Corporate personality was designed to separate the individual from the entity.
Under the GST regime, that separation is no longer absolute.
Why I am saying this :
In late February 2026, the Directorate General of GST Intelligence arrested the Managing Director and Chief Executive Officer of Fino Payments Bank under Section 132 of the CGST Act as part of an investigation into alleged GST irregularities. The action, reportedly executed in the early hours, triggered immediate board-level responses and regulatory disclosures. Regardless of the eventual legal outcome, the enforcement signal was unmistakable. GST investigations can extend beyond the corporate entity and reach executive leadership.
Recent enforcement developments, including arrests under Section 132 of the CGST Act, have forced boards and Key Managerial Personnel to confront an uncomfortable reality. Tax compliance risk now extends beyond financial exposure into potential personal consequences.
For finance leaders, this is not a theoretical legal issue. It is a governance risk.
1. The Framework of Personal Exposure under the CGST Act
The GST penal architecture operates through a layered mechanism.
Section 132 provides for prosecution and arrest in cases involving specified offences, including fraudulent input tax credit claims and issuance of fake invoices.
However, the more structurally significant provision for executives is Section 137. Under Section 137(1), where an offence is committed by a company, every person who was in charge of, and responsible to, the company for the conduct of its business is deemed to be guilty unless they can demonstrate lack of knowledge or exercise of due diligence.
Section 137(2) further extends liability to directors, managers, secretaries, or officers if the offence occurred with their consent, connivance, or attributable negligence.
The law therefore creates a presumption of responsibility for those occupying operational control positions.
2. Civil Recovery vs Criminal Prosecution: A Structural Distinction
A critical but often misunderstood distinction exists between civil recovery and criminal exposure.
Section 89 – Liability of directors of private company
For private limited companies, Section 89 permits recovery of unpaid tax dues from directors personally if such dues cannot be recovered from the company. The burden shifts to the director to prove absence of gross neglect, misfeasance, or breach of duty.
This creates potential financial exposure beyond the corporate entity.
Public Limited Companies
The CGST Act does not contain a parallel civil recovery mechanism for directors of public limited companies under Section 89. However, this financial differentiation does not extend to criminal prosecution. Arrest and prosecution powers under Sections 69, 132, and 137 apply irrespective of listing status.
The shield, therefore, is partial and not absolute.
Parent – Subsidiary Structures – The Control Question
Modern corporate groups introduce additional complexity.
Legally, parent and subsidiary companies are separate entities. However, enforcement authorities may examine whether
(a) The parent exercised de facto operational control.
(b) Senior executives actively directed tax positions.
(c) Group-level financial policies influenced the disputed transactions.
Where active involvement or control is demonstrable, liability may extend under Section 137 principles.
Mere shareholding is insufficient. Operational involvement is the threshold.
Judicial Guardrails: Emerging Clarity
Recent judicial decisions have introduced important boundaries.
In the Shemaroo Entertainment matter, the Bombay High Court examined personal penalty exposure under Section 122(1A) and emphasized that individual liability requires clear statutory basis and evidence of personal involvement.
Similarly, judicial observations in other matters have reinforced procedural safeguards against coercive recovery practices during investigations.
These rulings do not eliminate exposure. They refine its limits.
Operational Safeguards: Activating the Due Diligence Defence
The statutory defence under Section 137 hinges on demonstrating that the offence occurred without knowledge and that due diligence was exercised.
This defence cannot be manufactured retrospectively. It must be engineered structurally.
Practical governance measures include
(a) System Embedded ITC Controls
ERP configurations must prevent credit recognition where vendor compliance conditions are unmet. Manual reconciliations are insufficient in large enterprises.
(b) Formal Delegation Framework
Board-level minutes should clearly document delegation of compliance execution to designated officers, along with reporting protocols.
(c) Independent GST Risk Audits
Periodic third-party compliance reviews, with documented corrective action, strengthen evidentiary positioning.
(d) Escalation Matrix
Defined thresholds for board-level reporting of indirect tax exposure reduce the risk of being characterized as in charge of operational missteps.
Due diligence is not a legal argument. It is a systems architecture.
A Governance Shift :
GST enforcement is increasingly adopting a top-down lens.
The question for boards is no longer -“has the tax team filed returns ?”
It is – “can we demonstrate organizational control over tax risk ?”.
The distinction is fundamental.
Conclusion :
Corporate personality remains intact. But it is no longer impermeable.
Under the CGST framework, personal exposure depends not merely on designation, but on operational responsibility and governance oversight.
In the current environment, compliance is not a departmental function. It is a board-level risk category.
The most effective protection is not litigation strategy.
It is systems discipline.
Author Bio
Nice content and Exploration. ethics is inevitable.