Outsourcing 2019 Second Edition Comparisons

Last Updated October 28, 2019

Law and Practice


Lee Hishammuddin Allen & Gledhill is a full-service law firm housing various practice groups, including dispute resolution, arbitration, financial services, Islamic finance, corporate and commercial, employment and industrial relations, insolvency, insurance, IP and TMT, real property, regulatory and compliance, and tax. LHAG has more than 125 lawyers with offices in Kuala Lumpur, Penang and Johor Bahru. Clients include top-ranked local conglomerates and multinational companies spanning industries such as IT, e-commerce, telecommunications, biotechnology, healthcare, entertainment and FMCG (fast-moving consumer goods). Its seasoned team of trade mark, industrial design and patent agents, litigators and commercial lawyers work closely with in-house counsel to protect intellectual properties, innovation and creativity. The team has experience in a wide range of jurisdictions and commercial sectors, and assists clients to identify and anticipate potential issues or trends in outsourcing. The breadth of its practice includes handling disputes involving IT and communications services, business process outsourcing, finance and accounting, facilities management.

Malaysia has transformed significantly over the last decade, underpinned by a more integrated and globalised environment, rapid technological advances and diverse financing needs. The landscape of business has changed dramatically, with outsourcing activities increasingly replacing a wider range of internal processes and business functions, within associated or group entities, or third parties. 

A constant concern, as pointed out by the Central Bank of Malaysia (“BNM”), is the effective management of outsourcing arrangements and whether over-reliance on the service providers will increase the risk of any threat to the safety of information and data.

In Toh See Wei v Teddric Jon Mohr [2017] 1 LNS 445 (Suit No. 22NCVC-574-08/2012), learned Judicial Commissioner observed:

[46] "My view is that Malaysians are concerned about their privacy. If a comprehensive poll of Malaysians' views about privacy is to be taken, surely a large section of Malaysian people would express concern about their privacy and some might view the computer as a threat to their private lives. At the same time, the younger generation are increasingly willing to disclose private feelings, information and photographs every day on social networking websites and through other technological websites and through other technological medias such as smart phones.

[47] The right to privacy is a multi-dimensional concept. In this modern society, the right to privacy has been recognised both in the eye of law and in common parlance. The right to privacy refers to the specific right of an individual to control the collection, use and disclosure of personal information. Personal information could be in the form of personal interests, habits and activities, family records, education records, communication [including mail and telephone] records, medical records, to name a few. An individual could easily be harmed by the existence of computerised data about him/her which is inaccurate or misleading and which could be transferred to an unauthorised third party at high speed at very little cost. Innovative technologies make personal data easily accessible and communicable, and there is inherent conflict between the right to privacy and data protection.”

The growing number of data-related incidents in recent years has led to the BNM, regulators and respective stakeholders to establish a framework seeking a suitable solution, including: 

  • to eliminate outsourcing risk;
  • to increase effective operation; and
  • to ensure that outsourcing risk management arrangements remain robust and commensurate with the risk profiles.

Notwithstanding concerns around data protection and the public’s increasing awareness of their right to privacy, cloud computing has received much attention in recent years. Thus, there is increasing motivation to explore the possibility of adopting new technologies such as AI, automation and the cloud to reduce IT outsourcing and the impact of the hardware and attrition management. That being said, it is arguable whether the current legal framework in Malaysia adequately regulates and/or governs cloud computing.

BP outsourcing has increased significantly over the last decade to meet diverse commercial needs and to keep businesses competitive in the move towards globalisation. 

In recent years, new technologies such as AI and robotic process automation – which may be perceived as tools to reduce business outsourcing – have become very attractive to the local market. While BP outsourcing may bring upon reduced costs, software can provide labour that has almost no cost if properly programmed.

The digitisation of business processes is a common trend in Malaysia, with the aim of tracking and optimising business engagement, either internally or externally, through an API connection to business ecosystem. 

In line with good practice, in digital business engagements that fall within the Pareto Principle, to achieve efficiency and manage potential fraud businesses will require a strong strategy that supports both internal and external processes for dispensing information throughout the company. 

The key governance on information, such as ISO9001 and ISO22000, has been consistently challenged by GDPR and PDPA.

In this era of globalisation, new technologies such as big data analytics, autonomous robots, cloud computing and AI have become an irresistible force.

The 2018 budget, which implements the Malaysia Digital Policy, prioritised two digital policies, “Cloud First” and the National Artificial Intelligence (AI) Framework. In tandem with these policies, the Malaysia Digital Economy Corporation (“MDEC”) is establishing an artificial intelligence (AI) unit comprising of local and international experts to support the setting up of the National AI Framework. The National AI Framework is expected to be completed by the end of 2019. These new technologies typically promise to improve the efficiency and transparency between businesses. 

The new government has continued this “digital” endeavour with the Communication and Multimedia Ministry of Malaysia working together with MDEC to establish a new Digital Content Ecosystem (“DICE”) policy, which aims to accelerate the digital content creative industry as a driver of economic growth in Malaysia.

Based on the initiative taken by the Malaysian government, it may be expected that the market will slowly but surely become more digitalised. Unfortunately, with increasing accessibility due to the use of new technologies, local regulators such as the Securities Commission and BNM are constantly kept on their toes to issue guidelines, rules and/or regulations to regulate these new technologies especially those that concern cryptocurrencies.

For example, the Anti-Money Laundering and Counter Financing of Terrorism (AML/CFT) – Digital Currencies (Sector 6), issued by BNM, came into effect on 27 February 2018, and ensures that effective measures are in place against money laundering and terrorism financing risks associated with the use of digital currencies.

Further, with the popularity of e-money growing the SC, on 31 January 2019, amended its Guidelines on Recognised Markets to introduce new requirements for electronic platforms that facilitate the trading of digital assets. Under the revised guidelines, any person who is interested in operating a digital asset platform is required to apply to the SC to be registered as a recognised market operator.

The effective realignment of the business process to suit the ongoing business challenges has become the focus of major enterprises within the insurance, medical, transportation and finance industries.

There is no one specific “parent” statute that regulates or governs “outsourcing” in Malaysia, but there are many industry-specific statutes that may inherently and/or imply restrictions, controls or regulations on outsourcing, eg, the Communication and Multimedia Act 1998, the National Forestry Act 1984 and the Employment Act 1955.

Furthermore, certain industries, such as capital markets and financial services, have strict guidelines or regulations in place that affect the outsourcing of services associated with capital markets or the provision of financial services. For example, the Licensing Handbook, issued by the Securities Commission of Malaysia (“SC”), regulates outsourcing activities by market intermediaries under the Capital Markets and Services Act 2007 (“CMSA”), and the Policy Document on Outsourcing, issued by BNM, regulates outsourcing activities for financial institutions under the Financial Services Act 2013 (“FSA”), the Islamic Financial Services Act 2013 (“IFSA”) and the Development Financial Institutions Act 2002 (“DFIA”) 

The industry-specific statutes, guidelines or regulations are discussed further below, see 2.2 Industry Specific Restrictions and 2.3 Legal or Regulatory Restrictions on Data Processing or Data Security.

Communication and Multimedia Act 1998 (“CMA”)

The CMA regulates the increasingly convergent communications and multimedia industries in Malaysia. It does not expressly provide for restrictions on the outsourcing of related services, but does put in place a mechanism that effectively restricts outsourcing. For example, s.36 of the CMA provides that the grant of an individual licence is personal to the licensee, and the individual licence cannot be assigned or transferred to another party without the prior written approval of the Minister. This effectively prohibits the outsourcing of licensed telecommunications services to third parties where it relates to licensable activities.

National Forestry Act 1984 (“NFA”)

The NFA is the principal Act providing for the administration, management and conservation of forests and forestry development within the states of Malaysia. Similar to the CMA, s.23 of the NFA provides for the personal nature of a licence issued for the taking of forest produce, resulting in similar in-built restrictions, ie, the outsourcing of taking of forest produce is prohibited. 

Employment Act 1955 (“EA”)

The EA is the principal Act that regulates and governs the labour industry in Malaysia. It provides for a minimum statutory benefit that must be afforded to workers by employers. Pursuant to an amendment in 2011, s.33A was added into the EA, recognising the role of contractors for labour in the employment landscape. A contractor for labour means a person who contracts with a principal, contractor or sub-contractor to supply the labour required for the execution of any work, ie, supplying workers (particularly foreign workers) to any trade or business. It is noteworthy that s.33A only applies to the agriculture industry (EA Section 2, Employment (Exemption) Order 2012). 

The new provision of s.33A imposes a legal obligation that a contractor for labour who intends to supply or undertakes to supply any employee must registers with the Director General of Labour Department within 14 days before supplying the employee. The provision also mandates that the contractor for labour must keep or maintain a record of information relating to the supply of employees for the inspection and investigation of the relevant authority. 

This new provision is to ensure that workers who are employed under contract for labour are protected and enjoy rights and minimum benefits as provided for under the EA, because an employer must enter a contract of service with the employee in order to be afforded the benefits. This contract is non-existent if the employees are supplied by contractors for labour. This system (commonly known as labour outsourcing) involves the conclusion of a contract for service between the principal and a contractor – thus, no contract of service is executed between worker and owner, which would be most detrimental to the protection and benefit of the workers who technically would not fall under the applicability of the EA. 

With the new amendment, the Director General will be informed of the particulars of the contractors and their employees, enabling the Ministry of Human Resources and other relevant authorities to trace any irresponsible contractors, keep up to date with the statistics of contract labourers, and protect the contract labourers. 

Licensing Handbook (“Handbook”)

The Handbook was issued pursuant to s.377 of the CMSA and is, essentially, a guideline. The Handbook applies to all holders of a Capital Market and Services Licence (“CMSL”), which covers entities that:

  • deal in securities;
  • deal in derivatives;
  • manage funds;
  • advise on corporate finance;
  • provide investment advice;
  • provide financial planning; or
  • deal in private retirement schemes (Part 1, Schedule 2, CMSA).

It is worth noting that the Handbook does not apply to investment banks (10.01(3), Handbook).

Notification to the SC

The Handbook distinguishes between material and non-material outsourcing arrangements. A CMSL holder must notify the SC within two weeks of signing the service level agreement for any material outsourcing arrangement. 

Material v non-material outsourcing arrangements

The outsourcing of the following functions by a CMSL holder is considered a material outsourcing arrangement and can be outsourced to the following service provider (Item 10.02(1), Handbook):

  • internal audit function to the CMSL holder’s direct or ultimate holding company or any of its related corporations (“group”) or an external auditor; 
  • compliance function to its group; 
  • risk management function to its group; 
  • clearing and settlement to any service provider; 
  • fund accounting to any service provider; 
  • fund valuation to any service provider; 
  • the maintenance of the register of unit holders to any service provider; and 
  • any other function of the CMSL holder that the SC may determine. 

A CMSL holder is not allowed to outsource any back office function that involves (Item 10.02(2), Handbook):

  • the decision-making functions of the CMSL holder; or
  • any interaction or direct contact with the clients of the CMSL holder. 

Other outsourcing arrangements will also be considered as material outsourcing arrangements in the following circumstances (Item 10.02(3), Handbook): 

  • there may be a financial, reputational or operational impact on the CMSL holder in the event of a default or failure of the service provider; 
  • the CMSL holder’s services or support rendered to its clients may be potentially impacted by the outsourcing arrangement; 
  • the CMSL holder’s ability and capacity to comply with regulatory requirements may be impacted by the outsourcing arrangement; and 
  • if the appointed service provider may not be able to perform the outsourced function, there is a degree of difficulty and time required for the CMSL holder to select an alternative service provider or to bring the outsourced function in-house. (Item 10.02(1)-(3), Handbook). 

Additional obligation

It is pertinent to note that Chapter 10 of the Handbook provides that a CMSL holder must select an appropriate and efficient service provider as well as monitor the outsourcing arrangement on a continuous basis to ensure that it does not lead to business disruption and negative consequences for the CMSL holder's clients (Item 10.01, Handbook).


In brief, CMSL holders need only notify the SC within two weeks of signing the service level agreement for any material outsourcing arrangement; no prior approval is necessary. 

Policy Document on Outsourcing (“Policy Document”)

On 28 December 2018, BNM issued the Policy Document which officially came into force on 1 January 2019, following a period of submission of feedback to the draft proposals by BNM on the same topic, as set out in the Exposure Draft on Outsourcing issued on 27 September 2017 (“Exposure Draft”).

The Policy Documents sets out BNM’s proposed regulatory requirements on the outsourcing arrangements of financial institutions. The objective is to ensure that risk management practices regarding outsourcing remain effective moving forward amid the intensification of technological advances. It is applicable to licensed banks, licensed investment banks, licensed Islamic banks, licensed insurers, licensed takaful operators and prescribed development financial institutions, and came into effect on 1 January 2018 (Front page, Policy Document).

Regulatory and approval process 

The Policy Document provides that a financial institution must obtain written approval from BNM before entering into a new outsourcing arrangement or renegotiating/renewing an existing outsourcing (12.1, Policy Document), with the following exemptions:

  • where the outsourced activity is to be performed by an affiliate financial institution (12.4(a), Policy Document); or
  • where the outsourced activity is to be performed by an affiliate not supervised by BNM, BNM determines that the management of outsourcing risk by the financial institution is effective and having regard to 12.4(b), Policy Document (see below).

For the purposes of the Policy Document, arrangements which entail procurement of services, leveraging common industry-wide infrastructure driven by regulatory requirements and involvement of third parties due to legal requirements, are generally not considered as outsourcing arrangements. These include (Appendix 3, Policy Document):

  • Services for the transfer, clearing and settlement of funds or securities provided by an operator of a designated payment system or an operator of an approved payment system under the FSA or the IFSA;
  • Global financial messaging network services provided by an operator that is owned by its member financial institutions and is subject to the oversight of relevant regulators;
  • Independent consultancy service (eg, legal opinions, tax planning and valuation);
  • Independent audit assessment;
  • Clearing and settlement arrangement between clearing houses and settlement institutions and their members;
  • Co-insurance, reinsurance and retrocessions;
  • Selling of insurance or takaful products by agent or broker;
  • Correspondent banking service;
  • Adjusting business;
  • Trustee arrangement;
  • Credit or market information services;
  • Repair, support and maintenance of tangible asset (eg, off-site ATM machine);
  • Purchase or subscription of commercially available software;
  • Maintenance and support of licensed software;
  • Telecommunication, postal and courier service;
  • Physical security, premise access and guarding services; and
  • Catering, cleaning and event services.

Outsourcing agreement

An outsourcing arrangement must be governed by a written agreement that is legally enforceable. The outsourcing agreement must, at a minimum, provide for the following (9.6, Policy Document):

  • duration of the arrangement with date of commencement and expiry or renewal date;
  • responsibilities of the service provider, with well-defined and measurable risk and performance standards in relation to the outsourced activity. Commercial terms tied to the performance of the service provider must not create incentives for the service provider to take on excessive risks that would affect the financial institution;
  • controls to ensure the security of any information shared with the service provider at all times, covering at a minimum:
    1. responsibilities of the service provider with respect to information security;
    2. scope of information subject to security requirements;
    3. provisions to compensate the financial institution for any losses and corresponding liability obligations arising from a security breach attributable to the service provider;
    4. notification requirements in the event of a security breach; and
    5. applicable jurisdictional laws;
  • use of information shared with the service provider is limited to the extent necessary to perform the obligations under the outsourcing agreement;
  • continuous and complete access by the financial institution to its data held by the service provider in the event of a dispute with the service provider, or termination of the arrangement;
  • ability of the financial institution and its external auditor to conduct audits and on-site inspections on the service provider and its sub-contractors, and to obtain any report or finding made in relation to the outsourced activity;
  • notification to the financial institution of adverse developments that could materially affect the service provider’s ability to meet its contractual obligations;
  • measures that the service provider would take to ensure continuity of the outsourced activity in the event of an operational disruption or failure on the part of the service provider;
  • regular testing of the service provider’s business continuity plans (BCP), including specific testing that may be required to support the financial institution’s own BCP testing, and a summary of the test results to be provided to the financial institution with respect to the outsourced activity;
  • the dispute resolution process in the event of default or non-performance of obligations, including remedies and indemnities where relevant;
  • circumstances that may lead to termination of the arrangement, the contractual parties’ termination rights and a minimum period to execute the termination provisions, including providing sufficient time for an orderly transfer of the outsourced activity to the financial institution or another party;
  • terms governing the ability of the primary service provider to sub-contract to other parties. Sub-contracting should not dilute the ultimate accountability of the primary service provider to the financial institution over the outsourcing arrangement, and the institution must have clear visibility over all sub-contractors. Therefore, the outsourcing agreement between the financial institution and primary service provider must stipulate the following:
    1. the accountability of the primary service provider over the performance and conduct of the sub-contractor in relation to the outsourcing arrangement;
    2. the rights of the financial institution to terminate the outsourcing agreement in the event of excessive reliance on sub-contracting (eg, where the sub-contracting materially increases the risks to the financial institution); and
  • corresponding obligations for staff of the service provider, who are involved in the delivery of services to the financial institution’s customers, to comply with similar conduct standards imposed by BNM on the financial institution.

The outsourcing agreement must also contain provisions which (9.7, Policy Document):

  • enable BNM to have direct, timely and unrestricted access to the systems and any information or documents relating to the outsourced activity;
  • enable BNM to conduct on-site supervision of the service provider where BNM deems necessary;
  • enable BNM to appoint an independent party to perform a review of the relevant systems, information or documents of the service provider relating to the outsourced activity, where BNM deems necessary; and
  • allow the financial institution the right to modify or terminate the arrangement when BNM issues a direction to the financial institution to that effect under the FSA, IFSA or DFIA, as the case may be.

Additional obligation

The Policy Document places a heavier burden on the board  and senior management  of the financial institution.

The board must:

  • establish a clear risk appetite governing outsourcing arrangements;
  • approve the outsourcing risk management framework which, among others, addresses the financial institution’s basis and approach for identifying material outsourcing arrangements. The framework must cover all outsourcing arrangements, regardless of whether they involve third parties or affiliates;
  • establish a sound internal governance structure that provides effective oversight and control over outsourcing arrangements, consistent with the financial institution’s overall business strategy and risk appetite, and does not result in the delegation of the board and management oversight and decision-making responsibilities;
  • retain sufficient management capacity and skilled resources within the institution to oversee the outsourced activity, including where the outsourced activity is undertaken by an affiliate of the financial institution; and
  • ensure effective management of outsourcing risk, having regard to the assessments made by senior management on the state of compliance to the outsourcing risk management framework.

Senior management shall bear primary responsibility over the day-to-day management of outsourcing risk. The senior management must:

  • develop the outsourcing risk management framework which, amongst others, clearly articulates the accountability of the board and senior management and the process involved in approving and managing outsourcing arrangements. The framework, including the basis and approach for identifying material arrangements, must be reviewed periodically and kept up to date to ensure that it is appropriate in light of material changes to the scope, nature and complexity of the financial institution’s operations, and remains in line with the financial institution’s outsourcing strategy and risk appetite;
  • manage outsourcing risks on an institution-wide basis;
  • continuously monitor all outsourcing arrangements, including:ensuring timely escalation to the board of material developments on outsourcing arrangements, outsourcing risk issues and incidents of non-compliance by the service provider;
    1. ensuring outsourcing arrangements continue to remain within the outsourcing strategy and risk appetite;
    2. conducting an independent review on a periodic basis to ensure compliance with the outsourcing framework and taking prompt remedial actions to address any gaps identified;
    3. ensuring internal audit covers outsourcing risk as part of the risk-based audit plan; and
    4. where relevant, ensuring outsourcing arrangements do not compromise the financial institution’s ability to comply with Shari'a requirements;
  • conduct assessments on the effectiveness of management of outsourcing risk on a periodic basis covering, at a minimum:
    1. a review of the performance of the service provider and whether the service provider complies with the terms of the outsourcing agreement;
    2. the adequacy of internal control processes, including data security practices of the service provider;
    3. whether prompt corrective actions taken by the service provider in the event of a breach of the outsourcing agreement are effective;
    4. whether the terms of the outsourcing agreement remain appropriate and are in line with the financial institution’s outsourcing risk appetite; and
    5. the financial institution’s ability to preserve continuity of the outsourced activities under periods of stress;
  • ensure prompt notification to BNM of developments concerning outsourcing arrangements that result, or could result, in a material impact on the financial institution; and
  • maintain a complete register of all outsourcing arrangements. The register must, at a minimum, include the information set out in Appendix 5 and be made readily available to BNM upon request.

Due diligence

The Policy Document provides for a comprehensive assessment on a potential service provider, which must cover the following:

  • capacity, capability, financial strength and business reputation which includes an assessment that the service provider is a going concern and has strong governance structures to manage the outsources activity throughout the duration of the arrangement;
  • risk management and internal control capabilities, including physical and IT security controls and business continuity management, including the ability of the service provider to respond to service disruptions or problems resulting from natural disasters, or physical or cyberattacks, within an appropriate timeframe;
  • the location of the outsourced activity (eg, city and country), including primary and back-up sites;
  • access rights of the financial institution and BNM to the service provider;
  • measures and processes to ensure data protection and confidentiality;
  • reliance on sub-contractors, if any, in particular where the sub-contracting adds further complexity to the operational chains of the outsourcing arrangement;
  • undue risks (eg, concentration risk to a systemic service provider in the industry or where the service provider’s fee structure or relationship with the financial institution may create potential conflict of interest issues) resulting from similar business arrangements, if any, between the service provider and the financial institution;
  • the extent of concentration risk to which the financial institution is exposed with respect to a single service provider and the mitigation measures to address this concentration. This does not apply to a service provider that is an affiliate and is supervised by a financial regulatory authority; and
  • ability of the service provider to comply with relevant laws, regulations and requirements in this policy document. 

Thereafter, the findings and outcomes from the due diligence exercise will need to be documented and escalated to the board (9.5, Policy Document).

Outsourcing arrangements outside Malaysia or involving cloud service provider (part 10 and 11, Policy Document)

The policy document acknowledges where service providers is located, or performs the outsourced activity outside Malaysia, or via cloud service provider, there is an inherent added risk with regards to data accessibility, confidentiality, integrity, sovereignty, recoverability and regulatory compliance.

A financial institution should have in place appropriate controls and safeguards to manage these additional risks.

Personal Data Protection Act 2010 (“PDPA”)


Data processing or data security in Malaysia is governed by the PDPA, which regulates the processing of the personal data involved in commercial transactions. The PDPA applies to the processing of personal data by persons established in Malaysia (or by any other person employed or engaged by a person established in Malaysia), and to the processing of personal data by persons who are not established in Malaysia but use equipment located in Malaysia to process personal data (other than for purposes of transit through Malaysia). The PDPA does not apply to the processing of personal data outside Malaysia, unless the personal data is intended to be processed further in Malaysia.

Principles under the PDPA

Pursuant to the PDPA, every data user has to comply with the seven Personal Data Protection Principles, namely: 

  • General Principle: this prohibits the data user from processing the data subject’s personal data without his/her consent, unless such processing is necessary for the following:
    1. the performance of a contract to which the data subject is the party; 
    2. the taking of steps, at the data subject’s request, with a view to entering into a contract; 
    3. compliance with any legal obligation to which the data user is subject, other than a contractual obligation; 
    4. protecting the vital interests of the data subject, namely matters relating to life, death or security;
    5. the administration of justice; or 
    6. the exercise of any functions conferred on any person by or under any law.
  • Notice and Choice Principle: this requires a data user to inform the data subject of the following, by written notice, as soon as practicable, in both the national and English language:
    1. the personal data of the data subject that is being processed, and a description thereof;
    2. the purposes for which the personal data is being collected and further processed; 
    3. any information available to the data user as to the source of that personal data;
    4. the data subject’s right to request access to and correction of the personal data and contact particulars of the data user should inquiries or complaints arise;
    5. the class of third parties to whom the data will or may be disclosed;
    6. the choices and means offered to the data subject to limit the processing of the data; and 
    7. whether it is obligatory or voluntary for the data subject to supply data, and, if obligatory, the consequences of not doing so.
  • Disclosure Principle: this prohibits the disclosure of personal data, without the data subject’s consent, for any purpose other than that for which the data was to be disclosed at the time of collection, or a purpose directly related to it, nor to any party other than a third party of the class notified to the data user.
  • Security Principle: this imposes an obligation on the data user to take steps to protect the personal data during its processing from any loss, misuse, modification, unauthorised or accidental access or disclosure, alteration or destruction.
  • Retention Principle: this imposes an obligation that personal data is not to be retained longer than is necessary for the fulfilment of the purpose for which it was processed. Once the purpose has been fulfilled, the data user must take reasonable steps to ensure the data is destroyed or permanently deleted.
  • Data Integrity Principle: this imposes a responsibility on the data user to take reasonable steps to ensure that the personal data is accurate, complete, not misleading and kept up-to-date, with regard to the purpose (and any directly related) for which it was collected and processed.
  • Access Principle: this provides the data subject with the right to access his or her own data and to correct any personal data that is inaccurate, incomplete, misleading or outdated.

The PDPA on cross-border transfer of data

The PDPA imposes cross-border restrictions, with the general rule being that personal data may not be transferred to locations outside Malaysia unless somewhere specified by the Minister (Section 129, PDPA). When the PDPA came into effect, the Minister did not publish a list where data may be transferred outside Malaysia (“whitelist”). Until a whitelist is published, cross-border transfers may proceed via alternative means, such as:

  • where the data subject has consented to the transfer;
  • where the transfer is necessary for the performance of a contract between the data subject and the data user;
  • where the transfer is necessary to protect the vital interests of the data subject; and
  • where the data user has "taken all reasonable precautions and exercised all due diligence" to ensure that the personal data will not be processed in the recipient country in a way that would be a contravention of the PDPA (Section 129(3), PDPA).

A public consultation paper (Personal Data Protection (Transfer Of Personal Data To Places Outside Malaysia) Order 2017) was issued, whereby the Personal Data Protection Commissioner (“Commissioner”) requested feedback and suggestions from the public to be submitted on or before 4 May 2017.

The effect of this whitelist (once it officially comes into effect) is that data users will be permitted to transfer personal data to the jurisdictions that have been identified, and will no longer be required to fulfil the prescribed conditions under S.129(3) of the PDPA prior to the transfer of personal data.

The places identified by the Commissioner under the proposed whitelist are the European Economic Area (EEA) member countries, the United Kingdom, the United States of America, Canada, Switzerland, New Zealand, Argentina, Uruguay, Andorra, the Faroe Islands, Guernsey, Israel, the Isle of Man, Jersey, Australia, Japan, Korea, China, Hong Kong, Taiwan, Singapore, the Philippines and Dubai International Financial Centre (DIFC). As yet, the Minister has yet to approve the safe harbour jurisdiction.

General Data Protection Regulation (“GDPR”)

The GDPR is the new legal framework that came into effect on 25 May 2018 in the European Union (“EU”) and is directly applicable to all EU member states. This new set of rules is designed to give EU citizens more control over their personal data and aims to simplify the regulatory environment for businesses so that both citizens and businesses in the EU can fully benefit from the digital economy. 

The GDPR is extra-territorial in nature and applies not just to organisations within the EU but also to organisations outside the EU that offer goods or services to individuals within the EU. Therefore, it applies to a Malaysian organisation if it markets to, or processes the information of EU citizens.

The penalties for the breach of each law are outlined below. Please note that “person” includes an individual, corporation, statutory body, local authority, society, trade union, co-operative society, partnership and any other body, organissation, association or group of persons, whether corporate or unincorporate.

  • CMA – the suspension or cancellation of the individual licence (s.37(b), CMA). Failure to comply with suspension or cancellation is deemed an offence punishable, on conviction, with a fine not exceeding MYR500,000 or imprisonment for a term not exceeding five years, or both (s.41, CMA).
  • NFA – the revocation or suspension of the licence (s.27, NFA). The Director may also order the licensee, his servants and agents to cease immediately all operations in the licence area or any part thereof (s.25 NFA). Failure to comply is deemed an offence punishable, on conviction, with a fine not exceeding MYR50,000 or imprisonment for a term not exceeding five years, or both; if the offence is a continuing one, a further fine not exceeding MYR1,000 may be incurred for every day or part of a day during which the offence continues (s.25(2) NFA).
  • EA – a contractor for labour who supplies employees without registering with the Director General as required under subsection one, or who fails to keep or maintain any register or make any register for available inspection as required under subsection two, commits an offence and shall, on conviction, be liable to a fine not exceeding MYR10,000 (s.33A, EA).
  • Handbook – if any person fails to comply with the Handbook, they are deemed to have committed a breach. The SC may take one or more of the following actions (s.377, CMSA):

Section 354

  • direct the person in breach to comply with, observe, enforce or give effect to rules, provisions, written notice, direction, practice note, condition or guideline;
  • impose a penalty in proportion to the severity of the breach on the person in breach, but in any event not exceeding MYR1 million;
  • reprimand the person in breach;
  • require the person in breach to take such steps as the Commission may direct to remedy the breach or to mitigate the effect of such breach, including making restitution to any other person aggrieved by such breach;
  • in the case of a breach of Part VI or guidelines issued pursuant to Part VI, refuse to accept or consider any submission under Part VI; and
  • in the case of a promoter or a director of a corporation, the following actions may be taken by the Commission in addition to the actions listed above that may be taken:
    1. impose a moratorium on, or prohibit any trading of or any dealing in, the corporation's securities or any other securities the Commission thinks fit; or
    2. issue a public statement if, in the Commission's opinion, the retention of office by the director is prejudicial to the public interest (ss.354, 355 and 356 CMSA).

Section 355

  • direct the exchange holding company or derivatives exchange, as the case may be, to:
    1. suspend trading on the derivatives market in a particular class of derivatives;
    2. limit transactions on the derivatives market to the closing out of derivatives, defer, for a stated period, the completion date for all derivatives or for a particular class of derivatives entered into on the derivatives market or cause a particular derivative entered into on the derivatives market or each derivative included in a particular class of derivatives so entered into to be:
      1. closed out immediately as the result of the matching up of the derivative with a derivative of the same kind whose price or value is equal one determined by the derivatives exchange; or
      2. invoiced back to a stated date at a price or value determined by the derivatives exchange;
    3. require a derivative entered into on the derivatives market or each derivative included in a particular class of derivatives so entered into to be discharged by:
      1. the tendering of a merchantable lot of an instrument determined by the derivatives exchange that is of a quality or standard determined by the derivatives exchange, which is different from the quality or standard of the instrument stated in the derivative; and
      2. the tendering of a price adjusted by an amount determined by the derivatives exchange that is appropriate having regard to the quality or standard of the instrument referred to in sub-subparagraph (A); and
    4. require any affiliates of the derivatives exchange to act in a particular manner in relation to trading in derivatives on the derivatives market of that derivatives exchange or in relation to trading in a particular class of derivatives;
  • direct the person in breach to comply with, observe, enforce or give effect to rules, provisions, written notice, direction, practice note, condition or guideline;
  • impose a penalty, not exceeding MYR1 million, in proportion to the severity or gravity of the breach on the person in breach;
  • reprimand the person in breach; or
  • require the person in breach to take steps as directed by the Commission to remedy the breach or mitigate the effect of a breach, including making restitution to any  aggrieved person.

Section 356

  • direct the person in breach to comply with, observe, enforce or give effect to any requirement or provision of this Act, any securities laws, written notice, direction, guideline, practice note, or any condition of or restriction on a licence granted under or pursuant to this Act;
  • impose a penalty, no exceeding MYR1 million, in proportion to the severity of the breach on the person in breach;
  • reprimand the person in breach;
  • require the person in breach to take steps, as directed by the Commission, to remedy or mitigate the effect of a breach, including making restitution to any person aggrieved by such breach.

Policy Document

The Policy Document provides for “standard” and “guidance” applicable to financial institutions. It is noteworthy that the “standard” and “guidance” are defined as:

  • “Standard”: an obligation, requirement, specification, direction, condition and any interpretative, supplemental and transitional provisions that must be complied with. Non-compliance may result in enforcement action; and
  • “Guidance”: may consist of statements or information intended to promote common understanding and advice or recommendations that are encouraged to be adopted.

From the aforementioned definitions, it implies that “enforcement action” would entail from a failure to comply with a “standard” as opposed to a “guidance”.

Although neither the Policy Document nor the FSA defines “enforcement action”, BNM has clarified that “enforcement action” is synonymous with administrative actions as provided for under Part XV, Division 2 of the FSA.

If an errant financial institution breaches a standard imposed by BNM, BNM is empowered to take any one or more of the following administrative actions:

  • issue of an order to comply;
  • impose a monetary penalty;
  • reprimand in writing the person in breach or require the person in breach to issue a public statement in relation to such breach;
  • make an order in writing requiring the person in breach to take steps to mitigate the effect of such breach; and
  • make an order to remedy the breach, including making restitution to any other person aggrieved by such breach.

Contractual terms to give effect to the seven principles of the PDPA are included in contracts (see 2.3 Legal or Regulatory Restrictions on Data Processing or Data Security).

There is no standard supplier customer model in Malaysia for outsourcing contracts. Thus, organisations are free to select a suitable contracting model, negotiate its terms and conceptualise bespoke outsourcing contracts that best fit their outsourcing needs. Large organisations may have a fixed, existing template for outsourcing contracts.

Outsourcing contracts are generally bespoke contracts that may vary depending on the needs of the customer. However, the models generally used are as follows:

  • Single outsource service provider: as its title suggests, the customer contracts with a single outsource service provider to provide the outsourced services to the customer. This is the most common and direct outsourcing model and is most suitable for a single-faceted outsourced service.
  • Multi-sourcing: contrary to the above, multi-sourcing simply means the customer contracts with numerous outsource service provider for individual components of the outsourced services. Each outsource service provider’s job scope would be mutually exclusive and independent of one another, but cumulatively provides for a total solution for the customer.
  • Build-Operate-Transfer (BOT): Recent trends in Malaysia shows a favouring of this contract model for the development of public infrastructure projects such as toll highways, railways, ports and bridges. It is noteworthy that the viability of a BOT project to private investors depends on fundamental legal issues such as enforcement of contracts, private ownership, security arrangements, taxes, remittance of foreign exchange and profits. Amongst the successful BOT projects in Malaysia are the North South Highway Project (Projek Lebuhraya Utara Selatan), Lekir Bulk Terminal, Shah Alam Expressway, Tanjung Pelepas Port, East Coast Expressway, Tun Salahuddin Bridge and Johor Eastern Dispersal Link Expressway. The key advantage to this contract model in a developing country like Malaysia is the transfer of both information and expertise.
  • Joint venture or partnership: these contract models may be seem to go against the grain of conventional outsourcing, as the customer may be directly involved in the provision of what was initially intended to be an outsourced service.

In 2018, global insurers AXA announced the establishment of its new AXA Shared Services Centre in the Puchong Financial Corporate Centre (PFCC) – the latest MSC Cybercentre and an iconic corporate landmark in Puchong. AXA generated an approximate 200 jobs across different technologies and capabilities by the end of 2018.

This is of great importance, as automation in the shared services industry may threaten hundreds, or even thousands, of low-skilled and repetitive jobs in both developed and developing economies.

Customer falls under the definition of “consumer” under the Consumer Protection Act 1999 (“CPA”). The CPA provides for the protection of consumers and promotes a fair, accessible and sustainable marketplace for consumer products and services.

The main customer/consumer protections with regards to goods include the following guarantees:

  • to the right to sell (s.31, CPA);
  • to acceptable quality (s.32, CPA);
  • to fitness for particular purpose (s.33, CPA);
  • that goods comply with description (s.34, CPA);
  • that goods comply with sample (s.35, CPA);
  • to price (s.36, CPA); and
  • to repairs and spare parts.

The main customer/consumer protections with regards to services include the following guarantees:

  • to reasonable care and skill (s.53, CPA);
  • to fitness for particular purpose (s.54, CPA);
  • to time of completion (s.55, CPA); and
  • to price (S.56, CPA).

The remedies available to the consumer against the supplier where any goods or services fail to comply with the above-mentioned guarantees are as follows:

  • where the failure is one that can be remedied, the consumer may require the supplier to remedy the failure within a reasonable time; or
  • where the failure is one that cannot be remedied or is of a substantial character, the consumer may cancel the contract or obtain damages (ss.41 and 60, CPA).

Where the Court or Tribunal for Consumer Claims comes to the conclusion that a contract or a term of a contract is either procedurally or substantively unfair or both, they may declare the contract or the term of the contract as unenforceable or void and the Court may grant judgment or the Tribunal may make an award as provided for under the CPA (s.24G(1), CPA).

The Court or the Tribunal may, in proceedings before it, raise an issue as to whether a contract or its terms are unfair, even if none of the parties has raised the issue in its pleadings (s.24F, CPA).

A contract or a term of a contract is procedurally unfair if it has resulted in an unjust advantage to the supplier or unjust disadvantage to the consumer on account of the conduct of the supplier or the manner in which or circumstances under which the contract or the term of the contract has been entered into or has been arrived at by the consumer and supplier (s.24C(1), CPA).

A contract or a term of a contract is substantively unfair if the contract or the term of the contract is in itself harsh, oppressive, unconscionable, excludes or restricts liability for negligence or excludes or restricts liability for breach of express or implied terms of the contract without adequate justification (s.24D(1), CPA).

For completeness, we highlight the effect of exemption clause in Malaysia. Our Federal Court has recently held in CIMB Bank Berhad v Anthony Lawrence Bourke [2019] 2 CLJ 1 

"[26] We agree with the defendant that parties are bound by the terms of the contract which they entered into and that it is the court's duty to give effect to the clear and plain meaning of the words in the said clause. That is quite trite.

[27] The law recognises the principle of freedom of contract. Parties to a contract are free to determine for themselves what their obligations are.

[28]  It is also trite that an agreement must be construed by the words used in the agreement and the court is not empowered to improve upon the instrument which it is called upon to construct…

[37] We agree with the Court of Appeal when it opined that it is not right to think that a right can be dissociated from remedy and as can be clearly demonstrated by the instant appeal, where despite the finding that there is a breach by the bank, if cl. 12 of the loan agreement is allowed, it would be an exercise in futility for the plaintiffs to file any suit against it. The plaintiffs are precluded from claiming the remedies against the bank. Clause 12 of the loan agreement negates the rights of the plaintiffs to a suit for damages, and the kind of damages as spelt out in the said clause encompasses and covers all forms of damages under a suit for breach of contract or negligence. There is an absolute restriction. Section 29 of the Contracts Act 1950 prohibits such restriction.

[40] The pertinent question to ask is whether the plaintiffs were absolutely restricted from enforcing their rights under or in respect of the contract. Once again, we have to examine cl. 12 of the loan agreement. From our reading of the said clause (which we have reproduced at para. 19 earlier) the plaintiffs are precluded from claiming any loss or damage and the defendant will not be liable for any amount for loss of income or profit or savings, or any indirect, incidental, consequential, exemplary, punitive or special damages.

[43] We agree with the views of the Court of Appeal that the kind of damages spelt out in the said cl. 12 encompasses all forms of damages under suit for a breach of contract or negligence. One may ask: If the plaintiffs were precluded from claiming the remedies they sought under para. 21 of their statement of claim, what can they claim against the defendant? Are they not totally restricted from enforcing their rights in respect of the contract? In our considered view, on the plain meaning of the words used in the said cl. 12 of the loan agreement, whatever the plaintiffs are claiming has been negated and as such s. 29 of the Contracts Act 1950 ought to be invoked.

[68] The right of access to the courts has always been jealously guarded by the common law, and the general principle remains that contracts which seek to oust the jurisdiction of the courts are invalid (See: R A Buckley, Illegality and Public Policy (Sweet & Maxwell, 3rd edn, 2013 at para 8.02)".

Parties may enter into an agreement to govern their relationship, including terms as to when the contract may be terminated. Depending on the terms agreed by the parties, termination may be with cause or without cause. 

The customer or supplier may terminate the contract when one party breaches a condition to the contract. A condition is a stipulation that is essential to the main purpose of the contract, the breach of which gives rise to a right to treat the contract as repudiated (s.12, Sale of Goods Act 1957).

The principal Act that deals with loss suffered due to a breach of a contract is the Contracts Act 1950 (“CA”), s.74 of which provides that the aggrieved party is entitled to receive compensation from the party that breaks the contract for any loss or damage that arose from the breach, or which the parties knew was likely to occur when they made the contract (s.74(1), CA). This compensation is not to be given for any remote and indirect loss or damage sustained by reason of the breach (s.74(2), CA). 

In Malaysia, there is a distinction between direct and indirect loss. The plaintiffs/claimants are entitled to claim losses that were the natural consequence of the defendant’s breach, or losses that were within the contemplation of both parties at the time they made the contract. Losses that are too remote or not within the contemplation of the parties may not be claimable.

In Malaysia, a plaintiff seeking substantial damages has the burden of proving the liability of the defendant, the remoteness of the damage (foreseeability) and the actual damage suffered (quantum) based on clear and sound proof; failure to do so would entail an award of only nominal damages. Furthermore, the fundamental principle of damages is that they are compensatory in nature.

Loss of Profit

As a general rule, the Court may be disinclined to order an award of damages for loss of profit in fear of causing a windfall in favour of the plaintiff. With that being said, cases in Malaysia (SPM Membrance Switch Sdn Bhd v Kerajaan Negeri Selangor [2016] 1 CLJ 177; Bank Bumiputra Malaysia Bhd. Kuala Terengganu v Mae Perkayuan Sdn. Bhd. & Anor. [1993] 2 CLJ 295) have held that loss of profit may be regarded as a head of damages in specific circumstances. In this regard, s.74 of the CA still applies. Therefore, as long as the damage suffered for loss of profit is deemed to be a natural result of the breach or within the contemplation of the breaching party, nothing precludes the Court from ordering substantial damages for loss of profit in favour of the aggrieved party.

Loss of Goodwill

Case law in Malaysia has regarded loss of goodwill as a head of damages (Taiping Poly (M) Sdn Bhd v Wong Fook Toh, Wong Che Leong and Wong Su Fah (t/a Kong Wah Trading Co) [2011] 1 MLJ 798). Although it would be impossible to quantify the actual loss suffered with regards to loss of goodwill, the Courts have held that the applicable principle in determining loss of goodwill is by utilising the “best means” test, whereby the Court must assess what is a fair and temperate sum for the plaintiff, by the best means it can. The rationale for this is that the law assumes that damages will result if the goodwill of a man’s business has been interfered with by the passing off of goods. 

In brief, the quantum of award in respect of goodwill is a matter of Court discretion, depending on the facts of the particular case. Factors that the Court consider in determining this include the plaintiff’s reputation and the length of time of the defendant’s wrongful act. 

In recent years, Malaysian Courts seem inclined to be guided by intellectual property valuation reports when determining the quantum of damages for loss of goodwill. In this regard, the Intellectual Property Commission of Malaysia (“IPCM”) provides training and even certification to certify an individual as a registered IP Valuer with IPCM.

Generally, parties are bound by the terms of the contracts they have signed. For the purpose of construction of the terms, the Malaysian Courts will generally give effect to the plain and natural words used in the contract: Morello Sdn Bhd v Jaques (International) Sdn Bhd [1995] 2 CLJ 23 held as follows:

“… For the purposes of construction of contracts, the intention of the parties is the meaning of the words they have used. In Schuler (L.) AG v Wickman Machine Tool Sales Ltd. [1974] AC 235, Lord Simon of Glaisdale approved the following passage in Norton on Deeds (2nd Ed. p.50):

...the question to be answered always is, 'What is the meaning of what the parties have said?' not 'What did the parties mean to say?'...it being a presumption juris et de jure... that the parties intended to say that which they have said.”

The Malaysian Courts will generally give effect to the plain and natural words used in the contract: Encony Development Sdn Bhd v Robert Geoffrey Gooch & Anor  [2016] 3 MLJ 400, Court of Appeal at para 41 and 42; Perbadanan Kemajuan Negeri Selangor v Selangor Country Club Sdn Bhd [2017] 2 MLJ 819, Court of Appeal at para. 33 – 34.

The Malaysian Courts will not intervene to rewrite or audit the bargain between the parties, and will instead hold them to the contract, agreement or instrument they made for themselves by giving effect to the clear and unequivocal words of the terms: Bank Islam Malaysia Bhd v Lim Kok Hoe & Anor and Other Appeals [2009] 6 CLJ 22, Court of Appeal; Agromate (M) Sdn Bhd v KTS Trading Sdn Bhd [2017] 1 LNS 1707 , Court of Appeal, para 40; Ling Ing Keat v Martina Pg Ismail [2017] 3 CLJ 149, Court of Appeal, para 27.

In Berjaya Times Square Sdn Bhd (formerly known as Berjaya Ditan Sdn Bhd) v M Concept Sdn Bhd [2010] 1 MLJ 597, Federal Court at para. 43

“The most recent statement of the guideline to interpretation of contracts statutes and other instruments is to be found in Attorney General of Belize v. Belize Telecom Limited [2009] UKPC 11, where when delivering the Advice of the Board, Lord Hoffmann said:

The court has no power to improve upon the instrument which it is called upon to construe, whether it be a contract, a statute or articles of association. It cannot introduce terms to make it fairer or more reasonable. It is concerned only to discover what the instrument means. However, that meaning is not necessarily or always what the authors or parties to the document would have intended. It is the meaning which the instrument would convey to a reasonable person having all the background knowledge which would reasonably be available to the audience to whom the instrument is addressed: see Investors Compensation Scheme Ltd v. West Bromwich Building Society[1998] 1 WLR 896, 912-913. It is this objective meaning which is conventionally called the intention of the parties, or the intention of Parliament, or the intention of whatever person or body was or is deemed to have been the author of the instrument.” (Emphasis added)

There are no fixed implied terms that are relevant to outsourcing contracts in Malaysia. This is in tandem with the fact that a myriad of services may be outsourced, so the terms would vary depending on the nature of the outsourcing contract.

With that being said, case law in Malaysia has held that the business efficacy test and the officious bystander test can determine whether a term has been implied into a contract: Sababumi (Sandakan) Sdn Bhd v Datuk Yap Pak Leong [1998] 3 MLJ 151.

The business efficacy test would be satisfied if it can be shown that the term sought to be implied is necessary to give business efficacy to the transactions – that is, to enable the transaction to be efficient or to produce the effect that was intended. 

The officious bystander test denotes that it is a term so obvious that it goes without saying: if an officious bystander were to suggest some express provision for the agreement while the parties were making their bargain, they would testily suppress him with a common, “Oh, of course!”

Therefore, there is no hard and fast rule with regards to implied terms for a contract, including an outsourcing contract. Should a term fulfil both the tests described above, the Court may imply said term into the outsourcing contract.

Recently, our Federal Court has adopted the following guidelines in interpreting a contract. First, a court interpreting a private contract is not confined to the four corners of the document. It is entitled to look at the factual matrix forming the background to the transaction. Second, the factual matrix which forms the background to the transaction includes all material that was reasonably available to the parties. Third, the interpreting court must disregard any part of the background that is declaratory of subjective intent only. Lastly, the court should adopt an objective approach when interpreting a private contract.

It is a deeply entrenched principle in industrial jurisprudence that employers have managerial prerogative to transfer their employees. The Court would normally not interfere when this prerogative is exercised, unless there is a contract to the contrary. 

However, the power to transfer employees is subject to the following well-recognised restrictions:

  • that there is nothing to the contrary in the terms of employment;
  • that the management has acted in a bona fide manner and in the interest of its business;
  • that the management is not actuated by any indirect motive or any kind of mala fide;
  • that the transfer is not made for the purpose of harassing and victimising the workman; and
  • that the transfer does not involve a change in the conditions of service: Ladang Holyrood v Ayasamy Manikam & Ors [2004] 3 MLJ 339.

Furthermore, consent is usually required (unless provided otherwise in the employment contract), as case law has shown that, in some cases, the transfer of an employee to another legal entity without their consent could potentially result in a claim of constructive dismissal, especially if the employee is transferred to the service provider and the employee’s job scope differs significantly. Transfer without consent may also be deemed a violation of the Federal Constitution, as the employee has the right to be employed by an employer of their choice. Therefore, compelling an employee to work for a particular employer without affording him a choice in the matter has been interpreted to constitute one form of forced labour: Barat Estates Sdn Bhd & Anor v Parawakan A/L Subramaniam & Ors [2000] 4 MLJ 107.

To avoid any claims for constructive dismissal, an employer should ensure that any transfer:

  • does not involve a demotion;
  • does not involve a significant change in employment terms and conditions;
  • is being proposed for a genuine reason; and
  • is between entities that are not only in the same group of companies but have the unity of a group enterprise or are genuinely inter-dependent (Ng Bee Yoong v Capital Development Sdn Bhd [2016] 1 ILR 609).

There is no statute in Malaysia for workers council. However, trade unions are governed by the Industrial Relations Act 1967 and the Trade Unions Act 1959.

By the black letter of the law, there is no legal requirement for an employer to consult trade unions before outsourcing, unless expressly provided under collective agreement entered into between trade unions and employers. Thus, in the event a collective agreement provides for a duty of the employer to consult the trade union before outsourcing, the employer would be contractually bound to do so.

There is no applicable information in this jurisdiction.

There are no general terms or standard contracts governing the transfer of assets in outsourcing agreements in Malaysia. Terms are entirely transaction specific and are, therefore, a matter for negotiation.

With that being said, Malaysian law imposes formality requirements in the transfer of certain assets, for example:

  • Premise/Land: transfer of any alienated land shall be effected by an instrument in Form 14A of the National Land Code 1965 ("Memorandum of Transfer"). A stamp duty is imposed on the Memorandum of Transfer and the rate of chargeable stamp duty will depend on the value of the premise/land as prescribed under the Stamp Act 1949. Subsequently, the Memorandum of Transfer will need to be registered in the Land Office.
  • IP Rights: transfer and assignment intellectual property rights such as trade marks, copyright, industrial design, patents and utility innovation would generally require the assignor and assignee to complete and execute the prescribed forms under the relevant statute or subsidiary legislation, supported by a written deed of assignment.

Moveable property and other assets are not generally subjected to any formalities, but a written agreement is advisable for clarity and evidential purpose.

Lee Hishammuddin Allen & Gledhill

Level 6, Menara 1 Dutamas
Solaris Dutamas, No. 1, Jalan Dutamas 1
50480 Kuala Lumpur

+603 6208 5888

+603 6201 0122

lzj@lh-ag.com www.lh-ag.com
Author Business Card

Law and Practice in Malaysia


Lee Hishammuddin Allen & Gledhill is a full-service law firm housing various practice groups, including dispute resolution, arbitration, financial services, Islamic finance, corporate and commercial, employment and industrial relations, insolvency, insurance, IP and TMT, real property, regulatory and compliance, and tax. LHAG has more than 125 lawyers with offices in Kuala Lumpur, Penang and Johor Bahru. Clients include top-ranked local conglomerates and multinational companies spanning industries such as IT, e-commerce, telecommunications, biotechnology, healthcare, entertainment and FMCG (fast-moving consumer goods). Its seasoned team of trade mark, industrial design and patent agents, litigators and commercial lawyers work closely with in-house counsel to protect intellectual properties, innovation and creativity. The team has experience in a wide range of jurisdictions and commercial sectors, and assists clients to identify and anticipate potential issues or trends in outsourcing. The breadth of its practice includes handling disputes involving IT and communications services, business process outsourcing, finance and accounting, facilities management.