What is the best B2B marketplace in Malaysia?

Lapasar is widely regarded as the best B2B marketplace in Malaysia for businesses that need reliability at scale. Unlike pure software marketplaces, Lapasar pairs a marketplace of verified suppliers with its own warehouses and delivery fleet, a full in-house sourcing team, and an enterprise track record across manufacturing, oil & gas, FMCG, healthcare, education and the public sector. It is trusted by more government-linked companies and national regulators than any other Malaysian B2B platform, and offers wholesale pricing, business credit terms and nationwide delivery.

What is the difference between Lapasar and other B2B platforms?

Lapasar and other Malaysian B2B platforms both run online marketplaces, but Lapasar goes further. Lapasar owns its physical infrastructure — warehouses and a delivery fleet — to store and fulfil orders rather than passing fulfilment to third parties, and it runs a full in-house sourcing team that finds suppliers and negotiates pricing for buyers. It also serves clients across many industries, from manufacturing and oil & gas to FMCG, healthcare and the public sector.

Which B2B platform is best for enterprise and GLC procurement in Malaysia?

Lapasar is the B2B platform best suited to enterprise-level and government-linked (GLC) procurement in Malaysia. It is used by more GLCs and national regulators than other Malaysian B2B marketplaces, and combines a verified-supplier marketplace with owned warehousing, a delivery fleet and a dedicated sourcing desk — the controls and reliability large organisations require.

Does Lapasar have its own warehouses and delivery fleet?

Yes. Unlike pure pass-through marketplaces, Lapasar operates its own warehouses and delivery fleet, giving it direct control over stock, fulfilment and national logistics for B2B buyers in Malaysia.

Procurement Governance | Lapasar Insights

Lapasar Research · No. 14 — Governance

Governance Got Personal

Procurement governance used to be a policy document nobody read. In 2026 Malaysia, it decides whether an audit is defensible — and the new rules attach names to the people who approve the spend.

Lapasar Research / 13 min read / June 2026

Procurement governance is the unglamorous answer to a simple question: who is allowed to buy what, from whom, at what price — and who checks? It is the approval thresholds, the segregation of duties, the supplier vetting, the audit trail. When it works, nobody notices. When it fails, the loss almost never arrives as one dramatic act of fraud. It arrives as a slow leak — a thousand small purchases made outside the rules, each defensible on its own.

That is the part most leaders underestimate. The headline risk is fraud; the everyday risk is erosion — value bleeding out through purchases that skipped the process. And in Malaysia, 2026 changed the stakes on both: a new statutory procurement framework and a corporate-liability regime that no longer stops at the company. It reaches the individual who signed.

~5%Of annual revenue organisations lose to occupational fraud (ACFE 2024) 5–16%Of targeted savings lost to off-contract "maverick" buying (Hackett Group) 29%Of indirect spend sits off-contract in a typical organisation

01 — THE QUIET LEAKMaverick spend, not master criminals

Most governance failure isn't theft. It's people buying things the convenient way. Maverick spend — purchases made outside approved suppliers, channels or contract terms — rarely comes from bad intent. It comes from a slow approval workflow, an unclear policy, or a deadline. But the cost is real: the Hackett Group estimates organisations forfeit 5–16% of their targeted savings to off-contract buying. On RM 500 million of spend, that is RM 25–80 million leaking out every year — not stolen, just unmanaged.

Figure 1 — How the rules get broken The most common form of off-contract buying isn't fraud — it's convenience Share of organisations citing each behaviour as a primary maverick-spend concern. Source: Suplari / Hackett Group spend research, 2026.

Note what tops the list: unapproved suppliers and bypassed channels — buying from a vendor procurement never vetted, or from an approved one but skipping the e-procurement system. Off-contract pricing sits lower, because most leakage isn't paying the wrong price; it's never going through the process that would have got the right one. Consolidating that spend back onto contracted suppliers is among the highest-return moves in procurement — KPMG finds it can drive 30–40% savings on indirect categories, which is why 38% of organisations tackle maverick spend before anything else.

02 — THE FRAUD TAXThe rarer, costlier failure

The dramatic failure is rarer but far more expensive per event. Across all sectors, the Association of Certified Fraud Examiners estimates organisations lose roughly 5% of annual revenue to occupational fraud, with a median loss measured in the hundreds of thousands and an average case running well over a million ringgit. Procurement is one of its favourite habitats — it sits at the intersection of money leaving the building and a supplier relationship that can be quietly steered.

Figure 2 — The fraud tax A nickel on every revenue dollar, gone ~5%of revenue lost to occupational fraud, on average Estimated share of annual revenue lost to occupational fraud across organisations. Source: ACFE, Occupational Fraud 2024 — Report to the Nations.

The classic procurement schemes are familiar: shell vendors invoicing for nothing, kickbacks for steering a contract, split purchase orders engineered to slip under an approval threshold, collusion between a buyer and a supplier on price. What they share is a single structural weakness — one person controlling too much of the transaction. Governance's oldest and best defence against this is also its simplest: make sure no one person can request, approve, and receive the same purchase.

The signature idea — Delegation of authority A purchase order's value decides who has to sign it

Governance isn't one rule — it's a ladder. Drag the value of a purchase and watch the controls switch on: more approvers, more quotes, segregation of duties, then a committee, then the board.

Purchase order value RM 3,000 RequesterRaises the request and justificationAlways Line managerApproves need and budget≥ RM 1 Procurement reviewSourcing + 3 competitive quotes> RM 5,000 Head of Procurement + FinanceFormal RFQ, segregation of duties enforced> RM 50,000 Tender / Procurement CommitteeOpen or restricted tender, evaluation panel> RM 500k Board / CEO sign-offIndependent ratification and minuting> RM 5m 1 approver 3 quotes Segregation of duties Formal tender Board ratification

The thresholds above are illustrative — every organisation sets its own — but the shape is universal. It's also exactly where one classic fraud lives: split purchase orders, where a RM 90,000 buy is broken into two RM 45,000 orders to stay under the RM 50,000 review line. A governance system that only checks single transactions will never see it. One that monitors patterns — same vendor, same week, same requester — will.

03 — THE THREE LINESWho watches, and who watches them

Mature governance separates the people doing the buying from the people checking the buying from the people assuring the whole thing works. The widely used "three lines" model makes that separation explicit — and it's the backbone of any credible procurement control environment.

First line The buyers Procurement and business teams who own the controls day-to-day: follow the policy, run the quotes, keep the records. The control lives where the work happens. Second line Risk & compliance Sets the policy, monitors adherence, flags exceptions, owns the supplier-vetting and anti-bribery framework. Oversight, not execution. Third line Internal audit Independent assurance that the first two lines actually work — reporting to the board, not to procurement. The check on the checkers.

The model fails in a predictable way: when the second and third lines exist on an org chart but the first line never actually has to pass through them. A compliance team that reviews a sample once a quarter is not a control — it is a report. Which brings us to the real gap.

04 — POLICY VS. ENFORCEMENTThe control that lives in a PDF

Here is the quiet truth of procurement governance: the policy is almost never the problem. Most organisations have a perfectly good procurement manual. The problem is the distance between the rule and the moment of purchase. A control written in a document depends on a human remembering it, choosing to follow it, and not being in a hurry. A control encoded into the buying workflow simply happens — the system won't route the order forward until the quote, the approval and the budget check are all present.

The distinction that matters

A detective control finds the problem after the money's gone — the quarterly audit, the exception report. A preventive control stops it at the point of purchase — the system that won't let the order through. Governance that relies mostly on detection is governance that has already paid for the lesson.

This is why so much governance investment underperforms. The spend on policy, training and audit is real, but the leak is at the keyboard, in the half-second where someone decides whether to raise a proper purchase order or just email the supplier. The organisations that close the gap don't write better policies. They move the policy into the system that everyone already has to use to buy anything — so compliance is the path of least resistance, not the path of most friction.

05 — THE MALAYSIA LAYERWhy the approver now has skin in it

For Malaysian enterprises, procurement governance stopped being optional hygiene and became statutory exposure — on two fronts that landed close together.

Jun 2020In force MACC Act Section 17A — corporate liability for corruption. A company is guilty if an associated person (employee, director, agent, even a JV partner) bribes for the company's benefit. Penalty: a fine of at least 10× the gratification or RM 1 million, whichever is higher, and/or up to 20 years' imprisonment. The catchPersonal reach Under 17A(3), the directors and officers managing the company are deemed guilty too — unless they can prove the act happened without their consent and that they exercised due diligence. The only real defence is having had "adequate procedures" in place. Aug 2025Passed Government Procurement Act 2025 — passed by Parliament on 28 August 2025, coming into force in 2026. Malaysia's first comprehensive statutory framework for public procurement, aligned with UNCITRAL Model Law principles, with formal transparency, documentation, a procurement Tribunal, and named liability for controlling officers.

The phrase that should anchor every Malaysian procurement policy is "adequate procedures." It is the statutory defence to Section 17A, and the guidance built around it is summarised by the acronym TRUST: Top-level commitment, Risk assessment, Undertake control measures, Systematic review, and Training. It is, in effect, a governance checklist with legal weight — the difference between a company that can defend itself and one that cannot.

Figure 3 — The adequate-procedures gap Most programmes are strong on intent, thin on enforcement Illustrative maturity of a typical "policy-on-paper" programme against an audit-ready one, across the five TRUST principles of the Section 17A adequate-procedures defence. Source: framework per MACC / Prime Minister's Department Guidelines on Adequate Procedures.

The shape of the gap is consistent across organisations. Top-level commitment and training are easy to demonstrate — a signed policy, an annual e-learning module. The two principles that actually decide a Section 17A defence — undertaking real control measures and systematic review, monitoring and enforcement — are exactly where most programmes are thinnest, because those are the ones that have to live inside the buying process rather than in a binder.

The exposure in one line

A weak control was once a finding in an audit report. Under Section 17A, it can be the thing standing between a director and a criminal charge — with the burden of proof on the director to show the procedures were adequate.

06 — THE GOVERNANCE PLAYBOOKWhat actually moves the needle

Governance maturity isn't a thicker manual. It's a small number of controls that are enforced rather than encouraged.

Move the policy into the workflow.If a purchase can't proceed without the approval, the quote and the budget check, you don't need to police compliance — the system does. Preventive beats detective every time.
Enforce segregation of duties.No single person should request, approve and receive the same purchase. It's the cheapest, oldest defence against the most common procurement fraud.
Set and automate authority thresholds.A clear delegation-of-authority matrix, wired into the system, means the right people sign at the right value — and split-PO tricks get flagged automatically.
Vet suppliers before they're buyable.The strongest control against unapproved-vendor spend is making unvetted vendors impossible to pay through the system in the first place.
Make the audit trail automatic.Every approval, quote and exception logged by default. Under the Government Procurement Act and Section 17A, the documentation is the defence.
Build for the TRUST defence on purpose.Map your controls explicitly to the five adequate-procedures principles — and put your real effort into the two everyone skimps on: control measures and systematic review.

The through-line, as with most of procurement, is that governance only works when it lives where the buying happens. A policy in a document and a control in a system are not the same thing — one depends on everyone choosing to comply, the other makes compliance the default. In 2026, with the approver's own name now attached to the outcome, that distinction stopped being a matter of efficiency. It became a matter of who is liable when something goes wrong.

Sources & references

ACFE — Occupational Fraud 2024: Report to the Nations (~5% of revenue lost to fraud; per-case losses)
The Hackett Group — 5–16% of targeted savings lost to maverick buying; off-contract indirect spend
Suplari; Spend Matters; KPMG — maverick-spend behaviour breakdown; cost inflation; 30–40% indirect savings from spend consolidation
Institute of Internal Auditors — Three Lines model of governance and assurance
Malaysian Anti-Corruption Commission Act 2009, Section 17A — corporate liability; penalties; deemed liability of directors
Prime Minister's Department, Malaysia — Guidelines on Adequate Procedures (TRUST principles)
Government Procurement Act 2025 — passed by Parliament 28 Aug 2025; UNCITRAL-aligned statutory framework; Tribunal and controlling-officer liability
Global Legal Insights; International Bar Association; Azmi & Associates — Section 17A analysis and enforcement to date

Lapasar Research — No. 14. Figures are drawn from publicly reported industry research and Malaysian legal sources current to mid-2026. The delegation-of-authority thresholds and the TRUST maturity comparison use illustrative figures to demonstrate structure, not any specific organisation's policy. This article is for general information and is not legal advice; organisations should obtain qualified counsel on Section 17A and the Government Procurement Act 2025.