This article first appeared in Digital Edge, The Edge Malaysia Weekly on September 23, 2024 - September 29, 2024
In April 2022, Bank Negara Malaysia issued five digital banking licences, signalling a step towards financial inclusion in the country. Three of the digital banks — AEON Bank (M) Bhd, GX Bank Bhd and Boost Bank Bhd — have since launched their platforms, saying they aim to cater to the underserved communities. Two more digital banks, one by the consortium of Sea Ltd and YTL Digital Capital Sdn Bhd and the other led by KAF Investment Bank, are expected to follow soon. But as these platforms roll out with promise of accessibility and innovation, the question arises: Will this push for financial inclusion be delivered, or is it just a well-crafted marketing strategy?
“Financial services are more like a necessity now than anything because people need to be able to pay for stuff and other things. All communities that live in Malaysia should have access to these and people who don’t are underserved, which includes refugees and the elderly who are having issues accessing financial services,” says Dr Melati Nungsari, associate professor of economics at the Asia School of Business.
“From the personal conversations I have had about digital banks, it appears that the people who have already signed up and taken advantage of all these great returns and stuff for now have been mainly the richer people, to be honest.”
According to the 2023 RinggitPlus Malaysian Financial Literacy Survey, 71% of the respondents said they could only save RM500 or less each month, while 67% stated their emergency savings could only last them three months or less.
Despite being cash-strapped, Malaysian households continued to allocate 60.7% of their income to consumption expenses in 2022, the Khazanah Research Institute points out in its report The Financialization of Our Lives: Values and Trade-offs, highlighting a shift towards spending rather than saving.
The report also said that more than half (55%) of Malaysians spend exactly or more than what they earn each month, effectively living paycheque to paycheque. This combination of low saving rate and insufficient emergency funds underscores the urgent need for improved financial literacy and education across the country.
With the recent launch of digital banks, which promise greater accessibility and financial inclusion, there is hope to foster better saving habits among the public, particularly the underserved.
Beyond the bottom 40% income earners (B40) and micro, small and medium enterprises (MSMEs), the digital banks should also consider other underserved communities such as the immigrants, refugees and unbanked. While these groups represent a smaller percentage of the population, they should not be overlooked.
The first step toward financial inclusion for digital banks should be reducing the requirements for proof of identification for access to their services. It should be noted that providing education and reaching out to underserved communities are key to achieving true financial inclusion in the country.
“I can see the value of not having to go to a physical bank for communities who live far away or are hard to serve outside of urban areas. But if the digital banks really want to be different from traditional banks, they need to actually do things that make sense for these communities. Fewer identification requirements and less paperwork would be an example of these,” says Melati.
In addition to promoting financial inclusion, digital banks face the challenge of balancing their social mission with the need to remain profitable. In their applications to the central bank, they are required to maintain minimum capital funds of RM100 million and be unimpaired by losses for the first three to five years, also known as the foundational phase. After this period, the required capital is increased to RM300 million.
Applicants for the digital bank licence had to provide comprehensive details on their deployment of technology as well as address cybersecurity issues and IT governance. During the foundational phase, a cap of RM3 billion is placed on the asset size of digital banks.
Ultimately, digital banks will need to generate sufficient revenue streams, such as through lending products or transaction fees, without compromising on their commitment to inclusivity, say industry players.
Word on the street
Boost Bank chief technology officer Steven Gan is cognisant of the challenge. He stresses that the bank is working to break down barriers to allow users who don’t even have a traditional bank account to open a digital bank savings account.
Gan says that on a recent work trip to Kuala Terengganu, he came across many potential users who were unfamiliar with digital banking and had limited financial resources.
“When we did on-the-ground interviews at Mydin Bukit Mertajam, of the 500 users who came in, 97% said they did not have RM2,000 on hand to begin with. We want to stitch together the ecosystem and get the right momentum of saving and spending behaviour for these underserved customers,” he adds.
Gan wants to offer guidance to the underserved segment and eventually encourage saving and investing literacy. “Through BoostMyMoney, we hold monthly campaigns to bring awareness to them on how their funds are being managed and to give them financial literacy because cash is still power in some parts of Malaysia.”
Digital banks will need to join forces with the central bank and government to educate users who are not familiar with digital payment services.
“We are working to allow foreigners to come in as well after we have all the robust anti-money laundering (AML) security tools in place, together with the National Fraud Portal (NFP) built by Paynet,” says Gan.
While the NFP and MyDigital ID system by the government are underway, there is still a gap in onboarding immigrants or foreigners due to their limited financial resources and lack of digital literacy. Traditional banks might consider them high risk, making it difficult for them to access financial services.
However, Gan sees this as an opportunity. “We have adopted a very stringent AML ruling to detect not just your transaction monitoring and behavioural pattern, but also your digital activity.”
By leveraging data from transactions, digital activity and even geolocation tagging with user consent, the digital bank can develop a more sophisticated risk assessment system. This will allow it to onboard high-risk customers while implementing a robust fraud detection framework.
Gan envisions a future where Boost Bank becomes an essential financial platform, particularly for the underserved population in Malaysia. It aims to achieve this by partnering with a vast network of businesses, from major corporations to local merchants. Extending beyond mere convenience, by creating a unified financial ecosystem, he hopes to empower the underserved to save and invest their money.
Meanwhile, AEON Bank focuses on supporting suppliers and entrepreneurs by leveraging the strong retail presence of its parent company as a means of promoting financial inclusion.
While larger, established enterprises are well supported by conventional banks, smaller suppliers — such as those providing fresh produce or locally made goods to supermarkets — often struggle to secure seed capital or funding.
“Some might think the underserved only means B40 individuals. But for us, it is crucial to be more inclusive, and that means extending the much-needed financial funding to enhance someone’s economic situation,” says AEON Bank CEO Raja Teh Maimunah Raja Abdul Aziz.
“Therefore, it is key that we offer a solution to support these smaller suppliers and vendors that have been a very important part of our ecosystem. If their cash flow improves, they can thrive and grow their business at a sustainable scale.”
Instead of just providing financial assistance, AEON Bank wants to help MSMEs develop sustainable business practices and skills so they can thrive independently in the long run. The large funding gap of RM90 billion for MSMEs indicates that there is a significant unmet demand for financial services that are tailored to their specific needs.
Hildah Hamzah, chief of staff at GXBank, says the bank has made significant progress in promoting financial prudence, with 750,000 users setting up more than 800,000 Savings Pockets. This feature allows customers to grow their savings without the limitations of a fixed deposit lock-in period, ensuring they retain the accrued interest without penalty.
“We are still a young bank, but our mission is clear. We are constantly exploring and fine-tuning our efforts to serve the underserved. An example is the more than 750,000 users who have set up more than 800,000 Savings Pockets, which goes to show how we are making headway in addressing pain points of Malaysians when it comes to financial resilience,” she adds.
“Malaysia is ready and wants equitable access to banking services anytime, anywhere. With the proliferation of smartphones improving connectivity across the country, and coupled with our Impian GIGih efforts, we are confident that we can be the bridge for the underserved to help them achieve greater financial resilience and realise their financial goals.”
Impian GIGih is the digital bank’s financial inclusion and literacy programme through which it offers bursaries and financial assistance to empower the underserved demographic.
Hildah says the bank will roll out its first lending product, GX FlexiCredit, designed to help its customers have access to funds with affordable interest rates. The product aims to address pain points such as access to credit, especially for individuals who have challenges due to limited financial history.
“We define the underserved as the group of individuals and businesses that have limited or no access to useful and affordable financial products and services that meet their financial needs — transactions, payments, savings, credit, insurance and more,” she adds.
In the long run, GXBank hopes to address the longstanding needs of MSME customers. It hopes to provide an end-to-end digital engagement to enhance convenience and accessibility for all Malaysians.
Access to finance in a cashless world
The rapid rise of digitalisation is transforming financial services, with digital banks standing as a prime example of its impact. As the economy continues to evolve, it is becoming clear that digital financial services will play a central role in the future of payment solutions.
“We will definitely see an increased trajectory in terms of the usage of digital payment solutions and also cashless solutions,” says Johnson Yu, founder and CEO of e-wallet operator Evolet.
Evolet is one of the players striving to help migrant workers and the underserved with their financing needs. The e-wallet operator started out by catering to migrant workers after a conversation Yu had with his grass trimmer, which made him realise the importance of having a secure place to save money, especially for the underserved and unbanked.
While e-wallets differ from digital banks in the sense that they do not have any extended banking features in their system, they are still drivers of digital payments and access to finance.
Receiving their salaries in cash creates a lot of downtime for migrant workers as it necessitates a visit to the bank or money changer, while putting their cash at risk of being stolen.
“Before this, [people] received their salary via either bank or cash. But in terms of the underserved and unbanked, they do not use a bank account or do not know how to use a bank account,” Yu points out.
“In terms of migrant workers, a lot of them do not have bank accounts. So, getting their salary electronically in an e-wallet makes a difference for them.”
Financial literacy varies from one person to another among the migrant community, but their needs are comparatively simple. Yu says remittance is the most common transaction among Evolet’s users and that migrant workers, as well as those in the B40 and M40 groups, spend more than half of their salary on necessities.
“One is to provide for their family, two is for food, three is for necessities, which is connectivity, like their prepaid reloads. So, it basically depends on what they need,” he elaborates.
This is why Yu believes that digital banks can offer the accessibility needed to help underserved communities manage their finances more easily on a monthly basis.
Having been developed primarily for the unbanked and underserved, Evolet has features that have been designed to help those with lower digital literacy. For instance, it uses simple and straightforward icons to inform users what actions to take.
Going the extra mile, the e-wallet operator uses WhatsApp as its main mode of customer support as the app is familiar to many. Yu points out that WhatsApp also has accessibility features such as voice notes and camera calls for users to show the situation at hand.
Evolet, a white-label app under ManagePay Systems Bhd, has received approval from Bank Negara Malaysia, authorising it to operate its e-wallet services. The platform ensures that all users complete the electronic Know Your Customer (eKYC) process, and safeguards users' funds by holding them in a trust account.
“That itself is really secure [because] e-wallet players aren’t able to actually touch the money. Even if the company is no longer there, the money will still be there,” he assures.
Ensuring robust security
As digital banks aim to provide solutions for underserved communities that lead to greater financial inclusion, they must balance ease of access with robust security measures.
While accessibility is crucial to reaching underserved populations like migrant workers and the B40 and M40 income groups, ensuring their financial data is protected is equally important. Any failure in security could disproportionately harm those already vulnerable, undermining the very goal of digital banks to foster financial empowerment.
Identity fraud is becoming a pressing problem, with losses resulting from identity theft totalling more than US$635 billion in 2023, according to the Q3 2023 Digital Trust & Safety Index published by Sift, which calls itself an artificial intelligence-powered fraud decisioning platform.
With digital banks offering 24/7 accessibility and no physical barriers, their mechanisms can be a double-edged sword, leaving room for threats like AI-driven fraud and deepfake technology to infiltrate their systems.
“For personal banking, we’re fully digital, app-based and cloud-based. Our customers’ touchpoints are 100% online, so architecturally, the approach is quite different and the security protocols are also distinct. As a Shariah-compliant digital bank, we focus on providing accessible, safe, inclusive and ethical banking solutions for your everyday digital payments needs,” AEON Bank (M) Bhd CEO Raja Teh Maimunah Raja Abdul Aziz tells Digital Edge.
The lack of public awareness also contributes to the number of scams that are out there. These include the use of deepfake imagery or deceptive phone calls to trick those who are not educated on such tactics.
“The education of users and the public requires cooperation between regulators and banks. Awareness campaigns should cover areas such as the role of mule accounts in financial transactions, for instance in fraudulent activities like money laundering. Second, legal implications or severe penalties, including hefty fines and imprisonment, and third, life-long implications of not being able to have access to banking services,” says Vincent Mok, chief risk officer at GX Bank Bhd.
Some of the red flags that GXBank looks out for is rapid movement of funds, where the speed and frequency of transfers out of an account following incoming transactions can be a critical indicator of mule activities. It also has digital risk intelligence to analyse the online behaviour and digital footprint of users.
“To ensure seamless yet safe user experience, we apply optimisation and synchronisation techniques on both our verification and our backend AML and fraud checking requirements process. Additionally, our eKYC solutioning applies numerous control checkpoints to ensure complete and accurate verification,” says Mok.
“Bank Negara Malaysia has actually imposed stricter governance against us. For example, we need to make sure that our app is always updated and has end-of-life support. This is to make sure all the security patches are enforced on all devices,” says Boost Bank Bhd chief technology officer Steven Gan.
Turning challenges into advantages, Boost Bank has migrated its entire base from a shared secret key to a public-private key tokenisation.
A shared secret key is a single secret key used to encrypt and decrypt data. While efficient, it poses a significant risk. It opens up the possibility of stolen keys, which can mean signed software with vulnerabilities or malware being distributed with the company’s name on it.
A public-private key tokenisation involves generating a pair of keys for each user or transaction, a public key for encryption and a private key for decryption. This system is much more secure as the private key remains confidential with the user.
“We created embedded banking in our standalone bank app to marry the entire identity management with Ping Identity,” says Gan. Ping Identity provides federated identity management and self-hosted identity access management (IAM) solutions to web identities and single sign-on solutions.
Boost Bank is using Amazon Web Services as its cloud service provider, with Ping Identity’s PingOne advanced identity cloud (AIC) to help remove the day-to-day operational handling for the team. This means upgrades and patches to the systems are taken care of automatically.
“As a new bank, we are just coming to the market and we are burning a lot of cash flow to build the systems, yet we are not acquiring anything. By adopting the software-as-a-service (SaaS) model with AIC, we basically have that day-to-day operational handling too. However, the customer’s personally identifiable information is still within the bank and goes through a tokenisation,” he says.
By combining AIC with its cloud service provider, Boost Bank does not have to worry about managing the complexities of a high security system. The AIC acts as a gatekeeper to verify users’ identity before granting access and is a self-updating security system to protect itself against new threats.
Boost Bank is enabling more access and convenience for customers with the identity cloud services with Ping Identity but also focusing on server bio captures to safeguard users from scams and fraudulent transactions.
“That is where we basically lift the cooling-off period by having a step-up authentication with server bio. You no longer need to make a transaction or limit change with a username or password. All they need to do is use facial recognition capturing from the cloud, not the device,” says Gan.
Triggering cybersecurity systems to be smart enough to detect threats is also pertinent. As much as AI has enhanced the complexities of cyberthreats, it also has the potential to stop such threats by integrating it into cybersecurity systems.
“Identity fraud is very real these days, with AI being really smart in creating deepfakes and targeting very money-driven industries, such as banks. It is important for organisations to continuously invest in AI to stop the cyberattacks,” says Jasie Fon, vice-president at Ping Identity Asia.
Ping Identity has been investing more in its PingOne Protect, which triggers mitigation tools to block attacks and allow legitimate users to authenticate easily, she says.
“For example, in the way you use your mobile device. If you are left-handed, you usually swipe with your left, right? But if suddenly somebody else is using the right to swipe, even though I can get your fingerprint through other means, you know that, hey, I may want to call for a second factor authentication,” she explains.
Simply put, it means individuals will own and manage their digital identity rather than relying on centralised authorities. Fon sees the future of identity and access management evolving and hopes to have a decentralised identity system in place.
“So, decentralised identity really lowers the hazard of users having to maintain and manage many identities across different applications and become a centralised storage for users to decide who they are going to give the information to,” she says.
Additionally, Boost Bank is operating on a single tenanted cloud. With single-tenant architecture, the hosting provider helps manage the dedicated infrastructure and software instance, but the tenant retains near full control over the software and infrastructure customisation.
Most single-tenant delivery models provide a high degree of user control and engagement, security, reliability and backup capabilities. Each tenant is in an isolated environment, so tenants have more flexibility than a shared infrastructure model.
“The cloud is just one of the security systems that we actually have in place. But in the phone itself, we also enable a mobile security platform called Zimperium,” says Gan.
Zimperium is a mobile security platform purpose-built for enterprise, securing both mobile devices and applications so they can securely access data.
“It detects all the malware or whatever, you know, fraudulent transactions that try to access your mobile, the bank app itself will auto-reject it. So, any geo-broken devices or malware devices that have any unauthorised access, we break it up front. That is how we safeguard from the user angle, starting from the endpoint, which is the mobile app itself, all the way to the cloud,” he says.
With more data centres entering the country, Boost is looking to migrate its data back to Malaysia as a primary region, with Singapore being its disaster recovery backup location.
Note: The original version of this article stated that Evolet is an independently operated app and the government protects users’ money through the Malaysia Deposit Insurance Corporation. This has been corrected.
Save by subscribing to us for your print and/or digital copy.
P/S: The Edge is also available on Apple's App Store and Android's Google Play.