More than 1.6 million entities sit in Malaysia’s Suruhanjaya Syarikat Malaysia (SSM) register. Every Sdn. Bhd., Bhd., or LLP incorporated in the country begins life with a record there.
For KYB checks, that register is the primary source. When a merchant claims Malaysian incorporation, auditors usually expect the trail to lead back to SSM itself, not to a cached dataset copied somewhere else. The practical question then becomes straightforward: what actually comes back from the registry when you query it?
What SSM e‑Info actually returns
SSM e‑Info exposes the core company profile maintained by the registrar. Through OpenRegistry’s MCP server, those upstream fields appear intact inside jurisdiction_data. They are not renamed. They are not flattened.
A typical profile response contains the identifiers used during onboarding checks. Common fields include:
-
companyNo– the SSM registration number -
companyName– the registered legal name -
companyStatus– values such as EXISTING, DISSOLVED, or WINDING UP -
companyType– the entity form, for example PRIVATE LIMITED or PUBLIC LIMITED -
incorporationDate– the official incorporation date
Address information usually appears in the same payload. Many SSM profiles include a registeredAddress value. Business activity descriptions often appear as well, commonly aligned with Malaysian Standard Industrial Classification (MSIC) codes.
Officer data tends to follow next in a KYB workflow. Director records are returned through the officers endpoint. The registry output normally contains the director’s name, an identification reference, and the appointment date. Those values also remain inside jurisdiction_data. The original registry structure stays visible.
Shareholding data exists in SSM filings. Access is uneven. A profile response does not always return a full shareholder table as structured data. Malaysian company law requires disclosure of share capital and shareholders through statutory filings. In practice the registry output may instead point to filings where that information sits.
That distinction matters during an audit. Each field originates from the registry of incorporation. OpenRegistry passes through the values returned by SSM rather than rewriting them.
What you will not get from SSM
SSM e‑Info is not a beneficial ownership register. Malaysia introduced beneficial ownership reporting through amendments to the Companies Act 2016, followed by the later BO framework. Access to those records is limited to competent authorities.
A public query will not return UBO information. If a KYB workflow requires beneficial ownership, teams usually reconstruct it from shareholder filings, director relationships, or documents provided during onboarding.
Historical coverage varies too. Some filings can be downloaded directly through SSM services. Others appear only as references inside the company profile. Compliance teams often begin with the profile. After that, they decide whether a document retrieval step is necessary.
Sanctions screening sits outside the registry entirely. SSM confirms legal existence and corporate structure. It does not report sanctions exposure or watchlist matches. Those checks remain part of the screening layer in a compliance pipeline.
Querying SSM through OpenRegistry MCP
OpenRegistry exposes the Malaysian register through the same MCP interface used for other supported jurisdictions. The server currently connects to 27 national company registries.
Most KYB flows begin with a search. The assistant calls search_companies using either the company name or a known registration number.
Example tool call:
search_companies({
"jurisdiction": "MY",
"query": "Grab Holdings"
})
The response returns candidate matches together with registry identifiers. In Malaysian records, the SSM registration number should be treated as the canonical key.
With that number, the company profile endpoint returns the registry record.
get_company_profile({
"jurisdiction": "MY",
"company_number": "201401032123"
})
The response contains the incorporation date, registry status, registered address, and related fields placed inside jurisdiction_data. Many compliance systems store those raw values directly in the KYB audit log. Later, a regulator can reproduce the exact lookup.
Officer verification often follows.
get_officers({
"jurisdiction": "MY",
"company_number": "201401032123"
})
The call returns the individuals listed as directors or officers. Compliance tools usually pass those names into sanctions and adverse‑media screening.
If filings are required, the workflow can list them first.
list_filings({
"jurisdiction": "MY",
"company_number": "201401032123"
})
Where documents are available, fetch_document retrieves the file referenced by the registry.
Why Malaysian registry access matters in KYB
Malaysia appears regularly in onboarding pipelines for marketplaces and payment platforms operating across ASEAN. A merchant might incorporate locally while selling into several neighbouring markets.
The first control is registry verification. Systems need to confirm the company exists. They also check the registered legal name and identify the directors authorised to act for it.
Direct registry access removes a common audit problem. Aggregated databases often trail the SSM register by weeks. Sometimes months. During a regulatory review the question becomes simple: what did the registry show at the moment you approved the merchant?
A direct query answers that immediately. The onboarding system can store the SSM response payload alongside the timestamp of the check.
The Malaysian register also becomes useful when investigators trace corporate chains. A holding company in Malaysia may sit above subsidiaries in Singapore or Hong Kong. Following that trail means pulling records from each jurisdiction’s own register.
OpenRegistry exposes SSM e‑Info through MCP so assistants and compliance systems can run those checks against the live source. Connection details and documentation are available at https://openregistry.sophymarine.com.
Top comments (0)