The asialaw Asia-Pacific In-house Counsel Summit is the regions’ leading event for corporate counsel, compliance professionals and bankers’ counsel. Entering its 16th year, the Summit returned on May 30, 2019 to address the latest challenges in-house counsel are facing in the market today.

Over 400 general counsel, heads of legal, compliance officers and senior in-house counsel came together to network with leading industry representatives, policy makers, regulators and private practice lawyers. This crucial one-day event offered a unique chance for thought leaders to share their expertise and develop new strategies to deal with pressing concerns. Here are all the highlights from our one day forum in Hong Kong. Photos of the day can be accessed here: 

Keynote address: geopolitical uncertainty and the global economy

  • The global outlook for world economic growth is a comforting picture, it is expected to be fairly steady over the next three years.
  • However, global trade will be weak due to the trade war, especially since Asia is extremely trade focused. Despite the US tariff hikes hitting Chinese exports, the impact is not limited to China.
  • For growth in real GDP over a medium term outlook, 58% of the growth will come from APAC, China is still and will be the biggest contributor.
  • The technology war is escalating. Not only is the US increasing controls on technology, but also the EU are screening FDI in high tech areas.
  • Industrial automation (4IR) will create manufacturing processes in developed countries, affecting Asian low-wage and middle income countries.

Bridging the gap between regulatory compliance and customer experience

  • Integrating compliance into sales is important, there needs to be correlation and training between sales and compliance in order for the sales person to be compliant and manage expectations with the client.
  • By embedding compliance procedures from the start of the customer journey it will convince users that compliance is something to be kept in mind. Presenting the information via user interface is important, for examples, user friendly legal documents on an application
  • Cultivate the organisational culture of compliance by picking the right people to pass the message down the organisation, as well as injecting yourself into the early stages of planning.
  • The compliance journey is a continuous one, without a finish line. Not only should you refresh yourself when a new law comes in, but also involve business people from the beginning.
  • Be proactive with getting the legal team into the process in order for them to explain what minimum requirements need to be followed.

Managing the complexities of cross border data flows

  • International harmonization of data controls is difficult at a global level. Within Asia, there is a recognition of the importance of data, however not everyone shares the same perspective on data privacy.
  • Ideally, there is a common baseline for data privacy principles, but the reality is there is no 'one size fits all' approach. As data control laws are different for each country, the best strategy to approach the variety of regulations is to start with the most stringent standards.
  • Compliance with one regulation doesn't necessarily work with another. There are aspects between the GDPR and China's Cybersecurity laws that can be contradictory. Doing both is cost effective but can be difficult.
  • The Chinese data regulation law has impacted cross border business. As data localisation is close to impossible, duplication of business if legally permissible and to extent possible, is worth considering. 
  • Legality and transparency are two main things you should work towards. Ensure you are being compliant with the local data privacy requirements, and communicate with local and overseas regulators.
  • Work with legal advisers, network with trade associations, industry groups and have a relationship with relevant regulators. This will help you build relationships and be proactive in meeting global regulatory requirements.

An update on sanctions, export control and financial crime compliance in Asia Pacific

  • The new OFAC Compliance Program expectations are thorough and rigorous. Ensure you avoid the pitfalls by decentralising your compliance functions and that the whole team is getting the same and frequent training.
  • Non-US companies should look at this guidance as it will enable people being more comfortable with interaction with those that are sanctioned.
  • Have a program in place and understand what controls are in place for pre-acquisition due diligence. Enhance your acquisition strategy as there is a need to identify if there is a risk there.
  • Self-reporting is a big decision – it can make or break a company. Involve external counsel to get an objective perspective. Understand that there is a high degree of uncertainty and consequences as well as knock-on effects.
  • The proposed China Export Control Law is the first national level of law in this area. Primary responsibility is on those directly involved (the exporter). Financiers need to obtain permits and general license has to be reviewed every 6 months.

Role of blockchain technology in driving economic growth and its impact on Korea’s legal landscape and prospects

  • Millennials will have the largest economic impact through investment of digital assets. Expect crypto and blockchain to be the new normal. Compare it with the same backlash of historical examples (fax, email). Early stages of innovations impacts cannot be seen as of yet.
  • On the regulatory side in Korea, the frenzy of cryptocurrency has created a ban of all ICOs in Korea, to create a cool down. However, the Korean government is still actively promoting blockchain projects.
  • A key challenge for creating a legal framework for cryptocurrency is the lack of consensus on its classification.
  • The proof that crypto exchanges are being compliant is that if they did not follow requirements of AML, the business would cripple as the exchanges would have to be removed.

Overview of dispute resolution in Asia Pacific

  • The liability of e-commerce in Hong Kong has not matured yet. The law needs to catch up to the development of e-commerce as we are starting to see more cases with big data products.
  • With regulatory disputes, we are seeing more cooperation between regulators and considerations of the impacts in other jurisdictions.
  • It is unusual to agree where to have your fight (arbitration center). Factors to consider when writing the agreed place in the contract includes what bargaining power you have and where the assets are. If you arbitrate where your asset are, you will have a bigger chance in recovering those assets.
  • The sophistication of the panel is also a huge factor, pre arrange the panel in your contracts and take note of where the expertise is.
  • The new Electronic Business Related Arbitration and Mediation (eBRAM) online dispute resolution allows you to submit disputes through a user friendly and convenient online system. It can help cut costs for your disputes.

Country spotlight – Philippines

  • Economic growth has accelerated, people have the income to think beyond the basics (healthcare, discretionary spending, tourism).
  • Philippines is a consumer driven economy, the consumer sector is about 70% of GDP.
  • One of the challenges is and will be infrastructure. There are a lot of infrastructure projects in the pipeline, these have to be endorsed by the NEDA.
  • Tax reform program: Philippines are currently on the second step (Package 1B Tax Amnesty). The new government will affect the pace of the progress of the program.
  • Notable provisions of the revised Corporation Code: one person corporation, perpetual corporate existence, voting through remote communication or in absentia, independent directors, removal of the requirement of the 25% subscription and 25% paid-up for incorporation purposes, and arbitration.
  • ASEAN initiatives prompt and spur initiatives and break down inertia, Philippines are close to the forefront.

The GDPR and comparison of data protection laws in APAC

  • To comply with GDPR is an easy sell at a high level (board of directors), however, when it comes to actually implementing it, you will run into challenges around budget and competing priorities.
  • Despite your business activities not being affected by GDPR, keep an eye out for China and its developments. We are moving into a data driven economy, and data value has changed significantly.
  • Singapore is a very forward looking jurisdictions, its laws has elements of GDPR and is serious in education and enforcement efforts.
  • Data protection needs to be treated equally all over the world, frame the discussion so there is business benefits and views from the client.
  • The challenge is to communicate to local management what the international trends and best practices are to prepare for the future. Don't wait for new laws to be passed and don’t downplay GDPR because it does not currently affect you.
  • Regulators will take into consideration if a company has a culture of data protection - do they respect their data and is that reflected in their policies and procedures?
  • Creating a culture is important: trim down your policies, educate and learn to speak the language, don't make it overcomplicated and hard to understand. Awareness and education is the most critical thing for your defensible program.
  • Think of privacy by design and by default mode, have it the first and last thing people think of when they go into new initiatives.

The latest cybersecurity threats, trends and initiatives

  • In your crisis management plan do not ask why, contain the damage first and do the analysis after.
  • In case of a hack, expect future investigation from the authorities or a court hearing. Preserve your evidence and identify the affected area.
  • When meeting regulators for an investigation, have all your facts straight. Nowadays with real time data, be upfront and honest about what you don't know.
  • Risk management issues should be top down, it will involve PR so keep in touch with the authorities throughout the process so they know what to say to the media.
  • With connectivity, it is not an IT only issue, legal elements are involved and lawyers should be part of the conversation. Be aware of the new terminology and have a cybersecurity playbook.
  • When preparing the case, don't play the blame game. Take a step back and have a clear mind on what actually happened.
  • Remember to assess and engage your service providers, demand metrics, and even have an annual assessment on-site, you are ultimately responsible for your controls, even if it is being outsourced.
  • Have the mind-set that everyone is under potential attack. Communicate with each other, be willing to be the student with the general IT department.