When it comes to embezzlement, the law is unequivocal - any transfer of company funds to a personal account or personal investment without prior approval from the Board of Directors and without legitimate business justification constitutes embezzlement.
In the construction industry, where financial flows are complex and high-value, strict governance and financial controls must be enforced:
1. Project Legitimacy : The project must be legitimate and verifiable, supported by formal contracts, defined scope of works, deliverables, and Client approvals,
2. Corporate Fund Custody : Project funding must be maintained strictly in the company’s official bank accounts and not in personal accounts, proxy entities, shelf companies, or nominee structures,
3. Transaction Transparency : All financial transactions must be transparent, traceable, and supported by proper documentation, with segregation of duties between approval, execution, and reconciliation,
4. Progress Payment Alignment : Construction progress reports must be prepared and independently verified, ensuring financial disbursements align with physical progress on site.
5. Contractual Payment Controls : Payments to contractors, subcontractors, and suppliers must be properly certified, contractually justified, and supported by invoices, certifications, and approved variations.
6. Payroll, Taxation, and Statutory Compliance
All salaries, consultant retaining fees, and payments to staff whether ad hoc, contract-based, or permanent must be clearly documented, including offer/appointment letters, periodical performance assessments, salary slips, payroll approvals, statutory contributions (EPF, SOCSO, EIS), and taxation records.
Additionally, the company must comply with statutory fiscal obligations, including:
Sales and Service Tax (SST) registration once turnover exceeds:
RM500,000 per annum for Services Tax (e.g., professional, consultancy, engineering services), and
RM500,000 or RM1.5 million depending on goods category for Sales Tax under the Sales Tax Act 2018.
Timely payment of company income tax under the Income Tax Act 1967. Mandatory employer EPF contributions under the Employees Provident Fund Act 1991.
Failure to remit statutory dues constitutes a compliance breach and may trigger regulatory enforcement and forensic investigations.
7. Auditability
All transactions must be subject to internal and external audits, with supporting records retained for regulatory, forensic, and governance review.
8. Board Oversight
Board resolutions and management approvals must be documented, particularly for significant expenditures, related-party transactions, investments, and fund transfers.
9. Anti-Bribery, Conflict of Interest and Related-Party Transparency
Compliance with Anti-Bribery and Corruption frameworks (e.g., ISO 37001 / ABMS) must be enforced, supported by:
ABMS Oath/Integrity Pact,
Statements of Conflict of Interest and Partiality w/a
Related Party Transaction declarations
This is critical where:
Board members who hold external directorships, management roles, or advisory positions in other entities that could reasonably be perceived to compromise their independence or objectivity.
The company hires siblings, relatives, or close associates, or
Board members are related to one another.
All such relationships and potential conflicts must be declared, documented, and transparently disclosed.
10.1 Financial Integrity and Corporate Governance
The Board of Directors shall ensure that all company funds are used strictly for legitimate business purposes and that no funds are diverted for personal use or unauthorised investments.
The Company shall implement and maintain controls to ensure:
segregation of duties in financial approvals and payments,
transparency and traceability of all transactions,
statutory compliance with taxation, payroll, and SST obligations,
declaration and management of conflicts of interest and related-party relationships,
independent audit and record retention and
compliance with Anti-Bribery and Corruption Management Systems (ABMS).
Any breach shall be treated as misconduct and may be subject to disciplinary action, civil liability, and criminal prosecution.
10. IPO and Capital Market Compliance
Should the company intend to go public, it must fully comply with all regulatory requirements with complete transparency; not limited to the following; including:
Preparation of a prospectus,
Fair and defensible share pricing methodology,
Appointment of licensed fund/investment managers, advisers, and underwriters,
Compliance with securities and capital market regulations,
Full disclosure of financials, governance structures, and risk factors
11. Statutory and Regulatory References (Malaysia)
This governance framework aligns with; not limited to the following; laws and regulations:
Companies Act 2016 (Act 777),
Malaysian Anti-Corruption Commission Act 2009 (MACC Act),
Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLATPUA),
Capital Markets and Services Act 2007 (CMSA),
Securities Commission Malaysia Act 1993 (SCMA)
Income Tax Act 1967
Sales Tax Act 2018 & Service Tax Act 2018
Employees Provident Fund Act 1991
Any other relevant regulations
FORENSIC RED-FLAG FRAMEWORK (CONSTRUCTION INDUSTRY)
Financial Red Flags
a. Payments made to personal or proxy accounts
b. Projects funded via shelf companies or nominee entities
c) Large cash withdrawals or round-sum transfers
d) Invoices without supporting site progress
e) Variations approved without Board or Client approval
Payroll and Tax Red Flags
a) “Ghost employees” or consultants without contracts
b) No EPF/SOCSO/EIS remittance despite payroll expenses
c) Failure to register for SST despite exceeding thresholds
d) Underreported revenue to avoid taxation
Governance Red Flags
a) Board members related or holding undisclosed external roles,
b) Related-party contracts without declaration
c) Board approvals done retrospectively
d) No ABMS declarations or COI statements
Project Execution Red Flags
a) Payments exceeding certified progress,
b) Undocumented Variation Orders,
c) Backdated certificates,
d) Subcontractors owned by insiders and
e) Repeated cost overruns without justification
IPO/Capital Market Red Flags
a) Inflated project pipeline for valuation,
b) Undisclosed liabilities or contingent claims,
c) Non-independent valuation or share pricing, and
d) Unlicensed fund managers or advisors
Corporate governance failures are rarely accidental. They are often systemic, deliberate, and traceable. Robust controls, transparency, and documentation are the first line of defence against embezzlement, corruption, and financial crime.
