Developing Anti-Bribery and Corruption Policies and Frameworks in Malaysia

Published on September 10, 2025

Why Businesses in Malaysia Must Take Anti-Corruption Seriously

If you are a business owner, director, or compliance officer in Malaysia, anti-bribery and corruption (ABC) rules affect you directly. The law now makes organisations responsible for the corrupt acts of their employees, agents, or even contractors. This means you can no longer claim ignorance if someone in your supply chain offers a bribe on your company’s behalf, making access to expert corporate legal services essential for safeguarding your business.

Even if you are running a small or medium-sized enterprise, the risks are real: legal penalties, damaged reputation, loss of clients, and possible blocklisting from future government or corporate contracts. Larger companies, particularly listed entities, face strict disclosure requirements and investor scrutiny.

How Corruption Issues Commonly Arise in Businesses

For many organisations, the risk of bribery does not always come from obvious misconduct. Instead, it may start with everyday practices that are overlooked or poorly managed. Common scenarios in Malaysia include:

• Festive gifts and entertainment
  • During Hari Raya, Chinese New Year, or Deepavali, lavish hampers, cash vouchers, or expensive dinners may cross the line from customary appreciation to bribery.
• Facilitation payments
  • Staff might make unofficial payments to speed up licensing approvals or customs clearance.
• Supplier kickbacks
  • Procurement officers may accept commissions or personal benefits in exchange for awarding contracts.
• Third-party risks
  • Distributors, sales agents, or consultants may offer bribes without the knowledge of the head office, but liability still falls on the company.
• Charitable donations or sponsorships
  • Contributions to events or organisations linked to public officials can create conflicts of interest if not properly vetted.

Left unchecked, these practices can quickly lead to investigations by the Malaysian Anti-Corruption Commission (MACC). For listed companies, Bursa Malaysia also requires disclosure of ABC frameworks and whistleblowing channels in annual reports.

The Legal Framework Governing Anti-Bribery in Malaysia

To understand your obligations, here are the key legal and regulatory instruments in Malaysia:

• MACC Act 2009 – Section 17A
  • This is the most critical provision. It introduces corporate liability for bribery. The company can be prosecuted if an employee, agent, or any “associated person” gives or receives a bribe for the organisation’s benefit. Directors and top management may face imprisonment unless they can prove that the company had “adequate procedures” in place.
• Guidelines on Adequate Procedures (T.R.U.S.T.)
  • The government issued these guidelines to help companies understand what constitutes “adequate procedures.” They focus on five pillars: top-level commitment, Risk assessment, undertaking control measures, Systematic review and monitoring, and Training and communication.
• Bursa Malaysia Listing Requirements
  • Publicly listed companies must have written anti-corruption policies, conduct regular risk assessments, and provide a whistleblowing framework accessible to employees and third parties.
• Whistleblower Protection Act 2010
  • This Act provides some protection to whistleblowers who report corruption to enforcement agencies. However, it does not always cover internal disclosures, so companies are encouraged to strengthen internal channels and anti-retaliation safeguards.
• MS ISO 37001 Anti-Bribery Management System
  • While voluntary, ISO certification demonstrates internationally recognised standards of compliance. It can be a valuable tool for organisations seeking investor trust or competing for government projects.

How Professional Legal Support Strengthens Your Defence

Navigating anti-corruption laws is not just about having a policy in place. It requires systems that actually work in practice. Legal advisors and compliance experts can help you by:

• Drafting and reviewing policies
  • Clear rules on gifts, hospitality, sponsorships, political donations, and facilitation payments should be created, with approval limits and proper registers.
• Conducting risk assessments
  • Identifying vulnerable points in your operations, such as procurement, licensing, or dealings with government officials, and tailoring controls to address them.
• Implementing due diligence
  • Screening and monitoring third parties such as contractors, consultants, and suppliers, and embedding anti-bribery clauses in contracts.
• Setting up whistleblowing frameworks
  • Establishing hotlines, online portals, or external providers to encourage safe, anonymous reporting of wrongdoing.
• Providing training and awareness programmes
  • Design role—specific training for directors, procurement teams, and frontline staff so that compliance becomes part of the company culture.
• Supporting investigations and audits
  • Conducting internal investigations when allegations arise, reviewing financial records, and preparing reports that show corrective action was taken.

With this support, your business is legally compliant and better positioned to win investor confidence and protect its long-term interests.

Practical Steps to Build an Effective Anti-Corruption Framework

Putting theory into practice is what makes the difference between a strong defence and a weak one. Here’s a step-by-step approach you can follow:

1. Secure Commitment from the Top

The board of directors and senior management must demonstrate zero tolerance for corruption. This includes issuing a formal ABC policy, allocating budget for compliance, and reporting regularly to stakeholders.

2. Conduct a Comprehensive Risk Assessment

Analyse where your business is most vulnerable. For example, a construction company may face risks securing project approvals, while a pharmaceutical distributor may encounter risks in hospital dealings.

3. Establish Control Measures

Develop registers for gifts and hospitality, set financial approval thresholds, and require dual signatories for high-value transactions. For procurement, ensure competitive bidding and proper documentation.

4. Strengthen Whistleblowing Channels

Offer multiple reporting options—phone, email, online portals—and ensure anonymity. Publish clear anti-retaliation policies to build confidence in reporting.

5. Invest in Ongoing Training

Training should not be a once-a-year box-ticking exercise. Use case studies relevant to Malaysia—such as festive gift-giving or dealings with licensing authorities—to make sessions practical and relatable.

6. Monitor and Review Regularly

Conduct annual reviews and internal audits. Use data analytics to flag unusual payments, inflated invoices, or high-risk vendor patterns. Report findings to the board and take corrective action promptly.

7. Consider ISO 37001 Certification

For companies in high-risk sectors like oil & gas or infrastructure, ISO certification can add credibility and reassure partners and investors.

8. Act Decisively When Issues Arise

If a report of bribery or corruption surfaces, investigate immediately. Document the process, discipline, or dismiss wrongdoers where appropriate, and implement new safeguards to prevent recurrence.

Real-World Example: Gifts and Hospitality

Imagine a supplier bidding for a contract offers your procurement manager a fully paid overseas trip. They might accept it without clear rules, putting your company at risk.

Under a firm ABC policy, such offers must be declared in a gifts register, reviewed by compliance, and either declined or approved only if reasonable and transparent. This simple control prevents both legal liability and reputational harm.

Real-World Example: Third-Party Agents

Consider a sales agent engaged to secure government contracts. If the agent offers bribes to officials without your knowledge, your company may still be liable under Section 17A.

To mitigate this, your contracts should include anti-bribery clauses, rights to audit, and immediate termination for misconduct. You should also conduct background checks and request regular compliance certifications from the agent.

Conclusion: Building Integrity for Long-Term Success

Developing an anti-bribery and corruption framework in Malaysia is not just about legal compliance—it is about protecting your business and building trust. By following the MACC Act, adopting the T.R.U.S.T. principles, and embedding strong procedures, you protect your company, employees, and investors.

The steps are straightforward: secure top-level commitment, assess risks, implement robust controls, train your people, monitor continuously, and act quickly when issues arise. With the right policies and systems in place, you can defend against legal liability, avoid reputational damage, and foster a culture of integrity that supports sustainable growth.

FAQ

1. What is Section 17A of the MACC Act, and why does it matter to my business?

Section 17A of the Malaysian Anti-Corruption Commission Act 2009 introduces corporate liability for bribery. This means your company can be held responsible if an employee, agent, or partner engages in corruption for the company’s benefit—even if management was unaware.

2. Who can be prosecuted under Malaysia’s anti-bribery laws?

If adequate procedures are not in place, the company and its directors or senior management can be prosecuted. Penalties include fines and imprisonment, making compliance a board-level priority.

3. What are “adequate procedures” under the law?

Adequate procedures are the preventive measures a company takes to stop bribery. In Malaysia, they follow the T.R.U.S.T. principles: top-level commitment, Risk assessment, Undertaking control measures, Systematic review, and Training and communication.

4. Do small and medium enterprises (SMEs) also need anti-corruption policies?

Yes. Section 17A applies to all commercial organisations, regardless of size. While SMEs may face fewer risks than multinationals, they are still legally required to implement proportionate anti-bribery controls.

5. How often should businesses conduct bribery risk assessments?

Risk assessments should be carried out at least once a year, and whenever significant changes occur—such as entering a new market, securing government contracts, or onboarding high-risk suppliers.

6. What types of gifts and hospitality are considered bribery in Malaysia?

Customary gifts or small tokens may be acceptable, but lavish hampers, overseas trips, or cash vouchers to influence business decisions can be considered bribery. Companies should set clear thresholds and approval processes.

7. How can companies protect themselves from third-party risks?

Third parties, such as sales agents, contractors, or consultants, can create liability. Companies should conduct due diligence, include anti-bribery clauses in contracts, and monitor third-party activities regularly.

8. Is ISO 37001 certification mandatory in Malaysia?

No, ISO 37001 is voluntary. However, certification can strengthen your compliance framework, reassure stakeholders, and demonstrate commitment to global anti-bribery standards.

9. What happens if a whistleblower reports corruption in my company?

The Whistleblower Protection Act of 2010 provides some protection, but only for disclosures to enforcement agencies. Internally, your company should give confidential reporting channels and anti-retaliation policies to encourage staff to speak up safely.

10. What should I do if bribery is discovered in my organisation?

Act immediately: investigate the allegation, document the process, discipline wrongdoers, and close control gaps. Swift corrective action can help mitigate liability and demonstrate compliance with “adequate procedures.”