Corporate Liability Protection: Advanced Strategies for High-Risk Industries in Malaysia

Corporate liability protection has become increasingly critical as we’ve observed a dramatic shift in regulatory enforcement among Malaysian businesses. For example, OSHA violations now attract fines of up to RM500,000 and imprisonment of up to 2 years.

Directors now carry personal liability under multiple statutes, with the Environmental Quality Act amendments introducing fines up to RM10 million and mandatory imprisonment terms.

The Malaysian government’s heightened enforcement signals its evolution toward first-world regulatory standards. It demonstrates a commitment to United Nations Convention against Corruption (UNCAC) compliance and proactive responses to international business expectations.

While foreign investors accustomed to less stringent environments may find these standards rigorous for an emerging economy, Malaysia’s approach positions it alongside developed economies in terms of governance quality.

High-risk sectors receive particular attention: oil and gas companies must operate under sophisticated Petroliam Nasional Berhad (PETRONAS) oversight, construction firms must address safety performance metrics, and manufacturing entities must meet international supply chain standards.

InCorp has guided numerous Malaysian and foreign companies through these evolving standards, helping them build protection frameworks that exceed compliance requirements while creating operational advantages. Our clients consistently report that thoughtful liability strategies attract premium investors and partners who value governance excellence.

This article reveals our proven methodologies for constructing multi-layered defences, from strategic corporate structuring and technology-driven compliance to comprehensive insurance architectures, equipping readers to reframe regulatory requirements into competitive strengths.

Corporate Liability Protection: Identifying High-Risk Industries in Malaysia and Their Key Exposures

In Malaysia, industries are classified as high-risk when several factors merge: operational danger, exposure to enforcement, complexity of compliance, and the potential for serious financial or reputational harm. Multiple regulators routinely monitor these sectors and face layered liabilities, both statutory and commercial.

The main sectors include:

• Oil and Gas: Environmental liabilities, hazardous operations, and procurement-linked corruption continue to be significant risks. Offshore projects, ageing infrastructure, and decommissioning obligations heighten scrutiny. The upcoming CCUS Bill introduces new obligations around carbon storage and licensing.
• Construction: The industry records high rates of site diseases, accidents, and fatalities, confirmed in this assessment of ISO 45001 implementation. The MEX II project also illustrates corruption risks in infrastructure procurement.
• Manufacturing: Frequent occupational health claims are documented in government-linked disease data for the manufacturing sector. Pollution enforcement also continues in the chemical and industrial sectors, while allegations of forced labour in glove exports affect global market access.
• Finance and Professional Services: Bank Negara Malaysia’s (Malaysia’s central bank) 2024 risk assessment highlights persistent AML/CFT exposure in the sector.
• Technology and Healthcare: A Federal Court ruling in 2024 confirmed hospitals’ non-delegable duty of care for consultant negligence, which raises liability for private providers across Malaysia.

In our experience, sector-specific knowledge is critical to designing effective protection measures, as misjudging the risk profile can have lasting consequences for businesses of almost all types.

Read more: Navigating Malaysian Corporate Banking Compliance

The Changing Legal Framework: New Corporate Liability Risks in Malaysia

We’ve seen Malaysia’s corporate liability environment evolve significantly in recent years, creating fresh exposure points for businesses in high-risk sectors. Recent legislative amendments and judicial decisions have changed the risk equation entirely, meaning businesses now need sophisticated protection strategies from companies and their leadership teams.

Corporate Liability Under the Companies Act 2016

Malaysian corporate law builds upon the doctrine of separate legal personality, established through the landmark Salomon v Salomon case. This principle creates a legal shield between companies and their shareholders or directors.

Malaysian courts, do however, have the authority to “pierce the corporate veil” in exceptional circumstances involving fraud or when statutory provisions explicitly allow such action.

Section 213 of the Companies Act 2016 levies duties on directors: acting in good faith for proper purposes in the company’s best interests, and exercising reasonable care, skill, and diligence.

Deemed Personal Liability: The Reverse Burden of Proof

One potentially troubling development is the accumulation of “deemed liability” provisions across multiple statutes, which shift the burden of proof onto company leadership. These provisions create automatic personal liability unless directors can prove their innocence.

Section 17A of the Malaysian Anti-Corruption Commission Act 2009 specifies corporate liability for corruption committed by “associated persons” since June 2020. Directors and senior management are seen as personally liable unless they can prove the offence occurred without their knowledge or consent.

Penalties include fines of at least ten times the gratification value or RM1 million, plus potential imprisonment up to 20 years.

As covered in the introduction, recent amendments to the Occupational Safety and Health (Amendment) Act 2022, effective June 2024, expanded OSHA’s scope to cover nearly all workplaces. General duty failures now attract fines up to RM500,000 (previously RM50,000) and imprisonment up to two years.

Landmark Judicial Developments and Emerging Risks

The aforementioned February 2024 Siow Ching Yee v Columbia Asia Sdn Bhd ruling makes hospitals personally liable for consultant doctors’ negligence, even when doctors operate as independent contractors.

New liability categories continue emerging. The Cybersecurity Act 2024 sets cybersecurity obligations for National Critical Information Infrastructure entities, with failures attracting fines of up to RM500,000, imprisonment for up to 10 years, or both.

The Personal Data Protection (Amendment) Act 2024 increases penalties to RM1 million maximum fines as well as up to 3 years imprisonment, or both.

Watch: Unlock the Power of E‑Invoicing: A Beginner’s Guide to Compliance and Efficiency

Strategic Corporate Structuring for Risk Isolation in Malaysia

Smart corporate structuring should always be the very first thought when it comes to advanced liability protection, allowing businesses to segregate risks and shield assets. Malaysia offers several vehicles, each with specific legal implications and suitability for different operational contexts, especially within high-risk industries.

Subsidiary and Holding Company Structures in Malaysia

The main advantage of holding subsidiary structures in Malaysia comes from applying the separate legal personality doctrine. In this case, a parent company is generally not liable for the debts, obligations, or tortious acts of its properly constituted and independently managed subsidiary.

This means that high-risk projects, specific operational divisions, or ventures in volatile markets can be housed within separate subsidiaries, isolating potential liabilities from the parent company and other group entities.

PETRONAS is a prime example of this approach, operating through numerous subsidiaries and joint ventures to manage diverse global operations across upstream, midstream, and downstream sectors. This structure allows compartmentalisation of risks associated with its specific projects, geographical regions, or distinct business activities.

For example, Petronas Carigali handles exploration and production, Petronas Dagangan manages retail operations, while Petronas Chemicals focuses on petrochemicals.

To maintain the protection of the corporate veil, subsidiaries need to operate with provable operational and financial independence. This means maintaining separate books of account, distinct management, commitment to corporate formalities, and avoiding situations where the subsidiary can be seen as simply an agent of the parent.

Special Purpose Vehicles

SPVs are legal entities created for specific, narrowly defined objectives, mainly to isolate financial and legal risks from the parent company. A well-structured SPV achieves “bankruptcy remoteness”, which means that if the parent becomes insolvent, the SPV and its assets remain protected from the parent’s creditors.

SPVs are extensively used in Malaysia for large-scale project finance deals, especially in infrastructure projects, like the East Coast Rail Link and Pan Borneo Highway, and power generation ventures.

The SPV typically owns project assets, enters into project agreements, and secures financing on a non-recourse basis, meaning lenders’ claims are limited to the SPV’s assets and cash flows.

Limited Liability Partnerships and Joint Ventures in Malaysia

LLPs offer a hybrid structure combining operational flexibility with limited liability protection. Partners are generally not personally liable for the LLP’s debts beyond their agreed capital contribution.

The Limited Liability Partnerships (Amendment) Act 2024 introduces beneficial ownership reporting requirements, enhancing transparency while still maintaining liability protection.

Joint ventures (JVs), on the other hand, allow multiple parties to collaborate on specific projects while sharing risks, rewards, and expertise. They can be structured contractually or through separate legal entities. Using incorporated JVs provides limited liability benefits for partners regarding the JV entity’s activities.

The choice of corporate structure requires careful consideration based on industry type, risk nature, operational scale, and long-term strategic objectives.

Suggested Insurance and Risk Transfer Solutions in Malaysia

In our experience, a well-constructed insurance programme transfers financial risk associated with various potential liabilities. With that being said, high-risk industries require tailored insurance suites addressing their unique exposures.

Directors and Officers Liability Insurance

Directors and Officers Liability Insurance (D&O) insurance protects directors and officers from personal financial loss stemming from claims alleging “wrongful acts” committed in their normal managerial capacity. Coverage includes legal defence costs, settlements, and damages awarded against insured individuals.

From our client engagements, we’ve seen that D&O insurance becomes valuable when company indemnification is unavailable due to insolvency, change in control, or legal restrictions in derivative lawsuits. As an example, the PETRONAS Group maintains D&O liability insurance for directors and officers across its subsidiaries, showing a group-wide approach to managing leadership liabilities.

We should note that regulatory investigations emerge as the primary concern in Asia, alongside employment practices disputes and shareholder lawsuits alleging mismanagement, showing the importance of D&O insurance.

Specialised Coverage for High-Risk Industries

A more recent recommendation would be Environmental Impairment Liability (EIL) insurance for pollution incidents, including remediation costs, third-party claims, and business interruption losses.

With heightened penalties under the amended Environmental Quality Act 2024, EIL insurance proves valuable for manufacturing, oil and gas, and construction sectors.

Finally, professional indemnity insurance protects against negligence claims for service providers, while cyber insurance addresses internet-based risks and data breaches. The escalating cyber threats in Malaysia, coupled with stringent PDPA 2024 requirements, make cyber coverage even more valuable.

Captive Insurance Arrangements

Captive insurers are wholly owned insurance companies established by non-insurance companies to insure the risks of their parent companies. Benefits include coverage for unique risks, cost control, direct reinsurance access, and improved cash flow.

Labuan serves as a prominent captive insurance hub in Asia, offering structures including pure captives and Protected Cell Companies.

Future-Proofing Against Emerging Risks in Malaysia

From our advisory work with Malaysian corporations, we’ve identified several emerging liability areas that demand proactive attention. Our experience demonstrates that businesses must adapt quickly to new regulatory requirements and market expectations to avoid costly exposure.

ESG-Related Liabilities

In recent years, we’ve observed rising scrutiny around Environmental, Social, and Governance practices with our client base. Bursa Malaysia’s mandatory sustainability reporting requirements create potential “greenwashing” liabilities for misleading disclosures. Our team advises that directors may face personal liability for failing to adequately manage material climate-related risks under their Section 213 duties.

We also strongly recommend developing ESG governance structures, conducting thorough materiality assessments, and creating transparent stakeholder engagement processes.

Read more: Navigating the Path to ESG Compliance in Malaysia for Sustainability

Technology and Data Protection

Our work reveals growing complexity around data protection compliance. As mentioned earlier,  the PDPA 2024 amendments introduce mandatory breach notification requirements and raise penalties to RM1 million maximum fines. The Cybersecurity Act 2024 also imposes strict obligations on National Critical Information Infrastructure entities within eleven sectors.

Our specialists recommend deploying automated compliance monitoring systems and Regulatory Technology solutions to manage these ever-changing requirements efficiently.

Supply Chain and Human Rights Risks

We’ve seen rising international scrutiny of Malaysian companies’ supply chains, particularly around forced labour allegations.

Our guidance includes deploying blockchain solutions for supply chain transparency, conducting regular supplier audits, and creating grievance mechanisms for workers within the supply chain to meet international market access requirements.

Where to Next with InCorp

Malaysia’s liability environment is evolving at breakneck speed, making traditional basic statutory compliance insufficient. Businesses now require robust corporate liability protection to navigate challenges such as deemed liability provisions that reverse the burden of proof.

They must also address emerging ESG and cybersecurity requirements. High-risk sectors, in particular, face unprecedented exposure levels.

Our experience working with Malaysian corporations shows that successful liability protection requires a multi-layered approach: strategic corporate structuring, custom insurance programmes, and proactive compliance systems. The companies that thrive anticipate regulatory changes rather than react to them.

At InCorp, we’ve helped hundreds of Malaysian businesses design and deploy advanced liability protection strategies suited to their specific industries and risk profiles.

Our team understands the nuances of Malaysian corporate law, the practical challenges of operating in high-risk sectors, and the most workable methods for minimising exposure with operational flexibility.

Contact InCorp today to schedule a confidential assessment of your current liability protection arrangements. Let our specialists help you build a defence strategy that protects your business, your assets, and your future.

About In.Corp Global Malaysia
In.Corp Global Malaysia, an Ascentium Company, is a trusted corporate service provider offering end-to-end business solutions, including company incorporation, compliance, accounting, taxation, and ESG advisory. With deep local expertise and a strong regional network, we help businesses navigate Malaysia’s evolving regulatory landscape. Contact us to learn more.