In 2019, Malaysia’s Prime Minister Tun Dr Mahathir Mohamad rolled out the National Anti-Corruption Plan (NACP) to address the growing world outcry against bribery and corruption. To fortify their anti-bribery management systems, proactive organisations are protecting themselves by establishing “adequate procedures” as a compliance defence in the event of a bribery accusation. But what would warrant “adequate procedures”? Made famous through the UK Bribery Act of 2010, the term presents the potential of a company to avoid liability for failing to prevent bribery if that organisation can fully demonstrate clear, sound and established policies and procedures that deter individuals (inside and outside of the organisation) from partaking in questionable or corrupt conduct. This is pursuant to Section 17A (5) of the Malaysian Anti-Corruption Commission Act 2009 (“GAP”).
“Adequate procedures” takes on different meanings, depending on which country or jurisdiction the business may reside. Most enforcement agencies and government authorities offer little guidance that pinpoints what exactly “adequate procedures” means when considered as a possible defence in a legal proceeding.
Aside from Malaysia’s National Anti-Corruption Plan, two other international legislative provisions – the UK Bribery Act of 2010 and the FCPA – demonstrate how ISO 37001:2016 – a newly adopted international standard – can offer multinationals specific guidelines in developing a universal anti-bribery management system that may support most “adequate procedures” defences.
UK Bribery Act of 2010
Under the UK Bribery Act, an “adequate procedures” defence would be considered during an investigation into a corporate failure to prevent bribery. The act provides commercial organisations with a defence to liability when they can prove that proper procedures were in place to prevent individuals associated from undertaking bribery-related conduct.
Consequently, corporations that are otherwise liable for violating the corporate failure to prevent bribery provision can escape criminal liability from the regulation if they can prove that they had in place “adequate procedures” to avoid the relevant illegal conduct from occurring. This defence is significant as there is no such defence under the FCPA (see below) or most foreign anti-bribery laws.
Foreign Corrupt Practices Act (FCPA)
Though not considered in the liability phase of the FCPA, corporate compliance procedures are considered during the sentencing phase by the US Department of Justice relevant to the FCPA. A sentencing court must consider four aggravating and two mitigating factors in determining the appropriate penalty on organisations convicted under the FCPA. The existence of an effective compliance program is one of the two mitigating factors.
Subsequently, an organisation convicted of FCPA violations can use the existence of an effective compliance program to reduce a penalty against it potentially. However, revised guidelines (JM 9-28.300) have included “the adequacy and effectiveness of the corporation’s compliance program at the time of the offence, as well as at the time of a charging decision” and the corporation’s remedial efforts “to implement an adequate and effective corporate compliance program or to improve an existing one.”
Malaysian National Anti-Corruption Plan 2019-2023
Under Section 17A (3) of the Malaysian Anti-Corruption Commission Act, if the commercial organisation is found liable under the corporate liability provisions, a person who is the director, controller, officer or partner of the organisation, or a person who is concerned with the organisation’s management affairs at the time of the commission of an offence, is deemed to have committed that offence unless such person can prove this was committed without own consent or connivance and due diligence was exercised to prevent that commission of the offence, with respect to the nature of his or her function in that capacity and the circumstances.
Section 17A (2) of the Malaysian Anti-Corruption Commission Amended Act increases the penalties to a maximum imprisonment of 20 years and/or fine of not less than 10 times the value of gratification or One Million Ringgit Malaysia (RM1,000,000.00) (whichever is higher).
Notably, per Section 17A of the Malaysian Anti-Corruption Commission, the Prime Minister’s National Anti-Corruption Plan 2019-2023 has declared ISO 37001 certification a requirement for companies operating in Malaysia.
Adequate Procedures with ISO 37001
Public and private firms can use the ISO 37001 certification to guarantee their compliance in establishing, implementing, maintaining, reviewing and improving its Anti-Bribery Management System.
ISO 37001 Anti-Bribery Management System is an internationally accepted standard that specifies the implementing rules in bribery prevention, detection and reporting, which applies to small, medium and large organisations. It can help establish that the organisation has in place reasonable, proportionate and adequate anti-bribery procedures.
ABAC® Center of Excellence Limited is fully accredited as a Conformity Assessment Body (Certification Body) to assist organisations in attaining ISO 37001 certification through a thorough bribery risk assessment and audit covering the entire scope of the standard. The audit methodology is evidence-based, meaning any issues raised will be confirmed through adequate evidence that the ABAC Certification team has discovered during the audit.
“The audit is extremely thorough in its approach, which results in accredited certification for the scope of the ISO 37001 Anti-Bribery Management System. Because of the standard’s international acceptance and the thoroughness of the audit process, such certification can provide a valuable safeguard in demonstrating an “adequate procedures” compliance defence in cases posing a liability for a company’s failure to prevent bribery,” explained Zafar Anjum, Group CEO of ABAC Certification.
Indeed, from an FCPA and Evaluation of Corporate Compliance Programs perspective, an accredited ISO 37001 certification may provide tangible evidence that a compliance programme was in place at the time of the alleged bribery actions. Moreover, from a UK Bribery Act perspective, the certification could provide the company with tangible prima facie (or “first look”) evidence presented by an accredited certification body attesting to the establishment and effectiveness of the organisation’s compliance programme.
With Malaysia’s Corporate Liability Provision Effective on 1 June 2020, there is a need for organisations to establish “adequate procedures” as a defence in case there is proven corruption by the associated individual.
The ABMS certification is the most powerful “assurance” tool that public and private organisations can use in their defence strategy.
“As the subject specialist Accredited Certification Body by United Kingdom Accreditation Service (UKAS), we want to discuss the benefits of an ISO 37001 Anti-Bribery Management System. The cost of implementing the system is likely to be minimal when compared to loss and damage which could be suffered by an organisation which gets involved in bribery. The ISO 37001 Anti-Bribery Management System can help prevent the loss,” noted Anjum.
ABAC Certification is an Accredited Conformity Assessment Body in issuing ISO 37001:2016 Anti-Bribery Management System Certification, and an independent component of CRI Group’s Anti-Bribery Anti-Corruption Center of Excellence. ABAC® Center of Excellence was created to educate, equip and support the world’s leading business organisations with the latest in best-practice due diligence processes and procedures, providing world-class anti-bribery and anti-corruption, compliance and risk management solutions to organisations seeking to validate or expand their existing compliance frameworks to maintain a competitive edge in the world marketplace.