In the wake of Malaysia’s 14th General Elections in May this year, an important piece of legislation seems to have slipped under the radar.
The Malaysian Anti-Corruption Commission Act 2009 was amended to introduce corporate liability for bribery and corruption for the first time. After years in legal limbo, the amendment was pushed through just days before the May elections.
When the amendment comes into force, companies and their leaders are no longer immune to the corporate wrongdoings of their people. They could be held accountable for their employees’ involvement in corruption if investigations uncover that they failed to take adequate steps to prevent it from occurring.
The amendment significantly broadens the scope of the Malaysian Anti-Corruption Commission Act 2009 and increases the possible financial penalties — to at least ten times the value of the bribe or RM1 million (about $240,000), whichever is higher.
Any director or manager of an organization deemed to have been even indirectly responsible could face these financial penalties, potentially along with up to 20 years in prison.
A few situations where a superior may be held responsible for the fraudulent acts committed by his or her subordinates include when the superior authorized the misconduct or turned a blind eye on it, or when they failed to act reasonably in uncovering or preventing the fraudulent acts.
If any third party acting on an organization’s behalf is involved in bribery, the organization is potentially culpable. This rule applies to business leaders, their employees and their agents — both in Malaysia and anywhere else in the world the organization operates.
The amendment also gives companies a new defense.
The new provisions were written with reference to the UK Bribery Act 2010 and a notable similarity is found in the concept of an adequate procedures defense. Under the amendment, if a company can prove that it took sufficient steps (or adequate procedures’) to prevent bribery and corruption from occurring, this will be taken into account should a crime still occur. It may even provide a legal defense for the company.
The Malaysian Anti-Corruption Commission has also announced the release of a Malaysian version of the Anti-Bribery Management System ISO standard: MS ISO37001, which outlines key requirements that guide companies in implementing an anti-bribery compliance program. If companies meet those standards, they will then be awarded an ISO certification.
Getting certified should not be treated as a “silver bullet,” with the assumption that it will make your vulnerabilities to bribery and corruption disappear. Any anti-bribery program must be robust enough to operate under — and withstand — real world pressures.
The Malaysian government is expected to publish guidance on the procedures it will consider “adequate.” In the meantime, we have developed a series of recommendations based on our experience working with clients in the UK and under several other pieces of international anti-corruption legislation such as the FCPA and the new French Sapin II Law:
Tone from the top – Leaders must make it clear that bribery and corruption in any form is unacceptable. Messages alone are not enough — management must lead by example.
Risk assessments – No organization can confront and mitigate its risks if those risks are not known and understood. Regular, formal, targeted and documented risk assessments must be an intrinsic part of any company’s DNA. However, our recent Global Economic Crime and Fraud Survey 2018 (Malaysia report) showed that 19 percent of Malaysian respondents to the survey have not performed any form of fraud risk assessment in the last two years.
Policies and procedures – Clear, succinct, easily accessible, and regularly updated policies and procedures are necessary, as these communicate how employees (and possibly relevant third parties) are expected to uphold and practice good ethical conduct in the workplace.
Managing third parties and due diligence – Now that the actions of third parties can implicate the company and its managers in a crime, proper due diligence and effective business partner management have never been more crucial in an anti-bribery management system.
Communication and training – Keep employees, and where relevant, third parties informed of anti-bribery and corruption updates, through organisation-wide communications, risk-based training tailored to the local cultures and needs, and delivering a strong anti-corruption message internally as well as externally.
Effectiveness testing and continuous improvement – After an anti-bribery management system or wider compliance programme has been put in place, companies should continuously seek to improve their defenses, understanding that the threats they face can evolve.
Monitoring and review – Decisions by management around anti-bribery and corruption can only be as good as the data on which they are based. A high quality monitoring program, and review by an appropriately senior employee of the firm, can help organizations respond to corruption risks as best as possible. The important message under these last two points is that effective compliance programs are continuously refined based on lessons learned and a deep understanding of constantly changing risks.
There’s no one-size-fits-all model in combating bribery and corruption. Even in the banking industry alone, investment banks may need to take a different approach than development banks. The important point to note is that all adequate procedures taken should be proportionate to the structure of the business.
The amendment will not come into force for some time yet. But the push for the introduction of these regulations are clear signals. Organizations doing business in Malaysia are going to have to do a lot more to root out corruption, and rebuild trust in business.
That business leaders could be sent to prison or fined for failing to prevent their employees from breaking the law should spur change in Malaysia.
Peter Viksnins, pictured above, is an Executive Director and Core Forensic Services & Anti-Corruption Leader, PwC Malaysia. He has investigated fraud and corruption in over 30 countries.Until his move to Malaysia in 2016, he was also an adjunct professor at the George Washington University, where he taught a Fraud Examination and Forensic Accounting course to Masters of Accountancy students for two years. He can be contacted here.