Prevention of Crime in Business Operations Management

Jodi Hizkia Hutagalung and Muhammad Ega Wirasakti

Background

In modern business practice, the risk of criminal conduct does not arise solely from external parties, but may also originate from within the organization itself, or internally. Accordingly, a crime-prevention approach is an essential part of good corporate governance.

In the context of the management of business operations, prevention of crime refers to a set of policies, procedures, and mechanisms designed to prevent the occurrence of criminal acts, whether committed by internal parties of the company (including employees, management, and owners) or by external parties (including business partners, customers, and third parties). Relevant categories of criminal conduct include corruption, fraud, money laundering, cybercrime, intellectual property rights violations, and market manipulation. The prevention of crime in business operations aims to minimize the risk of legal violations that may result in financial losses, reputational harm, and criminal liability for the corporation, its management, and its employees.

Fundamental Principles of Prevention

In the context of preventing criminal offenses in business operations, the following general principles are closely related and should be implemented:

1. Due Diligence

   Every business actor is obligated to conduct its business with an adequate standard of prudence in order to prevent legal violations.

2. Accountability

   The board of directors and management shall be responsible for all policies and operational actions that may give rise to legal risk.

3. Transparency

   Transparency of information is an important instrument for preventing unlawful practices such as fraud, corruption, or the manipulation of reports.

4. Compliance

   The company shall comply with all applicable laws and regulations, including those governing taxation, employment, the environment, and the specific sector in which the business operates.

Legal Framework Governing Prevention of Crime in Business Operations

A comprehensive legal framework governs efforts to prevent criminal conduct in business operations. Various laws and regulations require business actors to take preventive measures against the emergence of criminal risks, among others:

1. Law No. 8 of 2010 concerning the Prevention and Eradication of the Crime of Money Laundering (Anti-Money Laundering Law)

   The Elucidation of Article 93 requires the implementation of an Anti-Money Laundering (AML) Program for Financial Service Providers. Accordingly, implementation of such an AML Program constitutes a fundamental basis for crime prevention in the management of business operations.

2. Law No. 31 of 1999 concerning the Eradication of the Criminal Acts of Corruption, as amended by Law No. 20 of 2001 (Anti-Corruption Law)

   The provisions of this law not only serve as a repressive instrument to punish perpetrators of corruption but also reflect a preventive function in the management of business operations. The provisions of the law, particularly those concerning abuse of authority, state financial loss, and gratification, encourage business actors to implement Good Corporate Governance (GCG), transparency, and internal control systems as measures to prevent crime. Accordingly, Anti-Corruption Law operates both as a deterrent and as a driver of compliance in the management of business operations.

3. Law No. 40 of 2007 concerning Limited Liability Companies (Company Law)

   Company Law constitutes a principal foundation for establishing a system of corporate crime prevention through mechanisms of corporate governance, fiduciary duty, and the accountability of the company’s organs. Company Law regulates the responsibilities of the board of directors, the supervisory function of the board of commissioners, and the principle of transparency, all of which directly contribute to preventing misconduct such as fraud, corruption, and abuse of authority.

   Company Law also adopts the business judgment rule (BJR), which may serve as a defence to protect a company’s directors from legal liability for decisions they have made, notwithstanding that such decisions result in losses to the company, provided that those decisions were made in good faith, for a proper purpose, by proper means, and on a rational basis with due care and prudence.

4. POJK No. 18/POJK.03/2016 concerning the Implementation of Risk Management for Commercial Banks

   This provision governs the implementation of risk management for commercial banks, including compliance risk and legal risk. The risk management principles set out in this POJK constitute a primary basis for minimizing the potential for legal violations in the management of business operations, particularly in banking operations.

5. Law No. 11 of 2008 concerning Electronic Information and Transactions, as amended by Law No. 19 of 2016

   The existence of this law encourages business actors to implement cybersecurity, digital compliance, and technology-based risk management to prevent crimes such as online fraud, data theft, and transaction manipulation.

Strategy on Prevention of Crime in the Management of Business Operations

To prevent criminal offenses, companies need to implement a comprehensive strategy in carrying out preventive measures in the management of business operations, including:

1. Implementation of GCG

   Although Company Law does not explicitly regulate GCG, its principles are implicitly incorporated into it. Proper corporate governance constitutes a fundamental foundation for crime prevention in the management of business operations. The GCG principles commonly reflected in the Company Law and capable of implementation include:

   -  Transparency: disclosure of information to all stakeholders;

   -  Accountability: clarity of functions and accountability of the company’s organs;

   -  Responsibility: compliance with laws and regulations and business ethics;

   -  Independence: professional management free from conflicts of interest; and

   -  Fairness: equitable treatment of all stakeholders.

2. Implementation of BJR

   BJR is a principle that provides legal protection to the Board of Directors in exercising its authority and making corporate decisions. In the application of the BJR, the Board of Directors and the Board of Commissioners cannot be held liable for risks arising from decisions made, provided that the Board of Directors can demonstrate the following:

   -  The loss did not occur as a result of the fault or negligence of the directors;

   -  The decision was made in good faith, with due care, and in the best interest of the company;

   -  There was no conflict of interest in taking such action; and

   -  Preventive measures had been taken to ensure that the loss would not continue.

   To substantiate the proper application of the BJR, the company may undertake the following measures:

   -  Establishing and implementing company standard operating procedures (SOP) to ensure that decisions made by the Board of Directors are taken in good faith, with due care, and in the interest of the company;

   -  Properly documenting the decision-making process, demonstrating that the Board of Directors acted in good faith and was supported by adequate documentation;

   -  Adopting written policies on integrity pacts addressing the absence of conflicts of interest, applicable to both the Board of Directors and the Board of Commissioners, as a form of conscious and active commitment in decision-making; and

   -  Implementing risk management and mitigation measures, including preventive actions to minimize losses when risks begin to materialize, thereby fulfilling the duty of care of the directors.

   If it can be evidenced that such measures have been fulfilled in corporate decision-making, it will protect the directors making the decisions from legal liability (criminal or otherwise) even if those business decisions ultimately result in losses to the company, because such measures constitute a cautionary safeguard for the Board of Directors in applying the BJR.

3. Preparation and Implementation of SOP

   SOP constitutes a primary instrument within the internal control system, functioning as a mechanism for crime prevention within the organization. SOPs help establish standardized processes, accountability, and legal compliance, thereby reducing the likelihood of fraud, abuse of authority, and legal violations. Accordingly, SOP serves as both an early warning system and a preventive control in corporate management, forming an integral part of GCG and the compliance system that supports crime prevention in a systematic manner.

4. Whistleblowing System

   Whistleblowing system is a formal mechanism that enables individuals, whether employees, management, business partners, or third parties, to report suspected violations, ethical misconduct, or criminal acts occurring within an organization in a manner that is secure, protected, and accountable. At a deeper level, a whistleblowing system reflects an organization’s commitment to integrity, accountability, and responsible governance.

   Based on data from the Association of Certified Fraud Examiners (ACFE) in its Report to the Nations 2022, 42% of fraud cases worldwide are initially uncovered through tips or complaints, making whistleblowing the most effective method of fraud detection, significantly surpassing internal audits (16%) and external audits (4%).

   In implementing a whistleblowing system, companies may refer to the international standard ISO 37002:2021 (Whistleblowing Management Systems) as a guideline for establishing, operating, and improving a whistleblowing management system in line with global best practices. These standards cover planning, support, operational processes, performance evaluation, and the continuous improvement of the whistleblowing system.

5. Audit and Periodic Monitoring

   The risk of criminal conduct does not arise solely from within the company but may also originate from business partners. Accordingly, periodic internal and external audits serve as evaluation tools to ensure compliance with the law. Companies are also required to implement adequate audit and due diligence procedures on partners, suppliers, agents, and distributors prior to, during, and on an ongoing basis throughout the course of business relationships, which include:

   a.  Verification of identity and legal status of the business entity;

   b.  Assessment of business track record and reputation;

   c.  Screening against international and domestic sanctions lists (watchlist screening); and

   d.  Assessment of potential conflicts of interest.

6. Risk Management

   Systematic risk identification and mitigation constitute an essential component of crime prevention. Companies are required to conduct criminal risk identification, assessment, and mitigation in a structured and systematic manner. The stages of criminal risk management include:

   a.  Comprehensive risk assessment across all business processes;

   b.  Vulnerability mapping within the business value chain;

   c.  Establishment of preventive controls proportionate to the level of risk; and

   d.  Periodic monitoring and evaluation of the effectiveness of risk mitigation measures. 

Conclusion

Crime prevention in the management of business operations is not merely a legal obligation but a strategic measure to safeguard a company's sustainability and reputation amid increasingly complex criminal risks. Companies that proactively establish effective prevention systems will be better positioned to maintain the trust of stakeholders while ensuring that their operations are conducted in a secure and ethical manner. Accordingly, it is essential for every business actor to understand and implement appropriate and measurable preventive measures in order to ensure compliance with applicable laws and regulations, mitigate potential legal exposure, and uphold the principles of GCG and responsible business conduct.