Asia-Pacific Compliance Enforcement

Introduction

This chapter provides an overview of trends in relation to legislative and regulatory compliance enforcement in the Asia-Pacific (APAC) region. Comprising dozens of jurisdictions with diverse business cultures and economies, the region presents unique challenges, given the disparate enforcement authorities and the varying compliance standards. The chapter focuses on key areas of enforcement priorities, including anti-bribery and anti-corruption (ABC), anti-money laundering (AML) and other key criminal offences affecting multinational corporations, and provides an overview of emerging compliance issues and enforcement trends that will be of relevance to multinational corporations and other commercial organisations with cross-border businesses and investments in the region.

Overview of compliance enforcement in APAC

There are no uniform laws that apply to all jurisdictions across the APAC region. Accordingly, we have selected five key jurisdictions to use as examples of the types of enforcement policies, procedures and activity across the region: Australia, China, Hong Kong, Japan and Singapore.

Australia

Enforcement bodies: their enforcement policies, focus and priorities

The Australian federal government has taken a multi-agency approach to combating corruption and is looking to set up a federal anti-corruption body by mid-2023.^[2] Currently, the main enforcement and prosecuting agencies responsible for investigating and prosecuting bribery and corruption cases are the Australian Federal Police (AFP), the Commonwealth Director of Public Prosecutions (CDPP) and the various state-based and territory-based police and anti-corruption bodies that investigate public sector corruption, such as the Independent Commission Against Corruption in New South Wales. The Minister for Home Affairs has asked the AFP to focus its enforcement efforts on certain higher-risk areas, most notably fraud and corruption, and transnational serious organised crime such as money laundering.^[3]

With respect to listed issuers, the Australian Securities Exchange’s (ASX) Corporate Governance Principles and Recommendations require that listed issuers have, and publicly disclose, ABC policies.^[4] The ASX’s Listing Rules provide that listed issuers that do not follow the recommendation must explain the reasons for not doing so in a corporate governance statement.^[5]

The Australian Transaction Reports and Analysis Centre (AUSTRAC), as Australia’s AML and counter-terrorism financing (CTF) regulator, adopts a risk-based approach as part of its enforcement to focus its resources on areas of urgent priority. In 2022, AUSTRAC focused its enforcement investigations on casinos and conducted compliance assessments of entities such as pubs and clubs, and regulated entities such as banks, remitters, digital currency exchanges, superannuation fund trustees and financial service intermediaries.^[6] The Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth) also imposes a positive obligation on reporting entities, which broadly include financial institutions (FIs) or providers of designated services, to put in place an adequate programme to identify, mitigate and manage AML/CTF-related risks.^[7] Generally, all FIs, and certain other entities subject to local AML/CTF requirements, have obligations to report to AUSTRAC any reasonable suspicion or knowledge of any persons or transactions linked to a crime.

The Australian Securities and Investments Commission (ASIC) regulates the financial services, consumer credit, and the domestic licensed equity, derivatives and futures markets operating in Australia. ASIC’s enforcement work is guided by a set of strategic priorities as set out in its Corporate Plan 2021–2025.^[8] In a speech given in March 2022, the chair of ASIC stated that the Commission will prioritise governance failures relating to non-financial risk in its enforcement work, including those arising out of cyber resilience and climate-related disclosures.^[9]

Self-disclosure and reporting

Self-disclosure and co-operation may be relevant considerations for Australian authorities in deciding whether to proceed with an investigation or prosecution, and for the courts in sentencing. However, except for cartel conduct and to the extent noted below, there is no requirement for the authorities to consider these factors with respect to white-collar offences.

ASIC published an immunity policy for contraventions of Part 7.10 of the Corporations Act,^[10] including the offences of insider trading and market manipulation. Under this policy, an individual may make an application for immunity by requesting ASIC to place a marker. The marker allows an applicant a limited amount of time to gather and provide the information necessary, on a full-disclosure basis, to demonstrate that it satisfies the requirements for conditional immunity. ASIC is not able to grant immunity from criminal prosecution, although it will make recommendations in this regard to the CDPP, which will then make its own assessment according to the Prosecution Policy of the Commonwealth.

Enforcement outcomes

Australia’s recent score on Transparency International’s Corruption Perceptions Index (CPI)^[11] may indicate that further efforts are needed to tackle increasingly complex and multifaceted public sector corruption and bribery misconduct. The country has made a number of prosecutions against violations of ABC laws, with the relevant individuals sentenced to terms of imprisonment, fines or other court sanctions, although it has only more recently enforced laws against foreign bribery.^[12] It is anticipated that there will be greater regulation in areas associated with foreign bribery, particularly if the Crimes Legislation Amendment (Combatting Corporate Crime) Bill is passed. This Bill, which includes a new strict liability corporate offence of failing to prevent foreign bribery, was introduced in the Australian Senate in December 2019 and, at the time of writing, has not progressed since then.^[13]

China

Enforcement bodies: their enforcement policies, focus and priorities

The prosecution of financial crimes, including bribery and corruption offences, and money laundering-related offences are generally administered by the Supreme People’s Procuratorates (SPPs). Authorities that enforce ABC laws include the Ministry of Public Security (MPS), the National Supervisory Commission (NSC) and the National Audit Office. The Central Commission for Discipline Inspection of the Communist Party of China (CCDI), the highest internal control institution of the Chinese Communist Party, also has ABC functions. Although China has not implemented a comprehensive or stand-alone enforcement policy, domestic regulators have continued to strengthen their commitment to investigating commercial bribery offences, as indicated by two recent legislative developments – ‘Guiding Opinions on Establishing a Mechanism for Third-Party Supervision and Evaluation of the Compliance of Enterprises Involved in Cases (for Trial Implementation)’^[14] and ‘Opinions on Further Promoting the Investigation of Bribery and Acceptance of Bribes’.^[15] These developments indicate that the Chinese government’s latest enforcement priorities continue to target those who give bribes and commercial bribery, while balancing the need to protect legitimate business interests.

The Supreme People’s Court and the SPPs are also responsible for developing judicial interpretations on AML/CTF laws. The People’s Bank of China (PBOC) is the primary regulator with respect to AML/CTF compliance, and is responsible for enforcing local AML/CTF requirements. The China Banking and Insurance Regulatory Commission and the China Securities Regulatory Commission also have supervisory roles, assisting the PBOC with enforcing certain administrative sanctions in the banking, insurance and securities sectors. In January 2022, China launched a three-year campaign to fight money laundering and to safeguard national security and social stability. The campaign will run until the end of 2024 and is being led by the PBOC and the MPS.^[16]

Self-disclosure and reporting

On discovering a crime or a criminal suspect, any individual or entity has the right and duty to report the case to a public security agency, a people’s procuratorate or a people’s court.^[17] All FIs and certain other entities are obligated to report to the PBOC any suspicious transactions that (1) relate to money laundering, terrorism financing or other criminal activities, (2) jeopardise national security or social stability, or (3) are linked to other serious situations or emergencies.

The Criminal Law provides that individuals and entities who voluntarily report to enforcement authorities may receive a lighter sentence.^[18] The Interpretation on Certain Issues concerning the Application of Law in Handling Criminal Cases Involving Embezzlement and Bribery^[19] specifically states that self-reporting may mitigate or exempt a party from its liability for bribery-related violations, in particular when the underlying crimes are relatively minor.

Enforcement outcome

In terms of enforcement against bribery and corruption, the CCDI and the NSC have begun compiling a blacklist of offenders. For instance, as of April 2022, six companies and about 130 individuals (mainly from the construction industry in Hunan Province) were blacklisted for corruption-related conduct and punished with various types of penalties for up to one year, such as a prohibition against participating in bids for government contracts, limits on access to government subsidies, and additional and more frequent inspections by enforcement authorities.^[20] In 2020, the PBOC reported in its AML report that it had imposed fines totalling 526 million yuan on 537 institutions and 24.68 million yuan on 1,000 individuals, and strengthened its work in supervising regulated entities’ AML systems during the year.^[21]

Hong Kong

Enforcement bodies: their enforcement policies, focus and priorities

The Hong Kong government’s Department of Justice is the main legal authority responsible for prosecution. The main authorities with powers of investigation, prosecution and enforcement for bribery and corruption offences are the Hong Kong Police Force (HKPF) and the Independent Commission Against Corruption (ICAC). The ICAC has not publicly released a stand-alone enforcement policy but has published annual reports that provide enforcement statistics. Building management, construction, finance and insurance have traditionally been the industry sectors that have attracted complaints and reports, which have led to an increased level of enforcement.^[22]

There are also certain individuals and institutions (e.g., licensed persons, financial services and listed companies) that are subject to regulatory requirements and that may be implicated when bribery and corruption occur. For example, under the Code of Conduct for Persons Licensed by or Registered with the Security and Futures Commission (SFC), intermediaries must comply with and implement appropriate measures to ensure compliance with the law, rules, regulations and codes administered or issued by the SFC (and any requirements of the applicable regulatory authority). When a breach occurs, enforcement action may be undertaken by the SFC’s enforcement arm. Similarly, under the Listing Rules of the Stock Exchange of Hong Kong Limited (SEHK) – namely, the Corporate Governance Code and the Corporate Governance Report^[23] – the board of directors of a listed company is responsible for establishing and maintaining appropriate and effective risk management and internal control systems. When a breach occurs, enforcement action may be taken by the SEHK.

The Joint Financial Intelligence Unit (JFIU), which is operated jointly by the HKPF and the Customs and Excise Department, is the primary enforcement body for investigating money laundering activities in Hong Kong. The JFIU may also work with the ICAC when the predicate offence is bribery or corruption. With respect to FIs and financial service providers specifically, the Hong Kong Monetary Authority (HKMA) and the SFC are also responsible for investigating potential violations of AML/CTF laws, administering related sanctions and monitoring ongoing AML/CTF compliance. Following the enactment of the Hong Kong National Security Law, the authorities have also undertaken AML/CTF enforcement actions relating to offences under this Law.

Self-disclosure and reporting

There is generally no positive obligation to report crimes in Hong Kong. However, the reporting of any knowledge or suspicion of money laundering is a statutory requirement, and a failure to do so is a criminal offence.^[24] This requirement is applicable to all persons and also has extraterritorial effect in that it applies even if the predicate offence is committed outside Hong Kong. It is a defence for a person who has dealt with incriminating funds to prove that he or she had disclosed his or her knowledge or suspicion of money laundering prior to the dealing, or as soon as it was reasonable to do so after the dealing.

Hong Kong does not have any formal programme for leniency or reduced penalties on the basis of cooperation with investigation authorities. However, authorities do consider leniency or immunity based on the mitigating factors of each case, such as self-reporting. For instance, the SFC and the HKMA have emphasised that they will recognise and give credit for cooperation during an enforcement investigation in determining the applicable sanction.^[25]

Enforcement outcome

Hong Kong ranks 12th of 180 countries and regions included in the CPI 2021, which illustrates that the territory continues to perform strongly in detecting, deterring and remediating violations of ABC and AML laws. In 2020, the overall number of corruption reports decreased, although this may be attributable to the slowing down of economic activities during the covid-19 pandemic.^[26]

In the financial services industry, both the SFC and the HKMA continue to take robust enforcement actions. For instance, in November 2021, the SFC took its first-ever disciplinary action against a manager-in-charge for internal control failures in breach of the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO) and the SFC’s guideline.^[27] In the same month, as part of a high-profile enforcement action, the HKMA imposed an aggregate fine of HK$44.2 million on four banks for breaches of the AMLO.^[28]

Japan

Enforcement bodies: their enforcement policies, focus and priorities

Public prosecutors are the sole authority for the prosecution of crimes in Japan, except where the Committee for the Inquest of Prosecution elects to compel prosecution of a case following a public prosecutor’s refusal to do so. There is no designated authority that enforces ABC laws or AML laws in Japan. However, public prosecutors can and will often investigate white-collar crimes, and may instruct the National Police Agency to provide investigative assistance. Certain administrative authorities have investigative powers. For instance, the Securities and Exchange Surveillance Commission (SESC) can investigate securities fraud and other violations of securities regulations. Further, Japan’s Financial Services Agency (FSA), as an administrative authority, is empowered to impose surcharges (kachokin) and other sanctions on specific violations of securities regulations after recommendation from the SESC.

Both the SESC and the FSA publish their strategic priorities regularly,^[29] but Japan generally follows the AML/CTF enforcement priorities broadly set out in the Financial Action Task Force’s (FATF) Mutual Report, which include, among other things, increasing the use of money laundering offences to target more serious predicate offences.^[30] There is no publicly available stand-alone enforcement policy on ABC, but Japan may undertake actions in response to media attention and the criticism against it in the latest report by the Organisation for Economic Co-operation and Development (OECD), as discussed below.

Self-disclosure and reporting

Specified business operators, including banks and insurance companies, are required by statute,^[31] or the FSA’s annually updated ‘Guidelines for Anti-Money Laundering and Combating the Financing of Terrorism’,^[32] to report to competent authorities (such as the FSA) any suspicious transactions involving criminal proceeds. If a specified business operator fails to comply with this requirement, a competent administrative agency such as the FSA may order the specified business operator to take necessary measures to rectify the violation.^[33]

According to the Penal Code, self-reporting is a factor in reductions to the penalties imposed on individuals.^[34] With the introduction of the new plea bargaining system in 2018,^[35] companies are now able to take advantage of this option by voluntarily reporting the bribery or corruption-related misconduct and agreeing to cooperate with the prosecutors.

Enforcement outcome

There have been a significant number of enforcement cases involving former government officials, or Diet members who had committed domestic bribery, in recent years. Although the Japanese government reported that 12 foreign bribery cases were under formal investigation as of June 2019, in its report, the OECD Working Group criticised Japan for its weak enforcement against foreign bribery.^[36] In response, the Japanese government revised its ‘Guidelines for Prevention of Bribery of Foreign Public Officials’.^[37]

Singapore

Enforcement bodies: their enforcement policies, focus and priorities

The Singapore Attorney General (AG), in his role as public prosecutor, is responsible for all criminal prosecution in Singapore. In practice, officers of the Crime Division of the AG’s Chambers act as deputy public prosecutors and assistant public prosecutors under the authority of the AG to conduct criminal prosecutions. The government agency that investigates ABC offences, and other related offences, under Singapore’s Prevention of Corruption Act 1960 is the Corrupt Practices Investigations Bureau (CPIB). The CPIB has not publicly released its enforcement priorities, but a review of enforcement statistics has shown that 89 per cent of cases registered for investigations in 2021 were from the private sector, with 12 per cent of these involving public sector employees who have rejected bribes offered by private sector individuals.^[38]

The Commercial Affairs Department (CAD) of the Singapore Police Force is primarily responsible for investigating and taking enforcement action in respect of commercial fraud and abuse, including money laundering offences. The CAD may also work with the CPIB or the Singapore Central Narcotics Bureau when the predicate offence involves bribery or corruption, or drug trafficking, respectively. With respect to FIs and financial service providers, the Monetary Authority of Singapore (MAS) is also responsible for investigating potential violations of AML/CTF laws, administering related sanctions (such as monetary penalties for AML/CTF control breaches) and monitoring ongoing AML/CTF compliance. AML/CTF compliance continues to be one of MAS’s enforcement priorities.^[39]

Self-disclosure and reporting

Similar to other APAC jurisdictions, the reporting of a reasonable suspicion of money laundering is a statutory requirement and a failure to do so is a criminal offence.^[40] This requirement is applicable to all persons. Banks and other entities in the regulated industries are also subject to further requirements on customer due diligence, record-keeping and internal controls, and training should follow the relevant industry specific guidelines so as to manage AML/CTF risks. Suspicious transaction reports should also be proactively made as and when required.

Singapore adopts a two-pronged approach for leniency or reduced penalties based on cooperation with investigation authorities, with a distinction drawn between corporate offenders and non-corporate offenders (i.e., individuals). Corporate offenders may be extended deferred prosecution agreements (DPAs),^[41] which, while not applicable to every offence, are available to AML/CTF offences.^[42] Under a DPA, the public prosecutor agrees to hold off prosecution in exchange for the offender’s compliance with certain conditions, which could include requiring the corporate offender to cooperate in any investigation of the underlying offence.^[43] DPAs are nevertheless subject to strict statutory control. For instance, a DPA comes into force only with the approval of the General Division of the Singapore High Court, after the High Court is satisfied that the DPA is in the interests of justice and that its terms are fair, reasonable and proportionate.^[44] Further, the corporate offender must be represented by an advocate at the time it enters into a DPA.^[45]

Self-reporting and cooperation during the course of investigations may be considered as relevant mitigating factors that may help to reduce any sentence that is ultimately imposed by the court.

Enforcement outcome

Singapore has a low number of public sector complaints and a high conviction rate for corruption-related offences,^[46] owing to the CPIB’s active investigative and enforcement actions and the strong commitment of the AG to prosecute these offences. The state ranks fourth in the CPI 2021, and has the highest score of the APAC jurisdictions discussed in this chapter. Singapore also takes a proactive role in investigating foreign bribery cases with Singaporean links by joining the International Anti-Corruption Coordination Centre.^[47] The Attorney General, CAD and MAS also continue to work closely with US authorities in taking action against the FIs and individuals involved in the 1MDB scandal. In terms of AML/CTF enforcement, MAS imposed a total of S$2.4 million in combined penalties against four FIs in 2020–2021.^[48]

Emerging trends

ESG compliance, disclosure and monitoring requirements

Businesses are increasingly subject to compliance relating to environmental, social and governance (ESG) matters and disclosure requirements in a number of jurisdictions in the region. Although listed companies and other large organisations tend to be subject to stricter ESG-related regulations in many jurisdictions, overall market pressure to address ESG has heightened, driven mainly by developments and regulatory enforcement in overseas jurisdictions, such as those led by the US Securities and Exchange Commission. By way of example:

• in Hong Kong, all companies (both public and private) are generally required to disclose their environmental policies and performance in an annual directors’ report, unless they fall within one of the stated exemptions.^[49] For listed issuers, the SEHK recently published an ESG Reporting Guide^[50] and an updated Corporate Governance Code.^[51] The latter, which was updated in January 2022, introduced various board composition and other corporate governance requirements, as well as best practices recommendations, which include guidance on board member matters such as term, independence, diversity and remuneration;
• in Malaysia, all listed issuers are required to include a narrative statement to comply with Bursa Malaysia’s ‘Sustainability Reporting Guide’ in their annual reports; those listed on the Main Market are subject to additional ESG disclosure obligations.^[52] The Malaysian Code on Corporate Governance, targeted at listed issuers but which small and medium-sized enterprises and other non-listed entities are also encouraged to follow, was updated in April 2021 to introduce best practices and guidance on various topics, including the integration of sustainability considerations in business strategy, and board selection and diversity;^[53] and
• in Japan, various environmental protection laws require businesses in certain industries to disclose environmental and climate impact information, such as energy consumption and greenhouse gas emission levels.^[54] The Japanese Corporate Governance Code, which was updated in 2021, broadly requires listed issuers to ‘take appropriate measures to address sustainability issues, including social and environmental matters’ on a comply-or-explain basis; those listed on the Prime Market are subject to additional disclosure requirements concerning climate-related risks.^[55] These environmental disclosure requirements are expected to extend to all FIs and service providers that submit annual securities reports to the FSA after 31 March 2024.^[56]

Regulation of virtual assets

Virtual assets are increasing in popularity in the APAC. A June 2022 report by Accenture noted that 52 per cent of investors in Asia already hold virtual assets and a further 21 per cent expect to invest in them by the end of 2022.^[57] Although regulation of virtual assets still varies greatly across the region, we are seeing significant developments in this space and expect regulatory regimes to become more sophisticated and targeted.

In particular, there have been a number of significant regulatory developments in Hong Kong during the past year affecting the digital assets market. In May 2021, the Financial Services and the Treasury Bureau published its consultation conclusions on extending the SFC’s existing regulatory regime to cover exchanges that offer virtual assets that do not qualify as securities.^[58] It is anticipated that the new regulatory regime will come into effect in late 2022 or 2023. In January 2022, the SFC, the HKMA and the Insurance Authority released comprehensive guidance to FIs, intermediaries and related entities looking to engage in virtual asset-related activities.^[59] In June 2022, the SFC clarified that non-fungible tokens that constitute investment products would also fall within its regulatory scope.^[60]

Singapore has a well-established virtual asset regulatory regime. MAS is the key regulator in this space and is responsible for licensing, regulation and enforcement. The new Singapore Financial Services and Markets Act 2022, which was passed by the Singapore Parliament in April 2022, expanded the scope of MAS’s authority and oversight to cover virtual currency exchanges created in Singapore, even if they only conduct business overseas. The introduction of this Act closes a crucial regulatory gap with respect to these entities, aligning the existing regime with FATF’s enhanced AML/CTF standards.^[61]

Corporate liability

Corporate liability for bribery-related offences is also emerging as a trend in APAC. Although many enforcement regimes apply in principle to both individuals and corporate entities, high standards with respect to requisite criminal knowledge and intent mean that from a practical standpoint, prosecutions are mainly brought against individuals.

In June 2020, Malaysia introduced corporate liability through Section 17A of the Malaysian Anti-Corruption Commission Act 2009. Pursuant to this Section, commercial organisations, their directors and management may be penalised for the corrupt practices of associated persons, such as agents and employees. The only statutory defence available is for the commercial organisation to prove that it had implemented ‘adequate procedures’ to prevent the corrupt practice. The Malaysian Anti-Corruption Commission charged a company and its director under this new corporate liability regime for the first time in March 2021.^[62]

Australia introduced the Crimes Legislation Amendment (Combatting Corporate Crime) Bill into the Australian Senate in December 2019. This Bill contains a new strict liability corporate offence of failing to prevent foreign bribery by an associate of the corporation.^[63] The effect of this is that a corporate body will be automatically liable for foreign bribery committed by agents and employees, unless it can establish that there were ‘adequate procedures’ in place.^[64] The Bill is still under consideration by the Australian Senate at the time of writing, and has not progressed materially since it was introduced in 2019.

Key challenges facing compliance

The challenges in the APAC region will vary depending on the industry and jurisdictions in which companies operate. However, we have set out below three key challenges that have been faced by organisations across the region.

Residual challenges from the pandemic

Although many countries in the region are starting to reopen their borders to the rest of the world, the pandemic has had a lasting effect on companies and compliance matters.

One challenge faced by many companies is managing the risks arising from the disruption to the supply chain and the use of intermediaries. While engaging third parties will always carry some risk, the restrictions on production and mobility have presented additional risks and challenges. These challenges include issues around short staffing or closure of government offices, which may result in providing improper payments to government officials, such as customs authorities, to facilitate movement of products and goods, or falsifying accounting entries of profits and losses to meet sales targets and investor expectations.

The pandemic has also restricted movement around the world, both at a local level, through mandatory remote working arrangements, and at an international level, through travel bans and quarantine policies. Where compliance issues have been identified, companies have faced difficulty in being able to speak easily to involved employees, to gather and examine physical evidence, and to conduct site visits, thereby making it difficult to swiftly investigate and remediate the suspected misconduct.

During the past two years, companies have met this challenge through taking steps to enhance existing controls and processes to mitigate the risks associated with using third parties. Such steps include implementing strong policies and procedures to ensure intermediaries are aware of the company’s standards and position on conduct, as well as undertaking regular risk assessments and audits. Companies have also deployed mechanisms to allow for investigations to occur remotely, including through videoconferencing facilities to conduct interviews and engaging local counsel on the ground to assist. However, the challenges that have arisen because of the pandemic continue and companies should remain vigilant in protecting against these risks.

Navigating conflicting laws and regimes

A further challenge for multinational companies is the extraterritorial application of laws to their business operations. Most jurisdictions generally do not prohibit an organisation from implementing or complying with the laws or restrictions of a foreign jurisdiction, unless the performance of those requirements would offend public policy or otherwise be illegal. For instance, many multinational corporations, including those that are not US-incorporated, adhere to the requirements of US sanctions laws as a result of their contractual obligations towards their FIs or other counterparties, or owing to the possibility that other factors may trigger a jurisdictional nexus (such as the use of US dollars in a transaction that is routed through the US financial system). However, in certain jurisdictions, there are blocking statutes that may affect how multinational corporations and funds are able to ensure compliance with competing legal requirements. For instance, China’s Anti-Foreign Sanctions Law works to counter any unilateral foreign sanctions imposed by foreign states against China.

Similarly, the expansion of the territorial scope of certain data privacy requirements, such as China’s Personal Information Protection Law (PIPL), poses particular challenges from a regulatory enforcement perspective. The PIPL extends China’s ‘long-arm’ jurisdiction towards personal information processing activities that may occur outside China and also provides certain data localisation requirements that may run counter to those of other jurisdictions.

As a result, multinational businesses and investment funds will need to continue implementing appropriate due diligence measures, compliance guidance and contractual protections to ensure that their compliance risks are adequately mitigated and to ensure that they do not inadvertently terminate or otherwise cause damage to a counterparty through their efforts to comply with the requirements of extraterritorial laws.

Corporate accountability and liability

As noted above, companies are facing increased scrutiny of their corporate behaviour, in the form of both changes to corporate liability schemes around the region, and an expansion of the types of liability to which they are exposed. In particular, companies are facing increased scrutiny in respect of ESG and sanctions risks.

The result is that companies are being held to an increasingly higher standard when it comes to ensuring the effectiveness of their compliance programmes. A number of jurisdictions in the region have already introduced, or are intending to introduce, mandatory whistleblowing requirements on certain companies. For example, in Hong Kong, the SEHK has updated its Listing Rules to introduce a code provision for issuers to implement a whistleblowing policy and system for employees and those who deal with the issuer (e.g., customers and suppliers) to raise concerns of impropriety, anonymously and in confidence, with the audit committee or other appropriately designated body. In Japan, amendments have been proposed to the Whistleblower Protection Act, which include a mandatory obligation for companies of a certain size to establish a whistleblowing system, with the aim of ensuring the protection of whistleblowers.

In addition to scrutiny by regulators and authorities, companies are also facing an increasing challenge of potential civil liability. This is particularly evident in the increased enforcement relating to ESG breaches − particularly ‘greenwashing’ and other claims from shareholders and investors relating to misstatements made by the company. As more jurisdictions introduce mandatory ESG reporting obligations, and encourage complaints to be raised, companies face liability from multiple directions.

To meet this challenge, many companies are taking steps to review and enhance their compliance programmes. These steps include reviewing their existing policies and procedures, particularly in relation to corporate governance, ABC, ESG and whistleblowing. This review must not only ensure that the correct policies, standards and controls are in place, but also that any issues identified are properly investigated and remediated. It is no longer sufficient to engage only in a ‘tick box’ exercise of having the documents in place. Companies must ensure that their ethical and compliance standards are being implemented and enforced.

Footnotes