On Jan 31 2020, the UK Crown Court published its judgment approving Airbus’ settlement with the UK Serious Fraud Office.
Airbus faced five counts of indictment in relation to its failure as a commercial organisation to establish adequate procedures to prevent bribery by its associates. The judgment details a global network of agents and business intermediaries hired by Airbus who allegedly bribed customers to buy its civilian and military aircraft, resulting in new corruption inquiries being launched around the world, including in Malaysia.
The Malaysian position
This leads to a topic closer to home - the anti-corruption enforcement climate in Malaysia. The legislation governing the offence of corruption is the Malaysian Anti-Corruption Commission Act 2009, as amended by the Malaysian Anti-Corruption Commission (Amendment) Act 2018.
The key amendment is the addition of a new Section 17A, which takes its inspiration from anti-bribery legislation in the UK, and under which Airbus was charged. Section 17A will come into force on June 1 2020.
This section imposes strict corporate liability on commercial organisations for bribery offences committed by its associates: this extends not only to the actions of directors, managers and employees but potentially independent business partners along the supply chain (as was the case in the Airbus indictment).
Commercial organisations are exposed to a minimum fine of RM1mil or, if higher, 10 times the amount of the graft involved. The organisation’s only defence is that it must the implementation of “adequate procedures” to prevent the commission of bribery. Most notably, Section 17A imposes personal liability on officers and management personnel and exposes each of them not only to the same fine but to jail terms up to 20 years unless they can prove that they had no part to play in the bribery (neither consent nor connivance) and that they had done their due diligence to prevent the bribery from taking place (taking into account their function, capacity and the circumstances).
The requirement of an officer or management personnel to exercise due diligence to prevent bribery is an additional obligation not mirrored in the UK legislation.
Who should be concerned? Section 17A applies to companies, partnerships, and limited liability partnerships, which are either incorporated in Malaysia, or similar organisations incorporated abroad, but who carry on business in Malaysia, and directors, controllers, officers, partners and any person within the organisation with a management role are responsible.
What must organisations and managers do? Personal liability of management on top of strict corporate liability does indeed sound grave, but there are actions that can be taken to manage this risk exposure. The Prime Minister’s Office has issued the Guidelines on Adequate Procedures (Guidelines) which set out principles for the adequate procedures commercial organisations are expected to have in place if it hopes to defend itself against corporate liability.
At the same time, the Malaysian Anti-Corruption Commission has applied to the Department of Standards Malaysia to adopt and recognise the global standard, ISO 37001 Anti Bribery Management System, in Malaysia. The Guidelines are a legal requirement whilst the ISO 37001 is a voluntary standard but the requirements and recommendations in both greatly overlap.
Amongst the requirements of both the legal guidelines and voluntary standards are (1) tangible and significant engagement, leadership and oversight from top level management, (2) the conduct of a comprehensive risk assessment specific to the business model of the organisation, (3) actual undertaking of control measures proportional to risk (both financial and non-financial eg whistleblowing and due diligence), (4) a systematic review, monitoring, and enforcement of such control measures, and (5) the undertaking of training and communication throughout the organisation.
If there is one key thing to be learned from the Guidelines, it is that a generic protocol will not be accepted as adequate procedures for a legal defence. This is made even clearer in the UK’s judgment of the Airbus settlement where the judge took pain to note the failings in its established anti-bribery system (in particular, the failure of critical information flow from the business partners who engage with customers, and are at high risk of bribery, to the management committees making decisions on closing transactions). Organisations must carry out assessments to identify bribery risks based on its structure and design tailor-made solutions according to the risks so identified; further, the involvement of management in establishing the system and actual data of the procedures in operation must be well documented if the organisation hopes to succeed with its defence.
The best case scenario for having established and initiated anti-bribery procedures is acquittal if the measures are proven to be “adequate.” That said, even when falling short of the standard of being adequate, commercial organisations can seek significant penalty mitigation if it does have some measures in place. This can be seen in the Airbus settlement where the UK Serious Fraud Office agreed to a 50% discount to the financial penalty imposed; this is more than the usual 1/3rd discount given for an early plea in criminal proceedings. We should finally take note that the requirements of Section 17A is first and foremost a legal defence requirement and that the requirement for adequate procedures should not be confused simply with implementing conventional financial or internal audits within an organisation.
Financial controls are but a small subset of the larger legal compliance system to be established. In its essence, Section 17A shifts the burden of proof from the prosecutor to the organisation and its managers to prove that adequate procedures have been put in place (and in the case of managers, that they have also exercised due diligence in the matter). If the organisation and its managers cannot prove this, they commit an offense and are liable to its penalties.
A silver lining?
Admittedly, establishing adequate procedures do not come without significant cost, but considering the global development of corporate liability for graft, we may be able to extricate some commercial benefit from the requirements of Section 17A.
A few large countries have already implemented strict corporate liability for corruption (eg US, UK and India) and many more are expected to follow suit, in particular, following the success of the UK-model in its Bribery Act 2010 (which Malaysia has partly emulated) and as part of international obligations of those nation-states that have ratified Article 26 of the United Nations Convention Against Corruption, 2003; this Article 26 require its member states to adopt measures to establish liability for “legal persons.”
Moving forward, businesses around the globe will be imposing requirements on their supply chain to have in place anti-corruption protocols as part of the former’s regulatory compliance.
It would shrewd for businesses to quickly put in place visible and effective procedures so that it can leverage on its anti-bribery management system to expand its customer base to those organisations required by global regulations to ensure that their supply chain does not engage in bribery on their behalf.
The global development of corporate anti-bribery management laws is relatively new (except for the US with its Foreign Corrupt Practice Act since 1977) and completely novel in Malaysia (Section 17A will only come into force on 1 June 2020). On top of a first mover advantage, it would be worthwhile to consider obtaining a legal “sign-off” and certification from a reputable certification body to reduce the amount of due diligence that would otherwise be needed for regulated customers to on-board new suppliers or for a regulated principal to engage an agent or a business partner.
Ang Siak Keng and Nadarashnaraj Sargunaraj are partners in Zaid Ibrahim & Co, Malaysia (a member firm of the ZICOlaw network). Ang’s practice focus is mergers and acquisitions, foreign direct investments and regulatory compliance exercises. Raj’s expertise is in communication, media and technology, competition, compliance and governance and data protection.
The views expressed here are the writers’ own.