EuroCham Malaysia Post: Board Liability in Malaysia in 2026 – What European HQs Still Get Wrong

As EuroCham Malaysia’s Legal Knowledge Partner for Malaysia, Aqran Vijandran regularly shares practical legal insights for boards, managing directors, in-house counsel and compliance leaders. This article addresses board liability and what European HQs should consider in Malaysia: as European groups enter their first board cycles of 2026, many are refreshing governance frameworks, delegations of authority and compliance controls across Asia. For Malaysian subsidiaries, this annual reset is also when a persistent risk quietly resurfaces – the assumption that European group approvals, policies or instructions can shield local directors from personal liability.

They cannot.

In Malaysia, board liability remains local, personal and non-delegable. Alignment with European HQ is not only possible, but necessary – however, when governance models designed for EU legal systems are applied without adaptation, they can unintentionally increase exposure for both Malaysian directors and the group itself.

Why European governance models break down at Malaysian subsidiary level

Most European multinationals operate with sophisticated, centralised governance structures. Group legal and compliance teams set standards, issue policies and require approvals to ensure consistency and risk control across jurisdictions.

These models work well in Europe. The difficulty arises when they are assumed to operate in the same way under Malaysian company law.

A common (and understandable) assumption is that:

• decisions approved by HQ,
• actions required under group policy, or
• instructions from regional or functional leadership

reduce or even eliminate risk for local directors.

Under Malaysian law, this assumption does not hold. Following HQ instructions is not a defence to a breach of directors’ duties. In some cases, it can actually make matters worse. We wrote on this topic before, discussing specifically the interaction between group instruction and Malaysian board discretion.

Where board liability actually arises under Malaysian law

Directors of a Malaysian company owe their duties to that company – not to the group, the parent entity or a regional headquarters.

In practical terms, this means:

• statutory duties remain personal, even where decisions are driven by group requirements;
• approval chains do not dilute responsibility; and
• accountability cannot be outsourced upwards.

Liability commonly crystallises in areas that European HQs often treat as procedural or administrative, including:

• approval of financial statements and solvency positions;
• regulatory filings and representations to authorities;
• employment and termination decisions implemented locally; and
• sign-offs on data, operational or compliance matters where the local entity is the regulated party.

From a Malaysian perspective, the question is not who instructed the decision, but whether the director exercised independent judgment in the interests of the Malaysian company. For greater detail on this topic, see our earlier post on core statutory responsibilities that Malaysian directors must observe.

Shadow director risk – when HQ involvement crosses the line

One area that European groups often underestimate is shadow director or de facto control risk.

In simple terms, a person who is not formally appointed as a director can still be treated as one if the board is accustomed to acting on that person’s instructions or directions.

This risk most often arises unintentionally, through:

• repeated “guidance” from HQ that is treated as mandatory;
• informal vetoes exercised by regional or functional heads;
• approval structures that leave local boards with no real discretion; or
• performance pressure linked to compliance with HQ instructions rather than local assessment.

From a governance perspective, the issue is not collaboration or consultation – both are legitimate and expected. The risk emerges when influence becomes control, and when the local board’s role is reduced to implementation rather than decision-making.

What Malaysian directors cannot delegate upwards

Certain responsibilities remain with the Malaysian board regardless of how sophisticated the group framework may be.

In practice, Malaysian directors cannot:

• rely on HQ approval as a substitute for their own consideration;
• treat group policy as automatically determinative of local action;
• abdicate responsibility for decisions simply because they originate outside Malaysia; or
• assume that “group-mandated” actions fall outside their statutory duties.

Paradoxically, approval structures that are designed to reduce risk – such as mandatory HQ sign-off – can increase exposure if they undermine the appearance or reality of independent judgment at board level.

The distinction between consultation and control is therefore critical.

What sophisticated European groups are doing differently in 2026

Well-run European groups are not disengaging from their Malaysian subsidiaries. Instead, they are refining governance design to reflect local legal realities.

Common features include:

• clearly documented delegations of authority that preserve board discretion;
• board minutes that evidence genuine consideration, not mere ratification;
• group policies that allow for local adaptation where legally required;
• explicit role separation between oversight and decision-making; and
• targeted onboarding and training for directors appointed from Europe.

The objective is not to weaken group control, but to structure it in a way that protects both the individual director and the group. See our earlier post generally discussing risk-alignment principles across Malaysian operations.

A governance issue best addressed early in the year

Misalignment between European HQ expectations and Malaysian board obligations rarely causes immediate problems. The risk tends to surface later – during regulatory engagement, disputes or internal investigations – when governance assumptions are tested under Malaysian law.

For many groups, early-year board and compliance resets are the right moment to ensure that alignment is real, not just assumed.

Clear structure at the outset is usually far more effective than remedial explanations after the fact.