The issue of consumer protection still dominates regulatory agendas in Asia, as Lloyd’s head of Asia Pacific Kent Chaplin explains
The fast pace of economic growth in Asia is attracting new investment to the region and encouraging successful local businesses to expand into new markets. However, these growth opportunities are not without complications. Businesses must manage more complex supply and distribution chains and negotiate a patchwork of differing levels of market sophistication, risk and regulatory standards. At the same time Asia is going through an increased pace of regulatory development and heightened supervisory scrutiny – it’s more than enough to keep most risk managers on their toes.
Both Singapore and Malaysia have recently introduced data protection legislation that will have a significant impact across industries. Every company must now be periodically checking whether the information it collects is relevant and necessary and undertaking regular risk assessments of their systems and controls. To ensure best practice, it’s worth creating a retention policy that sets the time period for a decision to archive or delete data. Should an individual object to their data being held, then it must be immediately deleted and it is good practice to maintain a list of objectors so they are not contacted again. Regularly training staff is fundamental and it’s crucial that there are robust controls in place to ensure that personal data is held in a secure medium and access is restricted to only those that need it.
There is also an increased focus on financial crime with new anti-money laundering (AML) regulations, stricter requirements for customer due diligence, and the looming compliance deadline for the US Foreign Account Tax Compliance Act currently top concerns for most multinational Asian firms. Recent AML sanctions and enforcement actions have shown how vital it is to ensure AML screening and monitoring tools are up to date.
Embedding the right risk culture throughout an international organisation is not an easy task – it requires unambiguous and visible support at the highest level and understanding and advocacy from all. There needs to be an owner for every single risk, but also a sense that it’s a team responsibility. Good risk and compliance people understand not just the regulatory environment but also your customers, employees and the market you operate in and they are good communicators. A combination to the right policies, people and culture will help to pick up an issue in its infancy rather than too late.