Top 5 Compliance Risks for APAC CIOs
By Beng Ti, Head of Compliance, Asia, Fujitsu
Asia is well-known for being a diverse and multi-faceted region to manage. For IT challenges–whether in client practice or in-house–this is also very much the case. Different Asian countries have different usage requirements for IT systems, making standardization difficult. Just in terms of languages, the Asian region can require between 5 and 10 different language sets for an IT system to function across its various jurisdictions. It takes some skill to judge how best to allocate scarce resources in this context.
At the same time, the appetite for IT solutions is booming in Asia. Cloud services, in particular, are in high demand. The disruptive ability of a cloud system to store data for multiple markets in different countries (and time zones) is very appealing. It is likely that growth in cloud adoption will continue to be strong and healthy in Asia.
"A growing market that is large and diverse is automatically a challenge in terms of compliance for any business. Marrying that with the current compliance profile of Asia only makes things even more challenging"
A growing market that is large and diverse is automatically a challenge in terms of compliance for any business. Marrying that with the current compliance profile of Asia only makes things even more challenging. In Asia, according to Transparency International, many of the countries are perceived to tolerate corrupt practices. Even in relatively more developed economies such as Japan, Singapore and Hong Kong, serious corruption offences are reported from time to time. Collusion between competitors (known as antitrust) is also prevalent–Asian countries continue to develop and strengthen laws to combat such anti-competitive behavior.
Therefore, as we closed out 2016 and start 2017, here is a list of Top 5 Compliance Hot Topics which APAC CIOs (and indeed all top executives) should focus on:
Bribery once thought to be a cultural form a patronage in Asia is being actively enforced against. This is not only by authorities in Asia itself, but also from the developed nations such as the U.S. and the UK. Successful enforcement is not limited to classical bribery whereby cash is given to influence business outcomes, rather it encompasses any form of value given or received inappropriately.
2. Data Protection
As in the U.S. and the European Union, Asia is strengthening the protection of personal and private data. Many jurisdictions (including Hong Kong and Singapore) have enacted data privacy regulations for companies to follow. Any form of data that may be used to identify an individual can potentially be personal data–including in some cases gender, birthdates, religion etc. As cloud infrastructure expands, the collection of large volumes of personal data on a single platform is becoming a daily occurrence. Companies providing such storage have legal obligations to protect this data, and also to seek consent to use, process, and transfer the data across borders. Non-compliance can lead to fines and penalties, but also can result in negative publicity about the security of a provider’s platform to protect customer data. The implications of such laws therefore can have implications on the fundamental design of an IT solution or system.
Collusion amongst competitors is not new, but it is now actively prosecuted by local authorities in Asia including China, Taiwan, Korea, Malaysia, and Singapore. China has just updated its laws to include strong enforcement measures. Multinational companies operating throughout Asia can easily run afoul of antitrust regulations by participating in price-fixing schemes, exchanging confidential market information and having frequent, unregulated interactions with competitors. Clear corporate policies to circumscribe interactions with competitors are needed, as a basis for forming an organization culture sensitive to antitrust risks.
4. Third Parties
A large number of multinational companies dip their toes into Asian markets through third parties. This includes distributor arrangements, agencies, joint ventures etc. These third parties are separate legal entities in most cases, separate companies that have their own culture and practices. If they do not share the same ethical values as their multinational principals, they may commit illegal acts to further business interests, including bribery and collusion with competitors. It is imperative that multinational companies have a framework for evaluating third parties with due diligence, a regular partner audit program and regular training to help them adopt the right business practices.
5. Export Controls
IT involves cutting edge technology for which there are international regulations concerning appropriate use and transfer. The U.S., EU, and Japan have export control laws, and so do Singapore, Malaysia, and Hong Kong. These laws are very detailed and technical, but essentially they require products with certain technological content to be licensed when they cross borders. In today’s globalized market place, such products may be made in China, tested in Singapore and delivered for installation in India. Such a transaction flow may require multiple export control licenses to comply with the laws of the countries involved. Penalties for non-compliance include fines and bans on export operations which can drastically impact delivery to clients.
This brief summary barely scratches the surface of the compliance challenges and risks encountered in Asia. CIOs will need good subject matter experts to advise them in order to navigate the region and its potential pitfalls.
Beng Ti Tan is Head of Compliance at Fujitsu Asia. The views expressed in this article are his own
Founded in the year 1935, Fujitsu is a Fortune 500 market leader in a wide range of Information Technology (IT) services, seeking to enhance digitization through its Cloud, Big Data and Internet of Things solutions. The company is located in Japan and operates throughout the globe.