The Institute of Enterprise Risk Practitioners (IERP®) is the world’s first and leading certification institute for Enterprise Risk Management (ERM).

Image Alt

IERP® International Institute of Enterprise Risk Practitioners

  /  Thought Leadership   /  Section 17A, MACC Act’s definition of adequate procedure

Section 17A, MACC Act’s definition of adequate procedure

It may have been eclipsed by the virus, but Section 17A of the MACC Act which came into force on 1st June 2020, is set to have much longer-term effects. Because of this, all stakeholders – Boards, management, shareholders and employees – need to be aware of what it entails, and fully comprehend the implications and consequences of contravening this Section.

“Section 17A covers “outbound” bribes,” said Tang Ai Leen, Chief Risk, Integrity & Compliance Officer, Sime Darby Property. “Previously, it applied only to individuals but now corporations can be liable as well. The fines and imprisonment penalties are higher as well.”

Organisations would do well to know who the ruling applies to, and how they can be affected. All companies, including partnerships that are registered in the country, can be charged. This includes anyone who makes decisions for the firm, or is involved in the decision-making. “You need to prove you didn’t do it,” said Tang. How can this be done? In the case of commercial organisations, she said, they have to prove that they have adequate procedures in place to prevent it. However, “adequate” is not clearly defined and generally will depend on the size of the organisation, and its available resources.

Tang added that so far, nobody has been charged under this new provision but businesses have to tread carefully nevertheless. They need to be aware of the presumption of guilt under the Act, i.e., the accused is guilty until proven otherwise. But organisations are still in a bind because with the far-reaching consequences and implications of Section 17A, and its stipulations that lack clarity, they may not know where to start implementing the “adequate procedures” required. The key challenge also encompasses not having the required knowledge to start, and not having the necessary resources or not knowing where to get help. The guidelines are a practical starting point, Tang advised.

Organisations could also refer to ISO 37001 and the 2010 UK Bribery Act Adequate Procedures Checklist for some idea of where to start. “The principles behind adequate procedures are based on TRUST principles,” she said, starting with Top-level Commitment that takes integrity and ethics seriously. This encompasses full compliance and managing key corruption risks within the organisation, setting the right policy, and communicating it properly. The policy document may be a short, simple document that sets out the organisation’s approach to the issues in layman’s terms. “Communicate your policy to all stakeholders and the public in general,” she added.

To do this effectively, the organisation’s risk, audit and compliance teams have to be involved. She also urged the encouragement of honest, critical feedback. “Have a system that allows people to give you information confidentially and securely,” she suggested. “Manage corruption risk holistically; have a competent person to manage it.” A frank, honest Risk Assessment of the organisation needs to be conducted. Firms should recognise their weaknesses and address them – and this includes the giving and taking of bribes. Having established policy and conducted risk assessment, the next step is to Undertake control measures.

Tang said that one of the ways of doing this was to have due diligence processes in key transactional activities. These processes should have built-in feedback channels, and policies should be reviewed annually based on information gathered in this way, over a period of time. There should also be Systematic review, monitoring and enforcement of the policies and processes in place.

“Consider having external audit so that another party can tell you what is going on,” Tang said. Other areas to take into consideration include evaluating the competency of current resources, where they can be improved and performance reviews.

She recommended benchmarking against industry standards, and having independent party reviews to maintain objectivity. “Act against non-compliance,” she emphasised. When managing Training and Communication, organisations should use all channels at their disposal including e-mail, newsletters, townhalls, posters, billboards and even screensavers to get their message across, she said. External help with training may be necessary at the initial stage; training should be kept short to ensure that trainees take away what they are supposed to. “Do as much as you can,” she urged. “Show the court that you have tried.”

If they haven’t already done so, it is imperative that organisations start putting systems in place to address the issue of corruption. They should take cognisance of the fact that there is already new legislation that is intended to combat it. If it means doing things that they haven’t done, then they should invest in systems and training that will help them align with Section 17A. “Get help when you need it. Don’t struggle on your own,” urged Tang, stressing that businesses should acknowledge that it is going to be a journey – and not an easy one. Above all, organisations should not fall into denial, she added, and should not take the “it won’t happen to us” route.

She cautioned that Internal Audit should not be the one to conduct a Corruption Risk Assessment as this will be a conflict of interest. It can, however, help to identify where corruption can happen, such as at points where information can be leaked, procurement procedures can be sidestepped or compliance may not be as stringent as it should. In complying with Section 17A of the MACC Act, she said, companies will find that it pays to be honest, be willing to learn, and improve.

User registration

You don't have permission to register

Reset Password