Search for:

In brief

On 1 June 2020, the corporate liability provision under Section 17A of the Malaysian Anti-Corruption Commission Act 2009 (the Act) is set to come into force. As highlighted in our earlier client alert (see Link), a company may be held criminally liable for acts of corruption by its directors, employees or other associated persons.

The only defence available to a company is to prove that it had in place adequate procedures designed to prevent these corrupt acts. Companies with operations in Malaysia need to take immediate steps to review their policies and implement robust compliance programs before this section takes effect.

Our alert sets out a brief summary of the guidelines of what will be considered ‘adequate procedures’ and provides some practical tips that we have developed from our own experience on how companies can ensure their compliance programs satisfy the guidelines.  More information can be found in our guide on 5 Essential Elements Of Corporate Compliance.

Summary of offence

The Act imposes strict criminal liability on commercial organisations where an associated person corruptly gives any gratification with the intent to obtain or retain business, or an advantage in the conduct of business, for the commercial organisation.

The scope of the provision is broad. It applies to both Malaysian companies and foreign companies conducting business in Malaysia, with the company’s “associated person” including directors, employees and most third party service providers.

As the offence is a strict liability offence, a company will be liable regardless of whether it had actual knowledge of the corrupt actions of its associated persons. Where a company commits an offence, the directors, officers and management are deemed to have committed the same offence unless they are able to prove that the offence was committed without their consent and that they exercised due diligence to prevent the offence.

The offence comes with a heavy penalty of a fine not less than 10 times the value of the bribe or MYR 1 million (whichever is higher) and/or imprisonment of a term not exceeding 20 years.

‘Adequate’ procedures defence – TRUST guidelines

A company will have a defence if it can prove that it had in place adequate procedures designed to prevent associated persons from committing the corrupt acts.

The Prime Minister’s Department has released guidelines on what will be considered adequate procedures. These guidelines lay down five key principles, using the acronym T.R.U.S.T., and provide some suggestions on how the principles might be applied in practice.  Below are some highlights:


Top level commitment

Top level management is expected to set the “tone from the top” that corrupt practices will not be tolerated. They must take responsibility for managing the key corruption risks within the company and ensuring compliance with applicable laws and regulations.

Company management needs to be involved in implementing a robust anti-corruption program and communicating the policies and commitments on anti-corruption to internal and external parties. This may involve the Board of Directors identifying a person or team to assume responsibility for overseeing the program, provided that the results of audits, reviews, control measures and performance are still reported and acted upon by top level management.


Risk Assessment

Risk assessments should be conducted at regular intervals to identify changes in risks of corruption. Identifying changes will allow the company to tailor its anti-corruption program to ensure it is effective against the particular risks faced.

The guidelines recommend a comprehensive risk assessment is done every three years, with intermittent assessments conducted as necessary. The assessments may include a review of opportunities for corruption and fraud activities, relationships with third parties in the supply chain (e.g. vendors, suppliers) and financial transactions which may disguise corrupt payments.


Undertake Control Measures

The company should put in place appropriate controls and contingency measures to address the identified corruption risks, reasonable and proportionate to the nature and size of the company. These measures should include undertaking due diligence on parties when entering into formal relationships (with ongoing diligence for higher risk parties) and establishing a trusted reporting channel through which internal and external parties can raise concerns.

Companies should ensure they have up-to-date policies and procedures to address the risk, which are endorsed by top level management and easily available. The guidelines list nine areas to be covered, including general anti-bribery and corruption, conflicts of interest and the provision of gifts, entertainment, hospitality and travel. The company should implement a policy and process to deal with the reporting channel (i.e. whistle-blower channel) to ensure it is accessible, trusted and confidential.


Systematic Review, Monitoring and Enforcement

Top level management should regularly review and assess the performance, effectiveness and efficiency of the anti-corruption program and ensure it is enforced. Any shortfalls identified through the review should be used to improve the anti-corruption controls in place.

Companies should set up a monitoring program, with reviews and audits conducted by a competent person or compliance function. A company may consider having an external audit undertaken periodically to provide comfort that it is compliant with its policies and procedures. Where individuals are found not to be in compliance with the program, appropriate disciplinary measures should be implemented.


Training and Communication

The company should ensure its anti-corruption policies, training, reporting channel and consequences of non-compliance are appropriately communicated to all personnel and business associates, and made publicly available if appropriate.

The company should provide its employees and business associates with training adequate to ensure their understanding of the position on anti-corruption.


Regulated companies should also be aware of changes made by the Bursa Malaysia and the Securities Commission to the listing requirements and the Licensing Handbook, which will also take effect on 1 June 2020 (see Link).

Actions to consider

Companies operating in Malaysia should take steps immediately, and in any event before 1 June 2020, to ensure their anti-corruption program complies with the principles set out above.

Such steps should include:

  • Reviewing the existing set of anti-corruption policies and procedures. The program should adequately cover the risks to the business and there must be a procedure for escalating issues to top level management. Contact details of the person or function responsible should be checked to ensure they are current in any policy.
  • Addressing any gaps in the program. The current environment may give rise to additional anti-corruption risks that need to be addressed. For example, are the organisation’s due diligence procedures effective to deal with risks associated with engaging new or unfamiliar third parties (e.g. changes in the supply chain, managing interactions between agents and third parties)?
  • Assessing the training and communications processes. The communication channels and training should be appropriate to ensure all “associated persons” will be aware of the position on anti-corruption and the required policies and procedures. Companies should consider whether to make the policies or codes of conduct available publicly and whether training should be available in other languages or tailored to a specific role.
  • Ensuring top level management is actively involved in the program. A key message in the guidelines is that top level management should be – and will be held – responsible for ensuring the anti-corruption program is robust, visible and effective.  The processes in place should ensure that top level management is involved in their implementation and aware of any issues that arise.

If you would like clear, practical guidance on designing, establishing and maintaining a robust compliance program, please refer to the Baker McKenzie’s 5 Essential Elements Of Corporate Compliance.

* * * * *

This client alert was issued by Wong & Partners, a member firm of Baker McKenzie International, a global law firm with member law firms around the world. In accordance with the common terminology used in professional service organizations, reference to a “partner” means a person who is a partner or equivalent in such a law firm. Similarly, reference to an “office” means an office of any such law firm. This may qualify as “Attorney Advertising” requiring notice in some jurisdictions. Prior results do not guarantee a similar outcome.


Eddie Chuah is a partner with the Dispute Resolution Practice Group, with more than eight years of experience in all aspects of civil litigation, arbitration, industrial relations disputes and compliance. Mr. Chuah has undertaken a wide variety of briefs involving substantive law issues ranging from complex commercial transactions, insolvency litigation, shareholder disputes, construction, employment and administrative law. He also focuses on compliance issues, in particular, anti-corruption investigation, government procurement, audit and prevention.



Christine is a special counsel in the Hong Kong disputes practice, specialising in corporate crime and investigations. She has over 10 years' experience in all forms of contentious work, including cross-border investigations and litigation, as well as other corruption-related matters. She has acted for clients in disputes with regulators and other parties, both through litigation and different forms of dispute resolution, including arbitration, mediation and complex negotiations. She previously worked for another top international firm in its offices in both Hong Kong and Australia.