• CISM outlines 7 CISM Initiatives that CIP signatories need to comply with. The 7 CISM Intiatives are:

    For CIP signatories of CISM, the governing body of each organization should display leadership and commitment in the aspect of corruption prevention management system.

    This can be displayed through implementation of corruption prevention system within the organization. Among the actions that can be taken by the management/ governing body of the organization include developing, establishing and reviewing the Corruption Prevention Policy of the organization.

    Clear code of ethics should be established to show strong anti-corruption commitment to prevent acts of offering, receiving and requesting for bribe which are corruption offences. The code of ethics should also include the core values of the organization, principles, commitment from management and responsibilities. A good code of ethics should state commitment to compliance through enforcement and monitoring by the management.

    Policies of Corruption Prevention states the requirement for the organization to prevent, trace and take action against all corruption issues as well as compliance with the laws concerning corruption prevention.

    The CISM Initiatives highlight 13 anti-corruption policies that must be prepared by the organization. The policies are as follows:

    1. Conflict of Interest Policy (Polisi Percanggahan Kepentingan)

    A policy that states zero tolerance for corruption offences and provides procedures that must be complied by the board of directors, staff and third parties with business connection to the organization. This policy establishes a channel for declaration of interests in business operations and serves as a guideline in conducting business ethically.

    2. Whistleblowing Policy (Polisi Pemberi Maklumat)

    This policy explains the company’s zero tolerance stand against corruption and provides procedures that must be abided by all staff/ third parties if there is suspicion or disciplinary conduct or criminal offences identified/ happened in the organization. This policy provides a channel for all staff/ third parties to lodge any complaints regarding misconduct or malpractice according to the procedures provided under the Policy as well as ensuring the secrecy of the Whistleblower’s identity.

    Whistleblowing Policy Template

    Please refer Whistleblowing Policy Template for reference.

    3. Referral to Authorities (Polisi Rujukan Kepada Pihak Berkuasa)

    This is a comprehensive and clear written statement concerning the responsibility to report to the relevant authorities when there is breach of rules involving any staff/ third parties.

    The policy developed shows commitment by the organization in corruption prevention and should be communicated clearly and accurately to all staff/ third parties.

    Referral to Authorities Template

    Please refer Referral to Authorities Template for reference.

    4. Corporate Social Responsibility, Sponsorships & Donations (Tanggungjawab Korporat, Tajaan dan Derma)

    Corporate Responsibility

    This is a responsibility of the organization where any decisions and initiatives would impact the public, environment through transparency and consistent ethical values. Besides ensuring the company’s growth and development, it would also take into consideration public welfare, stakeholders’ expectations, adherence to the existing laws and international standards.

    The Corporate Social Responsibility project is not merely giving donation to welfare organizations. This is where organizations spend their resources directly for specific projects (as an example, providing building material to schools, etc.) and where the allocations are managed by government agencies or non-governmental organizations.


    This is a form of sponsorship where payment is made by cash or material things by organizations for permission to be associated with a project/ program. Usually, corporate sponsorship requires cooperation between the receiving organization (such as non-profit or non-governmental organizations) and the sponsoring company, where the allocation would be used to fund a project/ program in exchange for recognition (example, promoting the logo or brand jointly with the organization conducting the project/ program).

    As a start, this policy requires the organization to take into consideration the approval mechanism as well as the types of sponsorship allowed.


    Donation made by individuals or organization to non-profit organization, welfare body or a trust. Usually, donation is made in the form of cash, material things, vehicles, securities investment, clothes, assets or services.

    As a start, this policy should state the approval mechanism, amount limit as well as types of donations allowed.

    Organizations should note that direct donation to any political parties or program held by political parties should be separately categorized under this policy.

    Organizations should conduct due diligence before a corporate responsibility/ donation/ sponsorship is made. Monitoring should be done to ensure the risks do not outweigh the benefit. In addition, this measure is vital to ensure the program goes on as planned, the recipient receives the benefits and the organization’s objectives are achieved. It is recommended that the organizations prepare contractual documents to ensure the recipients undertake their required responsibilities.

    5. Facilitation Payments (Bayaran Pemudahcara)

    This term is frequently used for indirect/ unofficial payment made in return for services provided. Payment is made to the individual, group or organization to expedite the operations or functions through certain action/ validation.

    Organizations should prohibit and disallow any facilitation payment in any activity. Payment to third parties to avoid life-threatening incidence is not categorized as facilitation payment and is not part of this policy.

    6. Gift, Entertainment and Hospitality (Hadiah, Keraian dan Hospitaliti)


    Defined as a material thing or services accorded to organizations or individual for formal or informal matters as a sign of appreciation.

    Organizations can use any approach in developing policies on gift depending on the nature of their business, whether it is No-Gift Policy or Gift Management Policy.

    Entertainment/ Hospitality

    Defined as a corporate event or activity organized by the organization involving staff or third parties for the benefit of the organization. Any third parties include customers, potential clients, contractors, other companies or any interested parties that have or had a current, prospective or previous business relationship.

    A thorough and clear policy should serve as a guideline for staff as well as clearly define the purpose of the event/ activity for the organizer as well as recipient/ third party. This policy should highlight the approving authority that is the top official/ responsible officer as well as stresses the need for record keeping with regards to entertainment/ hospitality received.

    Gift, Entertainment and Hospitality Template

    Please refer Gift, Entertainment and Hospitality Template for reference.

    7. Dealing with Third Parties (Berurusan Dengan Pihak Ketiga)

    A third party in this sense is divided into two main categories, namely business associate and officer of a public body as defined in the MACC Act 2009.

    Business associate

    A business associate is an external party who has or plans to have any form of business relations with organizations, such as customers, partner, contractor, sub-contractor, supplier, investor, and others.

    Officer of a public body

    The definition in the MACC Act 2009 refers to any person who is a member, an officer, an employee or a servant of a public body, including members of the administration, a member of Parliament, a member of a State Legislative Assembly, a judge of the High Court, Court of Appeal or Federal Court, and any person receiving any remuneration from public funds, and, where the public body is corporation sole, includes the person who is incorporated as such;

    Policies when dealing with third parties must be developed to prevent corrupt business dealings and inappropriate business practices.

    Dealing with Third Parties Template

    Please refer Dealing with Third Parties Template for reference.

    8. Political Contributions (Sumbangan Politik)

    Political Contributions are contributions made to any political party registered under the Association Act 1966 [Act 355] or any political party registered in the country where business is conducted.

    Organizations must develop policies that clearly state its principles when dealing with political contributions. Among the terms that need to be stated are approval power, complete archive of contribution records as well as reporting on contributions made to stakeholders.

    9. Money Laundering (Pengubahan Wang Haram)

    Refers to the process of making illegally-gained proceeds appear legal. There are three (3) phases in money laundering, which are:

    (i) Placement – Deposit of illegal proceeds physically

    (ii) Layering – Segregating illegal proceeds from their source via transactions that conceal audit tracks and using false/ unknown names

    (iii) Integration – Integrating “cleaned” funds into the economy as normal funds.

    Reporting Institution (Bagi Institusi Pelapor)

    (i) Providing training to employees to raise awareness on anti-money laundering and reporting procedures introduced by the organization

    (ii) Constantly updating/ complying with demands/ resolutions approved by the relevant Enforcement Agency, such as the Central Bank of Malaysia, United Nations Security Council (UNSC) to address terrorist acts.

    (iii) To establish guidelines on accountability, responsibility and internal reporting.

    • Keep records on identification, account openings and transactions for at least 6 years.
    • Keep records of employee training, monitoring on internal compliance, and reporting on suspicious activities.
    • Immediately report suspicious activities through relevant internal channel.

    (iv) Take appropriate measures to verify identity of customers as necessary, the owner of their assets through risk-based methods.

    ((v) To establish a suitable risk management system to determine whether a customer or asset owner is a Politically-Exposed Person (PEP) or family member or close friend to a PEP.

    (vi) To conduct regular checks on the names of new, current and potential customers by checking the database and list provided by the Central Bank of Malaysia and UN Consolidated List. Appropriate measures must be taken for further action if names of customers are found in the database.

    (vii) To continuously monitor customer activity to identify any activity that potentially involves money laundering.

    (viii) To report suspicious activities immediately to Oversight Bodies and relevant Enforcement Agencies.

    (ix) To cooperate with legitimate requests for information by the government or Enforcement Agencies during investigation of money laundering.

    For Non-Reporting Institution (Bagi Bukan Institusi Pelapor)

    (i) Providing training to employees to raise awareness on anti-money laundering.

    10. Procurement (Perolehan)

    Is the process of selecting contractors, consultants, suppliers or sub-contractors to carry out certain contracts, and determining the terms of the contracts to be carried out. There are several types of procurement, such as direct consultation, open/limited tender, quotation or direct purchase.

    The development of this policy is to ensure a procurement process that is fair, transparent and free from corrupt elements. Among the elements to be stated in this policy are the selection process for contractors, consultants, suppliers or sub-contractors to carry out the contract, and determining the terms of the contract. Furthermore, a suitable separation of duties, declaration of interest, free competition and control on corruption must be emphasized.

    11. Appointment of Directors and Recruitment of Employees (Perlantikan Pengarah dan Pengambilan Kakitangan)

    Appointment of Board of Directors (BOD) and recruitment of employees must be based on the set and approved selection criteria. It is important to ensure that no element of corruption or conflict of interest is present in the appointment of BOD and recruitment of employees.

    Issues to be considered when drafting the policy are:

    (i) Compliance with the selection criteria that have been set and approved to ensure that the most qualified and suitable candidate is appointed;

    (ii) The need for adequate background checks to confirm that candidates have never been convicted for a corruption case;

    (iii) Ensuring that the appointed candidate acknowledges the authenticity of documents, declaration of asset and interests; and

    (iv) Keeping record as reference.

    12. Management of Support Letter (Pengurusan Surat Sokongan)

    It is a request for a “special pass” provided by an influential individual or organization to an individual or organization. Requests are generally made via letters, fax, email and others, to support an application or influence a consideration involving individuals/organizations to whom support was given.

    Organizations must develop relevant policies as guidance in managing support letters received from a third party for any business affair.

    13. Declaration of Assets (Pengisytiharan Harta)

    Is a first-time declaration, additional assets, asset disposal and no-change acknowledgement on asset ownership or when required to do so.

    Individuals required to declare asset are members of the Board of Directors (BOD) and employees, including assets owned by husband/wife as well as dependents.

    This policy is important to reflect the commitment of the whole organization in maintaining integrity, openness and transparency. Failure to declare asset may cause disciplinary action to be taken against employees.

    * This policy is not mandatory under the CISM Initiative

    Corruption Risk Management is a management method to identify, improve and streamline the operational and regulatory system of the exercise of an organization’s activities. This approach enables the detection of signs of power abuse, malpractice and risk of corruption to in the early stage and appropriate correction action can be taken through the Corruption Risk Management Plan.

    Risk assessment is carried out to:

    (i) Identify risk of corruption where there is a possibility of the organization’s involvement.

    (ii) Analyze, evaluate and prioritize identified risk of corruption.

    (iii) Evaluate the suitability and effectiveness of the organization’s current controls to overcome identified corruption risks.

    In order to exercise this role, MACC will assist organizations by organizing the Corruption Risk Management Workshop publicly or privately, depending on the organization’s needs. For further information regarding the Corruption Risk Management Workshop, visit the MACC website at https://www.sprm.gov.my

    Awareness and Training

    Organizations must plan and carry out corruption prevention awareness and training initiatives suitable for its employees. This can help overcome corruption issues if drafted based on the results of risk assessment. Corruption prevention awareness campaigns and trainings that match the duties, situation and risk of corruption should be conducted continuously and updated regularly for improvement.

    Besides that, corruption prevention awareness campaigns and trainings must also be conducted for external parties as there might be potential exposure to risk.

    Complete record in the form of documents on awareness programs and trainings conducted must be kept for reference.


    Organizations must plan and set internal as well as external communications for their corruption prevention management system. Among them are:

    (i) What will be communicated;

    (ii) When it will be communicated;

    (iii) To whom it is targeted;

    (iv) How it will be communicated;

    (v) Who will be communicating it;

    (vi) In what language will it be communicated.

    Corruption prevention policies must be communicated to all staff and business partners via internal and external communication channels.

    To establish policies and procedures to monitor, assess, analyze and evaluate the performance and effectiveness of the organization’s corruption prevention management system through a record-keeping mechanism as well as the results from the performance evaluation of the corruption prevention management system.

    The mechanism for reporting activities and corruption prevention issues at the internal (e.g. board of directors’ meeting) and external (website exposure and annual report) levels. This reflects transparency of the organization and boosts confidence of shareholders, stakeholders and the public.

    * This initiative is not mandatory under the CISM Initiatives