Good governance starts with the right policies, and so below are six core corporate governance policies that form a strong foundation for legally compliant and morally ethical operations.
While not mandatory in every case, they are strongly encouraged as best practices and should be tailored to suit your company’s size, industry, and operational needs.
Policy #1: Conflict of Interest
Conflicts of interest often arise when personal and business interests overlap. For example:
- a director approving contracts for a supplier owned by his/her relative
- employee working part-time or steering customers to friends’ businesses
A Conflict of Interest Policy ensures that decisions are made in the company’s best interest by clearly setting expectations for employees, managers, and directors to disclose potential conflicts.
What it typically covers:
- a clear definition of what constitutes a conflict of interest
- disclosure obligations and procedures, when and how to declare a potential conflict
- how management or an assigned team should evaluate and address disclosed conflicts
- record keeping of disclosed conflicts
- consequences of failing to disclose or improperly managing a conflict
Policy #2: Code of Conduct
A Code of Conduct defines what constitutes acceptable and expected behaviour in the workplace. It also provides guidance on issues like workplace harassment, discrimination, use of company resources, and respectful treatment of colleagues and customers.
What it typically covers:
- expected workplace conduct and how to act in the company’s best interests
- clear zero-tolerance stance on harassment, bullying, and discrimination
- guidelines for appropriate use of company property, IT systems, and confidential information
- clear explanation of disciplinary actions that may result from breaching the Code of Conduct
Policy #3: Anti-Bribery & Corruption
Section 17A of the MACC Act specifically holds companies liable if anyone associated with them engages in bribery, even if the company’s directors or management were unaware of it.
An Anti-Bribery & Corruption Policy provides a framework for employees and associated parties to identify and avoid unethical conduct. Beyond internal controls, a well-documented and implemented policy may be one of the key elements of your company’s legal defence under Section 17A.
What it typically covers:
- a clear statement of zero tolerance for all forms of bribery and corruption
- definitions and examples of bribery such as facilitation payments and kickbacks
- rules on gifts, entertainment, and hospitality, such as limits and when approvals are required
- disclosure and reporting procedures, such as how to report suspected bribery confidentially
- consequences for breaches, including disciplinary action, termination, and potential reporting to authorities
Policy #4: Personal Data Protection
Mishandling or failing to safeguard personal data from customers, employees, or other stakeholders can lead to regulatory penalties, lawsuits, loss of customer trust, and reputational damage.
A Personal Data Protection Policy sets out clear rules and procedures for collecting, storing, using, and disclosing personal data and helps your company demonstrate accountability and compliance with privacy laws such as the Malaysia’s Personal Data Protection Act (PDPA).
What it typically covers:
- definition of “personal data” and how it is collected, used, stored, shared, and retained
- employees’ responsibilities in handling personal data
- rights of data subjects, such as access, correction, and withdraw consent
- data security measures and procedures for managing data breaches
- contact details of the designated data protection officer or responsible party
Policy #5: Confidentiality
Employees, directors, and contractors often have access to sensitive company information that, without clear rules, could be inadvertently or intentionally disclosed, potentially harming your company’s competitive position or breaching contracts.
A Confidentiality Policy clearly defines what information is considered confidential, who is responsible for safeguarding it, and how it must be handled in daily operations. It may also outline the consequences of breaches and reminds employees of their ongoing obligation to maintain confidentiality even after leaving the company.
What it typically covers:
- obligations of employees and contractors by clarifying their duty to safeguard information during and after their engagement
- when and how confidential information can be shared
- guidance on how to securely handle, store, and dispose of sensitive information
- disciplinary actions that may result from unauthorised disclosure or misuse
Policy #6: Whistleblowing
A Whistleblower Policy provides a safe, confidential, and protected channel to report suspected wrongdoing such as fraud, bribery, harassment, or other unethical or illegal activities without fear of retaliation.
Encouraging early reporting allows the company to address issues before they escalate and demonstrates its commitment to integrity and accountability.
What it typically covers:
- types of misconduct that should be reported
- how to report concerns (e.g., hotline, email, anonymous portal)
- assurance of confidentiality and protection against retaliation for whistleblowers
- process for investigating reports and taking corrective action
- consequences for false or malicious reports
Strengthen your business with good governance
Good governance starts with clear, well-implemented policies and these six core policies form the foundation of a strong governance framework and fostering an ethical, accountable culture across your organisation.
If you would like guidance on drafting or reviewing these policies for your organisation, we are here to help.
