A year in review

This 1st of June marked the 1-year anniversary of the Malaysian Anti-Corruption Commission (“MACC”) Act 2009 S17A implementation date. With organisations now being held liable for not preventing corrupt acts from happening, over the past 12 months, many have continued to develop, implement, and enhance their anti-corruption compliance programs to protect themselves from corruption and demonstrate that they have established adequate procedures. The necessity of doing this was highlighted in early 2021 when the *first S17A charges were laid against a local ship chartering company and its current director over alleged bribes paid by the previous director to secure a commercial contract.

Adequate Procedures Best Practice Handbook

To assist organisations in understanding the MACC’s Guidelines on Adequate Procedures (the “Guidelines”) and strengthening their anti-corruption compliance programs, the Business Integrity Alliance recently published the Adequate Procedures Best Practice Handbook (the “Handbook”).

Here are our key takeaways from the Handbook for each of the five ‘TRUST’ principles in the Guidelines that will help an organisation operationalise their anti-corruption compliance program:

T – Top level commitment
• Integrity pledges can be used to demonstrate organisational commitment towards promoting a culture of integrity. In addition to signing a Corporate Integrity Pledge, organisations can consider requesting all employees including top management sign integrity pledges on an ongoing (e.g. annual) basis.
• Integrity champions can assist with embedding a strong anti-corruption culture and program, by providing guidance to staff and supporting them with new adoption and monitoring efforts.

R – Risk assessment
• Corruption risks should be identified, assessed, and prioritised. These should be re-assessed on a regular basis, with high corruption risk areas monitored and incidents reported more regularly to senior management and board committees.

U – Undertake control measures
• Detailed and comprehensive policies and procedures form the base structure of an organisation’s anti-corruption program, and should contain sufficient details to enable the design and implementation of controls, capture of defensible audit trails, and ongoing monitoring of effectiveness.
• The organisation should perform due diligence on all associated parties (e.g. employees, associates, contractors, vendors, and donation/sponsorship recipients), prior to onboarding (or one-off transacting) and on an ongoing basis. The nature, extent, and timing of procedures can be tailored to fit the assessed risk arising from the relationship. These procedures can be performed inhouse, outsourced, or with the use of third-party tools to expedite and/or simplify the process.

S – Systematic Review, Monitoring and Enforcement
• The systematic review and monitoring of the anti-corruption program is an ongoing, multi-team/departmental activity, and should span all aspects of the anti-corruption program including risk assessment, vendor management, employee management, financial transactions, whistleblowing, system audits, training, communications etc. The prioritisation of review areas, extent of procedures, and associated monitoring frequency should take into consideration the outcomes of the risk assessment, and the outputs of the monitoring performed should in turn feed the next risk assessment exercise.
• Data analytics can be used to identify underlying/emerging issues, irregularities, fraudulent activity, and support the development of mitigating actions to address gaps and further enhance existing processes and controls. We discuss the importance of data analytics in a compliance program here.

T – Training and communication
• There are various communication channels organisations can use to embed and strengthen its anti-corruption culture within and outside of the organisation (e.g. townhalls, company website, screensavers, banners, and campaigns). This can be supplemented by more targeted communication for higher risk circumstances (e.g. before the start of festive seasons/more regular reminders to staff in roles more susceptible to corruption risks).



Moving beyond paper compliance

Having an anti-corruption compliance program that looks good on paper is not enough for an organisation to demonstrate they have established adequate procedures. As well as considering the above takeaways to help operationalise the program, organisations should also conduct periodic independent reviews to provide added assurance to their BOD and top management over its robustness. With S17A now 12 months old, have you considered conducting an independent review of your organisation’s anti-corruption compliance program?

Prevent. Detect. Respond.

Deloitte Malaysia’s Forensic team comprises of professionals experienced in helping companies assess allegations of corporate fraud or financial mismanagement and respond to regulatory inquiries. Our forensic investigators bring the financial acumen, forensic accounting and investigative skills, coupled with the use of data analytics and discovery tools to help conduct investigations with a wide range of complexity.

Deloitte has assisted numerous organisations in designing, implementing and reviewing their anti-bribery and corruption compliance programs to comply with S17A. This includes designing and executing gap and risk assessments, creating and updating policies, procedures, and templates, and conducting interactive and customised training sessions.

For further details on our Forensic service offerings, please click here.

Did you find this useful?