Managing third-party bribery risks in corporate Malaysia

  • Letters
  • Thursday, 14 Jul 2022

Corporate anti-bribery and corruption efforts would prove futile without a comprehensive Third-Party Risk Management (TRPM) process.

As a consultant in the area of financial crime prevention, detection and response, I have come to realise that many organisations are looking at the TPRM wrongly when adopting existing technology, processes and procedures to manage the risk of bribery and corruption.

Putting matters into perspective, the enforcement of Section 17A, MACC Act 2009, back in 2020 (Corporate Liability Provision) had clearly established that strict liability is placed upon Senior Management and the Board of Directors of Commercial Organizations for active bribery perpetrated by any “persons associated” to it for the benefit of the Commercial Organization.

Keeping in mind that the definition of “person associated” covers both internal and external parties acting on the organisation’s behalf, the Malaysian Anti-Corruption Commission (MACC) is now focused on the fact that the onus falls on those running the Commercial Organisation to prove that they were not part of the offence and had put in place proper “adequate procedures” to prevent their “persons associated” from acting corruptly at their expense.

In fulfilling the Ministerial Guidelines on Adequate Procedures, released by the Minister in the Prime Minister's Department in December 2018, Commercial Organisations are responsible for establishing preventive measures which are “proportionate” to their nature of business and context of the environment in which it operates. Commercial Organisations would need to ensure that a comprehensive Corruption Risk Management (CRM) process is practised to drive their decisions on resource allocation, internal controls (financial and non-financial), monitoring activities and continuous actions for bribery and corruption prevention and deterrence.

As the risk assessment/ management process forms a basis for establishing these “proportionate” measures, many seem to neglect the high exposure from those in the supply chain, subsidiaries, intermediaries and partner firms acting on their behalf.

Based on the Transparency International Malaysia’s latest publication on the Guidance for Good Practice and Checklist for Adequate Procedures (2022), it stresses on the importance of maintaining policies and procedures for due diligence through specific type of “person associated” and the risk it poses to the Commercial Organisation, having documented a due-diligence report prior to entering into an agreement and having relevant contract clauses, which requires compliance to the Commercial Organisation’s anti-corruption/bribery programme (e.g. reflection of ABC Policy, termination in instance where corrupt acts had been detected and right to conduct investigation when an allegation or suspicion is encountered).

The level of due diligence performed and criteria for re-appointments must be set based on the level of risk posed to the Commercial Organisation.

Risk profiles can be assigned to all third parties using a set of standard criteria which takes into account the geographical location of operations, geopolitical environment, types of transactions at stake and nature of partnership.

A salient feature of the MACC Act 2009 is its extra-territorial reach. Under the Act, a Malaysian citizen or permanent resident who commits an offence outside of Malaysia may be subject to prosecution.

Diligent management of significant investments are also pertinent to ensure acquisitions or mergers does not include elements of “corrupt intent”. This can be done with proper policies which highlights clear criteria for investments that resorts to valuation, identification of overall corporate structures, its beneficial owners and rational behind business decisions.

The organisation's procurement policy is also vital to ensure that there is a basis for action throughout the procurement lifecycle which includes strategic communication between various functions, assessment, approval, payments and performance evaluation of appointed vendors, contractors or other service providers.

In addition, practices of managing third parties must be complemented with proper awareness, education and evaluation of vendor or contractor code of conduct, and accessible whistleblower mechanism in place.

With the current issues surrounding supply-chain disruptions and global economic turmoil resulting from the war in Ukraine and resurgence of the pandemic, we should stay mindful of not making rash decisions when managing our third parties or undermine damages that the Commercial Organisation could incur due to the corrupt actions taken by any person or entity associated to it.


Certified Fraud Examiner (CFE), Certified Anti-Money Laundering Specialist (CAMS)

Managing Principal

Petaling Jaya, Selangor

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Next In Letters

Stand in solidarity with police to fight terrorism
Hostile groups are a threat to the nation’s social fabric
Acting out violent ideologies
Urgent measures needed
‘Learn to say thank you, please’
Women in the workforce
Do more to promote Pulau Ketam to seniors
Curb children’s social media usage
Women leading the way to safer maritime workplaces
Separate events for better support for women shuttlers

Others Also Read