The Malaysian government is moving forward with a dedicated investigation to establish more robust safeguards for those affected by cybercrime, Datuk Seri Azalina Othman Said, Minister in the Prime Minister's Department (Law and Institutional Reform), announced at the National Cyber Security Summit (NCSS) 2026 in Putrajaya on July 7. The initiative reflects growing recognition that existing legal structures have fallen short in defending victim interests and facilitating the recovery of stolen funds in an increasingly digital threat landscape.

The Legal Affairs Division (BHEUU) is spearheading this comprehensive examination, which will assess how Malaysia can better support victims of online scams and other digital offences. Currently, the country's legislative approach, anchored primarily in the Penal Code and Criminal Procedure Code, concentrates heavily on prosecuting perpetrators while offering limited recourse for those who have suffered financial losses. Azalina acknowledged this imbalance, noting that many victims find themselves with few options beyond filing a report and often never recover their money. This gap represents a significant policy weakness that the government now seeks to address through systematic analysis.

One critical dimension of the study involves evaluating penalty structures deployed internationally. Singapore's approach, which incorporates caning as part of criminal sanctions for certain offences, contrasts sharply with Malaysia's existing framework of fines and imprisonment. By examining such comparative models, policymakers hope to determine whether Malaysia's sentencing regime adequately deters cybercriminals and whether additional punishment measures might prove effective. The minister indicated that strengthening penalties remains on the table as part of the broader protective agenda, though any changes would require careful consideration of constitutional and practical constraints.

A particularly significant aspect of the investigation concerns the viability of victim compensation schemes operated through banking channels. In the United Kingdom and Australia, financial institutions bear responsibility for reimbursing customers who fall victim to online fraud schemes, provided certain conditions are met. This model effectively distributes the cost of cybercrime beyond individual victims and encourages banks to implement stronger verification and fraud-detection protocols. Malaysia has not yet adopted such a mechanism, but Bank Negara Malaysia is reportedly considering the approach as part of the broader study. The potential introduction of mandatory bank-backed compensation could fundamentally alter the cost-benefit calculus for both victims and financial institutions in the domestic market.

The timing of this investigation proves significant for Malaysian policymakers. Online fraud cases have surged across the region in recent years, with scammers increasingly targeting vulnerable populations and deploying sophisticated social engineering tactics. Cybercriminal networks often operate across borders, complicating prosecution efforts and leaving victims with limited means of accessing justice or restitution. By undertaking this systematic review now, Malaysia positions itself ahead of potential legislative needs and can learn from mistakes made by countries that have already grappled with similar challenges.

Azalina stressed that the study will extend beyond penalty reform to encompass a comprehensive audit of victim protection mechanisms. This holistic approach recognises that effective victim support requires coordination across multiple fronts—legal, financial, and institutional. The investigation will examine not only how to recover lost funds but also how to provide psychological support, access to legal remedies, and pathways to restoring financial security. Such breadth indicates that policymakers view cybercrime victim protection as a systemic issue requiring integrated solutions rather than isolated legislative amendments.

The international comparison exercise embedded within this study holds particular value for Southeast Asia. Regional economies have experienced explosive growth in digital adoption and e-commerce, creating vast opportunities for legitimate commerce but also expanding the surface area for criminal exploitation. By studying approaches in the UK and Australia alongside those in Singapore, Malaysia can distil lessons applicable to its own institutional context and developmental stage. These insights could inform not only Malaysian policy but also broader regional discussions about harmonising cybercrime protections across ASEAN member states.

Beyond fund recovery and penalties, the study will investigate victim rights protections that have been implemented elsewhere. Many developed nations have established explicit legal rights for fraud victims, including entitlements to information about their cases, involvement in prosecutorial decisions, and access to victim advocacy services. Malaysia's current framework provides limited formal recognition of such rights. Incorporating victim-centred perspectives into criminal procedures could improve outcomes for affected individuals while also enhancing public confidence in the justice system's responsiveness to digital-age crime.

The absence of a fixed timeline for completing the study reflects the complexity and breadth of the investigation undertaken by BHEUU. Comprehensive legislative reform requires not only identifying best practices but also assessing their feasibility within Malaysia's legal tradition, budgetary constraints, and institutional capacity. Stakeholders from law enforcement, banking, consumer protection, and civil society will likely need to be consulted to ensure that any eventual recommendations enjoy broad support and can be effectively implemented across multiple agencies.

For Malaysian victims of cybercrime, this study represents potential relief on the horizon, though concrete changes may take considerable time to materialise. The government's commitment to examining both fund recovery mechanisms and penalty enhancement suggests a willingness to move beyond passive enforcement toward active victim support. As the BHEUU proceeds with its analysis, the outcomes could establish a model for victim-centric cybercrime policy that improves accountability, deters future offending, and restores public confidence in digital financial systems across the nation.