Compliance Manager & MLRO, Malaysia

About HitPay

Payments infrastructure for businesses scaling in APAC

Tech description:

Our tech stack is PHP Laravel, MySQL, Redis

Job description:

ABOUT THE ROLE

\--------------

HitPay is licensed across five markets and is building out a per-jurisdiction

compliance structure. This role owns regulatory compliance and the MLRO function

for our Malaysia entity end-to-end - you are HitPay's accountable compliance owner

in-market and the BNM-designated Compliance Officer. You'll set local policy, own

the regulator relationship with Bank Negara Malaysia (BNM), and be the single

escalation point and decision-maker for suspicious transaction reporting.

This is a second-line control role: you design and test the controls and own the

STR decision - you are deliberately separate from the first-line AML Operations

team that runs day-to-day onboarding and alert triage.

WHAT YOU'LL OWN

\---------------

Regulatory Compliance

- Own HitPay Malaysia's AML/CFT/CPF and TFS compliance with BNM requirements,

and keep policies and procedures current as regulations and ML/TF/PF

typologies evolve.

- Act as the reference point for all AML/CFT/CPF matters in the Malaysia entity.

- Manage the BNM relationship: regulatory reporting, submissions, examinations,

and correspondence.

- Run independent control testing and periodic assessments of the AML/CFT/CPF

framework's effectiveness - sample reviews, exception-report review, and

remediation tracking.

- Advise the business on new products, corridors, technology and operational

changes, and assess the ML/TF/PF risks they introduce.

- Deliver AML/CFT/CPF training across the Malaysia organisation and ensure

reporting channels are understood and secure.

MLRO

- Serve as the single point to whom all staff escalate suspicion; evaluate

internal escalations from the AML Ops team.

- Make the final determination on, and file, Suspicious Transaction Reports to

BNM's Financial Intelligence and Enforcement Department, with proper

documentation of every decision - including reasoned decisions NOT to file.

- Maintain the independence and authority to escalate directly to senior

management and the Board where needed.

WHAT YOU'LL BRING (MUST-HAVE)

\-----------------------------

- Demonstrable AML/CFT/CPF compliance experience in a BNM-regulated environment

(payments, money services, e-money, banking, or fintech).

- The stature, authority and seniority to influence decisions and stand firm on

compliance positions.

- "Fit and proper" standing - probity, personal integrity and reputation;

competency and capability; financial integrity.

- Working knowledge of the AMLA 2001, BNM AML/CFT/CPF & TFS Policy Documents,

and current ML/TF/PF typologies.

- Sound judgment under ambiguity and a documentation-first habit - your STR

rationale must withstand regulator review.

- Fluency in English and Bahasa Malaysia.

NICE TO HAVE

\------------

- Recognised AML/CFT certification or professional qualification - e.g. CAMS,

ICA, or the AICB AML certification.

- Experience standing up or maturing a compliance function in a scaling fintech.

- Familiarity with screening and transaction-monitoring tooling.