Corporate governance is the system of rules, practices, and processes by which a company is directed and controlled. In Malaysia, a robust governance framework has developed over the past two decades, shaped by the Securities Commission Malaysia, Bursa Malaysia, and the Companies Commission of Malaysia (SSM). Whether you are managing a private limited company (Sdn Bhd) or a publicly listed entity, understanding and implementing sound governance practices is no longer optional — it is a legal and commercial imperative that affects everything from regulatory compliance to investor confidence and long-term value creation.
This article examines the key governance frameworks applicable to Malaysian companies, the legal duties imposed on directors, and the practical steps businesses should take to build governance structures that satisfy regulators, protect stakeholders, and support sustainable growth.
The Malaysian Code on Corporate Governance (MCCG 2021)
The Malaysian Code on Corporate Governance, most recently revised in April 2021, is the primary governance reference for listed companies in Malaysia. Issued by the Securities Commission Malaysia, the MCCG 2021 adopts a comprehensive three-tier approach: Practices that companies should apply, an "apply or explain an alternative" mechanism for departures, and aspirational "Step Up" practices that represent the highest governance standards. Companies listed on Bursa Malaysia must disclose their application of each Practice in their annual Corporate Governance Report.
Key areas addressed by the MCCG 2021 include board leadership and effectiveness, audit and risk management, integrity in corporate reporting, and meaningful engagement with stakeholders. The Code places significant emphasis on board independence, diversity, and the quality of oversight exercised by the board over management. Companies that fail to apply a Practice must explain what alternative arrangement they have adopted and how it achieves the intended outcome — boilerplate or superficial explanations attract negative attention from regulators and institutional investors alike.
Director Duties Under the Companies Act 2016
Sections 213 to 218 of the Companies Act 2016 codify the duties that every director owes to the company. These statutory duties apply to directors of all Malaysian companies, whether listed or private. Section 213 imposes a duty to act in good faith and in the best interest of the company, requiring directors to consider the long-term consequences of their decisions. Section 214 requires directors to exercise reasonable care, skill, and diligence, measured against both an objective standard and the director's actual knowledge and expertise. Section 215 addresses the proper use of the director's position, prohibiting self-interested conduct. Section 216 restricts the improper use of information obtained by virtue of the director's office. Sections 217 and 218 govern the disclosure of interests in contracts and related party transactions.
Directors must also avoid conflicts of interest and disclose any personal interest in transactions involving the company. Breaches of these duties can result in personal liability, disqualification, and criminal penalties. The Companies Act 2016 also permits derivative actions by shareholders against directors who breach their duties, providing an important accountability mechanism.
Board Composition: Independence and Diversity
The composition of the board is a cornerstone of effective governance. The MCCG 2021 recommends that at least half of the board comprises independent directors. For Large Companies — defined as those on the FTSE Bursa Malaysia Top 100 Index or with a market capitalisation of RM 2 billion and above — the Code recommends that the majority of the board be independent. The Bursa Malaysia Main Market Listing Requirements mandate a minimum of two independent directors or one-third of the board, whichever is higher.
The MCCG 2021 also introduced a tenure limit of nine years for independent directors, after which a director should not continue in that capacity. If the board intends to retain an independent director beyond nine years, it must seek annual shareholder approval through a two-tier voting process. On board diversity, the Code recommends that boards comprise at least 30% women directors, a target that has been progressively adopted across listed companies. Companies are encouraged to develop and disclose a board diversity policy addressing gender, ethnicity, age, and professional background.
Bursa Malaysia Listing Requirements for Public Companies
Public companies listed on Bursa Malaysia are subject to extensive governance obligations under the Main Market and ACE Market Listing Requirements. These requirements mandate specific governance structures, including the establishment of an audit committee, timely disclosure of material information, compliance with accounting standards, and adherence to continuing disclosure obligations. Listed issuers must also comply with rules on dealings in listed securities by directors and principal officers, ensuring market integrity and preventing insider trading.
The Listing Requirements work in tandem with the MCCG 2021, creating a layered governance framework where the Listing Requirements set minimum mandatory standards and the MCCG provides aspirational best practices. Non-compliance with Listing Requirements can result in regulatory sanctions including public reprimands, fines, suspension, or delisting.
Audit Committee and Risk Management Frameworks
The Bursa Malaysia Listing Requirements mandate the establishment of an Audit Committee comprising at least three members, all of whom must be non-executive directors and a majority of whom must be independent. At least one member must be a qualified accountant or a person with sufficient financial expertise. The Audit Committee is responsible for overseeing financial reporting integrity, reviewing the external audit process, and monitoring internal controls.
Effective risk management is equally critical. The board should establish a Risk Management Committee or assign risk oversight responsibilities to an existing committee. The MCCG 2021 emphasises that the board must understand the principal risks facing the company and ensure that appropriate internal controls and risk mitigation measures are in place. This includes establishing a robust internal audit function that reports directly to the Audit Committee, independent of management influence.
Related Party Transactions and Conflict of Interest
Related party transactions (RPTs) are a significant governance concern in Malaysia, particularly given the prevalence of family-controlled and government-linked companies. The Bursa Malaysia Listing Requirements impose detailed disclosure and shareholder approval requirements for RPTs and recurrent RPTs. Directors and major shareholders with conflicting interests must abstain from voting on relevant resolutions. The MCCG 2021 further recommends that companies establish clear policies for identifying, evaluating, and approving RPTs to ensure they are conducted on arm's length terms and do not prejudice the interests of minority shareholders.
Securities Commission Malaysia Guidelines
The Securities Commission Malaysia plays a central regulatory role in corporate governance through its oversight of the capital markets. It issues guidelines on corporate governance, regulates takeovers and mergers under the Malaysian Code on Take-Overs and Mergers, and has enforcement powers to take action against directors and companies that breach securities laws. The Capital Markets and Services Act 2007 provides for civil and criminal sanctions, including fines and imprisonment, for breaches of disclosure obligations, insider trading, and market manipulation. The SC also administers the Lodge and Launch Framework for prospectuses and corporate proposals, ensuring that companies maintain transparency in their dealings with the investing public.
Anti-Corruption: Section 17A of the MACC Act
Section 17A of the Malaysian Anti-Corruption Commission Act 2009, which came into force on 1 June 2020, introduced a corporate liability provision that holds commercial organisations liable for corruption committed by persons associated with the organisation. The only defence available is to demonstrate that the organisation had "adequate procedures" in place to prevent corrupt conduct. The Prime Minister's Department has published Guidelines on Adequate Procedures, known as the T.R.U.S.T. principles: Top-level commitment, Risk assessment, Undertake control measures, Systematic review and monitoring, and Training and communication.
Companies should implement a comprehensive anti-corruption compliance programme that includes a clear anti-bribery policy, due diligence on third parties, training for employees and associates, confidential reporting channels, and regular programme reviews. Failure to establish adequate procedures exposes both the company and its directors to criminal liability, including fines and imprisonment.
Whistleblowing Framework and Internal Controls
A strong whistleblowing framework is an essential component of good governance. The Whistleblower Protection Act 2010 provides legal protection for individuals who report misconduct in the public and private sectors, shielding whistleblowers from civil and criminal liability and from detrimental action by their employers. Listed companies are required under the Bursa Malaysia Listing Requirements to establish whistleblowing policies and procedures. The MCCG 2021 recommends that companies make their whistleblowing policies publicly available and ensure that reports are investigated independently, with outcomes reported to the Audit Committee.
Internal controls should extend beyond financial controls to encompass operational, compliance, and information technology controls. The board is ultimately responsible for the adequacy and effectiveness of the company's internal control system and should receive regular reports from management and internal audit on the state of controls and any material weaknesses identified.
ESG Reporting and Sustainability Governance
Environmental, social, and governance (ESG) reporting has become a mandatory aspect of corporate disclosure for Malaysian listed companies. Bursa Malaysia's Enhanced Sustainability Reporting Framework, effective from financial years ending on or after 31 December 2024 for Main Market listed issuers, requires companies to report against prescribed sustainability matters aligned with internationally recognised frameworks. This includes climate-related disclosures aligned with the Task Force on Climate-related Financial Disclosures (TCFD) recommendations.
The board should establish a governance structure for sustainability, designating responsibility for ESG matters at the board level and integrating sustainability considerations into the company's strategy, risk management, and performance assessment. Companies that take a proactive approach to ESG governance are better positioned to attract institutional investment, manage regulatory risk, and build long-term resilience.
Private Companies (Sdn Bhd) vs Listed Companies
While the MCCG 2021 and Bursa Malaysia Listing Requirements apply primarily to publicly listed companies, private companies (Sdn Bhd) are not exempt from governance obligations. The Companies Act 2016 imposes the same statutory director duties on all companies. Private companies should establish clear governance frameworks proportionate to their size and complexity, including board charters, conflict of interest policies, proper record-keeping, and regular board meetings. The corporate liability provisions under Section 17A of the MACC Act apply equally to private companies, making anti-corruption compliance a universal requirement regardless of listing status.
For private companies preparing for an initial public offering (IPO) or seeking institutional investment, early adoption of governance best practices — including appointing independent directors, establishing audit and risk committees, and implementing whistleblowing mechanisms — can significantly smooth the transition and enhance investor confidence.
Annual General Meeting Requirements and Shareholder Rights
The Companies Act 2016 requires every company to hold its annual general meeting (AGM) within six months of its financial year-end. For listed companies, the AGM is a critical governance event where shareholders exercise their rights to approve financial statements, elect and re-elect directors, approve directors' fees, and appoint auditors. The MCCG 2021 encourages companies to leverage technology to facilitate broader shareholder participation and to provide shareholders with adequate time and information to make informed voting decisions. Shareholders holding at least 5% of voting rights may requisition an extraordinary general meeting, and minority shareholders are protected under the Companies Act 2016 against oppressive or unfairly prejudicial conduct by the majority.
Key Takeaways
- The MCCG 2021 sets the governance benchmark for listed companies through an "apply or explain an alternative" approach, with Step Up practices for aspirational standards. Boards should comprise at least 50% independent directors and target 30% women representation.
- Sections 213 to 218 of the Companies Act 2016 impose statutory duties on all directors — including those of private companies — covering good faith, care, skill, diligence, and avoidance of conflicts, with personal liability for breach.
- Section 17A of the MACC Act creates corporate liability for corruption, making anti-corruption compliance programmes based on the T.R.U.S.T. principles essential for both listed and private companies.
- ESG reporting is now mandatory for Main Market listed issuers under Bursa Malaysia's Enhanced Sustainability Reporting Framework, requiring board-level sustainability governance aligned with TCFD recommendations.
- Private companies (Sdn Bhd) should adopt proportionate governance frameworks early, particularly those preparing for an IPO or seeking institutional investment.
- Effective governance requires an integrated approach encompassing audit committee oversight, risk management, whistleblowing mechanisms, related party transaction controls, and meaningful shareholder engagement at AGMs.