One of the principal objectives of company law is to strike a workable balance between, on the one hand, granting sufficient discretion to the directors of a company to exercise their powers in furtherance of the pursuit of the company’s business objectives whilst, on the other hand, constraining the abuse of those powers by directors.


Directors are subject to various legal duties and obligations in the performance of their functions. A material breach of these obligations could have severe consequences ranging from administrative fines to criminal fines and even imprisonment. These potential outcomes clearly leave directors of Maltese companies exposed to the risk of a criminal record which would, of itself, disqualify them from holding office as a director of a Maltese company.

This article is intended to provide a snapshot of the general risks faced by directors of Maltese companies in the performance of their functions, together with some suggestions as to how these risks could be managed.

Who is deemed to be a director under Maltese law?

The Maltese Companies Act (Chapter 386 of the Laws of Malta) (the “Companies Act”) provides that the term ‘director’ should be interpreted to include any person occupying the position of director of a company by whatever name he may be called, who carries out substantially the same functions in relation to the direction of the company as those carried out by a director. Thus, it is important to note from the outset that, contrary to common belief, the role of a director extends beyond the ‘traditional’ role of a director formally appointed and identified as such through the Malta Business Registry (the “MBR”).

In practice, a distinction is frequently drawn between executive directors and non-executive directors (NEDs), which perhaps is primarily driven by the Malta Financial Services Authority (the “MFSA”), Malta’s regulatory authority responsible for regulating financial services activities and also encompasses the Listing Authority which is responsible for overseeing the Maltese capital market. The distinction between executive and non-executive directors is driven primarily by governance considerations, distinguishing those directors who run the company’s day-to-day operations from those whose principal role is to attend and participate in board meetings of the company, during which they are collectively expected to oversee the general governance of the company, its proper administration and management, and to tend to the general supervision of its affairs. It is pertinent to note that the Companies Act creates no such distinction between executive directors and non-executive directors, in line with the principle of collective liability on which Maltese (and Anglo-Saxon) corporate governance principles are based.

General and specific duties of directors

The duties of directors can be classified under two categories, namely general duties and specific (or administrative) duties. The general duties of directors are found in the provisions of Article 136A of the Companies Act which can be classified into two further sub-categories, namely (i) duties of loyalty, and (ii) duties of care and skill.

Administrative duties on the other hand consist of specific statutory obligations which are incumbent on directors and consist principally of acts of an administrative nature. In the case of any breaches of administrative duties, nominal financial penalties would typically be imposed by the Registrar of Companies (the “ROC”), which penalties may ultimately be enforced against the director personally. These duties would typically include, amongst others, the duty to keep an updated register of members as well as the duty to file the appropriate returns and documents with the ROC in a timely manner, including the annual accounts, notification of share transfers and changes in the company’s constitutive documents, officers or ultimate beneficial owners.

Apart from these duties, many other duties arise from a wide array of specific legislation such as the Prevention of Money Laundering Act (Chapter 373 of the Laws of Malta), the Social Security Act (Chapter 318 of the Laws of Malta), and the Value Added Tax Act (Chapter 406 of the Laws of Malta), not to mention several other laws which lay down the regulatory framework for a number of key strategic industries (financial services, pharmaceuticals, gambling etc), a breach of which could lead to personal criminal liability.

Directors are also subject to certain fiduciary obligations which are covered both by Articles 1124A, 1124B and 1871 of the Maltese Civil Code (Chapter 16 of the Laws of Malta) (the “Civil Code”), as well as by Article 136A of the Companies Act, which specifically addresses the duty of loyalty.

Can a company be held criminally responsible? Or could that criminal liability actually fall upon one or more of the individual directors of the company?

Historically, criminal liability could not be attributed to anyone other than a physical person, essentially based on three main lines of argumentation[1]:

  1. a legal person cannot be held criminally liable because it does not have its own brain and therefore lacks the capacity of will and understanding- these being attributes of physical/natural persons;
  2. a company/corporation cannot be physically sent to prison and, moreover, certain criminal sanctions, such as a suspended sentence or a probation order, cannot be imposed on a legal person; and
  3. a company can only perform those acts that it is, according to its memorandum and articles of association, legally empowered to do. Consequently, if a legal person committed a crime, such an act was necessarily ultra vires and therefore null and void.

However, in 1975, the Interpretation Act (Chapter 249 of the Laws of Malta) was enacted, addressing the concept of criminal liability of legal persons in Article 13:

“Where  any  offence… is committed by a body or other association of persons, be it corporate or unincorporate, every person who, at the time of the commission of the offence, was a director, manager, secretary or other similar officer of such body or association, or was purporting to act in any such capacity, shall be guilty of that offence unless he proves that the offence was committed without his knowledge and that he exercised all due diligence to prevent the commission of the offence”.

Interestingly, and based on the principle of collective liability of the directors of a company, the onus is placed on the individual concerned to prove that he/she did not have knowledge of the commission of the offence.

Subsequent legal developments driven by the dominance of corporate entities as the vehicle of choice across all economic sectors in Malta, led to the introduction of the concept of ‘corporate criminal liability’, which essentially attributed criminal liability to the body corporate itself.[2] This development, introduced through wide-ranging amendments to the Criminal Code by virtue of Act III of 2002, was crystallised in the form of Article 121D, and attributes corporate liability to any company found guilty of “Crimes Against the Administration of Justice and Other Public Administration”, with sanctions taking the form of the imposition of a financial fine or penalty.

Since these developments, several other legal provisions have been introduced into Maltese law, attributing criminal liability to companies and also to the individual directors of such companies for criminal offences occasioned through an act or omission of the company. For the purpose of this analysis, we shall focus on instances falling within the latter category, being criminal offences occasioned by the company but attributable to the directors personally.

A Director’s Exposure to Criminal Liability

The notion of criminal liability of directors can be divided into two broad categories:

i) Direct criminal liability

As one would assume, direct criminal liability arises in situations where a director directly (i.e. personally) violates a specific provision of the law, a breach of which would constitute a criminal offence punishable by a fine or imprisonment, or a combination of both. In such circumstances, the director would be held criminally liable for an offence which he/she committed through his/her own acts or omissions, such as in cases of fraud or embezzlement.

ii) Vicarious criminal liability

This aspect of criminal liability is not as straightforward as direct criminal liability, in the sense that in such cases, a director may be held liable for an offence committed by someone else, namely the company of which he is a director, as set out in Article 13 of the Interpretation Act. As observed earlier, in such cases there is an ‘inversion’ in the onus of proof, in the sense that whilst the prosecution (i.e. the party bringing the claim) must prove that the offence was committed by the company, the director must then prove that the offence was committed without his knowledge, and that he exercised all due diligence to prevent the offence from happening.

With reference to the level of care required from company directors, our Courts have held that such duty of care implies the appropriate supervision of the affairs of the company. As a corollary of this principle, a director cannot turn a “blind eye” to the affairs of the company, and subsequently plead that he was not aware of the act or omission that gave rise to the criminal offence. The law therefore requires and imposes that the director exercises active and continuous supervision of the affairs of the company so as to ensure that the company is compliant with the law whilst pursuing its commercial objectives.

In terms of the Companies Act, the personal liability of a director in damages for any breach of duty may not apply only in the following circumstances:

  1. when a duty is entrusted to one or more of the directors only (in which case only said director shall be liable for damages);
  2. when a director (in the case of co-directors) can prove that he was unaware of the alleged breach at the time of its occurrence and upon becoming aware of such breach he signified his dissent in writing; or
  3. when a director is aware that another co-director is planning a breach of duty and he/she takes all reasonable steps to prevent it.

The Maltese Courts have also applied reasoning that follows these principles, to some degree, in the context of criminal prosecutions. One landmark judgement is Pulizija vs. Cassar (26th August 1998), where the Court of Criminal Appeal decided that the accused, who was a NED of a company which operated a catering establishment, was to be held criminally responsible for breaches by the company of certain food safety legislation. The Court of Criminal Appeal explained that it was not possible for a director to escape criminal responsibility by merely remaining passive and by refraining from taking an active interest in whatever the company was doing. The Court noted that to avoid criminal liability, a director must prove that he/she had taken all the necessary steps to prevent the commission of the offence, and, in this case, since the director failed to establish proper procedures and safeguards, he was held criminally liable.

In Il-Pulizija vs. Stivala (2007) and Il-Pulizija vs. Farrugia (2009), the Court of Criminal Appeal recognised the principle that once a director resigns, he or she cannot be held criminally responsible for an offence committed after the date of his resignation.

As a matter of general observation, it is important to state that the personal liability of directors can never be waived by the company. Indeed Article 148(1) of the Companies Act provides that any written declaration exempting the director from such personal responsibility or undertaking to indemnify the director against any legal liability is deemed to be legally void. This is a mandatory public policy rule which cannot be derogated from.

Best practices for directors to mitigate the risk of liability

Personal criminal liability constitutes the highest level of risk which an individual may be exposed to, not only due to the severity of the punishment, but also since, in cases of vicarious criminal liability, the offence may be committed without any direct involvement or knowledge of the director as examined above. Whilst it is clear that reducing the risk of vicarious criminal liability is challenging, there are some measures that directors of a Maltese company can adopt in order to manage that risk.

To begin with, prior to accepting the role of director of a company, it is recommended that such individual carries out an extensive due diligence exercise on the company or board, targeted at the good standing of the company in question- whether or not it holds any government licence/s or permit/s to operate its business; whether or not all tax, VAT and social security dues have been settled; an analysis of any pending legal proceedings instituted by or against the company; and a comprehensive assessment of any environmental, health or other risks to which the company could be exposed, to name a few. If such a due diligence exercise raises any ‘red flags’, then the nominated director would be well advised to address all concerns that he/she may have prior to accepting the position and, if necessary, obtain the required legal, financial or other professional advice.

Once appointed, directors should also ensure that regular board meetings are held, and that such meetings are conducted in an organised and transparent manner. Minutes of meetings should always be kept, and directors should ensure that any dissenting opinions are properly recorded in these minutes. Such dissenting opinions could very well serve to exonerate the dissenting director in circumstances where the decision/s dissented from are the cause of the criminal liability risks. Here, again, the director should ensure that the appropriate professional advice is sought on any topics or issues with which he/she may not be entirely comfortable or conversant.

Other possible measures which could be implemented by directors who, for instance, wish to manage health and safety risks, would include the setting up of a Health and Safety Committee and the appointment of a Health and Safety Officer (appointed by the Board of Directors), who would be charged with ensuring that all health and safety records and measures are kept in an accurate and detailed manner.

Ultimately, each director taking a proactive involvement in the management of the company’s risks, and ensuring that the company’s internal control systems and governance structures are fully functional, serve as effective mechanisms to reduce the risk of exposure to vicarious criminal liability.


© GVZH Advocates- 2022

The contents of this piece do not constitute legal advice, are not intended to be a substitute for legal advice and should not be relied upon as such. You should seek legal or other professional advice in relation to the specific circumstances you or your organisation may be dealing with.

[1] Dr Joe Giglio, “Can a Company be sent to Prison?”, published in The Times of Malta, 1st September 2019, https://timesofmalta.com/articles/view/can-a-company-be-sent-to-prison.732067.

[2] Ibid.

More from GVZH Advocates