Regular corruption risk assessments and robust third-party management practices are essential
components for creating a culture of compliance and transparency. A 2023 survey by global advisory firm KPMG found that such assessments are common practice among global companies, with 71 percent of
respondents conducting documented corruption risk assessments and almost half conducting these
assessments on a regular basis.
Moreover, companies which implemented these assessments reported more engaged boards.
“Respondents that performed (corruption) risk assessments were more than twice as likely to agree with
the proposition that their boards are adequately engaged with respect to their anti-corruption compliance
programs, resources and risks,” said KPMG. Conversely, respondents not conducting corruption risk
assessments were approximately four times more likely to disagree with the proposition that their boards
are adequately engaged with these topics.
Furthermore, the report stated corruption risk assessments are a foundational element of an effective
compliance programme and helps to identify, prioritise and provide an important means of
communicating internally, including with senior management and the board, about the anti-corruption
programme and how best to deploy resources to manage and mitigate risk.
Regulatory Requirements
In Malaysia, regular corruption risk assessments are required by companies under tightening regulations
to counter the twin threats of bribery and corruption. Section 17A amendment of the Malaysian Anti-Corruption Commission Act 2009 (MACC Act) which was passed in 2020, introduced the Corporate Liability
Provision, which holds organisations accountable for criminal acts of bribery and corruption.1 Directors
and senior management are now liable for the actions of any person involved in corrupt acts in their organisation, unless it can be proven that the organisation had undertaken “adequate procedures” to
mitigate the fraud, bribery, or corruption risks from materialising.2
The supporting Guidelines on Adequate Procedures (GAP) issued by the Prime Minister’s department in December 2018, built on five ‘T.R.U.S.T.’ principles, states that corruption risk assessments should be reviewed periodically with a comprehensive assessment performed once every three years.
Companies listed on Bursa Malaysia are also bound to the listing requirements, that require all listed
issuers and their board of directors to ensure that policies and procedures on anti-corruption and whistle-blowing are established and maintained throughout the organisation.3 Drawing from the GAP, these
policies are to be reviewed periodically and corruption risk is to be included in the issuer’s annual risk
assessment.4
Bursa Malaysia’s Enhanced Sustainability Reporting Framework also calls for the inclusion of anti-corruption matters and indicators to be reported in sustainability statements by Main Market-listed
companies for or after the financial year ended 31 December 2023. ACE Market companies must fulfil this
requirement for financial years ended on or after 31 December 2025. Common indicators used to disclose
corruption risk include the percentage of operations assessed for corruption-related risks, as well as the
percentage of employees who have received training on anti-corruption and confirmed incidents of
corruption and action taken towards them.5
Value of Corruption Risk Assessment
To mitigate corruption risks, companies should adopt early preventative measures early on, proactively
managing risks by anticipating challenges and strategically implementing solutions to minimise potential
adverse effects before they occur.
According to KPMG6, corruption risk assessment can help a firm achieve a number of important
compliance objectives, including:
- Fostering discovery of relevant risks, processes and controls
- Educating leadership about compliance concerns
- Promoting preventive and early detection strategies over reactive strategies
- Identifying business strengths and stakeholders
- Facilitating the satisfaction of corporate director obligations
Risk assessments can help businesses identify systemic weaknesses that could expose a company to
corruption and bribery, as well as evaluate the likelihood and potential impact of corruption, according
to the global anti-corruption coalition Transparency International.7
Corruption Risk Assessment - Basis of Anti-corruption Efforts
Referring again to the GAP’s ‘T.R.U.S.T.’ principles, a corruption risk assessment should form the basis of
an organisation’s anti-corruption efforts. According to the guideline, the assessment should be used to
establish appropriate processes, systems and controls approved by the top level management to
mitigate the specific corruption risks the business is exposed to.
The GAP also recommends comprehensive risk assessments be done every three years, with intermittent
assessments conducted when necessary. While these can be done on a stand-alone basis, companies are
recommended to incorporate their corruption risk assessments into their general risk register. The
following aspects should be covered:
- opportunities for corruption and fraud activities resulting from weaknesses in the organisation’s
governance framework and internal systems/procedures;
- financial transactions that may disguise corrupt payments;
- business activities in countries or sectors that pose a higher corruption risk;
- non-compliance of external parties acting on behalf of the commercial organisation regarding
legal and regulatory requirements related to anti-corruption;
- relationships with third parties in its supply chain (e.g. agents, vendors, contractors, and
suppliers) which are likely to expose the commercial organisation to corruption.
Transparency International Malaysia (TIM) points
out that risk assessments should cover all business
activities across every location where the
organisation has active operations. “There should
be a prior process of stakeholder mapping to
identify all associates through whom the
organisation is exposed to corruption risk,” the
organisation said.8
Third party relationships in particular are seen as
the greatest risk in tackling corruption, according to
KPMG’s survey in 2023. (See graph) In assessing
these risks, companies can refer to literature on
building effective third party risk management
programmes, which could involve categorising
these risks into high, medium and low categories.
9
Risk Assessment Tools
A variety of risk assessment frameworks have been developed by international organisations to support
businesses in assessing their corruption risks.
1. United Nations Global Compact – A Guide for Anti-Corruption Risk Assessment
This guide seeks to provide a practical, step-by-step guidance on how to conduct an anti-corruption risk
assessment. Includes a six-step process to complete the assessment: establish the process, identify the
risks, rate the risks, identify mitigating controls, calculate remaining residual risk and develop an action
plan.
2. Guidance on Good Practice and Checklist for Adequate Procedures
Transparency International Malaysia has developed a checklist to guide commercial organisations on
the implementation of a holistic anti-bribery and corruption programme (ABC Programme) covering the
actions of employees as well as associates within the organisation’s stakeholder network. Transparency
International Malaysia included a risk assessment checklist in its guidance.
National Developments
Looking ahead, Malaysian companies can expect to see an increasing emphasis by regulators on
strengthening corporate integrity and preventing corruption. Prime Minister Datuk Seri Anwar Ibrahim
has reaffirmed his administration’s commitment towards improving corporate integrity and governance,
with the aim of Malaysia reaching a Top 25 position in the global Corruption Perceptions Index within the
next 10 years.10
To that end, the government is preparing to table the Public Sector Governance Act and Integrity Plan this
year, a corruption-free governance guide for all entities in both the public and private sectors. MACC will
also be launching its National Anti-Corruption Strategy 2024-2029 later this year, which will focus on the effectiveness of corruption prevention and improve governance and integrity in civil service
administration and government-linked companies.11
By implementing corruption risk assessments as part of their broader anti-bribery and corruption plans,
Malaysian companies can demonstrate their commitment to upholding corporate integrity in line with
the country’s agenda of fighting corruption.
-
-
Tags : Corporate Governance