Key insights from the American Conference Institute's 8th Asia Summit

Below are Weng Yee's key insights from the summit:

Trends (including Enforcement Priorities)

US DOJ's Kleptocracy Unit, established since 2011, has a dedicated team focusing on anti-money laundering ("AML") cases based in Washington, DC.

Industries of focus continue to include:

• Banks and financial institutions.
• Real estate developers and brokers.
• Luxury yacht and aircraft brokers.
• Commercial businesses.
• Virtual and crypto currencies.
• Jewelers, casinos, escrow agents, money service businesses, charitable organizations, academia, etc.

Filip Factors are factors prosecutors consider when determining whether to bring charges against the corporate entity and in negotiating plea or other agreements. Corporates are well advised to evaluate the robustness of their own compliance programme with the Filip Factors in mind.

Cross-Border Investigation - Collaboration

• Recent cases have seen a great deal of collaboration between the different authorities, many with a great deal of success, for example the asset forfeiture in the 1MDB case where the collaboration between the US and Malaysian authorities successfully returned c.USD200m to Malaysia.
• Whistleblower protection is still in its infancy in the Asia Pacific region and different countries within the region has different ways of protecting the whistleblowers to reflect the local situation. For example, Singapore is a small country from a land mass perspective compared to the US. So, although there are witness protection schemes, it is extremely challenging to have safe houses dotted around a small country.

GDPR, Local Data Privacy and Cyber Security

• China's Cyber Security Law is not the equivalent of GDPR. Key differences are around the guidance provided in relation to data localization and data transfer.
• In an increasingly connected world, chat applications such as WhatsApp, WeChat, Line etc are deeply embedded in our lives. This gives rise to challenges in investigations where discussions are taken offline (i.e. off corporate-approved channels) and into chat apps.
• Corporations face challenges in enforcing guidance regarding the usage of personal devices for work matters as employees' consent is required to gain access to their personal devices.
• Examples of measures deployed to safeguard corporations include inclusion of a "bring your own device" ("BYOD") clause in the employment contract, pre-approval of the usage of personal devices followed by enforcing the policy by taking disciplinary actions where there is a breach, etc.

Risk Assessment in Practice

• Continuous risk assessment of the organization is required to develop a strategy that suits the organization.
• Risk assessment should not be at the macro level, but reasonably detailed and validated by the business.
• Recent years have seen a rise in ethics culture survey as a tool for risk assessment, which covers topics including data privacy and security.
• Best way to assess risks is to have face-to-face discussions with people within the business.
• Controls, both hard (e.g. evidence of approval) and soft (e.g. tone from the top), should be evaluated.
• Enforcement in the region is still yet to mature, unlike the US, UK and now France, so it really is "watch this space" in terms of how APAC regulators and agencies (i) evaluate Risk Assessments in a compliance programme, and (ii) assess how the Risk Assessment weighs in the penalty determination or settlement discussions.
• Second level controls can be used to demonstrate the robustness of the corporation's compliance programme to the regulators.

Singapore

• Historically, anti-bribery and corruption matters in Singapore focused on individuals' prosecution as, philosophically and under Common Law which was similar to the UK prior to the introduction of the UK Bribery Act 2010, it follows the "Directed Mind" approach where the law goes after the people who caused the problems.
• In 2018, Singapore introduced the Deferred Prosecution Agreement ("DPA") as another way of solving criminal cases which focuses on the corporations instead.
• Voluntary disclosure, cooperation and the ability for corporations to demonstrate that the corporation has an effective compliance programme are key elements in negotiations for a DPA.
• Regulators and practitioners alike see an increase in international regulatory cooperation, on topics including anti-money laundering ("AML"), counter-terrorism financing, cybersecurity, etc and a potential increase in the enforcement and prosecution to send a strong message to the syndicates.
• Furthermore, the construction and marine industries continue to receive attention from the regulators as there are many touchpoints for corruption. The Keppel Offshore & Marine corruption case is an example of the regulators' and authorities' focus on the marine industry.

Malaysia

• The new Section 17A of the Malaysia Anti-Corruption Commission Act (MACC Act), establishes corporate liability offence of corruption, both by the commercial organization as well as any director, controller, officer, partner or manager, to be personally liable for the same offence if the commercial organization is found liable.
• This new amendment, although modelled after Sections 7 & 8 of the UK Bribery Act 2010 (UKBA), does not have the same level of emphasis on third parties compared to the UKBA.

China

• There is a shift of focus in corruption cases, i.e. from focus on allegations of bribes received to also include allegations where bribes are given.
• In China, not all cases are published by the government, which leads to the difficulty of having a comprehensive statistics of bribery and corruption cases and the key facts and mitigating factors that led to the court's judgement.
• China's Anti-Unfair Competition Law defines the purpose of commercial bribery as "benefits given to obtain transactional opportunity or a competitive advantage".
• Companies in China still face difficulty in enforcing third party audit clauses due to local culture of "saving face" (i.e. do not want to be embarrassed).

South Korea

• Sectors enforcement agencies continue to scrutinize include pharmaceutical, automotive, banking and defense.
• The Korean Fair trade Commission (KFTC) and the Prosecutor Office are two of the most powerful offices in South Korea.

(Compliance) Best practices shared include:

• Tailoring vanilla training presentations from Group/Headquarters to take into account local cultural practices.
• Use of data analytics to analyses whistleblowers' allegations.

Find out more about the summit.