By Kueh Joe Jye (Associate) and Lim Lee Ee Jin (Senior Associate 1)

Legal is concerned with aspects of whether one is allowed to do something, whereas compliance tells you whether you should. Compliance generally means to act in accordance with a request or a command, rule or instruction. In the context of legal compliance, it means the process by which an organisation takes steps to ensure that it observes and complies with the external statutory laws and regulations.

Lawyers and compliance

Legal and compliance share a close working relationship due to the overt legal and regulatory content of compliance. In the wake of corporate scandals, increasing numbers of lawyers are now performing quasi-legal roles, which includes among others, compliance officers.2 Compliance officers monitor the activities of a company’s directors, officers and employees to ensure compliance with governing rules and regulations.

Where a lawyer is responsible for compliance or placed in a position of supervising compliance, various conflicts of interest and professional conflict exist because the lawyer may be placed in a position to subordinate the compliance function to legal concerns. As lawyers, we are required to keep in confidence and not reveal information except in limited circumstances.

Further, lawyers are required to act in the best interest of the firm. For instance, companies, namely public-listed companies, are required to maintain records as required by regulators. In the event that the compliance officer uncovers violations that could lead to sanctions or unwanted consequences for the firm there is a real risk that the lawyer as the compliance officer or as the supervisor of the compliance may very well subordinate the firm’s compliance obligations to those of legal considerations.

An effective compliance and ethics programmeme

The Government of Malaysia has always encouraged businesses to develop an effective compliance and ethics programmeme. According to the Federal Sentencing Guidelines published by the U.S Sentencing Commission, there are seven elements that constitute an effective compliance and ethics programme. They are:

(i) Develop standards and procedures - Businesses should develop practical standards and procedures that provide sufficient and effective controls in order to control high risk areas. The organisations needs to identify what and which laws apply to them, as well as the relevant business rules, codes, policies and non-binding requirements.

(ii) Establish the right programme oversight and reporting relationships - It is important that the lawyer responsible for compliance is given sufficient independence to discharge his role.

(iii) Screen personnel - An effective compliance and ethics programme controls the hiring and promotion of personnels to ensure that individuals who have engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics programme” are not put into sensitive positions.

(iv)Train and communicate - In an effective compliance and ethics programme, standards and procedures and other aspects of the programme are communicated to all levels of the organization, including the board, employees, and agents.

(v) Verify compliance and evaluate effectiveness - It is very important for the organisation to verify that the programme is being followed (or not) and evaluate whether it is working. Practical tools that may assist to detect misconduct include monitoring and auditing and having a system where employees and agents can report misconduct or seek advice about potential misconduct without fear of retaliation.

(vi) Consistently promote and enforce the programme - Organisations should promote their compliance and ethics programmes by establishing incentives for employees to comply and discipline for those who do not.

(vii) Appropriately respond to and remediate problems - Organisation must promptly report any offenses to the appropriate authorities especially when management are involved in the offence and reasonable steps needs to be taken to respond to such non-compliance and prevent further similar misconduct and to remedy the harm resulting from the non-compliance.

Trends of compliance in Malaysia

It has been around three years now that the Malaysian Competition Act 2010 (“CA2010”) has come into force. However, a 2012 survey conducted by the Federation of Malaysian Manufacturers found that almost 20% of respondents have not taken any steps to comply with the CA 2010. Another survey conducted by the MyCC reveals that 61.9% of the respondents were of the view that their companies probably took appropriate action to ensure compliance, 27.5% were not sure whether their companies had a compliance programme, while 10.6% did not take any appropriate action.

Under the Anti-Money Laundering and Anti-Terrorism Financing Act 2001(“AMLATFA”), Bank Negara Malaysia (“BNM”) has sought the Bar Council’s assistance to urge law firms to submit an AMLATFA Compliance Report on BNM’s website on a yearly basis. The survey results revealed that there were weaknesses in the law firm’s Anti-Money Laundering and Counter Financing of Terrorism (“AML/CFT”) risk and identification and monitoring process.

BNM has also expressed concerns as to the low percentage of designated AML/CFT compliance officer in the law firm and that 80% of the law firms surveyed did not have such an officer in place.

Given the importance of compliance, it is advisable for Malaysian companies to take the necessary steps to ensure that their businesses are not in breach of any laws or regulations and that the Government of Malaysia must do more in raising awareness in this area to advocate for compliance by all.