Guidelines on Conduct for Capital Market Intermediaries

`

GUIDELINES ON CONDUCT FOR CAPITAL MARKET INTERMEDIARIES

SC-GL/3-2021 (R2-2024) 1st issued: 31 December 2021 Revised: 1 October 2024

GUIDELINES ON CONDUCT FOR CAPITAL MARKET INTERMEDIARIES Effective Date upon 1st Issuance: 1 April 2022 LIST OF REVISION Revision Series Revision Date Effective Date of Revision Series Number 1st Revision 29.03.2024 01.10.2024 SC-GL/3-2021 (R1-2024) 2nd Revision 01.10.2024 01.10.2024 SC-GL/3-2021 (R2-2024)

CONTENTS Page Chapter 1 INTRODUCTION 2 Chapter 2 APPLICABILITY 3 Chapter 3 RELATED PROVISIONS 4 Chapter 4 DEFINITIONS 5 Chapter 5 ROLE OF BOARD AND SENIOR MANAGEMENT 7 Chapter 6 TREATMENT OF CLIENTS 8 Chapter 7 TREATMENT OF VULNERABLE CLIENTS 11 Chapter 8 CARE, SKILL AND DILIGENCE 14 Chapter 9 PERSONAL ADVICE 15 Chapter 10 CONFLICT OF INTEREST 24 Chapter 11 CLIENTS’ ASSETS AND INFORMATION 25 Chapter 12 COMMUNICATION WITH CLIENTS AND REGULATORS 27 Chapter 13 ONLINE PLATFORMS 30

2 Chapter 1 INTRODUCTION 1.01 The Guidelines on Conduct for Capital Market Intermediaries (Guidelines) is issued by the Securities Commission Malaysia (SC) pursuant to section 377 of the Capital Markets and Services Act 2007 (CMSA). 1.02 These Guidelines aim to foster good business conduct and a good corporate culture within all capital market intermediaries, that focuses on the delivery of the following outcomes to all clients, including vulnerable clients: Outcome 1: Clients are confident that they are dealing with a capital market intermediary whose corporate culture and core values embody the honest and fair treatment of clients, and who gives due regard to the interests of the clients. Outcome 2: Clients are provided with clear, relevant and timely information to enable them to make informed decisions before, during and after the point of sale, including the costs, risks and important exclusions or limitations. Outcome 3: A capital market intermediary and its representatives exercise reasonable care, skill and diligence in carrying on or providing a capital market related service. Outcome 4: Clients receive personal advice that is suitable in view of their particular circumstances. Outcome 5: Clients’ complaints are handled in a fair, transparent, timely, efficient and effective manner. Outcome 6: Clients’ assets are protected from the risk of loss, fraud or insolvency of the capital market intermediary. Outcome 7: Clients’ information is protected from the risk of loss, theft, misuse, or unauthorised disclosure, access or modification. 1.03 These Guidelines set out general conduct requirements that must be adhered to by a capital market intermediary and its representatives, insofar as applicable, when carrying on or providing a capital market related service. 1.04 Clients must not be denied the outcomes set out in paragraph 1.02 even if a capital market intermediary uses digital technology to carry on or provide a capital market related service. 1.05 These Guidelines also set out principles and requirements applicable to a capital market intermediary carrying on or providing a capital market related service on or through an online platform.

3 Chapter 2 APPLICABILITY 2.01 These Guidelines apply to a capital market intermediary and its representatives who carry on or provide a capital market related service as defined in paragraph 4.01. 2.02 A capital market intermediary must not exclude nor modify its compliance with any requirement set out under these Guidelines through any provision, clause or term contained in any agreement, contract or document provided to a client. 2.03 To assist with the interpretation and application of the requirements under these Guidelines, Guidance has been provided, where appropriate. Any departure from the Guidance can be taken into consideration in the SC’s assessment on whether a breach of these Guidelines has occurred. 2.04 However, a capital market intermediary may choose to adopt its own approach instead of the Guidance, provided it is able to explain to the SC why it had departed from the Guidance and how its own approach has enabled it to meet the requirements.

4 Chapter 3 RELATED PROVISIONS 3.01 These Guidelines are in addition to and not in derogation of any other requirements provided for under securities laws or any other guidelines issued by the SC. 3.02 Where a capital market intermediary and its representatives are subject to more than one conduct requirement, the strictest requirement shall apply. 3.03 For avoidance of doubt, compliance with these Guidelines does not relieve any person from other obligations which may be imposed on the person under any other written law or by any other relevant regulator. 3.04 These Guidelines shall supersede and replace the following: (a) Guidelines on Online Transactions and Activities in relation to Unit Trusts; and (b) Guidelines on Marketing and Distribution of Unit Trust Funds.

5 Chapter 4 DEFINITIONS 4.01 Unless otherwise defined below, all words used in these Guidelines shall have the same meaning as defined in the CMSA. In these Guidelines, unless the context otherwise requires– CMSL means the Capital Markets Services Licence granted by the SC pursuant to section 61 of the CMSA; capital market intermediary means– (a) a CMSL holder; (b) a registered person; or (c) a person registered under section 76A of the CMSA to provide capital market services; capital market related service means the carrying on of any regulated activity or provision of any capital market service; client includes a prospective client; personal advice means a recommendation or statement of opinion on a specific capital market product which is tailor-made to a client based on his particular circumstances; representative means a person, by whatever name called– (a) in the direct employment of, or acting for, or in arrangement with, a capital market intermediary; and (b) who carries on for that capital market intermediary any capital market related service, whether or not he is remunerated, and whether his remuneration, if any, is by way of salary, wages, commission or otherwise; senior management means– (a) a person, by whatever name called, having the authority and responsibility for planning, directing or controlling the activities of the capital market intermediary,

6 including the chief executive and chief financial officer; and (b) any other person performing any function as may be specified by the SC; vulnerable client means a natural person who, due to his personal circumstances, may require a capital market intermediary to exercise more care when dealing with the person. ‘Natural person’ includes an individual or any individual running a sole proprietorship or partnership that is not a corporation.

7 Chapter 5 ROLE OF BOARD AND SENIOR MANAGEMENT 5.01 A capital market intermediary’s board of directors must ensure that the capital market intermediary has in place controls, policies and procedures (CPP) to ensure compliance with these Guidelines. The board must ensure that the CPP are– (a) appropriate to and commensurate with the nature, scale and complexity of the business of the capital market intermediary and are properly documented; (b) continuously monitored for their compliance; and (c) reviewed on a regular basis to ensure they remain relevant and effective.

5.02 A capital market intermediary’s senior management must– (a) implement and monitor the effectiveness of the CPP; (b) support the board to establish a corporate culture that focuses on delivering the outcomes set out in paragraph 1.02; (c) communicate the capital market intermediary’s commitment to deliver the outcomes set out in paragraph 1.02 to its representatives; (d) ensure that breach of any of the CPP are identified and appropriately acted upon; and (e) align the recruitment, training, appraisals and reward or incentive structures to the capital market intermediary’s prioritisation of clients’ interests. Accountability for compliance 5.03 A capital market intermediary, its board of directors and representatives are responsible for compliance with the requirements under these Guidelines. 5.04 Where there is a breach of any requirement under these Guidelines, the capital market intermediary, and its board of directors, are liable for such breach whether or not such breach was committed or caused by the said capital market intermediary’s representatives.

8 Chapter 6 TREATMENT OF CLIENTS 6.01 A capital market intermediary and its representatives, in carrying on or providing a capital market related service, must act with honesty and fairness, and give due regard to the interests of their clients to safeguard the integrity of the capital market. 6.02 Pursuant to paragraph 6.01, a capital market intermediary and its representatives must, among others– (a) treat all clients, including vulnerable clients, honestly and fairly at all stages of their relationship with the capital market intermediary; (b) avoid engaging in any misleading or deceptive acts, or attempting to engage in misleading or deceptive acts; (c) avoid making or providing, any false or misleading statements or information; (d) provide information in a manner that is– (i) timely, clear, complete, accurate, and does not omit any material information; (ii) fair and balanced; and (iii) sufficient to enable clients to make informed investment decisions; Guidance to paragraph 6.02(d)(iii) A capital market intermediary and its representatives should ensure that a client is sufficiently informed of the risks associated with the client’s investments. (e) when giving personal advice, have regard for the particular circumstances of each client and only offer capital market products that are suitable to such client; (f) disclose to clients all fees and charges payable by the client and the basis for such fees and charges, including any charges that may be payable in the future and which amount is not known at the time of the transaction. Disclosure of fees and charges may be in the form of percentage or a range; (g) ensure that reward or incentive structures do not result in clients being treated unfairly or offered unsuitable capital market products or services. Reward or

9 incentive structures must be designed to encourage responsible business conduct, fair treatment of clients and avoid conflicts of interest; (h) deal with clients’ complaints and disputes in a fair, transparent, timely, efficient and effective manner which includes ensuring that– (i) sufficient resources are allocated to handle and resolve complaints; (ii) timeframes for resolving complaints are established to ensure that each complaint is dealt with in a timely manner; (iii) an assessment of the circumstances and underlying causes of each complaint or recurring complaints is carried out in an equitable and objective manner; (iv) appropriate action is taken to rectify any issue identified pursuant to the assessment carried out; (v) the basis for the decision is explained when responding to clients; (vi) clients are kept abreast of the review of a complaint regularly; and (vii) complete records of all complaints received and the outcome of the review of such complaints are kept; (i) inform clients of their right to compensation or other forms of redress including their right to refer their disputes, if applicable, to an alternative dispute resolution body such as the Securities Industry Dispute Resolution Center (SIDREC); (j) avoid any unethical practices that can result in adverse outcomes for its clients; and (k) avoid acting in a manner that would actually or potentially bring the capital market into disrepute. 6.03 A capital market intermediary must also ensure that its representatives– (a) are appropriately authorised under securities laws or registered with the capital market intermediary to carry on or provide any capital market related service, where applicable; (b) are competent and have the necessary skills and expertise reasonably expected of a person carrying on or providing such capital market related services, and to deliver the outcomes in paragraph 1.02; and

10 (c) undertake continuous training to maintain and update their knowledge and skills, to deliver the outcomes in paragraph 1.02. 6.04 A capital market intermediary and its representatives must also take reasonable steps to explain to the client the implications of any non-negotiable provisions, clauses or terms under a contract or document which affect his rights and obligations, and in particular provisions, clauses or terms that may– (a) exclude or limit the capital market intermediary’s liability to the client; (b) impose on the client, any liability, or obligation to indemnify the capital market intermediary; (c) limit or restrict the client’s right to switch, redeem or liquidate a product; or (d) enable the capital market intermediary to unilaterally change contract terms that may result in the client being prejudiced, including imposing additional charges or fees to the client.

11 CHAPTER 7 TREATMENT OF VULNERABLE CLIENTS 7.01 A capital market intermediary must have in place CPP that, among others, enable the capital market intermediary and its representatives to identify and respond appropriately to a vulnerable client. Guidance to paragraph 7.01

Identifying vulnerable clients

(a) A capital market intermediary’s CPP should enable it and its representatives, as reasonably practicable, to identify a vulnerable client. Identification of a vulnerable client can be through the capital market intermediary’s processes or the client’s own disclosure. (b) The non-exhaustive list of indicators below may signal to a capital market intermediary or its representative that it is dealing with a vulnerable client: (i) Disabilities1 – clients with disabilities that may affect their ability to make an informed decision. (ii) Life events – clients who have experienced adverse life events resulting in temporary or long-term financial hardship such as unemployment, or death or total permanent disability of the main breadwinner. (iii) Financial resilience – clients with a low ability to withstand financial shocks such as clients who are overly-indebted, have cash flow problems or have no savings. (iv) Capability – clients with low knowledge of financial matters, low confidence in managing money or low capability in other relevant areas such as literacy, language or digital skills. (v) Age – Senior citizens who may be less technologically able. (c) The CPP on identification should be flexible and adaptable given that clients’ vulnerabilities may manifest differently for each client, and clients are at risk of becoming vulnerable at a later stage. (d) The CPP may include requiring the client to disclose any vulnerabilities that the client is aware of to the capital market intermediary and its 1 Refers to long-term: (a) hearing impairment; (b) visual impairment; (c) speech impairment; (d) physical impairment; or (e) learning impairment such as dyslexia or low spectrum autism.

12 representatives. The client should also be informed that it is in the client’s interest to disclose this information and that such information will only be used to facilitate the provision of service that is appropriate to the needs of that client. (e) A capital market intermediary and its representatives should not place reliance solely on the response provided by the client as some clients may not want to disclose their vulnerability. (f) As such, a capital market intermediary and its representatives should also give due regard to how the client responds. Key considerations include– (i) Can the client hear and understand what is being said? Does the client ask the speaker to slow down or to speak louder? Does the client repeatedly ask to clarify what is being said? (ii) Does the client stay on topic and hold a conversation that is coherent, or does he appear distracted or confused? Are the client’s questions relevant to and typical for the discussion being had? (iii) Does the client take an unusually long time to answer a question or struggle to process the information provided to him? Is he coherent and fluent in the language being used? (iv) Does the client indicate that he may have a disability or impairment based on his voice, pronunciation, breathing, hearing or ability to understand the conversation? Responding appropriately to vulnerable clients (a) Having identified a vulnerable client, a capital market intermediary and its representatives are expected to respond appropriately to the vulnerable client. (b) A client should not be denied access to a capital market product or service just because he is vulnerable. Instead, the capital market intermediary and its representatives should be prompted to consider what additional measures should be taken in order to ensure that the client is not denied the outcomes set out in paragraph 1.02. (c) Additional measures may include– (i) allowing the vulnerable client sufficient time to process information that has been provided to him;

13 (ii) clarifying whether the client is comfortable with the method of communication, and offering to provide details in an alternate format, such as, via post or email for clarity; and (iii) asking the client whether he would like to consult someone else first or require someone else to be present with him when advice is given. (d) The CPP should also be able to alert other representatives of the capital market intermediary who may have to deal with the identified vulnerable client to enable them to respond appropriately to him. 7.02 A capital market intermediary must ensure that its representatives are trained to be able to identify and respond to vulnerable clients. Guidance to paragraph 7.02 Training should include the use of positive language, empathy, active listening and other specialist communication techniques.

14 Chapter 8 CARE, SKILL AND DILIGENCE 8.01 Clients are entitled to expect competence from a capital market intermediary and its representatives. As such, a capital market intermediary and its representatives must exercise reasonable care, skill and diligence when carrying on or providing a capital market related service. 8.02 In exercising reasonable care, skill and diligence, a capital market intermediary and its representatives, as the case may be, must have regard to, among others, the following: (a) Design and distribution of capital market products and services. A capital market product or service must be designed to meet the needs of an identified client group and only be made available to clients within the identified client group. (b) Treatment of vulnerable clients. A capital market intermediary and its representatives must take steps to identify and respond appropriately to a vulnerable client, in accordance with Chapter 7. (c) Protection of clients’ assets. A capital market intermediary and its representatives must ensure the protection of its clients’ assets against fraud, scams and misuse, in accordance with paragraph 11.02. (d) Protection of clients’ information. A capital market intermediary and its representatives must ensure the protection of its clients’ information against the risk of loss, theft, misuse, or unauthorised disclosure, access or modification, in accordance with paragraphs 11.03 – 11.05. (e) Design and implementation of controls, policies and procedures. A capital market intermediary must design, implement and regularly review its CPP to achieve its intended outcomes, as required under paragraph 5.01. (f) Provision of information and advice. A capital market intermediary and its representatives must ensure that information provided to clients is in accordance with paragraphs 6.02(c) and (d). In addition, when giving advice, a capital market intermediary and its representatives must ensure that it has a reasonable basis for the advice and that it is not presented in a manner that is misleading. Where personal advice is given, a capital market intermediary and its representatives must also ensure compliance with the requirements set out in Chapter 9.

15 CHAPTER 9 PERSONAL ADVICE 9.01 Subject to paragraph 9.03, the requirements under this chapter apply to a capital market intermediary and its representatives, other than a person registered under section 76A of the CMSA or its representative. 9.02 For avoidance of doubt, the requirements under this chapter are applicable irrespective of whether– (a) the personal advice was given at the client’s request or at the capital market intermediary’s own initiative; or (b) a fee has been charged for the personal advice. 9.03 The requirements under this chapter do not apply in the following circumstances: (a) A capital market intermediary or its representatives giving advice which is incidental to their dealing in securities, other than personal advice on structured products and unlisted unit trust funds; (b) A capital market intermediary or its representatives giving advice which is incidental to their dealing in standardized derivatives; (c) A capital market intermediary or its representatives providing fund management services, including digital investment management services, giving advice pursuant to an investment management agreement in accordance with the Guidelines on Compliance Function for Fund Management Companies; (d) A capital market intermediary or its representatives carrying on the business of financial planning and who give general portfolio allocation advice; (e) A capital market intermediary or its representatives issuing or promulgating analyses and research reports in accordance with the Guidelines on Market Conduct and Business Practices for Investment Analysts and Their Analysts; and (f) A private equity corporation, private equity management corporation, venture capital corporation or venture capital management corporation, giving advice in relation to investments made by the private equity corporation, private equity management corporation, venture capital corporation, or venture capital management corporation, as the case may be.

16 Dispensation of the requirements under Chapter 9 9.04 Where a capital market intermediary and its representatives are required to comply with the requirements under this chapter, these requirements may be dispensed with where– (a) the client is an accredited investor2 ; (b) the client is a high-net worth entity3 who has in writing signified that it wishes to opt out from being subjected to the requirements set out in this chapter; (c) the transaction is in relation to over-the-counter (OTC) derivatives contracts entered solely for hedging purposes;4 (d) the client tops-up his investment in an existing capital market product with the same capital market intermediary that has previously complied with the requirements under paragraph 9.07; or (e) the capital market intermediary has previously complied with the requirements under paragraph 9.07 in relation to a client and recommended to the client a range of capital market products that take into account the client’s particular circumstances, and the client then seeks to invest in a capital market product which is within the range of capital market products that has been recommended. 9.05 Where paragraph 9.04(d) or (e) applies, the capital market intermediary may rely on information previously provided by the client only if the client confirms at the time of the transaction that there are no material changes to the information. 9.06 In the case of a private retirement scheme, in addition to paragraph 9.04, the requirements under this chapter may be dispensed with where− (a) a client does not make a specific selection within a scheme and therefore a selection is chosen for the client by way of default; (b) a client switches to a selection within the default option based on his age category; (c) an employer channels contributions for the employees; or 2 ‘Accredited investor’ is a category of investor as set out under the Guidelines on Categories of Sophisticated Investors. 3 ‘High-net worth entity’ is a category of investor as set out under the Guidelines on Categories of Sophisticated Investors. 4 A transaction is considered to have been entered solely for hedging purposes where it satisfies the requirements under paragraph 1.03 of the Guidelines on Product Highlights Sheet (formerly known as the Guidelines on Sales Practices of Unlisted Capital Market Products).

17 (d) a client transfers accrued benefits from a private retirement scheme provider to an existing private retirement scheme account of another private retirement scheme provider. Specific requirements in relation to giving personal advice 9.07 Prior to giving personal advice, a capital market intermediary and its representatives must− (a) explain to or inform the client of the following before gathering the client’s information: (i) The purpose for gathering the information, which is to enable the capital market intermediary and its representatives to give personal advice that is suitable to the client, having regard to the client’s particular circumstances. In this regard, the capital market intermediary and its representatives must explain that it is in the client’s interest to provide information on his particular circumstances which is current, accurate and complete; (ii) Any inaccurate or incomplete information provided by the client will affect the personal advice given to the client and that the capital market intermediary will not be made accountable for such personal advice; and (iii) The risk involved in investing all or a large portion of the client’s available funds, including savings and retirement funds, in one capital market product. (b) form a reasonable basis for the personal advice to ensure that the personal advice given is suitable to the client; (c) take any other step that would reasonably be regarded as being for the benefit of the client given the client’s relevant circumstances; and Guidance to paragraph 9.07(c) What steps are taken by the capital market intermediary or its representatives are dependent on the circumstances surrounding the giving of the personal advice. Steps that may be taken include, but are not limited to− (a) assessing whether the capital market intermediary or its representatives have the expertise on the product or financial management, where such advice has been sought. If the capital market intermediary or its representatives do not have the necessary expertise, they should decline to provide the personal advice on such matters; or

18 (b) acting in accordance with the capital market intermediary’s CPP on the treatment of vulnerable clients when giving personal advice to a client who has been identified as a vulnerable client. (d) document the information gathered from the client and the personal advice given to the client in accordance with paragraphs 9.12 – 9.17. ‘Reasonable basis’ in giving personal advice 9.08 In ensuring there is a reasonable basis for personal advice given, a capital market intermediary and its representatives must, for the purposes of paragraph 9.07(b), undertake the following: (a) Gather sufficient information on the client’s particular circumstances (Client Information), which includes the following: (i) Background information that would enable the capital market intermediary and its representatives to carry out ‘customer due diligence’ as required under the Guidelines on Prevention of Money Laundering and Terrorism Financing for Reporting Institutions in the Capital Market and any indicators of vulnerability; (ii) Financial situation e.g. employment status, amount of income, financial commitments, assets and liabilities, number of dependents; (iii) Investment objectives and needs e.g. purpose of investment, duration of investment, capital protection security, investment preferences such as sustainable and responsible investments (SRI) or Islamic-based investments; (iv) Risk tolerance e.g. amount of losses the client is willing to bear; and (v) Level of knowledge and investment experience for the purposes of determining that the client has sufficient understanding of the features and risk associated with the product recommended e.g. client’s educational qualification, training, work experience, investment experience and current investment portfolio. The required level of knowledge and investment experience should also correspond to the complexity of the capital market product.

19 Guidance to Paragraph 9.08(a)(v) In the case of complex capital market products such as structured products, investment-linked to derivatives, etc., a client should possess a diploma or higher qualification in the relevant field, for example, finance, economics, actuarial sciences, etc., or having work or investment experience to demonstrate that he has sufficient understanding of the features and risks associated with investing in such products. (b) Ascertain that the Client Information gathered is current, accurate, complete and sufficient for the purposes of giving personal advice; Guidance to paragraph 9.08(b) A capital market intermediary and its representatives should update the Client Information, at the very least, on an annual basis. Where a form is used to gather Client Information, the capital market intermediary should design the form in a manner which ensures that the information gathered is an accurate representation of the client’s circumstances. In this regard, answers in the form should not be limited to pre-determined options as this could restrict a client from reflecting his actual objectives or needs. Instead, clients should be allowed to provide any other information that is not captured in the pre-determined options. (c) Conduct a review of the Client Information gathered and the products that are the subject matter of the personal advice, as may be reasonable in the circumstances; and Guidance to paragraph 9.08(c) A capital market intermediary and its representatives should− (a) identify the client’s investment objectives and needs; and (b) conduct a reasonable review into each product that is likely to meet the client’s investment objectives and needs, having regard to the client’s financial situation, risk tolerance, and knowledge and investment experience. A ‘reasonable review into each product’ requires the capital market intermediary and its representatives to consider alternative products

20 that can be offered that is likely to meet the client’s investment objectives and needs. The consideration for alternative products may be confined to the products within the capital market intermediary’s offering. (d) Match products that are suitable to the client based on a consideration and analysis of both, the Client Information and the product review conducted. A product is suitable if it is likely to meet the client’s investment objectives and needs, having regard to the client’s financial situation, risk tolerance, and knowledge and investment experience. Illustrations to paragraph 9.08(d)

Illustration 1 Mr A indicates that he wishes to invest in a capital market product for a period of five years which would give him a return of at least 4% on his investments. In this instance, the capital market intermediary should first conduct a review on the products that are likely to yield such return in the said duration. Having analysed the client’s financial situation, risk tolerance, and knowledge and investment experience, the capital market intermediary should only recommend the products shortlisted from its review that would also be consistent with Mr A’s financial situation, risk tolerance and knowledge and investment experience. Illustration 2 Mr A indicates that he wishes to invest in SRI funds. Upon assessing Mr A’s circumstances, the capital market intermediary determines that Mr A’s financial situation, risk tolerance and investment experience would not only match a particular SRI fund within its offering (SRI Fund), but his circumstances would also match one other unit trust fund (Fund B) that is riskier and more complex than the SRI Fund. The capital market intermediary, in this instance, may only recommend Fund B to Mr A after he recommends the SRI Fund to Mr A. On the other hand, where Mr A has not indicated interest in any product, the capital market intermediary may recommend any product that it determines to be suitable to Mr A’s circumstances. 9.09 Where due to the client’s financial situation, risk tolerance or knowledge and investment experience, a capital market intermediary and its representatives are not able to match and recommend a capital market product that would likely meet the

21 client’s investment objectives and needs or which the client has indicated an interest in, the capital market intermediary and its representatives must– (a) not make a recommendation of any capital market product; and (b) explain to the client why the capital market intermediary and its representatives are not able to recommend any capital market product, including the reasons for lack of suitable capital market products. 9.10 Notwithstanding paragraph 9.09, a capital market intermediary and its representatives may recommend an alternative capital market product to the client, provided that the client’s consent is obtained, and the alternative capital market product matches the client’s financial situation, risk tolerance, and knowledge and investment experience. Illustration to paragraphs 9.09 and 9.10 Mr A indicates to a capital market intermediary that he wishes to invest in a structured product as he believes this would give him higher returns in a shorter investment period when compared to unit trust funds. Upon assessing Mr A’s risk tolerance and knowledge and investment experience, the capital market intermediary determines structured products would not be suitable for Mr A. The capital market intermediary instead identifies two unit trust funds (Funds Y and Z) within its offering that would match Mr A’s risk tolerance, financial situation, and knowledge and investment experience, but that may not yield the expected returns of a structured product. In this scenario, the capital market intermediary should–

(a) not recommend structured products to Mr A; (b) explain to Mr A why he is unable to recommend structured products i.e. the risks associated with structured products and why Mr A’s risk tolerance and knowledge and investment experience would not render structured products to be suitable to him; and (c) recommend Funds Y and Z, provided that the capital market intermediary has first obtained Mr A’s consent to recommend alternative products. In the event Mr A still chooses to proceed to purchase a structured product despite the personal advice given, the capital market intermediary must still ensure that the personal advice is properly documented in accordance with paragraphs 9.12 – 9.17, including obtaining the written acknowledgement set out in paragraph 9.16(b) from the client.

22 Modified requirements in relation to giving personal advice on or through online platforms 9.11 A capital market intermediary who gives personal advice on or through an online platform is deemed to have complied with the requirements under paragraphs 9.07(b) and (c), provided that–

(a) the information gathered from the client is not limited to the Client Information set out in paragraph 9.08(a)(i); (b) the entire process by which the information in paragraph 9.11(a) is gathered is automated and there is no intervention by any person in the process, except where necessary to provide technical assistance to the client or to correct any inconsistencies as set out in paragraph 9.11(d); (c) the platform is programmed with compulsory questions, which are answered by the client, to effectively identify and warn or filter out any client for whom the capital market product is unsuitable; (d) the platform is programmed to be able to detect any inconsistent responses provided by the client, and all inconsistent responses are resolved before any personal advice is given to the client; and (e) the client is alerted prior to the transaction that the personal advice given through the online platform is only based on the information gathered from the client. Documentation and other requirements 9.12 A capital market intermediary and its representatives who give personal advice to a client must document the information gathered from the client. 9.13 A capital market intermediary and its representatives who give personal advice to a client must furnish to the client a document containing the following: (a) The information and warnings in paragraph 9.07(a); (b) A summary of the information gathered from the client; and (c) The personal advice given to the client and the basis for the personal advice. 9.14 The document referred to in paragraph 9.13 must be signed by both the capital market intermediary or its representative, as the case may be, and the client.

23 9.15 A capital market intermediary and its representatives must obtain a written acknowledgement from the client that− (a) all information disclosed by the client is current, accurate and complete; (b) the client has understood the features and risks of the product which forms the subject matter of the personal advice; and (c) the client has received a copy of the relevant prospectus or product highlights sheet prior to or at the time the personal advice was given. 9.16 Where applicable, a capital market intermediary and its representatives must also obtain written acknowledgement from the client that the client does not want to− (a) provide any information requested by the capital market intermediary or its representative; (b) accept the personal advice given and has chosen to proceed with a transaction in another capital market product which is not recommended by the capital market intermediary or its representative; or (c) receive any personal advice given by the capital market intermediary or its representative, before the client signs on the application form for the purchase of a capital market product or gives his consent to dispose of a capital market product. 9.17 A capital market intermediary and its representatives must retain all documents referred to in paragraphs 9.12, 9.13, 9.15 and 9.16 in an easily accessible form and place for a period of at least seven years.

24 Chapter 10 CONFLICT OF INTEREST 10.01 A capital market intermediary and its representatives must identify and avoid any actual or potential conflict of interest. Guidance to paragraph 10.01 A conflict of interest may arise as between– (a) the capital market intermediary and its clients; (b) the capital market intermediary’s representatives and its clients; or (c) a client and another client. 10.02 Where a conflict of interest cannot be avoided, the capital market intermediary must have adequate arrangements in place to effectively mitigate or manage the conflict of interest including– (a) disclosing any material interest or conflict to clients; and (b) taking all reasonable steps to ensure fair treatment of clients before proceeding with the transaction. 10.03 Any disclosure made to address an actual or potential conflict of interest must be timely and accurate to enable clients to make an informed assessment as to whether such conflict is managed appropriately and not detrimental to the clients’ interests. 10.04 A capital market intermediary must, among others– (a) give priority to the clients’ interests where there is a conflict between the clients’ interests and its own, if any; (b) disclose to a client, any actual or potential conflict of interest which may affect the fair treatment of the client including where a capital market intermediary pays or receives any fees, commission or benefit from third parties in respect of its product or service; and (c) ensure that any fees, commission or benefit paid to the capital market intermediary and its representatives does not result in the capital market intermediary and its representatives recommending any unsuitable capital market product or service to the client.

25 Chapter 11 CLIENTS’ ASSETS AND INFORMATION 11.01 A capital market intermediary and its representatives must protect clients’ assets and information. Clients’ assets

11.02 A capital market intermediary must, among others– (a) have appropriate and effective controls for identifying and accounting for clients’ assets; (b) have appropriate and effective controls to protect clients’ assets from any risk of loss arising from misappropriation, fraud or the insolvency of the capital market intermediary; (c) ensure clients’ assets are segregated from the capital market intermediary’s assets; and (d) ensure clients are– (i) informed of the capital market intermediary’s ‘client asset protection’ policies including details relating to claims on any interest earned; and (ii) regularly updated in relation to assets held on the clients’ behalf. Clients’ information 11.03 A capital market intermediary must have in place appropriate and effective CPP to protect clients’ information from any risk of loss, theft, misuse, or unauthorised disclosure, access or modification. A capital market intermediary must, among others, ensure that it– (a) maintains clients’ information in a secure manner; and (b) has in place CPP that define the purposes for which clients’ information may be collected, processed, held, used, modified, disclosed or accessed, especially where such clients’ information may be disclosed to or accessed by third parties, and that acknowledge clients’ rights regarding consenting to data-sharing, disclosing or accessing their data. 11.04 A capital market intermediary must not use clients’ information for its own or a third party’s interests or disclose clients’ information to an unauthorised party except under circumstances required by law.

26 11.05 A capital market intermediary must have in place appropriate and effective CPP to deal with any loss, theft, misuse, or unauthorised disclosure, access or modification of clients’ information to ensure, among others– (a) where necessary, the timely reporting and effective co-operation with the relevant authorities; (b) that clients’ are informed about breaches impacting their information and redress such as the prompt correction or deletion of inaccurate or unlawfully collected or processed information; and (c) that appropriate measures are taken to address any harm arising from the breach and preventing its recurrence.

27 Chapter 12 COMMUNICATION WITH CLIENTS AND REGULATORS 12.01 A capital market intermediary and its representatives must at all times carry on or provide a capital market related service in a manner which promotes open and effective communication with clients and regulators. Communication with clients 12.02 A capital market intermediary and its representatives must– (a) be accessible to its clients within a capital market intermediary’s business or operation hours to ensure that clients are attended to in a timely and efficient manner; (b) communicate with its clients proactively, regularly and in clear and simple language. Where the use of technical terms is necessary, a capital market intermediary must take steps to explain such terms used; (c) ensure any information provided to the client is in accordance with paragraphs 6.02(c) and (d); and (d) review its modes of communication regularly to ensure that information is circulated to clients in the most efficient, effective and fair manner possible. Communication with regulators 12.03 A capital market intermediary and its representatives must– (a) communicate with the SC and other regulators in an open and professional manner; (b) provide the SC with documents and information when requested and within the time limits prescribed, or where such time limit is not prescribed, within a reasonable time; (c) comply with any directive issued by the SC or take any action required by the SC; (d) comply with all terms and conditions imposed on the capital market intermediary upon being licensed or registered, and only act within the authority permitted of the capital market intermediary;

28 (e) upon becoming aware of any actual or potential breaches of securities laws including guidelines or directives issued or any terms or conditions imposed by the SC, promptly report the matter to the SC; and (f) comply with all other reporting obligations. Submission of data to the SC 12.04 A capital market intermediary and its representatives must submit to the SC, data5 that is required by the SC in a timely manner. 12.05 Any data submitted to the SC must be fit for purpose, current and provided in accordance with paragraphs 6.02(c) – (d)(i) and (ii). Guidance to paragraph 12.05 In complying with paragraph 12.05, a capital market intermediary and its representatives should ensure the following: (a) Accuracy. A capital market intermediary and its representatives should ensure that they maintain information which is error-free so that it can be used as a reliable source by the SC. In ensuring accuracy, a capital market intermediary and its representatives should check that information entered into the capital market intermediary’s system matches the source document of the information. For example, if a company is registered as ‘ABC Sendirian Berhad’ in its registration document, the company should be entered into the capital market intermediary’s records as ‘ABC Sendirian Berhad’, and not ‘ABC Sdn Bhd’. (b) Completeness. A capital market intermediary and its representatives should ensure that they maintain information which is complete and fit for purposes required by the SC. In ensuring completeness, a capital market intermediary and its representatives should take steps to ensure that there are no missing details in its clients’ profiles (e.g. IC number, address, contact number, etc.). (c) Consistency. A capital market intermediary and its representatives should ensure that they maintain information which is consistent across its data ecosystem and throughout the lifecycle of the information. 5 Data includes information, especially facts or numbers, collected to be examined, considered and used to help decision-making, or information in an electronic form that can be stored and used by a computer.

29 For example, if the client’s name is entered into the system as ‘ABC Sendirian Berhad’, the capital market intermediary should ensure that the client’s name is consistently recorded as ‘ABC Sendirian Berhad’ throughout the capital market intermediary’s data ecosystem. (d) Currency. A capital market intermediary and its representatives should ensure that they maintain information which is up-to-date. In ensuring currency, a capital market intermediary and its representatives should have CPP in place to enable clients’ information to be updated in an efficient and timely manner. (e) No duplication. A capital market intermediary and its representatives should ensure that there is no duplication or overlap in its system. A capital market intermediary and its representatives should have data validation rules in place to ensure that information collected from clients is not accidentally entered into the system more than once whether by human error or technical error.

30 Chapter 13 ONLINE PLATFORMS 13.01 For the purposes of this chapter, ‘online platforms’ include any digital channel, service or application on or through which a capital market related service is carried on or provided. 13.02 The principles and requirements set out in this chapter must be complied with by a capital market intermediary who carries on or provides a capital market related service on or through an online platform. 13.03 For the purposes of this chapter, it matters not whether a capital market intermediary owns the online platform or is utilising a third party’s online platform. Where the capital market intermediary utilises a third party’s online platform, the capital market intermediary remains responsible for ensuring compliance with the requirements under this chapter. Applicable Principles Platform design and operation 13.04 A capital market intermediary must ensure that the online platform is appropriately authorised, and properly designed and operated in compliance with all applicable laws, regulations and guidelines, including the Personal Data Protection Act 2010 and the Guidelines on Technology Risk Management6 . 13.05 A capital market intermediary must, among others, ensure that– (a) clients who purchase a capital market product or service on or through an online platform are accorded with the same rights that would otherwise be available in relation to the capital market product or service distributed or provided through other channels or means; (b) adequate client on-boarding arrangements and processes are put in place for the purposes of complying with the Guidelines on Prevention of Money Laundering and Terrorism Financing for Reporting Institutions in the Capital Market; (c) it gives due regard to, among others, the complexity of a capital market product or service in the selection of capital market products or services to be hosted on the online platform. Products and services hosted on an online platform must 6 For the avoidance of doubt, the Guidelines on Technology Risk Management will apply only to: (a) a CMSL holder; (b) a person specified to be a registered person under Part 2 of Schedule 4 of the CMSA; and (c) a person registered under section 76A of the CMSA.

31 only be made available to the intended target market for those products or services. Given their complexity, certain products should not even be hosted on an online platform; (d) where an online platform does not give personal advice, clients are alerted that the platform is not giving any personal advice to the client; (e) where applicable, effective controls are put in place to identify and warn or filter out clients for whom the capital market products or services are unsuitable (for example, knock-out/compulsory questions); (f) any risk-profiling of a client performed by the online platform is carried out with care; (g) the online platform obtains and retains records or documents that the capital market intermediary is required to obtain and retain under securities laws, guidelines, directives issued or any terms or conditions imposed by the SC;7 and (h) ensure that any actual or potential conflicts of interest which can compromise clients’ interests are avoided, mitigated or managed. Product promotion and information 13.06 A capital market intermediary must ensure that– (a) any promotions conducted or advertisements placed on the online platform complies with securities laws or any other relevant guidelines, including the Guidelines on Advertising for Capital Market Products and Related Services; and (b) the online platform complies with paragraphs 6.02(c) and (d). Risk management 13.07 A capital market intermediary must, among others– (a) ensure that there are proper audit trails to track access and transactions by its clients; (b) in the event of any material delay or failure by the online platform, ensure that clients are notified of the possible causes or causes of such delay or failure and how client orders will be handled; 7 These documents and records would include e.g. the documents and client acknowledgements as set out in paragraphs 9.12, 9.13, 9.15 and 9.16 that a capital market intermediary who gives personal advice is required to retain.

32 (c) in the event of a disruption, have alternative arrangements in place for order execution and to deal with enquiries by clients; and (d) ensure confidentiality, protection, and privacy of any personal information and proprietary information transmitted by the client, subject to any requirement of law requiring disclosure of such information to or by the online platform. Reporting of incidents on online platforms 13.08 The table below sets out how capital market intermediaries must notify and report incidents to the SC. ‘Incidents’ for the purposes of this paragraph 13.08 refer to technology incidents, cyber incidents or near miss events, as defined under the Guidelines on Technology Risk Management. Capital market intermediary Manner of notifying and reporting CMSL holder In accordance with paragraphs 10.03 and 10.04 of the Guidelines on Technology Risk Person specified to be registered Management. person under Part 2 of Schedule 4 of the CMSA Person registered under section 76A of the CMSA Person specified to be registered person under Part 1 of Schedule 4 of the CMSA Report and notify to the SC via email to supervision@seccom.com.my, on the day of the occurrence of the incident or near miss event. The notification must include the details set out in Appendix 5 of the Guidelines on Technology Risk Management. Person registered with a recognized self-regulatory organization under section 323 of the CMSA Person registered under subsection 76(2) of the CMSA Governance, capabilities and resources 13.09 A capital market intermediary must ensure that there is in place robust governance arrangements for overseeing the online platform’s operation, and there is adequate human, technology and financial resources available to ensure that the online platform is able to operate properly. 13.10 A capital market intermediary must, among others, ensure that–

33 (a) there are in place adequate managerial and supervisory controls to manage the risks associated with the use of the online platform; and (b) there is a person who is responsible for the overall management and supervision of the online platform and for the purposes of liaising with the SC. Requirements applicable to the use of algorithms 13.11 Where the online platform utilises algorithms, a capital market intermediary must, among others, ensure that– (a) it has the necessary technological capabilities and governance structure such as– (i) the capability and capacity to formulate and implement effective algorithm tools for the undertaking of the capital market related services, including sufficient understanding of the rationale, risks and rules behind the algorithms; and (ii) in the case of digital investment advisers, the ability to identify and filter out clients for whom the digital investment advisory service is not appropriate; (b) it has sufficient resources to monitor and supervise the performance of algorithms to ensure that they perform as intended; (c) there is proper documentation of the design and development of the algorithms; (d) the methodology of the algorithms is sufficiently robust; (e) there are in place CPP to monitor and test the online platform’s algorithms on a regular basis to ensure that they are performing as intended; and (f) clients are informed of– (i) the assumptions, limitations and risks of the algorithms; (ii) the circumstances under which the online platform may override the algorithms; and (iii) any material adjustments made to the algorithms.