As ASEAN accelerates toward real-time, cross-border payment interoperability, regulators across the region are confronting a less visible but equally consequential challenge: how to supervise financial flows that move faster than traditional oversight frameworks were designed to handle. Malaysia’s experience with DuitNow-linked corridors and its involvement in Project Nexus place Bank Negara Malaysia at the centre of a regional regulatory recalibration unfolding in early 2026.
Instant payment systems were initially conceived as domestic infrastructure, designed to modernise retail payments and reduce reliance on cash. Their extension across borders has transformed them into instruments of regional financial integration. This evolution brings efficiency gains, but it also compresses the time available for regulatory intervention, risk detection, and enforcement. For central banks accustomed to batch reporting and delayed settlement visibility, real-time payments require real-time supervision.
Malaysia’s regulatory approach offers insight into how this transition is being managed. Bank Negara Malaysia has consistently emphasised technology-neutral regulation, applying the same prudential and conduct standards to cross-border DuitNow transactions as to domestic ones. In practice, however, cross-border interoperability introduces additional layers of complexity. Transactions may be initiated in one jurisdiction, cleared through shared infrastructure, and settled across different legal and supervisory regimes. Accountability becomes less straightforward.
Project Nexus is intended to address some of these challenges through standardisation. By creating a multilateral framework for connecting domestic instant payment systems, Nexus aims to reduce fragmentation and improve oversight consistency. Standardised messaging formats, harmonised technical protocols, and shared governance principles are central to this vision. But, standardisation does not eliminate regulatory divergence. Each participating central bank retains authority over its domestic institutions, creating a networked rather than unified supervisory environment.
One of the most pressing regulatory concerns is anti-money laundering and counter-terrorism financing compliance. Instant cross-border payments reduce friction not only for legitimate users but also for illicit actors seeking speed and anonymity. Malaysian regulators have responded by reinforcing risk-based transaction monitoring and customer due diligence requirements. However, differences in national AML thresholds and enforcement practices complicate cross-border alignment. A transaction deemed low-risk in one jurisdiction may trigger enhanced scrutiny in another.
Data sharing is another sensitive area. Effective supervision of interoperable payments requires timely access to transaction data across borders. However, data localisation laws, privacy frameworks, and cybersecurity considerations vary widely across ASEAN. Malaysia permits regulated sharing under defined conditions, but scaling this approach multilaterally requires robust legal agreements and trust among regulators. Without seamless data flows, the promise of real-time oversight risks becoming aspirational rather than operational.
Operational resilience has emerged as a parallel regulatory priority. Instant payment systems operate continuously, leaving little margin for error. A disruption in one market can cascade rapidly across connected systems. Bank Negara Malaysia has emphasised stress testing, redundancy, and incident response planning as prerequisites for deeper interoperability. These requirements extend beyond banks to payment service providers and fintech intermediaries that increasingly sit at critical points in the transaction chain.
The regulatory burden on smaller institutions is also under scrutiny. While large banks possess the resources to invest in advanced monitoring and compliance infrastructure, smaller payment providers may struggle to meet escalating expectations. This raises the risk of market concentration, as compliance costs act as a barrier to entry. Regulators face a delicate balancing act between safeguarding the system and preserving competition.
International coordination adds another layer of complexity. ASEAN’s payment integration efforts operate alongside global initiatives led by the Bank for International Settlements and the Financial Stability Board. Aligning regional interoperability with global standards on cyber resilience, data governance, and operational risk is essential to avoid regulatory arbitrage. Malaysia’s participation in these forums positions it as both contributor and translator of global norms into regional practice.
It is clear that the regulatory conversation has shifted. The focus is no longer on whether cross-border instant payments should exist, but on how they can be governed without undermining financial stability. Speed has become the defining feature of modern payments, but supervision must keep pace without sacrificing rigour, says Fintrade Securities Corporation Ltd (FSCL).
Malaysia’s measured approach reflects this tension. Incremental expansion, extensive testing, and close coordination with regional peers have characterised its strategy. The next phase, however, marked by multilateral frameworks such as Nexus, will test whether this caution can coexist with ambition. Real-time interoperability demands regulators who are not merely responsive, but predictive.
In this emerging landscape, regulation itself is being reshaped by technology. Supervisory tools increasingly rely on automation, analytics, and continuous monitoring rather than retrospective reporting. For ASEAN central banks, the success of payment interoperability will depend not only on technical connectivity, but on the evolution of supervision at the same speed as money now moves across borders.