Leave us a message

Addressing the Twin Threats of Bribery and Corruption: Corruption Risk Assessments as a Basis for Action

Corporate Governance

Addressing the Twin Threats of Bribery and Corruption: Corruption Risk Assessments as a Basis for Action

  • Addressing the Twin Threats of Bribery and Corruption: Corruption Risk Assessments as a Basis for Action Addressing the Twin Threats of Bribery and Corruption: Corruption Risk Assessments as a Basis for Action
  • Date: May 03, 2024
  • Category: Corporate Governance
  • Print

Regular corruption risk assessments and robust third-party management practices are essential components for creating a culture of compliance and transparency. A 2023 survey by global advisory firm KPMG found that such assessments are common practice among global companies, with 71 percent of respondents conducting documented corruption risk assessments and almost half conducting these assessments on a regular basis.

Moreover, companies which implemented these assessments reported more engaged boards. “Respondents that performed (corruption) risk assessments were more than twice as likely to agree with the proposition that their boards are adequately engaged with respect to their anti-corruption compliance programs, resources and risks,” said KPMG. Conversely, respondents not conducting corruption risk assessments were approximately four times more likely to disagree with the proposition that their boards are adequately engaged with these topics.

Furthermore, the report stated corruption risk assessments are a foundational element of an effective compliance programme and helps to identify, prioritise and provide an important means of communicating internally, including with senior management and the board, about the anti-corruption programme and how best to deploy resources to manage and mitigate risk.

Regulatory Requirements

In Malaysia, regular corruption risk assessments are required by companies under tightening regulations to counter the twin threats of bribery and corruption. Section 17A amendment of the Malaysian Anti-Corruption Commission Act 2009 (MACC Act) which was passed in 2020, introduced the Corporate Liability Provision, which holds organisations accountable for criminal acts of bribery and corruption.1 Directors and senior management are now liable for the actions of any person involved in corrupt acts in their organisation, unless it can be proven that the organisation had undertaken “adequate procedures” to mitigate the fraud, bribery, or corruption risks from materialising.2

The supporting Guidelines on Adequate Procedures (GAP) issued by the Prime Minister’s department in December 2018, built on five ‘T.R.U.S.T.’ principles, states that corruption risk assessments should be reviewed periodically with a comprehensive assessment performed once every three years.

Companies listed on Bursa Malaysia are also bound to the listing requirements, that require all listed issuers and their board of directors to ensure that policies and procedures on anti-corruption and whistle-blowing are established and maintained throughout the organisation.3 Drawing from the GAP, these policies are to be reviewed periodically and corruption risk is to be included in the issuer’s annual risk assessment.4

Bursa Malaysia’s Enhanced Sustainability Reporting Framework also calls for the inclusion of anti-corruption matters and indicators to be reported in sustainability statements by Main Market-listed companies for or after the financial year ended 31 December 2023. ACE Market companies must fulfil this requirement for financial years ended on or after 31 December 2025. Common indicators used to disclose corruption risk include the percentage of operations assessed for corruption-related risks, as well as the percentage of employees who have received training on anti-corruption and confirmed incidents of corruption and action taken towards them.5

Value of Corruption Risk Assessment

To mitigate corruption risks, companies should adopt early preventative measures early on, proactively managing risks by anticipating challenges and strategically implementing solutions to minimise potential adverse effects before they occur.

According to KPMG6, corruption risk assessment can help a firm achieve a number of important compliance objectives, including:

  1. Fostering discovery of relevant risks, processes and controls
  2. Educating leadership about compliance concerns
  3. Promoting preventive and early detection strategies over reactive strategies
  4. Identifying business strengths and stakeholders
  5. Facilitating the satisfaction of corporate director obligations

Risk assessments can help businesses identify systemic weaknesses that could expose a company to corruption and bribery, as well as evaluate the likelihood and potential impact of corruption, according to the global anti-corruption coalition Transparency International.7

Corruption Risk Assessment - Basis of Anti-corruption Efforts

Referring again to the GAP’s ‘T.R.U.S.T.’ principles, a corruption risk assessment should form the basis of an organisation’s anti-corruption efforts. According to the guideline, the assessment should be used to establish appropriate processes, systems and controls approved by the top level management to mitigate the specific corruption risks the business is exposed to.

The GAP also recommends comprehensive risk assessments be done every three years, with intermittent assessments conducted when necessary. While these can be done on a stand-alone basis, companies are recommended to incorporate their corruption risk assessments into their general risk register. The following aspects should be covered:

  1. opportunities for corruption and fraud activities resulting from weaknesses in the organisation’s governance framework and internal systems/procedures;
  2. financial transactions that may disguise corrupt payments;
  3. business activities in countries or sectors that pose a higher corruption risk;
  4. non-compliance of external parties acting on behalf of the commercial organisation regarding legal and regulatory requirements related to anti-corruption;
  5. relationships with third parties in its supply chain (e.g. agents, vendors, contractors, and suppliers) which are likely to expose the commercial organisation to corruption.

Transparency International Malaysia (TIM) points out that risk assessments should cover all business activities across every location where the organisation has active operations. “There should be a prior process of stakeholder mapping to identify all associates through whom the organisation is exposed to corruption risk,” the organisation said.8

Third party relationships in particular are seen as the greatest risk in tackling corruption, according to KPMG’s survey in 2023. (See graph) In assessing these risks, companies can refer to literature on building effective third party risk management programmes, which could involve categorising these risks into high, medium and low categories. 9


Risk Assessment Tools

A variety of risk assessment frameworks have been developed by international organisations to support businesses in assessing their corruption risks.

1. United Nations Global Compact – A Guide for Anti-Corruption Risk Assessment

This guide seeks to provide a practical, step-by-step guidance on how to conduct an anti-corruption risk assessment. Includes a six-step process to complete the assessment: establish the process, identify the risks, rate the risks, identify mitigating controls, calculate remaining residual risk and develop an action plan.

2. Guidance on Good Practice and Checklist for Adequate Procedures

Transparency International Malaysia has developed a checklist to guide commercial organisations on the implementation of a holistic anti-bribery and corruption programme (ABC Programme) covering the actions of employees as well as associates within the organisation’s stakeholder network. Transparency International Malaysia included a risk assessment checklist in its guidance.


National Developments

Looking ahead, Malaysian companies can expect to see an increasing emphasis by regulators on strengthening corporate integrity and preventing corruption. Prime Minister Datuk Seri Anwar Ibrahim has reaffirmed his administration’s commitment towards improving corporate integrity and governance, with the aim of Malaysia reaching a Top 25 position in the global Corruption Perceptions Index within the next 10 years.10

To that end, the government is preparing to table the Public Sector Governance Act and Integrity Plan this year, a corruption-free governance guide for all entities in both the public and private sectors. MACC will also be launching its National Anti-Corruption Strategy 2024-2029 later this year, which will focus on the effectiveness of corruption prevention and improve governance and integrity in civil service administration and government-linked companies.11

By implementing corruption risk assessments as part of their broader anti-bribery and corruption plans, Malaysian companies can demonstrate their commitment to upholding corporate integrity in line with the country’s agenda of fighting corruption.

  • Tags : Corporate Governance

Other Trending