Sign in Subscribe
By noraimanismail in Oversight

Case file 1: FashionValet Sdn Bhd

Governance, Capital, 30 Maple, and the RM8 Million Question

FashionValet Sdn Bhd

(Oversight · Casefile)

What happened

FashionValet Sdn Bhd is a Malaysian fashion e-commerce company co-founded by Vivy Sofinas Yusof and Fadzarudin Shah Anuar. The company became well known not just for its commercial success, but also for its strong founder-driven public profile.

In 2018, FashionValet received institutional investment from government-linked entities, including Khazanah Nasional Berhad and Permodalan Nasional Berhad (PNB). Public statements later indicated that the combined investment amounted to RM47 million, with Khazanah investing RM27 million for a minority stake.

On 21 August 2018, prosecutors allege that RM8 million was transferred from FashionValet’s bank account to another company, 30 Maple Sdn Bhd. The prosecution’s case is that this transfer was made without board approval, despite the funds being entrusted to the directors for the purpose of managing FashionValet following institutional investment.

On 5 December 2024, Vivy Yusof and Fadzarudin Shah Anuar were jointly charged in court with criminal breach of trust (CBT). Both pleaded not guilty. The case is ongoing, and trial dates have been scheduled.

Separately, Khazanah and PNB later exited their investment. The Ministry of Finance stated publicly that the shares were sold for RM3.1 million, a significant reduction compared to the original investment amount.

No findings have yet been made by the court. This article does not assess guilt. It examines how a transaction of this nature should have been structurally impossible in a well-governed company.

The compliance failure(s)

At the centre of this case is a basic governance issue:

Can company directors move large sums of company money to another company without the board’s approval?

From a compliance and governance perspective, the alleged failure is not complex. It involves what professionals call a related-party transaction.

A related-party transaction is any transaction between a company and:

  • its directors,
  • their spouses,
  • or companies linked to them.

These transactions are not automatically illegal.
But they are high-risk and require strict controls, especially when institutional or public-linked funds are involved.

The prosecution’s allegation is that:

  • RM8 million was entrusted to the directors to manage FashionValet,
  • the money was transferred to 30 Maple Sdn Bhd,
  • and this happened without the approval of FashionValet’s board of directors.

If true, this points to a failure of internal controls, not just an individual decision.

Subscribe now

Root cause (What went wrong)

This situation reflects four common governance weaknesses seen in founder-led companies that scale quickly.

1. Founder authority without hardened boundaries

In early-stage companies, founders often make most decisions. This is normal. The problem arises when institutional capital enters, but decision-making controls do not mature alongside it.

Once a company accepts government-linked or institutional funds, founders are no longer operating purely on personal discretion. They become fiduciaries — people legally obliged to act in the company’s best interests.

A well-run company maintains:

  • a register of related parties,
  • mandatory disclosure rules,
  • and board-level approval requirements.

If a transfer to a related entity can occur without triggering these safeguards, the control framework is insufficient.

3. Board approval treated as paperwork, not a gate

Board approval is meant to be a pre-condition, not a formality after the fact.

When boards are informed only after money has moved or worse, not informed at all thrn governance exists in name only.

4. Finance functions without independence

In many startups, finance teams process payments but do not challenge them. Professionally, this is known as a lack of segregation of duties.

When the same people can propose, approve, and execute payments, control failure becomes a matter of when, not if.

How this should have been detected or prevented

A functioning governance system should have made this transaction difficult or impossible.

For non-professionals:
Think of it like a bank account that requires two keys and a written reason before money can be withdrawn.

For professionals:
These are standard controls expected once institutional capital is involved.

Key safeguards include:

  • A clear Delegation of Authority through Limits of Authority that sets clear financial limits and other relevant limitarions or powers.

  • Mandatory board resolutions for:

    • large payments

    • any related-party transaction

  • Dual-signature banking controls

  • A related-party register reviewed by the board or audit committee

  • Monthly reporting of non-routine transactions

If these controls exist and function properly, a single individual cannot quietly authorise a transfer of this size.

Quick fix in 30 / 60 / 90 days (aka Practical Remediation)

This is what a competent response looks like when a company realises its governance is not fit for purpose.

First 30 days — establish hard stops for the long run.

  • Reset financial approval limits immediately

  • Require board approval for:

    • any related-party transaction

    • any payment above a defined threshold

  • Lock down bank mandates to require multiple independent signatories

  • Create or update the related-party register

By 60 days — make decisions traceable and transparent.

  • Introduce a standard payment approval pack:

    • purpose of payment

    • counterparty

    • conflict declaration

    • approving authority

  • Formalise an Audit and Risk Committee, even if small

  • Require management to report all non-standard payments monthly

By 90 days — align accountability

  • Separate founder influence from treasury control
  • Appoint a finance lead with independent access to the board
  • Tie executive performance metrics to governance compliance
  • Conduct a targeted external review of payment and conflict controls

This is not excessive regulation.
It is basic corporate hygiene.

Lessons for everyone

For founders
The moment you accept institutional or public-linked capital, your freedom of action changes. Governance obligations do not wait until the company is “big enough.”

For boards
If you cannot demonstrate that approval mechanisms actually block unauthorised actions, you are not exercising oversight.

For investors and public institutions
Minority ownership does not remove accountability. Capital without enforceable governance creates reputational risk.

For the public
Cases like this are not about personalities. They are about whether systems exist to protect entrusted money.

The court will determine criminal liability.
But the governance lesson is already clear.

A properly designed control framework makes it structurally difficult to misuse company funds — even by founders.

This was preventable.
Only if oversight is treated as a system, not a trust exercise.

Subscribe to The Compliance Project

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe