How can I safeguard my organization against corruption liability under Section 17A of the MACC?

The Section 17A of the Malaysian Anti-Corruption Commission Act 2009 (“MACC”) which came into force on 1st June 2020 introduced corporate liability for corruption offences committed by commercial organisations in Malaysia.

In a nutshell, a commercial organisation’s director, controller, officer, partner or any member of management, can be found guilty for any offence if an “associated person” to the organisation commits corruption for the benefit of the organisation.

An “associated person” is defined under the MACC to include directors, partners and employees of the commercial organisation and also any persons who performs services for and on behalf of the commercial organisation.

Any commercial organisation found guilty under Section 17A will be liable to a fine of not less than 10 times the value of the bribe or RM1 million, whichever is higher OR an imprisonment for up to 20 years. The onus would then fall on the commercial organisation’s management to demonstrate that adequate procedures and due diligence have been established and enforced to mitigate the deemed corruption offence.

Thus, taking pro-active measures in the form of an Anti-Corruption Compliance exercise and to implement relevant internal controls and safeguards in your organization is your best defence against such potential risks.

In this article, we will share some practical examples of the adequate procedures based on the 5 “T.R.U.S.T. principles” that we help our clients set up and implement into their organization as part of our MACC Audit & Compliance Exercise, with the aim of reducing the risk of corruption AND to safeguard themselves against the deemed liability should such risks materialize.

TRUST Principles

Back in December 2018, the Prime Minister’s Office issued guidelines on adequate procedures under Section 17A of the MACC (“Guidelines”). The Guidelines were issued to assist commercial organisations in understanding the adequate procedures to be implemented to prevent corrupt practices in an organisation.

In the Guidelines, 5 principles (also known as the TRUST principles) were outlined in the drawing up of the adequate procedures to be implemented by an organisation.

However, many organizations are still left wondering “what exactly can or needs to be done?”

The TRUST principles, along with practical actionable steps, are summarised as follows:

T – Top Level Commitment

This means that the top-level management of a commercial organisation is responsible to ensure that the organisation practices the highest level of integrity and complies fully with the applicable laws and requirements on anti-corruption.

The top-level management must build the organisation’s “tone from the top” and spearhead the organisation’s commitment to combat corruption. For example, a commercial organisation can carry out the following action items to demonstrate its top-level commitment:

  • Establish an organisation-wide “Anti-Corruption Policy” that sufficiently addresses corruption risks and outlines regulations, authorisations required, sets out specific monetary thresholds, for associated persons in an organisation to comply with. This one single “Anti-Corruption Policy” can be adopted (with some customisations) even for groups of companies, with presence in different countries.
  • Perform periodical review on existing anti-corruption policies and regulations in the commercial organisation once basic compliance is setup.
  • Issue communications on the organisations’ policies and commitments on anti-corruption to both internal and external parties. This can take the form of an email blast, a newsletter, notices & infographics displayed in physical premises, to inform relevant parties of the active efforts that management has taken and will continue to take, in ensuring clean and lawful business practices.
  • Ensure that the results of any audit and risk assessment are reported to all top level management. Crafting a “Whistleblowing Policy” will be useful in creating a clear reporting channel with the assurances of protection from persecution of the whistle blower.

R- Risk Assessment

The initial formulation of the Risk Assessment for the organisation is always the toughest, but it does get easier once the framework is set up. In conducting a risk assessment, the risk areas that a commercial organisation should assess include but are not limited to the following:

  • identifying and grading the potential opportunities for corruption and fraud activities in the conduct of the commercial organisation’s business operations (e.g. business activities with high risk countries);
  • any financial transactions or facilitation payments that may be disguised as corrupt payments (e.g. payment through improper channels or payments made through an agent or intermediaries); and
  • any relationships with third parties which may likely expose the commercial organisation to corruption.

We adopt a practical and systematic approach using a “Risk Assessment Matrix” for each key department within the organization, to first identify risks via a thorough Questionnaire, followed by a ranking of the probability and impact to the organization, and finally to record active measures to mitigate such risks.

A commercial organisation should conduct periodical corruption risk assessments to ensure that its regulations and policies relating to anti-corruption are updated to reflect any changes in the law. Under the Guidelines, it is recommended that a risk assessment is done every 3 years with intermittent assessments conducted when necessary.

U- Undertake Control Measures

After conducting a risk assessment in the commercial organisation, appropriate controls and contingency measures should be implemented to address and overcome those identified corruption risks.

Briefly, the common controls and measures that should be undertaken by any commercial organisation include the following:

  • Due diligence – to conduct background or know your customers (“KYC”) checks on relevant parties that the commercial organisation has business dealings with (e.g. vendors, suppliers, agents, consultants, employees, directors etc.) to verify the identity of the respective parties. This also helps to identify any potential conflicts of interest or related party transactions, which could also attract liability to the Board of Directors under the Companies Act 2016.
  • Reporting channel – to establish an accessible and confidential reporting channel for internal and external stakeholders to raise concerns if they have a reasonable belief that corrupt practices are occurring in a commercial organisation (e.g. develop a whistleblowing policy to encourage associated persons to report any suspected or actual corruption incident in the organisation). While it requires a balancing of proportionality for each organization, setting up just a dedicated email address (without anything further) is not sufficient. The whistleblowing policy should contain assurances of non-persecution for the whistle blower, proper procedures of escalation and investigation, not unlike a domestic inquiry or disciplinary procedure.

Such controls and measures can also be established by having comprehensive policies and procedures to deal with general anti-bribery and corruption, conflicts of interest, any gifts, entertainment, hospitality and travel in the organisation and to implement adequate financial controls to monitor payments made to external parties. These measures should then be customized and adjusted depending on the organization’s culture, industry, practical needs and acceptable practices.

S- Systematic Review, Monitoring and Enforcement

Top-Level Management of commercial organisations is advised to ensure that regular reviews are carried out to assess the performance, efficiency and effectiveness of the anti-corruption policies and procedures implemented in a commercial organisation.

Also, it is recommended that commercial organisations conduct external audit by an independent third party at least once every 3 years to ensure that the organisation complies with the implemented policies and procedures concerning corruption.

The commercial organisations should always monitor the performance of employees in the organisation and ensure compliance with any anti-corruption policies and procedures implemented by the commercial organisations.

In the event any employee is found to be non-compliant with the organisation’s policies and procedures, actual disciplinary proceedings should be taken against those employees to demonstrate the organisation’s stance against corruption. Avoidance or delay in such action can be detrimental and be interpreted to be an endorsement by management of such behaviour.

Reviewing of the organization’s HR Handbook and employment contracts for consistency in policy will be an important part of this process.

T- Training and Communications

Employees and business associates should be provided with adequate training to ensure thorough understanding and compliance with the policies and procedures implemented by the commercial organisation. Offering training to existing employees and also during the onboarding of new employees can set the tone from the get go.

In communicating the position of anti-corruption in the commercial organisation, the organisation should focus on the key points that should be communicated and ensure that the position is communicated clearly from top to bottom, from inside and out.

Communication of the organisation’s policies can easily be done through various mediums such as emails, newsletters and be published on the organisation’s official website to ensure that it is easily and continuously accessible to the public.


As the famous saying goes, ‘a little effort goes a long way’. It is time now, more so than ever, for commercial organisations to look into implementing the necessary framework to mitigate the risks of corruption in its business dealings with third parties.

Having a proper compliance framework to combat anti-corruption practices will not only protect the commercial organisation in ensuring compliance with the anti-corruption laws in Malaysia but will also benefit the organisation to build its growth and reputation in the long run, and allow the organization to conduct business on an international stage.

Do feel free to contact us if you’d like to find out more about how your organization can benefit from either a basic or comprehensive Anti-Corruption Compliance exercise that is proportionate to your organization.


This article was written by Shawn Ho (Partner) and Natalie Ng. Shawn leads the corporate practice group of Donovan & Ho, and has been recognised as a Notable Practitioner, whilst the firm has been recognised as a Notable Firm for Corporate and M&A by Asialaw Profiles 2020 and 2021.  We are also ranked as a Recommended Firm by IFLR1000 2020 and 2021.

Our corporate practice group advises on corporate acquisitions, restructuring exercises, joint venture arrangements, shareholder agreements, employee share options and franchise businesses, Malaysian start-up founders and can assist with venture capital funds in Seed, Series A & B funding rounds.  Feel free to contact us if you have any queries.


Training Programme = Employment?
Retraction of Job Offer is Not Unfair Dismissal

Latest Articles

The Cornerstone of a M&A Journey: Going Beyond the Basic Terms of a Term Sheet

by | March 13, 2024 |

LinkedIn Facebook Twitter Gmail Print Friendly The initial stages of a Merger and Acquisition (“M&A”) often involve parties trying to establish a meeting of minds on essential commercial terms, to […]

How ESG Trends and Laws Will Impact Early-Stage Fundraising for Malaysian Start-ups and SMEs

by | December 22, 2023 |

LinkedIn Facebook Twitter Gmail Print Friendly In Malaysia’s dynamic business landscape, Start-ups and Small-Medium Enterprises (SMEs) continue to be pivotal contributors to the nation’s economic growth. As responsible and sustainable […]

Proposed Amendments to Malaysia’s Companies Act 2016 – Enhancing Transparency on Beneficial Ownership 

by | December 15, 2023 |

LinkedIn Facebook Twitter Gmail Print Friendly Introduction In an effort to improve Malaysia’s corporate legal framework, a series of amendments to the Companies Act 2016 have been proposed by the […]

Share This