Section 17A MACC Act: What are the lessons learnt from foreign case studies?

With effect from 1st June 2020, following the introduction of the new Section 17A of the Malaysian Anti-Corruption Commission Act 2009 (“MACC Act”), there shall be a strict liability imposed on a Commercial Organisation for its failures to prevent a person associated with it from committing corrupt practice for its benefits. The Commercial Organisation shall be liable, irrespective of whether the person associated with it is eventually liable for the corrupt practice. The only defence for the Commercial Organisation is to establish that it has implemented a set of adequate preventive measures that fits its organisation, at the time when the corrupt practice was committed.

As the publication of our last article in the series coincides with the first day on which Section 17A of the MACC Act is enforced, we attempt to derive some lessons based on the cases decided under Section 7 of the United Kingdom Bribery Act 2010 (“UKBA”) – the origin of our Section 17A of the MACC Act.

What are “adequate preventive measures”?

The mere set up of preventive measures in accordance with the T.R.U.S.T principles, as outlined in the Guidelines on Adequate Procedures, does not necessarily mean that a Commercial Organisation has put in place adequate preventive measures for the purposes of establishing the defence under Section 17A(2) of the MACC Act. Since Section 17A of the MACC Act is principally modelled upon Section 7 of the UKBA, the following case studies to Section 7 of the UKBA may provide some useful pointers for the establishment and implementation of the adequate preventive measures as envisaged under Section 17A(2) of the MACC Act.

Case Study #1: R v Skansen Interiors Ltd1

The Transaction
R v Skansen Interiors Ltd
is the first contested prosecution case under Section 7 of the UKBA. Skansen Interiors Ltd (“SIL”), a small refurbishment company with approximately 30 employees, was a subsidiary within the Skansen Group. The prosecution alleged that the Managing Director of SIL paid £10,000 to a project manager of a real estate company to secure the tenders for two office refurbishment contracts worth £6 million.

A further payment of £29,000 was offered and requested. However, the new Chief Executive Office of SIL was concerned with the legitimacy of this transaction. He then conducted an internal investigation within SIL and implemented a new anti-bribery policy upon knowing that there was no anti-bribery policy in place. Consequently, the £29,000 payment was stopped and SIL submitted a suspicious activity report to the National Crime Agency and self-reported the matter to the authorities asking them for a further investigation

SIL was charged under Section 7 of the UKBA. At the trial, the prosecution submitted that, among others, there were little evidence suggesting that SIL’s endeavours to instil anti-bribery culture in light of the enforcement of the UKBA.

Notably, the failure to revamp compliance controls and to assign a designated employee to oversee the anti-bribery compliance, lack of communication and trainings to its staff on the company policies, and the failures to have a documented independent reporting channel to senior management.

To defend its case, SIL’s arguments include sophisticated and substantial anti-bribery controls were unnecessary due to its small operation scale, it is a matter of common sense for its staffs not to bribe, contractual clauses providing for prohibition of bribery and occurrence of bribery as a ground for termination, and multiple approval levels for every transaction as part of its financial control system.

The Decisions
Despite the existence of policies and other internal controls to prevent bribery, SIL was convicted on the basis that such measures were inadequate. The submissions of the prosecution gave an insight into the basis of assessing the adequacy of the procedures and policies.

A key takeaway to be highlighted from this case is that the implementation of non-specific policies and normal accounting controls in SIL were regarded as inadequate procedure, irrespective of how small the business is. The justification for pursuing the prosecution is another significant point to be noted – it was reported that the prosecution wished to ‘send a message’ to other companies that did not have in place adequate procedures.

Case Study #2: Serious Fraud Office v Standard Bank Plc2

The Transaction
Standard Bank Plc (“Standard Bank”), a UK regulated Bank, was a subsidiary of Standard Bank Group Ltd (“SBG”) which is registered in South Africa. SBG was also the ultimate parent of the Dar es Salaam-based Stanbic Bank Tanzania Ltd (“Stanbic Bank”). In 2012, Standard Bank and Stanbic Bank jointly bid for the mandate to raise public funds for the Government of Tanzania (“GoT”) and a combined fee of 1.4% of the gross proceeds raised from the joint exercise was quoted.

Stanbic Bank later increased the proposed fee to 2.4%. The additional 1% would be paid to a local Tanzanian Company (“Local Partner”), where the Chairman and Chief Executive Officer were respectively a serving member of GoT and a past office bearer of the Tanzanian Capital Markets and Securities Authority. Despite an apparent conflict and risk, Stanbic Bank did not address such issues.

The involvement of the Local Partner with an increased fee were only disclosed to Standard Bank after Stanbic Bank proposed such arrangement to GoT. Accordingly, GoT awarded the mandate with the proposed fee of 2.4% to Stanbic Bank and Standard Bank. The mandate signed by the two banks and Ministry of Finance for GoT did not mention any third party’s involvement. However, the fee letter indicated that the two banks were collaborating with its partner.

Further, it is peculiar to note that the arrangement was structured for the public funds to be paid to the Local Partner via Stanbic Bank, without any direct payment made to GoT. Stanbic Bank allowed the opening of the account by the Local Partner without looking into its connection with politically exposed persons, even though the checklist of the regulatory checks undertaken by Stanbic Bank had indicated that the account was high risk.

On the other hand, whilst Standard Bank had implemented applicable policies in this regard, the policies were unclear as to whether checks and due diligence over the Local Partner need to be performed by Standard Bank. Despite the presence of obvious red flags for bribery, the deal team at Standard Bank, neither conduct a check and due diligence, nor appear to have raised any questions or concerns about the arrangement being corrupt. Instead, the deal team at Standard Bank relied entirely on Stanbic Bank to conduct checks and raise any concerns as regards to the Local Partner.

By the completion of the fund raising, the amount to be raised stood at a substantial sum. In the absence of any evidence showing services done by the Local Party, the increased 1% of fee quoted for the fund raising exercise was paid to and withdrew by the Local Partner in large cash amounts from its bank account with Stanbic Bank. Concerns were raised about these withdrawals by the staff at Stanbic Bank and SBG was alerted thereafter.

Upon being informed of the incident by SBG after an internal investigation, Standard Bank instructed a law firm to report the matter to the Serious and Organised Crime Agency and the Serious Fraud Office (“SFO”).

The Decisions
The SFO was satisfied that the evidence is capable of establishing a realistic prospect of conviction of offence for failing to prevent bribery, contrary to Section 7 of the UKBA. While Section 7 of the UKBA provides that adequate procedures implemented to prevent bribery as a defence, the SFO concluded that the applicable policy of Standard Bank was unclear and was not reinforced effectively to the deal team at Standard Bank through communication and/or trainings.

Particularly, the trainings did not sufficiently address the relevant obligations and procedures where two entities within SBG were involved in a transaction, where the other entity of Standard Bank engaged an introducer or a consultant. In addition, Standard Bank also failed in not identifying the presence of politically exposed persons and not addressing the arrival of a third party charging a substantial fee. In short, an anti-bribery culture was not effectively demonstrated within Standard Bank as regards the transaction at issue.

In approving the Deferred Prosecution Agreement (DPA) as negotiated between SFO and Standard Bank, the Court considered and endorsed the part of DPA that requires Standard Bank to enhance its policies and processes in respect of third parties, and improve its training in respect of anti-bribery and corruption policies with the assistance of an independent specialist.


Both cases clearly illustrate and highlight some pertinent judicial observations as to what constitutes adequate preventive measures for a Commercial Organisation, amongst others:

  1. the mere existence of preventive procedures in a Commercial Organisation is not adequate; there is a need to have clear preventive measures which are effectively functioned that enable the prevention, detection and eventually response, in the event of the occurrence of corrupt practices;
  2. the preventive procedures of a Commercial Organisation must set out clearly the obligations of its employees and external service providers;
  3. a Commercial Organisation should not depend on a third party to carry out anti- corruption due diligence in any joint venture effort, and must designate a person to the role of anti-corruption compliance;
  4. a Commercial Organisation must communicate effectively and provide sufficient trainings to its employees and other stakeholders involved to cultivate anti-corruption culture to ensure that the preventive measures are in fact being understood and implemented;
  5. the size of a Commercial Organisation is immaterial, the preventive measures must adequately respond to the obvious risk of corrupt practices corresponding to the nature of its business; and
  6. a periodical review of the risk assessment is a must for a Commercial Organisation to ensure that the preventive measures remain fit for the purpose of anti-corruption.

The risk assessment by a Commercial Organisation shall form the cornerstone of its preventive measures. To this end, independent professionals such as, lawyers or auditors must be engaged in this process, so that the evaluation of the risk factors can be carried out in an objective and transparent manner for the preventive measures to be adequate.

This article is authored by:

Gan Khong Aik
Gan Partnership


Lee Sze Ching (Ashley)
Gan Partnership


DISCLAIMER: This article is for general information only and should not be relied upon as legal advice. The position stated herein is as at the date of publication on 1st June 2020. For any enquiries on this article, please contact Gan Khong Aik (