Under the National Anti-Corruption Strategy (NACS) launched by the Prime Minister Datuk Seri Anwar Ibrahim in May 2024, various tax incentives have been introduced to encourage the participation and contribution of individuals and companies in anti-corruption programmes.

The enhanced perks come as the authorities recognise that a business landscape anchored on strong governance and transparency principles can become more appealing to foreign investors and external stakeholders. For businesses, implementing anti-corruption measures aligned with international standards can serve as a form of defence (mitigation) against legal risks.

Companies that obtain the Anti-Bribery Management System (ABMS) ISO 37001 accreditation – a standard published by the International Organisation for Standardisation (ISO) – are eligible for double tax deductions¹ on expenses related to their assessment and certification.

Increasingly, obtaining such a certification is becoming vital for organisations, as the authorities have made it a minimum criterion for bidding on government contracts with a procurement value of RM10 million and above. The increasing regulatory pressure, media headlines of high-profile corruption cases, and tax incentives have further strengthened the case for the corporate sector to proactively adopt anti-corruption certification standards.

Here is a closer look at ISO 37001 and other certification programmes that can help companies strengthen their overall governance frameworks.

ISO 37001 – Anti-Bribery Management Systems (ABMS)

ISO is an independent, non-governmental organisation that develops and publishes standards across a wide range of industries globally. Its ISO 37001 is an ABMS standard published in October 2016 that is used by companies across the world to establish, implement, maintain, and improve an anti-bribery compliance programme through a series of measures and controls that represent global anti-bribery good practice.

The standard was adapted in Malaysia in October 2017 following MACC’s application to the Department of Standards Malaysia to adopt ISO 37001 in December 2016.

ISO 37001 is a flexible standard that can be adapted to a wide range of organisations, including large corporations, small & medium sized enterprises (SMEs), public and private sector organisations and non-governmental organisations (NGOs).

As the global benchmark for anti-corruption, this certification tackles two critical forms of corruption, namely:

1. Bribery by the organisation, or by its personnel or business associates acting on the organisation’s behalf or for its benefit.

2. Bribery of the organisation, or of its personnel or business associates in relation to the organisation’s activities.

Key Components of Anti-Corruption Certification Programmes

Adopting ISO 37001 requires business entities to implement a series of measures and controls in a reasonable and proportionate manner to help prevent, detect, and deal with bribery². According to ISO, this should be achieved through:

1. Anti-bribery policy - Establishing and enforcing a clear anti-bribery policy, outlining the responsibilities of employees and associates.

2. Management leadership, commitment and responsibility - Top management must demonstrate support and provide resources for the anti-bribery system.

3. Personnel controls and training – Regularly training employees and stakeholders on anti-bribery policies and responsibilities.

4. Risk assessments – Identifying and mitigating bribery risks through regular risk assessments.

5. Due diligence – Conducting due diligence on business associates and relevant third parties.

6. Financial, commercial and contractual con – Establishing and implementing financial, commercial, and contractual controls.

7. Reporting, monitoring, investigation and review – Using financial and non-financial controls for reporting, monitoring, and whistleblowing.

8. Corrective action and continual improvement – Addressing non-compliances and continuously improve the anti-bribery system.

Value of Anti-Corruption Certifications

An effective ABMS establishes systematic controls for organisations to prevent bribery and serves as a check and balance to ensure continuous compliance in line with Section 17A of the Corporate Liability Act of the MACC Act 2009 (Amendment 2018), which took effect on 1 June 2020 ³.

Anti-corruption certification may benefit companies in both financial and non-financial terms by:

1. Setting minimum requirements and supporting guidance for implementing or benchmarking an anti-bribery management system

2. Providing assurance to stakeholders, including management, investors, employees, and customers that the organisation is actively working to prevent bribery

3. Supplying evidence for investigations that the organisation has taken reasonable steps to prevent bribery

4. Preventing and reducing the legal, reputational, and financial consequences of bribery

The Certification Process

A successful anti-corruption certification involves several steps that every organisation must follow. Companies in Malaysia can obtain their ISO 37001 credential through licensed certification bodies such as SIRIM QAS International Sdn Bhd, Société Générale de Surveillance (SGS) Malaysia, British Standards Institution (BSI) Group Malaysia, and Technischer Überwachungsverein Süd (TÜV SÜD) Malaysia.

While the certification steps may vary slightly between these bodies, the process includes six key steps summarized below:

Adapted from: SIRIM QAS, TÜV SÜD, and BSI Group

1. Application – The applicant submits the application form and fee after accepting the quotation. An audit team leader will be assigned to oversee the client file.

2. Stage 1 Audit – The client’s ABMS documentation is reviewed to confirm readiness for ISO 37001:2016 certification. Findings are categorised as critical or non-critical, with critical issues to be addressed before Stage 2.

3. Stage 2 Audit – The documented evidence for the implementation of ABMS is evaluated using interviews, sampling, and record reviews. Findings are categorised as minor non-conformities, major non-conformities, or observations. Major non-conformities require an on-site follow-up visit, where the lead auditor reviews the Corrective Action Plan (CAP).

4. Recommendation – Upon successful completion of Stage 2 Audit and resolution of any nonconformities, the lead auditor drafts a recommendation report for certification.

5. Issuance of certificate – ISO 37001:2016 will be issued by the certification committee upon payment of all fees and the signing of the certification agreement. The certificate issued is valid for three years from the approval date subject to surveillance audits.

6. Surveillance – Annual surveillance audits are conducted to ensure the client’s continued compliance with the certification conditions and ISO 37001:2016 standards. Similar to the Stage 2 Audit, these audits assess the implementation of the ABMS. A re-certification audit (combining Stage 1 & 2 Audit) is conducted in the third year if the client wishes to extend the certification.

Corporate Integrity System Malaysia (CISM)

Similar to ISO 37001, organisations in Malaysia can also benefit from adopting Corporate Integrity System Malaysia (CISM) as part of their anti-bribery management system. Established in 2010 by the Malaysian Institute of Integrity, the CISM is a structured programme that aims to institutionalise good governance and integrity within the business landscape in Malaysia⁴.

It is one the initiatives highlighted by the Malaysian government to combat corruption in the private sector in the NACS. CISM is a flexible programme that can be adapted into various categories and sizes of registered business entities in Malaysia by following the implementation phases below:

Step 1: Application & Registration – Register for the CISM Program via the CISM portal.

Step 2: Implementation Complete seven CISM initiatives within two years using the Implementation Checklist.

Step 3: Monitoring – Update initiative progress every three months on the CISM portal until reaching 100 per cent completion.

Step 4: Certification – Receive a participation certificate upon fulfilling all requirements, achieving full completion, and passing the MACC due diligence.

It is conducted through a series of group discussions, webinars, quizzes and consultations covering the five key topicsstated below:

1. Topic 1 Corporate Integrity System Malaysia (CISM)

2. Topic 2 Leadership & code of ethics

3. Topic 3 Anti-corruption policies

4. Topic 4 Corruption risk management & training and communication

5. Topic 5 Governance, integrity & anti-corruption policies

Participation in CISM is free and voluntary and acts as an initial preparation for companies that are looking to obtain the MS ISO 37001:2016 ABMS certification.⁵ Adopting this programme signals a company’s commitment to combat corruption by upholding five core anti-corruption principles of transparency and accountability for businesses in Malaysia:

1. Commitment to promote values of integrity, transparency, accountability, and good governance

2. Strengthen internal controls to support corruption prevention

3. Comply with laws, policies and procedures related to corruption prevention

4. Fight any form of corruption

5. Support corruption prevention initiatives of the Malaysian government and the MACC

Case Study: Duopharma Biotech Berhad’s Anti-Corruption Certification

Malaysia’s leading pharmaceuticals company, Duopharma Biotech Berhad was awarded the ISO 37001 certification in March 2021 by SIRIM QAS International Sdn Bhd. The certification body confirmed the compliance of Duopharma’s ABMS with international standards without any non-conformance reports issued by the auditors.

Duopharma’s ABMS certification journey began in early 2018, involving a comprehensive analysis of the company’s processes, procedures, and activities. It has implemented a robust framework of policies and guidelines in line with its commitment to promote a culture of ethics and integrity, which includes:

1. Ethics and integrity policies

2. Corruption risk management policies

3. Anti-bribery and anti-corruption policies

4. Whistleblower policy

These efforts align with the MACC’s Guidelines on Adequate Procedures introduced in 2018, ensuring compliance with Section 17A (5) of the MACC Act 2009 alongside ISO 37001 requirements.

Duopharma Biotech is also the first pharmaceutical company in Malaysia to earn the Business Ethics Institute of Malaysia (BEIM) Five Petal Gold Ethics Award in 2020, which recognises companies for progressive steps in ethics and integrity.