Complete Guide to RBA Compliance in Malaysia

Everything you need to know about the Responsible Business Alliance (RBA) Code of Conduct v8.0 — worker welfare, facility standards, audit readiness, and sustainable supply chain compliance in Malaysia for 2025

Updated January 2025 20 min read RBA CoC v8.0 Supply Chain Compliance

Complete Guide Contents

RBA & CoC v8.0 Overview Why Compliance Is Mandatory Consequences of Non-Compliance The Five RBA Pillars Labour Standards Health & Safety Environmental Standards Ethics & Integrity Management Systems Worker Accommodation Audit Process (SMETA/VAP) Compliance check list RBA vs. Local Standards Where RBA Goes Beyond Malaysian Law Accommodation RBA CoC B6 vs. Act 446 Practical Guidance Frequently Asked Questions

RBA & Code of Conduct v8.0 Overview

What Is the RBA?

The Responsible Business Alliance (RBA) — formerly the Electronic Industry Citizenship Coalition (EICC) — is the world's largest industry coalition dedicated to corporate social responsibility in global supply chains. Its member companies include leading multinationals in electronics, retail, automotive, and manufacturing sectors with a combined revenue exceeding USD 7 trillion.

The RBA Code of Conduct (CoC) v8.0 is the current edition of the globally recognised standard that member companies and their suppliers must uphold. In Malaysia — a major hub for electronics manufacturing, semiconductor packaging, and EMS (Electronics Manufacturing Services) — RBA compliance is a contractual and commercial prerequisite for supplying to global brands such as Apple, Dell, HP, Intel, and Amazon.

Administered By

Responsible Business Alliance (RBA), a non-profit industry coalition headquartered in Washington D.C. with global audit programmes managed through EICC-ON and the Validated Audit Process (VAP).

Legal & Commercial Authority

RBA CoC compliance is embedded in supplier contracts and purchase orders. Non-compliance triggers audit failures, corrective action plans, business suspension, and contract termination.

Primary Purpose

Ensure safe, ethical, and environmentally responsible working conditions throughout global electronics and technology supply chains — protecting worker dignity and brand reputation.

The Strategic Importance of RBA Compliance in Malaysia

RBA compliance is not a voluntary aspiration — it is a binding commercial and contractual obligation for any Malaysian facility supplying to RBA member companies. Understanding the drivers of compliance helps facility managers prioritise resources and embed sustainable practices.

Commercial & Contractual Framework

Malaysian suppliers must comply with the RBA CoC as a condition of:

  • Supplier contracts: Customer purchase agreements explicitly require RBA CoC adherence as a contractual term
  • Approved Vendor List (AVL) status: Audit failures result in removal from AVL, halting business immediately
  • New business awards: Brands will not award new contracts to facilities with open Priority Non-Conformances (PNCs)
  • Investor & ESG requirements: Institutional investors screen suppliers using RBA scores as ESG indicators
  • Government procurement: Government-linked companies increasingly adopt RBA-aligned standards

Enforcement Mechanisms

Validated Audit Process (VAP)

Third-party audits conducted by RBA-approved audit firms verify compliance against all five CoC pillars. Results are shared with subscribing customers on the EICC-ON platform.

Customer-Initiated Audits

Brand customers conduct their own Supplier Social Responsibility (SSR) audits or direct RBA VAP audits with short notice periods (48–72 hours for semi-announced audits).

Multi-Stakeholder Scrutiny

NGOs, media, and worker rights organisations investigate and publicly report on supply chain violations, amplifying reputational consequences of non-compliance.

Critical Priority Non-Conformances (PNCs) — Immediate Business Risk

RBA auditors classify the most severe violations as Priority Non-Conformances (PNCs). A single PNC can result in immediate business suspension. Priority issues include:

  • Forced labour — debt bondage, passport confiscation, or involuntary recruitment fees
  • Child labour — workers under the legal working age or under 15 years old
  • Life-threatening safety conditions — blocked emergency exits, inadequate fire suppression
  • Wage theft — systemic underpayment of legally mandated wages or withholding wages
  • Human trafficking — any element of worker trafficking or modern slavery in the supply chain

Business Impact of Non-Compliance

Operational Disruption

  • Immediate suspension from customer AVL
  • Business hold orders impacting production schedules
  • Mandatory corrective action plans with short deadlines
  • Repeat audit costs borne by the facility

Reputational & Financial Damage

  • NGO and media public reports naming the facility
  • Brand customer communication to industry peers
  • Difficulty securing new customer relationships
  • Loss of Export-Oriented Industry (EOI) privileges in Malaysia

Legal & Financial Consequences of Non-Compliance under Act A1648

Under Malaysia’s amended legal framework and global RBA standards, non-conformances are graded by severity. Failure to comply triggers a cascade of escalations, ranging from mandatory corrective actions to the immediate termination of business contracts.

Non-Conformance Classification

Classification Definition Typical Customer Response
Priority Non-Conformance (PNC) A violation posing immediate and serious risk to worker health, safety, welfare, or fundamental rights. Examples include forced labour indicators, child labour, locked or blocked emergency exits, passport retention, or hazardous working conditions. Immediate escalation. Business suspension or shipment hold may occur. Full closure and verification required before reinstatement.
Major Non-Conformance A systemic failure to meet a Code of Conduct requirement, or repeated minor findings demonstrating ineffective management controls. Corrective Action Plan (CAP) required within 30–90 days. Follow-up or verification audit typically conducted to confirm closure.
Minor Non-Conformance An isolated or partial failure to comply with a specific requirement, without evidence of systemic breakdown. CAP submission required. Closure verified during the next scheduled audit cycle.
Observation A potential compliance risk, emerging gap, or improvement opportunity. Not currently a violation but may lead to future non-conformance if unaddressed. Documented for continuous improvement. May escalate to Minor or Major Non-Conformance at subsequent audit if unresolved.

Operational & Reputational Risks

  • Business suspension orders — customer halts purchase orders until PNCs are closed, impacting revenue and production commitments
  • Failed CAP closure — inability to close corrective actions within agreed timelines triggers escalation to executive leadership and may result in contract termination
  • Public disclosure — brand customers publish supply chain audit data; advocacy groups cross-reference this against facility performance records
  • Regulatory intersection — RBA violations often correlate with Malaysian legal breaches under the Employment Act 1955, Occupational Safety & Health Act 1994, or Environmental Quality Act 1974, exposing facilities to parallel government enforcement
  • Recruitment impact — poor audit scores and worker welfare violations damage employer brand among talent pools and recruitment agencies
  • Export licensing risk — MIDA and MDEC-linked incentives may be reviewed if sustained RBA violations become public
1 PNC
Can Suspend All Business
30–90
Days to Close Major NCs
2 Years
VAP Certificate Validity
v8.0
Current CoC Version

The Five Pillars of RBA CoC v8.0

The RBA Code of Conduct is organised into five core pillars, each containing specific standards that Malaysian facilities must implement and demonstrate during audits:

A. Labour

  • Freely chosen employment
  • Young worker protection
  • Working hours (max 60 hrs/week)
  • Wages & benefits
  • Humane treatment
  • Non-discrimination
  • Freedom of association

B. Health & Safety

  • Occupational safety
  • Emergency preparedness
  • Occupational injury/illness
  • Industrial hygiene
  • Physically demanding work
  • Machine safeguarding
  • Dormitory & canteen standards

C. Environment

  • Environmental permits & reporting
  • Pollution prevention
  • Hazardous substances
  • Solid waste
  • Air emissions
    • Energy & water conservation

D. Ethics

  • Business integrity (anti-bribery)
  • No improper advantage
  • Disclosure of information
  • Intellectual property
  • Fair business & competition
  • Responsible sourcing of minerals
  • Privacy protection

E. Management Systems

  • Company commitment
  • Management accountability
  • Legal & customer requirements
  • Risk identification & management
  • Improvement objectives
  • Training
  • Communication
  • Worker feedback & participation
  • Audits & assessments
  • Corrective action process
  • Documentation & records
  • Supplier responsibility

Official RBA Resources

All RBA standards, self-assessment questionnaires (SAQ), and audit tools are available via the official RBA portal: https://www.responsiblebusiness.org

Malaysian facilities should also reference the Department of Labour Peninsular Malaysia (JTKSM), DOSH (Department of Occupational Safety and Health), and DOE (Department of Environment) for applicable local law alignment.

Pillar A: Labour Standards

CoC A Labour is consistently the highest-risk pillar for Malaysian facilities due to the country's large migrant worker population. RBA CoC v8.0 mandates robust protections across the entire employment lifecycle.

A1 — Freely Chosen Employment (Forced Labour Prevention)

Highest Priority — Zero Tolerance

Forced labour in any form is a Priority Non-Conformance resulting in immediate business suspension. Malaysian facilities must ensure:

  • No recruitment fees charged to workers — facilities must verify and if necessary reimburse all fees paid by migrant workers to agencies (aligned with the Employer Pays Principle)
  • No passport or document retention — worker identity documents must be held only at the voluntary, written request of the worker, with immediate return upon request
  • Freedom to resign — workers may terminate employment with reasonable notice; no financial penalty for resignation
  • No debt bondage — loans, advances, or deductions may not be structured to bind workers to continued employment
  • Voluntary overtime — overtime must not be mandatory as a condition of continued employment
  • Migrant worker contracts — contracts issued in the worker's home country language, terms not substituted upon arrival

Malaysia-Specific Risk: Recruitment Fee Reimbursement

The Malaysian Government and major brands now require facilities to verify that migrant workers from source countries (Bangladesh, Indonesia, Nepal, Myanmar, etc.) paid zero recruitment fees. Where fees were paid, facilities must have a documented reimbursement programme. Failure to implement this is classified as a Major or Priority Non-Conformance depending on amount and scope.

A2 — Young Workers

  • No workers under 15 years of age (RBA minimum) or the local legal minimum age, whichever is higher
  • Workers under 18 must not perform hazardous work (night shifts, chemical exposure, heavy machinery)
  • Age verification records maintained for all workers
  • Remediation plan must be in place if underage workers are discovered

A3 — Working Hours

Maximum Hours (CoC v8.0)

  • Regular hours: Max 48 hrs/week
  • With overtime: Max 60 hrs/week
  • At least 1 rest day per 7 days
  • Emergency exceptions only with full worker consent

🇲🇾 Malaysian Legal Alignment

  • Employment Act 1955: Max 48 regular hrs/week
  • Max 104 overtime hrs/month
  • Overtime rate: Min 1.5× regular pay
  • Public holiday pay requirements apply

A4 — Wages & Benefits

  • Wages must meet or exceed the national Minimum Wage (RM1,700/month as of 2024)
  • All legally mandated benefits provided: EPF, SOCSO, EIS contributions
  • Pay slips issued every pay period with full breakdown of deductions
  • Deductions only permitted by law or with written worker consent
  • Workers paid directly (not through labour agents after placement)
  • No deductions for PPE, tools, or facilities that benefit the employer

A5 — Humane Treatment

  • Zero tolerance for physical abuse, threats, harassment, or intimidation
  • Disciplinary procedures documented and applied fairly and consistently
  • Workers must be able to raise grievances without fear of retaliation
  • Documented grievance mechanism accessible to all workers including migrants
  • Anti-harassment policy covering gender-based violence and sexual harassment

A6 — Non-Discrimination

  • Hiring, promotion, and termination based on merit only
  • No discrimination by gender, race, religion, nationality, disability, age, sexual orientation, or union membership
  • Reasonable accommodation for religious practices
  • Pregnancy protection — no termination or demotion due to pregnancy

A7 — Freedom of Association

  • Workers' right to organise and join trade unions respected
  • Where law restricts unions, alternative worker representation must exist
  • Worker-management communication channels documented
  • No anti-union retaliation or interference
CoC B

Pillar B: Health & Safety

Health and safety compliance is verified through physical facility inspection during RBA audits. Malaysian facilities must align with both RBA CoC v8.0 and the Occupational Safety and Health Act 1994 (OSHA 1994).

B1 — Occupational Safety

  • Documented risk assessment (HIRARC)
  • Safety Officer appointed (where required under OSHA 1994)
  • Safety & Health Committee established
  • PPE provided free of charge
  • Machine guarding installed and maintained

B2 — Emergency Preparedness

  • Emergency Response Plan documented
  • Fire drills minimum twice per year
  • Emergency exits marked and unobstructed
  • BOMBA certification current
  • Fire systems serviced regularly
  • Assembly points communicated

B6 — Dormitory & Canteen Standards

RBA CoC v8.0 Section B6 applies to worker accommodation and must be read together with Act 1990 (Act 446). Both frameworks are audited simultaneously in Malaysia.

Dual Compliance Requirement

Facilities providing accommodation must comply with both RBA standards and Act 446 requirements.

Dormitory Requirements

  • Adequate personal space
  • Clean and ventilated sleeping areas
  • Lockable storage provided
  • Emergency exit access
  • Freedom to leave during non-working hours
  • No lockdown restrictions

Canteen Standards

  • Hygienic food preparation
  • Adequate seating capacity
  • Nutritional compliance
  • Fair meal deductions
  • Certified food handlers
  • Regular cleanliness inspections
CoC C

Pillar C: Environmental Standards

Environmental compliance is assessed against RBA CoC v8.0 requirements and applicable Malaysian environmental legislation, primarily administered by the Department of Environment (DOE).

C1 — Permits & Reporting

  • DOE permits obtained and current
  • Scheduled waste compliance (Regulations 2005)
  • Air emission licences (if applicable)
  • Effluent discharge permits
  • Environmental Impact Assessment (EIA) maintained

C2–C5 — Pollution Prevention

  • GHG emissions tracked with reduction targets
  • Hazardous chemicals managed with SDS
  • Waste segregation at source
  • Wastewater treated prior to discharge
  • Air emissions monitored

C6 — Energy & Water Conservation

  • Energy baseline established
  • Water consumption monitored
  • Reduction programmes implemented
  • Renewable energy encouraged (Green Tariff)
  • Energy management aligned with ISO 50001

🇲🇾 Malaysian Legal Alignment

Primary Legislation

  • Environmental Quality Act 1974 (EQA)
  • Scheduled Wastes Regulations 2005

Key Regulations

  • Clean Air Regulations 2014
  • Industrial Effluent Regulations 2009
CoC D

Pillar D: Ethics & Integrity

The Ethics pillar covers governance, anti-corruption, and responsible sourcing obligations applicable to Malaysian facilities and their upstream supply chains.

D1 — Business Integrity (Anti-Bribery)

  • Zero tolerance anti-bribery policy
  • Compliance with MACC Act 2009
  • Code of conduct training for management
  • Gifts & entertainment policy with thresholds
  • Whistleblower protection (Act 711)

D5 — Responsible Minerals Sourcing

  • 3TG conflict minerals due diligence
  • Supply chain mapping to smelter level
  • RMAP alignment
  • Annual reporting to customers

D3 — Disclosure of Information

  • Annual RBA SAQ completion
  • Transparent audit disclosure
  • No falsification of records

D7 — Privacy Protection

  • Compliance with PDPA 2010
  • Biometric data collected with consent
  • No CCTV in dormitories or private spaces
CoC E

Pillar E: Management Systems

Management systems provide the infrastructure for sustainable compliance. Auditors assess whether facilities have systematic processes — not just individual instances of good practice.

E1 — Policy & Leadership Commitment

Formal RBA CoC (or equivalent CSR) policy signed by senior leadership, communicated to workers and suppliers, and displayed in relevant languages.

E2 — Management Accountability

Designated Responsible Business / ESG Manager with authority, budget, and direct reporting to executive leadership. Clear role assignment per pillar.

E3 — Legal & Customer Requirements

Process to track updates to Malaysian laws, regulations, permits, and customer CoC amendments, ensuring operational alignment.

E4 — Risk Management

Annual social and environmental risk assessment across all pillars. Documented risk register with mitigation actions and timelines. Supplier risk assessment for Tier 1 suppliers.

E5 — Objectives & Improvement Plans

Measurable KPIs for each CoC pillar (overtime hours, training rates, waste reduction, etc.). Annual improvement plans reviewed by management.

E6 — Training & Competency

RBA CoC awareness training for all employees at onboarding and annually. Role-specific training for high-risk functions. Training records maintained.

E7 — Worker Feedback & Grievance Mechanism

Anonymous and accessible grievance channels with documented follow-up. Worker engagement surveys conducted periodically.

E8 — Internal Audits & SAQ

Annual RBA Self-Assessment Questionnaire (SAQ) completion. Internal mock audits conducted. Corrective actions tracked to closure.

E9 — Supplier Responsibility

Tier 1 suppliers required to acknowledge compliance with RBA CoC. Annual supplier assessments conducted. High-risk suppliers verified onsite.

E10 — Documentation & Records Control

All CoC-related records retained for minimum 3 years: payroll, working hours, safety incidents, training records, environmental monitoring data, audit reports, and corrective action plans.

Worker Accommodation Standards (RBA CoC B6 & Act 446)

For Malaysian facilities providing worker accommodation — particularly those housing migrant workers — RBA CoC v8.0 Section B6 must be implemented alongside the Employees' Minimum Standards of Housing Act 446. Auditors examine accommodation as a high-priority area.

Facility & Space Standards

Minimum Space Per Worker

  • RBA CoC B6: Adequate personal space (references local law as minimum baseline)
  • Act 446 (Private Rooms): Min 3.6 m² usable sleeping space
  • Act 446 (Dormitories): Min 3.0 m² usable sleeping space
  • Minimum ceiling height: 2.4 m
  • Max 4 workers per private room; max 12 per dormitory

Bedding & Storage

  • Individual bed per worker — no bed sharing
  • Minimum 4-inch mattress, pillow, blanket, and linen per worker
  • Bunk beds: min 0.7 m vertical clearance, safety rails required
  • Individual lockable storage per worker (min 0.35 × 0.35 × 0.9 m)
  • Employer must not retain master keys without worker consent

Sanitation & Hygiene Ratios

Toilet Facilities

  • Maximum 1 toilet per 6 workers (Act 446)
  • Separate male and female facilities
  • Functional flushing systems and ventilation
  • Daily cleaning with documented logs

Shower/Bathroom Facilities

  • Minimum 1 bathroom per 15 workers (Act 446)
  • 24/7 access to potable water
  • Non-slip flooring and proper drainage
  • Hot water provision where climate requires

RBA-Specific Accommodation Obligations

  • Freedom of movement: Workers must be free to leave accommodation during off-hours without permission — any lockdown or curfew is a PNC
  • No surveillance in private areas: CCTV in sleeping areas, bathrooms, or changing rooms is strictly prohibited
  • No fee for accommodation: Accommodation deductions must not exceed actual cost and must never reduce wages below legal minimum
  • Worker voice in accommodation management: A resident committee or feedback mechanism specific to accommodation conditions must exist
  • Emergency evacuation planning: Dormitory-specific evacuation plans in workers' languages, drills conducted regularly
  • Pest control and maintenance: Documented preventive pest management and facility maintenance schedule

RBA Audit Process: VAP & SMETA in Malaysia

Malaysian facilities are assessed through two primary third-party audit frameworks: the RBA Validated Audit Process (VAP) and SMETA (Sedex Members Ethical Trade Audit). Many customers accept either framework.

Audit Timeline Overview

Typical RBA VAP Duration: 1–3 days on-site depending on facility size

  • Pre-audit documentation review: 7–14 days prior
  • Opening meeting with management: Day 1
  • Factory walk-through, dormitory inspection, and records review: Day 1–2
  • Confidential worker interviews: Day 1–2
  • Closing meeting with preliminary findings: Final day
  • Draft report issuance: 5–10 working days post-audit
  • CAP submission deadline: 30 days from final report

Step-by-Step Audit Preparation

  1. Complete Annual RBA Self-Assessment Questionnaire (SAQ)

    Log in to the EICC-ON platform and complete the current SAQ. Share results with customers as requested. Use SAQ gaps to prioritise internal improvement efforts ahead of audit.

  2. Conduct Internal Pre-Audit Mock Assessment

    Use the official RBA Audit Standards document (available at responsiblebusiness.org) to conduct a systematic internal gap analysis across all five CoC pillars. Engage an experienced third-party consultant for objectivity.

  3. Prepare Documentation Package

    Compile all required records: payroll for 12 months, working hours data, training records, safety incident logs, environmental monitoring reports, contractor agreements, dormitory registers, and all government permits and licences.

  4. Brief Management & Worker Representatives

    Conduct pre-audit briefings for all department heads. Ensure workers understand they may be interviewed confidentially and are not required to obtain permission to speak freely with auditors.

  5. Physical Facility Preparation

    Inspect all areas auditors will visit: production floor, dormitory, canteen, chemical storage, first aid stations, fire safety equipment, and welfare areas. Address any visible non-conformances before audit day.

  6. On-Site Audit Execution

    Designate an experienced facility coordinator to accompany auditors. Provide immediate access to all requested documents. Ensure confidential worker interview space is available without supervisor presence.

  7. Corrective Action Plan (CAP) Development

    Upon receipt of draft report, prioritise PNCs for immediate closure. Assign owners, deadlines, and root cause analysis for all findings. Submit CAP through EICC-ON within the customer-specified deadline (typically 30 days).

  8. Verification & Continuous Improvement

    Document evidence of CAP closure (photos, revised records, updated policies). Submit to auditor or customer for verification. Track ongoing KPIs to prevent recurrence and prepare for next audit cycle.

Common Causes of Audit Failure in Malaysia

  • Excessive overtime hours not properly consented to or compensated
  • Migrant worker recruitment fee evidence insufficiently documented
  • Payroll records inconsistent with worker-stated wage amounts
  • Dormitory conditions below minimum standards (overcrowding, sanitation)
  • Blocked or locked emergency exits
  • Missing or expired DOSH, BOMBA, or DOE permits
  • Workers unable to articulate grievance procedures during interviews
  • Contract substitution — Malaysian employment contracts differing from home-country contracts

RBA CoC v8.0 Facility Compliance Checklist

Use this comprehensive checklist to assess your facility’s readiness across all five RBA CoC v8.0 pillars before your next audit. This serves as a practical self-assessment tool to identify gaps and improvement areas.

A. Labour Compliance

  • No employer retention of passports or identity documents
  • Recruitment fee reimbursement process documented and implemented
  • Working hours compliant with RBA limits (max 60 hrs/week with consent)
  • Wages meet or exceed statutory minimum wage
  • Transparent payslips issued each pay cycle
  • Non-discrimination policy implemented and communicated
  • Accessible and confidential grievance mechanism established
  • Freedom of association respected
  • Employment contracts provided in workers’ native language

B. Health & Safety

  • Current HIRARC risk assessments for all processes
  • Appointed Safety Officer and Safety Committee (where required)
  • Documented and regularly tested Emergency Response Plan
  • Valid BOMBA fire certification
  • Clearly marked and unobstructed emergency exits
  • Personal Protective Equipment (PPE) provided free of charge
  • Dormitory inspection records maintained
  • Canteen hygiene and food safety compliance verified
  • Workers free to exit accommodation during non-working hours

C. Environmental Compliance

  • All DOE permits and licences current
  • Scheduled waste documentation properly maintained
  • Greenhouse gas emissions tracked with reduction targets
  • Air and wastewater monitoring records available
  • Chemical Safety Data Sheets (SDS) updated and accessible
  • Energy and water consumption monitored with KPIs

D. Ethics & Integrity

  • Anti-bribery and anti-corruption policy implemented
  • Conflict minerals due diligence documented (where applicable)
  • Annual RBA Self-Assessment Questionnaire completed
  • Compliance with Personal Data Protection Act (PDPA)
  • CCTV not installed in private areas (dormitories, bathrooms)
  • Whistleblower reporting channel established and protected

E. Management Systems

  • Senior leadership-signed RBA CoC policy
  • Designated Responsible Business / ESG Manager
  • Annual social and environmental risk assessment completed
  • CoC performance KPIs monitored and reviewed
  • Annual internal audit conducted
  • Corrective action plans tracked to closure
  • Tier 1 suppliers formally acknowledge compliance
  • Minimum 3-year record retention implemented

Worker Accommodation (B6 & Act 446)

  • Valid Certificate of Accommodation under Act 446
  • Minimum floor space requirements met
  • Individual beds (no sharing)
  • Lockable personal storage provided
  • Adequate toilet and bathroom ratios
  • Workers free to leave accommodation
  • Accommodation deductions reasonable and documented
  • Evacuation plan displayed in workers’ languages

Pre-Audit Preparation Checklist

In the week before your RBA audit, ensure the following:

  • Prepare 12 months of payroll and time records
  • Verify all permits (DOSH, BOMBA, DOE) are valid
  • Brief management on audit process and worker interviews
  • Inform workers of their right to speak confidentially with auditors
  • Inspect dormitories, canteens, and safety equipment
  • Review and prepare corrective action evidence
  • Assign a single audit liaison officer

Key Differences: RBA CoC v8.0 vs. Malaysian Local Standards

Malaysian facilities must navigate two overlapping compliance frameworks simultaneously — the RBA Code of Conduct v8.0 (driven by global brand customers) and Malaysian statutory law (enforced by government authorities). While these frameworks share common goals, they differ significantly in scope, enforceability, and depth of requirements. Where the two conflict, facilities must meet the higher standard.

Core Principle: Always Apply the Stricter Standard

RBA CoC v8.0 explicitly states that where local law and RBA requirements differ, facilities must comply with whichever standard is more protective of workers. In practice, RBA standards routinely exceed Malaysian legal minimums — particularly on forced labour, recruitment fees, working hours documentation, and dormitory freedom of movement.

Side-by-Side Comparison: RBA CoC v8.0 vs. Key Malaysian Laws

Key: RBA Stricter Aligned Complementary
Topic RBA CoC v8.0 Requirement Malaysian Local Standard Practical Implication for Facilities
Labour
Recruitment Fees Zero recruitment fees to be borne by workers (Employer Pays Principle). Facilities must verify and reimburse fees paid in source countries. Employment Act 1955 restricts certain deductions but does not mandate overseas fee reimbursement. RBA is stricter. A documented migrant worker reimbursement programme is required.
Passport / Document Retention Passports may only be held upon voluntary written request, with immediate retrieval rights. Prohibited under the Passports Act 1966 (Section 12). Aligned — RBA audits rigorously. Confirmed retention results in a Priority Non-Conformance (PNC).
Working Hours — Weekly Max Maximum 60 hours per week including overtime, with one rest day in seven. Up to ~74 hours/week in practice (48 regular + 104 OT/month). RBA stricter on weekly cap. Facilities must reduce overtime to meet RBA threshold.
Overtime Consent Overtime must be voluntary. Employers may require reasonable overtime. RBA is stricter. Workers must be able to decline overtime without retaliation.
Minimum Wage Must meet legal minimum and support basic living needs. RM1,700 (Peninsular) / RM1,500 (Sabah, Sarawak, Labuan). Aligned; RBA extends further. Some customers require living wage benchmarking.
Freedom of Association Respect collective bargaining rights; provide alternatives where legally restricted. Trade Unions Act 1959 permits unions with sectoral limits. RBA broader. Alternative worker communication channels required.
Non-Discrimination Covers gender, race, religion, nationality, disability, age, sexual orientation, union membership, political affiliation. Limited coverage under Employment Act 1955. RBA significantly broader. Comprehensive policy required.
Health & Safety
Safety Management System Documented risk assessments, safety committees, systematic H&S management. OSHA 1994 mandates SHOs, Committees, and HIRARC. Broadly aligned. Active implementation required.
Emergency Exit & Fire Safety Exits must remain unobstructed at all times. BOMBA certification required. RBA immediate enforcement. No grace period during audits.
Dormitory Safety Standards Adequate space, ventilation, sanitation, emergency plans, and freedom of movement. Act 446 sets minimum space and sanitation ratios. Complementary. RBA adds qualitative standards beyond Act 446.
Freedom of Movement (Dorm) No curfews or lockdowns during non-working hours. Not explicitly regulated under Act 446. RBA stricter. Remove curfews and restrictions.
Surveillance in Private Areas CCTV prohibited in sleeping areas, bathrooms, changing rooms. PDPA 2010 protects privacy but does not explicitly prohibit CCTV in dorms. RBA stricter. Immediate non-conformance if present.
Environment
Greenhouse Gas Tracking Mandatory GHG tracking and reduction targets. No general legal requirement for most facilities. RBA stricter. Baselining and reporting required.
Permits & Scheduled Waste Valid permits and documented waste manifests. Environmental Quality Act 1974 and Scheduled Wastes Regulations 2005. Aligned. DOE compliance satisfies this pillar.
Ethics
Anti-Bribery & Corruption Formal anti-bribery policy, training, and controls required. MACC Act 2009 (Section 17A) imposes corporate liability. Complementary. Robust compliance programme satisfies both.
Conflict Minerals (3TG) Due diligence to smelter level; annual reporting via CMRT. No local legal equivalent. RBA unique. Supply chain mapping required.
Management Systems
Supplier Responsibility Tier 1 suppliers must acknowledge and comply with RBA or equivalent. No statutory supply chain responsibility requirement. RBA unique. Flow-down compliance required.
Grievance Mechanism Anonymous, multilingual grievance channel with documented follow-up. Complaints may be filed with authorities; no internal system mandated. RBA stricter. Internal reporting system required.
SAQ & Third-Party Audit Annual SAQ; VAP audit every two years. No equivalent requirement. RBA unique. Budget for audits and compliance resources.
Enforcement Mechanism Business enforcement via customer suspension or AVL removal. Fines, closure orders, criminal prosecution (e.g., Act 446 penalties). Different enforcement levers. RBA affects business continuity; Malaysian law affects legal liability.

At a Glance: Where RBA Goes Beyond Malaysian Law

🔴 RBA Significantly Stricter

  • Recruitment fee reimbursement (Employer Pays)
  • Dormitory freedom of movement (no curfews)
  • No CCTV in private/sleeping areas
  • GHG emissions tracking & targets
  • Conflict minerals (3TG) due diligence
  • Supplier CoC flow-down requirement
  • Internal grievance mechanism
  • Voluntary overtime (consent required)
  • 60 hr/week total cap (vs. ~74 hrs under EA)

🟡 Aligned — Both Must Be Met

  • No passport retention (Passports Act 1966)
  • Minimum wage compliance
  • Fire safety & BOMBA certification
  • Scheduled waste management (DOE)
  • HIRARC risk assessments (OSHA)
  • Safety Officer & Committee (OSHA)
  • Anti-bribery controls (MACC Act)
  • Personal data protection (PDPA)
  • Dormitory minimum space (Act 446 + RBA B6)

🟢 Local Law Has No RBA Equivalent

  • Certificate of Accommodation (Act 446) — not required by RBA but required for legal operation
  • JTKSM hostel registration
  • Criminal prosecution & imprisonment for violations
  • BOMBA certification as standalone legal obligation
  • EPF, SOCSO, EIS statutory contributions
  • Foreign worker quota approvals (Immigration Dept)

Deep Dive: Worker Accommodation — RBA CoC B6 vs. Act 446

Accommodation is the area where dual-framework compliance creates the most complexity for Malaysian facilities. The table below maps each requirement side by side.

Requirement RBA CoC v8.0 (Section B6 – Dormitory & Housing) Act 446 (JTKSM Standard) Applicable Standard
Minimum Floor Space Requires adequate personal living space, referencing local legal standards as the minimum baseline. 3.6 m² per worker (private room); 3.0 m² per worker (dormitory). Act 446 — more specific
Maximum Occupancy per Room No fixed numeric cap; space adequacy and safety considerations apply. Maximum 4 persons (private room); maximum 12 persons (dormitory). Act 446 — more specific
Individual Beds Each worker must be provided an individual bed. Bed sharing constitutes a non-conformance. Individual bed provision required; bed sharing prohibited. Both — identical requirement
Lockable Personal Storage Lockable storage must be provided. Employer access without worker consent is prohibited. Minimum locker size: 0.35m × 0.35m × 0.9m per worker. Both — RBA adds employer access restriction
Toilet Ratio Adequate sanitary facilities, referencing local legal standards. Maximum ratio: 1 toilet per 6 workers. Act 446 — more specific
Bathroom / Shower Ratio Adequate bathing facilities, referencing local law. Minimum ratio: 1 bathroom per 15 workers. Act 446 — more specific
Freedom of Movement Workers must be free to enter and exit the accommodation during non-working hours. Curfews or movement restrictions are classified as Priority Non-Conformance (PNC). No explicit requirement addressing curfews or movement restrictions. RBA only — must implement
Surveillance (CCTV) CCTV strictly prohibited in sleeping areas, toilets, or private living spaces. No explicit provision regarding CCTV placement. RBA only — must implement
Accommodation Deductions Deductions must not reduce wages below legal minimum and must reflect actual cost only. Deductions regulated under the Employment Act 1955. Both — apply stricter interpretation
Worker Representation in Hostel Management Resident committee or structured feedback mechanism required. Not explicitly required. RBA only — must implement
Government Certification Certification not mandated by RBA; however, Act 446 compliance status is reviewed during audits. JTKSM Certificate of Accommodation mandatory for accommodations housing five (5) or more workers. Act 446 — legally required
Evacuation Plan & Fire Drill Emergency evacuation plan required in languages understood by workers; drills must be documented. Required under BOMBA and Uniform Building By-Laws. Both — RBA adds language requirement

Practical Guidance: Running a Dual-Compliant Programme

Common Mistakes Facilities Make

  • ✦ Assuming Act 446 JTKSM certification automatically satisfies RBA B6 — it does not cover freedom of movement or surveillance
  • ✦ Treating Malaysian legal minimum wage as sufficient without checking RBA "basic needs" wage guidance
  • ✦ Applying OSHA documentation as a list list--check exercise rather than demonstrating active safety management
  • ✦ Overlooking supplier and contractor CoC flow-down — no Malaysian law requires this, so it is often missed
  • ✦ Implementing a grievance mechanism in Bahasa Malaysia only, making it inaccessible to migrant workers
  • ✦ Not tracking GHG or energy data because Malaysian law does not yet mandate it — RBA does

Best Practice Approach

  • ✦ Build a single integrated compliance matrix mapping each RBA CoC clause to the applicable Malaysian law and identify where RBA exceeds local requirements
  • ✦ Maintain Act 446 JTKSM certification as the baseline and layer RBA B6 requirements (freedom of movement, no CCTV, worker committee) on top
  • ✦ Conduct bi-annual internal audits against both the RBA audit protocol and JTKSM inspection criteria simultaneously
  • ✦ Translate all worker-facing policies, grievance channels, and dormitory rules into all migrant worker languages present in the facility
  • ✦ Assign one compliance owner for legal (Malaysian law) and one for commercial (RBA/customer) to prevent gaps between the two tracks
  • ✦ Start GHG and energy data tracking now — even without a legal mandate — to demonstrate continuous improvement to brand auditors

Key Takeaway

Act 446 and Malaysian labour law tell you the legal minimum you must meet to operate. RBA CoC v8.0 tells you the commercial standard you must meet to maintain customer relationships. In most areas, RBA sets a higher bar — and the gap between the two is where audit failures most commonly occur for Malaysian facilities.

Preparing for an RBA Audit in Malaysia?

Ensure your organisation is fully aligned with the Responsible Business Alliance (RBA) Code of Conduct. Our specialists provide comprehensive RBA audit readiness support, including gap assessments, risk analysis, documentation review, worker interviews preparation, corrective action planning, and management system strengthening.

Book a confidential consultation today and strengthen your RBA audit performance with structured, practical compliance support.

Get RBA Audit Readiness Support View Compliance Services
FAQ

RBA Code of Conduct (Malaysia)

Key information on RBA compliance requirements, audit cycles, non-conformance classifications, and employer obligations.

RBA Code of Conduct (CoC) compliance is not a statutory requirement under Malaysian law. However, it is a binding contractual obligation for suppliers serving RBA member brands. Non-compliance may result in loss of business rather than direct government penalties. That said, many RBA provisions align with Malaysian legislation such as the Employment Act 1955, OSHA 1994, and Act 446, meaning breaches may also trigger enforcement by local authorities.
RBA Validated Audit Process (VAP) certificates are generally valid for two (2) years. Customers may require annual Self-Assessment Questionnaires (SAQs) and reserve the right to request interim or follow-up audits, particularly after incidents, complaints, or significant operational changes.
A Priority Non-Conformance (PNC) indicates an immediate and serious risk — typically involving forced labour, child labour, or imminent health and safety hazards — and may trigger immediate business suspension. A Major Non-Conformance reflects a significant systemic failure with substantial impact, but it generally allows a defined corrective action period before further consequences apply.
Yes. Under the RBA Employer Pays Principle, facilities must ensure that migrant workers do not bear recruitment-related fees. Where fees were previously paid to agents, a documented reimbursement programme must be implemented. Failure to do so is increasingly classified as a Priority Non-Conformance by major brands.
Yes. RBA CoC v8.0 applies to all workers present at the facility, regardless of employment status. This includes direct employees, contract workers, agency workers, and temporary personnel.
Yes. RBA VAP audit reports are uploaded to the EICC-ON platform and may be shared with multiple subscribing customers. This reduces duplication of audits and helps facilities manage compliance more efficiently when serving several brand clients.
Related Services

Integrated recruitment, accommodation and regulatory advisory services designed to ensure full compliance with Malaysian labour laws and international responsible recruitment standards.

Foreign Worker Management

End-to-end management of foreign workforce deployment, including licensed recruitment, quota application, documentation processing, arrival coordination, and ongoing regulatory compliance under JTKSM requirements.

Learn more

Act 446 Worker Accommodation Compliance

Advisory and compliance support under the Workers’ Minimum Standards of Housing and Amenities Act 1990 (Act 446), including hostel assessment, documentation preparation, and JTKSM approval coordination.

Learn more

Foreign Worker Recruitment Process

Step-by-step guidance on Malaysia’s foreign worker recruitment procedures, including quota approval, source country coordination, medical screening, visa processing, and post-arrival compliance obligations.

Learn more