What is “Piercing the Corporate Veil” under the Malaysian Company Law context?
SMEs, let’s delve into the complexities of “piercing the corporate veil” in the Malaysian company law, particularly in light of the Federal Court’s (FC) decision in Ong Leong Chiou & Anor v Keller (M) Sdn Bhd & Ors [2021] MLJU 393 which adopted the principles laid down by the UK Supreme Court (SC) in Prest v Prest and Others [2013] 4 All ER 673. The Foundation: Separate Legal Personality and Limited Liability This is the bedrock principle of our company law, that is: a company is a separate legal personality from its members, shielded by a “corporate veil.” This separation grants limited liability, meaning shareholders are generally not personally liable for the company’s debts. This concept, enshrined in Section 192(1) of the Companies Act 2016 fosters entrepreneurship by mitigating the risk of personal bankruptcy. However, this principle can be abused. To counter this, the doctrines of “lifting” and “piercing” the corporate veil have emerged: “Lifting” involves examining the corporate structure without disregarding its separate legal personality, “Piercing” entails disregarding this separation to hold individuals liable for misusing limited liability. The Uncertainty and the Need for Clarity There are historical ambiguity surrounding these doctrines due to inconsistent application and a lack of clear guidelines. This uncertainty has led to criticism of common law jurisprudence as “incoherent and unprincipled.” The Ong Leong Chiou (“OLC”) decision aims to provide clarity by aligning Malaysian law with the principles established in Prest. The Landmark Case: Salomon v. A Salomon & Co Ltd The seminal case of Salomon v. A Salomon & Co Ltd, has solidified the concept of separate legal personality. The House of Lords (HOL) in Salomon held that once a company is legally incorporated, it is an independent entity with its own rights and liabilities, irrespective of the motives of its founders. The UK SC in Prest sought to refine the doctrine of piercing the corporate veil. Lord Sumption introduced the “concealment” and “evasion” principles: Concealment Principle: This principle does not involve piercing the veil. Instead, it allows the courts to look behind the corporate structure to reveal the true actors where one or multiple companies are interposed to conceal their identities. Evasion Principle: This principle, a true instance of piercing the veil, applies when a person uses a company to evade an existing legal obligation or frustrate its enforcement. According to Lord Sumption, the evasion principle should be a “last resort” to be applied only when there is no other legal remedy available. This restrictive approach reflects the importance of upholding the principle of separate legal personality. Other justices in Prest though had differing views about the doctrine but generally agreed that if the veil were to be pierced, it should be done in highly exceptional circumstances. The Malaysian Application The OLC case has provided the Malaysian FC with an opportunity to apply the principles of Prest. The case involved a complex web of subcontracting agreements for a construction project, where a shelf company (PS Bina) was used to contract with Keller. The FC found that Tony Ong, the director of PS Bina, had made misrepresentations to induce Keller to enter into the contract, knowing that PS Bina had no assets and that the main contract did not provide for payment for certain works. The FC applied Lord Sumption’s analysis in Prest, (specifically the evasion principle) and found that Tony Ong had deliberately used PS Bina to evade his obligations to Keller, thus justifying piercing the corporate veil to hold him personally liable. Key Takeaways? The OLC decision solidifies the adoption of the Prest principles in Malaysian law, emphasizing a restrictive approach to piercing the corporate veil. The evasion principle is the primary basis for piercing the veil, applicable only when a company is used to evade an existing legal obligation and no other remedy is available. The courts will scrutinize the facts to determine whether a company has been used for improper purposes, such as fraud or misrepresentation. The courts are very reluctant to pierce the corporate veil, and it is a last resort. The legal separation of a company and its owners is still a very strong legal concept. In conclusion, the FC in OLC has provided clarity and consistency to the application of the doctrine of piercing the corporate veil.
Are interest free advances/loans really interest-free?
Unmasking the Hidden Costs Behind ‘Interest-Free’ Loans in Light of Federal Court Ruling. It is human nature to get excited when we hear the word “free” and one is lured to seize the opportunity to get something for free, for example interest-free advances? But, is it really free? This article examines the concept of “interest-free” loans/advances, questioning whether they are truly without interest. The Federal court (FC) case, Triple Zest Trading & Suppliers & 2 Ors v. Applied Business Technologies [2023] 8 AMR 225 explores the implications of moneylending practices under the Moneylenders Act 1951 (MA51). The FC ruling clarified that ‘moneylending” means lending money at interest, and “interest includes any sum exceeding the principal, regardless of what it is termed. As aptly stated by his Lordship, Abdul Rahman Sebli CJ (Sabah and Sarawak), “If a rose by any other name would smell as sweet, a corpse flower by any other name would smell as foul”, that is offers labeled as “interest-free” may still involve hidden costs, with terms disguising high-interest rates. According to the FC, the definition of the three terms, “moneylender”, “moneylending” and “interest” under section 2 must be read together and harmoniously. The FC ruling underscores the potential legal pitfalls associated with so-called “interest-free” loans/advances, revealing that they may disguise exorbitant interest rates under different nomenclature, and therefore it is important to scrutinize the terms of the loans/advances to ensure compliance with legal standards.
Non-Compliance Could Cost You RM50,000 or Jail—OSHA 2022 Is Now Enforced!
Waiting to be FINED RM50,000?! or JAIL for 6 months? Or don’t care if you do? The latest Malaysia OSHA Amendment 2022, is being enforced now. If you are a business with a minimum 5 employees, then you could be at risk of the above. 8 main areas 1️⃣ OSHA Obligations For All workplaces including remote workplaces. 2️⃣ OSH Appointment (Min. 5 Employees) Employers with 5 or more employees. 3️⃣ OSH Coordinator Roles To Coordinate OSH issues. 4️⃣ Mandatory Risk Assessment Employers must proactively identify risks related to health and safety that may affect workers and the public. 5️⃣ Risk Assessment Ensuring Health & Safety Risks posed to anyone affected by operations are mitigated. 6️⃣ Employee Rights An Employee can Remove oneself in an imminent danger situation after informing their employer if they have reasonable grounds to do so or the employer has failed to take action. 7️⃣ Monitoring Ensuring Workplace conditions, including physiological and psychological needs are well managed. 8️⃣ Non-compliance RM50,000 fine or not more than six months’ jail or both Closing Thoughts “If you think compliance is expensive, try non-compliance.” Helping you to be in compliance is something close to our heart. Take action now! #OSHA #OSHACoordinator We are StarBPO Malaysia, we support Business Transformation of SMEs and Large Businesses.
The Perils of Poorly Drafted Contracts
Principle of Estoppel The Principle of Estoppel prevents a party from going back on their word if someone else has relied on that word to their detriment. It is fundamentally about fairness. In general terms, estoppel applies when: One party (e.g., the IRB) makes a representation or promise, either through words or conduct. The other party (e.g., a taxpayer) relies on that representation. As a result of that reliance, the taxpayer changes their position or suffers detriment. It would be unfair or unjust to allow the IRB to go back on its original representation. However, in public law and especially tax law, estoppel is applied more narrowly. Courts are cautious about letting estoppel override legal obligations or statutory duties. For example, the IRB cannot be estopped from collecting taxes just because a prior officer made an incorrect statement, unless exceptional circumstances apply. Principle of Legitimate Expectation The Principle of Legitimate Expectation protects a person’s reasonable and justified expectation that a public authority will act in a certain way, especially when: There has been a clear and unambiguous representation by the authority (e.g., consistent tax treatment or a promise). That representation has been relied upon by the taxpayer. The expectation is legitimate and reasonable in the circumstances. Legitimate expectation can be: Procedural: Expecting a fair process before a decision is changed (e.g., the right to be heard). Substantive: Expecting a benefit or treatment to continue (e.g., a tax exemption or relief). While procedural legitimate expectation is more readily accepted by courts, substantive legitimate expectation (expecting a particular outcome) is more difficult to enforce, especially when it conflicts with statutory powers or duties. In this landmark case, the Federal Court’s (FC) in Ketua Pengarah Dalam Negeri (IRB) v Kind Action (M) Sdn Bhd (KASB)[2025] CLJU 539, clarified the application of the Principles of Estoppel and Legitimate Expectation in Malaysian tax law, particularly in the context of double taxation disputes between the Inland Revenue Board (IRB) and taxpayers. Case brief In 2004, KASB, a plantation company, acquired land (Mengkibol Estate) and consistently treated it as a fixed asset, paying income tax on its plantation income. From 2007 to 2017, KASB sold the land in ten transactions, paid Real Property Gains Tax (RPGT) and received RPGT assessments and certificates of clearance from IRB. In 2019, IRB conducted a tax investigation and stated that proceeds from these sales should have been taxed as income under the Income Tax Act 1967 (ITA) and not as capital gains under the Real Property Gains Tax Act 1976 (RPGTA). IRB then issued additional income tax assessments totaling over RM81 million, without revoking its previous RPGT assessments. KASB challenged these new assessments in the High Court (HC), arguing that IRB’s actions amounted to unlawful double taxation and violated the principles of estoppel and legitimate expectation. KASB sought judicial review to quash the additional assessments and confirm IRB’s binding recognition of the transactions as capital gains. Decisions of the Courts A DPO provides much-needed oversight of your organization’s personal data handling processes. They conduct regular audits to map out where data is stored, how it flows across systems, and whether it’s being used according to lawful and transparent purposes. This structured oversight helps uncover gaps, reduce the risk of data breaches, and establish accountability across departments. It ensures your business can answer key questions like: Who has access to the data? Is it adequately secured? Is it being retained longer than necessary? 🧑🏫 Training & #awareness High Court : Dismissed KASB’s application, holding that IRB had the authority to issue additional assessments and that KASB should have appealed to the Special Commissioners of Income Tax (SCIT) for factual determinations. Court of Appeal : Reversed the HC’s decision, finding IRB’s actions unlawful for failing to revoke the RPGT assessments before issuing income tax assessments, resulting in double taxation. The COA held that estoppel applied against IRB, as the RPGT assessments and certificates were final and conclusive, and IRB was bound by its prior actions. Federal Court : Upheld the COA’s decision, emphasizing the finality of RPGT assessments under Section 20(1) of the RPGTA and the prohibition against double taxation. The FC rejected IRB’s argument that it could later reassess the nature of the gains after issuing RPGT clearances, highlighting that tax statutes must be strictly interpreted in favor of taxpayers. The FC also recognized that IRB’s repeated assurances and clearances created a legitimate expectation for KASB that the transactions would not be taxed again under the ITA. Key Legal Principles Principle of Estoppel:Prevents a party (including public authorities) from contradicting previous actions or representations if another party has relied on them to their detriment. Here, IRB’s issuance of RPGT certificates and clearances estopped it from subsequently imposing income tax on the same transactions. Doctrine of Legitimate Expectation:Arises when a public authority’s conduct or statements create a reasonable expectation of certain treatment. IRB’s actions led KASB to expect that the tax treatment was settled, and changing this position without revoking previous assessments was deemed unfair and an abuse of power. Conclusion FC’s decision reinforces that IRB’s powers are not absolute and that taxpayers are protected against inconsistent and unfair tax treatment through the principles of estoppel and legitimate expectation. This case sets an important precedent for the protection of taxpayers, especially SMEs, from double taxation and arbitrary shifts in tax authority position. Implications for Taxpayers and SMEs Taxpayers are entitled to consistency and reliability in tax treatment from authorities. Official tax assessments and certificates can create binding expectations and protections under estoppel. Courts will guard against double taxation on the same transaction under different laws. Judicial review remains a remedy for challenging unlawful or inconsistent tax authority actions, even when alternative appeal mechanisms exist.
Time and Contracts: A Deep Dive into CERAMTEC v ICONIC MEDICARE
Time and Contracts: A Deep Dive into CERAMTEC v ICONIC MEDICARE The High Court’s (HC) recent decision in CERAMTEC INNOVATIVE CERAMIC ENGINEERING (M) SDN BHD (CICE) v ICONIC MEDICARE SDN BHD (IMSB) [2025] CLJU 686 provides crucial insights for Small and Medium-sized Enterprises (SMEs) navigating the complexities of commercial contracts, particularly concerning the often-disputed concept of “time is of the essence.” The HC disagreed with CICE’s argument that time was not critical in their agreement to supply ceramic formers to IMSB, despite IMSB’s initial tolerance of delays and eventual acceptance of the goods. CICE argued that IMSB’s conduct implied acceptance of revised timelines, rendering the “time is of the essence” argument an afterthought. This analysis delves into the specifics of the HC’s decision, exploring the factual background, the legal principles applied, and the significant implications for SMEs in understanding the importance of timely performance in their contractual obligations. Unpacking the Case: The Core Dispute CICE, a manufacturer of ceramic formers essential for medical glove production, contracted with IMSB, a company venturing into PPE manufacturing during the COVID-19 pandemic. In December 2020, IMSB ordered 366,000 formers for their planned 12 glove manufacturing lines, with deliveries scheduled to commence in July and October 2021 for Phase 1 and Phase 2 respectively. CICE confirmed their capacity and issued proforma invoices reflecting these timelines. IMSB placed two purchase orders (POs) and paid a 10% deposit. Delays ensued, starting with IMSB’s April 2021 inquiry about a potential delay in the July delivery. IMSB subsequently revised one PO, reducing the quantity but maintaining the original timeline. CICE proposed a revised delivery schedule, which IMSB did not explicitly agree to. Faced with delays, IMSB sourced formers from another supplier at a higher cost. While IMSB consistently emphasized the importance of the original delivery schedule, CICE cited various reasons for their inability to meet these timelines. Deliveries were significantly delayed and partial. IMSB eventually terminated one PO and reduced the quantity of the other. CICE sued IMSB for scrapping costs related to the reduced order, while IMSB counterclaimed for the increased cost of sourcing alternative formers and lost profits due to the delays. Key Legal Principles Considered The HC reiterated the burden of proof and the balance of probabilities in contractual disputes. Importantly, it addressed the principle of “time is of the essence,” clarifying that an explicit clause is not always necessary. Drawing upon Section 11 of the Sale of Goods Act 1957 and the Federal Court case of Damansara Reality Bhd v Bungsar Hill Holdings Sdn Bhd & Anor (2011) 9 CLJ 257, the HC emphasized that whether time is of the essence depends on the contract’s terms and the parties’ conduct. HC’s Findings and Implications The HC dismissed CIME’s claim and partially allowed IMSB’s counterclaim. Liability for Scrapping Costs: The court found that time was of the essence due to the contract terms and the context of the pandemic-driven demand for gloves. CICE’s repeated failures to meet agreed timelines constituted a breach of contract. IMSB’s reluctant acceptance of delayed and reduced deliveries did not equate to acquiescence to the revised schedules. Consequently, CICE was not entitled to claim scrapping costs. Loss Incurred Due to Alternative Sourcing: The court ruled that CICE’s delays and request for order reduction forced IMSB to source elsewhere at a higher cost. CICE’s suggestion for IMSB to find alternative suppliers further supported the claim that this loss was foreseeable. IMSB successfully proved the additional expense incurred due to CICE’s breach, and the court awarded IMSB the difference in cost. Claim for Loss of Profits: IMSB’s claim for lost profits was rejected as being too remote and speculative. The lack of confirmed purchase orders from their intended customer and the fact that the customer had already engaged another supplier before IMSB was ready to produce weakened their claim of a direct causal link between CICE’s delays and the alleged losses. Implications for SMEs The CERAMTEC v ICONIC MEDICARE decision offers critical lessons for SMEs: Express Clauses are Not Always Mandatory: While a clear “time is of the essence” clause is advisable, the court will examine the surrounding circumstances and conduct to determine its importance. Context is Crucial: In time-sensitive industries or situations with urgent market demands, timely performance is more likely to be considered essential, even without an explicit clause. Communication Matters: While IMSB did not always provide immediate written objections, their consistent communication emphasizing the need for timely delivery was crucial in establishing the importance of time in the contract. This case underscores the need for SMEs to clearly define delivery timelines in their contracts, promptly communicate any concerns regarding delays, and understand that their conduct can significantly influence how a court interprets the importance of time in their agreements. Even without explicit clauses, a clear understanding of the context and consistent communication regarding timelines are vital to protecting their interests.
CYBER SECURITY ACT 2024 (ACT 854)
On 26 June 2024, Malaysia\’s Cyber Security Act 2024 (\”Cyber Security Act\”) was gazetted to enhance national cyber security in Malaysia. The Cyber Security Act is not in force yet, pending implementation regulations to be issued by the National Cyber Security Agency (\”NACSA\”). The Cyber Security Act was first contemplated in the Malaysia Cyber Strategy released in October 2020. Objectives of the Cyber Security Act Similar to Singapore’s Cybersecurity Act (\”Singapore CSA\”), the Cyber Security Act aims to enhance cybersecurity of national critical information infrastructure (\”NCII\”). NCIIs include any computer or computer system which, if disrupted, would impact national security, economy, public health, public safety, or government functionality. The Cyber Security Act also introduces measures to manage cyber security threats and a licensing regime for cyber security service providers. Territorial Scope Of The Cyber Security Act The Cyber Security Act has extra-territorial application. Offences related to an NCII that is wholly or partly located in Malaysia are within the scope of the Cyber Security Act. Notably, this approach aligns with Singapore CSA\’s original scope before its recent amendments in early 2024. Singapore CSA was amended to regulate computer systems which are wholly located outside Singapore if (i) the owner of such computer systems is in Singapore; and (ii) such computer systems would have been designated as CIIs had they been located in Singapore (see our previous article). Understanding NCIIs The Cyber Security Act designates the following sectors as NCII sectors: Government Banking and finance Transportation, defence, and national security Information, communication, and digital Healthcare services Water, sewerage, and waste management Energy Agriculture and plantation Trade, industry, and economy Science, technology, and innovation NCII sector leads NCII sector leads are government entities or persons which own or operate NCIIs in each NCII sector as designated by the minister charged with the responsibility for cyber security (\”Minister\”). The name of the NCII sector leads will be published on NACSA’s website. Each NCII sector lead is responsible for designating NCII entities (as defined below) and formulating sector-specific codes of practice that set out the measures, standards and processes regarding cyber security management. NCII entities NCII entities are government entities or persons appointed by a NCII sector lead as the entity or person which owns or operates a NCII. NCII entities are responsible for providing information about their NCIIs to the NCII sector leads upon request and notify them of any change, acquisition, or disposal of such NCIIs. Any material change relating to the NCII must be notified to the relevant NCII sector lead within 30 days; implementing the codes of practice issued by the relevant NCII sector lead; conducting cyber security risk assessments to ensure compliance with the codes of practice and arranging for external audits to verify their adherence to the Cyber Security Act; and reporting incidents or potential incidents in respect of their NCIIs to NACSA\’s Chief Executive and NCII sector leads promptly. While the Cyber Security Act mirrors Singapore\’s approach by requiring NCIIs to comply with codes, risk assessments, and incident reporting obligations, unlike Singapore, the Cyber Security Act does not extend reporting requirements to cyber incidents involving third-party vendors and the supply chains of critical information infrastructure owners. Licensing Of Cyber Security Service Providers The Cyber Security Act introduces a licensing regime for cyber security service providers. No entity or person can offer any cyber security service or advertise itself as a cyber security service provider unless it holds a valid licence. The aim of this licensing regime is to ensure cyber security services, especially those provided to NCIIs, meet international standards. Whilst the definition and scope of \”cyber security services\” remain unclear and will be determined by the Minister in the future, it is clear that the licensing regime does not apply to cyber security services provided by a company to its related company. Providing a cyber security service without a licence is a criminal offence punishable by (i) a fine of MYR 500,000 (approximately USD 106,000); (ii) imprisonment of up to ten years; or (iii) both. For comparison, the penalty under the Malaysia Cyber Security Act is more severe than the penalty under the Singapore CSA for a similar offence, which includes (i) SGD50,000 (approximately USD 37,000); (ii) imprisonment of up to two years; or (ii) both. Penalties Under The Cyber Security Act Penalties for non-compliance with the Cyber Security Act vary based on the type and severity of the violation. For general non-compliance by NCII entities such as failing to conduct additional cyber security risk assessments, failing to rectify audit reports upon NACSA Chief Executive\’s request, or failing to notify NCII sector leads of any material changes relating to the NCII, the penalties include (i) a fine of up to MYR100,000 (approximately USD 21,744) or MYR200,000 (approximately USD 43,549), depending on the offence; (ii) imprisonment of up to three years; or (iii) both. For more serious violations of the Cyber Security Act, such as failing to implement the applicable codes of practice, failing to notify a cyber security incident or non-compliance with the licensing requirements, the penalties are more severe with (i) fines up to MYR 500,000 (approximately USD 106,000); (ii) imprisonment of up to ten years; or (iii) both. The liabilities under the Cyber Security Act also extend to the employees and agents of an offending entity. Conclusion The Cyber Security Act is a pivotal step taken by the Malaysian government to strengthen Malaysia\’s cyber security resilience. NCII entities and cyber security providers which support NCII entities should revisit their business processes to identify compliance gaps and implement necessary measures to comply with the new obligations under the Cyber Security Act.
How Time Flies! SMEs, Watch Out!!
How Time Flies! SMEs, watch out!! Wow, it’s 2025! If you don’t buck up, you might land up in hot soup unless you keep abreast with evolving trends and regulatory changes. The business landscape in 2025 is evolving rapidly, presenting both challenges and opportunities for businesses. To stay competitive and compliant, SMEs must navigate key regulatory changes across labor laws, sustainability practices and data protection. Amendment to the Employment Act (EA) 1955 The recent amendments to Malaysia’s Employment Act (EA) 1955, effective from January 2023, have significantly impacted workplaces. Key changes include a reduction in weekly working hours from 48 to 45 hours, expanded maternity and paternity leave, and increased protection for contract workers. These reforms aim to enhance work-life balance and fair treatment for all types of employees. SMEs should pay close attention to these updates, particularly as discussions on the Gig Economy Bill progress. This bill, if passed, will mandate social security contributions for gig and platform workers, creating new obligations for businesses that rely on flexible or project-based labor. As these shifts unfold, SMEs must update employment contracts, work policies, and benefits to remain compliant and foster a positive work environment. Environmental, Social, and Governance (ESG) Reporting Sustainability is becoming increasingly important with Bursa Malaysia’s introduction of enhanced Sustainability Reporting in its Main Market Listing Requirements. Listed companies must now provide detailed reports on climate risks, carbon emissions, and social impacts. While ESG reporting is mandatory for listed firms, non-listed companies are also expected to voluntarily adhere to frameworks like the Malaysian Code on Corporate Governance (MCCG). Adopting ESG principles can enhance SME’s reputation with investors, customers and stakeholders, demonstrating a commitment to transparency and responsible corporate practices. As environmental and social governance continues to gain traction, SMEs that neglect ESG reporting could miss out on potential investment opportunities and consumer trust. Data Privacy, Cybersecurity, and OSHA Compliance The Personal Data Protection (Amendment) Act (PDPA) 2024 introduces stricter regulations such as mandatory and prompt data breach notifications and extends compliance requirements to foreign companies processing Malaysian data. SMEs need to ensure they are up-to-date with PDPA to avoid penalties. Simultaneously, cybersecurity has emerged as a critical focus, with the Cybersecurity Act 2024 imposing additional obligations on businesses to strengthen IT infrastructure and report breaches. Cybersecurity investments will be essential for SMEs to protect against increasingly sophisticated cyber threats. Occupational Safety and Health Act (OSHA) compliance remains crucial. As workplaces evolve, SMEs must ensure safety regulations, conduct regular training, and implement effective safety protocols to safeguard employees and avoid legal consequences. Conclusion The evolving regulatory environment in 2025 requires SMEs to stay agile and proactive. Legal changes in labor laws, ESG reporting, and data protection are not only about compliance but also about positioning for long-term success. By responding to these shifts, SMEs can enhance stakeholder relationships, reduce legal risks and gain a competitive edge. Time is of the essence, and those who fail to keep pace with these changes may find themselves at a disadvantage in the fast-moving business landscape.
Small Business Owners (SBO) and the SIX biggest challenges?
SBOs face unique challenges particularly in tough economic times. As every SBO knows, the reality is that there are there are numerous issues to overcome in order to sustain a business on daily basis. However, the SIX key challenges consistently affecting SBOs and where definite action can be taken to conquer these challenges are:- Overcoming Cash Flow Challenges Delayed payments from clients, high overheads and unexpected expenses, such as non-compliance penalties and hefty litigation costs often causing huge financial strain to cashflow. Besides managing cash flow by using financial management apps to track expenses, create budgets, automate payments, set up automatic invoicing and reminders to reduce the risk of delayed payment, measures taken to ensure Compliance with the relevant laws and regulation to save on penalties will also help ease cashflow for small businesses. Managing Owner Fatigue SBOs often burnout due to taking on too much burden upon themselves resulting in low productivity. Outsourcing time-consuming mundane activities is key to overcoming fatigue. By identifying non-revenue generating back office processes such as Human Resources, Legal, Finance and Contact Center Services, business owners can focus on productivity whilst taking regular breaks and establishing a balanced schedule which is essential to maintain work-life balance. Finding and Retaining Profitable Customers Attracting and retaining profitable customers is crucial for small business success. By outsourcing back room processes, SBOs have more time to analyze their current customer base, identify profitable segments, engage in marketing efforts and tailor their business offerings to suit customer needs as well as engage with existing customers through feedback and personalized services to maintain strong relationships for repeat business. Motivating Employees In today’s fast-paced business environment, managing HR responsibilities in-house can be daunting task to SBOs. Employee engagement is vital for small businesses, where every employee’s contribution is significant. By outsourcing HR processes, small businesses can be assured to maintain clear communication with employees and foster a positive work environment that can boost staff morale. Reducing Overheads High overhead costs can quickly drain a small business’s resources. Outsourcing back-office functions, especially to regions with lower labor costs, can significantly reduce operational expenses. SBOs can save on salaries, benefits, and overhead costs associated with maintaining in-house teams. Outsourcing also eliminates the needs to invest in expensive software, equipment and office space for back-office operations. Staying Current in Your Industry SBOs are often so busy with day-to-day operations that they neglect to stay informed about industry trends and competitors. Outsourcing enables SBOs to focus on research industry developments, read relevant blogs, networking, attend conferences which can help to keep business owners ahead of the curve. In conclusion, overcoming the challenges faced by small businesses requires strategic action, delegation, and the use of modern tools and outsourcing time consuming chores. By outsourcing their backroom processes SBOs can keep overheads low and stay focused on high-value customers, motivating employees, cutting unnecessary costs and they can also keep up with industry trends to navigate tough times and achieve sustained success.
What Small And Medium Enterprises (SMEs) Must Look Out For In The Occupational Safety & Health Act (OSHA) 1994 & The Amendment Act 2022?
The OSHA 1994 is the principal legislation in Malaysia that ensures workplace safety, health, and welfare. It outlines the legal duties of Employers, Employees, and other Stakeholders to create a safe working environment. In 2022, OSHA was amended to apply to ALL workplaces, extending beyond the original industries listed in the 1994 Act. The amendments highlight several key elements that SMEs must adhere to for workplace safety. Employer’s Duty (Section 15): Employers must maintain a hazard-free and safe work environment by conducting risk assessments, offering necessary training, ensuring equipment is safe, and providing personal protective equipment (PPE) and safety devices. Employee’s Duty (Section 24): Employees are responsible for their own safety and health and that of others, must cooperate with Employers on safety measures, use PPE, and report unsafe practices or conditions. Safety and Health Committees (Section 30): Workplaces with 40 to 100 Employees must establish a Safety and Health Committee (OSHC) with 2 representatives each from both Management and Employees. For businesses with over 100 Employees, the Committee must include 4 representatives each. The Committee addresses safety issues and advises Employers on safety concerns. Safety and Health Coordinator (Section 29A): From 1st June 2024, Employers with 5 or more Employees must appoint a Safety and Health Coordinator (SHC) from their workforce. The SHC is responsible for coordinating safety issues, maintaining a safe work environment, conducting inspections, and reporting non-compliance. Failure to appoint an SHC can result in fines and /or imprisonment. Training (Section 31A): Employers must ensure that their appointed SHC completes a Certified Occupational Safety and Health Coordinator training Failure to comply results in fines and /or imprisonment. Risk Assessment and Hazard Control (Section 18A & 18B): Employers must regularly assess and control workplace hazards, including physical, chemical, biological, and ergonomic risks, and implement safety measures to mitigate them. Accident and Disease Reporting (Sections 32): Employers are required to report serious accidents, dangerous occurrences, and occupational diseases to the Department of Occupational Safety and Health (DOSH), facilitating the prevention of future incidents. Workplace Inspections (Section 27E & 27F): DOSH conducts unannounced inspections to ensure compliance, issuing notices for improvement or prohibition and enforcing penalties for non-compliance. Right to Refuse Dangerous Work (Section 26A): Employees have the right to refuse unsafe work. Employers must address the hazard before the work resumes. Occupational Health and Safety Regulations: Specific regulations address various workplace hazards, including machinery safety, chemical handling, fire safety, and manual handling, ensuring comprehensive protection for workers. In summary, OSHA 1994 and its Amendment Act 2022 impose critical safety responsibilities on both Employers and Employees. By mandating risk assessments, the formation of OSHC, and the appointment of SHC, it seeks to foster a safe and healthy working environment in Malaysia. Non-compliance with these regulations can result in severe penalties, emphasizing the importance of adherence to workplace safety standards.
Amendments to the Personal Data Protection Act (PDPA) 2010
More importantly come 1st June 2025, enforcement of the Sections 6 and 9 of PDPA 2024(A) operations will significantly impact how personal data is handled in Malaysia. PDPA 2010 aims at protecting individual privacy and personal data, and PDPA 2024(A) further strengthens this protection by introducing stricter rules and higher penalties for non-compliance. Section 6 (Duties of Data Users) revises the obligations of “Data Controllers (DC)” or those who process personal data for commercial, research, or employment purposes. The amendments introduce several new responsibilities, including: Accountability and Transparency: DC must be transparent about their data processing practices. They are required to provide individuals with clear privacy policies, outlining how data is collected, used, and shared, along with details on retention periods and recipients of the data. Data Protection Impact Assessment (DPIA): DC must conduct a Data Protection Impact Assessment (DPIA) for activities that pose high risks to individuals’ rights and freedoms. This assessment helps identify and mitigate potential risks before proceeding with data processing activities. Data Security Measures: It is mandatory for DC to implement robust technical and organizational measures to protect personal data from unauthorized access, alteration, or destruction. These measures ensure the integrity and security of data throughout its lifecycle. Breach Notification: In case of a data breach that threatens individuals’ privacy, DCs are required to notify both the affected individuals and the Personal Data Protection Commissioner (PDPC) within a specified time frame. Mandatory Appointment of Data Protection Officer: Companies must appoint a Data Protection Officer (DPO) to ensure compliance with the law and report any breaches to the PDPC. Section 9 (Penalties for Non-Compliance) outlines the penalties for failure to comply with the regulations, which are designed to deter non-compliance and ensure businesses take their data protection obligations seriously. Key aspects of these penalties include: Monetary Penalties: DCs who violate Section 6 PDPA2024(A) face hefty fines, which can range from RM 300,000 to RM 3 million, depending on the severity of the breach, the scale of non-compliance, and the harm caused to individuals. Imprisonment: In cases of serious violations, such as deliberate misuse of personal data or severe data breaches, individuals found guilty may face imprisonment for up to three years. Liability of Directors and Officers: Senior officers or directors of companies who fail in their duties regarding personal data protection can be held personally liable. This includes potential fines or imprisonment for negligence or violations under their watch. Reputational Damage: Apart from the legal penalties, businesses may suffer significant reputational harm from data breaches. Such incidents can lead to consumer distrust, damaging the company’s image and causing long-term financial losses. Conclusion Sections 6 and 9 PDPA 2024 marks a clear shift towards greater accountability and more rigorous enforcement for data protection in an increasingly digital world. The new obligations for DCs coupled with severe penalties for non-compliance, are expected to enhance public trust and encourage businesses to adopt more responsible data management practices. As the 2025 implementation date approaches, SMEs must prepare to comply with these new regulations to avoid costly penalties and protect their reputation.