Several months before the 14th General Election in 2018, a new provision called the Corporate Liability Provision was added into the existing MACC Act 2009 (Act 694) prevent bribery and corruption involving commercial organisations. The amended act was gazetted on 4th May 2018. The term “Commercial organisations” covers companies incorporated under the Companies Act 2016 (Act 777), companies formed under the Partnership Act 1961 (Act 135) and limited liability partnership registered
under Limited Liability Partnership Act 2012 (Act 743).
What does this new Section 17A mean for Malaysian companies?
This new provision simply means that a commercial organisation commits an offence if any person associated with that commercial organization corruptly gives, agrees to give, promises or offers to any person any gratification for the benefit of the
commercial organization. In these cases, the top management – including directors or representatives – may be liable regardless of whether they had knowledge of the corrupt acts committed by their employees or any associated persons. The whole
idea of this Section 17A is based on the doctrine of vicarious liability, where the master is made liable for the acts of his/her servant. This is to ensure that businesses do not engage in any form of corrupt practices.
Are Malaysian companies ready?
With the new Corporate Liability Provision kicking in from June 2020, how many Malaysian companies are prepared for the new regulations?
Currently, many companies be it listed, non-listed, government-linked, SMEs, etc. have been preparing to get “adequate procedures” in place. This refers to controls and monitoring mechanisms to prevent employees or associates from undertaking corrupt
practices in relation to business activities. Organisations which are found liable for offences under the new Corporate Liability Provision can raise adequate procedures as a defence. This is important given the severe penalties with fines which
could be ten times the value of the gratification or RM 1 million (whichever is higher), or imprisonment for a term not exceeding 20 years or both for individuals involved.
What actions should companies take?
In view of the stiff penalties, company directors in particular should take the initiative to understand this new provision, provide sufficient oversight on the management of bribery and corruption risks within their organisation, and ensure that management implement appropriate adequate procedures.
They will have to be proactive in setting up policies and business codes of conduct, conducting training for employees and stakeholders to communicate these policies, as well as assessments to ensure these measures are effective. In fact, Directors should impress on the CEO and the top management on the gravity of this provision, requiring updates in this area as a standard agenda in all board meetings. This is the best way to keep the management on their toes to monitor
and curb any form of corruption in the commercial organisations. Overall, the organisation has to be proactive in setting up policies and business codes of conduct, conducting training for employees and stakeholders to communicate these policies, as well as assessments to ensure these measures are effective.
Furthermore, to implement adequate procedures, companies can opt for existing systems such as the Anti Bribery Management System (ISO 37001) or guidelines of CISM (Corporate Integrity System Malaysia). Some companies also have their own governance
and compliance guidelines which are robust enough to meet this new corporate liability provision. Some MNCs have set up robust adequate procedures based on the UK Bribery Act or the US’s FCPA (Foreign Corrupt Practice Act).
Five Principles of the Ministerial Guidelines on Adequate Procedures
As per section 17A (5), the Minister in the Prime Minister’s Department YB Datuk Liew Vui Keong issued a set of Guidelines on Adequate Procedures . Under these guidelines, there are key areas that commercial organisations must focus
on to ensure that the organization is protected from any wrongdoing by its employees or associates.
The 5 principles are as follows:
- Tone at the top
Interestingly, ABMS ISO 37001 and the UK Bribery Act 2010 also starts with top management. This refers to the responsibility of the Board of Directors and Chief Executive Officer to ensure that everyone in the organisation practises the highest
level of ethics and integrity, complies with all applicable laws and regulations and that corruption risks are being managed effectively. This is fundamental because without the commitment of top leadership, it will be difficult for commercial
organisations to see through full compliance to this provision. The Board has to ensure that the top management of the organisation is fully committed to this initiative.
- Corruption Risk Assessment
It is core to an organisation’s anti-corruption efforts to identify internal and external risks and put in appropriate controls and processes to mitigate these risks. Though the frequency of risk assessments can be decided by individual organisations,
a comprehensive assessment should be conducted on a frequent basis and it would be prudent to conduct the assessment yearly. Such yearly assessments will be useful due to rapid changes in the current business landscape, such as cyber technology
which could pose new types of fraud and corruption risks. Businesses could include corruption risk assessments as part of their business strategic plan – both for their domestic and international business.
- Undertake Control Measures
Control measures can be put in place to address the corruption risks identified. It is worth noting that the set of measures put in place is likely to be distinctive to every individual organisation (e.g. considering the combinations of countries/regions where they operate, nature of business). One size does not fit all. Examples of control measures covering both internal and external stakeholders include:
- conducting due diligence or setting up whistle blowing channels to raise concerns of corruption;
- declarations of any conflicts of interest, policies on gifts, hospitality, entertainment, or other financial and non-financial controls.
- Systematic Review, Monitoring & Enforcement
Top management should ensure that controls and systems put in place are regularly reviewed and its effectiveness measured. Top management should bear this responsibility and this includes internal or external audits to ensure employees and associates comply
with anti-corruption policies and procedures. Where there are breaches in procedures and controls by employees or associates, appropriate disciplinary action should be taken and/or reported to the relevant authorities.
- Communication and Training
It is very important to get the message across to all stakeholders about the organisation’s policies on anti-corruption. Such messages can be conveyed through the organisation’s website, intranet, emails, code of business conduct, employees’ handbook
or videos. To complement this, commercial organisations should also conduct training sessions for both internal and external stakeholders to ensure they are aware of the consequences if they violate the law.
The Malaysian Anti-Corruption Commission (MACC) has conducted several road shows and seminars throughout the country to create awareness and prepare commercial organisations for the Corporate Liability Provision. The Malaysian and foreign business
community operating in Malaysia should welcome this new provision as an opportunity for the country to move forward in its efforts against corruption and bribery.
Author: Dr Muhammad Mohan, President of Transparency International Malaysia