LETTERS: Corporate anti-bribery and corruption efforts would prove futile without a comprehensive third-party risk management (TPRM) process.
I have come to realise that many organisations are looking at TPRM wrongly when adopting existing technology, processes and procedures to manage the risks of bribery and corruption.
The enforcement of Section 17A of the Malaysian Anti-Corruption Commission (MACC) Act 2009 back in 2020 (Corporate Liability Provision) had clearly established that strict liability is placed upon senior management and board of directors of commercial organisations for active bribery perpetrated by any "persons associated" with it for the benefit of the organisation.
Keep in mind that the definition of "persons associated" covers internal and external parties acting on the organisation's behalf.
So, MACC is now focused on the fact that the onus falls on those running the commercial organisation to prove that they were not part of the offence and had put proper "adequate procedures" to prevent the "persons associated" from acting corruptly at their expense.
According to the Ministerial Guidelines on Adequate Procedures released in December 2018, commercial organisations are responsible for establishing preventive measures "proportionate" to their nature of business and context of the environment in which it operates.
Commercial organisations must ensure that a comprehensive corruption risk management process is practised to drive their decisions on resource allocation, internal controls (financial and non-financial), monitoring activities and continuous actions for bribery and corruption prevention and deterrence.
As the risk assessment and management processes form as a basis for establishing these "proportionate" measures, many seem to neglect the high exposure from those in the supply chain, subsidiaries, intermediaries and partner firms acting on their behalf.
Transparency International Malaysia's latest publication on Guidance for Good Practice and Checklist for Adequate Procedures (2022) stresses the importance of maintaining policies and procedures for due diligence through specific type of "person associated".
And, the risk it poses to the commercial organisation, having documented a due diligence report prior to entering into an agreement and having relevant contract clauses, which requires compliance to the commercial organisation's anti-corruption/bribery programme.
The level of due diligence performed and criteria for re-appointments must be set based on the level of risk posed to the commercial organisation.
Risk profiles can be assigned to all third parties using a set of standard criteria which takes into account the geographical location of operations, geopolitical environment, types of transactions at stake and nature of partnership.
A salient feature of the MACC Act 2009 is its extra-territorial reach. Under the Act, a Malaysian citizen or permanent resident who commits an offence outside of Malaysia may be subject to prosecution.
Diligent management of significant investments are also pertinent to ensure acquisitions or mergers do not include elements of "corrupt intent".
This can be done with proper policies which highlights clear criteria for investments that resort to valuation, identification of overall corporate structures, its beneficial owners and rational behind business decisions.
The organisation's procurement policy is also vital to ensure that there is a basis for action throughout the procurement lifecycle, which includes strategic communication between various functions, assessment, approval, payments and performance evaluation of appointed vendors, contractors or other service providers.
As an addition to this, practices of managing third parties must be complemented with proper awareness, education and evaluation of vendor or contractor code of conduct, and accessible whistleblower mechanism in place.
With the current issues surrounding supply chain disruptions and global economic turmoil due to the war in Ukraine and resurgence of the Covid-19 pandemic, we should not make rash decisions when managing our third parties or undermine damages that the commercial organisation could incur due to the corrupt actions by any person or entity associated with it.
RAYMON RAM
Certified Fraud Examiner (CFE);
Certified Anti-Money Laundering Specialist (CAMS)
Petaling Jaya, Selangor