Ethics & Compliance

Establish leadership benchmark on being ethical and compliant in our business operations.

Our Approach

We uphold high standards of corporate governance in compliance with national laws, listing requirements of Bursa Malaysia, and as a licensed operator. Our governance framework outlines our corporate values in the Telenor Way, our Codes of Conduct, governing policies and procedures. We extend these ethical values and principles externally in the way we engage and conduct business with our customers, suppliers and business partners.


We strongly oppose corruption in all its forms and are committed to doing business in accordance with the highest ethical standards. We conduct regular training and engagement with employees on our Code of Conduct, reinforce our no gifts policy, and provide independent third party platforms to report cases of misconduct.

An Ethics and Compliance officer oversees the governance of integrity. Reporting to the Head of Legal and Compliance, the Ethics & Compliance officer has direct quarterly reporting to Digi Management, and the Audit and Risk Committee to ensure full independence. An integrity risk assessment is conducted annually by Telenor, which guides workplan for the year.

An Integrity Due Diligence (IDD) is conducted by business managers for all business partners. The IDD serves to measure the level of integrity held by potential business partners. IDD findings are reviewed by the Ethics and Compliance, and the Sourcing and Logistics teams before contracts are awarded.

Following the Integrity and Ethics Survey 2015, we conducted focus group sessions and roadshows with Division leaders and employees to discuss findings and solutions. Key focus areas include managing exposure to corruption, conflict of interest, gifts and business courtesies, and improving trust in the whistle blowing policy. These engagements allowed us to better understand ethical dilemmas faced by our employees, and for them to have more confidence to report compliance incidents and understand management’s expectations of behaving with integrity.

We developed and launched the ‘Say No to Corruption Training’, consisting of an e-learning module and a face-to-face scenario workshop based on ethical dilemmas. The integrity scenario training began with the Digi Management team, and all people managers had the responsibility to engage and train their respective teams once they were trained by their immediate managers. As at 31 December 2016, 86% of Digizens had completed the scenario workshop.

The launch of an independent integrity hotline contributed to the reporting of compliance issues that were more complex, substantive, and led to a 37% year-on-year increase of issues reported. Almost half of the reports were related to business integrity.

We are a member of the Business Integrity Alliance (BIA), a private sector initiative comprising companies committed to doing business with integrity. Through collective action, the BIA allows members to engage relevant government agencies and stakeholders to address corruption affecting the business environment, and at the same time create value in the preservation of business integrity.

Consumer Responsibility

Our goal is to deliver high quality, user friendly, fair, and personalised customer propositions to our customers. We comply with the Communications and Multimedia Consumer Forum General Consumer Code of Conduct and the Internet Access Code, which provides a formal channel for consumers to raise complaints.

As our customer’s favourite partner in digital life, respecting and safe guarding our customers’ privacy is a strong commitment we make in enabling trust in our services. We are committed to keeping our customer’s personal data safe and secure, and be transparent in how we collect and use their data.

We comply with Personal Data Protection Act 2010 and our Privacy Policy Manual. An annual privacy risk assessment is conducted and assessed by Telenor against a performance scorecard. Our systems are ISO 27000 Information Security Management Systems certified to ensure robustness of our processes. Privacy is reported and discussed with management team on a regular basis

In 2016, we rolled out a mandatory e-learning information handling for all employees. The training ensures that all Digizens understand the importance of privacy, and to live the values of safe guarding customers’ data at all times. Over 60 privacy ambassadors from various functions help drive the privacy agenda within their divisions.

Privacy by design ensures that protocols regulating the collection, use and disposal of personal data are built into all our systems and processes before it is rolled out. We tighten privacy governance, compliance and incorporated privacy by design protocol in to all operational activities and business processes. We incorporated the privacy by design protocol to our vendor selection process.

We are committed to analysing customers’ data with their consent to provide them with better value and relevant services. The launch of a new privacy notice ensures we are data network analysis compliant, and help customers understand their rights to the use of their data.

We respect right to privacy and freedom of expression when handling authority requests. The Communications & Multimedia Act 1988 contains legal provisions for us to comply with the regulators and law enforcement agencies to access personal data, historical data in our networks, requests to distribute SMS, conduct lawful intercepts, censor sites, or shut down network. This information is typically used to solve criminal cases, help find missing people, issue warnings in cases of emergency, or prevent serious security threats.

The Authority Request manual sets out internal processes to manage such requests. Legal and human rights impact assessment are conducted on uncommon requests, and detail the appropriate escalation points to Digi Management and Telenor Group.

We conduct risk assessments to ensure we always respect human rights, and conduct training with key personnel to ensure compliance with the manual. We engage with the regulators, authorities and industry to share the principles which drive our internal processes. In 2016, we invited the Telecommunications Industry Dialogue Group to engage regulators and industry on emerging issues on data privacy and rights of users.

Since 2015, Telenor Group has published a biennial transparency report outlining the legal framework and types of requests from authorities for each business unit.

As we drive to be our customers’ favourite partner in digital life, we strive to deliver high quality, user friendly, fair and personalised propositions at all times. Every customer interaction across key channels is rated, and we engage detractors to learn and improve services. Digizens conduct network drive tests, Customer First Day, volunteer to spend time in stores and call centres to have a constant pulse on customer perception of our services.

Our network and technical backend teams take responsibility of customers’ experience by engaging and understanding the challenges of network detractors. Members of the teams volunteer to call detractors to deep dive on issues and attempt to provide resolutions. Information collated from this Network Net Promoter Score (NPS) exercise is then cross-referenced against our network performance KPIs by the network quality team.

Bill disputes was one of the top three detractors raised by customers across the industry. We were the first in the industry to introduce a customer guarantee to resolve a customer’s bill dispute within 24 hours, or they will receive a full waiver on the disputed amount. We have seen a reduction in escalation of cases, a significant drop in repeated calls on billing, and improvement in NPS on billing adjustment.

The MyDigi app was designed as an intuitive self-management of relevant Digi services such as bill payment, services subscription, and account status. Over 75% of the 1.3 million active users log on at least once a month, and is rated consistently as Top 5 app on Google PlayStore Malaysia. The digital Mobile Sales Agent (MSA) app has reduced customers’ average waiting and handling time at stores by 35% and 16% respectively. Average registration time is now only 20 seconds for prepaid and 3 minutes for postpaid.

In 2016, the Malaysian Communications and Multimedia Commission issued compounds of RM720,000 for breaching Mandatory Standards for Quality of Service and Guidelines on Regulations of End-Users of Prepaid Public Cellular Services.

Responsible Supply Chain

We recognise the immense impact on the lives of thousands of employees working directly and further down our supply chain. An estimated 37 jobs are created for every one direct hire at Dig. We aspire to ensure that their workplace is safe, and they have decent working conditions through risk reduction engagement, robust inspections and training.

The Supplier Conduct Principles (SCP) commits suppliers to adhere to the International Labour Organisation Core Labour Standards of freedom of association, rights to collective bargaining, the elimination of discrimination, bonded and child labour, and anti-corruption. The SCP commits suppliers to act in accordance with relevant local laws, take a precautionary approach to environmental challenges, undertake initiatives to promote greater environmental responsibility, and encourage the development and diffusion of environmentally friendly technologies.

In 2016, the SCP was updated to include specific requirements for suppliers to conduct preventive work and implement effective safeguards to prevent corruption, child labour and forced labour, facilitation payments, and clarifying actions towards third parties. It includes a higher protection of freedom of association, the right to collective bargaining in line with the ILO, and requirement to effectively implement an environmental management system.

All suppliers sign the Agreement of Business Conduct (ABC) which legally binds them to the SBC. Compliance to the ABC is reported quarterly to the Board of Directors and Telenor Group Supply Chain.

Majority of our audits are unannounced and our focus is on the safety of workers among critical suppliers working on our network infrastructure. We have a zero tolerance towards unsafe work practices. An ‘Immediate Stop Work Order’ is issued across all contractors’ sites if workers are found working without safety helmets, safety harnesses, or a Working at Height Certification. Contractors are only allowed to resume operations once the required training and mitigation measures have been implemented.

We aspire to uplift and change the health and safety culture of the industry. Our training focuses on building safety awareness, skills, and changes safety culture among partners. We actively engage and collaborate with peers to transform the culture of safety for the industry. In 2017, our training will broaden to include anti-corruption and safe driving.

We completed the rollout of Digi Permit to Work (D’PTW) app to all main contractors and their sub-contractors. This digital location based app has allowed us to strengthen the governance of monitoring the safety of workers at our base stations and technical sites. The app allows our inspection team for the first time to have a real-time overview of when, and where our contractors and sub-contractors are working. This allows efficient deployment of inspectors to respective sites.

We conducted 984 inspections, of which 99% were unannounced. With the use of the D’PTW, we had two more cases of major non-compliance , and a 40% improvement in minor non-compliance compared to last year. We found underage workers working on two sites, which led to one contractor terminated and one suspended for six months. In 2016, we terminated seven sub-contractors and suspended two sub-contractors for failing to meet our safety standards.

We partnered with industry peers to conduct a baseline calibration of health and safety requirements. This baseline allowed development of a common industry safety standard, which was endorsed by five industry CEOs. This common standard will transform the culture of safety in the industry, allow for cost savings, and increase efficiencies for all stakeholders.

We apply the same high level of safety standards to our employees. Our health and safety management systems are OHSAS 18001:2007 certified, and regional health and safety committees roll out safety inspections and health programmes. Having achieved three years of zero lost time injury frequency (LTIF), we recorded our first significant employee injury when an employee suffered an electrical shock at site. Our LTIF was 0.23 per million hours of work.

Safe Use

We are committed to providing mobile connectivity safely to our customers. The scientific evidence on the low risk associated with electromagnetic frequency (EMF) continues to be overshadowed by misunderstanding among general public. We support proactive engagement with stakeholders concerned about this issue and are open in how we ensure our emissions are within the prescribed levels.

In many Malaysian states, state backed companies are responsible for identifying sites and erecting towers. The companies work with local authorities to obtain the required permits and engage local communities. Our transmission equipment adheres to stringent guidelines of the International Commission on Non-Ionizing Radiation Protection (ICNIRP) standards and Technical Working Groups of the 3rd Generation Partnership Project, endorsed by the World Health Organisation. An internal EMF Response Team investigates and addresses any complaints.

We are a founding member and an active participant of an industry-led EMF initiative that engages and respond to concerns raised by communities and local authority. In 2016, together with the Malaysian Technical Standards Board, and MCMC, we performed a series of benchmark assessment on EMF levels at high traffic connection points to ensure EMF radiation were within the regulated limits.