Ethical & Responsible Business

Our values of being ethical and responsible are deeply embedded in how we do business. We recognise the need to continuously set leadership benchmarks in demonstrating our convictions by upholding these ethical values.

Our Approach

We uphold high standards of corporate governance in compliance with national laws, listing requirements of Bursa Malaysia, and as a licensed operator. Our governance framework outlines our corporate values in the Telenor Way, our Codes of Conduct, governing policies and procedures. We extend these ethical values and principles externally in the way we engage and conduct business with our customers, suppliers and business partners.


We are strongly opposed to corruption in all forms and are committed to doing business in accordance with the highest ethical standards. We conduct regular training and engagement with employees on our Code of Conduct, reinforce our no gifts policy, and provide channels through an independent third party to report cases of misconduct.

An Ethics & Compliance Officer reports directly to the head of Legal and Compliance, with a dotted line to the Board to ensure independence. The Board receives quarterly reports to ensure a robust system is in place. An ethics committee supports the deliberation and investigation of cases.

A risk‐based integrity due diligence (IDD) is conducted as part of our due diligence with prospective joint venture partners, agents and consultants. Partners are assessed on their integrity protocols and systems, so as not to pose corruption and integrity risk.

Signed Code of Conduct
unit : number

Trained in Digi Way of Work
unit : number
In 2015, employees and vendors were surveyed by a subsidiary of Transparency International on Digi’s business ethics and integrity. The findings indicated a high perception of a strong ethical culture, good awareness of integrity guidelines, and a high likelihood to report misconduct. Action plans have been developed for our leadership team to address five areas of concerns raised in the survey findings.

Having rolled out the IDD to our business partners, we extended the process to our suppliers. A list of high risk parameters were identified, and suppliers within those parametres were required to provide information on their integrity protocols and systems. Suppliers found to have integrity systems below our expectations were engaged, and the Supplier Conduct Principles and contractual obligations reinforced.

Consumer Interest

Our goal is to deliver high quality, user friendly, fair, and personalised customer propositions to our customers. As customers move towards digital lifestyle, we need to ensure privacy of their data is secure and utilised responsibly. We comply with the Communications and Multimedia Consumer Forum (CFM) General Consumer Code of Conduct and the Internet Access Code, which provides a formal channel for consumers to raise complaints.

We are dedicated to the professional, secure and respectful handling of personal data. We incorporate privacy in the design of all of our products and services. We endeavor to instill in every Digizen a culture of respecting privacy. We communicate with our vendors and developers to ensure they adhere to high levels of data and personal integrity.

We comply with Personal Data Protection Act 2010 and our Privacy Policy and Manual. An annual privacy risk assessment is conducted and assessed by Telenor against a performance scorecard. Our systems are ISO27000 Information Security Management Systems certified to ensure robustness of our processes. Privacy is reported and discussed with management team on a regular basis.

We respect right to privacy and freedom of expression when handling authority requests. The Communications & Multimedia Act 1988 contains legal provisions for us to comply with the regulators and law enforcement agencies to access personal data, historical data in our networks, requests to distribute SMS, conduct lawful intercepts, censor sites, or shut down network. This information is typically used to solve criminal cases, help find missing people, issue warnings in cases of emergency, or prevent serious security threats.

The Authority Requests Manual sets out internal routines to manage authority requests. Legal and human rights risk assessments are conducted on uncommon requests, and appropriate escalations points to management and Telenor. We conduct risk assessments to ensure we always respect human rights, and conduct training with key personnel to ensure compliance with the manual. We engage with the regulators and authorities to share the principles which drives our internal processes.

Telenor conducts compliance audits to ensure we adhere to the manual. In 2015, Telenor published its first transparency report on authority requests that outlines legal overview and country data.

One of the issues most frequently reported to the Communications and Multimedia Consumer Forum of Malaysia is billing by third party content providers. In 2015, an audit against MCMC’s Mandatory Standard of Mobile Content Services resulted in the suspension of 29 short codes, and termination of four of our third party content providers. We have improved customer’s experience by enhancing their control in enrolment and termination of third party services. We are piloting an enhanced authentication process that will further improve customer experience.

We established ‘Project Digi Easy’ to increase our efforts of making things easy for our customers. We reviewed our customers’ 360˚ experience at every service touch point, and implemented 17 ideas that were important to them. This includes introduction of the MyDigi app, and a reduction average waiting time in our stores among others.
In 2015, the Malaysian Communications and Multimedia Commission issued compounds of RM235,000 for breaching Mandatory Standards for Quality of Service and Guidelines on Regulations of End-Users of Prepaid Public Cellular Services.

Responsible Supply Chain

We recognise the immense impact on the lives of thousands of employees working directly and further down our supply chain. Our high standards, supported by robust inspection and risk reduction engagement, ensure safe and decent work conditions for workers in our supply chain. Our occupational health and safety management systems are certified OHSAS18001:2007

The Supplier Conduct Principles (SCP) commits suppliers to adhere to the ILO Core Labour Standards of freedom of association, rights to collective bargaining, the elimination of discrimination, bonded and child labour, and anti-corruption. The SCP also commits suppliers to act in accordance with relevant local laws, take a precautionary approach to environmental challenges, undertake initiatives to promote greater environmental responsibility, and encourage the development and diffusion of environmentally friendly technologies. All suppliers sign the Agreement of Business Conduct (ABC) which encapsulates the SBC before commencing work with us. Compliance to the ABC is reported quarterly to the Board of Directors and Telenor Group Supply Chain.

Majority of our audits are unannounced and our focus is on the safety of workers among critical suppliers working on our network infrastructure. We have a zero tolerance towards unsafe work practices. An ‘Immediate Stop Work Order’ is issued across all contractors’ sites if workers are found working without safety helmets, safety harnesses, or a Working at Height Certification. Contractors are only allowed to resume operations once the required training and mitigation measures have been implemented.

We aspire to uplift and change the health and safety culture of the industry. We actively engage and collaborate with peers, and build capacity of contractors to adopt a new and safer way of work.

In 2015, we launched the ‘Digi Permit To Work’ mobile app to enable our teams to have an overview of sites under construction, and empowered our main contractors to share the responsibility for health and safety. Sub-contractors use the app to verify that they have the required safety gears and permits before they are allowed to begin work on a site.

With safety officers deployed to our regions, we were able to more than double the number of inspections. We conducted 887 site inspections, of which over 90% were unannounced. Major non-compliance was found in 1% of inspections, while minor non-compliance was found in 16% of inspections, a year-on-year reduction of 16% and 25% respectively. We recorded zero* lost time injury rate among Digizens.

We introduced a safety handbook and further equipped our field force teams with the required safety gear. We conducted 2,500 training hours for contractors and organised our first engagement forum with the management of contractors to share experiences, challenges, and business benefits of a safe working environment. Six contractors were terminated due to noncompliance with our health and safety policy. We regret to report one fatality of a worker from a Tier 3 supplier. Following an investigation, mitigation measures to enhance safety were implemented.

We initiated a meeting with three other mobile operators to explore adoption of common standards and sanctions for contractors in health, safety, security, and environment; and to conduct join inspections. An agreement to develop a common platform for training and certification was established as an initial partnership and will be rolled out in 2016.

Electromagnetic Frequency

We are committed to providing mobile connectivity safely to our customers. The installation of transmission equipment adheres to stringent guidelines of the International Commission on Non-Ionizing Radiation Protection (ICNIRP) standards. An internal EMF Response Team investigates and addresses any complaints.
Industry Collaboration
We support proactive engagement with stakeholders concerned about the issue of health risks posed from electromagnetic frequency. We are a founding member and an active participant of an industry-led electromagnetic frequency (EMF) initiative that engages and respond to concerns raised by communities and local authority.
In 2015, radio frequency tests conducted show emission levels are well within permissible limits of these standards.