SECTION 17A MACC ACT 2009: ONE AND ONLY DEFENCE AGAINST CORPORATE LIABILITY – ENSURING “ADEQUATE PROCEDURES”
We published SECTION 17A MACC ACT 2009: ONE AND ONLY DEFENCE AGAINST CORPORATE LIABILITY – ENSURING “ADEQUATE PROCEDURES”. To view the PDF version, please click the following link.
SECTION 17A MACC ACT 2009: ONE AND ONLY DEFENCE AGAINST CORPORATE LIABILITY – ENSURING “ADEQUATE PROCEDURES”
-
- What is “Corporate Liability”?
We have previously issued a newsletter on the scope of application of the new Section 17A of MACC Act 2009 which was enforced in June last year. (Newsletter for Scope of Application of Section 17A of MACC Act dated 16th Aug 2021)
In essence, section 17A introduces a new statutory corporate liability offence of corruption by a commercial organization under Malaysian law. The commercial organization may be liable for the corrupt practices of its employees and/or any person associated with the commercial organization in cases where such corrupt practices are carried out for the organization’s benefit and advantages whether or not its senior management or its representatives are aware of such corruption act.
If a commercial organization is convicted, the penalty under Section 17A (2) is a fine of not less than 10 times the value of bribe or RM1 million, whichever is higher, or imprisonment for up to 20 years, or both. However, the commercial organizations can defend themselves and the only line of defence available under the law is to ensure that “Adequate Procedures” are in place to foster a business environment free of corruption.
The Malaysian Prime Minister’s Department has issued the “Guidelines on Adequate Procedures” (“Guidelines”) to assist commercial organizations to put in place the necessary procedures to prevent the occurrence of corrupt practices.
- What amounts to “Adequate Procedures”?
There is no standard determination of “adequacy” of the corruption prevention policies and procedures provided under the Act. Therefore, the question of whether a commercial organization has implemented “Adequate Procedures” is a question of fact.
If a corruption incident should occur, the courts in assessing the adequacy might take into consideration the level of risk a company faces in its daily operation which may include the nature and complexity of business and the size of the corporation. Hence, an organization should adopt a risk-based approach in drafting the polices and implementation procedures in order to fulfil the requirement of “Adequate Procedures”.
In view of this, the Guidelines on Adequate Procedure was introduced pursuant to Section 17A (5) to assist commercial organizations in understanding what are the Adequate Procedure that should be implemented to prevent the occurrence of corrupt practices in relation to their business activities.
However, it should be noted that this Guidelines is not exhaustive, neither will it be universally applicable. As previously stated, there is no standard determination of “adequacy” and it is likely that the court will examine each company’s procedures and policies on a case-by-case basis to determine whether they are “adequate”. Be that as it may, it is very likely that the courts will give significant consideration to compliance with the Guidelines.
- Guidelines on Adequate Procedures (“Guidelines”)
This Guidelines is formed on the basis of five (5) core principles that a commercial organization may refer to establish its anti-corruption regime to satisfy the “Adequate Procedures”. These principles may be encapsulated using the acronym of T.R.U.S.T, which stands for:
- Top Level Commitment
- Risk Assessment
- Undertake Control Measures
- Systematic Review, Monitoring and Enforcement
- Training and Communication
We will now zoom into each principle to further understand its elements.
Principle 1: Top Level Commitment
The top-level management plays a vital role in ensuring compliance with the anticorruption laws as well as effectively manages the key corruption risks of the organization. The top-management must spearhead the organization’s effort in combatting any corrupt practices by implementing, among others:
- Compliance program – establish, maintain, and periodically review an anticorruption compliance program which includes clear policies and objectives that adequately address corruption risks;
- Communication – issue instructions on communicating the organizations’ policies and commitments on anticorruption to both internal and external parties;
- Whistleblowing mechanism – encourage the use of any reporting (whistleblowing) channel in relation to any suspected and/or real corruption incidents or inadequacies in the anticorruption compliance program; and
- Professional service – assign and adequately resource a competent person or function (which may be external to the organization) to be responsible for all anticorruption compliance matters, including provision of advice and guidance to personnel and business associates in relation to the corruption program.
Principle 2: Risk Assessment
Risk assessment is essential and shall form an integral part of the anticorruption regime. As such, organization must conduct periodic risk assessment or when there is any changes of law or circumstance of the business.
The objective of risk assessment is to identify, analyze, assess and prioritize the corruption risk and the result of which will be used to establish appropriate processes, systems and controls to mitigate the corruption risks the business may be exposed to.
The Guidelines recommends for a comprehensive risk assessment to be done every 3 years, with intermittent assessments conducted when necessary. It is also recommended to incorporate the risk assessment for anticorruption into the organization’s general risk register for the purpose of having a proper documentation.
Principle 3: Undertake Control Measures
Upon identification of the risk of corruption via the above assessment, the commercial organization may now take the appropriate and contingency measures to mitigate the corruption risk arising from the weakness of the organization’s existing regime.
The control measures include the following:
- due diligence on any relevant parties;
- a reporting channel for corruption incidents (whistleblowing);
- a general anti-bribery and corruption policy for the organization;
- a conflict-of-interest policy;
- Policies on gifts, entertainment, hospitality and travel, donations, and sponsorships;
- an established procedures on facilitation payments, financial controls, and other non- financial controls;
- record keeping for managing documentation related to the adequate procedures.
In regard to the policies mentioned at the above, the same should be endorsed by the top-level management, kept up-to-date and publicly and easily available.
Principle 4: Systematic review, monitoring and enforcement
The effectiveness and efficiency of the anticorruption program or regime must be reviewed on a regular basis to ensure the same is properly enforced. The basis of such review is to improve the existing anticorruption controls in place in the organization.
For this purpose, the commercial organization should consider, among others:
- establish a monitoring mechanism;
- identify the competent person to perform internal audit;
- consider an external audit by a qualified and independent third party at least once in 3 years;
- conduct continual evaluations on policies and procedure;
- monitor performance of personnel and ensure their understanding and compliance with the anticorruption policies; and
- conduct disciplinary proceeding against personnel found to be non-compliant to the program
Principle 5: Training and communication
Training should be disseminated internally and externally to raise the awareness of the risk and consequences of corruption within the organization and person associated to it. Commercial organization should provide adequate training to ensure employees and business associates thorough understanding on the organization’s anticorruption program.
Communication is key. Therefore, it is crucial to ensure that the anticorruption policies and program are being communicated to the employees and business associates. This may be done via e-mails, newsletter, code of conduct, webinars or town-hall sessions.
- Conclusion
Malaysia has seen the first corporate liability case charged under Section 17A in March this year for a bribe committed by one organization’s personnel. If the organization is found guilty, the senior management (i.e. directors, officers, controller or any other person who is concerned in the management affairs) is deemed to have committed the offence and face a high penalty unless they succeed in proving the “Adequate Procedures” has been in place.
This clearly demonstrate the MACC’s commitments in enforcing the corporate liability under Section 17A. In view of this, commercial organizations are urged to take immediate steps to ensure that they have in place “Adequate Procedures” as their one and only defence against the offence and to comply with the Anti-Corruption Act and its amendments.
In light of the Malaysian anti-corruption laws and regulations, we assist companies in formulating the appropriate anti-corruption policies (including the establishment of whistle-blowing systems), provide appropriate training to their employees, which has been implemented by a number of companies in accordance with the above guidelines. If you have any questions about our services, please do not hesitate to contact us.
Prepared by: Farhatun Najad Zulkipli One Asia Lawyers [Malaysia’s associate]