Policy

Anti-Bribery and Corruption Policy

1. Purpose
   This Anti-Bribery and Corruption Policy establishes Xmegami Sdn Bhd’s commitment to ethical business conduct and adherence to anti-corruption laws, including Section 17A of the Malaysian Anti-Corruption Commission (MACC) Act 2009. The policy outlines the principles, responsibilities, and processes that form the foundation of our Anti-Bribery Management System (ABMS), ensuring that all employees and business associates conduct their activities with integrity and transparency.
2. Scope
   This policy applies to all employees, directors, officers, agents, resellers, contractors, consultants, and business partners of Xmegami Sdn Bhd, in Malaysia and internationally. Each representative is responsible for upholding the highest standards of integrity, transparency, and accountability in their actions.
3. Policy Statement
   Xmegami Sdn Bhd operates a zero-tolerance policy toward bribery and corruption. We are committed to conducting all business activities ethically and in compliance with legal and regulatory requirements. All forms of bribery, facilitation payments, kickbacks, extortion, or corrupt practices are strictly prohibited.
4. Key ABMS Procedures and Controls
   To support our zero-tolerance stance and ensure compliance with anti-bribery laws, Xmegami Sdn Bhd has established a comprehensive Anti-Bribery Management System (ABMS) that includes rigorous policies, controls, and procedures designed to prevent, detect, and address bribery and corruption risks across all areas of our business operations. These controls provide a structured approach to managing potential risks and fostering an ethical environment where transparency and integrity are core values. The following key procedures and controls form the backbone of our ABMS, guiding employees, directors, and associates in upholding our commitment to ethical conduct.
   4.1 Bribery and Corruption Risk Assessment

   The Bribery and Corruption Risk Assessment procedure for Xmegami Sdn Bhd outlines a structured process to identify, evaluate, and address risks associated with bribery and corruption within the company.

   This process, led by the Anti-Bribery and Corruption Risk Management Committee in collaboration with departmental heads, includes a six-step methodology to systematically assess and prioritize risks:

   1) Risk Identification: All potential bribery and corruption risks are identified, examining where vulnerabilities may exist across company operations.

   2) Probability Assessment: Each risk is evaluated for its likelihood of occurrence using a Probability Scoring Matrix, which assigns a rating based on factors such as historical incidents and ease of perpetration.

   3) Impact Analysis: The potential impact of each risk on financial, legal, customer, and employee aspects is assessed. Impact levels are rated on a scale from insignificant to catastrophic, depending on factors such as financial losses, legal consequences, and reputational effects.

   4) Risk Mapping: Risks are charted on a matrix that cross-references probability and impact, identifying critical risks requiring immediate controls and lower risks that may be managed within existing frameworks.

   5) Risk Categorization: Risks are categorized into low, medium, and high-risk groups. Low-risk activities require no additional mitigation, medium-risk activities may need enhancements, and high-risk activities mandate strict control measures.

   6) Response Actions: Appropriate actions are determined based on residual risks, ensuring the highest risks are prioritized for anti-bribery and corruption measures. Results are used to refine the Anti-Bribery Management System (ABMS), directing improvements where needed.

   The committee reviews and records risk assessment results annually, or more frequently if significant changes occur, ensuring that Xmegami’s anti-bribery controls remain current and effective.

   4.2 Employment Process & Controls

   The Employment Process and Controls procedure at Xmegami Sdn Bhd outlines measures for mitigating bribery and corruption risks throughout the hiring and employment cycle. Key components include:

   1) Due Diligence and Vetting: Prospective employees, especially those with substantial authority or access to sensitive information, undergo a comprehensive vetting process. This includes criminal background checks, financial assessments, and verification of qualifications and previous employment to ensure candidates align with the company’s anti-bribery standards.

   2) Conditions of Employment: Employment contracts embed anti-bribery commitments, requiring employees to adhere to the company’s anti-bribery policy and highlighting potential disciplinary actions for violations. New hires receive an induction on the anti-bribery policy, ensuring they understand compliance expectations.

   3) Conflict of Interest Management: Employees must declare actual or potential conflicts of interest annually, allowing the company to identify and address any situations that might compromise integrity.

   4) Regular Reviews of Incentives: Performance-related incentives are evaluated to prevent any structure that could inadvertently encourage bribery. Emphasis is placed on rewarding ethical conduct.

   5) Ongoing Compliance Checks: Due diligence is also conducted before promotions or transfers to ensure personnel remain compliant with anti-bribery standards. Regular compliance declarations and training reinforce commitment to anti-bribery policies across the workforce.

   6) Non-Retaliation Assurance: Employees are assured of protection from retaliation if they refuse to engage in or report suspected bribery. This supports an open culture where ethical decisions are valued.

   The procedure is reviewed periodically to ensure it remains effective and is adapted to any operational changes or new risks identified.

   4.3 Facilitation and Extortion Controls

   The Facilitation and Extortion Controls procedure at Xmegami Sdn Bhd aims to prevent facilitation payments and mitigate extortion risks in line with the company’s anti-bribery policy. Key elements include:

   1) Prohibition of Facilitation Payments: All employees are prohibited from making facilitation payments to expedite routine processes, and this policy is communicated to vendors, business partners, and relevant authorities.

   2) Exceptions for Imminent Danger: In cases where an employee’s life, limb, or liberty is at risk, extortion payments may be made; however, the incident must be reported immediately for internal review.

   3) Guidance and Training: Employees facing potential demands for facilitation payments receive additional training to equip them with skills to manage such requests without compromising company policies.

   4) Response Protocol: Employees are instructed to question the legitimacy of any demand, seek proof, and consult with superiors before making any payment. In situations involving threats to safety, employees are guided to record details of the incident for further investigation.

   5) Reporting and Investigation: Any extortion payment incident is recorded and reported to department heads and the Compliance Manager. An appointed Investigation Officer investigates the incident and reports findings to senior management. Corrective actions may be implemented, and reimbursement is provided if extortion is deemed genuine.

   6) Documentation and Record-Keeping: Finance personnel accurately record any extortion payment in company accounts without misrepresentation. If required by law, incidents are reported to relevant authorities, and risk assessments are updated to reflect preventive measures.

   7) Procedure Review: The Compliance Manager conducts periodic reviews of this procedure to ensure it remains effective, updating it as necessary in response to operational changes or incidents.

   This structured approach ensures Xmegami Sdn Bhd maintains compliance and proactively mitigates risks associated with facilitation and extortion payments.

   4.4 Financial Controls

   The Financial Controls procedure at Xmegami Sdn Bhd ensures that all company finances are managed properly to minimize bribery and corruption risks. Key elements include:

   Risk Assessment on Financial Controls: The Anti-Bribery and Corruption Risk Management Committee, along with the Head of Finance, conducts an annual assessment of financial controls to identify any potential bribery or corruption risks and proposes enhancements where needed.

   1) Approval Protocols: Transactions with higher bribery and corruption risks require multi-level approvals:

   (i) Small transactions may be approved by department heads, while high-risk or high-value transactions require board approval.

   (ii) All approvals must follow the company’s Authorization and Approval Limits Matrix, ensuring appropriate checks and verifications before any expenditure

   (iii) Segregation of Duties: To prevent unauthorized transactions, the procedure mandates that initiators and approvers of payments be from different departments, with a second signatory required from another department for higher-risk transactions.

   (iv) Supporting Documentation: Each payment must be accompanied by relevant documentation, such as receipts or contracts, to verify the legitimacy of the expenditure.

   2) Cash Control: Cash use is restricted. Only pre-approved petty cash, managed by the Head of HR, is allowed. For unavoidable cash transactions, prior written approval from top management is required, and all cash transactions are closely documented.

   3) Offshore Payments: Offshore transactions are subject to the same financial controls and require close monitoring to ensure compliance with anti-bribery policies.

   4) Accurate Financial Records: Payments are accurately categorized in company accounts, ensuring clarity and preventing accounting misrepresentation. Regular reviews and audits maintain transparency.

   5) Periodic Management Reviews: Regular management meetings review significant financial transactions to ensure adherence to the policy. These meetings include cash flow summaries, supplier selections, and verification of supplier payments after certification of completed work.

   6) Independent Audits: Annual audits by independent auditors are conducted to ensure all financial controls comply with the anti-bribery standards, including periodic changes in audit personnel to maintain objectivity.

   7) Additional Financial Safeguards: Qualified financial personnel are employed, and continuous training is provided to keep them updated on regulatory changes. Detailed policies govern expense reimbursements, vendor payments, and customer creditworthiness.

   The Head of Finance is responsible for regularly reviewing and updating this procedure, ensuring it adapts to changes in operations or emerging risks, thereby strengthening the company’s financial control framework against potential bribery and corruption.

   4.5 Non-Financial Controls

   The Non-Financial Controls procedure at Xmegami Sdn Bhd establishes measures to manage bribery and corruption risks in operational processes that do not directly involve financial transactions. This procedure applies across the company and includes controls for marketing, research and development, administration, purchasing, logistics, and other operational areas. Key components are as follows:

   1) Risk Assessment for Non-Financial Controls: The Anti-Bribery and Corruption Risk Management Committee collaborates with department heads to assess bribery and corruption risks associated with non-financial activities. Based on the assessment results, additional non-financial controls are proposed where necessary. The risk assessment and controls are reviewed annually.

   2) Approval Protocols and Separation of Duties: Non-financial processes or activities carrying a higher bribery and corruption risk must follow these principles:

   (i) At least two individuals are involved in the evaluation and approval process, ensuring separation of duties.

   (ii) Approvals must be granted by personnel of appropriate seniority, with board approval required for high-risk activities.

   (iii) All approvals are conducted following thorough checks and verification of supporting documentation.

   3) Control Processes and Criteria: The procedure links non-financial controls to relevant company processes and criteria, including promotion and advertising, complaints handling, store control, quality control, IT infrastructure, and purchasing. Each area has specific criteria and control measures aligned with the company’s anti-bribery standards.

   4) Documentation and Record-Keeping: All records related to non-financial controls are retained and managed in accordance with internal documentation control standards, ensuring traceability and accountability.

   5) Review and Continuous Improvement: The Compliance Manager is responsible for annually reviewing this procedure’s effectiveness and adapting preventive measures in response to significant operational changes or incidents.

   This structured approach allows Xmegami Sdn Bhd to mitigate bribery and corruption risks associated with non-financial aspects of its operations, ensuring that all activities align with the company’s anti-bribery objectives.

   4.6 Gifts, Entertainment, Hospitality, Travel, Donations, and Sponsorship

   The Gifts, Entertainment, Hospitality, Travel, Donations, and Sponsorship procedure at Xmegami Sdn Bhd outlines the company’s guidelines to prevent bribery and corruption risks associated with non-cash benefits.

   Key points include:

   1) No-Gift Policy: Employees and directors must adhere to a strict “No Gift” policy, informing business associates and other stakeholders about this policy to prevent misunderstandings. Gifts are not to be offered or accepted, regardless of value, if they could be perceived as an attempt to influence decisions.

   2) Criteria for Accepting and Giving Benefits:

   (i) Gifts must meet specific criteria, including being lawful, transparent, and not implying any expectation of reciprocal favors.

   (ii) Certain non-cash benefits, such as customary or commemorative items, may be accepted with appropriate documentation and approval.

   3) Approval and Documentation: Employees must record any gift or hospitality received in the Gift Register and submit it for managerial approval. If accepted, the gift may be donated to charity, retained for display, or shared within the department as deemed appropriate.

   4) Hospitality and Travel:

   (i) Acceptable hospitality is limited to modest meals or accommodations for business purposes. Extravagant or overly frequent hospitality is discouraged, and documentation of hospitality events is required.

   (ii) Entertainment involving government officials or family members of officials is prohibited, emphasizing ethical business interactions.

   5) Donations and Sponsorships:

   (i) All donations or sponsorships must align with company values, legal standards, and must not support political activities. Prior approval is required, and records of donations are meticulously maintained to ensure compliance.

   (ii) The procedure restricts employees from soliciting external donations or sponsorships for company events in their or the company’s name.

   6) Training and Penalties: Employees receive regular training on these guidelines to ensure adherence, with violations subject to disciplinary action.

   This procedure is periodically reviewed by the Compliance Manager to ensure effectiveness and adapt to any operational or legal changes.

   4.7 Reporting and Whistleblowing

   The Reporting & Whistleblowing Procedure at Xmegami Sdn Bhd establishes a secure and confidential process for reporting suspected fraud, bribery, and corruption incidents. Key elements include:

   1) Confidential Reporting Channels: The company offers multiple secure channels for reporting concerns, including anonymous reporting mechanisms. Employees are encouraged to report any suspected incidents of bribery, fraud, or unethical conduct.

   2) Non-Retaliation Policy: The company ensures that employees or whistleblowers who report in good faith are protected from retaliation, discrimination, or disciplinary action, reinforcing a culture of transparency and ethical conduct.

   3) Incident Documentation: All reported incidents are documented in the Whistleblowing Log, which is securely maintained by the Compliance Manager. This log tracks details such as the date, nature of the report, and actions taken, ensuring accountability and traceability.

   4) Investigation Protocol: Upon receiving a report, the Compliance Manager appoints an Investigation Officer to examine the incident. Findings are reported to senior management, and if necessary, to the Board of Directors, ensuring appropriate oversight. The investigation process involves thorough examination, evidence collection, and interviews if required.

   5) Corrective and Preventive Measures: Depending on the investigation outcome, corrective measures are implemented. These actions may include policy revisions, additional training, or disciplinary actions. Preventive measures aim to address any weaknesses identified during the investigation.

   Regular Review and Improvement: The procedure is periodically reviewed to ensure effectiveness and adaptability to any emerging risks or changes in regulations. The Compliance Manager oversees this review, ensuring the procedure aligns with the company’s anti-bribery policies and legal requirements.

   This procedure emphasizes Xmegami’s commitment to integrity, providing a safe framework for employees to report concerns and support the company’s anti-bribery and anti-corruption objectives.

   4.8 Due Diligence for Business Associates

   The Due Diligence & Controls procedure at Xmegami Sdn Bhd is designed to assess and manage bribery and corruption risks associated with business associates. Key elements include:

   1) Purpose and Scope: The procedure applies to all business associates posing more than a low bribery or corruption risk. Its purpose is to ensure that Xmegami only engages with entities committed to anti-bribery principles.

   2) Risk Assessment: Before conducting due diligence, the Anti-Bribery and Corruption Risk Management Committee evaluates potential bribery risks. Due diligence is prioritized for business associates with elevated risk levels, ensuring efforts are focused on higher-risk relationships.

   3) Due Diligence Process: The Purchasing Department performs a comprehensive due diligence assessment on potential associates, which includes:

   (i) Profile and background checks,

   (ii) Financial stability review,

   (iii) Verification of registration with authorities,

   (iv) Assessment of management, experience, reputation, and ethical approach.

   4) Evaluating Due Diligence Findings: Xmegami requires that any identified red flags be addressed and mitigated before entering into contracts. This may involve obtaining written anti-bribery commitments, integrating specific clauses in contracts, or conducting further monitoring. If a business associate is unwilling to commit to anti-bribery measures, Xmegami may terminate or avoid establishing the business relationship.

   5) Inclusion of Anti-Bribery Clauses: Contracts with new or existing associates include clauses for sanctions, termination, and training commitments, ensuring the associates’ alignment with Xmegami’s anti-bribery standards.

   6) Monitoring and Continuous Review: Once a business relationship is established, Xmegami continues to monitor the associate’s activities for compliance. This involves regular checks of payment requests, tracking expenses, and seeking annual certifications of compliance. For longer term contracts, periodic updates to due diligence are required to address evolving risks.

   Procedure Review: The Head of the Purchasing Department reviews this procedure annually or when significant operational changes occur. Spot checks ensure due diligence processes are applied consistently and effectively.

   This approach ensures Xmegami Sdn Bhd maintains relationships with reputable associates and mitigates risks of bribery and corruption in its business partnerships.

   4.9 Disciplinary Actions

   The Disciplinary Procedure at Xmegami Sdn Bhd outlines a structured process for addressing violations of company standards and policies. Key elements include:

   1) Purpose and Scope: The procedure aims to enforce consistent and fair treatment for all employees by applying disciplinary actions for misconduct, performance issues, or violations of company policies. It applies to all employees, including directors, across all levels, both permanent and temporary.

   2) Types of Misconduct:

   (i) Major Misconduct: Includes severe violations like bribery, fraud, harassment, workplace violence, embezzlement, drug abuse, and unauthorized access to inappropriate material on company systems.

   (ii) Minor Misconduct: Covers less severe offenses like habitual tardiness, misuse of company resources, and minor breaches of company policy.

   3) Stages of Disciplinary Action: Disciplinary actions may escalate through the following stages, depending on the severity and frequency of the offense:

   (i) Verbal warning,

   (ii) Corrective actions or counseling,

   (iii) Written reprimand,

   (iv) Final warning,

   (v) Suspension, demotion, or loss of benefits,

   (vi) Termination for severe or repeated violations.

   4) Documentation and Record-Keeping: HR personnel document each stage of the disciplinary process, except verbal warnings, to ensure transparency and maintain records of disciplinary actions, including evidence, testimonies, and employee response.

   5) Non-Retaliation Policy: The company maintains a strict non-retaliation policy to protect employees from any form of retaliation for reporting issues or participating in the disciplinary process. This policy is applied to ensure that disciplinary actions are fair and free from misuse.

   6) Training and Awareness: HR conducts regular training for all employees, ensuring awareness of the procedure and reinforcing understanding of acceptable conduct and the consequences of violations.

   Review and Adaptation: The Head of HR is responsible for periodically reviewing and updating the disciplinary procedure to address any operational changes or significant incidents, ensuring the procedure remains effective and fair.

   This procedure supports Xmegami Sdn Bhd in maintaining a respectful, compliant, and professional workplace while reinforcing its commitment to ethical conduct and accountability.

   4.10 Training and Awareness

   The Training Procedure at Xmegami Sdn Bhd ensures all employees and relevant business associates receive appropriate anti-bribery and corruption training. Key elements include:

   1) Purpose and Scope: This procedure provides training to all employees, directors, and business associates, ensuring they understand their roles, responsibilities, and necessary actions to prevent and report bribery risks. Training applies across all levels, including high-risk business associates.

   2) Training Content: Training covers:

   (i) Bribery and corruption risks pertinent to employees and the company.

   (ii) Detailed understanding of the Anti-Bribery Management System (ABMS) policies and procedures relevant to each role.

   (iii) Preventive actions and reporting mechanisms for potential bribery and corruption.

   3) Training Methods: Training is provided through in-person sessions, online modules, and self-study materials. Key sessions include:

   (i) Annual training for all employees, with refreshers covering policy updates and role changes.

   (ii) Specialized training for directors, top management, and employees with elevated bribery risk exposure.

   (iii) Immediate training for new employees and those in roles with increased bribery risk responsibilities.

   4) Documentation and Record-Keeping: HR maintains records of training content, attendance, and signed declarations from participants to ensure traceability and compliance.

   5) Training for Business Associates: For high-risk associates, the procedure mandates verification of relevant anti-bribery training. Where gaps exist, Xmegami requires associates to undergo either the company’s training or equivalent training by the associate.

   Periodic Review and Improvement: The Head of HR reviews and updates the training procedure annually, incorporating legal and operational changes to keep the training relevant and effective.

   This comprehensive training program strengthens Xmegami Sdn Bhd’s commitment to compliance and integrity, equipping employees and associates to recognize and act against bribery and corruption risks.

   4.11 Communication Plan

   The Communication Plan at Xmegami Sdn Bhd outlines a structured approach to disseminating Anti-Bribery Management System (ABMS) information across all levels of the company and to external stakeholders.

   Key components include:

   1) Purpose and Scope: The Communication Plan ensures that ABMS-related policies, procedures, and expectations are clearly communicated to all relevant parties within and outside the company. The plan covers communication strategies, frequency, responsible personnel, and target audiences to promote consistent understanding and adherence.

   2) Communication Content:

   (i) Anti-Bribery and Corruption Policy: Shared with employees, suppliers, contractors, customers, government agencies, and the public to establish a clear stance against bribery and corruption.

   (ii) No-Gift, No-Facilitation Payment, and Non-Retaliation Policies: Presented to employees and stakeholders, reinforcing Xmegami’s commitment to ethical practices.

   (iii) Conflict of Interest and Compliance Declarations: Required from employees upon hire and periodically, ensuring their commitment to avoiding conflicts and upholding ABMS standards.

   3) Communication Methods:

   (i) Internal Channels: Notice boards, controlled documents, induction sessions, meetings, and the company server.

   (ii) External Channels: Contracts, formal letters, and the company website for information sharing with external parties, including suppliers, contractors, and government bodies.

   4) Responsibility and Roles:

   (i) The Compliance Manager oversees the implementation of the communication plan.

   (ii) HR and Purchasing Personnel are responsible for communicating specific policies and updates to employees, suppliers, and contractors.

   (iii) Department heads ensure regular updates and adherence to the ABMS across their teams.

   Review and Adaptation: The Compliance Manager periodically reviews the communication plan, adapting it to operational changes or significant incidents. This ensures that all preventive measures and updates remain relevant and effective in addressing bribery risks.

   This communication structure promotes a transparent and ethical environment at Xmegami Sdn Bhd, ensuring all parties are informed and committed to the company’s anti-bribery objectives.

   4.12 Internal Audit and Management Review

   To ensure the ongoing effectiveness of the Anti-Bribery Management System (ABMS), Xmegami Sdn Bhd

   conducts regular internal audits and management reviews. These processes verify compliance with antibribery policies and procedures, identify areas for improvement, and ensure alignment with regulatory standards, including Section 17A of the Malaysian Anti-Corruption Commission (MACC) Act 2009.

   Internal Audit Process:

   1) Purpose: The internal audit assesses adherence to the ABMS, identifying any gaps, noncompliances, or areas for enhancement.

   2) Scope: Internal audits cover all departments and processes related to anti-bribery practices, including risk assessments, financial controls, due diligence, reporting, and whistleblowing.

   3) Frequency: Audits are conducted annually or as needed following significant changes in operations or regulations.

   4) Responsibilities: The Compliance Manager oversees the audit process, with trained internal auditors conducting assessments.

   5) Audit Report and Follow-Up: Audit findings are documented, with action plans developed for nonconformities. The Compliance Manager monitors corrective actions to completion.

   Management Review Process:

   1) Purpose: The management review evaluates the ABMS’s effectiveness, addressing audit findings, assessing changes in risks, and reviewing performance in anti-bribery initiatives.

   2) Scope: Reviews include an assessment of bribery risks, updates on regulatory requirements, review of the ABMS policy and procedures, and evaluation of resources needed for the system.

   3) Frequency: Management reviews are held annually or as circumstances require.

   4) Responsibilities: Senior management, including the Compliance Manager, participates in the review, ensuring top-level commitment to ethical practices.

   5) Review Outcome and Actions: Outcomes of the management review guide improvements to the ABMS. Actions taken, such as updates to policies or training needs, are documented and implemented to strengthen the anti-bribery framework.

   These internal audits and management reviews demonstrate Xmegami Sdn Bhd’s commitment to integrity, continuous improvement, and regulatory compliance within its Anti-Bribery Management System.

5. Accountability and Implementation
   This policy is endorsed by Xmegami Sdn Bhd’s Board of Directors and Senior Management and is supported by the company’s procedures, resources, and regular reviews to ensure continuous effectiveness. All employees and business associates are expected to uphold this policy and contribute to a culture of integrity and compliance in all business activities. Non-compliance with this policy will result in appropriate disciplinary actions and may lead to legal consequences.
   This comprehensive policy, supported by Xmegami Sdn Bhd’s ABMS procedures, enables our company to maintain high standards of ethical conduct, align with regulatory requirements, and foster a culture of integrity across all business activities.