• Governance I Risk I Compliance Management

How to demonstrate “Adequate Procedures” in Malaysia?

October 5, 2020

In 2019, Malaysia’s Prime Minister Tun Dr Mahathir Mohamad rolled out the National Anti-Corruption Plan (NACP) to address the growing world outcry against bribery and corruption and businesses will have to demonstrate adequate procedures in Malaysia. To fortify their anti-bribery management systems, proactive organisations are protecting themselves by establishing “adequate procedures” as a compliance defence in the event of a bribery accusation. But what would warrant “adequate procedures”? Made famous through the UK Bribery Act of 2010, the term presents the potential of a company to avoid liability for failing to prevent bribery if that organisation can fully demonstrate clear, sound and established policies and procedures that deter individuals (inside and outside of the organisation) from partaking in questionable or corrupt conduct. This is pursuant to Section 17A (5) of the Malaysian Anti-Corruption Commission Act 2009 (“GAP”).

Adequate procedures takes on different meanings, depending on which country or jurisdiction the business may reside. Most enforcement agencies and government authorities offer little guidance that pinpoints what exactly “adequate procedures” means when considered as a possible defence in a legal proceeding. Aside from Malaysia’s National Anti-Corruption Plan, two other international legislative provisions – the UK Bribery Act of 2010 and the FCPA – demonstrate how ISO 37001:2016 – a newly adopted international standard – can offer multinationals specific guidelines in developing a universal anti-bribery management system that may support most “adequate procedures” defences.

Malaysian National Anti-Corruption Plan 2019-2023

Under Section 17A (3) of the Malaysian Anti-Corruption Commission Act, if the commercial organisation is found liable under the corporate liability provisions, a person who is the director, controller, officer or partner of the organisation, or a person who is concerned with the organisation’s management affairs at the time of the commission of an offence, is deemed to have committed that offence unless such person can prove this was committed without own consent or connivance and due diligence was exercised to prevent that commission of the offence, with respect to the nature of his or her function in that capacity and the circumstances.

Section 17A (2) of the Malaysian Anti-Corruption Commission Amended Act increases the penalties to a maximum imprisonment of 20 years and/or fine of not less than 10 times the value of gratification or One Million Ringgit Malaysia (RM1,000,000.00) (whichever is higher). Notably, per Section 17A of the Malaysian Anti-Corruption Commission, the Prime Minister’s National Anti-Corruption Plan 2019-2023 has declared ISO 37001 certification a requirement for companies operating in Malaysia.

Adequate Procedures with ISO 37001

Public and private firms can use the ISO 37001 certification to guarantee their compliance in establishing, implementing, maintaining, reviewing and improving its Anti-Bribery Management System. ISO 37001 Anti-Bribery Management System is an internationally accepted standard that specifies the implementing rules in bribery prevention, detection and reporting, which applies to small, medium and large organisations. It can help establish that the organisation has in place reasonable, proportionate and adequate anti-bribery procedures.

ABAC®-Malaysia is fully accredited as a Conformity Assessment Body (Certification Body) to assist organisations in attaining ISO 37001 certification through a thorough bribery risk assessment and audit covering the entire scope of the standard. The audit methodology is evidence-based, meaning any issues raised will be confirmed through adequate evidence that the ABAC Certification team has discovered during the audit. “The audit is extremely thorough in its approach, which results in accredited certification for the scope of the ISO 37001 Anti-Bribery Management System. Because of the standard’s international acceptance and the thoroughness of the audit process, such certification can provide a valuable safeguard in demonstrating an “adequate procedures” compliance defence in cases posing a liability for a company’s failure to prevent bribery,” explained Zafar Anjum, Group CEO.

Indeed, from an FCPA and Evaluation of Corporate Compliance Programs perspective, an accredited ISO 37001 certification may provide tangible evidence that a compliance programme was in place at the time of the alleged bribery actions. Moreover, from a UK Bribery Act perspective, the certification could provide the company with tangible prima facie (or “first look”) evidence presented by an accredited certification body attesting to the establishment and effectiveness of the organisation’s compliance programme.

With Malaysia’s Corporate Liability Provision Effective on 1 June 2020, there is a need for organisations to establish “adequate procedures” as a defence in case there is proven corruption by the associated individual. The ABMS certification is the most powerful “assurance” tool that public and private organisations can use in their defence strategy. “As the subject specialist Accredited Certification Body by United Kingdom Accreditation Service (UKAS), we want to discuss the benefits of an ISO 37001 Anti-Bribery Management System. The cost of implementing the system is likely to be minimal when compared to loss and damage which could be suffered by an organisation which gets involved in bribery. The ISO 37001 Anti-Bribery Management System can help prevent the loss,” noted Anjum.

> For more on ISO 37001 benefits read our article on the 25 Benefits of ISO 37001:2016 ABMS Certification and ISO 37001:2016 certification: enhance your organisation’s reputation & credibility

UK Bribery Act of 2010

Under the UK Bribery Act, an “adequate procedures” defence would be considered during an investigation into a corporate failure to prevent bribery. The act provides commercial organisations with a defence to liability when they can prove that proper procedures were in place to prevent individuals associated from undertaking bribery-related conduct. Consequently, corporations that are otherwise liable for violating the corporate failure to prevent bribery provision can escape criminal liability from the regulation if they can prove that they had in place “adequate procedures” to avoid the relevant illegal conduct from occurring. This defence is significant as there is no such defence under the FCPA (see below) or most foreign anti-bribery laws.

Foreign Corrupt Practices Act (FCPA)

Though not considered in the liability phase of the FCPA, corporate compliance procedures are considered during the sentencing phase by the US Department of Justice relevant to the FCPA. A sentencing court must consider four aggravating and two mitigating factors in determining the appropriate penalty on organisations convicted under the FCPA. The existence of an effective compliance program is one of the two mitigating factors. Subsequently, an organisation convicted of FCPA violations can use the existence of an effective compliance program to reduce a penalty against it potentially. However, revised guidelines (JM 9-28.300) have included “the adequacy and effectiveness of the corporation’s compliance program at the time of the offence, as well as at the time of a charging decision” and the corporation’s remedial efforts “to implement an adequate and effective corporate compliance program or to improve an existing one.”

Prove That Your Business is Ethical

Complete our FREE Highest Ethical Business Assessment (HEBA) & evaluate your current Corporate Compliance Program. Find out if your organisation’s compliance program is in the line with worldwide Compliance, Business Ethics, Anti-Bribery and Anti-Corruption Frameworks. Let ABAC®-Malaysia experts prepare a complimentary gap analysis of your compliance program to evaluate if it meets “adequate procedures” requirements under UK Bribery Act, DOJ’s Evaluation of Corporate Compliance Programs Guidance and Malaysian Anti-Corruption Commission. COMPLETE HERE!

About ABAC® Center of Excellence- Malaysia

ABAC®-M was created to educate, equip and support the world’s leading business organisations with the latest in best-practice due diligence processes and procedures, providing world-class anti-bribery and anti-corruption, compliance and risk management solutions to organisations seeking to validate or expand their existing compliance frameworks to maintain a competitive edge in the world marketplace.

Build trust. Ensure compliance.

ABAC® Center of Excellence is an independent certification body, powered by CRI Group. ABAC® offers a complete suite of services and solutions designed to educate, equip and support the world’s leading business organisations with the latest best-in-practice risk and performance assessments, systems improvement and standards certification. ABAC® programs protect your organisation from damaging litigation and safeguard your business in the global marketplace by providing certification and training in internationally recognised ISO standards, such as ISO 19600 Compliance Management Systems, ISO 31000 Risk Management Systems and ISO 37001 Anti-Bribery Management Systems. Its ISO 37001 Certification services are accredited by the United Kingdom Accreditation Service (UKAS CB number: 10613), making it the leading certification body specialising in anti-bribery management.

ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors, financial and corporate investigators, certified fraud examiners, forensic analysts and accountants.

Join the discussion 2 Comments

  • […] You probably have heard of the ISO’s anti-bribery standard ISO 37001, which was published in 2016. Organisations from then started looking into certifying their businesses against the standard to prove they have taken adequate anti-bribery anti-corruption procedures (that actually is the law in certain countries, in Malaysia for instance, where is a requirement to comply with the Section of 17A of the MACC Act – more on that here). […]

  • […] The Asia Pacific has a troubled record when it comes to preventing bribery and corruption, as well as enforcing compliance (read our “South Asia grapples with anti-bribery compliance: an overview of anti-bribery, anti-corruption and ISO 37001 solutions in Malaysia and entire in South Asia”.) The recent cases and statistics show that the problem persists in most countries in the region. Both government officials and private sector business leaders are struggling to adopt policies, control methods and best practices to help reduce bribery and corruption on their watch. High profile cases such as the 1MDB scandal in Malaysia and, more recently, the alleged Meikarta township case in Indonesia underscore this point. The investigations that were triggered by these cases demonstrate, however, that regulators are serious about addressing the threat of bribery and corruption as more than just a legal issue, but as a societal one, as well. In response, organisations that are committed to being in compliance are adopting the ISO 37001 – Anti-Bribery Management Systems standard as a comprehensive approach to mitigating risk and demonstrating ‘adequate procedures’ taken to prevent bribery and corruption. […]