Section 17A MACC Act: Have you adopted “Adequate Procedures”?

Pursuant to Section 17A(5) of the Malaysian Anti-Corruption Commission Act 2009 (MACC Act), the Prime Minister’s Department had issued the Guidelines on Adequate Procedures1 to prevent persons associated with a commercial organisation from undertaking corrupt practices. To comply with Section 17A, the starting point would be to formulate and implement anti-corruption policies, procedures, programmes, and controls around the T.R.U.S.T principles that were discussed in our previous article.

In this article, we highlight some aspects to be considered under the T.R.U.S.T principles in drawing up the “Adequate Procedures”.

T.R.U.S.T principles and “Adequate Procedures”

Whilst there is no definite and standard determination of “adequacy” of the corruption prevention policies and procedures, the question of whether a commercial organisation has implemented “Adequate Procedures” is dependent on the level of risk it faces in light of its size, nature, and complexity of business. Hence, an organisation should adopt a risk-based approach in drawing up the polices and implementation procedures in order to fulfil the requirement of “Adequate Procedures”. As an example, companies in the construction sector are generally more prone to corruption risks2 given the significant monetary value and the size of projects which involves numerous parties.

T – Top Level Commitment

The top-level management plays an instrumental role in raising awareness of transparency and integrity in the commercial organisation. On this aspect, these roles cover the practice of ensuring highest level of integrity and ethics; adhering to the anti-corruption regime; and managing the key corruption risk of the organisation effectively.

To this end, it is suggested that a clear anti-corruption programme (“Programme”) should encapsulate the following:

  1. a secure reporting channel;
  2. a competent person or function tasked with providing guidance and ensuring
    compliance with the Programme;
  3. an engagement with all parties on the organisation’s Programme;
  4. a line of authority for personnel tasked with overseeing the Programme;
  5. a review of the risk assessment, control measures and performance of the
    Programme periodically; and
  6. any audits results are to be reported to the top-level management and being acted upon.

R – Risk Assessment

The core of an effective Programme lies in the assessment of corruption risk of a commercial organisation. Ideally, this assessment ought to be performed prior to the introduction of any anti-corruption programme as such assessment would identify and mitigate the specific corruption risk in an organisation.

An assessment exercise may be taken by:

  1. identifying and analysing the internal and external corruption risks involved;
  2. documenting the risk assessment and its conclusions;
  3. evaluating all factors which might increase the level of corruption risks; and
  4. adopting the practice of having a thorough assessment of the corruption risks of the organisation on a periodic basis.

U – Undertake Control Measures

Having identified the signs and risks of corruption, a commercial organisation is able to introduce appropriate policies and procedures to prevent corruption. Upon endorsement by the top-level management, these policies and procedures should be made available for access by the employees and the public. Furthermore, these policies and procedures ought to be updated in accordance with the business needs and the laws from time to time.

These policies and procedures should cover:

  1. key criteria and methodology for due diligence on any relevant parties;
  2. a reporting channel for corruption incidents (whistleblowing);
  3. a general anti-bribery and corruption policy for the organisation;
  4. a conflict of interest policy;
  5. a set of policies on gifts, entertainment, hospitality and travel, donations, and sponsorships; and
  6. an established protocol on facilitation payments, financial controls, and other non- financial controls.

S – Systematic Review, Monitoring and Enforcement

A commercial organisation should have both internal and external review mechanisms for the Programme as the risk profile of the organisation may evolve over time alongside with the expansion of business operations. The reviews and audits of the mechanisms should be properly documented and maintained on a permanent basis for the purposes of corporate governance and compliance. This would preserve the evidence required to defend the organisation, if and when the corporate liabilities under section 17A of the MACC Act are triggered.

T – Training and Communication

Some trainings on the Programme would help the employees, suppliers, agents and any personnel associated with a commercial organisation to learn about the organisation’s anti- bribery culture. Particularly, the organisation may raise awareness about the forms of corruption, the specific risks associated with a position, sector or function in the organisation, and the consequences of corruption.

Two ways communications, both internal and external, are crucial to ensure that the parties are aware of the Programme. Internal communications are likely to focus on the implementation of the Programme including the management roles and the implications for employees. One of the key aspects in enabling an effective internal communication is the provision of a secured, confidential and accessible channel for stakeholders to report and discuss matters connecting to corruption in the organisation. On the other hand, external communications are targeted at parties that deal with the organisations. The key element of external communications is to deter external parties from bribing on the organisation’s behalf.

At the time of writing, it is confirmed that Section 17 of the MACC Act will be enforced on 1 June 2020 following the announcement by the Prime Minister’s Office on 21 May 2020. Commercial organisations are urged to draw up and implement suitable and sensible anti- corruption policies and procedures which would fit their organisations adequately.

This article is authored by:

Gan Khong Aik
Gan Partnership


Lee Sze Ching (Ashley)
Gan Partnership


DISCLAIMER: This article is for general information only and should not be relied upon as legal advice. The position stated herein is as at the date of publication on 26th May 2020. For any enquiries on this article, please contact Gan Khong Aik (