[Column] Practical points to prevent governance of Southeast Asian subsidiaries from becoming a mere formality: Measures to strengthen Malaysia and Indonesia's supervisory functions
✅ Roughly speaking
- 🏢 Malaysia and Indonesia have established legal oversight bodies, but in many cases they are not functioning effectively
- 📊 Indonesia's two-tier system "block information" and Malaysia's one-tier system "nominal independent directors" are structural risks
- 🔍 Establishing a "dual reporting line" for internal audits and headquarters involvement in selecting supervisors are key to preventing tokenism
- ✅ Check the effectiveness of your governance system now with a specific checklist
✅ Audio summary of this post here
table of contents
Introduction
This time, we will explain the issue of "corporate governance becoming a dead letter" faced by Japanese companies with subsidiaries in Malaysia and Indonesia.
In Japan, The company is transitioning to a company with an audit and supervisory committee, and as of August 2025, it accounts for 48.1% of companies listed on the Tokyo Stock Exchange Prime Market We are in the situation that.
However, there are many cases where overseas subsidiaries, especially those in Southeast Asia, have established supervisory bodies under local company laws but do not effectively exercise their supervisory functions.
I have personally received many complaints from Japanese companies in Malaysia and Indonesia, such as, "We have an institution equivalent to an auditor, but we have overlooked signs of fraud," and "We have outside directors, but we have not been able to stop the management from running wild."
We believe that at the root of these problems lies a common thread: we are content to simply implement a system and not build an "information pipeline" to ensure a substantive oversight function.
This paper will summarize the institutional characteristics of Malaysian and Indonesian supervisory institutions, clarify their structural risks, and explain practical points to prevent them from becoming mere formality.
Malaysian and Indonesian supervisory authorities: differences in systems and structural risks
Indonesia: Risk of "information blackout" in the Komisaris system
Indonesia's company law uses a two-tier system (two-tier system).
This is a system in which the executive body, the Board of Directors (Direksi), and the supervisory body, the Commissar (Dewan Komisaris), are completely separate.
The philosophy of the system is to ensure supervisory independence and an objective check on management decision-making by clearly separating enforcement and supervision.
This two-tier system, based on Indonesia's Companies Act (Law No. 40 of 2007 on Limited Liability Companies), may be considered a similar idea to Japan's old supervisory board system.
However, in practice, the following structural risks exist:
Structures prone to information asymmetry
Because the Commissaris is separated from the executive board, it tends to have limited access to day-to-day management information.
This tends to lead to enforcement parties sorting out and reporting only "convenient information," resulting in supervisors repeatedly making perfunctory approvals without accurately understanding the company's true situation.
In one case I was involved in, the Comisaris only reported a "good financial position" despite the local CFO having been window dressing for several years.
The Comisaris was only briefed at a few meetings a year and had no mechanism for routinely accessing the company's financial documents, making it unable to detect anomalies.
Choosing people who are easy to use as "decorators"
Also, in Indonesia, the position of comisaris is often treated as an "honorary position."
In some cases, former government officials with little practical experience or individuals selected through personal relationships with management may not be expected to perform any substantive oversight functions.
Malaysia: Independent directors' "nominal independence" issue
Meanwhile, Malaysia has adopted a one-tier system (one-tier system).
This is a system similar to that of companies with supervisory boards and nominating committees in the UK, the US, and Japan, in that executive officers and supervisory officers (independent directors) live together on the same board of directors.
Malaysia's listing regulations (Bursa Malaysia Listing Requirements) require listed companies to appoint an Independent Director (Independent Director).
Specifically, a minimum of two people or a higher one-third of the board must be an independent director.
Additionally, the Malaysian Code on Corporate Governance (MCCG) 2021 recommends that at least half of directors be independent, and that large companies have a majority of independent directors.
However, the following problems have been pointed out in practice.
Lack of substantial independence
Malaysian companies, especially overseas Chinese owner companies, often have independent directors who formally meet the independence requirement but are essentially selected through personal relationships with the owner or management.
People such as "old friends of the president," "former business partners," and "relative associates" become independent directors, creating a "consumer structure" in which management cannot be challenged.
In one Malaysian subsidiary where I was involved, all of the independent directors were selected through referrals from Japanese expatriates at the parent company, effectively preventing them from going against the wishes of management.
No issues were raised at the Board meeting, despite the inappropriate related party transactions taking place.
"An unchallenged atmosphere"
There is also a tendency in Malaysian corporate culture to avoid directly speaking out against superiors or authority figures.
This cultural context is also an obstacle to independent directors exercising substantive oversight functions.
Three practical points to prevent tokenism
So, given these structural risks, how can we prevent the supervisory function from becoming a dead letter.
Below, we will explain three points that we believe are important in practice.
Point 1: Establishment of a "dual reporting line" for the internal audit department
Most importantly, create mechanisms for supervisory authorities to access information on a par with enforcement agencies.
A specific means to that end is the double-tracking of the reporting lines of the Internal Audit Division.
What is a dual reporting line
The dual reporting line refers to the mechanism whereby the internal audit department reports directly not only to the executive heads (President and CEO) but also to the supervisory bodies (Audit Committee, Commissariat, Independent Directors).
In many companies, the internal audit department is directly under the president, and the audit results are reported to the president first.
However, this structure risks crushing information about the president or executives close to him if they are found to have engaged in misconduct or inappropriate behavior.
Establishing a dual reporting line would allow the internal audit department to report enforcement issues directly to the oversight body.
This eliminates the information asymmetry that prevents "inconvenient information" from reaching the supervisor.
Collaboration with the Headquarters Audit Division
Furthermore, it would be useful to establish a mechanism in which three parties meet regularly: the local internal audit department, the supervisory body (Commisaris and the Audit Committee), and the audit department at the Japanese headquarters. This will prevent local oversight bodies from becoming isolated and create an environment in which they can exercise their oversight functions while receiving back-up from headquarters.
One company I supported has implemented a system in which three parties meet online every quarter: the local internal audit director, Comisalis, and the head of the headquarters audit department.
The meeting provides a forum for frank discussion of audit concerns without involving local management.
After this mechanism was implemented, inappropriate expense handling and conflict of interest transactions that had not previously surfaced were discovered and could be corrected early.
Point 2: Active involvement of headquarters in the selection of supervisors
To ensure the effectiveness of the supervisory function, it is extremely important to "choose who will be the supervisor."
However, in many Japanese companies, it is often left to local management to select supervisors.
Headquarters candidate interview and approval process
It is recommended that there be a process for legal and audit departments at Headquarters to interview candidates for Commissaris and independent directors in person to verify their expertise, experience and independence.
Specifically, we believe the following points should be confirmed:
- Have specialized knowledge in accounting, finance, legal affairs, etc
- Have work experience in the industry
- Is there no personal relationship with management or major shareholders
- Have you had a history of involvement in fraud or scandal
- Have the courage and independence to say "no" to management
Required skill set
Particularly in Indonesia, the placement of members with accounting expertise is important.
Indonesia's listing rules require the establishment of an Audit Committee (Audit Committee), which must consist of a minimum of three members, one of whom must be chaired by an independent comisaris, and at least one of whose members must be an accounting or finance professional.
It is important to select people who not only meet the requirements formally, but also have the ability to actually read financial statements and detect anomalies.
Malaysia is also seeing an increasing number of companies bringing on independent directors from the Big Four accounting firms and former regulatory executives.
These people are not only highly specialized, but can also be expected to have the ability to oversee management with professional skepticism.
Point 3: Designing a mechanism to raise "bad news"
In order to make the supervisory function substantially operational, it is necessary to have in place mechanisms for the proper communication of problems occurring on the ground to the supervisory body.
Ensuring the effectiveness of the hotline (internal reporting system)
Many companies have internal reporting systems in place, but their effectiveness varies widely.
In Southeast Asia in particular, the system is often dysfunctional because the anonymity of the informant is not adequately protected, retaliatory personnel are made after the report is made, or nothing changes when the report is made.
The following elements are considered important for establishing an effective internal reporting system:
- The reporting point will be independent of local management and will be located in the legal and compliance department at headquarters or an external third-party organization
- Strict protection of the anonymity of the informant and a clear prohibition of retaliatory actions in the rules of work
- Establish a mechanism for sharing the contents of reports with supervisory bodies (Commisaris and Audit Committee)
- Feedback to the reporters of findings and corrective actions based on the report
Indication of direct route to the head office
It is also important to specify a route that allows local employees to report issues directly to headquarters without going through local management.
This route works effectively when the local internal reporting system is not working or when local management itself is a party to the issue.
In one case I was involved in, the accounting officer of a local subsidiary was forced to make improper accounting decisions at the direction of his superior, the local CFO.
The local hotline was only a formality, and accounting officers, fearing they would be crushed if they called, emailed the legal department at headquarters directly.
This report led to a headquarters-led investigation that uncovered misconduct by the CFO and led to his dismissal.
Three common misconceptions about Japanese headquarters
Regarding the governance of Southeast Asian subsidiaries, we would like to clarify a common misunderstanding that people at the Japanese headquarters fall into.
Myth 1: "You can rest assured if you comply with local laws"
Just because you have a supervisory body based on local company law and listing rules and you have the necessary procedures in place does not mean that governance is working.
Legal compliance is a minimum line, and efforts beyond it are needed to ensure substantive oversight functions.
In particular, company laws in Indonesia and Malaysia require the establishment of supervisory bodies, but to a large extent leave it up to companies to make voluntary efforts to ensure their operation and effectiveness.
It is not enough to simply follow the law formally; we must also create mechanisms that work in practice.
Myth 2: "It's okay if there are independent directors."
It is one thing to have supervisors appointed, such as independent directors or commisaris, but it is another thing that these supervisors actually work.
As mentioned above, if the selection is inappropriate or access to information is limited, the supervisory function will not be exercised no matter how many talented people are selected.
"Prepare an environment in which that person can function" is as important as "who to choose."
Myth 3: "Because the audit firm is auditing."
It is also a misconception to think that the governance of the company is fine because the financial statements are audited by an external audit firm.
Financial statement audits are intended to verify the adequacy of financial reporting, not to comprehensively evaluate the appropriateness of business decisions or the effectiveness of internal controls.
Additionally, audit firms are independent of management, but the counterparty to the audit agreement is the company, and audits are conducted within the context of relationships with management.
The functioning of internal oversight bodies and internal audit departments is essential to ensure continuous monitoring of internal control deficiencies and management's risk of fraud.
External audit and internal oversight are complementary and should not rely on one or the other, but should make both work properly.
Practical Edition: Governance Effectiveness Checklist
With this in mind, we present a checklist to verify the effectiveness of governance in our own Southeast Asian subsidiary.
Those in charge of the overseas division, legal department, and audit department at headquarters should check the following items.
Composition and selection of supervisory bodies
□ Whether the head office knows the membership of the supervisory body (Commisaris, Audit Committee, Independent Directors)
□ Whether the head office has verified the expertise, background, and independence of each member
□ Whether the head office is involved in the supervisor selection process
□ (Indonesia) Whether the Audit Committee includes members with accounting and financial expertise
□ (Malaysia) Independent directors make up at least one-third (or the higher of two) of the board of directors
Information access and reporting lines
□ Whether the supervisory authority is guaranteed the same right of access to information as the enforcement authority
□ Has a line been established where the internal audit department reports directly to the supervisory authority (dual reporting line)
□ Regular communication between the supervisory authority and the audit and legal departments at headquarters
□ Whether board meeting minutes are regularly shared and reviewed by headquarters
Effectiveness of the internal reporting system
□ Whether an internal reporting system (hotline) is in place
□ Whether the reporting point is independent of local management
□ Whether the informant's anonymity and protection are ensured
□ Is there a system in place to share the contents of the report with the supervisory authority
□ Whether the direct reporting route to the head office is specified
Status of activities of the supervisory bodies
□ Supervisory body meetings are held regularly (preferably four or more times a year)
□ Meeting minutes are prepared and shared with headquarters
□ Whether the supervisory body has the opportunity to ask questions and give opinions to management
□ Whether headquarters executives have the opportunity to interact directly with oversight bodies at least once a year
Risk Management and Compliance
□ Risk assessments of local subsidiaries are regularly carried out
□ Is there a mechanism for reporting suspected serious risk events or violations of laws and regulations to a supervisory body
□ Whether related party and conflict of interest transactions are properly supervised
□ Compliance training is also provided to members of supervisory bodies
If there are many "no" or "unknown" responses to these items, there may be challenges to the effectiveness of the governance system.
It is recommended that improvements be considered as soon as possible.
summary
For Japanese companies with subsidiaries in Southeast Asia, particularly Malaysia and Indonesia, making local corporate governance effectively work is not just a matter of compliance, but a management issue to protect corporate values.
The risk of "information blackout" under Indonesia's two-tier system and the risk of "nominal independent directors" under Malaysia's one-tier system are structural problems inherent in each system and cannot be solved by simply introducing a system.
The key is to create an "information pipeline" for the supervisory body to function effectively.
Specifically, establishing dual reporting lines for the internal audit department, actively involving headquarters in selecting supervisors, and designing mechanisms to ensure good bad news is reported are key.
There is a saying that "Buddha is created and no soul is put into it," but corporate governance also requires that we not be satisfied with simply creating a "box" of institutions, but rather create an "ecosystem" in which information flows and checks are in place.
Scandals at Southeast Asian subsidiaries ultimately result in the loss of headquarters reputation and the undermining of corporate values.
Rather than leaving it as a "local issue," we believe it will become increasingly important to reframe it as a "group-wide governance issue" and to build an effective oversight system led by headquarters.
We hope this article will help you in your efforts to strengthen the governance of your Southeast Asian subsidiaries.
- [Introducing investment projects] Financing project for aquaculture business in Malaysia (capital increase)
- [Introduction to investment projects] Financing of electrical and solar power generation-related projects in Malaysia (capital increase)
Related articles
-
Selected for the 2027 edition 『The Best Lawyers in Japan』. -
He appeared as a moderator at a symposium hosted by the Japan Federation of Bar Associations
-
TV appearance announcement (TV Asahi "Good! Comment on "Morning")
-
[Column Writing] 【ESG Strategies Useful for Business】 No. 30: Protection of Foreign Workers and Measures to Combat Forced Labor (2) Practical Response Strategies for Japanese Companies
-
[Announcement of seminar appearance] Sponsored by the Financial Finance Research Group: "Why did that renewable energy project fail?"
-
[Column Writing] 【Financial and Legal Affairs】 No. 2276 Young Southeast Asia, Aging Managers
-
[Column Writing] 【ESG Strategies for Business】 Part 29: Protecting Foreign Workers and Combating Forced Labor (1) International Regulations and Malaysia's Response
-
[Column Writing] 【ESG Strategies for Business】 No. 28 Carbon Tax (2)
