To the Leadership and Teams at Bank Negara Malaysia,
We welcome Bank Negara Malaysia’s Discussion Paper on Asset Tokenisation in the Malaysian Financial Sector and commend the clarity with which it frames both the opportunity and the responsibility before us.
Tokenisation, when approached without discipline, risks becoming another layer of complexity in an already intricate financial system. When approached responsibly, however, it can become something far more important: a means to modernise financial infrastructure while strengthening trust, accountability and systemic resilience.
Tokenisation Is Not About The Underlying Assets Alone. It Is About Control
Much of the global conversation around tokenisation has focused on what can be tokenised. Less attention has been paid to how control, accountability and enforcement operate once financial logic becomes programmable.
Bank Negara Malaysia’s emphasis on:
-
compliance-by-design,
-
permissioned access,
-
clear allocation of responsibility, and
-
preservation of monetary integrity
And this raises an important insight: the real innovation challenge is governance, not technology.
Tokenisation does not remove the need for regulation. It raises the bar for how regulation must be embedded directly into the supporting infrastructure.
Infrastructure Must Reduce Risk, Not Re-Distribute It
As Malaysia explores tokenised financial services, one principle should be our Northstar:
Innovation should not shift risk to weaker actors, obscure accountability, or dilute supervisory visibility.
Infrastructure must therefore:
-
Separate execution from authority
-
Ensure every action is attributable, verifiable and reversible within law
-
Prevent “code as excuse” failures where responsibility becomes unclear
Risk continues to live with licensed institutions.
Programmability as a Tool for Stronger Compliance
Properly designed, programmable systems can strengthen regulatory outcomes.
Rules that are:
-
embedded at the point of execution,
-
enforced before transactions occur, and
-
continuously evaluated rather than periodically reviewed
They can reduce operational risk, human error and post-event remediation. Policy intent must be faithfully and consistently executed across increasingly complex financial workflows.
Security Must Be Architectural, Not Perimeter-Based
As financial services become more interconnected and automated, traditional perimeter-based security models are no longer sufficient.
In a tokenised environment:
-
every system call is a potential risk event
-
every integration is a trust boundary
-
every workflow must assume zero implicit trust
Security therefore must be cryptographic, identity-bound and policy-validated by default, rather than assumed through network access or institutional affiliation.
This is foundational to maintaining confidence in a future financial system where execution is increasingly machine-driven.
Co-Creation Is the Right Path Forward
We strongly support Bank Negara Malaysia’s co-creation approach through the Digital Asset Innovation Hub and Industry Working Groups.
Malaysia’s strength lies not in copying external models, but in shaping an approach that reflects our regulatory maturity, institutional depth and public-interest mandate.
A Shared Objective
At its core, tokenisation should be about:
-
making financial infrastructure more reliable,
-
making compliance more enforceable, and
-
making trust more systemic rather than personal.
We look forward to contributing constructively to this journey and to engaging further through the formal consultation process.
Respectfully,