Your Cosec Was Fined RM50,000 Under AMLA. Here Is What That Means for You as a Director.

The RM50,000 fine that every Sdn Bhd director should read about

On 15 April 2026, a Sessions Court in Malaysia sentenced a company secretary to a fine totalling RM50,000 after she pleaded guilty to four charges — two under the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA) and two under the Companies Act 2016.

The cosec: Ardzlyn Hawatul Yuhanis Uyob@Ayob, operating through her firm Continuum Corporate House Sdn Bhd.

The charges: failure to file two Suspicious Transaction Reports (STRs) with Bank Negara Malaysia's Financial Intelligence Unit, as required under s.86 read together with s.14(1)(b) AMLA; and submitting false information to the Registrar of Companies (SSM) in connection with the appointment of a foreign national as a director, contrary to s.593(b) of the Companies Act 2016.

The companies involved: MB International Sdn Bhd and Ascent GT Sdn Bhd, both linked to foreign nationals that Ardzlyn's firm was servicing.

Her practising certificate has since been revoked.

Source: The Star, 4 May 2026 — "Company secretary fined RM50,000 for AMLA breaches, submitting false information"

This is not a cautionary tale about a rogue cosec. It is a structural reminder — for every Sdn Bhd director who signs documents their cosec prepared, and trusts their cosec to file what the law requires.

What actually happened — the facts, plainly

Ardzlyn was charged on 10 December 2025 and pleaded guilty on 15 April 2026. The case turned on two separate failure threads:

Thread 1 — Missed STR filings. Two transactions involving foreign nationals associated with MB International Sdn Bhd and Ascent GT Sdn Bhd triggered the obligation to report to BNM's Financial Intelligence Unit. The obligation arises under AMLA whenever a reporting institution has reasonable grounds to suspect that a transaction involves proceeds of an unlawful activity or is connected to money laundering or terrorism financing. The STRs were not filed. That is the AMLA breach.

Thread 2 — False information to SSM. Ardzlyn submitted information to the Registrar of Companies that was false, specifically in connection with the appointment of one of the foreign nationals as a director of one of the companies she was servicing. This is a criminal offence under s.593(b) Companies Act 2016, which makes it an offence to furnish information to the Registrar knowing it to be false or misleading.

BNM, commenting on the case, stated that failure to fulfil AMLA obligations "may result in enforcement action, including prosecution." The revocation of Ardzlyn's practising certificate — beyond the RM50,000 fine — effectively ends her ability to practice as a licensed cosec.

Why company secretaries are an AMLA reporting institution in the first place

Most Sdn Bhd directors don't think of their cosec as a compliance gatekeeper. They think of her as the person who files the annual return and reminds them to sign resolutions. But under AMLA's First Schedule, company secretaries are designated Reporting Institutions — a category that also includes banks, money service businesses, and certain financial intermediaries.

This designation exists because cosecs sit at the point of company formation and ongoing statutory maintenance. They see who the real beneficial owners are. They process director appointments. They file BO register updates with SSM. They observe client transaction patterns. That visibility makes them — in the FATF and BNM's model — the last line of defence against corporate structures being used to layer illicit funds.

SSM's Guidelines on the Obligations of Company Secretaries as Reporting Institutions (gazetted and updated through 2024) set out the obligations in full. The headline duties are:

A cosec who does not have documented procedures for each of the above rows is already technically non-compliant — regardless of whether any suspicious transactions have actually been detected.

The 4 cosec AMLA failure modes that catch firms out

1. False or unverified Beneficial Ownership declarations

The most common structural failure. A client asks the cosec to incorporate a company and names a beneficial owner. The cosec files the BO register without independently verifying whether the declared owner actually meets the legal definition of beneficial ownership — which under Malaysia's framework means identifying the natural person who ultimately exercises ownership or effective control, typically above the 20% threshold for equity or voting rights.

When foreign nationals are involved — as in the Ardzlyn case — the verification burden is higher because of cross-border identity verification and the absence of MyKAD. A cosec who accepts a foreign passport photocopy and calls it done has not met the standard. If the BO declaration ultimately turns out to be false or a front, the cosec carries exposure for the filing. So does the director who co-signed the incorporation documents.

2. Missed or delayed Suspicious Transaction Reports

An STR obligation arises not when a crime is proven, but when the cosec has reasonable grounds to suspect a transaction may involve proceeds of crime or ML/TF. That is a lower bar than many cosec firms acknowledge in practice.

Red flags that should trigger STR assessment include: foreign nationals appointing local nominee directors with no apparent business rationale; rapid injection of large paid-up capital immediately after incorporation; companies changing beneficial owners multiple times within months; clients who are evasive about the commercial purpose of a transaction. None of these individually requires a crime to have occurred — but each requires the cosec to document the assessment and, where suspicion cannot be ruled out, file the STR with BNM FIU.

The Ardzlyn case suggests that the red flags were present — foreign nationals, multiple companies, director appointment irregularities — and the STRs were not filed.

3. Weak or absent CDD/KYC procedures

SSM's guidelines require cosec firms to maintain a written Customer Due Diligence policy that is applied at client onboarding and refreshed on a risk-based cycle. Many solo cosec practitioners and small firms operate on relationship-based trust — they know their clients personally and don't put verification through a structured process. That is fine until the client turns out to be a problem.

Specifically, the CDD process must include: identity verification of the client entity and its controllers; understanding the nature, ownership, and purpose of the business relationship; screening against BNM's AML/CFT sanctions lists and MAICSA's relevant databases; and documentation of all of the above, retained for 6 years.

A cosec who cannot produce, on request from SSM or BNM, a client CDD file with current documentation has a systematic compliance gap regardless of whether any particular client is problematic.

4. Ignoring red flags on corporate structures

Company secretaries are not expected to be money laundering investigators. But they are expected to apply professional scepticism when a corporate structure has features that — without credible commercial explanation — are associated with risk. These include: nominee shareholder or director arrangements; complex multi-layered share structures with no apparent operational rationale; rapid equity transfers between related entities; or clients who resist providing information about their beneficial ownership.

When a cosec proceeds with a transaction despite documented red flags — or worse, without documenting that the flags were reviewed — they have created a liability position that is difficult to defend in an enforcement proceeding.

What this means for you as a Sdn Bhd director

Your cosec's AMLA exposure is your exposure too.

This is the part that most articles about the Ardzlyn case will not tell you.

If your cosec submits a false statement to SSM about your company's directorship or beneficial ownership, you face separate liability under s.591 of the Companies Act 2016 (making a false statement to SSM) and potentially under s.68(8) (inaccuracy in the beneficial owner register), both of which carry criminal penalties including imprisonment.

You do not need to have known the information was false. The director's duty of care under s.213 Companies Act 2016 includes taking reasonable steps to ensure that information filed on your company's behalf is accurate. "My cosec filed it" is a mitigation argument in a criminal proceeding, not an immunity.

Further: if your cosec failed to file STRs on transactions your company was party to, and those transactions are later connected to a money laundering investigation, your company — and potentially you personally — may be drawn into that investigation as a subject entity. The fact that your cosec was the reporting institution does not quarantine the liability to them.

The practical implication is this: choosing a cosec is a risk-management decision, not a procurement decision. The cheapest licensed cosec on the market may be cheap because they have cut compliance corners. Those corners will be your problem when they are discovered.

5 questions to put to your current cosec right now

You don't need to become an AMLA expert. You need to ask the right questions and get documentable answers.

If your cosec cannot give you clean, confident answers to these five questions, that tells you something material about their compliance posture — and your risk exposure.

What we do differently at Muchen

Muchen Corp Services is a registered company secretary with current practising certificates under MAICSA/MACS. We are registered with SSM as a designated non-financial business and profession (DNFBP) reporting institution under AMLA, and our BNM FIU registration is maintained current.

Our CDD process is documented and applied at every client onboarding: identity verification, beneficial ownership mapping, commercial purpose assessment, sanctions screening. We maintain client records for the full statutory retention period. Our AMLA compliance policy is reviewed annually.

We are not the cheapest cosec in the market. We are the cosec you call when you want to be confident that your company's statutory filings are accurate, your BO register is defensible, and your cosec is not going to hand you a liability problem.

If you want to do a cosec hygiene review — check whether your existing cosec's filings are accurate, your BO register is current, and your company's AMLA exposure is understood — we offer a structured onboarding assessment. No commitment required.

A note on this article

The facts in this article are drawn from The Star's reporting dated 4 May 2026 and from public SSM and BNM regulatory materials. The AMLA section references reflect the Act as in force at the date of publication; sections may be renumbered in future amendments — always verify against the current text.

This article is general awareness content. It is not legal advice. For your company's specific AMLA exposure or compliance position, speak with a qualified legal or compliance professional before acting.

Ready to review your cosec setup? Reach out to Muchen Corp Services for a no-obligation cosec hygiene assessment.