"Compliance Framework" is a structured process or system through which companies demonstrate that they have conformed to specific requirements in laws, regulations, contracts, strategies and policies.
Compliance Framework forms an integral part of the corporate governance. The board of directors plays a key role in ensuring the good corporate governance practices and it is the board's responsibility to endorse and develop the organization's policies in compliance with the relevant laws.
In this edition, we will examine the importance of developing and implementing company's policies and procedures as part of the Compliance Framework in business corporations.
2. Creation of Company's Policies and Guidelines
The board of directors in ensuring the Compliance Framework may, among others, develop adequate and updated policies and procedures not only for compliance with the relevant laws (or known as Regulatory Compliance, which is further discussed at section 3 herein), but also for guidelines of managerial and operational matters.
The Malaysian Code of Corporate Governance ("MCCG") provides practices in which business corporations should adopt. One of the main practices are for business corporations to develop and implement various policies and procedures.1
Creation of policies and procedure may cover the process and guidelines relating to management, operation, employment and others. See the non-exhaustive list of policies and procedures as below:
(1) Remuneration Policy and Procedures for Directors and Senior
(2) Policy on Nomination and Appointment of Directors
(3) Policy on Conflict of Interest
(4) Limits of Authority to decide and approve business procurement
(5) Employment handbook / Code of Conduct and Ethics.
3. Example of Policies for Regulatory Compliance
As mentioned at the above, another important area to consider in the Compliance Framework is the Regulatory Compliance. "Regulatory Compliance" ensures business organizations comply with the laws and regulations in the relevant jurisdictions. As laws are constantly evolving and changing, business corporations seek to continuously be in compliance with the latest laws by having the updated policies and procedures as their guidelines.
The following items are the example of policies under the umbrella of Regulatory Compliance that are commonly in place within business corporations: -
(1) Anti-Money Laundering Policy
The law that governs anti-money laundering in Malaysia is the Anti-Money Laundering and Anti-Terrorism Financing Act 2001 in Malaysia ("AMLA"). All institution that provides financial related services is required to comply with AMLA. Section 16.3 of the Malaysia Central Bank Policy Document2 provides as follows:
Reporting institutions shall have internal policies and procedures in place to mitigate the risks when relying on third parties, including those from jurisdictions that have been identified as having strategic AML/CFT deficiencies that pose ML/TF risks to the international financial system.
(2) Anti-Bribery and Corruption Policy
Section 17A of the Malaysian Anti-Corruption Commission Act (Amendment) Act 2018 ("MACC") introduced the corporate liability on corruption. Commercial organizations commit an offence if the person associated with the commercial organization involved in corruption with the intent to procure business or retain advantage in the conduct of business for the commercial organization.
The only defence available for companies is to prove that the commercial organization had in place the adequate procedures to prevent persons associated with the commercial organization from undertaking such conduct.3
The guidelines issued by the authority has suggested that one of the measures to be taken to ensure adequate procedures within companies is to implement the anti-corruption policies and procedures as the guidelines for employees to prevent the corruption activities.4
One of the requirements of collecting and processing personal data in Malaysia is giving notice and obtaining consent from the data subject.5 The notice given must consist of how the personal data will be processed, the purpose of collection, rights of access by data user and others.
(4) Whistle blower Policy
In Malaysia, whistle-blowers are protected under the Whistle blower Protection Act 2010. Whistleblowing is highly encouraged in both public and private sectors as it is in line with the good corporate governance practice.
Although the law is silent on the requirements on internal whistleblowing policy and procedures within private companies, having it will be beneficial as the proper mechanism to detect any misconduct, or illegal activities within the corporation. Further, the policies and procedures will encourage employees to whistleblow by knowing that they are protected under the policy and under the law.
Further, the MCCG has also provided the practices to be adopted especially by the listed / public companies including establishing policies and procedures on whistleblowing.6 While the practices under MCCG are aimed for public companies, non-listed or private companies are also encouraged to apply the practices under the code to achieve good corporate governance.7
Having the appropriate Compliance Framework will support the corporate governance practice. The mechanism established under the Compliance Framework will define the stakeholders' roles and responsibilities, accountability, transparency, integrity and ethical behaviour.
Adequate and updated policies and procedures are vital to address the concerns or issues arising from day-to-day operation of business. Not only it ensures the laws and regulations are being complied with, it also helps the decision-making process being guided, the potential risks are managed, and that the internal processes are streamlined.
It is imperative to note that development of policies and procedures within the company shall only constitute as one of many other components in the Compliance Framework. Other components may include the awareness programmes, enforcement on non-compliance as well as training and education.
1. An example of policy to be established is provided under Practice No. 3.1 of the Malaysia Code of Corporate Governance by Securities Commission
2. Malaysia Central Bank Policy Document means the Policy Document for Anti-Money Laundering, Countering Financing of Terrorism and Targeted Financial Sanctions for Designated Non-Financial Businesses and Professions (DNFBPs) & Non-Bank Financial Institutions (NBFIs) (AML/CFT and TFS for DNFBPs and NBFIs)
3. Sub-section 17A (4) of the MACC (Amendment) Act 2018
4. Guidelines on Adequate Procedures pursuant to sub-section 17A (5) of the MACC (Amendment) Act 2018
5. Section 7 of Personal Data Protection Act 2010
6. Practice No. 3.2, Malaysia Code of Corporate Governance by Securities Commission
7. Practice No. 2.8, Malaysia Code of Corporate Governance by Securities Commission
Originally published February 2022
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.