Top 5 Compliance Risks for APAC CIOs

Recently, the bank J.P. Morgan was fined US$ 264 million for providing preferential hiring opportunities for relatives of high ranking PRC government officials. Bribery is also not confined to customers only; it can also taint transactions with suppliers, channel partners, and government agencies.

2. Data Protection

As in the U.S. and the European Union, Asia is strengthening the protection of personal and private data. Many jurisdictions (including Hong Kong and Singapore) have enacted data privacy regulations for companies to follow. Any form of data that may be used to identify an individual can potentially be personal data–including in some cases gender, birthdates, religion etc. As cloud infrastructure expands, the collection of large volumes of personal data on a single platform is becoming a daily occurrence. Companies providing such storage have legal obligations to protect this data, and also to seek consent to use, process, and transfer the data across borders. Non-compliance can lead to fines and penalties, but also can result in negative publicity about the security of a provider’s platform to protect customer data.  The implications of such laws therefore can have implications on the fundamental design of an IT solution or system.

3. Antitrust

Collusion amongst competitors is not new, but it is now actively prosecuted by local authorities in Asia including China, Taiwan, Korea, Malaysia, and Singapore. China has just updated its laws to include strong enforcement measures. Multinational companies operating throughout Asia can easily run afoul of antitrust regulations by participating in price-fixing schemes, exchanging confidential market information and having frequent, unregulated interactions with competitors. Clear corporate policies to circumscribe interactions with competitors are needed, as a basis for forming an organization culture sensitive to antitrust risks.

4. Third Parties

A large number of multinational companies dip their toes into Asian markets through third parties. This includes distributor arrangements, agencies, joint ventures etc. These third parties are separate legal entities in most cases, separate companies that have their own culture and practices. If they do not share the same ethical values as their multinational principals, they may commit illegal acts to further business interests, including bribery and collusion with competitors.  It is imperative that multinational companies have a framework for evaluating third parties with due diligence, a regular partner audit program and regular training to help them adopt the right business practices.

5. Export Controls

IT involves cutting edge technology for which there are international regulations concerning appropriate use and transfer. The U.S., EU, and Japan have export control laws, and so do Singapore, Malaysia, and Hong Kong. These laws are very detailed and technical, but essentially they require products with certain technological content to be licensed when they cross borders. In today’s globalized market place, such products may be made in China, tested in Singapore and delivered for installation in India. Such a transaction flow may require multiple export control licenses to comply with the laws of the countries involved. Penalties for non-compliance include fines and bans on export operations which can drastically impact delivery to clients.

This brief summary barely scratches the surface of the compliance challenges and risks encountered in Asia. CIOs will need good subject matter experts to advise them in order to navigate the region and its potential pitfalls.

Beng Ti Tan is Head of Compliance at Fujitsu Asia.  The views expressed in this article are his own

Founded in the year 1935, Fujitsu is a Fortune 500 market leader in a wide range of Information Technology (IT) services, seeking to enhance digitization through its Cloud, Big Data and Internet of Things solutions. The company is located in Japan and operates throughout the globe.