Whistleblower Policy (Malaysia)
WHISTLEBLOWER POLICY
[Company Name] (SSM No. [Registration Number])
Effective Date: [Effective Date] | Policy Owner: [Policy Owner]
Issued pursuant to the Whistleblower Protection Act 2010 (Act 711) and MACC Act 2009 Adequate Procedures Guidelines
1. PURPOSE
[Company Name] is committed to the highest standards of integrity, transparency, and accountability. This Whistleblower Policy establishes a safe, confidential, and effective mechanism for employees, contractors, agents, and other associated persons to report suspected wrongdoing, in compliance with the Whistleblower Protection Act 2010 (Act 711) and the requirements for adequate procedures under Section 17A(4) of the Malaysian Anti-Corruption Commission Act 2009 (MACC Act 2009, Act 694).
2. REPORTABLE CONDUCT
The following types of suspected misconduct may be reported under this policy:
[Reportable Conduct Types]
This list is not exhaustive. Any suspected serious wrongdoing or breach of applicable Malaysian law or company policy may be reported under this policy.
3. REPORTING CHANNELS
Reports may be submitted through any of the following channels:
Internal Confidential Email: [Internal Email]
Internal Confidential Hotline: [Internal Hotline]
Audit Committee (for reports involving senior management): [Audit Committee Contact]
External Channels: [External Channels]
Anonymous reports accepted: [Anonymity Allowed]. Anonymous reports will be accepted and investigated to the extent possible. Reporters who provide their identity will receive acknowledgement and feedback on investigation outcomes.
4. PROTECTIONS FOR WHISTLEBLOWERS
[Company Name] provides the following protections to persons who make reports in good faith under this policy:
Confidentiality: The identity of the whistleblower will be kept strictly confidential and disclosed only to those directly involved in the investigation, and only to the extent necessary for a proper investigation, consistent with Section 28 of the MACC Act 2009.
Non-Retaliation: No person who makes a good-faith report under this policy will be subject to any detrimental action — including dismissal, demotion, harassment, suspension, reduction of pay, or any other adverse employment consequence — because of the report. Retaliation against a whistleblower is itself a disciplinary offence and may constitute a criminal offence under Section 10 of the Whistleblower Protection Act 2010.
Legal Immunity: Whistleblowers who report to a designated enforcement agency (such as the MACC) are protected under Section 6 of the Whistleblower Protection Act 2010 from civil and criminal liability arising from the disclosure.
5. INVESTIGATION PROCESS
Reports received under this policy are handled by: [Investigation Officer]
Acknowledgement: Within [Acknowledgement Period] of receipt.
Investigation timeline: [Investigation Timeline]
Feedback to reporter: [Feedback To Reporter]
Where the investigation reveals reasonable grounds to suspect a criminal offence, the matter will be referred to the MACC, PDRM, or other relevant authority.
6. FALSE AND MALICIOUS REPORTS
This policy does not protect persons who make knowingly false or malicious reports. Deliberate misuse of this policy to harm individuals is a serious disciplinary offence and may itself be referred to the MACC or relevant authorities.
Audit Committee Chairman / Board Director
________________
Signature
What Is a Whistleblower Policy (Malaysia)?
A Whistleblower Policy in Malaysia documents the organisation's approach and the obligations placed on those it covers.
The Whistleblower Protection Act 2010 (Act 711) provides statutory protections for persons who report improper conduct to an 'enforcement agency' in Malaysia. Under Section 6, a whistleblower who makes a disclosure in good faith to an enforcement agency — such as the MACC, the Royal Malaysia Police (PDRM), the Securities Commission Malaysia, Bank Negara Malaysia, or another designated body — is entitled to immunity from civil and criminal liability arising from the disclosure, and protection against detrimental action by their employer. Detrimental action includes dismissal, demotion, harassment, intimidation, adverse changes to terms of employment, or any other action that causes injury or disadvantage to the whistleblower.
Section 17A(4) of the MACC Act 2009 provides that a commercial organisation may avail itself of the 'adequate procedures' defence against corporate liability for corruption if it has implemented thorough anti-corruption procedures. The MACC's Guidelines on Adequate Procedures (T.R.U.S.T. principles) identify a whistleblowing mechanism as a required component of adequate procedures under the 'Undertaking control measures' principle. A Whistleblower Policy supported by an accessible internal reporting channel — such as a dedicated email, hotline, or online portal — is therefore essential for demonstrating the adequate procedures defence.
For companies listed on Bursa Malaysia, the Malaysian Code on Corporate Governance 2021 (MCCG 2021) Practice 1.9 recommends that the board establish formal and transparent arrangements for maintaining appropriate standards of conduct and ethical behaviour, including a whistleblowing mechanism. The Corporate Governance Guide (4th Edition) published by Bursa Malaysia provides detailed guidance on whistleblower policy best practice for listed companies.
Beyond corporate governance, a Whistleblower Policy supports an organisation's culture of integrity by providing employees with confidence that reports of wrongdoing will be taken seriously, investigated impartially, and protected from retaliation — creating an internal deterrent against misconduct.
The legal framework governing the Whistleblower Policy (Malaysia) in Malaysia draws on several key statutes and regulatory bodies. Under Malaysian law, the Contracts Act 1950 (Act 136) governs contractual obligations. The Companies Act 2016 (Act 777) regulates corporate entities through the Companies Commission of Malaysia (SSM). The Employment Act 1955 (Act 265) and the Department of Labour govern employment matters. The Personal Data Protection Act 2010 (Act 709) and the Personal Data Protection Department protect personal data. The Inland Revenue Board of Malaysia (LHDN) administers tax obligations. The Industrial Court adjudicates employment disputes under the Industrial Relations Act 1967 (Act 177). Parties executing a Whistleblower Policy (Malaysia) in Malaysia should confirm the document reflects current law, including any amendments enacted since the original drafting date. The Companies Act 2016 (Act 777) sets the foundational requirements.
When Do You Need a Whistleblower Policy (Malaysia)?
A Whistleblower Policy is required for Malaysian organisations seeking to establish the adequate procedures defence under Section 17A of the MACC Act 2009 and to comply with corporate governance best practice.
A Whistleblower Policy is required for all companies listed on Bursa Malaysia under MCCG 2021 Practice 1.9 and the Bursa Malaysia Corporate Governance Guide, to establish a formal channel for reporting improper conduct to the board's Audit Committee.
A Whistleblower Policy is needed for any commercial organisation that has engaged high-risk associated persons — including agents operating in high-corruption-risk markets, government-interface contractors, or customs brokers — where the risk of facilitation payment demands or bribery is elevated.
A Whistleblower Policy is required for companies that have adopted an Anti-Bribery Policy under Section 17A of the MACC Act 2009, as the MACC's Guidelines on Adequate Procedures identify a reporting mechanism as a necessary component of adequate procedures.
A Whistleblower Policy is needed for companies operating in regulated sectors — including financial services under Bank Negara Malaysia's oversight, capital markets under the Securities Commission, healthcare under the Ministry of Health, and construction under CIDB — where regulatory compliance obligations require an internal reporting mechanism.
A Whistleblower Policy is required for subsidiaries or joint ventures of multinational companies subject to the UK Bribery Act 2010 or US Foreign Corrupt Practices Act 1977, as the parent company's group compliance programme typically mandates a whistleblowing mechanism across all operations.
Parties in Malaysia should prepare a Whistleblower Policy (Malaysia) proactively rather than waiting for a dispute to arise. Courts interpret agreements based on the written terms rather than oral representations. Under Malaysian law, the Contracts Act 1950 (Act 136) governs contractual obligations. The Companies Act 2016 (Act 777) regulates corporate entities through the Companies Commission of Malaysia (SSM). The Employment Act 1955 (Act 265) and the Department of Labour govern employment matters. The Personal Data Protection Act 2010 (Act 709) and the Personal Data Protection Department protect personal data. The Inland Revenue Board of Malaysia (LHDN) administers tax obligations. The Industrial Court adjudicates employment disputes under the Industrial Relations Act 1967 (Act 177). Where the transaction involves regulated activities, prior approval from the relevant authority may be required before execution.
What to Include in Your Whistleblower Policy (Malaysia)
A thorough Whistleblower Policy for a Malaysian organisation must include the following essential elements.
Scope and Purpose: A statement of the policy's purpose — to provide a safe and confidential channel for reporting suspected wrongdoing — and its scope, covering all employees, contractors, agents, suppliers, and associated persons of the organisation.
Types of Reportable Conduct: A non-exhaustive list of conduct that may be reported under the policy, including bribery and corruption under the MACC Act 2009, financial fraud, false accounting, money laundering contrary to the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA 2001), breaches of the PDPA 2010, workplace safety violations under the Occupational Safety and Health Act 1994 (OSHA 1994), environmental violations, and breaches of the company's own policies.
Reporting Channels: Multiple accessible reporting channels — including a dedicated email address, a confidential telephone hotline, an online reporting portal, and the option to report directly to the Audit Committee or an independent director — to cater for different preferences and levels of concern about internal reporting.
Anonymity Option: The option for whistleblowers to make anonymous reports, with an acknowledgement that anonymous reports may limit the ability to conduct a full investigation if the investigating team cannot seek clarification from the reporter.
Confidentiality Protections: A commitment that the identity of the whistleblower will be kept strictly confidential and disclosed only to those directly involved in the investigation and only to the extent necessary, consistent with Section 28 of the MACC Act 2009.
Non-Retaliation Commitment: An unequivocal commitment that no person who makes a report in good faith will suffer any retaliation, adverse employment action, or detrimental treatment, consistent with the Whistleblower Protection Act 2010. Retaliation against a whistleblower is itself a disciplinary offence.
Investigation Process: An outline of the process for investigating reported concerns — including acknowledgement of receipt, preliminary assessment, formal investigation by the Internal Audit function or Audit Committee, escalation to external authorities (MACC, PDRM) where appropriate, and feedback to the whistleblower on the outcome.
False Reports: A statement that knowingly false or malicious reports are a disciplinary offence, to deter abuse of the reporting mechanism.
Additional compliance elements for a Whistleblower Policy (Malaysia) used in Malaysia include: Under Malaysian law, the Contracts Act 1950 (Act 136) governs contractual obligations. The Companies Act 2016 (Act 777) regulates corporate entities through the Companies Commission of Malaysia (SSM). The Employment Act 1955 (Act 265) and the Department of Labour govern employment matters. The Personal Data Protection Act 2010 (Act 709) and the Personal Data Protection Department protect personal data. The Inland Revenue Board of Malaysia (LHDN) administers tax obligations. The Industrial Court adjudicates employment disputes under the Industrial Relations Act 1967 (Act 177). Forms-legal.com provides this template as a starting point for Malaysia-compliant documentation.
Cite this page
Reference this free template in an article, syllabus, or research note:
Forms Legal. (2026). Whistleblower Policy (Malaysia) (Malaysia) [Legal document template]. Forms Legal. https://forms-legal.com/malaysia/business/policies/whistleblower-policy-malaysia
"Whistleblower Policy (Malaysia) (Malaysia)." Forms Legal, 2026, https://forms-legal.com/malaysia/business/policies/whistleblower-policy-malaysia.
@misc{formslegal-whistleblower-policy-malaysia,
author = {{Forms Legal}},
title = {Whistleblower Policy (Malaysia) (Malaysia)},
year = {2026},
howpublished = {\url{https://forms-legal.com/malaysia/business/policies/whistleblower-policy-malaysia}},
note = {Free legal document template. Based on Companies Act 2016 (Act 777)}
}Also available for these jurisdictions:
Frequently Asked Questions
The Whistleblower Protection Act 2010 (Act 711) provides three categories of protection to employees and others who report improper conduct to an enforcement agency in Malaysia. First, immunity from civil and criminal liability: under Section 6, a whistleblower is protected from any civil claim or criminal prosecution arising out of the disclosure, provided the report is made in good faith and to an enforcement agency. Second, protection from detrimental action: under Section 10, no employer may take detrimental action against a whistleblower — including dismissal, demotion, harassment, suspension, or adverse changes to employment terms — because of the whistleblower's protected disclosure. Detrimental action contrary to Section 10 is a criminal offence punishable by a fine not exceeding RM100,000 or imprisonment up to three years, or both. Third, confidentiality: the identity of the whistleblower is protected under Section 11 from disclosure without the whistleblower's consent. The protections apply to disclosures made to enforcement agencies designated under the Act — which include the MACC, the Royal Malaysia Police, the Securities Commission, Bank Negara Malaysia, and others — but do not automatically extend to internal company reports unless the company's Whistleblower Policy extends equivalent protections.
The Malaysian Anti-Corruption Commission (MACC) operates a public corruption reporting hotline at 1-800-88-6000 (toll-free within Malaysia) and an online reporting portal at www.sprm.gov.my. The MACC hotline accepts reports of corruption, bribery, and related misconduct involving government officials, public servants, politicians, private sector individuals, and commercial organisations. Reports can be made anonymously, though named reports are more actionable. All reports received by the MACC are treated as confidential under Section 28 of the MACC Act 2009, and disclosing the identity of a complainant without authorisation is a criminal offence. The MACC investigates reports and may initiate a formal investigation, conduct surveillance, make arrests, or refer matters for prosecution by the Attorney General's Chambers. A whistleblower who reports to the MACC is protected by the Whistleblower Protection Act 2010 (Act 711), including protection from retaliation by their employer and immunity from civil and criminal liability for the report. A Whistleblower Policy should reference the MACC hotline as an external escalation channel for employees who are uncomfortable with internal reporting or who wish to report misconduct involving senior management.
No. Under Section 10 of the Whistleblower Protection Act 2010 (Act 711), a Malaysian employer is prohibited from taking any detrimental action against an employee who makes a protected disclosure to an enforcement agency. Detrimental action includes dismissal, demotion, suspension, reduction of pay or benefits, harassment, intimidation, negative performance reviews, or any other action causing injury or disadvantage to the employee because of their disclosure. Taking detrimental action against a whistleblower is a criminal offence under Section 10(2), punishable by a fine not exceeding RM100,000 and/or imprisonment up to three years. In addition to criminal liability, a dismissed whistleblower may claim reinstatement and compensation under Section 20 of the Industrial Relations Act 1967 before the Director General of Industrial Relations, as dismissal in retaliation for a protected disclosure would constitute a dismissal without just cause or excuse. The Whistleblower Protection Act 2010 protections apply specifically to disclosures made to designated enforcement agencies — an internal Whistleblower Policy should extend equivalent non-retaliation protections to internal reports to provide comprehensive coverage.
A Whistleblower Policy (Malaysia) does not legally require a lawyer in Malaysia, and individuals and businesses may draft and execute the document independently. The Companies Act 2016 (Act 777) does not mandate legal representation for the creation or signing of this type of document. However, seeking independent legal advice from a qualified Malaysia lawyer is recommended for transactions involving substantial financial value, complex regulatory requirements, or cross-border elements where multiple legal jurisdictions may apply. A lawyer can verify that the document complies with all applicable statutory requirements, identify potential risks specific to the transaction, and confirm that the terms adequately protect the interests of all parties involved. The Federal Court of Malaysia has jurisdiction over disputes arising from this type of document, and Companies Commission of Malaysia (SSM) may impose additional compliance obligations depending on the nature of the underlying transaction. Professional legal review is particularly advisable where the document will be submitted to government agencies or used as evidence in legal proceedings.
A Whistleblower Policy (Malaysia) does not legally require a lawyer in Malaysia, though legal advice is recommended. Under Malaysian law, the Contracts Act 1950 (Act 136) governs agreements. The Companies Commission of Malaysia (SSM) regulates corporate documents under the Companies Act 2016 (Act 777). The Employment Act 1955 and Industrial Court handle employment disputes. The Personal Data Protection Act 2010 (Act 709) imposes data protection obligations. Forms-legal.com provides this template as a starting point — always review with a qualified Malaysian lawyer for significant transactions. Under Malaysia law, Companies Act 2016 (Act 777), parties should seek independent legal advice from a qualified lawyer to confirm compliance with all applicable requirements. Under Malaysian law, the Contracts Act 1950 (Act 136) governs contractual obligations. The Companies Act 2016 (Act 777) regulates corporate entities through the Companies Commission of Malaysia (SSM). Forms-legal.com provides this template as a starting point for Malaysia-compliant documentation.
This template is provided for informational purposes only and does not constitute legal advice. Laws vary by jurisdiction and change over time. Consult a qualified attorney for advice specific to your situation.Full disclaimer
Found an error? Let us knowRelated Documents
You may also find these documents useful:
Anti-Bribery Policy (Malaysia)
A corporate Anti-Bribery and Anti-Corruption (ABAC) Policy for Malaysian companies, compliant with the Malaysian Anti-Corruption Commission Act 2009 (MACC Act) and the Corporate Liability Provision under Section 17A. Includes gifts policy, hospitality guidelines, and facilitation payments prohibition.
Anti-Money Laundering Policy (Malaysia)
A corporate Anti-Money Laundering and Counter-Financing of Terrorism (AML/CFT) Policy for Malaysian companies, aligned with the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA 2001). Covers Customer Due Diligence, transaction monitoring, suspicious transaction reporting to the Financial Intelligence Unit, and record-keeping obligations.
Employee Handbook (Malaysia)
A Malaysia-compliant Employee Handbook template covering company policies, working hours, leave entitlements, code of conduct, disciplinary procedures, and workplace safety under the Employment Act 1955, Industrial Relations Act 1967, and Occupational Safety and Health Act 1994.