• Instgram
  • LinkeIn
  • Lexologoy

Compliance Framework in Business Corporations


We published a newsletter regarding compliance framework in Business Corporations.
To view the PDF version, please click following link.

Compliance Framework in Business Corporations


Compliance Framework in Business Corporations
The importance of Company’s Policies and Procedures

February 2022
One Asia Lawyers Group
Yuki Hashimoto
Lawyer (Japan)
  Farhatun Najad Zulkipli
Lawyer (Malaysia)



“Compliance Framework” is a structured process or system through which companies demonstrate that they have conformed to specific requirements in laws, regulations, contracts, strategies and policies.

Compliance Framework forms an integral part of the corporate governance. The board of directors plays a key role in ensuring the good corporate governance practices and it is the board’s responsibility to endorse and develop the organization’s policies in compliance with the relevant laws.

In this edition, we will examine the importance of developing and implementing company’s policies and procedures as part of the Compliance Framework in business corporations.

2.Creation of Company’s Policies and Guidelines

The board of directors in ensuring the Compliance Framework may, among others, develop adequate and updated policies and procedures not only for compliance with the relevant laws (or known as Regulatory Compliance, which is further discussed at section 3 herein),

but also for guidelines of managerial and operational matters.

The Malaysian Code of Corporate Governance (“MCCG”) provides practices in which business corporations should adopt. One of the main practices are for business corporations to develop and implement various policies and procedures. [1]

Creation of policies and procedure may cover the process and guidelines relating to management, operation, employment and others. See the non-exhaustive list of policies and procedures as below:

(1) Remuneration Policy and Procedures for Directors and Senior Management

(2) Policy on Nomination and Appointment of Directors

(3) Policy on Conflict of Interest

(4) Limits of Authority to decide and approve business procurement

(5) Employment handbook / Code of Conduct and Ethics.

3.Example of Policies for Regulatory Compliance

As mentioned at the above, another important area to consider in the Compliance Framework is the Regulatory Compliance. “Regulatory Compliance” ensures business organizations comply with the laws and regulations in the relevant jurisdictions.  As laws are constantly evolving and changing, business corporations seek to continuously

The following items are the example of policies under the umbrella of Regulatory Compliance that are commonly in place within business corporations: –

(1)Anti-Money Laundering Policy

The law that governs anti-money laundering in Malaysia is the Anti-Money Laundering and Anti-Terrorism Financing Act 2001 in Malaysia (“AMLA”). All institution that provides financial related services is required to comply with AMLA. Section 16.3 of the Malaysia Central Bank Policy Document[2] provides as follows:

(2)Anti-Bribery and Corruption Policy

Section 17A of the Malaysian Anti-Corruption Commission Act (Amendment) Act 2018 (“MACC”) introduced the corporate liability on corruption. Commercial organizations commit an offence if the person associated with the commercial organization involved in corruption with the intent to procure business or retain advantage in the conduct of business for the commercial organization.

The only defence available for companies is to prove that the commercial organization had in place the adequate procedures to prevent persons associated with the commercial organization from undertaking such conduct.[1]

The guidelines issued by the authority has suggested that one of the measures to be taken to ensure adequate procedures within companies is to implement the anti-corruption policies and procedures as the guidelines for employees to prevent the corruption activities.[2]

(3)Personal Data Protection / Privacy Policy

One of the requirements of collecting and processing personal data in Malaysia is giving notice and obtaining consent from the data subject.[3] The notice given must consist of how the personal data will be processed, the purpose of collection, rights of access by data user and others.

Based on this requirement, many corporations have taken the steps to develop a Personal Data Protection Policy or also known as Privacy Policy for the data user to read and understand before providing their consent. It is also used as the mechanism through which the “notice” requirement under the Personal Data Protection Act 2010 is being complied with.

 (4)Whistle blower Policy

In Malaysia, whistle-blowers are protected under the Whistle blower Protection Act 2010. Whistleblowing is highly encouraged in both public and private sectors as it is in line with the good corporate governance practice.

Although the law is silent on the requirements on internal whistleblowing policy and procedures within private companies, having it will be beneficial as the proper mechanism to detect any misconduct, or illegal activities within the corporation. Further, the policies and procedures will encourage employees to whistleblow by knowing that they are protected under the policy and under the law.

Further, the MCCG has also provided the practices to be adopted especially by the listed / public companies including establishing policies and procedures on whistleblowing.[4] While the practices under MCCG are aimed for public companies, non-listed or private companies are also encouraged to apply the practices under the code to achieve good corporate governance.[5]


Having the appropriate Compliance Framework will support the corporate governance practice. The mechanism established under the Compliance Framework will define the stakeholders’ roles and responsibilities, accountability, transparency, integrity and ethical behaviour.

Adequate and updated policies and procedures are vital to address the concerns or issues arising from day-to-day operation of business. Not only it ensures the laws and regulations are being complied with, it also helps the decision-making process being guided, the potential risks are managed, and that the internal processes are streamlined.

It is imperative to note that development of policies and procedures within the company shall only constitute as one of many other components in the Compliance Framework. Other components may include the awareness programmes, enforcement on non-compliance as well as training and education.

We assist our clients from various industries to develop the policies, procedures and guidelines based on the prevailing laws. We also provide advice, training and education on Compliance Framework based on the client’s nature of business and risk appetite. If you have any questions about our services, please do not hesitate to contact us.


[1] Sub-section 17A (4) of the MACC (Amendment) Act 2018

[2] Guidelines on Adequate Procedures pursuant to sub-section 17A (5) of the MACC (Amendment) Act 2018

[3] Section 7 of Personal Data Protection Act 2010

[4] Practice No. 3.2, Malaysia Code of Corporate Governance by Securities Commission

[5] Practice No. 2.8, Malaysia Code of Corporate Governance by Securities Commission

[1] An example of policy to be established is provided under Practice No. 3.1 of the Malaysia Code of Corporate Governance by Securities Commission

[2] Malaysia Central Bank Policy Document means the Policy Document for Anti-Money Laundering, Countering Financing of Terrorism and Targeted Financial Sanctions for Designated Non-Financial Businesses and Professions (DNFBPs) & Non-Bank Financial Institutions (NBFIs) (AML/CFT and TFS for DNFBPs and NBFIs)