Cyber Law

Duties of an Internet Service Provider in Malaysia

internet service

Communications and Multimedia Act 1998

 The relevant legislation in Malaysia regulating the communications and multimedia industry is the Communications and Multimedia Act 1998 (“the Act”). The Act has been enacted to promote national policy objectives for the communications and multimedia industry and to establish a licensing and regulatory framework in support of national policy objectives for the communications and multimedia industry.

The Malaysian Communications and Multimedia Commission (“MCMC”) was established by the Act as regulator for the converging communications and multimedia industry and charged with overseeing the new regulatory framework for the converging industries of telecommunications, broadcasting and on-line activities.

 

The Act requires various activities to be licensed and one of the roles of MCMC is to issues licences. Under the Act, there are four categories of licensable activities :

 

(1)               Network Facilities Providers – who are the owners of facilities such as satellite earth stations, broadband fibre optic cables, telecommunications lines and exchanges, radiocommunications transmission equipment, mobile communications base stations, and broadcasting transmission towers and equipment. They are the fundamental building block of the convergence model upon which network, applications and content services are provided.

 

(2)               Network Services Providers – who provide the basic connectivity and bandwidth to support a variety of applications. Network services enable connectivity or transport between different networks. A network service provider is typically also the owner of the network facilities. However, a connectivity service may be provided by a person using network facilities owned by another.

 

(3)               Applications Service Providers – who provide particular functions such as voice services, data services, content-based services, electronic commerce and other transmission services. Applications services are essentially the functions or capabilities, which are delivered to end-users.

 

(4)               Content Applications Service Providers – who are special subset of applications service providers including traditional broadcast services and newer services such as online publishing and information services.

 

According to the MCMC website at http://www.mcmc.gov.my/, Time dotcom Berhad is one of the licensed service providers for Applications Service Provider.

As the Act seeks to establish a regime of self-regulation by providing for the creation of industry forums, an industry body may be designated or appointed as an industry forum if the MCMC is satisfied that the criteria stipulated in Section 94 of the Act 1998 has been fulfilled.

The primary function of a designated industry forum would be to formulate and implement voluntary industry codes, which would serve as a guide for the industry to operate. The relevant codes may be developed on the forum’s own initiative or upon request by the MCMC.

In March 2001, the MCMC designated the Communications and Multimedia Content Forum of Malaysia (“CMCF”) as the Content Forum.

The CMCF governs content by self regulation in line with the Malaysian Communications and Multimedia Content Code (“Code”). The Code is a set of industry guidelines on the usage and/or dissemination of content for public consumption. The Code has now been officially registered with the MCMC with effect from 1 September 2004.

The Code can be downloaded at MCMC’s website at http://www.mcmc.gov.my.

The Constitution of the CMCF states that a Complaints Bureau be established under Article 8 of the Code to deal with complaints. The Bureau is empowered by the Council to impose sanctions on any member who is considered to have breached the Content Code.

However, the Bureau is not permitted to consider complaints if they concern matters that are the subject of legal proceedings, or if the Bureau decides it would be inappropriate.

 

Application of the Code

 The Code applies to all content made available in the content industry in the networked medium and as defined the Code and under the Act.

This Code also applies to all persons who provide a content applications service (“Content Application Service Providers”) and in particular but is not limited to:

 

(1)        Each member of the industry forum;

(2)        Each person who has submitted their agreement to the Forum that they will be bound by this Code; and

(3)       Each person whom the Commission has directed in accordance with Section 99 of the Act.

 

Under Section 100 of the Communications and Multimedia Act 1998 (“the Act”), a person who fails to comply with a direction of MCMC that the for person complies with any provision of a voluntary industry code shall be liable to pay to the MCMC a fine not exceeding two hundred thousand (200,000) ringgit.

 

The Code

The relevant part of the Code for the parties who provide online Content or those who provide access to online content through present and future technology is Part 5 of the Code. These parties include, but are not limited to:

 

(1)               Internet Access Service Providers;

(2)               Internet Content Hosts;

(3)               Online Content Developers;

(4)               Online Content Aggregators; and

(5)               Link Providers

 

(collectively referred as “Content Subject”)

 

Internet Service Provider falls under the definition of Internet Access Service Providers which is defined in paragraph 12.1 of Part 5 of the Code as a service provider who provides users with access to the Internet including (but not limited to) the World Wide Web.

The Code has provided that no Content Subjects shall knowingly provide prohibited content. The Code has classified ‘prohibited content’ into 9 categories namely:

(1)               Indecent Content

(2)               Obscene Content

(3)               Violence

(4)               Menacing Content

(5)               Bad language

(6)               False Content

(7)               Children’s Content

(8)               Family Values

(9)               People with Disabilities

 

Content is defined as any sound, text, still picture, moving picture or other audio-visual representation, tactile representation or any combination of the preceding which is capable of being created, manipulated, stored, retrieved or communicated electronically but does not include for the purpose of the Part 5 of the Code:

(1)        ordinary private and/or personal electronic mail other than bulk or spammed electronic mail;

(2)        content transmitted solely by facsimile, voice telephony, VOIP and which is intended for private consumption; or

(3)        content which is not accessible to the public whether freely, by payment of a fee or by registration, including (but not limited to) content made available by way of a closed Content Application Service or a limited Content Applications Service under Sections 207 and 209 of the Act respectively;

 

Appendix 2 of the Code provides that, apart from the Act, licensees under the Act may need to be aware of the following Acts of Parliament and are advised to have sufficient resources and expertise to ensure compliance where necessary.

 

(1)               Accountants Act 1967 (revised 1972)

(2)               Children & Young Persons (Employment) Act 1966 (Revised 1988)

(3)               Consumer Protection Act 1999

(4)               Copyright Act 1969

(5)               Defamation Act 1957

(6)               Dental Act 1971

(7)               Film (Censorship) Act 1952

(8)               Geneva Conventions Act 1962

(9)               Indecent Advertisements Act 1953

(10)           Internal Security Act 1960

(11)           Medicine (Advertisement and Sale) Act 1956

(12)           National Anthem Act 1968

(13)           Penal Code

(14)           Pesticides Act 1974

(15)           Poisons Ordinance 1952

(16)           Poisons (Sodium Arsenite) Ordinance 1949

(17)           Printing Presses and Publications Act 1984

(18)           Private Higher Educational Institutions Act 1996

(19)           Private Hospitals Act 1971

(20)           Sale of Drugs Act 1952 (Revised 1989)

(21)           Sale of Food Act 1983

(22)           Food Regulations 1985

(23)           Securities Industry Act 1983

(24)           Sedition Act 1948

(25)           Trade Description Act 1972

(26)           Trade Marks Act 1976

(27)           Women and Girls Protection Act 1973

 

Compliance of the Code as a legal defence

Section 98 of the Act provides that compliance with the Code is a legal defence. Section 98(2) of the Act provides that ‘compliance with a registered voluntary industry code shall be a defence against any prosecution, action or proceeding of any nature, whether in a court or otherwise, taken against a person (who is subject to the voluntary industry code) regarding a matter dealt with in that code’.

Notwithstanding the above, paragraph 6.4 of Part 2 of the Code states that all applicable Malaysian Laws including but not limited to sedition, pornography, defamation, protection of intellectual property and other related legislation are to be complied with.

 

Duties of Internet Access Service Provider under the Code

The Code has set out the guidelines to be followed by an Internet Access Service Provider (“IASP”) in Part 5 of the Code.

An IASP shall comply with and incorporate terms and conditions in the contracts and legal notices as to terms of use with subscribers of their services. This shall include the following terms:

(1)        Subscribers will comply with the requirements of Malaysian law including, but not limited to, the Code and shall not provide prohibited Content nor any Content in contravention of Malaysian law;

(2)        The IASP will have the right to withdraw access where a subscriber contravenes the above; and

(3)        The IASP shall have the right to block access to or remove such prohibited Content provided such blocking or removal is carried out in accordance with the complaints procedure contained in the Code.

The existence of the above-mentioned terms and conditions will be displayed on the IASP’s website in a manner and form easily accessible by its subscribers by way of a link or other similar methods.

The Code recognises the concept of innocent carrier. Code Subjects providing access to any Content but have neither control over the composition of such Content nor any knowledge of such Content is deemed an innocent carrier for the purposes of the Code. An innocent carrier is not responsible for the Content provided. Further, it is also a defence that access providers had adhered to the general measures provided by the Code.

However, once an IASP is notified by the Complaints Bureau that its user or subscriber is providing prohibited Content and the IASP is able to identify such subscriber the IASP will take the following steps:

 

(1)        Within a period of 2 working days from the time of notification, inform its subscriber to take down the prohibited Content.

 

(2)        Prescribe a period within which its subscriber is to remove the prohibited Content, ranging from 1 to 24 hours from the time of notification.

 

(3)        If the subscriber does not remove such prohibited Content within the prescribed period, the IASP shall be entitled to suspend or terminate the subscribers’ access account.

 

(collectively referred as “Notice and Take Down Procedure”)

 

However, paragraph 11 of Part 5 of the Code provides that IASPs are not required to undertake any of the following:

 

(1)        Provide rating systems for Online Content;

(2)       Block access by their users or subscribers to any material unless directed to do so by the Complaints Bureau acting in accordance with the complaints procedure set out in the Code;

(3)       Monitor the activities of users and subscribers; or

(4)       Retain data for investigation unless such retention of data is rightfully requested by the relevant authorities in accordance with Malaysian law.

 

Notwithstanding the above, the definition of ‘prohibited content’ does not include content which infringes other parties’ intellectual property or contains element of fraud. As such, the Notice and Take down procedure may not apply to such matters. We are of the view that the types of remedies available to the aggrieved party limited to the traditional remedies specified under their specific legislation.

 

Liability of Internet Application Service Provider in general

So far there have not been any reported cases on the liability of an IASP in Malaysia as a conduit that who passively allowed for the transmission of data. However, we may refer to the position in United Kingdom and the United States of America.

 

United Kingdom

We refer to the case of Godfrey v Demon Internet Ltd, QBD, [1999] 4 All ER 342. In the said case, Demon Internet Ltd, an Internet service provider offered a Usenet facility, enabling authors to publish material to readers worldwide. An unknown person made a posting in that newsgroup on an American service provider, and it reached Demon Internet Ltd’s server in England. The posting, which purported to be written by Godfrey, was a forgery and defamatory of Godfrey. Godfrey subsequently informed Demon Internet Ltd that the posting was a forgery, and asked it to remove the posting from its Usenet news server. However, Demon Internet Ltd failed to do so, and the posting remain on the server until its expiry. Godfrey brought proceedings for libel against Demon Internet Ltd.

In its defence, Demon Internet Ltd sought to rely, inter alia, on the defence provided by s 1(1) of the Defamation Act 1996, namely (a) that it was not the publisher of the statement complained of, (b) that it had taken reasonable care in relation to its publication, and (c) that it had not known, and had no reason to believe, that its action had caused or contributed to the publication of a defamatory statement. On Godfrey’s application to strike out that part of the defence, Demon Internet Ltd contended it had not published the defamatory posting and that there had been no publication within the meaning of s 1(1)(b) of the Act. Although s 1(2) and (3) provided a special definition of the word ‘publisher’ as used in s 1(1)(a), s 17 provided that the words ‘publication’ and ‘publish’ had the same meaning as in the general law of defamation. The issue therefore arose whether Demon Internet Ltd had published the posting within the common law meaning of the term.

The Court, in allowing Godfrey’s application, held that Demon Internet Ltd’s defence under Section 1 of the Defamation Act is hopeless and struck out Demon Internet Ltd’s defence.

However, recently in Bunt v Tilley and others [2006] 3 All ER 336, the Court struck out a claim by a Plaintiff against a number of internet service providers for defamation. The Plaintiff claimed that the said internet service provider published the defamatory words of the other defendant ‘via the services provided’ by the said internet service providers. The Court held, distinguishing the case of Godfrey v Demon Internet Ltd (Supra), that an internet service provider which performed no more than a passive role in facilitating postings on the internet could not be deemed to be a publisher at common law.  It was essential to demonstrate a degree of awareness or at least an assumption of general responsibility, such as had long been recognised in the context of editorial responsibility, in order to impose legal responsibility under the common law for the publication of words. Although it was not always necessary to be aware of defamatory content to be liable for defamatory publication, there had to be knowing involvement in the process of publication of the relevant words. It was not enough that a person had played merely a passive instrumental role in the process.

 

United States

In the United States of America, IASP has relied on 47 USC 230 of the American Telecommunications Act of 1996 as their defence. 47 USC 230 of the American Telecommunications Act of 1996 provides that:

 

(c) PROTECTION FOR `GOOD SAMARITAN’ BLOCKING AND SCREENING OF OFFENSIVE MATERIAL-

 

(1)        TREATMENT OF PUBLISHER OR SPEAKER- No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.

 

 (2)       CIVIL LIABILITY- No provider or user of an interactive computer service shall be held liable on account of–

 

(A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected; or

 

(B) any action taken to enable or make available to information content providers or others the technical means to restrict access to material described in paragraph (1).

47 USC 230 of the American Telecommunications Act of 1996 was applied in the cases of Kenneth M. Zeran v. America Online, Inc.; U.S. District Court, E.D. Virginia, 958 F.Supp. (1997).

 

In the American case of Kenneth M. Zeran v. America Online, Inc.; U.S. District Court, E.D. Virginia, 958 F.Supp. (1997), the Plaintiff initiated proceedings for defamation after an unknown America Online, Inc (AOL) subscriber made posting that the Plaintiff had for sale tasteless t-shirts regarding the bombing of the Alfred P.Murrah Building in Oklahoma City, and listed the contact details of the Plaintiff. In response, the Plaintiff received telephone complaints and death threats. The issue was whether an online service, website, or other interactive computer service, can be held liable for defamation made by third parties, where the defamed party has been injured by defamatory speech made by persons who post in an interactive computer service. The Supreme Court ruled against the Plaintiff and held that, applying 47 USC 230 of the American Telecommunications Act of 1996, held that no provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider. Applying this case to the position in Malaysia, the same may not apply to Malaysia as Malaysia does not have such provision to protect IASP.

 

However, the above 47 USC 230 of the American Telecommunications Act of 1996 has no effect on intellectual property law.

 

Liability of Internet Application Service Provider for Copyright infringement

As for the liability of IASP for the wrongdoings of a third party i.e. infringing materials, at the present, there has not been any explicit attempt by the legislators to clarify this position. In the United States of America, the Digital Millennium Copyright Act 1998 was enacted to exempt IASP from copyright liability if they take measures to take down the infringing materials from the internet. In the United Kingdom, the Copyright and Related Rights Regulations 2003 allow the grant of an injunction against a service provider, only in instances where the service provider has ‘actual knowledge’ of another person using their service to infringe copyright.

In this regard, in order to ascertain whether copyright subsists in the works, one must determine whether the works fall within one of the categories of works protected under the Copyright Act 1987 (“Copyright Act”). Section 7(1) of the Copyright Act sets out the categories of works which are eligible for copyright protection and it is worded in this way:

 

    7. Works eligible for copyright

   (1)     Subject to this section, the following works shall be eligible for copyright:

(a)        literary works;

(b)        musical works;

(c)        artistic works;

(d)        films;

(e)        sound recordings; and

(f)         broadcasts.

 

Upon determination whether the work in question is eligible for copyright, in order to determine whether there has been an infringement of copyright, we are of the view that we refer to Section 36 of the Copyright Act which provides:
36.  Infringements.

 

(1) Copyright is infringed by any person who does, or causes any other person to do, without the licence of the owner of the copyright, an act the doing of which is controlled by copyright under this Act.

 

  1. Section 13 of the Copyright Act provides for the following acts that is controlled by copyright,

 

(1)                           the reproduction in any material form;

(2)                           the communication to the public;

(3)                           the performance, showing or playing to the public;

(4)                           the distribution of copies to the public by sale or other transfer of ownership; and

(5)                           the commercial rental to the public,

 

of the whole work or a substantial part thereof, either in its original or derivative form.

 

Technically speaking, when an internet user posts a message through the internet, the said message will be transmitted through the IASP who will then in turn reproduce the said message to the intended recipient.

As such, passive IASP who is merely a conduit that who passively allowed for the transmission of data, may reproduce files and documents belonging to third parties that is controlled by copyright. In this regard, on the issue whether there is copyright infringement, we may refer to the definition of ‘causes any other person’ of Section 36 of the Copyright Act. The word ‘causes’ is not defined nor has been defined in the Malaysian Court.

Professor Dr. Khaw Lake Tee in her book “Copyright Law in Malaysia” (2nd Ed, 2001, Malayan Law Journal) at page 182 to 183, in defining ‘causes’ referred to the case of Dunia Muzik WEA Sdn Bhd v Koh Tay Eng [1989] 2 MLJ 356. Professor Dr. Khaw Lake Tee summarised Dunia Muzik WEA Sdn Bhd v Koh Tay Eng, at page 182 to 183 of “Copyright Law in Malaysia” (2nd Ed, 2001, Malayan Law Journal) to the following:

 

In that case, the plaintiffs who were engaged in the making, production and publication of musical works and sound recordings, used the defendant for infringement of their copyright. It was alleged that the defendant had sold infringing copies of the plaintiffs’ sounds recordings and had therefore, inter alia, caused, enabled or assisted others to reproduce and to dispose off unlawfully the plaintiff’s works. Gunn J (as he then was) held that the plaintiffs have proved all the allegations made and were therefore entitled to an injunction, damages as well as delivery of the infringing copies. But although evidence was adduced to show that the defendant had sold infringing copies, there was nothing from the facts of the case to suggest that the defendant had made the infringing copies himself. The court could have thus meant that the defendant had ‘caused’ other to reproduce the infringing copies. There was also nothing in the facts to indicate the person involved in the actual reproduction were the servants or agents of the defendant. The court would seem to suggest that a person selling infringing copies could be held to have ‘caused’ copying of the work even though the act was done by a third party who was acting neither on the person’s behalf nor his instructions. In other words, the word ‘cause’ seemed to be used in the sense of ‘bringing about an effect or results’.

 

Further, in Saleha Hussin lwn. AB Wahid Nasir & Yang Lain [2004] 2 CLJ 204, the Court held that a television broadcasting company was liable for copyright infringement although they had no knowledge that the infringing work, a television program, had infringed the copyright of the Plaintiff. In the said case, the learned Judge, Abdul Hamid Mohamad HMP in his judgement, relied on the English case of Mansell v. Valley Printing Co.[1908] 2 Ch. 441 where the Court held that a person who infringed another person’s copyright is liable to the owner of the copyright although he is not guilty or had knowledge of the infringement.

 

Liability of Internet Application Service Provider for Fraud

To date, there have not been any reported cases on the liability of internet service providers for fraud in Malaysia. We have made extensive research on the position in the United Kingdom and the United States of America but our research did not yield any results.

 

  1. Fraud is defined in Clerk & Lindsell at page 1012 as “The tort involves a false representation made by the defendant, who knows it to be untrue, or who has no belief in its truth, or who is reckless as to its truth. If the defendant intended that the claimant should act in reliance on such representation and the claimant in fact does so, the defendant will be liable in deceit for the damage caused”

In order to prove fraud, the other party will have to show that there is a representation of a past or existing fact. The representation may be either express or implied from conduct. Representation implied by conduct is whereby a party conducts himself in a particular way with the purpose of fraudulently inducing another to believe in the existence of certain things which is contrary to the facts and to act upon the basis of its existence which causes the other party to suffer damages. Thus, there must be a deliberate concealment with the intention to defraud.

In the leading case of Derry v Peek (1889) 14 Appl. Cas.337, Lord Herschell laid down the essentials of fraud in the following proposition:

 

“First, in order to sustain an action of deceit, there must be proof of fraud and nothing short of that will suffice. Secondly, fraud is proved when it is shown that a false representation as been made (i) knowingly, (ii) without belief in its truth, or (iii) recklessly, careless whether it be true or false. Although I have treated the second and third as distinct cases, I think the third is but an instance of the second, for one who makes a statement under such circumstances can have no real belief in the truth of what he states. To prevent a false statement from being fraudulent, there must, I think, always be an honest belief in its truth”.

 In order to establish fraud, the state of mind of the Defendant as regards to his knowledge of the falsity or belief in the truth is essential in proving fraud. The representation must be untrue to the Defendant’s knowledge and made with the intent to deceive which is acted upon by the Plaintiff. Therefore, the Defendant may still be liable for fraud even if they did not obtain knowledge of the untruth of his statement until after it has been made and becomes aware of it before the Plaintiff acted upon it. For IASP, if their role is merely as a conduit to transmit information, we are of the view that they may not be liable for fraud if they do not know of such fraudulent statements.

However, if the IASP is aware of such statements and did not act accordingly when receiving a complaint of the same, the IASP may be subjected to legal action by aggrieved parties.

 

Conclusion

 Although the general legal duty of an IASP in Malaysia has been lined up in the Code, the Code does not provide for matters which are contentious. The Malaysian parliament has not enacted specific legislations to address the legal liability of an IASP unlike the United States of America.

In view of the uncertainty, certain IASP in Malaysia had taken steps to include exclusion clauses and also indemnity clauses against their subscribers in their service agreements.

Beware of What You Agree Online

esign

Most often than not, we couldn’t bother much about what we click or agree to via the internet web. Prior to obtaining more information or services  from a website, we are usually required to click on the web button “Agree” or in other words, we have to e-sign the contract or statement prepared by the online website owner. Hence, the issues of validity, enforceability and admissibility in court of such contract entered by way of e-signing are discussed here.

For instance, ABC Company is developing a pricing request system which will have the ability to generate Standard Sales Contract (“the Contract”). The system will send an email containing a link to the sales contract to the appropriate customer representative for the customer to ‘e-sign’. The customer representative will then click on the link to which he will see a screen which requires him to acknowledge that he is representing the customer company and is willing to make decision on the company’s behalf.

Once acknowledged, a second screen will appear which allows the customer to print a draft of the Company Sales Contract and then proceeds to a third screen where the customer is asked to indicate whether he agree to the terms and conditions of the Company Sales Contract. (i.e. click on ‘Agree’ or ‘Do Not Agree’). If the customer selects ‘Agree’, then the customer is deemed to have ‘e-signed’ the contract.

Under Malaysian law, all contracts entered in regardless of their method are governed by the Contracts Act 1950.  As for the said Contract, it may be admissible in Court under s90A of the Evidence Act 1950 which provides that any document or statement produced by a computer are admissible in court.

Based on the facts given, the issue that may arise is whether or not the customer representative who ‘esigns’ the said Contract has the authority to enter contract on behalf of the company.

The customer representative must be authorized to sign on behalf of the company. A Director who has been authorized by the company resolution can enter contracts on behalf of the company but as for agents, this would depend whether or not they have been given the authority to do so.

Agent and Principal

Section 135 Contracts Act 1950 provides that:-

135. An “agent” is a person employed to do any act for another or to represent another in dealing with third persons. The person for who, such act is done, or who is so represented, is called “principal”.

An employee of a company may also be an agent of the firm. In MMC Power Sdn Bhd & Anor v Abdul Fattah B Mogawan & Anor [2001] 1 MLJ 169, it was held on appeal that the Defendants were bound by the acts of their employee who was given authority to act on behalf of the company. Hence, based on the said case, the company will be bound by the acts of a customer representative who may also be an employee of the company.

But if the customer representative is not an authorized person to enter contracts on behalf of the company, then the said contract shall not bind the company even though the customer representative acknowledged that he has authority to do so.

In the event that an issue arises on the legal capacity of the customer representative, we may rely on the agency by estoppel rule or the Indoor Management Rule.

 Agency by Estoppel: Apparent and Ostensible Authority 

Agency by estoppel arises where one person acted as to lead another to believe that he has authorized a third person to act on his behalf, and that other such belief enters in transactions with the third person within the scope of such ostensible authority.

However, the agency by estoppel rule only applies when a company leads the third party to believe that an agent (i.e. customer representative) is acting on his behalf. In our case, the representation that the customer representative is acting on behalf of the company is done by the customer representative himself and hence the agency by estoppel rule doesn’t apply.

Indoor Management Rule (Turquand’s rule)

This rule, derived from the case of Royal British Bank v Turquand (1855) 5 E & B 248 applied in the Malaysian case of Standard Chartered Bank v Central Wood Tiles Sdn Bhd [1990] 2 MLJ 361, provides protection to persons dealing with a company in good faith. An outsider dealing with a company does not need to enquire into the regularity in the internal affairs and proceedings of the company, and may assume that all is being done regularly (see K Sivapragasam a/l Krishnar v Renominium Development Sdn Bhd & Ors [1998] 4 MLJ 535).

However, the Indoor Management Rule has its limit. Pennington’s Company Law (2nd Ed) at pp 137-138 expressed the rule in Turquand’s case and its limits, in the following terms:

The rule prescribed that if a person deals in good faith with the board of directors or other representative body of a company which is in fact exercising powers of management and direction of its business and affairs, that person is not affected by defects of procedure within the company or by its failure to fulfil conditions which are required by the company’s memorandum or articles to be      fulfilled before the act or transaction in question is effected

In another words, the rule is only limited to deals with the board of directors or other representative body of a company. If the customer representative is an individual low in the corporate hierarchy, we cannot take advantage of the rule in Turquand’s case (Mahfuz Bib Hashim v Koperasi Pekebun Kecil Daerah Segamat & Ors [2005] 3 MLJ 726).