; (b) Commercially or financially complex structures (i.e. investment fund companies or financial institutions); (c) Public-listed companies and their subsidiaries; (d) Companies with no specific business plan or its business plan is to merge or acquire an unidentified entity (i.e. blind pool); (e) Companies other than a microfund that propose to use the funds raised to provide loans or make investment in other entities; and (f) Any other type of entity that is specified by the SC. 13.16 An issuer shall not be allowed to be hosted concurrently on multiple ECF platforms or on any stock market of Bursa Malaysia Securities Bhd. 13.17 An issuer may be permitted to be hosted on an ECF platform and peer-to-peer financing (P2P) platform, at the same time, subject to disclosure requirements as may be specified by the platform operators.

33 13.18 An ECF operator may allow for the hosting of a microfund on its platform provided the microfund— (a) is registered with the SC as a venture capital company; (b) has a specified investment objective; and (c) only raises funds from sophisticated investors and angel investors. Limits to funds raised from ECF platform 13.19 An issuer may only raise, collectively, a maximum amount of RM20 million through ECF platforms in its lifetime, excluding the issuer’s own capital contribution or any funding obtained through a private placement exercise. 13.20 Paragraph 13.19 shall not apply to a microfund hosted on an ECF platform. Disclosure requirements 13.21 An issuer proposing to be hosted on an ECF platform must disclose the information set out in paragraph 13.24 to enable an investor to make an informed assessment on the fundraising exercise. 13.22 Where an issuer is a public company, the issuer shall submit to the ECF operator a prospectus which— (a) complies with subsection 235(1) of the CMSA save that the issuer shall be relieved from compliance with paragraph (b) of subsection 235(1); and (b) contains the information set out in paragraph 13.24. 13.23 Paragraph 13.22 will not apply where a public company is making an offer of its shares solely to sophisticated investors provided the public company discloses the statements as set out in paragraph 13.24(h) to the investors. 13.24 An issuer proposing to be hosted on an ECF platform must submit the relevant information to the ECF operator, including the following: (a) Information that explains key characteristics of the company; (b) Information relating to the rights attached to the shares being offered; (c) Information that explains the purpose of the fundraising and the targeted offering amount;

34 Guidance for paragraph 13.24(c) The information should also include information relating to the number and price of shares being offered, subsequent use and application of the proceeds after the success of the fundraising exercise including the proposed timeframe for such utilisation. (d) Information relating to the business plan of the company; (e) Financial information relating to the company— (i) where the issuer is a public company, audited financial statements of the company; (ii) for other types of issuers— (A) for offerings below RM500,000: i. Audited financial statements of the company, where applicable (e.g. where the issuer has been established for at least 12 months); and ii. Where audited financial statements are unavailable (e.g. the issuer is newly established), certified management accounts or financial information prepared by the issuer; or (B) for offerings above RM500,000, audited financial statements of the company; (f) Information relating to key management, directors and promoters of the issuer; Guidance for paragraph 13.24(f) The information should include, among others, the individual’s name, nationality, age, profession, qualification, past experiences and any interests held in any other company which may result in a conflict of interest. (g) Where an issuer is a public company, information relating to— (i) the risk factors and prospects of its business; (ii) any situations of actual or potential conflict of interest involving the direct and indirect interest of a director, substantial shareholder or chief executive; and

35 Guidance for paragraph 13.24(g)(ii) Situations that are likely to give rise to conflict of interest include circumstances where a director, substantial shareholder or chief executive— (a) has an interest in a competing business with that of the issuer’s or its subsidiary companies; (b) conducts or has interest in business transactions involving goods or services, either directly or indirectly, with the issuer or its subsidiary companies; (c) provides or receives financial assistance which includes advances, loans and personal or corporate guarantees from the issuer or its subsidiary companies; or (d) leases property to or from the issuer or its subsidiary companies. (iii) any transaction or arrangement entered into by the issuer or any of its subsidiaries with any of— (A) the issuer’s director, substantial shareholder or a person connected with a director or substantial shareholder of the issuer; or (B) its subsidiary’s director, substantial shareholder or a person connected with a director or substantial shareholder of the subsidiary, which is not undertaken at arm's length basis or at terms not in the ordinary course of business for the period covered in the issuer’s audited financial statements and up to the latest practicable date prior to the issue of the prospectus; and (iv) any policies and procedures to manage issues of conflict of interest including potential conflicts of interest and any related party transactions. (h) The following statements must be highlighted in bold and a prominent colour: (i) “No shares will be allotted or issued based on this document after six months from the closing of the offer period.” (ii) “This issue, offer or invitation for the offering is a proposal not requiring authorisation of the Securities Commission Malaysia under section 212(8) of the CMSA 2007.”

36 (iii) “This document has not been reviewed by the Securities Commission Malaysia. The Securities Commission Malaysia does not recommend nor assume responsibility for any information including any statement, opinion or report disclosed in relation to this fundraising exercise and makes no representation as to its accuracy or completeness. The Securities Commission Malaysia expressly disclaims any liability whatsoever for any loss howsoever arising from or in reliance upon the whole or any part of the information disclosed.” 13.25 For the purposes of paragraph 13.24(g)(iii)— (a) “person connected with a director” has the same meaning assigned to a “person connected with a director” under section 197 of Companies Act 2016; and (b) “person connected with a substantial shareholder” has the same meaning assigned to a “person connected with a director” under section 197 of Companies Act 2016 save that all references therein to a director shall be read as a reference to a substantial shareholder. 13.26 An issuer proposing to be hosted on an ECF platform shall ensure that all information submitted or disclosed to an ECF operator is true and accurate and shall not contain any information or statement which is false or misleading or from which there is a material omission. 13.27 In addition to the obligations set out in Chapter 6, an ECF operator must disclose and display prominently on its platform— (a) information relating to the issuer as specified under paragraph 13.24; and (b) details on how the platform facilitates the investor’s investment including providing communication channels to permit discussions about issuers hosted on its platform. 13.28 An issuer that has successfully completed its fundraising exercise on an ECF platform must ensure that there is effective, transparent and regular communication with its shareholders including providing regular updates on the progress of the business of the issuer and the issuer’s financial position. Prospectus 13.29 Where an issuer is a public company— (a) a prospectus registered with an ECF operator shall be deemed to have been registered with the SC for purposes of section 232 of the CMSA;

37 (b) the issuer must furnish a copy of the prospectus that has been registered with the ECF operator to the SC in the manner and form as may be specified by the SC; (c) where a prospectus has been registered with the ECF operator under paragraph 13.29(a), and before the issue of shares, the issuer becomes aware that— (i) a matter has arisen and information in respect of that matter would have been required by these Guidelines to be disclosed in the prospectus if the matter has arisen at the time the prospectus was prepared; (ii) there has been a material change affecting a matter disclosed in the prospectus; or (iii) the prospectus contains a statement or information that is false or misleading, or from which there is a material omission, the issuer must notify the ECF operator and, as soon as practicable, submit a supplementary prospectus to the ECF operator for registration. The issuer must furnish a copy of the supplementary prospectus that has been registered with the ECF operator to the SC. 13.30 For the purposes of paragraph 13.29(c),— (a) where a supplementary prospectus has been registered with the ECF operator, and before the issuance of shares, the ECF operator must notify the investor that— (i) a supplementary prospectus is available on the platform; and (ii) the investor may withdraw his application for the subscription of shares within six business days from the date of receipt of the notice; (b) if the investor withdraws his application pursuant to paragraph 13.30(a) above, the ECF operator must within six business days, refund to the investor any amount that the investor has paid for the purposes of the share offering. Investment limit 13.31 A person may invest in any issuer hosted on the ECF platform, subject to the following limits: (a) Sophisticated investors: No restrictions on investment amount; (b) Angel investors: A maximum of RM500,000 within a 12-month period; and

38 (c) Retail investors: A maximum of RM10,000 per issuer with a total amount of not more than RM50,000 within a 12-month period. 13.32 The investment limits specified in paragraph 13.31 are applicable to local and foreign investors. Secondary market 13.33 An ECF operator who wishes to operate a secondary market for the trading of an issuer’s shares must seek prior approval of the SC. 13.34 An ECF operator must ensure that— (a) only shares of an issuer that have been hosted and successfully funded through the ECF platform will be permitted to be traded on the ECF operator’s platform; and (b) the issuer’s shares may only be traded after six months from the date of the completion of the issuer’s fundraising campaign. For avoidance of doubt, the issuer’s fundraising campaign is completed after the issuer’s shares have been allotted and issued to the investors. 13.35 Notwithstanding paragraph 13.34(b), in the case of shares of the issuer held by the promoter, the promoter can only sell, transfer or assign his shares after six months from the date the shares are traded on the secondary market. Obligations of an ECF operator operating a secondary market 13.36 Where an ECF operator operates a secondary market, the ECF operator must, among others— (a) have arrangements on how the secondary market will operate, and ensure that the secondary market trading activities on its platform is conducted in a fair, orderly and transparent manner; (b) ensure that access to its secondary market is fair, transparent and objective, including treating all its users fairly by, among others, providing equal access to information; (c) disclose information about its market structure, order types and the interactions of the order types; (d) have in place policies and procedures for the trading, clearing and settlement of securities on the ECF platform;

39 (e) have additional resources, including financial, technological and human resources that is sufficient to operate its secondary market; (f) have adequate arrangements for— (i) notifying disclosures made to it and for continuing to make those disclosures available; (ii) handling all conflicts of interest and all risks that may arise from the conduct of its secondary market activities; and (iii) monitoring and ensuring compliance of its rules, including conducting on￾going market surveillance. (g) have in place mechanisms to help ensure the resiliency, reliability and integrity of the system to operate its secondary market. 13.37 Any proposed rules of an ECF operator or any proposed amendments to its existing rules relating to secondary market shall comply with paragraph 7.02. Market integrity provisions Trading operations 13.38 An ECF operator must— (a) disclose the order execution rules and any cancellation procedures and ensure they are applied fairly to all its users; (b) establish a robust operational framework with appropriate systems, policies, procedures and controls to manage and monitor trading activities on the ECF platform; (c) have in place adequate arrangements and processes to manage error trades; (d) have in place adequate arrangements and processes to manage systems error, failure or malfunction; (e) have in place adequate arrangements and processes to manage excessive volatility of its market which may include circuit breakers, price limits and trading halts; (f) have in place adequate arrangements and processes for trading halts in relevant securities, which should include the length of the trading halt and how it will resume trading on its market after the trading halt;

40 (g) have in place adequate arrangements and processes to manage investors’ assets in the event of any suspension or outages of the platform, including transfer or withdrawal procedures; (h) have in place adequate arrangements and processes to deter manipulative activities on the platform and ensure proper execution of trades; and (i) have clearly defined operational reliability objectives and have in place policies that are designed to achieve those objectives. Market transparency 13.39 An ECF operator must— (a) ensure trading information, both pre-trade and post-trade, is made publicly available on a timely or real-time basis, as the case may be; (b) make available in a comprehensive manner and on a timely basis, material information or changes to the tradable securities; (c) ensure all information relating to the trading arrangements and circumstances arising thereof where relevant, are made publicly available; and (d) ensure timely and accurate disclosure of all material information necessary for informed investing and take reasonable steps to ensure that all investors enjoy equal access to such information. Clearing and settlement 13.40 An ECF operator must ensure there are orderly, clear and efficient clearing and settlement arrangements. 13.41 An ECF operator must provide clear and certain final settlement, at a minimum by the end of the value date, intra-day or real time. Risk management 13.42 An ECF operator that is operating a secondary market should identify possible sources of operational risk in secondary market trading activities, both internal and external, and mitigate their impact through the use of appropriate systems, policies, procedures and controls. Systems should be designed to ensure security resiliency and operational reliability including having adequate capacity.

41 13.43 In relation to paragraph 13.42, an ECF operator must— (a) establish an operational risk-management framework with appropriate systems, policies, procedures and controls to identify, monitor, mitigate and manage operational risks; (b) have in place clearly defined roles and responsibilities for addressing operational risks; and (c) have a comprehensive physical and information security policy that addresses all potential vulnerabilities and threats in secondary market trading activities.

42 CHAPTER 14 Peer-to-peer Financing Platform Definitions 14.01 For the purposes of this chapter, unless context otherwise requires— angel investor refers to an individual— (a) who is a tax resident in Malaysia; and (b) whose total net personal assets exceed RM3 million or its equivalent in foreign currencies; or (c) whose gross total annual income is not less than RM180,000 or its equivalent in foreign currencies in the preceding 12 months; or (d) who, jointly with his or her spouse, has a gross total annual income exceeding RM250,000 or its equivalent in foreign currencies in the preceding 12 months; invoice financing means a fundraising activity via the sale of trade receivables or invoices which is evidenced by an investment note or an Islamic investment note; issuer means a person that is seeking funding on or through a P2P platform and shall include seeking funding via invoice financing; P2P operator means a RMO who operates a P2P platform; P2P platform means an electronic platform that facilitates directly or indirectly the issuance, execution or offering of an investment note or an Islamic investment note. P2P operator 14.02 All other requirements stated in these Guidelines are applicable to a P2P operator, unless otherwise stated. 14.03 Any person who seeks to operate an invoice financing platform must apply to be registered as a P2P operator under these Guidelines.

43 14.04 All P2P operators must be locally incorporated and have a minimum paid-up share capital of RM5 million. Obligations of P2P operator 14.05 A P2P operator must, in addition to the obligations specified in Chapter 6— (a) ensure there is an efficient and transparent risk assessment framework, and policies and procedures which includes but is not limited to, risk scoring mechanism and methodology relating to the investment note or Islamic investment note and assessments of the issuers; (b) carry out a risk assessment with due care and diligence on prospective issuers intending to use its platform; (c) ensure that all relevant documents relating to the prospective issuer and funding exercise including the documents set out in paragraph 14.29 have been obtained; (d) review and consider all documents and information relating to the prospective issuer with the purpose of assessing whether the prospective issuer should be hosted on the P2P platform; (e) ensure the issuer’s disclosure document lodged with the P2P operator is verified for accuracy and made accessible to investors through the P2P platform; (f) inform investors of any material change to the issuer’s proposal as set out under paragraph 14.12; (g) have in place effective policies and procedures to manage any late payment and default by issuers including using its best endeavours to recover amounts outstanding to investors; and (h) in addition to the provision as set out in subparagraph 3.01(j), ensure that its rules set out a rate of financing that is not more than eighteen (18) per cent per annum. A P2P operator must consult the SC if it wishes to impose a rate of financing that is more than 18 per cent per annum. 14.06 The scope of the risk assessment by a P2P operator shall include taking reasonable steps to— (a) conduct background checks on the issuer to ensure fit and properness of the issuer, its board, senior management and controller; (b) verify the business proposition of the issuer; and (c) carry out assessment on the issuer’s creditworthiness.

44 Operation of trust account General 14.07 A P2P operator must establish systems and controls for maintaining accurate and up- to￾date records of investors’ monies held. 14.08 The P2P operator must ensure that investors’ monies are properly safeguarded from conversion or inappropriate use by its officers. Trust account relating to monies received for issuers 14.09 The P2P operator shall— (a) establish and maintain in a licensed institution, one or more trust accounts designated for the funds raised in relation to a hosting on its platform; and (b) ensure that the trust accounts are administered by an independent registered trustee. 14.10 The P2P operator may only release the funds to pay the issuer or a relevant supplier upon closure of the offer period provided that there is no material adverse change relating to the investment notes or Islamic investment notes prior to such payment. 14.11 [Deleted]. 14.12 For the purpose of paragraph 14.10, a material adverse change may include any of the following matters: (a) The discovery of a false or misleading statement in any disclosures relating to the investment notes or Islamic investment notes; (b) The discovery of a material omission of information required to be disclosed in relation to the investment notes or Islamic investment notes; or (c) There is a material change or development in the circumstances relating to the investment notes, Islamic investment notes or the issuer. 14.12A For the purpose of paragraph 14.10, the P2P operator may only release funds to pay a relevant supplier of the issuer provided that: (a) the payment is made in relation to an account payable financing; (b) the P2P operator has in place, adequate, sufficient and effective controls to manage risks to its platform and its users including but not limited to risk relating to anti-money laundering, terrorist financing and proliferation financing, legal risk and operational risk relating to the payment to the supplier; and

45 (c) the supplier is not a related party of P2P operator. 14.12B The RMO must maintain a list of all relevant suppliers under paragraph 14.12A and upon the request of SC, provide such list to the SC. 14.13 Notwithstanding the above, the P2P operator may impose any other additional conditions precedent before making a payment from the fund, provided that they serve the investors’ interest. Trust account relating to monies received for investors 14.14 A P2P operator shall— (a) establish and maintain in a licensed institution, one or more trust accounts designated for the monies received as repayments to investors; and (b) ensure that the trust accounts are administered by an independent registered trustee. 14.15 A P2P operator shall not withdraw from or deal with investors’ monies in a trust account except for the purpose of making a payment— (a) to the investor, P2P operator, the issuer or relevant supplier as set out in paragraph 14.12B; or (b) that is as otherwise directed by the SC or by any other enforcement agencies as provided under written law. Managing conflict of interest 14.16 The P2P operator and its officers are prohibited from providing direct or indirect financial assistance to investors, to invest in investment note or Islamic investment note executed or offered, on or through its platform. 14.17 The P2P operator is prohibited from providing any funding to issuers or investing in any of the investment notes or Islamic investment notes executed or offered, on or through its platform. 14.18 Notwithstanding paragraph 14.17, officers of the P2P operator are permitted to invest subject to the P2P operator having in place appropriate process and procedure to manage conflict of interest.

46 Permitted and non-permitted issuers 14.19 Only the following type of issuer will be allowed to be hosted on a P2P platform: (a) Locally incorporated or registered, as the case may be,— (i) sole proprietorship; (ii) partnership; (iii) limited liability partnership; (iv) private company; (v) unlisted public company; (vi) public-listed company; (vii) subsidiaries of a public-listed company; and (b) Any other type of entity or person as may be permitted by the SC. 14.20 The following entities are prohibited from raising funds through a P2P platform: (a) Commercially or financially complex structures (i.e. investment fund companies or financial institutions); (b) Companies with no specific business plan or its business plan is to merge or acquire an unidentified entity (i.e. blind pool); (c) Companies that propose to use the funds raised to provide loans or make investment in other entities; and (d) Any other type of entity that is specified by the SC. 14.21 An issuer shall not be allowed to be hosted concurrently for the same purpose on multiple P2P platforms. 14.22 An issuer may be permitted to be hosted on a P2P platform and ECF platform at the same time, subject to the issuer complying with the disclosure requirements as may be specified by the platform operators. 14.23 In the case of invoice financing, the P2P operator shall take reasonable steps to ensure that the receivable or invoice— (a) is payable to and is owned by the issuer;

47 (b) represents a bona fide payment obligation from a client of the issuer to the issuer; (c) has not been offered for financing or otherwise disposed in any way to any person before being hosted on its P2P platform; and (d) is not subject to any encumbrances which may adversely affect an investor’s rights, title, interests and benefits. Risk assessment 14.24 All issuances, offers or invitations to subscribe or purchase investment note or Islamic investment note must be rated by the P2P operator. 14.25 The P2P operator is accountable for the risk assessment which includes but is not limited to, risk scoring mechanism and methodology employed in assessing the creditworthiness of an issuer. 14.26 The final risk scoring for the purchase of the investment note or Islamic investment note must be made available to investors at the time of offer. Funds raised on a P2P platform 14.27 An issuer is permitted to keep any amount which was raised through a hosting on a P2P platform provided that the issuer must have at least raised 80 per cent of the target amount. 14.28 Notwithstanding paragraph 14.27, the issuer is not allowed to keep any amount which exceeds the initial target amount. Disclosure requirements 14.29 An issuer proposing to be hosted on a P2P platform shall submit the relevant information to the P2P operator including the following: (a) Information that explains key characteristics of the business; (b) Information that explains the purpose of the investment note or Islamic investment note and the targeted offering amount; (c) Information relating to the business plan; (d) Information relating to the issuer’s credit exposure; (e) Information relating to his intention to seek funding from any other P2P platforms concurrently; and (f) Financial information relating to the business—

48 (i) for offerings below RM500,000: (A) audited financial statements where applicable (e.g. where the issuer has been established for at least 12 months); and (B) where audited financial statements are unavailable (e.g. the issuer is newly established), certified management accounts or financial information prepared by the issuer; or (ii) for offerings above RM500,000, audited financial statements of the company. 14.30 An issuer proposing to be hosted on a P2P platform shall ensure that all information submitted or disclosed to a P2P operator is true and accurate and shall not contain any information or statement which is false or misleading or from which there is a material omission. 14.31 In addition to the obligations set out in Chapter 6, a P2P operator must disclose and display prominently on its P2P platform, any relevant information relating to the P2P including— (a) information relating to an issuer as specified under paragraph 14.29, at point of offering and throughout the tenor of the investment note or Islamic investment note; (b) information on how the P2P platform facilitates an investor’s investment including providing communication channels to permit discussions about offerings hosted on its P2P platform; (c) explanatory notes on risk scoring mechanism, methodology and parameters; (d) information on the criteria by which an investment note or Islamic investment note is regarded as in default; (e) information about processes and policies put in place by the P2P operator to manage default of issuers; and (f) information including statistics on late payment and default rate of issuers hosted on the P2P platform. Investment limit 14.32 A sophisticated investor or angel investor may invest in any issuer hosted on the P2P platform and shall not be subjected to any restriction in respect of his investment amount.

49 14.33 To manage the risk exposure of retail investors, P2P operators must encourage retail investors to limit their investments on any P2P platform to a maximum of RM50,000 at any period of time. Secondary market 14.34 A P2P operator who wishes to operate a secondary market for the trading of investment notes or Islamic investment notes must seek prior approval of the SC. 14.35 Only an investment note or Islamic investment note that fulfils the following criteria may be permitted to be traded on the secondary market: (a) At the point of admission for secondary market trading, the investment note or Islamic investment note has a remaining repayment period of at least 3 months; (b) The investment note or Islamic investment note is executed or offered through the P2P platform; and (c) The investment note or Islamic investment note has been issued to investors. Obligations of a P2P operator operating a secondary market 14.36 Where a P2P operator operates a secondary market, the P2P operator must, among others— (a) have arrangements on how the secondary market will operate, and ensure that the secondary market trading activities on its platform is conducted in a fair, orderly and transparent manner; (b) ensure that access to its secondary market is fair, transparent and objective, including treating all its users fairly by, among others, providing equal access to information; (c) disclose information about its market structure, order types and the interactions of the order types; (d) have in place policies and procedures for the fair and transparent referencing and pricing of investment notes or Islamic investment notes to be traded on the secondary market; (e) have in place policies and procedures for the trading, clearing and settlement of investment notes or Islamic investment notes on the P2P Platform; (f) have additional resources, including financial, technological and human resources that is sufficient to operate its secondary market; (g) have adequate arrangements for—

50 (i) notifying disclosures made to it and for continuing to make those disclosures available; (ii) handling all conflicts of interest and all risks that may arise from the conduct of its secondary market activities; (iii) monitoring and ensuring compliance of its rules, including conducting on￾going market surveillance; and (h) have in place mechanisms to help ensure the resiliency, reliability and integrity of the system to operate its secondary market. 14.37 Any proposed trading rules of a P2P operator or any proposed amendments to its existing trading rules relating to secondary market shall comply with paragraph 7.02. Market integrity provisions Trading operations 14.38 A P2P operator must— (a) disclose the order execution rules and any cancellation procedures and ensure they are applied fairly to all its users; (b) establish a robust operational framework with appropriate systems, policies, procedures and controls to manage and monitor trading activities on the platform; (c) have in place adequate arrangements and processes to manage error trades; (d) have in place adequate arrangements and processes to manage systems error, failure or malfunction; (e) have in place adequate arrangements and processes to manage excessive volatility of its market which may include circuit breakers, price limits and trading halts; (f) have in place adequate arrangements and processes for trading halts in relevant securities, which should include the length of the trading halt and how it will resume trading on its market after the trading halt; (g) have in place adequate arrangements and processes to manage investors’ assets in the event of any suspension or outages of the platform, including transfer or withdrawal procedures;

51 (h) have in place adequate arrangements and processes to deter manipulative activities on the platform and ensure proper execution of trades; and (i) have clearly defined operational reliability objectives and have policies in place that is designed to achieve those objectives. Market transparency 14.39 A P2P operator must— (a) ensure trading information, both pre-trade and post-trade, is made publicly available on a timely or real-time basis, as the case may be; (b) make available in a comprehensive manner and on a timely basis, material information or changes to the tradable securities; (c) ensure all information relating to the trading arrangements and circumstances arising thereof where relevant, are made publicly available; and (d) ensure timely and accurate disclosure of all material information necessary for informed investing and take reasonable steps to ensure that all investors enjoy equal access to such information. Clearing and settlement 14.40 A P2P operator must ensure there are orderly, clear and efficient clearing and settlement arrangements. 14.41 A P2P operator must provide clear and certain final settlement, at a minimum, by end of the value date, intra-day or real time. Risk management 14.42 A P2P operator that is operating a secondary market should identify possible sources of operational risk in secondary market trading activities, both internal and external, and mitigate their impact through the use of appropriate systems, policies, procedures and controls. Systems should be designed to ensure security resiliency and operational reliability including having adequate capacity. 14.43 In relation to paragraph 14.42, a P2P operator must— (a) establish an operational risk-management framework with appropriate systems, policies, procedures and controls to identify, monitor, mitigate and manage operational risks; (b) have in place clearly defined roles and responsibilities for addressing operational risks; and

52 (c) have a comprehensive physical and information security policy that addresses all potential vulnerabilities and threats in secondary market trading activities.

53 PART G: ADDITIONAL REQUIREMENTS RELATING TO A DIGITAL ASSET EXCHANGE CHAPTER 15 Digital Asset Exchange (DAX) Definitions 15.01 For the purposes of this chapter, unless context otherwise requires— DAX means an electronic platform which facilitates the trading of a Digital Asset; DAX operator means a RMO who operates a DAX; Digital Asset refers to a Digital Currency or Digital Token, as the case may be; Direct Trade model refers to where a DAX operator acts as the counterparty to an investor for every buy or sell order on or through the platform; Digital Currency has the same meaning assigned to it in the Capital Markets and Services (Prescription of Securities) (Digital Currency and Digital Token) Order 2019; Digital Token has the same meaning assigned to it in the Capital Markets and Services (Prescription of Securities) (Digital Currency and Digital Token) Order 2019; Institutional Corporation refers to— (a) a unit trust scheme, private retirement scheme or prescribed investment scheme; (b) Bank Negara; (c) a licensed person or a registered person; (d) An exchange holding company, a stock exchange, a derivatives exchange, an approved clearing house, a central depository or a recognized market operator; (e) a corporation that is licensed, registered or

54 approved to carry on any regulated activity or capital market services by an authority in Labuan or outside Malaysia which exercises functions corresponding to the functions of the SC; (f) a bank licensee or an insurance licensee as defined under the Labuan Financial Services and Securities Act 2010 [Act 704]; (g) an Islamic bank licensee or takaful licensee as defined under the Labuan Islamic Financial Services and Securities Act 2010 [Act 705]; (h) a superannuation or employees provident funds; (i) venture capital or private equity funds; (j) central, state or local government-owned or linked funds; (k) a statutory body established under any law whose function or mandate is investment in capital market products; or (l) any other person as may be determined by the SC. Virtual Asset Service Provider (VASP) has the same meaning assigned to it in the Financial Action Task Force (FATF) Recommendations relating to a VASP. 6 Guidance to paragraph 15.01 “Digital Assets” do not include tokenised securities, such as tokenised shares, tokenised debentures and tokenised funds, etc. As such, a DAX operator can only facilitate the trading of Digital Tokens and Digital Currencies, for example, bitcoin and utility tokens, on its platform. For a platform facilitating the offering or trading of tokenised securities, such platform must be registered according to the underlying securities of the token. For example, a platform that wishes to facilitate the offer or trading of share tokens must be registered as an ECF operator. 6 FATF Recommendations, International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation, FATF, Paris, France, www.fatf-gafi.org/recommendations.html

55 DAX operator 15.02 All other requirements stated in these Guidelines are applicable to a DAX operator, unless otherwise stated. Eligibility and financial requirements 15.03 All DAX operators must— (a) be locally incorporated; (b) have a minimum paid-up share capital of RM15 million; and (c) have a minimum shareholders’ funds of— (i) RM5 million or in the case of a DAX operator operating a Direct Trade model, RM7 million; or (ii) 25% of the DAX’s annual operating expenses; whichever is higher, to be maintained at all times. Guidance to paragraph 15.03(c) The operating expenses should be calculated on a rolling 12-month basis, to determine whether 25% of the operating expenses for that period exceeds the minimum shareholders’ funds imposed, based on their operating model. In determining the minimum shareholders’ funds required under paragraph 15.03(c), the annual operating expenses should be calculated on a rolling 12-month basis, comprising the operating expenses incurred in the current month and the preceding eleven months. This calculation is used to determine whether 25% of the operating expenses for the relevant period exceeds the minimum shareholders’ funds prescribed based on the DAX operator’s operating model. In this regard, at the end of every calendar month, a DAX operator should assess its operating expenses to determine whether subparagraph 15.03(c)(ii) applies. To substantiate the 12-month rolling calculations, a DAX operator is expected to maintain records, including management accounts or audited financial accounts, to demonstrate compliance with paragraph 15.03. By way of an example, for a DAX operator who operates a Direct Trade model: At the end of September 2026, the operating expenses of the DAX operator for the

56 12-month rolling period would cover October 2025 till September 2026. Where 25% of the operating expenses calculated for the period exceeds RM7 million, the DAX operator is required to maintain that amount as shareholders’ funds (as it is the higher amount) until the reassessment at the following month’s end, October 2026. 15.04 The minimum shareholders’ funds referred to in subparagraph 15.03(c) must be— (a) maintained in the form of cash or liquid assets, but must not include Digital Assets; and (b) held separately from the DAX operator’s operating accounts. 15.05 Notwithstanding paragraph 15.03, the SC may at any time impose additional financial requirements or other terms and conditions on the DAX operator that commensurate with the nature, scale and complexity of its business activities and risk profile. Shareholders requirements 15.06 A DAX operator must ensure that the DAX’s shareholders consist of at least one Institutional Corporation holding at least 5% shareholding in the DAX operator and such Institutional Corporation must have a representative as a member on the DAX operator’s board.

Key persons Directors 15.07 Unless specified otherwise by the SC, all members of the DAX operator’s board must complete the Capital Market Director Programme (CMDP) managed by such an entity authorised by the SC within six months from the date of— (a) their appointment as a director; or (b) obtaining the SC’s approval for the DAX operator to commence operations, whichever is the later. 15.08 Where a DAX operator is a public company, at least one member of the board must be an independent director. Responsible person 15.09 In addition to the requirements under Chapter 4, a DAX operator must ensure that the person appointed as a responsible person must have a minimum of five years of relevant experience relating to regulated activities, regulated financial services or digital asset

57 business with the appropriate qualifications and skillset. Managing conflict of interest 15.10 A DAX operator must use its best endeavours to identify and avoid any actual or potential conflict of interest. 15.11 Where a conflict of interest cannot be avoided, a DAX operator must have a framework in place to effectively manage or mitigate the conflict of interest. 15.12 The DAX operator’s conflict of interest framework must include policies and procedures relating to the offering of Digital Assets, which address, among others— (a) proprietary trading by the DAX operator on its platform; (b) timely and accurate disclosure of any conflict of interest to a potential or existing investor or any material interest, including any fees, commission or benefit received by the DAX operator, which may affect the fair treatment of such investor; (c) trading in any Digital Asset by its officers on its own or other platforms; and (d) the management of non-public material information. Prohibition on financial assistance 15.13 A DAX operator is prohibited from providing direct or indirect financial assistance to investors, including its officers, to invest or trade in any Digital Asset on its platform. Risk management 15.14 A DAX operator should identify possible sources of operational risk, both internal and external, and mitigate the impact of such risks through appropriate systems, policies, procedures and controls. Systems should be designed to ensure security resiliency and operational reliability including having adequate capacity. 15.15 In relation to paragraph 15.14, a DAX operator must, among others— (a) establish a robust operational risk-management framework with appropriate systems, policies, procedures and controls to identify, monitor, mitigate and manage operational risks; (b) have in place clearly defined roles and responsibilities for addressing operational risks; (c) have in place clearly defined operational reliability objectives and policies that are designed to achieve those objectives;

58 (d) ensure that it has adequate capacity proportionate to stress volumes to achieve its service-level objectives; and (e) have a comprehensive physical and information security policy that addresses all potential vulnerabilities and threats. 15.16 A DAX operator must have a business continuity plan that addresses events posing a significant risk of disrupting operations including events that could cause a wide-scale or major disruption. 15.17 The business continuity plan should incorporate the use of a secondary site and should be designed to ensure that critical IT systems can resume operations within reasonable recovery time objectives (RTO) following disruptive events. 15.18 A DAX operator must carry out periodic reviews, audits and testing on systems, operational policies, procedures and controls relating to risk management and its business continuity plan. Guidance to paragraph 15.18 For the purposes of paragraph 15.18, a DAX operator should determine the type of review, audit and testing that is suitable for its operations having considered the nature, scale and complexity of its business activities and risk profile. The periodic reviews, audits and testing may include, but are not limited to, the following: (a) Proof-of-Reserve audit Having an external independent assessment provider to verify the existence and sufficiency of Digital Assets held in custody by the DAX operator on behalf of its clients. This includes verification of wallet balances and confirmation of the proportion of Digital Assets held in cold wallets and hot wallets. (b) Wallet ecosystem audit Having an external independent assessment provider to verify that the client’s Digital Assets are segregated from the DAX operator’s proprietary assets and ring-fenced accordingly. The audit must also assess the governance and control framework over the wallet infrastructure, including defined roles and responsibilities, access controls, key management arrangements, transaction authorisation controls, and the overall security, integrity and operational resilience of the wallet infrastructure. Internal audit

59 15.19 A DAX operator must establish an internal audit function to develop, implement and maintain an appropriate internal audit framework which commensurate with its business and operations. Trading of Digital Assets 15.20 A DAX operator, in assessing any Digital Asset to be traded on its platform, must establish and implement policies and procedures to assess any Digital Asset prior to the offering of the Digital Asset. 15.21 In conducting its assessment on a Digital Asset, the DAX operator must, among others, ensure— (a) that it assesses and verifies the information relating to the Digital Asset, including the following: (i) The nature of the Digital Asset; (ii) The profile of the issuers and contributors of the Digital Asset, including screening the issuers and contributors against sanctions lists; Guidance to paragraph 15.21(a)(ii) The issuers and contributors of a Digital Asset should include— (a) founders of the Digital Asset; (b) management team; and (c) other key persons, such as sig-signers of a project, foundation directors, where relevant.

A DAX operator should use its best endeavours to identify the profiles of persons listed above. (iii) The identification, on a best effort basis, of the ultimate beneficial owner of the Digital Asset’s protocol or network; Guidance to paragraph 15.21(a)(iii) In determining what is meant by best effort basis in relation to the identification of the ultimate beneficial owner of the Digital Asset’s protocol or network, reference may be made to Appendix E of the Guidelines on Prevention of Money Laundering, Countering Financing of Terrorism, Countering Proliferation Financing and Targeted Financial Sanctions for Reporting Institutions in the Capital Market.

60 (b) that the Digital Asset has met the following minimum criteria: (i) The Digital Asset represents identifiable rights, benefits or utility; (ii) The Digital Asset, other than a Nascent Utility Token and Initial Exchange Offering Token, must have been traded for at least one year on any VASP that is in compliance with the FATF Recommendations relating to a VASP; (iii) The Digital Asset has sufficient liquidity; Guidance to paragraph 15.21(b)(iii) In considering whether a Digital Asset has sufficient liquidity, the DAX operator should take into account the following factors: (a) The amount of Digital Asset in circulation; (b) Past trading volumes; and (c) The demand for the Digital Asset in Malaysia. (iv) The Digital Asset is well distributed and not over-concentrated; Guidance to paragraph 15.21(b)(iv) In considering whether a Digital Asset is well distributed and not over-concentrated, the DAX operator should take into account the following indicators: (a) The number of wallet addresses created and active; (b) Concentration of the Digital Asset in specific wallet addresses; and (c) Patterns and concentration of transactions. (v) Information relating to the Digital Asset is widely available and readily accessible; Guidance to paragraph 15.21(b)(v) In considering whether the information relating to a Digital Asset is widely available and readily accessible, the DAX operator should take into account the following factors:

61 (a) The issuance of a whitepaper or any other disclosure document accompanying the Digital Asset; and (b) Information relating to the progress of the project including both business and technical aspects. (vi) Security feature of the underlying distributed ledger is sound; Guidance to paragraph 15.21(b)(vi) In considering whether the security feature of the underlying distributed ledger is sound, the DAX operator should take into account the following factors: (a) The number of nodes; (b) Any history of hacks and other form of attacks; and (c) Any known security vulnerabilities. (vii) The economics of the Digital Asset is viable and sustainable; Guidance to paragraph 15.21(b)(vii) In considering whether the economics of the Digital Asset is viable and sustainable, the DAX operator should take into account the following factors: (a) Participants and their interactions within the Digital Asset’s ecosystem; and (b) Mechanism to regulate demand and supply, if any. (viii) The Digital Asset is in compliance with all other legal and regulatory frameworks in Malaysia and other jurisdictions which the project operates in; and (c) a security audit on the underlying protocol, network and application has been carried out. 15.22 All decisions arising from the assessment referred to in paragraph 15.21 must be determined by the board or senior management. 15.23 The DAX operator must ensure that all records, supporting documents and reference materials related to the assessment are properly documented and stored for future reference and compliance purposes.

62 Prohibited Digital Assets 15.24 A DAX operator must not permit a privacy token to be offered for trading on its platforms. Guidance to paragraph 15.24 A privacy token refers to a digital token that is intended to enhance user anonymity and transaction confidentiality. Restricted Digital Assets 15.25 A DAX operator may allow the trading of the following types of Restricted Digital Assets provided that— (a) the Restricted Digital Assets meets the listing criteria as set out under paragraph 15.21; and (b) the DAX operator has in place enhanced policies and procedures to mitigate its risk, including the risks as set out below: Restricted Digital Assets Risks Meme Tokens (a) Risk of manipulation (e.g. ‘pump and dump’ schemes) in the event of coordinated social media activity and high concentration; and (b) Liquidity risk due to lack of depth and limited distribution. Exchange Tokens (a) Potential conflict of interest as the exchange acts as the issuer, exchange and market maker. This gives rise to risk of manipulation including price support, front running and information asymmetry; and (b) Recursive contagion risk (i.e. feedback loop) where the failure of the exchange tokens may cause the failure of the entity holding which also further devalues the tokens. Nascent Utility Tokens (a) Risk of manipulation (e.g. ‘pump and dump’ schemes) given the over concentration to early backers and founders; (b) Information asymmetry; and Initial Exchange Offering Tokens

63 (c) Liquidity risk due to lack of depth and limited distribution. Stablecoins (a) Increased risk of bank runs thereby potentially resulting in a liquidity crisis; and (b) Risk of failing to maintain parity with its stated reference asset or reserve backing, which may result in loss of value and potential implications for financial stability and national monetary policy. Key Characteristic of each Restricted Digital Asset The key characteristic of each of the Restricted Digital Asset is as specified below: (a) Meme Tokens refer to Digital Assets that are intended to follow internet trends or popular culture that builds on support from social media hype, community sentiment and online buzz. (b) Exchange Tokens refer to Digital Assets issued by Digital Asset Exchanges to enhance their ecosystem, by providing benefits to the holders or investors to be used within such exchanges and its related or affiliated entities. (c) Nascent Utility Tokens refer to a Digital Token that— (i) represents a utility such as a right to a service or goods that can be redeemed on a specific platform or protocol; and (ii) have been recently circulated, that may not have market demand yet, but does not include a utility token listed on an Initial Exchange Offering platform registered with the SC. (d) Initial Exchange Offering Tokens refer to Digital Tokens offered by an issuer on an Initial Exchange Offering platform registered with the SC. (e) Stablecoins refer to Digital Assets that are intended to maintain a stable value by pegging to a reference asset, currency or commodity. 15.26 In addition to the requirements as specified in paragraph 15.25, the DAX operator must— (a) in the case of Nascent Utility Tokens, ensure that the Nascent Utility Token are

64 only offered to sophisticated investors; and (b) in the case of Stablecoins, have a prior consultation with the relevant monetary regulator, prior to listing a Stablecoin on its platform. 15.27 The enhanced policies and procedures under paragraph 15.25(b) must, among others, include the following: (a) Additional listing criteria that commensurate with the type of Restricted Digital Assets such as— (i) evidence of active community engagements with the Digital Asset’s tokenholders; (ii) having technical assessments conducted on the Digital Asset which may include third party reviews on quality of smart contract code, technical design and network resilience; and (iii) having transparent contract code with clearly defined governance processes to mitigate concentration risks and upgrades on the protocol of the Digital Asset; (b) Disclosures on the additional risks that is posed by the Restricted Digital Assets and the mitigation measures to address such risks; and (c) Risk assessment, monitoring and surveillance framework which additionally cover specific risks of Restricted Digital Assets. Delisting of Digital Assets 15.28 A DAX operator must— (a) disclose the criteria for the delisting of a Digital Asset from its platform; and (b) undertake the necessary steps to delist the Digital Asset once the Digital Asset meets the specified criteria for delisting which shall include the non-compliance with the minimum listing criteria as prescribed under paragraph 15.21. 15.29 A DAX operator must establish and implement policies and procedures to manage the delisting of any Digital Asset offered on its platform. 15.30 A DAX operator must immediately notify the SC upon making a determination that a Digital Asset is no longer eligible for listing and would be subject to delisting from its platform. 15.31 For the purposes of paragraph 15.30, the DAX operator must submit to the SC the

65 following information: (a) Detailed reasons for the delisting; (b) Impact analysis and detailed roll-out plans including notification to affected investors; (c) The DAX operator’s board resolution for the delisting; and (d) Any other information or explanation as may be specified by the SC. 15.32 The SC may direct a DAX operator to delist any Digital Asset on its platform where the SC considers it necessary for the protection of investors, the public interest, the proper functioning of a recognized market or where the SC deems a DAX operator to be unfit to determine the listing of the Digital Asset on its platform. Obligations of the DAX operator 15.33 In addition to the obligations specified in Chapter 6, a DAX operator must— (a) ensure that its platform is operating in an orderly, fair and transparent manner; (b) have in place policies and procedures for the transfers, trading, clearing and settlement of Digital Assets on the platform; Guidance to paragraph 15.33 (b) Transfers for the purposes of this subparagraph relates to where the ownership of the Digital Assets has moved from one person to another and includes the transfers of Digital Assets on the blockchain and internal transfers within the DAX operator’s own digital wallet. (c) have in place effective policies and procedures to manage the return or compensation of investors’ Digital Assets in the event of loss, theft, misuse or misappropriation or the winding up of the DAX operator; Guidance to paragraph 15.33 (c) For the purposes of this paragraph, the policies and procedures should clearly set out the scope of the DAX operator’s liability and the circumstances under which affected investors may be entitled to the return of assets or compensation. The policies and procedures should form part of the requirement under paragraph 6.01(j)(vi) of these Guidelines. For clarity, the policies and procedures must also be disclosed to the public as required under paragraph 6.01(j)(vi) of these Guidelines.

66 (d) conduct real-time market surveillance; (e) appoint an independent third party to carry out an assessment of the client asset custody arrangements at least once a year including, but not limited to, private key management controls, wallet security and access controls, and transaction authorisation controls; (f) notwithstanding subparagraph 15.33(e), conduct an immediate independent third-party assessment in the event of— (i) any breach of asset protection controls; (ii) operational incident involving investors’ assets; (iii) a change in custodian or custody arrangements; or (iv) as the SC considers necessary for the protection of investors; (g) identify a member of its senior management who is a resident of Malaysia and has the relevant capability, knowledge, experience and authority, to be responsible and accountable for the administration of the access to the wallet addresses holding investors’ Digital Assets; and Guidance to paragraph 15.33(g) Administration of the access to the wallet addresses for the purposes of this subparagraph relates to the mitigation of the risk relating to the loss or misuse of investors’ Digital Assets and should include the management of security credentials and authorisation to the wallets. (h) for the purposes of submitting audited financial statements to the SC, as required under Chapter 8 of these Guidelines, appoint an auditor registered with the Audit Oversight Board to conduct its annual financial audits. Client’s asset protection 15.34 A DAX operator must ensure that its investors’ Digital Assets under the custody of the DAX operator are managed and maintained with sufficient custodial controls and safeguards. 15.35 A DAX operator must— (a) establish systems and controls for maintaining accurate and up to date records of investors and any monies or Digital Assets held in relation thereto;

67 (b) establish and maintain a sufficiently and verifiably secured storage medium designated to store Digital Assets on behalf of its investors; (c) ensure investors’ monies and Digital Assets are properly safeguarded from conversion or inappropriate use by any person, with the necessary governance and approval processes in place; (d) ensure effective controls and risk management for Digital Assets held on behalf of investors in the event of liquidation of the DAX operator; (e) establish and maintain in a licensed Malaysian financial institution one or more trust accounts, designated for the monies received from investors; (f) ensure that the trust accounts under paragraph 15.35(e) are administered by an independent registered trustee; and (g) in relation to investors’ Digital Assets— (i) have arrangements and processes in place to protect against the risk of loss, theft or hacking; (ii) maintain a ratio of 80:20 offline-to-online ratio of the aggregate value of investors’ Digital Assets that is to be calculated on a daily basis; (iii) ensure appropriate safeguards are established and maintained in respect of the remaining of the investors’ Digital Assets in online wallets that commensurate with the corresponding risks through the following measures: (A) Internal controls and processes to secure investors’ assets; (B) Insurance; (C) Collateralisation; (D) Bank Guarantee; (E) Any combination of the aforementioned; or (F) Any other means which the SC may require or deem necessary based on the risk and exposure of the DAX operator; (iv) where a specific Digital Asset meets either of the following criteria, the DAX operator must establish a dedicated offline wallet for that Digital Asset:

68 (A) The Digital Asset represents 10% or more of the aggregate value of investors’ Digital Assets; or (B) The total aggregate value of its investors’ holdings for a particular Digital Asset exceeds RM10 million; (v) appoint an independent third party to verify the accuracy of holdings of assets held in each offline and online wallet, at least once a year; (vi) the results of the assessment carried out pursuant to subparagraph 15.35(g)(v) must be made available to the public; (vii) maintain direct access to its wallet addresses and ensure it is free from influence or control of any external party, including the DAX operator’s related entities; and (viii) segregate investors’ Digital Assets from its own inventory. 15.36 For the purposes of subparagraph 15.35(g)(ii), a DAX operator must carry out a rebalancing exercise— (a) at the end of every quarter to ensure that the threshold is met; and (b) where the ratio variance is above 10%, the DAX operator must carry out a rebalancing exercise immediately without delay to ensure the threshold is met. Guidance to paragraph 15.36 If the aggregate value of investors’ Digital Asset held by a DAX operator is RM100 million, at least RM80 million must be maintained in offline storage and not more than RM20 million in online storage. If, through its daily verification, the DAX operator observes that the online storage has increased to RM30 million as a result of market activity resulting in a 69:31 ratio instead, this would trigger the threshold under paragraph 15.36(b) (exceeding 10% ratio in relation to the aggregate value to be held in online storage). In such circumstances, the DAX operator is required to immediately carry out a rebalancing Guidance to paragraph 15.35(g)(vii) Direct access means where a DAX has operations in any other foreign jurisdiction (including where operations are by its affiliated or related companies), the governance controls vis-à-vis access to the Digital Assets within the local DAX’s purview, should not be dependent on the decision of any other entity.

69 exercise to ensure the prescribed threshold is met. 15.37 In the case where the aggregate value of the investors’ Digital Assets under custody is more than RM500 million, the DAX operator must appoint an independent Digital Asset Custodian registered with the SC to administer the Digital Assets. Guidance to paragraph 15.37 For the purposes of paragraph 15.37, a DAX operator may establish a separate entity to function as a Digital Asset Custodian. However, such entity must be independent from the DAX operator. For example, the entity being able to make decisions without being influenced or directed by the DAX operator. Such entity should have in place policies and procedures to identify, monitor, mitigate and manage situations and potential situations which may give rise to conflicts of interest. 15.38 Notwithstanding paragraph 15.37, a DAX operator may provide custody service for its investors’ Digital Assets, provided that— (a) the aggregate value of Digital Assets under custody is below RM500 million; and (b) the DAX operator complies with the requirements set out in Chapter 27 and Chapter 28 of the Guidelines on Digital Assets. Settlement and custody 15.39 A DAX operator must ensure— (a) there are orderly, clear and efficient clearing and settlement arrangements; and (b) that it performs daily reconciliation on its asset holdings, including the investors’ assets. 15.40 These arrangements must include prior or upfront deposit of monies and Digital Assets with the DAX operator before entering into a transaction on the platform. 15.41 A DAX operator must provide clear and certain final settlement in real time. Market integrity provisions General 15.42 A DAX operator must comply with the relevant requirements set out under paragraphs

70 15.43 to 15.55 insofar as it is applicable to the type of DAX model it operates. Price methodology 15.43 A DAX operator must ensure that the pricing for trading in the Digital Assets on its platform is fair and transparent. Trading operations 15.44 A DAX operator must disclose information about its market structure, order types and the interactions of the order types, if any, on the platform. 15.45 A DAX operator must have adequate arrangements and processes to deter manipulative activities on the platform and ensure proper execution of trades. 15.46 A DAX operator must have adequate arrangements and processes to manage excessive volatility of its market which may include circuit breakers, price limits and trading halts. 15.47 A DAX operator must have adequate arrangements and processes to manage error trades. 15.48 A DAX operator must have adequate arrangements and processes to manage system errors, failures or malfunctions. 15.49 A DAX operator must have adequate arrangements and processes to manage investors’ assets in the event of any suspension or outages of the platform, including transfer or withdrawal procedures. Market transparency 15.50 A DAX operator must ensure the following information relating to the Digital Asset offered on its platform is disclosed and displayed prominently on its platform: (a) An overview of its listing and delisting processes, including the criteria applied in assessing the eligibility of a Digital Asset to being listed on its platform; (b) Trading information, both pre-trade and post-trade, on a real-time basis; (c) Comprehensive description of the Digital Asset; (d) Information on the ownership and control of the Digital Asset; (e) Information relating to the issuer, its business and management team; (f) Risks associated with the Digital Asset;

71 (g) The audit results carried out pursuant to subparagraph 15.21(c); (h) Trading history of the Digital Asset, including volumes, prices and ultimate beneficial owner trading details; (i) Operational description of the Digital Asset, including any incidents of manipulation or security failures; (j) Digital Asset ownership concentration and any options and lock-ups for founding team, insiders and affiliates; (k) Protocols for transfers; and (l) The DAX operator’s treatment of the investor’s Digital Asset and their respective rights and entitlements for events such as, but not limited to, hard forks and airdrops. 15.51 A DAX operator must make available in a comprehensible manner and on a timely basis, material information or changes to the tradable Digital Assets. 15.52 A DAX operator must ensure all information relating to the trading arrangements pursuant to paragraphs 15.44 to 15.49, including the circumstances arising thereof and where relevant, are made publicly available. Market making 15.53 A DAX operator must obtain the SC’s prior approval on any proposed processes, criteria and rules to facilitate the provision of any market making activities for the purpose of providing liquidity to its market. 15.54 A DAX operator must ensure sufficient disclosure of all market making arrangements to its investors. 15.55 Where a DAX operator appoints a third-party market maker, the DAX operator must comply with the requirements relating to outsourcing as set out under paragraphs 6.07 to 6.12. Direct Trade model 15.56 A DAX operator seeking to also carry out a Direct Trade model must obtain the SC’s prior approval before operating a Direct Trade model. 15.57 A DAX operator offering a Direct Trade model, must— (a) ensure that only Digital Assets that has been assessed and listed on its platform

72 is offered; (b) assess and be satisfied that the Digital Assets offered was sourced from a VASP that is in compliance with the FATF Recommendations relating to VASP; (c) carry out the necessary anti-money laundering and counter financing terrorism measures including screening and monitoring of the Digital Assets and its investors prior to facilitating any transactions on behalf of its investors; (d) maintain separate Digital Asset wallets for clients’ assets for the purposes of Direct Trade model; (e) ensure that for any purchase of a Digital Asset by an investor, the Digital Asset must be transferred from the DAX operator’s wallet into the investor’s wallet; (f) ensure that it has sufficient liquidity risk management arrangement in place to ensure settlement can be done with its investors for purposes of every transaction; and (g) disclose and display prominently on its platform, explanatory information relating to the methodology for the pricing of the Digital Assets being offered. Digital Asset-to-Digital Asset trading pairs 15.58 A DAX operator seeking to offer Digital Asset-to-Digital Asset trading pairs on its platform must ensure that— (a) a risk assessment is conducted to identify and assess the additional risks arising from the offering of such trading pairs; (b) adequate measures are implemented to mitigate such risks that may arise; (c) both Digital Assets forming the trading pair has sufficient liquidity; and Guidance to paragraph 15.58(c) In determining whether each of the individual Digital Asset forming the trading pair has sufficient liquidity to support orderly trading, the DAX operator should take into account the following factors: (a) The amount of each individual Digital Asset of the trading pair held in custody of the DAX operator; (b) Past trading volumes of each individual Digital Asset on the DAX operator’s platform; and

73 (c) The demand for such trading pairs on the DAX operator’s platform. (d) each individual Digital Asset forming the trading pair meets the minimum listing criteria prescribed under paragraph 15.21 and is not a Digital Asset under the Prohibited Digital Assets or Restricted Digital Assets categories.

74 PART H: ADDITIONAL REQUIREMENTS RELATING TO A PROPERTY CROWDFUNDING PLATFORM CHAPTER 16 Property Crowdfunding Platform Definitions 16.01 For the purposes of this chapter, unless context otherwise requires— PCF operator means a RMO who operates a property crowdfunding (PCF) platform; registered valuer means a person registered with the Board of Valuers, Appraisers, Estate Agents and Property Managers Malaysia under the Valuers, Appraisers, Estate Agents and Property Managers Act 1981; PCF platform means an electronic platform that facilitates— (a) crowdfunding for residential property; and (b) secondary trading of the investment note or Islamic investment note; residential property means a house, a condominium unit, an apartment or a flat, purchased or obtained solely to be used as a dwelling house, and includes a service apartment. 16.02 All other requirements stated in these Guidelines are applicable to a PCF operator, unless otherwise stated. Eligibility criteria of a PCF operator 16.03 All PCF operators must be locally incorporated and have a minimum shareholders’ funds of RM10 million, of which RM5 million must be set aside and maintained in a segregated bank account at all times throughout the operation of the PCF platform. 16.04 For the purpose of paragraph 16.03, the RM5 million set aside shall only be utilised for the purposes of ensuring and facilitating the exit certainty of the investment notes or Islamic investment notes hosted on its PCF platform.

75 16.05 The SC may at any time impose additional financial requirements or other terms and condition on the PCF operator that commensurate with the nature, operations and risks posed by the PCF platform. Independent director 16.06 In the case where a PCF operator is a public company, at least one member of the board must be an independent director. Managing conflict of interest 16.07 The PCF operator’s framework relating to conflict of interest, must include policies and procedures relating to, among others— (a) the PCF operator or its officers seeking to participate on any PCF platform as a user; (b) any transaction entered into by the PCF operator which a director, substantial shareholder or person connected with such director or substantial shareholder of the PCF operator may have interest in, whether direct or indirect; (c) prevention of abuse of non-public material information by the PCF operator or its officers; and (d) any fees or remuneration received for the hosting of a residential property or any investment note or Islamic investment note on its PCF platform. Prohibition on financial assistance 16.08 The PCF operator is prohibited from— (a) providing direct or indirect financial assistance— (i) to investors to invest or trade in any investment note or Islamic investment note hosted on its platform; and (ii) to homebuyers seeking residential property financing, investing or trading in any investment note or Islamic investment note hosted on its platform.

76 Risk management 16.09 A PCF operator must, among others— (a) establish a robust operational risk-management framework with appropriate systems, policies, procedures and controls to identify, monitor, mitigate and manage operational risks; (b) have in place clearly defined roles and responsibilities for addressing operational risk; and (c) have a comprehensive physical and information security policy that addresses all potential vulnerabilities and threats. Internal audit 16.10 A PCF operator must establish an internal audit function to develop, implement and maintain an appropriate internal audit framework that commensurate with its business and operations. Obligations of the PCF operator 16.11 In addition to the obligations specified in Chapter 6, a PCF operator must— (a) ensure that its platform is operating in an orderly, fair and transparent manner; (b) have in place rules and procedures for the hosting of a residential property and the issuance, trading, clearing and settlement of investment note or Islamic investment note on its platform; (c) obtain and retain a self-declared acknowledgement form from each homebuyer confirming that he has satisfied the eligibility criteria and will comply with his obligations under the property crowdfunding scheme; (d) inform an investor of any material change in relation to the homebuyer or the investment note or Islamic investment note; (e) ensure that all fees and charges including any stamp duties, legal fees and other costs payable in relation to the sale and purchase of the residential property, trading fees and management fees imposed are fair and transparent, as the case may be; (f) appoint an independent registered valuer to carry out the valuation of the residential property to ascertain its market value, upon hosting and before the expiry of the tenor of the investment note or Islamic investment note;

77 (g) maintain a register of homebuyers and investors for each residential property; and (h) have in place policies and processes relating to the obligation of each party at the end of tenor of the investment note or Islamic investment note including using its best endeavours to recover any amount due to an investor. Exit certainty 16.12 A PCF operator must have in place policies and processes to ensure exit certainty for homebuyers and investors at the end of the tenor of the investment note or Islamic investment note. 16.13 A PCF operator must ensure that the exit terms are disclosed, including how returns, if any, will be distributed to the investors and homebuyers. Eligibility and obligations of homebuyers 16.14 A PCF operator must ensure that a homebuyer must be— (a) an individual Malaysian citizen; (b) at least 21 years of age; and (c) a first-time homebuyer. 16.15 A homebuyer must— (a) ensure he occupies the residential property; (b) not sell or transfer the residential property; and (c) use his best endeavours to maintain the property in good condition, during the tenor of the investment note or Islamic investment note. 16.16 A homebuyer shall ensure that all information submitted or disclosed to a PCF operator is true and accurate and shall not contain any information or statement which is false or misleading or from which there is a material omission. Eligible properties 16.17 Only a property which satisfies the following criteria, is eligible to be hosted on a PCF platform: (a) It is a completed residential property located in Malaysia; (b) It has a valid and effective legal title with no encumbrances attached;

78 (c) It has been issued a certificate of completion and compliance by the relevant authority; and (d) It is valued at RM500,000 or below. 16.18 The PCF operator must ensure delivery of vacant possession of the residential property to the homebuyer. Funds raised on a PCF platform 16.19 A homebuyer is permitted to seek residential property financing of up to a maximum of 90 per cent of the value of the residential property. 16.20 Notwithstanding paragraph 16.19, the homebuyer is not allowed to retain any amount raised during the tenor of the property crowdfunding scheme which exceeds the target financing amount. Disclosure requirements 16.21 A PCF operator must disclose and display prominently relevant information on its PCF platform, including— (a) information relating to the residential property, upon hosting of and throughout the tenor of the investment note or Islamic investment note; (b) information relating to the homebuyer, upon hosting of and throughout the tenor of the investment note or Islamic investment note; (c) information relating to the developer or in the case of a sub-sale, the existing owner of the residential property, upon hosting of the residential property on its platform; (d) information relating to the independent registered valuer appointed to prepare the valuation reports on the residential property; (e) provide communication channels to permit discussion among its users; (f) information relating to all applicable fees and charges that are to be borne by a homebuyer and investors under the property crowdfunding scheme including stamp duties, legal fees, insurance costs, quit rent and assessment.

79 Client’s asset protection 16.22 A PCF operator must— (a) establish and maintain in a licensed Malaysian financial institution one or more trust accounts, designated for the monies received from users; (b) ensure that the trust accounts under paragraph 16.22(a) are administered by an independent registered trustee; (c) establish systems and controls for maintaining accurate and up to date records of users’ monies held; and (d) ensure users’ monies are properly segregated and safeguarded from conversion or inappropriate use by any person. 16.23 A PCF operator can only release the monies to the person entitled to it, provided that the following conditions are met: (a) The targeted amount sought to be raised has been met and there is no material adverse change during that period; or (b) Upon the sale price of the residential property having been fully paid at the end of tenor of the investment note or Islamic investment note and there is no material adverse change during that period. 16.24 For the purpose of paragraph 16.23, a material adverse change may include any of the following matters: (a) The discovery of a false or misleading statement in any disclosures relating to the investment notes or Islamic investment note; (b) The discovery of a material omission of information required to be disclosed in relation to the investment note or Islamic investment note; or (c) There is a material change or development in the circumstances relating to the investment note or Islamic investment note, the homebuyer, the residential property, the developer or the existing residential property owner, as the case may be. 16.25 Notwithstanding paragraph 16.23, the PCF operator may impose any other additional conditions precedent before releasing the fund, provided that they serve the investors’ interest.

80 Secondary market 16.26 Only investment note or Islamic investment note that have been hosted and successfully funded through the PCF platform will be permitted to be traded on its platform. 16.27 A PCF operator must disclose information about its market structure, order types and the interactions of the order types. 16.28 A PCF operator must have adequate arrangements to deter market manipulation and abuse and ensure proper execution of trades. 16.29 A PCF operator must have adequate arrangements and processes to manage error trades. 16.30 A PCF operator must have adequate arrangements and processes to manage systems error, failure or malfunction. 16.31 A PCF operator must make available pre-trade and post-trade information on a non￾discriminatory basis to all users on a timely basis. 16.32 A PCF operator must make available in a comprehensive manner and on a timely basis, material information or changes relating to the investment note or Islamic investment note. 16.33 A PCF operator must determine and disclose the anomalous order threshold for the investment note or Islamic investment note that is offered on its secondary market, taking into account, at a minimum, the price at which a single order deviates substantially from prevailing market conditions and historical trading patterns. 16.34 The SC may notify the PCF operator where its anomalous order threshold is not appropriate to promote market integrity or a fair, orderly and transparent market. 16.35 A PCF must have policies and procedures for trading pause/halt in a relevant investment note, which include the length of the trading pause/halt and how it will resume trading on its market after the trading pause/halt. 16.36 A PCF operator must have policies and procedures to monitor, manage and mitigate risks of any system failure or malfunction by the PCF operator, including suspension of trading or take any action the PCF operator deems fit. Settlement and clearing 16.37 A PCF operator must ensure there are orderly, clear and efficient settlement and clearing arrangements.

81 PART I: ADDITIONAL REQUIREMENTS RELATING TO AN E￾SERVICES PLATFORM CHAPTER 17 E-Services Platform Definitions 17.01 For the purposes of this chapter, unless context otherwise requires— CMSL holder means a holder of a Capital Markets Services Licence; e-services platform means an electronic platform which arranges or facilitates the sale, purchase or subscription of a capital market product offered by a CMSL holder or another RMO, to investors; e-services platform operator means a RMO who operates an e-services platform. Related requirements 17.02 All other requirements stated in these Guidelines are applicable to an e-services platform operator, unless otherwise stated. 17.03 These Guidelines shall not apply to— (a) CMSL holder licensed for dealing in securities where the holder operates an e￾services platform for buying and selling of securities; (b) CMSL holder licensed for dealing in derivatives where the holder operates an e￾services platform for buying and selling of derivatives; (c) registered person registered for dealing in securities where the person operates an e-services platform for buying and selling of unit trust scheme; (d) private retirement scheme administrator approved under the CMSA where it operates an e-services platform pursuant to its function; (e) Pos Malaysia Bhd; and (f) Employees Provident Fund (EPF).

82 17.04 The Guidelines on Online Transactions and Activities in relation to Unit Trust shall not apply to an e-services platform operator who offers unit trust products on its e-services platform. Eligibility criteria of an e-services platform operator 17.05 An e-services platform operator must be locally incorporated and have a minimum paid￾up capital of RM500,000. 17.06 An e-services platform operator must obtain the approval of the relevant sectorial regulator when making the application to the SC as provided for under paragraph 2.05. 17.07 The SC may at any time impose additional financial requirements or other terms and conditions on the e-services platform operator that commensurate with the nature, operations and risks posed by the e-services platform. Managing conflict of interest 17.08 The e-services platform operator’s framework relating to conflict of interest must include policies and procedures relating to, among others— (a) buying and selling of a capital market product for its own account; and (b) buying and selling of a capital market product by its officers on its e-services platform. Prohibition on financial assistance 17.09 An e-services platform operator is prohibited from providing direct or indirect financial assistance to investors, including to its officers, for purposes of investing in a capital market product offered on its e-services platform. 7 Risk management 17.10 An e-services platform operator should identify possible sources of operational risk, both internal and external, and mitigate their impact through appropriate systems, policies, procedures and controls. Systems should be designed to ensure security resiliency and operational reliability including having adequate capacity. 17.11 An e-services platform operator must, among others— (a) establish a robust operational risk-management framework with appropriate systems, policies, procedures and controls to identify, monitor, mitigate and manage operational risk; 7 Financial assistance does not include any gifts or rebates that are offered to the investors.

83 (b) have in place clearly defined roles and responsibilities for addressing operational risk; and (c) have a comprehensive physical and information security policy that addresses all potential vulnerabilities and threats. Adding-on additional products 17.12 An e-services platform operator must not add-on a different type of capital market product from the initial capital market products offered on its e-services platform without the SC’s prior approval. 8 17.13 Where an e-services platform operator intends to offer any other product which is not a capital market product or any other services which is not a capital market service or a regulated activity, the e-services platform operator must obtain the necessary authorisation from the relevant sectorial regulator, as the case may be. 17.14 The e-services platform operator must submit the authorisation from the relevant sectorial regulator to the SC prior to making available such product or service on its platform. Obligations of the e-services platform operator 17.15 In addition to the obligations specified in Chapter 6, an e-services platform operator must— (a) ensure that its e-services platform is operating in an orderly, fair and transparent manner; (b) where applicable, have in place rules and procedures governing the provision of services in relation to the capital market products offered on the platform; (c) carry out continuous awareness and education programmes; (d) disclose any information or provide any information to the SC as it may require; and (e) ensure the responsible person carries out his responsibilities and duties. 17.16 Paragraph 6.01(i) shall not apply to an e-services platform operator provided that the CMSL holder or another RMO carries out the obligation to monitor anti-money laundering, counter terrorism financing and counter proliferation financing requirements. 8 Example: If an e-services platform operator has been approved to facilitate the buying and selling of units in a unit trust scheme and now wishes to add-on debenture, the e-services platform operator must obtain the SC’s prior approval before adding-on debentures on its e-services platform.

84 17.17 In the event incentives such as gifts or rebates are offered to investors, an e-services platform operator must ensure that such gifts or rebates do not detract investors from making an informed investment decision. Client’s asset protection 17.18 An e-services platform operator must— (a) establish systems and controls for maintaining accurate and up to date records of investors, the investors’ transactions and any monies or capital market products held in relation thereto; and (b) ensure investors’ monies and assets belonging to the investors are properly segregated and safeguarded from conversion or inappropriate use by any person. Settlement and payment 17.19 An e-services platform operator must ensure there is in place an orderly, clear and efficient clearing and settlement arrangement. 17.20 An e-services platform must ensure that any monies received from the CMSL holder or another RMO that is due to an investor must be credited into the investor’s account as soon as practicable.

85 PART J: REQUIREMENTS RELATING TO APPLICATION FOR TAX EXEMPTION CHAPTER 18 Certification in respect of tax exemption on investment made in an investee company 18.01 For purposes of this chapter, unless context otherwise requires— Tax Exemption Order means the Income Tax (Exemption) (No. 4) Order 2022 as set out in Appendix 4; investee company has the same meaning assigned to it in the Tax Exemption Order; individual investor has the same meaning assigned to “qualifying individual” under the Tax Exemption Order. 18.02 An individual investor investing in an investee company that is hosted on an ECF platform may apply for tax exemption as specified in the Tax Exemption Order. 18.03 This chapter sets out the— (a) requirements which must be fulfilled by the individual investor for purposes of applying for an annual certification from an ECF operator as specified in the Tax Exemption Order; and (b) information that must be submitted by the ECF operator to the SC, in relation to the application for the tax exemption. 18.04 An individual investor who wishes to apply for the tax exemption must fulfil the conditions as specified in the Tax Exemption Order. 18.05 An ECF operator must— (a) disclose to all its investors, the information that must be submitted by an individual investor to the ECF operator for purposes of obtaining the annual certification; (b) submit to the SC, the information as set out in Appendix 5, for purposes of the SC’s verification; and

86 (c) provide the annual certification to the individual investor only upon obtaining the SC’s verification. Submission of information by the ECF operator for verification by the SC 18.06 Unless otherwise specified in these Guidelines, information required in relation to 18.05(b) must be submitted to the SC via online reporting as prescribed by the SC. 18.07 The SC may, at its discretion, request for additional information from the ECF operator other than those specified in this chapter. 18.08 The ECF operator must immediately inform the SC of any material change that may impact the verification process.

87 PART K: SUBMISSION CHAPTER 19 Submission 19.01 All applications and submissions as required in these Guidelines shall be submitted to the SC at the following address: Chairman Securities Commission Malaysia 3 Persiaran Bukit Kiara Bukit Kiara 50490 Kuala Lumpur Tel: (603) 6204 8000 Fax: (603) 6201 5282 (Attention: Market and Corporate Supervision) 19.02 All softcopy documents shall be submitted to the SC via e-mail in the following manner: (a) RMO.Registrations@seccom.com.my for the registration forms and annexures; and (b) rmo@seccom.com.my for the periodic reports and other additional documents. 19.03 Notwithstanding paragraph 19.02(b), the SC may require the documents to be submitted via online reporting as prescribed by the SC. Submission for registration 19.04 Upon satisfying relevant criteria as set out in these Guidelines, the applicant is required to submit the relevant forms and supporting documentation as specified in Appendix 2 and available on the SC’s website. 19.05 Where necessary, the SC may request for other relevant or additional information and documentation to be submitted. Fees and charges 19.06 Each application must be accompanied by the relevant fees prescribed by the SC and an application is deemed incomplete if the appropriate fee is not submitted.

88 APPENDIX 1 DOCUMENTS TO BE SUBMITTED A. Application for registration as a RMO No Description 1 Completed Form 1 as set out in the SC’s website 2 Cover letter, specifying the approval sought, including particulars of the proposal 3 The applicant’s business plan describing its value proposition, target segment etc. 4 The following supporting documents: (a) Board composition, management and organisational structure, indicating the actual and the projected staff strength as well as any outsourcing arrangements (as a provider and a client); (b) Details of the applicant’s shareholding/partnership structure including a diagram depicting its group structure covering subsidiary and associate company and ultimate ownership and relevant shareholding; (c) A certified true copy of the certificate of incorporation; (d) Memorandum or articles of association, partnership agreement or any constituent document; (e) Details on its board, responsible person, chief executive and compliance officer; (f) Declaration of fit and properness of relevant persons as set out in these Guidelines; (g) Latest audited financial statements or certified management accounts (if audited financial statements are unavailable e.g. it is newly established); and (h) Applicants operational and compliance manuals describing in detail: (i) risk and compliance policies and procedures covering anti-money laundering, countering financing of terrorism controls; enterprise management, complaints management; disclosure; conduct risk and conflict of interest management policies; internal audit controls, management of trust account (where relevant); (ii) Compliance with the Guidelines on Technology Risk Management; and (iii) (Specific to DAX): wire transfer requirements (i.e. travel rule), assessment for liquidity providers (Direct Trade model), digital/crypto wallet custody management, segregation of client assets from own inventory, private key management client wallet creation and key generation, key lifecycle assessment, mitigation controls for freezing and hacking, settlement processes for digital asset and fiat money, market making processes and controls (proprietary or third party).

89 5 A validation or confirmation from: Option 1 (Appointment of one (1) third-party validator) Appointment of an auditor registered with the Audit Oversight Board on: • controls on risk and compliance which comprises Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) as well as processes and contingency arrangements to protect client funds and assets in the event the RMO is unable to carry out its operations or ceases its business; and • controls on technology risk management. Option 2 (Appointment of two (2) third-party validators) Appointment of: • An auditor registered with the Audit Oversight Board on controls on risk and compliance which comprises AML/CFT as well as processes and contingency arrangements to protect client funds and assets in the event the RMO is unable to carry out its operations or ceases its business; and • A technology assessor who meets SC’s criteria on controls on technology risk management. 6 A declaration by the applicant that the compliance and internal controls, operational policies and procedures are in place and is adequate to ensure compliance with the requirements of these Guidelines and securities laws 7 Such other documents as may be specified by the SC B. Application for change of controller of a RMO No Description 1 Completed Form 2 as set out in the SC’s website 2 A description of overall ownership structure before and after the proposed change in the form of a tree diagram depicting the shareholding structure and percentage of shareholdings 3 Detailed write up, covering: (a) Purchase consideration, source of funding and other transactions details; and (b) Elaboration on how it may impact board composition, management, strategic direction, operations, reporting structure and staff composition of the RMO. C. Application for changes, amendments, variation and deletion to rulebook of a RMO No Description 1 Completed Form 3 as set out in the SC’s website 2 Track changed version of the rulebook and/or its appendices 3 Proposed table of amendments in the manner specified by the SC accompanied by the justification and rationale of the change 4 Evidence of the approval of the board and/or shareholders (where applicable) in relation to the proposed change 5 Other relevant documents

90 D. Application for Secondary Market activities No Description 1 Completed Form 4 as set out in the SC’s website 2 The RMO’s framework, policies and procedures in relation to the following: (a) Listing and trading of shares/investment notes/Islamic investment notes fund raised from its platform; (b) Operations as well as mechanisms to ensure fair market trading on its platform; (c) Disclosure of information (e.g., market structure, order types and interactions of orders); (d) Clearing and settlement; (e) Resources required to operate the secondary market including financial, technological and human; (f) Conflict of interest management; (g) Market surveillance and market transparency; (h) Mechanisms to ensure resiliency, reliability and integrity of systems including security critical systems; and (i) Risk management of its overall platform. 3 Evidence of the approval of the board and/or shareholders (where applicable) in relation to the proposed change 4 Any other relevant documentation to demonstrate compliance to paragraphs 13.33 and 13.43 (for RMO-ECF) and paragraphs 14.34 to 14.43 (for RMO-P2P) of these Guidelines E. Application for providing or carrying out RMO-DAX other business model activities No Description 1 Completed Form 5 as set out in the SC’s website 2 The RMO’s framework, rulebook amendments, policies and procedures if applying for additional Direct Trade Model 3 Any other relevant documentation to demonstrate compliance to paragraph 15.57 of these Guidelines F. Application for introduction or offering of new products No Description Applicant (RMO-eSP) to provide the SC with, amongst others, the following:- 1 Completed Form 6 as set out in the SC’s website 2 Letter of undertaking that the CMSL holder that is offering the products has obtained necessary product approval from the SC 3 Assurance on its system and operational readiness to meet the objectives as presented in their proposals 4 Any other relevant documentation to demonstrate compliance to paragraph 17.12 of these Guidelines

91 G. Notification of change of director, responsible person, chief executive, compliance officer or shareholder of a RMO No Description 1 Completed Form 7 as set out in the SC’s website 2 A copy of the individual's NRIC (for Malaysian citizen) or passport(s) (for non￾Malaysian citizen) (must be crossed out with the remark “For the SC Use Only”) (To be certified as a true copy by a notary public / solicitor / company secretary) 3 A copy of the individual's resume and relevant academic certificates 4 Declaration of fit and properness of relevant persons as set out in these Guidelines 5 Company information from the Companies Commission of Malaysia, containing details of directors / officers 6 Other relevant documents H. Notification for establishment of new business, acquisition of shares or interest within or outside of Malaysia No Description 1 Completed Form 8 as set out in the SC’s website 2 A copy of the letter of approval from the relevant authority / regulatory or supervisory body 3 Detailed proposal covering, among others, the information provided in the "Details of the Proposed Establishment or Acquisition" section 4 Evidence of the approval of the board and/or shareholders (where applicable) 5 Other relevant documents I. Notification on change in particulars of a RMO No Description 1 Completed Form 9 as set out in the SC’s website 2 Change of name: • Reason and effective date • Form 13 – Companies Act 1965 or equivalent form 3 Change in registered address: Form 44 – Companies Act 1965 or equivalent form 4 Any other relevant documents J. Notification on vacancy of the position of director, responsible person, chief executive and compliance officer No Description 1 Completed Form 10 as set out in the SC’s website 2 Cessation details (including reason and effective date of cessation) 3 Change of directors (where applicable): lodgement under section 58 of the Companies Act 2016

92 4 Other relevant documents K. Notification on withdrawal of a RMO No Description 1 Completed Form 11 as set out in the SC’s website 2 A copy of the written confirmation duly by the director, chief executive and responsible person that the withdrawal has been performed in accordance with relevant securities regulations, in particular paragraphs 10.03 of these Guidelines and any other information as may be required by the SC 3 Other relevant documents L. Notification for changes, amendments, variation and deletion to rulebook for RMO No Description 1 Completed Form 12 as set out in the SC’s website 2 Track changed version of the rulebook and/or its appendices 3 Proposed table of amendments in the manner specified by the SC accompanied by the justification and rationale of the change 4 Evidence of the approval of the board and/or shareholders (where applicable) in relation to the proposed change 5 Other relevant documents

93 APPENDIX 2 FIT AND PROPER CRITERIA A person is considered to be fit and proper if— (a) the person— (i) has not been convicted, whether within or outside Malaysia, of an offence involving fraud or dishonesty, or violence or the conviction of which involved a finding that he acted fraudulently or dishonestly; (ii) has not been convicted, whether within or outside Malaysia, of an offence under securities laws or any laws relating to capital market; (iii) has not been issued, whether within or outside Malaysia, with any compounds or subject to any administrative action taken by a regulator or law enforcement agency for any offence involving bribery, fraud, dishonesty, mismanagement of a body corporate or violence; (iv) has no pending investigations or criminal charge against him in any court of law, whether within or outside Malaysia, for an offence involving bribery, fraud, dishonesty, mismanagement of a company or violence; (v) has not had any civil enforcement action filed against him in any court of law by any regulator or law enforcement agency, whether within or outside Malaysia; (vi) is not an undischarged bankrupt or is in the course of being wound up or otherwise dissolved, as the case may be, whether within or outside Malaysia; (vii) has no execution against him in respect of a judgment debt, whether within or outside Malaysia; (viii) has not, whether within or outside Malaysia, entered into a compromise or scheme of arrangement with its creditors, being a compromise or scheme of arrangement that is still in operation; (ix) is not disqualified to be a director, whether within or outside Malaysia, under the corporation laws or securities laws; and (x) has not had any receiver, receiver and manager or an equivalent person appointed, whether within or outside Malaysia, in respect of any of his property; and (b) the SC is satisfied that— (i) the person is not engaged in any business practices appearing to the SC to be

94 deceitful, oppressive or otherwise improper, whether unlawful or not, or which otherwise reflect discredit on his method of conducting business; (ii) the person is not engaged in or has not been associated with any other business practices or has not conducted himself in such a way as to cast doubt on his competence and soundness of judgment; (iii) the person is not engaged in or has not been associated with any conduct that cast doubt on his ability to act in the best interest of investors, having regard to his reputation, character, financial integrity and reliability; (iv) the person is suitably qualified to assume the position including having the relevant experience and track record; (v) there are no other circumstances which are likely to lead to the improper conduct of operations by the person or reflect discredit on the manner the person would carry out his duties; and (vi) it would not be contrary to public interest to register the person.

95 APPENDIX 3 THIRD-PARTY VALIDATOR

1. An applicant must engage an auditor registered under the Audit Oversight Board to be its third-party validator.
2. An applicant may, in relation to assessing the RMO’s compliance with the relevant SC’s guidelines relating to technology risk management, engage an additional person9 to be its third-party validator provided that such person must– (a) have at least five years of relevant experience relating to technology including cybersecurity, network security, data security and infrastructure security; (b) have the relevant professional certification which is acceptable to the SC (i.e. CISA and CISSP); and (c) be an accredited company that conforms with industry standards for technology risk management (i.e. ISO-ISMS 27001:2013, CREST, SOC 2).
3. A person is not eligible to be a third-party validator if it is denied or disqualified from membership of a recognised professional organisation or subject to any sanction, disciplinary proceedings or investigation which might lead to disciplinary action by any relevant regulatory authority or recognised professional organisation.
4. A third-party validator must be independent of the applicant and the applicant’s shareholders, board and senior management. Specifically, the third-party validator must— (a) be free from any business or other relationship which could interfere with the exercise of independent judgment; and (b) have no economic or beneficial interest, present or contingent, in the applicant being assessed on. 9 To be read together with paragraph A(5) of Appendix 1.

96 APPENDIX 4 TAX EXEMPTION ORDER Exemption Available to Legislation Tax exemption on investment made in an investee company An Investor who made an investment in an investee company on or after 1 January 2021 but not later than 31 December 2023 Income Tax (Exemption) (No.4) Order 2022

97 APPENDIX 5 INVESTOR REPORT TO BE SUBMITTED BY AN ECF OPERATOR FOR VERIFICATION BY THE SC

1. The ECF operator must submit an investor report which shall include the following details: (a) Investee company – name, registration number, legal structure and contact details of the investee company (b) Investor – name, identification details and contact details of the investors; (c) Acquisition of shares – amount, number of shares and the date of investment; (d) Disposal of shares – amount, number of shares and the date the investment is disposed of (if any); and (e) Mode of investment – whether the investor invested directly or via a nominee company.
2. For purposes of paragraph 1(c), the date of investment refers to the closing date of the issuer’s fundraising campaign. However, if the investor exercised his cooling off rights, the investor would not be entitled to apply for the tax exemption.

98 SCHEDULE 1 Declaration on system and operational readiness Chairman Securities Commission Malaysia 3 Persiaran Bukit Kiara Bukit Kiara 50490 Kuala Lumpur (Attention: Institution Supervision Department) Dear Sir, [Name of the Recognized Market Operator (RMO)] Declaration under paragraph 3.04 of the Guidelines on Recognized Markets on system and operational readiness of a Recognized Market Operator

1. We, [name of RMO] hereby notify Securities Commission Malaysia (SC) of our intention to fully commence operations as a Recognized Market Operator (RMO) for [type of RMO e.g. ECF/P2P/DAX/PCF/etc] on [date of intended commencement of operations].
2. We, [name of RMO] hereby declare and confirm that: (a) we have sufficient human, financial and other resources to carry out our operations; (b) we have adequate securities measures, systems capacity, business continuity plan and procedures, risk management, anti-money laundering and fraud prevention procedures, client monies arrangements, data integrity and confidentiality arrangements, and record keeping and audit trail arrangements, for daily operations and to meet emergencies (including contingency plans in the event of cessation of business); (c) we have sufficient information technology (IT) and technical support arrangements which includes system readiness; and (d) we have met all terms and conditions imposed by the SC required to be fulfilled prior to the commencement of our operations.
3. I, [name of director], make this declaration as a director of [name of RMO] under the authority granted to me by a resolution of the board on [date of board resolution].

99 Signature (Director) Signature (Responsible Person) Full Name: Full Name: NRIC or Passport No: NRIC or Passport No: Designation: Designation: Date: Date: