Malaysia Legal & Tax Due Diligence (Legal + Tax Due Diligence)
— An in-depth analysis that cross-border investors and acquirers must read
I. Introduction: Why must Malaysian transactions conduct “Legal + Tax” dual due diligence?
On the surface, Malaysia is a common-law jurisdiction with a mature legal system, clear regulation, and a business-friendly environment.
Many foreign companies assume:
• A valid contract is enough
• Audited financial statements being true is enough
• Accurate company registration information is enough
Reality is far more complex.
Malaysia’s risks are not usually obvious illegality, but are hidden in:
• Fragmented regulation (multiple regulators operating in parallel)
• Strong tax traceability (LHDN can reopen accounts for many past years)
• Uneven corporate compliance standards
• Incomplete documentation, approvals, and licences
• Key contracts containing hidden termination rights
• Complex HR and foreign-labour regimes
• State-by-state differences in land policy
• Audited accounts that do not reflect tax risks
More importantly:
Once you acquire shares (share acquisition), you not only buy the company — you also buy all of its past 5–10 years of legal liabilities + tax risks.
Therefore, when top-tier foreign investors enter the Malaysian market,
Legal Due Diligence (LDD) + Tax Due Diligence (TDD) is an indispensable “double insurance”.
II. What are Legal Due Diligence and Tax Due Diligence?
• Legal Due Diligence (LDD): confirms the company is lawful, compliant, enforceable, acquirable, and free from hidden legal risks.
• Tax Due Diligence (TDD): confirms the company’s tax health, no unpaid tax, no hidden tax “bombs” that may be pursued later, and no flawed structures.
Together, they answer one ultimate question:
“Are you buying a real business — or a well-packaged time bomb?”
III. Legal Due Diligence (LDD) — a professional analytical framework of top legal minds
1. Corporate structure and shareholding: the legal DNA of the business
A truly professional LDD does not merely review SSM filings, but goes deeper into:
• Is the shareholding clean? Are there shadow shareholders?
• Are there unregistered share transfers?
• Are there undisclosed pledges, charges, or freezes?
• Does the company’s Constitution restrict foreign ownership?
• Do founders privately retain control rights?
• Do shareholder agreements contain veto rights, pre-emption rights, drag-along rights, tag-along rights, etc.?
Risk point:
Defects in the shareholding structure can cause the legality of the entire transaction to be challenged.
2. Regulatory licences and compliance: the minefield most foreign investors miss
Malaysia’s regulatory framework is diverse, with different authorities for different industries:
• Financial industry → BNM
• Securities, funds, digital assets → SC
• Manufacturing → MIDA
• Import/export → MITI + Customs
• F&B, logistics, warehousing → local authorities
• Land → state land offices
• Specific industries → licences under specific Acts
A professional LDD will check:
• Are licences genuine, valid, and transferable?
• Is the licence held by the “wrong entity”?
• Is the licence dependent on specific directors or shareholders?
• Is there “unlicensed operation that simply hasn’t been caught”?
Reality:
Many Malaysian businesses operate in a grey area on licences; once acquired by a foreign company, regulators tend to scrutinise more strictly and risks surface immediately.
3. Contract review: the key part that determines a company’s real value
A professional LDD will:
• Review the top 10 customer contracts
• The top 10 supplier agreements
• Distribution, agency, franchise agreements
• IT systems and software usage rights
• Loan, guarantee, and lease contracts
Key focus:
• Do contracts automatically terminate upon a change in controlling shareholding?
• Are contracts enforceable?
• Are there asymmetric liability clauses?
• Are assignments to a new company prohibited?
Major risk:
Many foreign buyers only discover after acquisition that the most important customer contract states:
“If the company’s shareholding changes, this contract may be terminated immediately.”
This can cause the acquisition to lose its revenue base instantly.
4. Land, assets, real estate, and zoning compliance
Including:
• Does the land have a caveat (registered caution)?
• Is it charged/mortgaged?
• Is foreign ownership permitted?
• Has the factory been illegally extended?
• Does the zoning allow the relevant use?
• Are fire safety and building compliance documents missing?
Risk point:
Many warehouses and factories operate “in a grey state”; foreign acquisitions often trigger real regulatory inspections.
5. Intellectual Property (IP): often the most valuable asset — yet it may not belong to the company
Check:
• Are trademarks registered under the company’s name?
• Does the company truly own the software?
• Are there third-party rights over the technology?
• Do founders retain IP instead of transferring it to the company?
Common issue:
More than 40% of Malaysian companies register their brands under the founder’s personal name rather than the company.
This means:
“The company you bought does not own the brand.”
6. Employment, HR, and foreign labour: the area with the most hidden legal risks
LDD checks:
• Are employment contracts lawful?
• Do foreign workers have valid permits?
• Are EPF/SOCSO/EIS contributions fully and timely paid?
• Are there pending labour disputes?
• Is there illegal outsourcing?
Special risk:
Malaysian labour law allows the court to order “reinstatement”, meaning an employee may be ordered back into the company to continue working.
7. Litigation, investigations, and potential legal risks
Including:
• Civil litigation
• Arbitration
• Tax audits
• Regulatory investigations
• Environmental penalties
• Operational breaches
A professional LDD assesses:
“Will these disputes erupt in the coming years and swallow your investment value?”
IV. Tax Due Diligence (TDD) — a deep analytical framework of top tax minds
1. Corporate Tax: a tax health check of the business
Check:
• Are corporate tax filings accurate?
• Are adjustment items lawful?
• Is any income underreported?
• Are expenses fabricated or costs overstated?
• Has the company been pursued by LHDN for additional tax?
• Are there Form JA (additional assessments)?
• Are there long-term losses without reasonable explanation?
Tax reality:
Many companies keep “two sets of books” — internal and external.
Compliance levels vary widely.
2. Indirect tax: SST, GST legacy issues, and customs duties
Check:
• Should the company have registered for SST but did not?
• Is service tax correctly charged?
• Are there under-declarations during the GST period?
• Are customs declarations under-declared or misdeclared?
• Are tax exemptions applied incorrectly?
High risk:
Customs penalties are among Malaysia’s heaviest enforcement actions and can far exceed the tax amount itself.
3. Withholding Tax (WHT): a high-risk point for all multinational groups
WHT involves:
• Software fees
• Technical service fees
• Interest payments
• Royalties
• Contract payments
• Contracting services
• Management fees paid to an overseas parent company
TDD confirms:
• Was tax withheld when it should have been?
• Was the DTA (Double Taxation Agreement) applied correctly?
• Are there artificial structures to avoid WHT?
Tax reality:
Once WHT is not withheld, LHDN can demand back tax + penalties + interest.
4. Transfer Pricing: one of the most frequently audited areas in Malaysia
Including:
• Pricing of related-party transactions
• Reasonableness of management fees and royalties
• Interest on intercompany loans
• Whether TP documentation exists
• Compliance with the arm’s length principle
Risk:
TP adjustments can multiply taxable income several times over.
5. Real Property Gains Tax (RPGT) and Real Property Company (RPC)
TDD checks:
• Was RPGT declared in the past?
• Is the company defined as an RPC?
• Are there tax risks tied to high-value land?
• Is any property transfer suspected of circumventing RPGT?
6. Tax incentives: once non-compliant, they can be clawed back
Including:
• Pioneer Status
• Investment Tax Allowance
• Reinvestment Allowance
• MIDA industry-specific incentives
TDD confirms:
• Is the company truly eligible?
• Is it continuously compliant?
• Could MIDA revoke the incentives?
7. Tax audits, investigations, and unresolved disputes
Including:
• Desk Audit
• Field Audit
• Custom Probe
• GST Probe
• Form Q / Form N appeals
• Judicial Review (JR)
• Unsettled additional assessments
Risk:
After a share acquisition, these disputes automatically “follow” the company and transfer to the new buyer.
V. How do legal and tax DD affect transaction structure? (SPA / JVA practice)
DD findings usually directly change:
1. Purchase Price
• If risks are found → demand a price reduction
• If uncertain → use earn-out or deferred consideration
2. Seller Indemnities
Commonly include:
• Tax indemnities
• Compliance indemnities
• Contract indemnities
• Litigation indemnities
• Employment indemnities
3. Conditions Precedent (CP)
For example:
• Obtain licences
• Clear tax audits
• Renew contracts
• Transfer IP
• Resolve HR non-compliance issues
4. Retention / Escrow
Typically:
• 10%–30% of the purchase price
• For 1–3 years
Used to cover:
• Tax recoveries
• Litigation
• Undisclosed liabilities
• Compliance risks
VI. Conclusion: In Malaysia, due diligence is not a cost — it is the “airbag” that protects your investment value
Malaysia is one of ASEAN’s most promising investment destinations, but it is also a market where legal and tax risks are deeply hidden and regulatory enforcement often hits hard later.
If foreign investors conduct a complete LDD + TDD:
• Safer transactions
• Stronger negotiation position
• More controllable risks
• More precise valuation
• Smoother post-acquisition integration
• More assured investment returns
If due diligence is ignored, you may face:
• Tax bombs
• Licence revocations
• Customer contracts becoming ineffective
• HR disputes
• Chain litigation blow-ups
• Assets that cannot be lawfully used
• IP not held under the company’s name
• Erosion of investment value
In Malaysia, due diligence is not a “formality”.
It is the investor’s first firewall.
