Malaysia: new corporate corruption liabilities

Back to Asia Pacific Regional Forum publications

Gan Khong Aik FCIArb
Gan Partnership, Kuala Lumpur


Lee Sze Ching, Ashley
Gan Partnership, Kuala Lumpur


Section 17A of the Malaysian Anti-Corruption Commission Act 2009 (MACC Act), which introduces corporate liabilities arising from corrupt acts by officers, came into force on 1 June 2020. In essence, the section extends corruption liability by a commercial organisation’s officers to the organisation itself.

In this article, we discuss the newly-enforced section and discuss the preventive measure which may be put in place to defend a commercial organisation.

Understanding section 17A of MACC Act

Section 17A primarily takes a leaf out of section 7 of the UK Bribery Act 2010 (UKBA). Being also a signatory to the UNCAC, the United Kingdom enacted the UKBA, which came into force on 1 July 2011. Under the UKBA, a commercial organisation could be liable for bribery, if a person associated with the organisation bribes another person intending to obtain a business advantage for that organisation.

A person is associated with the organisation, if this person performs services for or on behalf of the organisation. However, the organisation is able to salvage the situation if it had adequate procedures in place to prevent bribery. In other words, the UKBA affords a full defence to an organisation which fails to prevent bribery, notwithstanding having implemented an adequate prevention regime. What constitutes adequate will depend on the bribery risks, with regard to the nature, size and complexity of the business. That said, the bottom line would be to have an anti-bribery policy which is appropriate to the level of risk faced by the business.

The UK’s Ministry of Justice has issued guidance comprising the following six principles about procedures which commercial organisations can put in place to prevent bribery. These are:

  • proportionality;
  • top-level commitment;
  • risk assessment;
  • due diligence;
  • communication; and
  • monitoring and review.

Section 17A imposes strict corporate liability on a commercial organisation for the corrupt practices of its employees and/or associated persons, where these acts are carried out for the organisation’s benefit or advantage. The commercial organisation includes Malaysia-incorporated companies and companies incorporated outside Malaysia, which operate business or any part of a business in Malaysia. Consequently, it shall be noted that section 17A carries an extraterritorial effect as such liability may involve a foreign company with business presence in Malaysia.

Once section 17A has been triggered, the director, controller, officer, partner or anyone who is concerned in the management of its affairs is deemed to have committed the offence, unless one can prove that the offence was committed without their consent or connivance and the due diligence exercise was conducted to deter corruption.

On conviction, the corporate liability offence carries the following penalties, where a commercial organisation will be:

  • fined a sum of not less than ten times the value of the gratification, or MYR1m (approximately US$230,000), whichever is greater;
  • imprisoned for a term of up to 20 years; or
  • liable to both.

Formulating adequate procedures in accordance with ‘TRUST’ principle

To address the grave repercussions of section 17A, a company may put the defence of adequate control mechanisms in place to deter corruption, as provided in the section. While there is no definite and standard determination of ‘adequacy’ of corruption prevention policies and procedures, the question of whether a commercial organisation has implemented ‘adequate procedures’ depends on the level of risk faced in light of its size, nature and complexity of business. An organisation should therefore adopt a risk-based approach in drawing up polices and implementation procedures so as to fulfil the requirement of ‘adequate procedures’.

To assist companies in understanding what adequate procedures are, the Prime Minister’s Department has published guidelines relating to adequate procedures.[1] In essence, the adequate procedures should encapsulate the ‘TRUST’ principle:

T – Top-level commitment

The top-level management plays an instrumental role in raising awareness of transparency and integrity in the commercial organisation. These roles cover the practice of ensuring the highest levels of integrity and ethics, adhering to the anti-corruption regime and managing the key corruption risk of the organisation effectively.

To this end, it is suggested that a clear anti-corruption programme ('Programme') should encapsulate the following:

  • a secure reporting channel;
  • a competent person or function tasked with providing guidance and ensuring compliance with the Programme;
  • an engagement with all parties on the organisation’s Programme;
  • a line of authority for personnel tasked with overseeing the Programme;
  • a periodic review of risk assessment, control measures and the Programme’s performance; and
  • any audits results are reported to the top-level management and acted on.

R – Risk assessment

The core of an effective Programme lies in the assessment of corruption risk of a commercial organisation. Ideally, this assessment should be performed prior to the introduction of any anti-corruption programme, as such assessment would identify and mitigate the specific corruption risk in an organisation.

An assessment exercise may be taken by:

  • identifying and analysing the internal and external corruption risks involved;
  • documenting the risk assessment and its conclusions;
  • evaluating all factors which might increase the level of corruption risks; and
  • periodically adopting the practice of having a thorough assessment of the corruption risks of the organisation.

U – Undertake control measures

Having identified the signs and risks of corruption, a commercial organisation is able to introduce appropriate policies and procedures to prevent corruption. On endorsement by top-level management, these policies and procedures should be made available for access by employees and the public. Furthermore, these policies and procedures ought to be updated in accordance with the business needs and the laws from time to time.

These policies and procedures should cover:

  • key criteria and methodology for due diligence on any relevant parties;
  • a reporting channel for corruption incidents (whistleblowing);
  • a general anti-bribery and corruption policy for the organisation;
  • a conflict of interest policy;
  • a set of policies on gifts, entertainment, hospitality and travel, donations, and sponsorships; and
  • an established protocol on facilitation payments, financial controls, and other nonfinancial controls.

S – Systematic review, monitoring and enforcement

A commercial organisation should have both internal and external review mechanisms for the Programme, as the risk profile of the organisation may evolve over time alongside the expansion of business operations. The reviews and audits of the mechanisms should be properly documented and maintained on a permanent basis for the purposes of corporate governance and compliance. This would conserve the evidence required to defend the organisation, if and when the corporate liabilities under section 17A of the MACC Act are triggered.

T – Training and communication

Some trainings on the Programme would help the employees, suppliers, agents and any personnel associated with a commercial organisation learn about the organisation’s anti-bribery culture. In particular, the organisation may raise awareness about the forms of corruption, the specific risks associated with a position, sector or function in the organisation, and the consequences of corruption.

Two-way communications, both internal and external, are crucial to ensure that parties are aware of the Programme. Internal communications are likely to focus on implementing the Programme, including its management roles and implications for employees. One of the key aspects in enabling an effective internal communication is the provision of a secured, confidential and accessible channel for stakeholders to report and discuss matters connected to corruption in the organisation. External communications are targeted at parties that deal with the organisation. The key element of external communications is to deter external parties from bribing on the organisation’s behalf.

The introduction of section 17A is a commendable step in fulfilling Malaysia’s obligation under the United Nation Convention against Corruption (UNCAC). On 9 December 2003 (International Anti-Corruption Day), Malaysia became a signatory of the UNCAC, and ratified the UNCAC on 24 September 2008.

The new statutory provision aims to foster the growth of a healthy business environment, free of corruption which would create a level playing field among all players. At the time of writing, it was reported that the enforcing agency, the Malaysian Anti-Corruption Commission, had made two arrests under this section. It is prudent to for commercial organisations to draw up their anti-graft policies and to introduce adequate procedures.




[1]Prime Minister Department, Guidelines on Adequate Procedure, available at:, last accessed 5 July 2020.