As noted in our previous post for the FCPA Blog, Malaysia passed the Malaysian Anti-Corruption Commission (Amendment) Bill 2018 last year. This amendment introduced a provision that holds corporations, and their directors, officers, and managers, potentially liable for failing to prevent acts of bribery and corruption.
This development brings Malaysian anti-corruption legislation on par with global standards such as the UK Bribery Act 2010 and France’s Sapin II.
To reflect the government’s commitment to fighting corruption, the amendment raised the penalties for non-compliance to at least RM1 million (approximately $245,000), and/or the possibility of up to 20 years in prison for culpable senior management and/or directors. With such hefty penalties, many were understandably anxious for updates on what would constitute “adequate procedures.” And what would count as having taken sufficient steps to prevent bribery and corruption in an organization.
In December 2018, we were given answers when the Malaysian Prime Minister’s Department issued its “Guidelines on Adequate Procedures.” These provisions come into effect on June 1, 2020, giving Malaysian companies, and those operating in Malaysia, just 18 months to prepare.
As expected, the guidelines generally mirror those issued by the UK Ministry of Justice for the UK Bribery Act 2010. Malaysia’s guidelines, however, follow an easy-to-remember and extremely apt acronym: T.R.U.S.T.
T: Top level commitment
R: Risk assessment
U: Undertake control measures
S: Systematic review, monitoring and enforcement
T: Training and communication
One key similarity between the UK guidance and Malaysia’s guidelines is the concept of proportionality. Essentially, in order for a compliance program to be proportionate in the UK, Malaysia, or anywhere in the world, it would need to look very different for a multinational bank than for a small, local retailer. A notable difference, however, is that the UK sets proportionality as its very first principle, while Malaysia notes that proportionality underlies the entire program.
As noted in para 3.4 of the Introduction in Malaysia’s guidelines, “These guidelines are not intended to be prescriptive and it should not be assumed that ‘one-size-fits-all.’ They should be applied practically, in proportion to the scale, nature, industry, risk and complexity of the organization.” This underlines the importance of “Top level commitment” and “Risk assessments” when first designing and subsequently implementing any anti-corruption program.
While acknowledging that the guidelines are not a detailed map of an anti-corruption compliance program, what surprised us was the fact that they only touch briefly on managing third-party risk and conducting sufficient due diligence, as a small part of “Undertaking control measures.” The UK guidance, in contrast, dedicates a whole Principle to the subject. Given the importance and nature of business relationships — and the prevalence of intermediary agents in Malaysia which became an integral part of culture over time — this is an area companies should take more seriously than a face-value reading of the guidelines might suggest.
The actions of intermediary agents are certainly one of the principal areas of focus for any UKBA / FCPA regulatory investigation, making it a key expectation of international companies seeking reputable business partners in the region. The seemingly light approach in the Malaysian guidelines should not be interpreted as an area of lesser importance for the MACC.
A further point of interest is a small definition found in the Appendix. Section iv) k) defines a “public body” as “any company and subsidiary company over which or in which any public body [for example, the Government of Malaysia or a department thereof, such as the Ministry of Finance] … has controlling power or interest.” Until now, Malaysia’s position had been unclear on whether officers of State-Owned Enterprises (SOEs) or other Government-Linked Companies (GLCs) count as public officials.
The new definition, along with the confirmation that “public official” means “an officer to a public body” (and therefore probably not extended to staff and employees) goes a long way in eliminating ambiguity and providing much needed clarity on this contentious topic. The prospect that officers of Malaysia’s GLCs and Government-Linked Investment Companies (GLICs) meet the definition of a public official may be of great interest to FCPA practitioners whose work calls for them to turn their attention to Malaysia.
It remains to be seen just how the principles set out in the guidelines will be measured and assessed. However, we believe that they provide a welcome push for businesses operating in Malaysia as they continue to heighten their efforts in stamping out corruption. It’s important to reiterate that corporate liability comes into force in less than 18 months, and “Undertaking control measures” itself is unlikely to be a short exercise.
What’s more, it cannot be completed without first performing a robust risk assessment, another endeavor that should not be underestimated, once the size and complexity of an organization come into play. The key takeaway? Don’t waste another day by delaying your response to the Act. Develop and embed T.R.U.S.T in your organization today.
Pete Viksnins, pictured above left, is an Executive Director and Core Forensic Services & Anti-Corruption Leader, PwC Malaysia. He has investigated fraud and corruption in over 30 countries.Until his move to Malaysia in 2016, he was also an adjunct professor at the George Washington University, where he taught a Fraud Examination and Forensic Accounting course to Masters of Accountancy students for two years. He can be contacted here.
Michael Sprake, above right, is a Director in the PwC Malaysia Forensics team. He has nearly 20 years of experience working in the field of financial crime and risk management including complex fraud, money laundering, sanctions and bribery and corruption. His career has included over 12 years working for UK Law Enforcement and prior to his current role he headed the financial crime compliance function for a global bank in Malaysia. He can be reached here.