Incidents of fraud and bribery pose significant threats to the integrity and reputation of organisations in Malaysia. To combat these risks, companies must implement robust risk management strategies across all corporate functions. These risk management practices are currently in place through a mix of internal processes, certifications and implementing good practices in managing employees and third parties.

In this case study, we examined the best practices of three prominent Malaysian organisations – Bank Negara Malaysia, Khazanah Nasional and Kumpulan Wang Persaraan (Diperbadankan) [KWAP], when it comes to mitigating fraud and bribery risks effectively.

Case Study 1: Bank Negara Malaysia’s Whistleblowing Policy

A whistleblowing policy enables individuals within an organisation or the public to report improper conduct that has occurred within the organisation. Effective whistleblowing measures must address several barriers to report the wrongdoing, such as fear of retaliation, the level of trust within the organisation, apathy and a personal preference of not interfering with others’ affairs.

As part of its plan to implement an effective whistleblowing policy, Bank Negara Malaysia, the central bank of Malaysia has defined what type of offences fall under the scope of “improper conduct” on its website. These include:

1. Criminal offences by the bank’s officers, employees and directors including fraud, corruption or abuse of power;
2. Misuse of the bank’s funds or assets;
3. Gross mismanagement within the bank;
4. Breach of the bank’s code of ethics by its officers and employees;
5. Breach of the bank’s vendor code of conduct by vendors
6. Failure to comply with the provisions of laws administered by the bank by any person
7. Assisting a person to commit any of the above instances of improper conduct
8. Detrimental action taken against whistleblowers and persons closely related to the whistleblowers.

In addition, Bank Negara has also explained the types of protection given to whistleblowers as outlined under the Whistleblower Protection Act 2010. The central bank also explains situations in which protection of whistleblowers would be revoked, as well as brief guidelines on what details whistleblowers should disclose in their report. The information whistleblowers are recommended to provide to support their allegations include a description of the improper conduct, names of individuals who committed the incidents or are involved in the improper conduct, and any evidence or supporting documents.

This information should be reported via the correct communication channels, Bank Negara states on its website. The central bank lists these steps on its website so the information is available to all employees and members of the public. As shown in the table below, whistleblowers should report alleged wrongdoing to the relevant authorities based on the alleged wrongdoer. The email addresses of the designated persons are also available on Bank Negara’s website, as well as a mechanism for reporting wrongdoing via physical letters.

Source: Bank Negara Malaysia

By publishing its whistleblowing policy on its corporate website and disclosing all pertinent information to support whistleblowers, Bank Negara makes it accessible, convenient and secure for employees and members of the public to report any misconduct. It also signals to stakeholders that the bank is committed to fighting fraud, bribery and corruption.

Case Study 2: Khazanah Nasional’s Code of Conduct and Code of Business Ethics

Khazanah Nasional Berhad, as the sovereign wealth fund of the government of Malaysia, is mandated with growing the country’s long-term wealth and contributing to its economic development.

Khazanah has published a Code of Conduct for its employees, which provides guidance on the standards of behaviour for all of the organisation’s staff, including those in the regional offices. The handbook explains the company’s core values and outlines the company’s code which covers duty of confidentiality, independence and conflict of interest and professional conduct, and provides a framework for ethical decision making to guide employees how to approach real-life situations. The Code of Conduct is available online to inform the public of the standards of behaviour that Khazanah’s employees are to hold themselves to when dealing with, among others, Khazanah’s business associates.

As a counterpoint reference for their business associates, Khazanah has established a Code of Business Ethics which provides guidance on how to conduct sustainable business relationships with Khazanah, and applies to, among others, contractors, consultants, agents, advisors, and suppliers. The code is based on seven key principles:

1. Act with Integrity – Business associates are to conduct all procurement and business activities with integrity and must not disclose any confidential information.
2. Maintain accountability – Business associates are to maintain full accountability for the goods and services that they provide and honour their commitments.
3. Avoid the appearance of or actual conflicts of interest – Business associates must immediately declare real or potential conflicts of interest to Khazanah.
4. Abide by the rule of law – Business associates must comply with all applicable laws and avoid practices which can lead to bribery, corruption and other prohibited business practice.
5. Honest representation – Business associates must provide honest representations of their organisation, its qualifications, experience and capabilities.
6. Prohibit any form of gifts or business courtesies to procure favours and/or unfair advantage – Business associates must never give or agree to give a bribe, kickbacks or bartering arrangement in any form (donation, cash, gift or other incentives) to Khazanah’s officers, their families or on behalf of Khazanah to other people.
7. Business sustainability – Business associates should aim to implement best practices to foster sustainability, such as having good corporate governance, minimizing carbon emissions and maintaining the wellbeing of their employees.

In addition to complying with the key principles of Khazanah’s Code of Business Ethics, the fund’s business associates must also demonstrate that they have implemented their own anti-corruption measures such as policies, processes and procedures to prevent misconduct committed by their officers.

By clearly outlining its code of business ethics and making the guidelines publicly available via its website, Khazanah helps its vendors understand and manage the bribery and corruption risks that might arise within their organisations.

Using both its Code of Conduct and Code of Business Ethics, Khazanah helps its vendors understand and manage the bribery and corruption risks they may face, whether those risks arise within the vendors’ organisation, among their employees or agents, or externally within the course of their relationship or activities with Khazanah and/or its employees.

To underscore and enforce its commitment to champion integrity and corporate governance, Khazanah specifies a whistle-blowing channel in the Code of Business Ethics by which its business associates may escalate their concerns. Details of that whistle-blowing channel is also publicly available via the Khazanah website, making it accessible to individual employees or agents of Khazanah’s business associates.

Case Study 3: KWAP’s Integrity and Governance Office

KWAP is a statutory body that manages pension funds for Malaysian civil servants. In 2019, KWAP established its Integrity and Governance Office, an independent body that reports to the organisation’s Board Integrity Committee and is given the authority to enforce the organisation’s anti-bribery and anti-corruption compliance measures.

In December 2021, KWAP was certified with ISO 37001:2016 Anti-Bribery Management System (ABMS). Complying with external standards such as ISO 37001 supports KWAP’s efforts in strengthening its ethical practices by offering a clear framework for action that is aligned with its own risk profile.

KWAP’s Integrity and Governance Office, which is an integral component that helps maintain its ISO 37001 certification, is responsible for undertaking the following tasks:

1. Setting, reviewing and achieving KWAP’s objectives on integrity, anti-bribery and anti-corruption
2. Managing the design and implementation of KWAP’s Anti-Bribery Management System (ABMS)
3. Providing advice and guidance to KWAP staff on the ABMS and anti-corruption compliance programme
4. Reporting on the performance of the ABMS and opportunities for improvement or need for change
5. Ensuring the integrity of the ABMS is maintained when changes to the ABMS are planned or implemented.

The Integrity and Governance Office is also tasked with verifying and investigating the authenticity of claims of abuse of power and bribery. To facilitate its anti-corruption efforts, the IGO has established online platform on its intranet for sharing integrity and anti-corruption information among its employees. Additionally, a dedicated section on Integrity and Governance is available on KWAP’s official website which is open to the public, providing easy access to integrity and governance information and documents along with their whistleblowing channels.

In 2020, KWAP developed an Organisational Anti-Corruption Plan, which is a 5-year programme designed to strengthen the organisation’s governance and anti-corruption measures.

In conclusion, the case studies above indicated that there are multiple ways where organisations can implement systems to combat bribery and fraud risk. While these examples highlight the best practices implemented by Malaysian prominent organizations, companies are recommended to tailor their own policies on anti-bribery and corruption to meet organisational needs and industry standards.