Administrative Actions in 2026

No.	Nature of Misconduct	Parties Involved	Brief description of misconduct	Action Taken	Date of Action
1.	Six (6) breaches of Paragraph 4.17, Section B, Part 1 of the Guidelines on Unlisted Capital Market Products under the Lodge and Launch Framework read together with Section 356(1)(a) of the Capital Markets and Services Act 2007	Muamalat Invest Sdn Bhd	Delay in submitting the statistical returns of six (6) wholesale funds to the SC by two (2) business days.	Total penalty of RM48,000, comprising of a penalty of RM8,000 for each of the six (6) breaches.	5 February 2026
2.	Breach of: (a) Paragraph 7.21 of the Guidelines on Technology Risk Management (effective 19 August 2024) (“GTRM”); (b) Paragraph 6.02 of the GTRM; and (c) Paragraph 9.16 of the GTRM, read together with Section 356(1)(a) of the CMSA.	Pheim Unit Trusts Berhad	Failure to, as part of its technology risk management, implement effective measures to prevent losses from data breach or other acts of internal or external threats, negligence and cyber-attack (“Breach 1”); Failure to establish and implement comprehensive and effective policies and procedures to support the Technology Risk Management Framework (“Breach 2”); and Failure to establish clearly defined communication plan including escalation and decision-making processes to ensure that any adverse effect of a cyber incident is properly managed and recovery action can be initiated quickly (“Breach 3”).	Reprimand for each of the three (3) breaches; and Total Penalty of RM500,000.00 for the three (3) breaches.	8 January 2026

No.

Nature of Misconduct

Parties Involved

Brief description of misconduct

Action Taken

Date of Action

Six (6) breaches of Paragraph 4.17, Section B, Part 1 of the Guidelines on Unlisted Capital Market Products under the Lodge and Launch Framework read together with Section 356(1)(a) of the Capital Markets and Services Act 2007

Muamalat Invest Sdn Bhd

Delay in submitting the statistical returns of six (6) wholesale funds to the SC by two (2) business days.

Total penalty of RM48,000, comprising of a penalty of RM8,000 for each of the six (6) breaches.

5 February 2026

Breach of:

(a) Paragraph 7.21 of the Guidelines on Technology Risk Management (effective 19 August 2024) (“GTRM”);

(b) Paragraph 6.02 of the GTRM; and

(c) Paragraph 9.16 of the GTRM,

read together with Section 356(1)(a) of the CMSA.

Pheim Unit Trusts Berhad

Failure to, as part of its technology risk management, implement effective measures to prevent losses from data breach or other acts of internal or external threats, negligence and cyber-attack (“Breach 1”);
Failure to establish and implement comprehensive and effective policies and procedures to support the Technology Risk Management Framework (“Breach 2”); and
Failure to establish clearly defined communication plan including escalation and decision-making processes to ensure that any adverse effect of a cyber incident is properly managed and recovery action can be initiated quickly (“Breach 3”).

Reprimand for each of the three (3) breaches; and
Total Penalty of RM500,000.00 for the three (3) breaches.

8 January 2026