Introduction
The Labuan Financial Services Authority (“Labuan FSA”), established under the Labuan Financial Services Authority Act 1996, continues to enhance its regulatory framework with the issuance of the Guidelines on Compliance Function for Labuan Financial Institutions (2025) (“Guidelines”), which came into effect on 1 January 2026.[1] The Guidelines reflect Labuan FSA’s ongoing focus on strengthening compliance standards and reinforcing governance practices within the Labuan Financial Institutions (“LFIs”). As a transitional measure, existing LFIs are granted a six-month period to comply with the Guidelines by 1 July 2026.[2]
1. Why the New Compliance Guidelines Matter
The Guidelines have placed greater emphasis on ensuring that financial institutions maintain effective compliance frameworks as part of their core operational structure. It sets out Labuan FSA’s minimum expectations on the establishment and operation of a compliance function within LFIs. They recognise compliance as a key corporate culture and define “compliance risk” as the risk of legal or regulatory sanctions, financial loss, or reputational damage arising from non-compliance with applicable laws, regulations and internal policies.[3]
The compliance function is expected to provide independent assurance to the Board of Directors (“Board”) and senior management on the institution’s level of compliance. In this respect, the Guidelines underscore that compliance is not merely a procedural requirement but a core governance function within the organisation itself.[4] Notably, the Guidelines reinforce the role of governance in managing compliance risk by making clear that the ultimate responsibility rests with the Board and the Principal Officer.[5] This reflects a shift towards stronger accountability at the leadership level, where compliance is embedded as part of the institution’s overall governance and control framework rather than treated as a purely operational function.
2. Who Must Comply: Labuan Financial Institutions in Scope
The Guidelines are applicable to any person licensed or approved by Labuan FSA to carry on the following business:[6]
i. Labuan banking business or investment banking business under Part VI of the Labuan Financial Services and Securities Act 2010 (“LFSSA”);
- Labuan Islamic banking business or Islamic investment banking business under Part VI of the Labuan Islamic Financial Services and Securities Act 2010 (“LIFSSA”);
- Labuan insurance or reinsurance business under Part VII of the LFSSA, excluding Labuan captive insurance business;
- Labuan takaful business or retakaful business under Part VII of the LIFSSA, excluding Labuan captive takaful business;
- Labuan insurance-related activities or Labuan takaful-related activities under Part VII of the LFSSA and Part VII of the LIFSSA, respectively, excluding Labuan insurance managers and Labuan takaful managers;
- Fund manager of a public fund or an Islamic public fund under Part III of the LFSSA and Part IV of the LIFSSA;
- Labuan trust company business under Part V of the LFSSA, excluding Labuan managed trust companies;
- Money-broking business or Islamic money-broking business under Part VI of the LFSSA and Part VI of the LIFSSA, respectively;
- Securities licensees or Islamic securities licensees under Part IV of the LFSSA and Part V of the LIFSSA, respectively;
- Credit token business or Islamic credit token business under Part VI of the LFSSA and Part VI of the LIFSSA, respectively;
- Exchanges established under Part IX of the LFSSA;
Although the Guidelines provide certain entity exclusions, such as Labuan captive insurers, captive takaful operators and Labuan managed trust companies, these entities are encouraged, as a matter of best practice, to rely on their respective managers in managing compliance risks and maintaining regulatory standards in a manner appropriate to their business operations.[7]
In addition, the Guidelines have taken a proportionate approach where it recognizes that compliance arrangements may differ depending on the size, complexity and risk profile of the institution.[8] Smaller or less complex entities may adopt more streamlined compliance arrangements, including reliance on group-level compliance functions or outsourcing to external service providers, subject to appropriate safeguards and continued accountability to Labuan FSA.[9] In such cases, the institution remains responsible for ensuring that the outsourced or group arrangements are effective and adequately oversee compliance risks.
By contrast, larger or more complex institutions are expected to establish a dedicated and independent compliance function, supported by sufficient resources, expertise and direct access to senior management and the Board.[10] This includes ensuring clear reporting lines, ongoing monitoring of compliance risks and the ability to provide independent assurance on the institution’s overall compliance posture.
This proportionate approach ensures that compliance expectations remain practical while maintaining appropriate standards of governance and accountability across the industry.
3. What the Compliance Function Must Do in Practice
At its core, the compliance function is responsible for making sure that a LFI complies with all applicable laws, regulations and internal policies.
The Guidelines make clear that its role extends beyond mere adherence checks. At a minimum, the function must identify, assess and monitor compliance risks on an ongoing basis, ensuring that the institution’s internal policies and controls remain aligned with applicable legal and regulatory requirements.[11]
The compliance function is further expected to stay updated on developments within the business so that potential risks can be picked up early, and apply a risk-based approach by focusing more attention on higher-risk areas.[12]
The function must also establish clear reporting and escalation mechanisms. Material breaches, deficiencies or potential issues are to be promptly reported to senior management and the Board, together with appropriate recommendations[13]. In this respect, the compliance function serves not only as a control function, but also as a key point of assurance within the organisation.
4. Roles of the Board, Management and the Compliance Officer
The effectiveness of the compliance framework ultimately depends on a clear and coherent allocation of responsibilities across the organisation, with each level playing a complementary role.
At the apex, the Board of Directors and the Principal Officer bear ultimate responsibility for ensuring that an appropriate and effective compliance framework is established, taking into account the nature, complexity and risk profile of the institution’s business.[14]
In complementing the Board, Senior Management plays a key role in implementing and maintaining the compliance framework. This includes ensuring that compliance policies remain effective and up-to-date, allocating adequate resources to the compliance function, and ensuring that material compliance issues are escalated and addressed in a timely manner.[15]
The Compliance Officer, in turn, is responsible for the day-to-day execution of the compliance function. This includes overseeing compliance monitoring, advising on regulatory requirements, maintaining the compliance manual, and ensuring that breaches are properly identified, addressed and prevented from recurring.[16] Importantly, the Guidelines also require that a Compliance Officer be formally appointed, with the individual possessing the necessary competence, experience and authority to carry out the role effectively.[17] This reinforces the expectation that the function is not merely nominal, but is supported by a suitably qualified and empowered individual within the organisation.
Taken together, this reflects an integrated approach in which oversight, implementation and independent control operate in tandem to support an effective compliance function.
5. Link with AML/CFT and Targeted Financial Sanctions
Although the Guidelines are not limited to financial crime, they are designed to operate alongside Labuan FSA’s Guidelines on Anti‑Money Laundering, Countering Financing of Terrorism and Targeted Financial Sanctions (“AML/CFT/CPF” and “TFS”) for Labuan Key Reporting Institutions.[18]
Those AML/CFT/CPF/TFS guidelines, issued pursuant to the Anti‑Money Laundering, Anti‑Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLATFA) and the Labuan Financial Services Authority Act 1996, set out detailed obligations on customer due diligence, ongoing monitoring, suspicious transaction reporting, sanctions screening and governance.[19]
The compliance function is expected to support and, where appropriate, oversee the LFI’s AML/CFT and TFS programme.[20] In practice, this includes providing input into AML/CFT risk assessments, overseeing the implementation of CDD and transaction monitoring measures, and ensuring that findings from internal audit, external reviews or regulatory inspections are followed up and remediated.[21]
The AML/CFT//CPF/TFS guidelines also emphasise that the Board and senior management of Labuan key reporting institutions are responsible for putting in place effective AML/CFT measures and ensuring that the AML/CFT risk management function is integrated with the institution’s overall risk management framework, which aligns with the governance expectations under the Guidelines.[22]
6. Implementing the Guidelines: Practical Steps and Key Takeaways
From an implementation perspective, Labuan FSA expects LFIs to review their existing frameworks against the revised Guidelines and address any identified gaps.[23] A structured gap analysis should consider governance arrangements, the mandate and independence of the compliance function, staffing and resources, policies and procedures, monitoring and testing frameworks, reporting lines and documentation.[24] LFIs should then develop an implementation or remediation plan with clear priorities, timelines and accountable owners, proportionate to their size and risk profile.
Smaller or less complex institutions can leverage the proportionality principle but remain responsible for meeting the core outcomes of effective compliance risk management and governance. They may rely on group resources or external service arrangements for certain compliance activities, but outsourcing does not transfer accountability, and the Board and senior management of the LFI retain ultimate responsibility for compliance with Labuan laws and Labuan FSA requirements.[25]
Conclusion
While the proportionality principle allows flexibility in implementation, the underlying message remains consistent across all LFIs: compliance must be independent, adequately resourced and firmly embedded within the organisation’s governance framework. The heightened emphasis on Board and senior management accountability further signals that compliance is a shared responsibility at the highest levels of the institution.
Ultimately, the Guidelines signal a clear regulatory direction towards stronger accountability, enhanced governance and a more structured approach to compliance risk management. LFIs should therefore view compliance not merely as a regulatory obligation, but as an integral part of sustainable business operations. With the transitional period in place, institutions are encouraged to take proactive steps to align their frameworks with the Guidelines so as to ensure a smooth and timely implementation by 1 July 2026.
Authors:
- Suzanne Kurian
- Wan Muhammad
- Fadhil Azim
[1] Paragraph 4.1 of the Guidelines on Compliance Function for Labuan Financial Institutions revised by Labuan Financial Services Authority on 10 September 2025 (“the Guidelines”)
[2] Paragraph 4.2 of the Guidelines
[3] Paragraph 1.1 of the Guidelines
[4] Paragraph 1.2 of the Guidelines
[5] Paragraph 1.3 of the Guidelines
[6] Paragraph 2.1 of the Guidelines
[7] Paragraph 2.2 of the Guidelines
[8] Paragraph 6.3.5 of the Guidelines
[9] Paragraph 6.4 of the Guidelines
[10] Paragraph 6.3.5 of the Guidelines
[11] Paragraph 7.2.1 of the Guidelines
[12] Paragraphs 7.2.2 & 7.6 of the Guidelines
[13] Paragraphs 7.5 & 7.7 of the Guidelines
[14] Paragraph 7.1.2 of the Guidelines
[15] Paragraph 7.1.3 of the Guidelines
[16] Paragraphs 7.2 & 7.3 of the Guidelines
[17] Paragraph 6.3 of the Guidelines
[18] Paragraph 6.3.4 of the Guidelines
[19] Guidelines on Anti-Money Laundering, Countering Financing of Terrorism and Targeted Financial Sanctions for Labuan Key Reporting Institutions (AML/CFT and TFS for Labuan KRIs) updated by Labuan Financial Services Authority on 21 May 2024
[20] Paragraph 6.3 of the Guidelines
[21] Guidelines on Anti-Money Laundering, Countering Financing of Terrorism and Targeted Financial Sanctions for Labuan Key Reporting Institutions (AML/CFT and TFS for Labuan KRIs) updated by Labuan Financial Services Authority on 21 May 2024
[22] Part B.2 of the Guidelines on Anti-Money Laundering, Countering Financing of Terrorism and Targeted Financial Sanctions for Labuan Key Reporting Institutions (AML/CFT and TFS for Labuan KRIs) updated by Labuan Financial Services Authority on 21 May 2024
[23] Paragraph 7.4.2 of the Guidelines
[24] Paragraph 7.4.1 of the Guidelines
