1. OVERVIEW
On 11 March 2026, the National Defense and Security Council of the Republic of the Union of Myanmar enacted the Anti-Money Laundering Law 2026 (Law No. 16/2026) (the “AML Law“), repealing the prior Anti-Money Laundering Law (Pyidaungsu Hluttaw Law No. 11/2014). AML Law introduces strengthened obligations for all reporting organizations including banks, financial institutions, and Designated Non-Financial Businesses and Professions (“DNFBPs“) and carries significant criminal and administrative penalties for non-compliance. This client alert summarizes the key provisions that reporting organizations should be aware of and act upon.
2. WHO IS COVERED?
Reporting organizations include banks and financial institutions, DNFBPs, and any individual, company, or organization designated by the Central Body by notification. DNFBPs comprise the following categories:
- casinos;
- real estate agents;
- dealers in precious metals and gemstones;
- lawyers, notaries public, independent legal professionals, and accountants who carry out or prepare to carry out activities involving the transfer, acceptance, or entrustment of funds or property for or on behalf of clients;
- persons providing trust or company services, such as acting as agents for company formation, acting as directors or secretaries of companies, or providing registered office or business address services;
- persons acting as trustees or performing equivalent functions for legal arrangements; and
- persons acting as nominee shareholders or arranging for others to do so.
3. KEY COMPLIANCE OBLIGATIONS
A. Risk Assessment
A reporting organization must conduct risk assessments relating to money laundering, terrorist financing, and proliferation financing. Such assessments, together with significant supporting
evidence, must be documented in writing, kept up to date, and made readily available to relevant government departments or organizations.
B. Customer Due Diligence (CDD)
CDD must be carried out before any transaction, account opening, or business relationship; before a transaction at or above the prescribed threshold; before any domestic or international fund transfer; where there is doubt about previously obtained identification data; and where there is suspicion of money laundering or terrorist financing.
CDD measures must include identifying and verifying the customer using reliable and independent sources; obtaining information on the purpose and nature of the business relationship; identifying and verifying the beneficial owner; and understanding the ownership and control structure. Where these CDD obligations cannot be fulfilled, the reporting organization must refrain from carrying out or terminate the relevant activities and report such circumstances to the Financial Intelligence Unit (“FIU”).
C. Enhanced Due Diligence (EDD)
Where a high level of money laundering risk is identified, reporting organizations must apply enhanced due diligence measures proportionate to the level of risk and determine whether transactions or activities are normal or suspicious. In particular, when dealing with individuals, companies, or financial institutions from countries or regions identified by the Financial Action Task Force (“FATF“) as high-risk or under increased monitoring, enhanced due diligence and appropriate countermeasures in line with FATF recommendations must be applied.
In addition, prior to introducing new products, new business practices, new delivery mechanisms, or new or developing technologies, whether related to new or existing products, a reporting organization must identify and assess the associated risks of money laundering, terrorist financing, and proliferation financing and must implement appropriate measures to manage and mitigate such risks.
D. Politically Exposed Persons (PEPs)
Reporting organizations must establish risk-based systems to determine whether a customer or beneficial owner is a Politically Exposed Person (“PEP“). AML Law distinguishes between Foreign PEPs, Domestic PEPs, and International PEPs, and imposes the following requirements:
- Foreign PEPs: Senior management approval is required before establishing or continuing a business relationship, reasonable measures must be taken to establish the source of wealth and funds, and ongoing enhanced due diligence must be conducted.
- Domestic and International PEPs: Where a high risk is identified, the same enhanced measures applicable to Foreign PEPs apply.
E. Suspicious Transaction Reporting (STR)
Where a reporting organization suspects, or has reasonable grounds to suspect, that any transaction, money, or property constitutes proceeds of crime or is related to terrorist financing, it must prepare and submit a suspicious transaction report to the FIU without delay. This obligation applies to both completed and attempted transactions, regardless of the amount involved.
Importantly, lawyers, notaries public, and independent legal professionals are not required to report information obtained in circumstances involving the determination of a client’s legal position, including the provision of legal advice or representation in legal proceedings. However, such professionals remain obligated to report to the FIU any information relating to transactions carried out for or on behalf of their clients that falls outside this exemption.
F. Record-Keeping
Reporting organizations must retain: CDD and beneficial ownership records for at least five years after termination of the business relationship; records of domestic and international transactions for at least five years after the transaction; copies of reports submitted to the FIU for at least five years from the date of reporting; and risk assessment records for at least five years from completion or last update.
G. Internal Controls and Compliance Officer
A reporting organization must appoint a compliance officer at senior management level. Internal controls must include: CDD measures, ongoing due diligence, transaction monitoring, and reporting obligations; employee integrity screening procedures; ongoing AML/CFT training programs; and independent audit functions to test compliance effectiveness.
H. Prohibition on Shell Banks and Anonymous Accounts
A reporting organization must not open, maintain, or operate accounts using anonymous, fictitious, unidentifiable, or false names. No person may operate a shell bank within Myanmar, and no bank or financial institution may establish or maintain business relationships with a shell bank or allow its accounts to be used by a shell bank.
I. Cross-Border Currency Declarations
Any person entering or leaving the country who carries currency, bearer negotiable instruments, precious stones, or metals at or above the prescribed threshold must make a declaration to the Customs Department. Items not declared or falsely declared shall be seized.
4. KEY PENALTIES AT A GLANCE
The table below provides an overview of key offences and the corresponding penalties for individuals and corporates.
| Offence | Individual Penalty | Corporate Penalty |
|---|---|---|
| Money laundering conviction | Imprisonment 1–5 years, or fine MMK 50–100 million, or both | Fine MMK 200–500 million |
| Beneficial owner convicted of money laundering | Imprisonment 6 months–2 years, or fine MMK 100–300 million, or both | Not separately specified |
| Aiding or abetting money laundering / attempted money laundering | Same as ML offence / up to half the maximum imprisonment, or fine, or both | Same as principal offence where applicable |
| Bank responsible person — CDD /compliance violations | Imprisonment 6 months–1 year, or fine up to MMK 200 million, or both | Bank fined up to MMK 500 million |
| Financial institution responsible person — CDD/compliance violations | Imprisonment 6 months–1 year, or fine up to MMK 100 million, or both | Institution fined up to MMK 300 million |
| DNFBP responsible person — CDD/compliance violations | Imprisonment 6 months–1 year, or fine up to MMK 100 million, or both | DNFBP fined up to MMK 200 million |
| Shell bank operation or unauthorized DNFBP activities | Imprisonment 6 months–2 years, or fine up to MMK 300 million, or both | Fine up to MMK 500 million |
| Bank/financial institution — failure to report to FIU | Imprisonment 6 months–2 years, or fine MMK 50–100 million, or both | Fine up to MMK 500 million |
| Failure to declare / false declaration at border | Imprisonment 6 months–1 year, or fine up to MMK 100 million, or both | Fine up to MMK 300 million; currency/instruments confiscated |
| Confidentiality violations | Imprisonment 6 months–1 year, or fine up to MMK 100 million, or both | Not separately specified |
| General non-compliance with rules/regulations/directives | Fine up to MMK 100 million | Fine up to MMK 300 million |
Upon conviction for any offence under this Law, the court shall order confiscation as State property of all proceeds of crime, instrumentalities, and related evidential materials.
5. COMPLIANCE ASSESSMENT SUMMARY
The table below outlines the key compliance areas, corresponding requirements, and applicable parties under AML Law.
| Compliance Area | Key Requirement | Applicable Parties |
|---|---|---|
| Account Opening | No anonymous, fictitious, or false names | All Reporting Organizations |
| Risk Assessment | Written, updated, available ML/TF/PF risk assessments | All Reporting Organizations |
| CDD | Customer identification, beneficial ownership, purpose of relationship | All Reporting Organizations |
| Enhanced CDD | Senior management approval, source of funds/wealth verification, ongoing monitoring | Foreign PEPs; high-risk Domestic/ International PEPs; FATF high-risk jurisdictions |
| Ongoing Monitoring | Transaction consistency with customer profile; source of funds verification | All Reporting Organizations |
| STR Filing | File immediately for suspected ML/TF regardless of amount | All Reporting Organizations |
| Threshold Reporting | Report when transactions meet or exceed prescribed thresholds | Banks, Financial Institutions |
| Record-Keeping | Minimum 5 years for all CDD, transaction, and reporting records | All Reporting Organizations |
| Compliance Officer | Senior management-level appointment mandatory | All Reporting Organizations |
| Internal Controls | Policies, procedures, training, independent audit | All Reporting Organizations |
| Correspondent Banking | Senior management approval, AML/CFT assessment, CDD on foreign institutions | Banks and Financial Institutions |
| Wire Transfers | Full originator and beneficiary information required throughout payment chain | Banks and Financial Institutions |
| Shell Banks | Complete prohibition on operation, relationship establishment, and use of accounts | All Banks and Financial Institutions |
| Cross-Border Declaration | Declaration required at or above prescribed threshold | All persons entering/leaving Myanmar |
| Confidentiality | No disclosure of STRs or reporter identity without court authorization | All persons |
6. KEY ACTIONS FOR COMPLIANCE
In light of the new Law, reporting organizations should consider the following actions as a matter of priority:
- Review and update existing AML/CFT policies, procedures, and internal controls to ensure alignment with the requirements of AML Law.
- Conduct or refresh risk assessments covering money laundering, terrorist financing, and proliferation financing risks.
- Ensure that customer due diligence procedures, including enhanced due diligence for PEPs and high-risk jurisdictions are compliant with AML Law.
- Verify that a compliance officer has been appointed at senior management level with appropriate authority and access to relevant records.
- Assess whether new products, business practices, or technologies require risk assessments prior to launch.
- Review record-keeping practices to confirm that all required records are retained for the minimum five-year period.
The information provided here is for information purposes only and is not intended to constitute legal advice. Legal advice should be obtained from qualified legal counsel for all specific situations.
DFDL offers expert Compliance and Investigations solutions across 10 ASEAN jurisdictions. Learn more about our Myanmar office.
