Our Expert in Malaysia
Last updated: 12 May 2026
Malaysia corporate criminal liability is entering a new era. The Criminal Law Reform Committee convened in 2026 has placed a suite of far-reaching proposals on the table, from dedicated AI and deepfake offences to a structural separation of the Attorney General’s advisory and prosecutorial functions, and every one of them has direct consequences for how companies, directors and compliance teams manage regulatory risk. At the same time, existing enforcement under the Malaysian Anti-Corruption Commission Act 2009 (MACC Act), anti-money laundering legislation and whistleblower protection statutes continues to intensify, with regulatory enforcement in Malaysia now extending well beyond traditional bribery cases into financial crime, digital misconduct and corporate governance failures.
This guide provides a practical, step-by-step compliance playbook designed for in-house counsel, company directors and risk teams that need to act now, before the reforms are finalised and penalties crystallise.
The Criminal Law Reform Committee was constituted with a broad mandate to modernise Malaysia’s criminal-law framework for the digital economy and to address long-standing structural concerns within the prosecution service. Industry observers expect the committee’s recommendations, once gazetted, to represent the most significant overhaul of corporate-facing criminal law since Section 17A of the MACC Act came into force on 1 June 2020. Below is a summary of the headline proposals and their business impact.
| Phase | Expected Activity | Business Implication |
|---|---|---|
| Q1 2026 | Criminal Law Reform Committee formed; National Criminal Law Conference convened | Signals government intent, boards should begin gap analyses immediately |
| Q2–Q3 2026 | Public consultation on draft proposals (AI offences, prosecutorial reforms, corporate misconduct measures) | Window for industry submissions; compliance teams should prepare position papers |
| Q4 2026 – Q1 2027 | Anticipated tabling of amendment bills in Parliament | Final compliance adjustments; training roll-out for staff and directors |
| 2027 onward | Phased commencement of new provisions | Enforcement begins; adequate-procedures defences must already be in place |
The proposals that carry the most immediate weight for Malaysia corporate criminal liability fall into four clusters. Each requires a different operational response from affected entities.
MACC Act compliance is the single most critical area of exposure for Malaysian companies and their directors. Section 17A of the MACC Act introduced corporate liability for corruption offences committed by persons associated with a commercial organisation, shifting the burden to the organisation to prove it had adequate procedures in place to prevent the offence. The 2026 reform proposals signal that this burden is likely to become heavier.
Under Section 17A, a commercial organisation commits an offence if a person associated with it, including employees, agents, subsidiaries and joint-venture partners, corruptly gives, agrees to give or offers any gratification to obtain or retain business or an advantage for the organisation. The organisation is presumed liable unless it can demonstrate that it had adequate procedures in place to prevent the conduct. “Adequate procedures” are assessed against guidelines issued by the Prime Minister’s Office, which emphasise top-level commitment, risk assessment, internal controls, due diligence and periodic review. Conviction carries a fine of not less than ten times the value of the gratification or RM 1 million (whichever is higher), or imprisonment of up to twenty years, or both.
For a commercial organisation, the fine provision is the primary sanction; however, individual officers can face imprisonment.
The practical challenge for many companies is demonstrating that their procedures are not merely documented but genuinely implemented and effective. Regulatory enforcement in Malaysia has shown that paper-only compliance programmes do not satisfy the evidentiary standard. The Reform Committee’s proposals are widely expected to tighten the definition of “adequate procedures” further, requiring demonstrable testing, monitoring data and independent audits.
Director liability in Malaysia already extends beyond the corporate veil in corruption matters. Under the MACC Act, directors and senior officers who consent to, connive in or fail to exercise due diligence to prevent a corruption offence can face personal criminal liability. The 2026 proposals, if enacted, would expand the categories of director-level offences and potentially lower the threshold of culpable knowledge required.
Director-level duties, governance checklist:
When MACC initiates contact, whether through a formal notice, a dawn raid or an informal request for documents, the organisation’s first steps are decisive. Disclosure obligations in Malaysia require careful navigation to avoid obstruction charges while preserving legal professional privilege.
Anti-money laundering and counter-financing of terrorism (AML/CFT) obligations intersect directly with Malaysia corporate criminal liability. Under the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA), both reporting institutions and their officers face criminal penalties for failures in suspicious-transaction reporting, customer due diligence and record-keeping. Bank Negara Malaysia (BNM) is the primary supervisor for financial institutions, while other designated regulators oversee reporting obligations for non-financial sectors.
| Entity Type | AML/CFT Reporting Obligations (Typical Regulator) | Recommended Immediate Action (First 30 Days) |
|---|---|---|
| Banking and financial services | STR/CTR reporting to Bank Negara Malaysia; enhanced CDD; PEP screening | External AML review; update transaction-monitoring rules; board briefing |
| Non-financial businesses (property, legal, corporate services) | Suspicious transaction reporting where applicable; beneficial ownership compliance | Map high-risk products; run beneficial ownership audit; staff training |
| Multinational corporate groups | Local STR/CTR obligations plus cross-border data sharing risks | Centralised escalation protocol; legal privilege mapping; coordinate with local counsel |
A common compliance gap is the disconnect between AML monitoring and internal-investigation functions. When transaction-monitoring systems flag suspicious activity, the escalation pathway should lead directly to both the compliance officer and external legal counsel, not only to the line manager. Companies should ensure that STR filing decisions are documented with legal reasoning, that filing timelines are tracked against BNM deadlines, and that the investigation file is maintained under privilege where possible. AML Malaysia obligations also require that compliance officers have direct, unimpeded access to the board for escalation of material concerns, without requiring approval from the CEO or CFO.
The 2026 reform proposals are expected to reinforce this reporting independence with potential criminal penalties for senior officers who obstruct internal AML escalation.
Whistleblower protection in Malaysia is primarily governed by the Whistleblower Protection Act 2010, which provides legal protections against detrimental action for persons who disclose improper conduct to enforcement agencies. The 2026 reform proposals are expected to widen the scope of protected disclosures and strengthen the penalties for retaliatory action, reflecting international best practice endorsed by the UNODC in its guidance on liability of legal persons.
Companies must understand the three tiers of disclosure and the legal implications of each:
Every organisation subject to Malaysia corporate criminal liability risk should maintain a whistleblower policy that includes the following elements:
Among the most widely discussed proposals from the 2026 Criminal Law Reform Committee are new criminal provisions targeting the creation, distribution and use of AI-generated deepfakes and digitally manipulated evidence. While the precise statutory language remains under consultation, early indications suggest that the offences will cover the fabrication or material alteration of audio, video or documentary evidence by means of artificial intelligence, as well as the use of synthetic media to impersonate a person for the purpose of fraud, defamation or interference with legal proceedings.
Boards should be asking the following questions now:
When MACC, Royal Malaysia Customs, the Inland Revenue Board (IRB) or the Royal Malaysia Police initiates a corporate investigation, the quality of the organisation’s response in the first hours determines its legal exposure for months or years to come. Below is a time-ordered checklist that compliance teams and directors should rehearse before an investigation materialises.
| Timeframe | Priority Actions | Responsible Party |
|---|---|---|
| First 72 hours | Activate crisis-response protocol; engage external legal counsel; issue litigation-hold notice; document all officer interactions; assess privilege over key documents; notify board chair | General Counsel / external lawyers / compliance officer |
| Days 4–14 | Conduct preliminary internal fact-finding (under privilege); appoint forensic accountant or digital-forensics team if required; prepare board briefing paper; assess regulatory-notification obligations (MACC, BNM, SC); manage internal communications to employees | Investigation committee / board / external counsel |
| Weeks 3–12 | Complete internal investigation report; make regulatory disclosures as required; cooperate with enforcement agency under legal guidance; review and update compliance programme in light of findings; prepare external communications strategy if public disclosure is likely | Board / external counsel / PR advisors / compliance team |
Key privilege considerations: In Malaysia, legal professional privilege protects communications between a client and an advocate and solicitor made for the purpose of obtaining or giving legal advice. Privilege does not protect documents or communications created in furtherance of a criminal purpose. Companies should ensure that all internal-investigation interviews are conducted under the supervision of external counsel, with clear privilege markers on all communications. If the investigation involves potential self-reporting to MACC, the decision to disclose should be made by the board on legal advice, balancing the benefits of cooperation (potential mitigation of penalties) against the risks of premature disclosure.
Preserving evidence integrity is paramount. Any destruction, alteration or concealment of documents after the organisation becomes aware of an investigation, or reasonably suspects one, can constitute obstruction of justice and compound the organisation’s criminal exposure significantly.
Operationalising the guidance in this article requires documented, board-approved tools that compliance teams can deploy immediately. The following resources support effective Malaysia corporate criminal liability management:
Organisations seeking tailored versions of these templates, adapted to their sector, size and risk profile, should engage specialist white-collar and compliance counsel with experience in Malaysian regulatory enforcement. Find lawyers in Malaysia through the Global Law Experts directory.
The 2026 reform proposals represent a step-change in Malaysia corporate criminal liability. Companies that wait for final legislation before updating their compliance frameworks risk being caught unprepared, with inadequate defences, untested investigation protocols and exposure to new categories of offence that did not exist when their current policies were written. The priority roadmap for boards and compliance teams is clear: audit existing anti-corruption adequate procedures against the incoming standards; stress-test AML controls and reporting workflows; formalise whistleblower channels with proper safeguards; address AI and deepfake risks before the new offences commence; and rehearse investigation-response protocols so that the first 72 hours of any regulatory inquiry are managed with precision.
Regulatory enforcement in Malaysia is intensifying across every relevant agency, and the organisations that act now will be in the strongest position to defend themselves, and their directors, when the new framework takes effect.
This article was produced by Global Law Experts. For specialist advice on this topic, contact Xavier Joachim at Xavier & Koh Partnership, a member of the Global Law Experts network.
posted 3 minutes ago
posted 21 minutes ago
posted 26 minutes ago
posted 45 minutes ago
posted 49 minutes ago
posted 1 hour ago
posted 2 hours ago
posted 2 hours ago
posted 2 hours ago
posted 2 hours ago
posted 2 hours ago
posted 2 hours ago
Find the right Advisory Expert for your business
Sign up for the latest advisor briefings and news within Global Advisory Experts’ community, as well as a whole host of features, editorial and conference updates direct to your email inbox.
Naturally you can unsubscribe at any time.
Global Law Experts is dedicated to providing exceptional legal services to clients around the world. With a vast network of highly skilled and experienced lawyers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.
Global Advisory Experts is dedicated to providing exceptional advisory services to clients around the world. With a vast network of highly skilled and experienced advisors, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.
Send welcome message
