Ethics & Compliance

Establish leadership benchmark on being ethical and compliant in our business operations.

Our Approach

We uphold the highest standard of ethical behaviour and integrity in everything we do. Our core principles and ethical standards set the foundation that guides employee conduct and the way we engage with our customers, stakeholders and partners, who share similar beliefs and values of ethical business practices.


We strongly oppose corruption in all its forms and are committed to doing business in accordance with the highest ethical standards. We conduct regular training and engagement with employees on our Code of Conduct, reinforce our no gifts policy, and provide independent third party platforms to report cases of misconduct.

An Ethics and Compliance officer oversees the governance of integrity. Reporting to the Chief Executive Officer, the Ethics & Compliance officer has direct quarterly reporting to Digi Management, and the Audit and Risk Committee to ensure full independence. An integrity risk assessment is conducted annually by Telenor, which guides workplan for the year.

An Integrity Due Diligence (IDD) is conducted by business managers for all business partners. The IDD serves to measure the level of integrity held by potential business partners. IDD findings are reviewed by the Ethics and Compliance, and the Sourcing and Logistics teams before contracts are awarded.

Every employee is guided by the Code of Conduct. The Code of Conduct defines the expected behaviours of a responsible and accountable employee, and underscores the importance of transparency and professionalism in the way we work and conduct business. It is mandatory for all employees to read and acknowledge by signing and resigning the Code of Conduct annually.

In 2017, we introduced a monthly ethics and compliance scenario-based learning, ‘Doing Business the RIGHT Way’, which highlighted real scenarios related to the Code of Conduct as reference to guide employees in handling work related dilemmas. The different situations of possible breach of code of conduct were presented to Digi employees in a simple to understand illustration. It is observed that there has been a slight drop in terms of total number of cases reported in 2017 as compared to the year before.

An internal awareness one-day programme called ‘Our Voice of Integrity’, was organised to build better understanding of ethics and compliance amongst employees nationwide. The activities which were carried out emphasised the purpose of why it is critical that ethical business standards are consistently adhered to and never compromised. We also collected employees’ pledges to uphold the highest level of integrity.

One of the key initiatives undertaken during the year is our participation in the UNICEF Mobile Operator Child Rights Self-Impact Assessment Tool (MO-CRIA) designed to strengthen corporate practices, policies and processes; with the goal of making it possible for children worldwide to safely explore and enjoy the best of what the ICT industry has to offer.

This self-impact assessment tool helped determine the nature of the impact on children and associated risks to them and to the business, and the implications to business for each of these six business functions
  1. Sustainability & Compliance;
  2. Legal;
  3. Human Resources;
  4. Procurement;
  5. Product, Sales & Marketing;
  6. Security and Emergencies.
The tool provided us with a good framework to assess policies, and identify gaps and opportunities to create better business sustainability when it comes to child rights. Digi is the first mobile operator in Asia to complete the UNICEF MO-CRIA process.

A ‘Speak Up’ programme was organised to encourage employees to step forward and voice their concerns or report possible acts of non-compliance via the Ethics and Compliance hotline. During the year, we saw a 30% increase on Ethics and Compliance related issues reported compared to 2016.

We also adopted a new approach for incident handling that includes responding to compliance incidence reports within 48 hours of receiving the report, completing investigations within 30 days and ensuring that implementation of recommendations are followed up within the next 30 days.

Carrying Out Assessments
We carried out a company-wide ethics and compliance risk assessment exercise to identify possible risks and proposed mitigation plans to address them.

Managing Third Party Risks
We implemented a new third party due diligence policy that requires relevant employees to carry out a due diligence assessment on business partners prior to engagement. This is to ensure that Digi’s business relationship with all third parties do not pose unacceptable risks to the company.

We are a member of the Business Integrity Alliance (BIA), a private sector initiative comprising companies committed to doing business with integrity. Through collective action, the BIA allows members to engage relevant government agencies and stakeholders to address corruption affecting the business environment, and at the same time create value in the preservation of business integrity.

Consumer Responsibility

Our purpose is to connect our customers to what matters most to them by becoming the preferred digital provider in the country. In achieving this ambition, we also ensure that we are in compliant to the Communications and Multimedia Consumer Forum General Consumer Code of Conduct and the Internet Access Code, which provides a formal channel for consumers to raise complaints.

Privacy continues to be an integral part of our responsibility to stakeholders, and we are committed to ensuring that all data is collected and processed according to what they are meant for in a secure manner. In line with this, we continue to place stringent processes and security measures in managing information that is entrusted to us, and have taken steps to further strengthen internal controls in all areas of our operations during the year to safeguard the privacy of our customer data.

Strengthening Processes
In 2017, we further tightened our governance process, and improved monitoring compliance in our business processes and technical systems. Adopting a risk based approach, we assessed the adequacy of our privacy notice, data handling procedures and operating systems to ensure compliance to the Personal Data Protection Act 2010 and our Privacy Policy.

Creating Awareness
51 customised training and 68 awareness activities were carried out nationwide in 2017, focusing on employees who deal with personal data on a daily basis in the Contact Center and Retail Stores. Information Handling e-learning continues to be a mandatory training for new employees to understand the importance of safeguarding customer data.

Setting Standards
Digi collaborated with industry peers to prepare the Personal Data Protection Code of Practice 2017 (Code of Practice) for licensees under the Communications and Multimedia Act 1998. This Code of Practice serves as a guide to set effective standards and measures in relation to the processing of a Data Subject’s personal data, and to ensure that the processing of personal data does not infringe customers’ or employees’ rights under the Personal Data Protection Act 2010.

Competition Law
1,365 employees whose job scope exposes them to potential risks have completed a mandatory, ‘Say Yes to Competition’ e-learning. This 3-month programme was important to maintain a business environment that promotes fair and healthy competition.

Trusted Brand
Digi was recognised as one of the top 20 most trusted brands in Malaysia at PWC’s The Building Trust Awards 2017. This is a recognition for our long-term commitment and effort towards responsible and sustainable business, and transparency.

We continue to engage customers across all touchpoints including Digi Stores, Contact Centre, Social Media and Live Chat for feedback, to better understand their challenges or for ideas on how we can improve user experience and offer them what matters most. Employees are encouraged to participate in various initiatives such as network drive tests and mystery shopper exercises to gain first hand feedback on our network performance and products offered.

Focusing on Service Reliability and Quality: The results of the Malaysian Communications and Multimedia Commission (MCMC)’s Network Performance Report 2017 mirrors Digi’s focus on building a network that provides better and more consistent experience. The report outlines a nationwide network performance measurement based on key metrics such as data throughput speeds and network latency (the timing of data transfer on a network), in line with the Mandatory Standards for Quality of Service for Wireless Broadband Access services.

In 2017, Digi met the nationwide Mandatory Standards requirement for both Dropped Call Rate (DCR) and Call Setup Successful Rate (CSSR).

Digitising Customer Care
We saw a 40% reduction in total calls to our customer service for all services. This corresponds to the 28% increase in digital interaction via Digi Live Chat, where customers are able to chat with our customer service consultants in real-time. We have also started using a chatbot over our Live Chat channel which looks to address simple customer queries after office hours.

Embracing Customer First Mindset
We celebrated our annual Customer First Day 2017 with employees nationwide going out to the streets to engage with customers. Customers were introduced to the various digital entertainment services that are available via affordable subscription plans and were also shared tips on how to make internet safer for their families.

Authority Requests
Most countries have laws that require telecom operators to assist the authorities on certain conditions. In Digi, all requests from authorities are processed based on a coherent set of framework outlined in our Authority Requests Manual. Under the Manual, all requests are processed by a committee, who assess according to a set of criteria, including the legal basis and human rights impact of the requests. Each request is assessed on an individual basis, and in the event that requests are assessed to be uncommon, or pose substantial impact to human rights, such request is escalated to management for direction and decision making.

Supply Chain Sustainability

Digi strives for high standards in sustainability and continuous improvement in our operations throughout the supply chain. Our Supplier Conduct Principles (SCP) are based on internationally recognised standards, including requirements on human rights, health and safety, labour rights, the environment and anti-corruption. It is mandatory for all Digi contracting parties to agree and adhere to these principles.

The SCP commits suppliers to act in accordance with relevant local laws, take a precautionary approach to environmental challenges, undertake initiatives to promote greater environmental responsibility, and encourage the development of environmentally friendly technologies.

Partnership and cooperation with suppliers is vital. Our commitment to responsible, fair and safe workplace extends to the over 75,000 individuals estimated to be working in our supply chain. This is aligned to our pledge to reduce inequalities by raising standards and building capacity for our supply chain.

During the year, there was an increase of 38.7% in the number of suppliers signing the Agreement on Responsible Business Conduct (ABC), bringing us to a total of 165 suppliers committing to embrace ethical conduct, best practises in sustainability and environmental responsibility. Compliance to the ABC is reported quarterly to the Board of Directors and to Telenor Group Supply Chain.

Majority of our audits are unannounced and our focus is on the safety of workers among identified suppliers working on our network infrastructure. We have zero tolerance towards unsafe work practices. An ‘Immediate Stop Work Order’ is issued across all contractors’ sites if workers are found working without safety helmets, safety harnesses, or a Working at Height Certification. Contractors are only allowed to resume operations once the required training and mitigation measures have been implemented.

We continue to implement our Digi Permit to Work (D’PTW) app to all main contractors and their sub-contractors. This digital location based app has allowed us to strengthen the governance of monitoring the safety of workers at our base stations and technical sites. The app enables our inspection team to have a real-time overview of when, and where our contractors and sub-contractors are working. This allows efficient deployment of inspectors to respective sites. 

We conducted 898 unannounced inspections and recorded 1% major non-compliance, and a 3% minor non-compliance, which is a 6% improvement compared to last year. There were no cases of underage labour but we terminated 7 sub-contractors for failing to meet our safety standards.

Building Capacity through Training
Multiple workshops amounting to 2,690 man-hours were conducted for capacity building among our contractors and sub-contractors on safety awareness, and proper ways to use equipments. It is our aim that through these workshops, we provide assistance to help our suppliers reduce and minimize all forms of work related risk. Our training also includes building capacity around HSSE and Road safety.

In the workshops that we conducted, we also included the ‘Say No to Corruption’ learning module, and reiterated the obligation to report any breach of our Code of Conduct.

Enchancing Standard through Industry Collaboration
Digi continues to lead the industry in driving the highest standards in health and safety. In 2017, industry players began unannounced joint inspections. We also started implementing joint enforcements on non-compliant contractors and subcontractors, and have terminated or suspended those who failed to meet the agreed safety standards.

Health and Safety

Adopting International Best Practices
Protecting our employees’ health and safety is a key priority of the Digi management team. We strive to provide employees with the best working environment, that allow them to develop their professional and personal skills. The Occupational Health & Safety Management System Certificate (OHSAS 18001:2007) attests to Digi’s compliance to the standards’ requirements and relevant corporate policies, and procedures, as well as best practices. This in turn, will help to control and decrease the risks associated with health and safety within the workplace.

We also expect the same commitment from our suppliers – having high standards of business conduct and undertaking initiatives to implement safe workplace such as providing general HSE trainings to their employees. We are proud to report that we recorded zero lost time injury frequency (LTIF) in 2017. In line with our continuous effort to ensure the health and safety of employees, we also introduced a dedicated hotline number, 29588, for emergency incidences such as fire or health related cases with immediate assistance by trained individuals before emergency medical personnels are available on site. 35 employees have been certified as First Aider volunteers.

We will soon be migrating to the new ISO45001 which provides a framework to improve employee safety, reduce workplace risks and create better, safer working conditions.

Safe Use

We are committed to providing mobile connectivity safely to our customers. The scientific evidence on the low risk associated with electromagnetic frequency (EMF) continues to be overshadowed by misunderstanding among general public. We support proactive engagement with stakeholders concerned about this issue and are open in how we ensure our emissions are within the prescribed levels. 

In many Malaysian states, state backed companies are responsible for identifying sites and erecting towers. The companies work with local authorities to obtain the required permits and engage local communities. Our transmission equipment adheres to stringent guidelines of the International Commission on Non-ionising Radiation Protection (ICNIRP) standards and Technical Working Groups of the 3rd Generation Partnership Project, endorsed by the World Health Organisation. An internal EMF Response Team investigates and addresses any complaints. 

We are a founding member and an active participant of an industry-led EMF initiative that engages and responses to concerns raised by communities and local authority. In 2017, the Telenor Group continues to be supportive of serious research efforts to establish whether there may be any negative health effects of exposure to EMF from mobile phones and infrastructure. The Group released an updated paper that briefly sets out Telenor Group’s position on EMF and health. The report can be downloaded from here.