Regular corruption risk assessments and robust third-party management practices are essential components for creating a culture of compliance and transparency. A 2023 survey by global advisory firm KPMG found that such assessments are common practice among global companies, with 71 percent of respondents conducting documented corruption risk assessments and almost half conducting these assessments on a regular basis.

Moreover, companies which implemented these assessments reported more engaged boards. “Respondents that performed (corruption) risk assessments were more than twice as likely to agree with the proposition that their boards are adequately engaged with respect to their anti-corruption compliance programs, resources and risks,” said KPMG. Conversely, respondents not conducting corruption risk assessments were approximately four times more likely to disagree with the proposition that their boards are adequately engaged with these topics.

Furthermore, the report stated corruption risk assessments are a foundational element of an effective compliance programme and helps to identify, prioritise and provide an important means of communicating internally, including with senior management and the board, about the anti-corruption programme and how best to deploy resources to manage and mitigate risk.

In Malaysia, regular corruption risk assessments are required by companies under tightening regulations to counter the twin threats of bribery and corruption. Section 17A amendment of the Malaysian Anti-Corruption Commission Act 2009 (MACC Act) which was passed in 2020, introduced the Corporate Liability Provision, which holds organisations accountable for criminal acts of bribery and corruption.¹ Directors and senior management are now liable for the actions of any person involved in corrupt acts in their organisation, unless it can be proven that the organisation had undertaken “adequate procedures” to mitigate the fraud, bribery, or corruption risks from materialising.²

The supporting Guidelines on Adequate Procedures (GAP) issued by the Prime Minister’s department in December 2018, built on five ‘T.R.U.S.T.’ principles, states that corruption risk assessments should be reviewed periodically with a comprehensive assessment performed once every three years.

Companies listed on Bursa Malaysia are also bound to the listing requirements, that require all listed issuers and their board of directors to ensure that policies and procedures on anti-corruption and whistle-blowing are established and maintained throughout the organisation.³ Drawing from the GAP, these policies are to be reviewed periodically and corruption risk is to be included in the issuer’s annual risk assessment.⁴

Bursa Malaysia’s Enhanced Sustainability Reporting Framework also calls for the inclusion of anti-corruption matters and indicators to be reported in sustainability statements by Main Market-listed companies for or after the financial year ended 31 December 2023. ACE Market companies must fulfil this requirement for financial years ended on or after 31 December 2025. Common indicators used to disclose corruption risk include the percentage of operations assessed for corruption-related risks, as well as the percentage of employees who have received training on anti-corruption and confirmed incidents of corruption and action taken towards them.⁵

To mitigate corruption risks, companies should adopt early preventative measures early on, proactively managing risks by anticipating challenges and strategically implementing solutions to minimise potential adverse effects before they occur.

According to KPMG⁶, corruption risk assessment can help a firm achieve a number of important compliance objectives, including:

1. Fostering discovery of relevant risks, processes and controls
2. Educating leadership about compliance concerns
3. Promoting preventive and early detection strategies over reactive strategies
4. Identifying business strengths and stakeholders
5. Facilitating the satisfaction of corporate director obligations

Risk assessments can help businesses identify systemic weaknesses that could expose a company to corruption and bribery, as well as evaluate the likelihood and potential impact of corruption, according to the global anti-corruption coalition Transparency International.⁷

Referring again to the GAP’s ‘T.R.U.S.T.’ principles, a corruption risk assessment should form the basis of an organisation’s anti-corruption efforts. According to the guideline, the assessment should be used to establish appropriate processes, systems and controls approved by the top level management to mitigate the specific corruption risks the business is exposed to.

The GAP also recommends comprehensive risk assessments be done every three years, with intermittent assessments conducted when necessary. While these can be done on a stand-alone basis, companies are recommended to incorporate their corruption risk assessments into their general risk register. The following aspects should be covered:

1. opportunities for corruption and fraud activities resulting from weaknesses in the organisation’s governance framework and internal systems/procedures;
2. financial transactions that may disguise corrupt payments;
3. business activities in countries or sectors that pose a higher corruption risk;
4. non-compliance of external parties acting on behalf of the commercial organisation regarding legal and regulatory requirements related to anti-corruption;
5. relationships with third parties in its supply chain (e.g. agents, vendors, contractors, and suppliers) which are likely to expose the commercial organisation to corruption.

Looking ahead, Malaysian companies can expect to see an increasing emphasis by regulators on strengthening corporate integrity and preventing corruption. Prime Minister Datuk Seri Anwar Ibrahim has reaffirmed his administration’s commitment towards improving corporate integrity and governance, with the aim of Malaysia reaching a Top 25 position in the global Corruption Perceptions Index within the next 10 years.¹⁰

To that end, the government is preparing to table the Public Sector Governance Act and Integrity Plan this year, a corruption-free governance guide for all entities in both the public and private sectors. MACC will also be launching its National Anti-Corruption Strategy 2024-2029 later this year, which will focus on the effectiveness of corruption prevention and improve governance and integrity in civil service administration and government-linked companies.¹¹

By implementing corruption risk assessments as part of their broader anti-bribery and corruption plans, Malaysian companies can demonstrate their commitment to upholding corporate integrity in line with the country’s agenda of fighting corruption.