Liability of the CEO of a company in Malaysia

1) Can a CEO of a private company be personally liable for the acts/omission and / or obligations of the company?

The Companies Act 2016 does not define or recognise the position of a CEO. However, a CEO may fall within the definition of an “officer” under Section 2 of the Act, which includes any person concerned in the management of the company’s business other than a director and secretary. The CEO’s authority is derived from the employment contract, board resolutions, and delegated powers (sources of authority). A CEO also owes fiduciary duties applicable to an officer of a company, including duties of loyalty, good faith, and care. Accordingly, a CEO may be personally liable for the acts, omissions, and/or obligations of the company if he or she acts outside those sources of authority.

2) In which cases may a CEO incur civil liability in connection with performance or a failure to perform his duties?

A CEO may incur civil liability in the following circumstances:

1. breach of the employment contract;
2. breach of fiduciary duties under the Companies Act 2016, e.g., failure to act in good faith or in the best interests of the company;
3. misrepresentation or fraud;
4. negligence in making management decisions;
5. liabilities arising under the Companies Act 2016, e.g., making false or misleading statements;
6. wrongful conduct when the company is wound up, e.g., fraudulent trading or making preferential payments;
7. exceeding authority, e.g., signing contracts without proper authorisation;
8. breach of trust, confidentiality, or misuse of the company’s assets and information.

3) What violations may trigger administrative liability of a CEO as a company official?

As an “officer” of a company under the Companies Act 2016 and other applicable laws, a CEO may face administrative liability, including fines, reprimands, disqualification, or enforcement actions by regulators for any violations.

Such violations may include:

1. Statutory non-compliance, e.g., delays in filing annual returns or financial statements;
2. Making false or misleading statements in disclosures, reports, or filings;
3. Breach of Bursa Malaysia Listing Requirements or Securities Commission Malaysia regulations;
4. Breach of financial services laws, primarily the Financial Services Act 2013 and the Islamic Financial Services Act 2013;
5. False financial reporting or tax declarations;
6. Non-compliance with anti-money laundering laws (AMLA);
7. Non-compliance with employment and workplace laws;
8. Breach of environmental, licensing, or regulatory requirements.

4) Under what circumstances may a CEO face criminal liability?

A CEO, as an “officer” of a company, may face criminal liability where the essential criminal elements — actus reus and mens rea — are present in the commission of an offence. The former refers to the act or omission, while the latter refers to the requisite mental state.

Common offences for which a CEO may be held criminally liable include:

1. Offences under the Companies Act 2016, e.g., making or authorising false or misleading statements, fraudulent trading, etc.;
2. Offences under securities and capital market laws and regulations, primarily the Capital Markets and Services Act 2007;
3, Offences under financial services laws and regulations, primarily the Financial Services Act 2013;
4. Involvement in money laundering, contrary to the Anti-Money Laundering Act 2001;
5. Offences under the Penal Code, e.g., criminal breach of trust, cheating, forgery, etc.;
6. False financial reporting or tax declarations, contrary to the Income Tax Act 1967;
7. Specific statutory offences, including those relating to environmental laws, occupational safety, and consumer protection.

5) Can a CEO be held liable for the actions of subordinates, in particular, if he delegates a part of his authorities?

A person cannot be held liable for the acts of his or her subordinates solely by virtue of holding the position of CEO.

A CEO will only be liable if he or she:

1. authorised, directed, or approved the act;
2. knew or ought reasonably to have known of the misconduct;
3. is subject to liability imposed by statute on “officers responsible” (i.e. where a law (statute) specifically says that liability applies to certain individuals);
4. failed to exercise proper supervision or governance controls.

Notwithstanding any delegation of authority, a CEO will be unlikely to incur liability if he or she:

1. delegated responsibilities to competent person(s);
2. had a reasonable basis for relying on subordinates;
3. exercised proper control and reporting procedures;
4. monitored matters closely and actively;
5. remained alert to warning signs.

6) Does the business judgment rule apply to a CEO?

The business judgment rule is provided under Section 214 of the Companies Act 2016 and, strictly speaking, applies only to directors of a company. It does not apply to CEOs.

However, exceptions may arise where a CEO is also a director of the company, performs board functions delegated to him or her, or is regarded as a de facto director of the company.

7) Can a CEO be held liable for his actions or omission after termination of their office?

A CEO may still be held liable after the termination of office, provided the liability arises from acts, decisions, or omissions occurring during the CEO’s tenure.

Resignation brings future responsibilities to an end from the effective date of resignation but does not extinguish liability for prior wrongful acts.

8) Can a CEO’s liability be limited by an employment contract, articles of association or internal corporate documents?

No. Section 288 of the Companies Act 2016 expressly provides that any provision in a company’s constitution, contract, or internal document that purports to exempt an officer from liability for negligence, breach of duty, or breach of trust is void. Accordingly, a CEO cannot, in general, contract out of statutory or fiduciary responsibilities.

9) Is a CEO liable for failure to comply with the tax, accounting and other reporting requirements?

Yes. Malaysian law imposes statutory obligations on directors and officers to ensure compliance with reporting and regulatory requirements. 

This includes:

1. Accounting and financial reporting duties under Sections 245 and 248 of the Companies Act 2016; and
2. Tax-related liabilities under Sections 75(1)(a) and 75A of the Income Tax Act 1967.

10) What practical steps can a CEO take to mitigate the risks of his criminal, administrative and civil liability?

Practical mitigative steps:

1. Understand the legal rights, duties, and implications arising from the CEO position;

2. Remain fully informed of the terms and contents of the employment contract, board resolutions, and delegated powers (sources of authority) relating to the CEO position;

3. Obtain legal advice and develop a sound understanding of the Companies Act 2016, as well as relevant regulations and guidelines issued by the Companies Commission of Malaysia;

4. Obtain legal advice and familiarise oneself with other applicable laws and regulations relevant to the proper administration of the company;

5. Understand the expectations of the Board and the company’s substantial shareholders, and maintain good communication and a constructive relationship with them. Discuss and collectively set achievable targets for the company.

Authors: Wajdi bin Mohamad, Nur Fadhilah binti Dahlan