Chapter 9: Startup Resources & Detailed Budget
⚠️ All figures are order-of-magnitude estimates (2026) for planning, not quotes. FX at USD 1 ≈ RM 4.7. Real costs swing widely with team size, build/buy choice and vendor negotiation. Get a final budget from local advisors and vendors.
9.1 First, separate the three kinds of “money”
People conflate these three and badly underestimate. They stack:
RM 5M shareholders' funds
(must hold, can't spend)"] --> Total[Total startup cash need] B["2) One-time startup spend
(licence/legal/systems/audit)"] --> Total C["3) Recurring operating burn
(team/vendors/compliance/bank)
x at least 12-24 months"] --> Total
| Category | Nature | Magnitude |
|---|---|---|
| (1) Locked regulatory capital | Net assets you must hold, not an expense | RM 5M |
| (2) One-time startup spend | Spent before/around the application, non-recoverable | RM 2M – 8M+ |
| (3) Recurring operating burn | Monthly fixed × months of runway | RM 0.6M – 2M / month |
Bottom line: to go from zero to robust operations, prepared cash is usually RM 15M – 30M+ (tens of millions), including the locked RM 5M and 12–24 months of runway.
9.2 People: headcount & salaries
A DAX is both compliance- and tech-intensive. Below is a lean but passable startup org (~18–30 people) with Malaysian monthly salary magnitudes (MYR/month, gross, excl. EPF/SOCSO and bonus).
Management & compliance (non-negotiable)
| Role | Count | Salary (RM/mo) | Note |
|---|---|---|---|
| CEO / MD | 1 | 25,000 – 50,000+ | Finance/tech background, fit & proper |
| CTO | 1 | 20,000 – 40,000 | Tech & security lead |
| CFO | 1 | 18,000 – 35,000 | Capital maintenance, reporting |
| Head of Compliance | 1 | 12,000 – 25,000 | Required, SC liaison |
| AMLCO/MLRO | 1 | 10,000 – 20,000 | Required, dedicated, local |
| In-house legal | 1 | 12,000 – 25,000 | Or outsource to a firm |
| Risk management | 1 | 8,000 – 16,000 | Market/operational risk |
| Internal audit | 1 | 8,000 – 15,000 | Can outsource initially |
Technology & security
| Role | Count | Salary (RM/mo) |
|---|---|---|
| Backend (matching/ledger/API) | 3–5 | 8,000 – 18,000 |
| Frontend/mobile | 2–3 | 7,000 – 15,000 |
| Security engineer | 1–2 | 10,000 – 20,000 |
| DevOps / SRE | 1–2 | 9,000 – 18,000 |
| Blockchain/wallet | 1–2 | 10,000 – 20,000 |
| QA | 1–2 | 6,000 – 12,000 |
Operations & support
| Role | Count | Salary (RM/mo) |
|---|---|---|
| KYC / onboarding review | 2–4 | 4,000 – 8,000 |
| Transaction monitoring / risk ops | 2–3 | 5,000 – 10,000 |
| Customer support | 2–4 | 3,000 – 6,000 |
| Finance/accounting | 1–2 | 6,000 – 12,000 |
| Marketing/BD | 1–2 | 6,000 – 14,000 |
Payroll summary
- Lean team (~20): monthly payroll ≈ RM 0.3M – 0.5M.
- With EPF/SOCSO/EIS (employer ~+13–14%), bonus, recruiting, fully-loaded ≈ payroll × 1.4.
- Annualized people cost ≈ RM 6M – 9M / year.
💡 You can outsource audit, some legal and marketing early to cut fixed costs — but Head of Compliance, AMLCO, security and core backend must be in-house and dedicated.
9.3 Technology: build vs buy (white-label)
The biggest fork — it drives both time and cost.
but full control/customizable] White --> W1[Fast/cheap/but vendor-bound
licence often needs control of code & data] Hybrid --> H1[The realistic choice for most]
Option A: white-label / buy
| Type | Example vendors (do your own DD) | Magnitude |
|---|---|---|
| Full exchange white-label | AlphaPoint, B2Broker/B2Trader, ChainUP, Shift Markets, HollaEx, Antier | Setup USD 50k–500k+ (RM 235k–2.35M), + monthly/rev-share |
| Monthly licence/maintenance | as above | USD 3,000–20,000/mo (RM 14k–94k/mo) |
Option B: full build
- Matching, ledger, wallet, risk — all in-house.
- Needs a strong 10+ engineer team for 12–18 months.
- Cost is mostly people (9.2) + infrastructure; total easily into the millions of RM, but with full control of assets and data (easier to pass review, easier to customize).
Key vendors (needed whether you build or buy)
| Type | Vendors (examples) | Magnitude |
|---|---|---|
| Custody / MPC wallet | Fireblocks, Copper, BitGo | Platform fee USD 5k–20k+/mo (RM 24k–94k/mo), or by AUC |
| KYC / identity | Sumsub, Jumio, Onfido | USD 1–3/verification (RM 5–14) + platform fee |
| AML / sanctions screening | ComplyAdvantage, Refinitiv | USD 2k–10k/mo (RM 9k–47k/mo) |
| Blockchain analytics | Chainalysis, Elliptic, TRM | USD 20k–100k+/yr (RM 94k–470k/yr) |
| Cloud | AWS / GCP | USD 5k–30k/mo (RM 24k–140k/mo), grows with scale |
| HSM | AWS CloudHSM / Thales / Utimaco | CloudHSM ≈ USD 1,500/mo/unit (RM 7k/mo); physical USD 20k–50k one-off |
| DDoS / WAF / CDN | Cloudflare etc. | USD 500–5k/mo (RM 2k–24k/mo) |
| SIEM / monitoring | Commercial or self-hosted | USD 1k–8k/mo (RM 5k–38k/mo) |
Technology cost summary (excl. in-house engineering payroll)
- One-time: white-label setup / initial infra ≈ RM 0.5M – 3M.
- Recurring: vendors + cloud + custody ≈ RM 0.15M – 0.4M / month.
9.4 Compliance, legal & audit resources
| Item | Nature | Magnitude (RM) |
|---|---|---|
| Application legal counsel (CMSA/SC specialists) | One-time | 0.5M – 1.5M+ |
| Compliance build advisory (AML policy, risk assessment) | One-time | 0.2M – 0.6M |
| Third-party pen-test / security audit (often multiple rounds) | One-time/yr | USD 10k–50k (RM 50k–235k), stacked |
| Smart-contract/wallet code audit | As needed | USD 10k–50k/round |
| Statutory audit (annual) | Recurring | 50k – 200k / yr |
| Company secretary | Recurring | 10k – 50k / yr |
| Tax advisor | Recurring | 50k – 150k / yr |
| SC application/licence fees | One-time | Per latest SC schedule |
9.5 Banking, insurance & other
| Item | Magnitude (RM) | Note |
|---|---|---|
| Client trust account setup / bank DD support | Tens of thousands+ | Hard to open; needs time and legal support |
| Cyber/crime/custody insurance | Premium by coverage, often 1–3%/yr of coverage | Crypto crime cover is costly and hard to buy |
| D&O insurance | Tens of thousands+/yr | Protects the fit-and-proper team |
| Office lease + fit-out (KL) | RM 10k–50k/mo + one-off fit-out | Real local office required |
| Admin / IT / misc | Tens of thousands/mo | Equipment, software, travel |
9.6 Doing the math: Year-1 cash need (example)
Illustrative lean scenario (white-label + ~20 people).
One-time startup spend (Year-0/1)
| Item | Estimate (RM) |
|---|---|
| Legal + compliance advisors | 0.8M – 2M |
| Tech build (white-label + infra + HSM) | 0.6M – 2.5M |
| Pen-test + security/code audit (multi-round) | 0.2M – 0.6M |
| Incorporation + governance + misc | 0.1M – 0.3M |
| SC application fees | Per SC |
| One-time subtotal | ≈ RM 1.7M – 5.4M |
Recurring monthly opex (post-launch)
| Item | Monthly (RM) |
|---|---|
| People (fully loaded, ~20) | 0.5M – 0.75M |
| Tech vendors + cloud + custody + KYC/AML tools | 0.15M – 0.4M |
| Banking/payments/compliance ops | 0.03M – 0.08M |
| Office + admin + insurance amortization | 0.05M – 0.15M |
| Monthly subtotal | ≈ RM 0.73M – 1.38M / month |
→ 12 months of burn ≈ RM 8.8M – 16.5M.
Year-1 total cash need
| Component | Estimate (RM) |
|---|---|
| (1) Locked regulatory capital | 5M |
| (2) One-time startup spend | 1.7M – 5.4M |
| (3) 12 months operating burn | 8.8M – 16.5M |
| Total cash to prepare | ≈ RM 15.5M – 26.9M |
In practice, most applicants prepare RM 20M – 30M+ to cover review delays (6–18 months with no revenue), supplementary filings, banking delays and the post-launch ramp.
⚠️ The table above does not yet include liquidity/market-making costs. A usable exchange needs order-book depth; market-making inventory (own capital) + market-maker fees raise the total materially. Including them, Year-1 total cash need is ≈ RM 18.5M – 37M+, with a prudent prep of RM 25M – 40M+. See Chapter 10: Liquidity Costs.
9.7 Three-year financial model (magnitude)
| Year | State | Cash-flow character |
|---|---|---|
| Year 1 | Applying + building, mostly no revenue | Pure burn, net outflow RM 10M – 20M |
| Year 2 | Live, users/volume ramping | Fee revenue starts, may still be loss-making |
| Year 3 | Scaling, aiming for break-even | Depends on volume and market share |
Revenue sources: trading fees (maker/taker), withdrawal fees, listing fees, market-making/value-add services, interest, etc. Profitability depends heavily on volume and market conditions — a bear market can mean prolonged losses.
9.8 Sources of funding
| Source | Fit | Note |
|---|---|---|
| Founder/shareholder funds | Most common, signals commitment | SC checks legality of source |
| Strategic / VC | Accelerates capital | Ownership traced by SC; UBO must be clear |
| Parent-group injection (existing finance group) | Best for the well-backed | Group credibility aids approval & banking |
⚠️ Whatever the source, the lawful origin of RM 5M shareholders’ funds must be provable, and maintained continuously — a hard SC check.
9.9 Resource checklist (people / tech / vendors / entity)
People
- CEO, CTO, CFO (fit & proper)
- Head of Compliance + AMLCO (dedicated, local)
- Security engineer + core backend/wallet engineers
- KYC/risk ops, support, finance teams
Technology
- Matching engine + ledger (white-label or build)
- Hot/cold wallets + MPC/multisig + HSM
- KYC/AML/sanctions/blockchain-analytics integration
- Cloud infra + WAF/DDoS + SIEM + monitoring
Vendor contracts
- Custodian (Fireblocks/Copper/BitGo type)
- KYC (Sumsub/Jumio) + AML (ComplyAdvantage) + analytics (Chainalysis)
- Pen-test / code audit firm
- Cyber/crime/D&O insurance
Entity & capital
- KL local office
- Local bank operating account + client trust account
- RM 5M shareholders’ funds (proof of source) + RM 10M+ operating buffer
9.10 One-line budget summary
| You need to prepare | Amount |
|---|---|
| Capital to hold | RM 5M |
| One-time startup spend | RM 1.7M – 5.4M |
| Monthly burn | RM 0.73M – 1.38M |
| Year-1 total cash need (excl. liquidity) | RM 15.5M – 26.9M |
| Prudent prep (incl. liquidity & buffer) | RM 25M – 40M+ |
➡️ Don’t forget the big one — liquidity: Chapter 10; for a downloadable budget table see Chapter 11.
🔙 Back to Overview | Previous Costs & Checklist