Corporate Governance for Private Companies

The management of a private company extends beyond day-to-day operations and revenue generation. Corporate governance becomes critical when there is growth, fundraising, acquisitions, shareholder exits, or succession planning.

Private companies generally enjoy more flexibility than public listed companies. Unlike public listed companies that are required to comply with the Malaysian Code on Corporate Governance (“MCCG”) issued by the Securities Commission Malaysia, the Companies Act 2016 (“CA 2016”) establishes the minimum governance framework and requirements that private companies must comply. Clean corporate records, proper decision-making, and safeguards against abuse of power remain essential. That said, private companies are always encouraged (but not obliged) to adopt the requirements in the MCCG as a yardstick to strengthen corporate governance.

(1) When directors are also shareholders: where the main governance risk lies

Many private companies are owner-managed, which means that the directors and shareholders of the company are the same persons. While it is not illegal for a owner-managed company, the real risk arises when decisions are made informally, conflicts are not openly managed, and minority shareholders are more often left out of any decisions made by the company.

To avoid abuse of power by directors of companies in Malaysia, the Companies Act 2016 imposes certain requirements and obligations on the directors in managing the company. Directors must act for a proper purpose, in good faith and in the best interest of the company[1], and they must exercise reasonable care, skill and diligence[2].

The law also recognises the business judgment rule, which generally protects directors who make business judgement decisions honestly, without material personal interest, on an informed basis, and with a reasonable belief that the decision is in the company’s best interest[3].

Directors may delegate their duties and powers to their subordinates, but they remain responsible and accountable for the actions of their subordinates[4]. Nominee directors likewise still owe their duties to the company, not simply to the shareholder who appointed them[5].

Directors and officers are also prohibited from any improper use of company property, information, position or corporate opportunities for their personal gain[6].

The Companies Act 2016 also contains specific safeguards for situations of conflict of interest and major transactions. A director who has a direct or indirect interest in a contract or proposed contract with the company must declare that interest to the board[7]. Generally, a director of a private company is permitted to vote on a contract or proposed contract notwithstanding that director may have an interest in the contract, save and except where the company concerned is a public company or a subsidiary of a public company[8].

Companies in Malaysia are also generally prohibited from giving out loans to directors or persons connected to directors, and also prohibited from providing any security or acting as a guarantor for a loan taken out by directors or persons connected to directors[9]. 

In addition, shareholders’ approval is also required for substantial acquisitions or disposals of property of the company[10], and for related party transaction of a requisite value between the company and its shareholders, directors and persons connected to shareholders and directors[11].

(2) Constitution: optional on paper, but powerful in practice

The constitution of a company is arguably the most useful governance document for proper check and balances on the directors in managing the company. This is especially true where there are multiple shareholders, family members, incoming investors or succession-planning issues.

Under the Companies Act 2016, it is not mandatory for a private company to adopt a constitution but a private may opt to adopt a constitution by passing a shareholders’ special resolution. If a constitution is adopted, the provisions, mechanisms and safeguards contained in the constitution becomes binding on the company, its directors and shareholders.

A well-drafted constitution is useful for matters such as:

(a) Reserved matters which are selected important matters of the company which require approval from the shareholders;

(b) Share transfer restrictions;

(c) Pre-emption rights to the allotment of new shares by the company;

(d) Appointment and removal of director;

(e) Quorum and voting thresholds at both board and shareholders levels;

(f) Deadlock procedures;

(g) Conflict of interest safeguards, particular where a director has a personal interest in a particular matter or contract in respect of the company;

(h) Information rights to the shareholders to obtain information pertaining to the company;

(i) Dividend policy.

However, it is important to note that the provisions in the Companies Act 2016 provide minimum safeguards to the relevant stakeholders of a company in Malaysia. Any provisions in the constitution of the company must not fall below the minimum safeguards accorded under the Companies Act 2016. Of course, if a company wishes to impose more safeguards to its relevant stakeholders, such company is welcome to do so.

(3) Beneficial ownership: knowing who really owns or controls the company

Corporate governance today is not just about the shareholders or directors who appear on record. It is also about identifying the natural person who ultimately owns or controls the company.

The Companies Act 2016 now contains a dedicated beneficial ownership regime where disclosure is required to be made to the Companies Commission of Malaysia (“SSM”)[12].

A “beneficial owner” is a natural person who ultimately owns or controls the company, including a person who exercises ultimate effective control. Companies are required to keep a register of beneficial owners with the particulars of the beneficial owners and submit the said register to SSM including any changes thereto. Beneficial owners themselves have a duty to notify the company and update changes.

Under the Guidelines for the Reporting Framework for Beneficial Ownership of Companies  issued by SSM dated 1 April 2024 (Revised on 10 January 2025), the following group of persons are regarded as “beneficial owner” for the purposes of Companies Act 2016:

(a) a person (or a group of persons with joint interests or joint agreements) who holds directly or indirectly in not less than 20% of the shares of the company;

(b) a person (or a group of persons with joint interests or joint agreements) who holds directly or indirectly in not less than 20% of the voting shares of the company;

(c) a person who has the right to exercise ultimate effective control whether formal or informal over the company or the directors or the management of the company; or

(d) a person has the right to exercise ultimate effective control whether formal or informal over the company or the directors or the management of the company;

(4) Ongoing compliance: annual returns, financial statements and audit position

Routine compliance is part of governance as well.

A private company must lodge its annual return with the Registrar not later than 30 days from the anniversary of its incorporation date for each calendar year[13].

A private company must also lodge its financial statements and reports with the Registrar within 30 days after those documents are circulated to the shareholders[14]. Private companies are required to circulate their financial statements and reports to their shareholders within 6 months from the financial year end.

On auditing the accounts of a private company, the default position under the Companies Act 2016 is that every private company must appoint an auditor for each financial year. However, SSM may exempt certain qualifying private companies from audit based on the prescribed criteria by SSM[15].

(5)  Money matters: financial assistance and dividends

(a)    Financial assistance

As a general rule, a company is prohibited from granting financial assistance (loan, guarantee or security), directly or indirectly, for the purpose of acquiring its own shares or the shares of its holding company[16], unless the exceptions under the Companies Act 2016 apply.

This issue commonly arises in shareholder exits, management buyouts, intra-group support, guarantees and security arrangements to help fund share acquisition[17].

(b)    Dividends

Distributions of dividends to shareholders can only be carried out by a solvent company[18] and shall only be made out of profits available for distribution[19].

Before making a distribution of dividends, the directors must authorise the distribution and be satisfied that the company is solvent i.e. the company will be able to pay its debts as they fall due within the 12 months immediately after the distribution.

If a distribution of dividend is made in contravention of the Companies Act 2016, the company may, in some cases, recover the excess from the shareholder, and directors authorising such unlawful distribution may also face penalty/liability.

(6) Beyond the Companies Act 2016: industry-specific compliance applies

The requirements under the Companies Act 2016 are the corporate baseline, but governance of a private company does not stop there. Depending on the business of the company, industry licensing and sectoral requirements can be just as critical to corporate operations and risk management.

For example, private companies in the construction industry may be subject to licensing requirements and guidelines issued by the Construction Industry Development Board Malaysia, and private companies in the medical and pharmaceutical industry may be subject to licensing requirements and guidelines issued by relevant authorities including the Ministry of Health Malaysia and the National Pharmaceutical Regulatory Agency (under the Ministry of Health Malaysia).

For regulated business industries, corporate governance works best when corporate filings, operational licences, and internal compliance responsibilities are tracked together. A simple compliance map, reviewed periodically, usually goes a long way in preventing gaps.

Recommended governance measures for private companies

The Malaysian Code on Corporate Governance (“MCCG”), issued by the Securities Commission Malaysia, is a best-practice code that sets out corporate governance principles and recommended practices in Malaysia, together with intended outcomes and guidance to encourage stronger governance standards.

Although the MCCG is targeted primarily at public listed companies, many of its principles translate well into private company best practices, particularly around board oversight, disclosure discipline, and embedding a healthy governance culture:

• Private companies should consider adopting or updating its constitution that clearly sets out governance controls as suggested above.

• Where there are investors or family stakeholders, it is also sensible to build in agreed ownership and control features, such as pre-emption rights, tag-along and drag-along rights, and exit mechanisms, so expectations are set upfront and applied consistently.

• Decision-making should be supported by proper documentation, including board resolutions, written members’ resolutions where applicable, minutes, and approval papers for major contracts, so there is a clear audit trail showing authority, approvals and rationale.

• Directors should operate under a clear code of conduct that addresses conflicts of interest, gifts and benefits, use of confidential company information, and the handling of related party or connected person transactions, which are common flashpoints in private companies.

• Statutory records should be maintained as a matter of discipline, including an accurate register of members and up-to-date beneficial ownership records, since these are frequently scrutinised during disputes, fundraising and due diligence.

• Finally, companies benefit from implementing a clear signing and approval matrix that is consistently followed across the organisation, so execution of documents aligns with internal authority limits and statutory execution requirements.

By : Jeremiah Gurusamy, Danny Khoo Yih Xiang, Zulaikha Zaidi & Sree Sudaarshan

June 2026

[1] Section 213(1) Companies Act 2016

[2] Section 213(2) Companies Act 2016

[3] Section 214(1) Companies Act 2016

[4] Section 216(1) & (2) Companies Act 2016

[5] Section 217 Companies Act 2016

[6] Section 218 Companies Act 2016

[7] Section 221 Companies Act 2016

[8] Section 221(1) & (2) Companies Act 2016

[9] Section 224 & Section 225 Companies Act 2016

[10] Section 223 Companies Act 2016

[11] Section 228 Companies Act 2016

[12] Division 8A of the Companies Act 2016

[13] Section 68 of the Companies Act 2016

[14] Section 259 of the Companies Act 2016

[15] SSM’s Practice Directive 10/2024

[16] Section 123 Companies Act 2016

[17] Section 125 and Section 126 Companies Act 2016

[18] Section 132 Companies Act 2016

[19] Section 131 Companies Act 2016