Annual Compliance Requirements for Companies in Malaysia

Annual compliance Malaysia obligations apply to every company incorporated under the Companies Act 2016, regardless of size or ownership structure. Missing a filing deadline triggers automatic penalties and can lead to director disqualification or company strike-off. This guide covers the full cycle of recurring obligations - statutory filings, financial statements, tax returns, employment levies, and audit requirements - with realistic timelines and cost levels so that founders and directors can plan ahead.

Malaysia';s primary corporate legislation is the Companies Act 2016, which replaced the older Companies Act 1965 and introduced significant changes to filing timelines and director duties. The Act is administered by the Companies Commission of Malaysia, known by its Malay acronym SSM (Suruhanjaya Syarikat Malaysia). SSM maintains the central register of companies, processes statutory filings, and enforces compliance obligations.

Alongside the Companies Act 2016, companies must satisfy obligations under the Income Tax Act 1967, administered by the Inland Revenue Board of Malaysia (LHDN). Companies with employees must also comply with the Employees Provident Fund Act 1991 and the Employment Act 1955. Foreign-owned companies and those in regulated sectors face additional layer requirements from sector-specific regulators such as Bank Negara Malaysia or the Securities Commission.

Understanding which obligations apply requires identifying the company type. A private limited company (Sdn. Bhd.) faces the most common set of requirements. A public company (Berhad) carries heavier disclosure obligations. A foreign branch registered in Malaysia has a separate but parallel compliance track. This guide focuses primarily on the Sdn. Bhd. structure, which accounts for the vast majority of operating companies in Malaysia.

A common mistake among foreign founders is assuming that compliance begins only after the company starts trading. In practice, obligations such as the appointment of a company secretary and the maintenance of statutory registers commence from the date of incorporation, not from the date of first revenue.

The Companies Act 2016 requires every company to lodge an Annual Return with SSM. The Annual Return must be submitted within thirty days from the anniversary of the company';s incorporation date each year. It captures the company';s registered address, share capital, list of shareholders, and particulars of directors and the company secretary.

The Annual Return is distinct from financial statements. Financial statements - comprising the balance sheet, profit and loss account, and notes - must be prepared, audited (where required), and lodged with SSM within thirty days after the financial statements are approved at the Annual General Meeting (AGM). Private companies must hold their AGM within six months from the end of the financial year, giving an effective outer deadline of roughly seven months from the financial year-end for lodging audited accounts.

Key documents that must be maintained and, where required, filed include:

• Register of members and register of directors
• Register of substantial shareholders (for companies with more than a threshold number of shareholders)
• Minutes of board meetings and general meetings
• Statutory declaration by directors confirming solvency where applicable

A non-obvious requirement is that the company secretary - who must be a licensed individual under the Companies Act 2016 - is personally responsible for ensuring that statutory registers are kept up to date. Many founders treat the company secretary as an administrative formality, but SSM can impose penalties on both the secretary and the directors for register deficiencies.

In practice, founders should consider appointing a professional company secretarial firm rather than an individual, as firms provide continuity and are less likely to resign without notice. The cost of a professional secretarial retainer is generally in the low hundreds of MYR per year for a straightforward Sdn. Bhd.

Under the Companies Act 2016, private companies that qualify as "exempt private companies" (EPCs) may be eligible for an audit exemption. An EPC is broadly a company with no more than twenty shareholders, all of whom are natural persons, and with no corporate shareholders. Even qualifying EPCs must still prepare financial statements; they simply do not need to have them audited by a registered auditor.

For all other private companies, an annual audit by a firm registered with the Malaysian Institute of Accountants (MIA) and approved by the Audit Oversight Board (AOB) is mandatory. The auditor expresses an opinion on whether the financial statements give a true and fair view under the Malaysian Financial Reporting Standards (MFRS) or the Malaysian Private Entities Reporting Standard (MPERS), depending on the company';s classification.

The financial year-end is chosen by the company at incorporation and can be changed by resolution, subject to SSM approval. Many companies align their financial year with the calendar year, but there is no legal requirement to do so. Choosing a financial year-end that avoids peak audit season - typically the first quarter of the calendar year - can reduce professional fees.

Audit fees vary considerably by company size, complexity, and the firm engaged. For a small Sdn. Bhd. with straightforward transactions, audit fees generally start from the low thousands of MYR. Larger companies or those with multiple subsidiaries, foreign currency transactions, or complex revenue recognition issues will pay materially more. Many underestimate the time required to prepare audit-ready accounts, particularly when bookkeeping has not been maintained on an accrual basis throughout the year.

A practical scenario: a foreign-owned Sdn. Bhd. that operates as a regional holding company with minimal Malaysian transactions may still require a full audit if it does not qualify as an EPC due to its corporate shareholder structure. The directors - who may be based overseas - remain personally liable for ensuring the audit is completed and the financial statements are lodged on time.

If you are unsure whether your company qualifies for an audit exemption or which reporting standard applies, contact info@vlolawfirm.com. We can help structure the setup correctly the first time.

Every company incorporated in Malaysia is subject to corporate income tax under the Income Tax Act 1967. The standard corporate tax rate applies to chargeable income, with a reduced rate available for small and medium enterprises (SMEs) on the first band of chargeable income, subject to eligibility criteria including paid-up capital and ownership thresholds.

The tax compliance cycle has three main components. First, companies must submit an estimate of tax payable (Form CP204) to LHDN no later than thirty days before the start of each basis period (financial year). This estimate must be paid in equal monthly instalments throughout the year. A company in its first year of operation must submit the estimate within three months of commencing operations.

Second, companies may revise their tax estimate in the sixth or ninth month of the financial year using Form CP204A if actual results differ significantly from the original estimate. Underpayment of instalments by more than ten percent of the final assessed tax triggers a ten percent penalty on the shortfall, making accurate estimation important.

Third, the annual tax return (Form C) must be filed within seven months from the end of the financial year. For a company with a December financial year-end, this means filing by the end of July of the following year. LHDN has progressively moved toward mandatory e-filing for Form C, and most companies now file electronically through the MyTax portal.

A common mistake is failing to register for a tax file number promptly after incorporation. Without a tax file number, the company cannot submit CP204 or Form C, and late registration can create a cascade of missed deadlines. Registration with LHDN should be completed within three months of incorporation.

Companies that are part of a group may benefit from group relief provisions, allowing the transfer of losses between qualifying companies. Transfer pricing rules under the Income Tax Act 1967 require related-party transactions to be conducted at arm';s length, and companies with cross-border related-party transactions above prescribed thresholds must prepare contemporaneous transfer pricing documentation.

Companies with employees in Malaysia must comply with a set of employment-related statutory obligations that run in parallel with corporate filings. These obligations are not optional even for small companies with a single local employee.

The Employees Provident Fund (EPF), governed by the Employees Provident Fund Act 1991, requires monthly contributions from both employer and employee. Contribution rates are set by regulation and differ based on the employee';s age and whether the employee is a Malaysian citizen or permanent resident. Foreign employees are not mandatorily required to contribute to EPF but may opt in. Contributions must be remitted by the fifteenth of the following month; late payment attracts a dividend charge and potential prosecution.

The Social Security Organisation (SOCSO), operating under the Employees'; Social Security Act 1969, covers work-related injury and invalidity schemes. Employers must register employees and remit monthly contributions. The Employment Insurance System (EIS), introduced under the Employment Insurance System Act 2017, provides short-term financial assistance to employees who lose their jobs and requires separate monthly contributions.

Monthly payroll tax deductions under the Monthly Tax Deduction (MTD) scheme, also known as PCB (Potongan Cukai Bulanan), must be calculated for each employee and remitted to LHDN by the fifteenth of the following month. Employers who fail to deduct and remit MTD correctly are jointly liable with the employee for the shortfall.

A practical scenario: a foreign company that seconds an expatriate employee to its Malaysian subsidiary must determine whether the expatriate falls within the Malaysian employment tax net. If the expatriate is tax-resident in Malaysia, the employer must operate MTD. If the expatriate holds a relevant work pass but is not tax-resident, different rules apply. Getting this wrong is a common and costly error.

The Companies Act 2016 and the Income Tax Act 1967 both impose penalties for late or non-filing. Under the Companies Act 2016, failure to lodge the Annual Return on time attracts a fine per day of default for both the company and its officers. Persistent non-compliance can result in SSM issuing a notice to strike off the company from the register, which has serious consequences for any contracts, bank accounts, or licences held in the company';s name.

Directors are personally liable for ensuring compliance. A director who allows a company to operate while knowing that statutory filings are overdue can be disqualified from acting as a director for a period specified by the court. Foreign directors who are not resident in Malaysia sometimes assume that physical distance reduces their exposure - this is incorrect. The Companies Act 2016 applies equally to resident and non-resident directors.

Under the Income Tax Act 1967, failure to submit Form C by the deadline attracts an automatic penalty of between twenty and forty percent of the tax undercharged, depending on the circumstances. LHDN also has the power to raise a best-judgment assessment if no return is filed, which typically results in a higher tax liability than the actual position.

Rectifying non-compliance after the fact is possible but expensive. SSM has a compound mechanism that allows companies to pay a reduced penalty in lieu of prosecution, but the amounts increase with the duration of the default. LHDN similarly offers voluntary disclosure programmes, but these require full payment of the outstanding tax plus a reduced penalty.

Many underestimate the reputational risk of non-compliance. Banks in Malaysia routinely request up-to-date SSM filings and audited accounts before processing loan applications or renewing banking facilities. A company with overdue filings may find its banking relationship disrupted even if the underlying business is profitable.

To discuss your company';s current compliance position and identify any gaps, contact info@vlolawfirm.com. We can assist with documents and filings.

What happens if a company misses the Annual Return deadline with SSM?

SSM imposes a daily fine on the company and its officers for each day the Annual Return remains outstanding after the thirty-day window from the incorporation anniversary. If the default continues, SSM may issue a notice of intention to strike off the company. Once struck off, the company loses its legal personality and cannot enter contracts, hold assets, or operate bank accounts. Restoration is possible but requires a court application and payment of all outstanding fees and penalties, making it significantly more expensive than timely filing. Directors should treat the Annual Return deadline as a hard calendar obligation, not an administrative formality.

How long does it take to complete the full annual compliance cycle, and what does it cost?

The timeline depends on the financial year-end and how quickly the company can provide audit-ready accounts to its auditors. In practice, the audit alone can take four to eight weeks for a straightforward Sdn. Bhd. once the auditors receive complete documentation. Adding time for board approval of accounts, AGM (if required), and SSM lodgement, the full cycle from financial year-end to completed filing typically runs three to six months. Professional fees - covering the company secretary, auditor, and tax agent - for a small private company generally start from the low thousands of MYR in aggregate per year. Companies with complex structures, related-party transactions, or multiple jurisdictions will pay materially more.

Can a foreign-owned Sdn. Bhd. use its parent company';s auditors?

The auditors of a Malaysian company must be registered with the Malaysian Institute of Accountants and, for certain categories of company, approved by the Audit Oversight Board. A foreign audit firm that is not registered in Malaysia cannot sign the Malaysian statutory audit report, even if it audits the parent company. In practice, many foreign-owned Sdn. Bhd. companies engage a Malaysian affiliate of their parent';s international audit network, or appoint a separate local firm. The choice of auditor does not affect the legal obligations of the directors, who remain responsible for the accuracy of the financial statements regardless of which firm is engaged.

Annual compliance Malaysia obligations form a continuous cycle of filings, payments, and record-keeping that runs from the date of incorporation. The Companies Act 2016, the Income Tax Act 1967, and employment legislation create overlapping deadlines that require careful calendar management. Directors - resident or not - carry personal liability for defaults, and penalties compound quickly when obligations are missed.

VLO Law Firms advises international clients on annual compliance matters in Malaysia. We can assist with company secretarial coordination, audit liaison, tax return preparation, and employment statutory filings. To request a consultation, contact: info@vlolawfirm.com