By Raymon Ram
When the Malaysian Anti-Corruption Commission (Amendment) Act 2018 was passed by Parliament in April 2018, all eyes were on the most notable amendment made which introduced the Corporate Liability Provision (Section 17A) in Malaysia. The new Section 17A of the Malaysian Anti-Corruption Commission Act (“the MACC Act“) allows for a company, its directors and senior management to be prosecuted for the act of bribery committed by a “person associated” to the company. This includes, but not limited to the Director, Controller, Employee or partners and Agents who perform services on behalf of the company. However, after the coming into force was held in abeyance for two-years to give Corporate Malaysia time to revamp their stance against bribery and corruption, the provision came into force on 1 June 2020.
As a commonwealth nation whose laws predominantly mimic those of the UK, Malaysia had taken a similar approach to Corporate Liability as per the UK Bribery Act 2010 (UK Bribery Act). Our amendment is in line, although perhaps not in its entirety, with Section 7 of the UK Bribery Act on Failure of Commercial Organizations to Prevent Bribery. Here, it is deemed that a relevant commercial organisation is guilty of an offence under this section, if a person associated with the commercial organisation bribes another person intending 1) to obtain or retain business, or 2) to obtain or retain an advantage in the conduct of business. It is a defence for the commercial organisation to prove that it had in place adequate procedures designed to prevent persons associated with it from undertaking such conduct.
Significant UK Cases
There are a number of cases where companies were charged and convicted for bribery-related offences in the UK. In the Sweet Group PLC case, a construction and services company was sentenced under Section 7 (1) (b) of the UK Bribery Act for failing to prevent an act of bribery intended to secure and retain a contract with the Al Ain Ahlia Insurance (AAAI) Company in the United Arab Emirates. The Serious Fraud Office (SFO) investigation into Sweet Group PLC uncovered that its subsidiary company, Cyril Sweet International Limited had made corrupt payments to Khaleed Al Badie, the vice-chairman of the Board and Chairman of Real Estate and Investment Committee of AAAI to secure the award of a contract with AAAI for the building of the Rotana Hotel in Abu Dhabi.
This case highlighted the need for a company, its Directors and Senior Management to enter into a defence of Adequate Procedures. Here, the defence needed to prove that those running the company had taken the necessary anti-corruption efforts and initiatives to prevent such conduct. This is similar to Section 17A here in Malaysia, where the company would need to enter a similar defence, one of which is to prove under subsection (5) that adequate procedures to prevent bribery were sought and the top level had in no way played a part in the conduct being questioned.
However, things may not be that simple. In another case in the UK, the defence of ‘adequate procedures’ was thrown out by the jury simply because the procedures in place were deemed ‘not adequate enough’. Skansen Interiors, a small-scale UK-based refurbishment company was charged under Section 7 of the UK Bribery Act in relation to allegations that Skansen’s former managing director paid bribes to secure refurbishment contracts worth £6 million. Even though Skansen Interiors had self-reported the incident, and claimed that they had in place an ethics policy (which detailed the company’s anti-corruption stance), the jury ruled that the procedures taken to uphold the culture of integrity and deter corruption were insufficient. Policies were easily bypassed and there was no enforcement, monitoring or reviews done on high-risk functions within the business. Hence, this highlights that not only do companies need to have proper policies and procedures in place, but there is a need for them to be systematically enforced, reviewed and monitored as well.
Meanwhile, back in Malaysia
Pursuant to Subsection (5) of Section 17A, the Minister in the Prime Minister’s department had issued the Ministerial Guidelines on Adequate Procedures for commercial organisations on 4 December 2018. The guidelines revealed what are deemed as adequate procedures, which are to be used as a general non-prescriptive, principles-based application rather than a checklist of items required. Now, with this, companies would need to sit down to decipher, plan, prepare, implement and continuously monitor measures within the stipulated guidelines.
But are companies ready at the moment? Even as enforcement came to effect in June 2020, many organisations are still struggling to meet their anti-bribery/corruption objectives. In addition, Bursa Malaysia amended its Listing requirements for the Main Market / ACE Market late last year to include having adequate procedures as a pre-requisite for listing on the stock exchange.
Reinforcing Malaysia’s commitment to anti-corruption, the penalties under Section 17A are ten times the value of gratification or RM1 million, whichever is higher and/or imprisonment of not more than 20 years. It is time for thorough consideration on an organisation’s anti-corruption initiatives, what is deemed adequate and how to achieve the required ‘adequacy’ of procedures.
Companies could take the UK Bribery Act and its prescribed adequate/proportionate procedures and our ministerial guidelines on adequate procedures into consideration while also keeping in mind the following points, before we have a precedent from our courts on the deemed definition:
1) Due diligence on ‘Person Associated’ and reporting mechanism. Organisations need to understand who are the persons associated to the business. Ensure the mechanism of due diligence is well established to look into their background and the operations undertaken by internal (such as directors, senior management or controllers) and external parties (such as subsidiaries, agents, contractors or joint venture partners). Also, there is a need for a whistle-blower or ethics hotline to be in place for reporting of suspected corrupt practices by internal or external parties.
2) Having a robust ‘Bribery Risk Assessment’ framework. Companies need to consider a holistic bribery risk assessment to determine the level of risk faced by each segment within the business and the types of controls / resources required to mitigate the level of risk in these stipulated areas. Factors to be considered include geographical locations of operations, types of products, partnerships and transactions undertaken by the company.
3) Extraterritorial Reach of the MACC Act. Companies based in Malaysia with businesses outside of Malaysia or based in other countries but with businesses in Malaysia will fall under the reach of the MACC Act. Hence, actions taken, or offences committed by a ‘person associated’ inside or outside the country would be deemed as occurring within the country. Hence, controls and monitoring requirements extend beyond our borders.
4) Leveraging technology for systematic monitoring and review. Data analytics have come a long way from simple anomaly detection through statistical analyses to machine learning through ongoing monitoring of behaviour and/or transactions. Companies should consider the power of analytics to decipher data, to alert management on anomalies which resemble corrupt activity and to act as a reporting tool for directors to review.
5) Considering the term ‘adequate’ in ‘adequate procedures’. Companies are required to get management involved in the entire process towards achieving the organisational anti-corruption objectives. A thorough risk assessment needs to be done in order to assess the type of control activities that must be undertaken before implementation. This is with due respect on monitoring and oversight management of the entire process. Understanding that there is no-one-size-fits-all solution to having adequate procedures, the company bears the responsibility to assess their very own nature of business, daily operations and persons associated before deciding on and implementing control measures.
For more information please click here.
Raymon Ram is a Certified Fraud Examiner (CFE), Certified Anti-Money Laundering Specialist (CAMS) and PECB ISO 37001 ABMS Lead Auditor with a Master’s degree in Economic Crime Management, Bachelor’s degree in Psychology (HONS) and Certificate in Corporate Governance by Basel Institute, Switzerland.