Board Liability Of Malaysian Subsidiary Directors In 2026 – The Limits Of HQ Control And The Risk Of Shadow Directorship

Under Malaysian law, directors of a company owe statutory and fiduciary duties directly to that company, regardless of group structure or foreign parent involvement. For multinational groups operating through Malaysian subsidiaries, this remains a recurring compliance risk. Instructions, approvals or policies issued by overseas headquarters do not relieve Malaysian directors of personal liability under the Companies Act 2016, and in some circumstances may expose individuals at HQ to additional risk as shadow directors.

As groups refresh governance frameworks for 2026, it is timely to revisit how Malaysian law treats board responsibility, particularly in the context of centralised decision-making and cross-border control.

Directors' duties under Malaysian law remain personal and non-delegable

The Companies Act 2016 imposes core duties on directors, including duties to act in good faith in the best interests of the company, to exercise reasonable care, skill and diligence and to ensure compliance with statutory and regulatory requirements. These duties are owed to the Malaysian company itself and cannot be displaced by group reporting lines or internal approval structures.

From a legal perspective, it is irrelevant that a decision originates from, or is approved by, a foreign parent company. Malaysian regulators and courts focus on whether the director exercised independent judgment and fulfilled statutory obligations in relation to the Malaysian entity.

Common areas where liability arises include:

• approval of financial statements and solvency declarations;
• regulatory filings and representations made to authorities;
• employment and termination decisions implemented locally; and
• operational or compliance sign-offs where the Malaysian company is the regulated party.

Reliance on group instructions or policies is not, in itself, a defence to a breach of duty.

The compliance limits of HQ approvals and group policies

European and multinational groups frequently operate with sophisticated governance frameworks designed to centralise risk management. While these frameworks may be effective in other jurisdictions, they can create unintended exposure in Malaysia if applied without adaptation.

In practice, problems arise where:

• local boards treat HQ approvals as determinative rather than advisory;
• group policies are implemented without local legal assessment; or
• directors perceive their role as execution rather than decision-making.

From a Malaysian law perspective, such structures do not dilute responsibility. Instead, they may demonstrate a failure by directors to exercise independent judgment, particularly where board records do not evidence genuine consideration of the company's interests.

Shadow directors and de facto control under Malaysian law

An often-overlooked risk is that of shadow directorship. Malaysian law recognises that a person who is not formally appointed as a director may nevertheless be treated as one if the board is accustomed to act in accordance with that person's instructions or directions.

This risk commonly arises in multinational groups through:

• repeated instructions from HQ or regional executives that are treated as mandatory;
• informal veto rights exercised outside formal board processes; or
• approval structures that leave the local board with no real discretion.

Where shadow directorship is established, the individual concerned may be subject to similar duties and liabilities as an appointed director. From a compliance standpoint, this extends risk beyond the local board to certain individuals at HQ or regional level.

Matters that cannot be delegated to HQ

While consultation with HQ is legitimate and often necessary, Malaysian directors cannot delegate responsibility for their statutory duties. In particular, directors cannot:

• rely on foreign approvals as a substitute for independent consideration;
• abdicate responsibility on the basis that a decision is "group-mandated"; or
• assume that liability rests elsewhere because the commercial rationale was set outside Malaysia.

Ironically, governance structures designed to reduce risk through multiple layers of approval may increase exposure if they undermine the board's decision-making role.

Practical compliance considerations for multinational groups

From a legal risk management perspective, multinational groups operating in Malaysia should consider:

• ensuring that delegations of authority preserve genuine board discretion;
• documenting board deliberations to evidence independent judgment;
• allowing flexibility in group policies to accommodate local legal requirements; and
• clearly distinguishing between oversight, consultation and control.

These measures are not intended to weaken group governance, but to align it with Malaysian legal realities and reduce the risk of unintended liability.

Conclusion

For Malaysian subsidiaries, board liability remains personal, local and non-delegable, regardless of the sophistication of group governance frameworks. As enforcement expectations continue to evolve, early clarification of the boundaries between HQ oversight and local board responsibility is an important component of cross-border compliance in 2026.

Addressing these issues through governance design, rather than after-the-fact remediation, remains the most effective way to manage director and group-level risk.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.