Legal / Compliance

Review this vendor contract clause and identify risks from MY (the buyer) perspective. I am the in-house counsel for a Malaysian tech company.

Clause 14.2 — Limitation of Liability:
"Notwithstanding any other provision of this Agreement, the Vendor's total aggregate liability under or in connection with this Agreement, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, shall not exceed the total fees paid by the Client to the Vendor in the twelve (12) months immediately preceding the event giving rise to the claim. In no event shall the Vendor be liable for any indirect, consequential, special, incidental, or punitive damages, including but not limited to loss of profits, loss of data, or business interruption, even if advised of the possibility of such damages."

Analyse:
1. What risks does this clause create for us as the buyer?
2. Which specific exclusions are unreasonable for a cloud SaaS vendor handling our employee data?
3. Draft 3 counter-proposals: (a) aggressive push-back, (b) balanced compromise, (c) minimum acceptable position
4. What Malaysian law provisions (Contracts Act 1950, Personal Data Protection Act 2010) might affect the enforceability of this clause?
5. One question I should ask the vendor that will reveal how firm they are on this clause

Conduct a gap analysis of our data handling practices against Malaysia Personal Data Protection Act 2010 (PDPA). I will use this to prioritise remediation work.

Our current state:
- We collect customer names, emails, phone numbers, and company names via website forms
- Data is stored in a US-based cloud database (AWS us-east-1)
- We have a privacy policy on our website (last updated 2024)
- No Data Protection Officer appointed
- Customer data is shared with 2 third-party tools: a CRM (HubSpot) and an email platform (Mailchimp)
- We send marketing emails to existing customers without explicit opt-in for marketing
- No data processing register maintained
- Employee data (IC numbers, bank details, addresses) stored in Google Sheets shared among 4 HR staff
- No data breach response plan
- No data subject access request (DSAR) process

For each gap:
1. PDPA section/principle violated
2. Risk level: critical, high, medium, low
3. Remediation action (specific, not generic)
4. Effort estimate: quick fix (under 1 week) or project (needs planning)
5. Priority ranking based on likelihood of enforcement action

Organise by the 7 PDPA principles.

Draft a directors' circular resolution for the following corporate action. It must comply with the Companies Act 2016 (Malaysia) and our company constitution (standard SSM template).

Corporate action: Approval to open a new bank account with CIMB Bank Berhad for the purpose of receiving grant disbursements from MDEC.

Company details:
- Company: TechForward Sdn Bhd (Company No. 1234567-X)
- Directors: Tan Ah Kow (Managing Director), Siti Aminah binti Ibrahim (Executive Director), Rajesh a/l Kumar (Independent Non-Executive Director)
- Company Secretary: Corporate Services Sdn Bhd

The resolution must:
1. State the purpose of the new bank account clearly
2. Authorise specific signatories (any 2 of 3 directors)
3. Authorise the company secretary to execute all necessary banking documents
4. Include the standard "any director" authorisation for bank compliance forms
5. Be formatted as a proper circular resolution per Section 302 Companies Act 2016
6. Include space for dated signatures of all directors

Review this employment contract and flag clauses that are problematic or unenforceable under Malaysian employment law. I am advising the employee (not the employer).

Flagged clauses:

Clause 8 — Non-Compete: "The Employee shall not, for a period of 24 months following termination, engage in any business that competes with the Company within Malaysia."

Clause 12 — IP Assignment: "All intellectual property created by the Employee, whether during working hours or otherwise, and whether using Company resources or not, shall be the sole property of the Company."

Clause 15 — Termination: "The Company may terminate this Agreement immediately without notice or compensation if, in the sole opinion of the Management, the Employee's performance is unsatisfactory."

Clause 18 — Confidentiality: "This obligation of confidentiality shall survive termination of employment indefinitely."

Clause 21 — Dispute Resolution: "Any disputes shall be resolved by arbitration in Singapore under Singapore International Arbitration Centre rules."

For each clause:
1. Is it enforceable under Malaysian law? (Yes/No/Partially, with legal basis)
2. What is the specific risk to the employee?
3. Suggested revision that is fair to both parties
4. Negotiation talking points (what to say to the employer)

Tone: Practical legal advice, not academic analysis.

Assess the impact of this regulatory change on our business and recommend compliance actions.

Regulatory change: Bank Negara Malaysia has issued new guidelines on digital lending requiring all digital lending platforms to implement a mandatory 3-day cooling-off period for loans under RM10,000, effective 1 July 2026.

Our business:
- P2P lending platform licensed under SC
- Average loan size: RM8,500
- 70% of our loans are under RM10,000
- Current process: Borrower applies → approved in 4 hours → funds disbursed same day
- Monthly loan volume: 450 loans
- Revenue model: 3% origination fee + 1% monthly servicing fee

Analyse:
1. Direct operational impact (what must change in our process)
2. Financial impact estimate (lost revenue, delayed cash flow, increased costs)
3. System changes required (product, engineering, customer service)
4. Customer communication plan (how to explain the change without losing borrowers)
5. Competitive implications (does this hurt us more or less than competitors?)
6. Compliance timeline with milestones (working backward from 1 July)
7. One opportunity this regulation creates that most competitors will miss

I am about to sign a mutual NDA with a potential partner company. Create a negotiation cheat sheet so I know what to push back on and what to accept.

Context: We are a Malaysian AI consultancy exploring a partnership with a large Malaysian bank. They sent their standard NDA. Power dynamic: they are much larger than us, but we have specialised AI expertise they need.

Key terms in their NDA:
- Duration: Confidential information protected for 5 years after disclosure
- Definition: "Confidential Information means any and all information disclosed by either party"
- Exclusions: Standard exclusions (public domain, independently developed, prior knowledge)
- Permitted disclosure: Only to employees with need-to-know, but no mention of contractors or advisors
- Remedies: Injunctive relief plus damages, prevailing party recovers legal costs
- Governing law: Malaysian law, KL High Court jurisdiction
- Residuals clause: None

For each term:
1. Is this standard or aggressive? (benchmark against typical Malaysian commercial NDAs)
2. What should I push back on and why?
3. Exact alternative language to propose
4. How hard to fight (on a scale of "must change" to "nice to have")

Also flag what is MISSING from this NDA that should be there.

Translate this legal clause into plain English that a business owner with no legal background can understand. Then draft the clause properly.

Business situation: I am writing terms of service for a Malaysian SaaS platform that provides automated invoice processing. I need a clause that says: "If our system makes a mistake and processes an invoice incorrectly, we will fix it but we are not responsible for any financial losses that result from the error."

Create:
1. The plain English version (under 50 words, conversational tone)
2. The proper legal clause (suitable for a Malaysian T&C document)
3. An explanation of what each legal phrase means in real terms
4. Whether this clause is likely enforceable under Malaysian Consumer Protection Act 1999 and Contracts Act 1950
5. The biggest loophole a customer could exploit in this clause
6. A fairer version that protects us while not being unreasonable to customers

I am negotiating a shareholder agreement for a new joint venture between my tech company and a local distributor. Advise me on the key terms I should insist on.

JV structure:
- My company: 60% equity (contributing technology platform + team)
- Their company: 40% equity (contributing distribution network + client relationships)
- Both directors on the board (2 from us, 1 from them)
- Initial capital: RM500K (proportional to equity)
- Business: AI-powered supply chain optimisation for F&B industry in Malaysia

For each of these key areas, draft the term AND explain why it matters:
1. Reserved matters (decisions requiring unanimous approval vs simple majority)
2. Deadlock resolution mechanism
3. Drag-along and tag-along rights
4. Non-compete provisions for both shareholders
5. Exit mechanisms (buy-sell, ROFR, shotgun clause)
6. IP ownership (the platform is mine, but JV will create derivative works)
7. Dividend policy
8. Performance milestones that trigger equity adjustments

Prioritise which 3 terms I should fight hardest for as the majority shareholder contributing the technology.