Asia-Pacific Compliance Requirements

This is an Insight article, written by a selected partner as part of GIR's co-published content. Read more on Insight

This chapter provides an overview of the legal and regulatory landscape in the Asia-Pacific region in relation to four key areas of compliance, namely bribery and corruption, money laundering (ML), sanctions and modern slavery. It highlights the criminal liability and regulatory risks in relation to each, the fundamental components of an effective compliance framework, as well as forthcoming developments.

This chapter focuses on the requirements and risks in Asia-Pacific, while the enforcement landscape is discussed in Chapter 6 on ‘Asia-Pacific Compliance Enforcement’. Businesses should keep themselves conversant and up to date with the legal and regulatory requirements that apply to them in the jurisdictions in which they operate, as well as any requirements in other jurisdictions that may have an influence owing to their extraterritorial reach. The ever-increasing volume and complexity of laws and regulations mean that it is all the more important to have rigorous systems and controls in place that are regularly reviewed for effectiveness and alignment with the latest legal and regulatory position.

Bribery and corruption

Criminal liability risks

The anti-bribery criminal regimes in Asia-Pacific vary, with some placing more focus on the bribery of public officials rather than bribery within the private sector. Hong Kong, Singapore and Australia, for example, prohibit demand and supply side bribery in both the public and private sectors. On the other hand, jurisdictions such as Indonesia, Japan and India focus on the bribery of public sector officials.

Both individuals and corporates can be held liable for bribery under most laws. In Hong Kong and Singapore, however, prosecutions have in practice focused on individuals. This has also been the case in Indonesia until several years ago, when the authorities took steps to increase the focus on corporate liability, resulting in the naming of a corporate suspect for the first time in 2017.[2]

The primary penalties for bribery offences are imprisonment and fines. Other consequences include orders that the convicted party disgorge the profits obtained (e.g., in Hong Kong[3] and Singapore[4]) or be prohibited from taking or continuing employment for a specified period (e.g., in Hong Kong[5]).

Many of the criminal laws do not prescribe thresholds for acceptable gifts, entertaining, travel or training. However, it is common for governments to issue guidance as to what is acceptable for public officials or civil servants,[6] a breach of which may result in disciplinary action. Certain private sector industries may also adopt codes of practice.[7]

While Indonesia’s bribery laws prohibit anything offered with corrupt intent or ‘on account of’ a public official’s office regardless of value, an evidentiary rule that requires the public prosecutor to prove that a benefit valued under 10 million rupiahs is a bribe means that prosecutions are more likely to be initiated if the benefit exceeds 10 million rupiahs, and the burden of proof shifts to the defendants to prove that the benefit provided does not constitute a bribe.

In Hong Kong, the principal bribery legislation[8] specifically carves out the provision of food and drink-based entertainment from the definition of ‘advantage’.

A direct or specific benefit in return for a bribe may not always be required to establish bribery. For example, in Hong Kong and Singapore, bribery may comprise advantages (or sweeteners) offered to build a store of goodwill to provide a basis for future corrupt demands.

If a bribery offence focuses on the offer or solicitation or acceptance of a bribe, it does not usually matter that the offer is not followed through (i.e., the bribe was not in fact given as offered) or that the bribe was returned. However, it may be relevant as a mitigating factor at the sentencing stage, for example in Hong Kong and Japan.

In addition, in jurisdictions such as Hong Kong, Singapore, Indonesia, Australia and India, indirect bribery through intermediaries or third parties can constitute an offence.

It is also important to note that terms such as ‘public body’ or ‘civil servant’ for the purposes of public sector bribery can be very broadly defined and may include private companies that perform public functions (and their employees).

In general, there are limited defences for bribery. In Hong Kong, an informed consent given by the bribe recipient’s principal or employer may be a defence for both the offeror and recipient of the bribe. In some jurisdictions, such as Australia and India, defences are available for corporates that had exercised due diligence or had in place adequate compliance procedures to prevent bribery.[9]

Many criminal regimes include extraterritorial aspects, such as provisions that apply to the jurisdictions’ citizens regardless of where they are located (e.g., India, Singapore, Japan and Australia) or provisions involving offers of bribes to the jurisdiction’s public servants regardless of where they are made (e.g., Hong Kong and Indonesia). A number of jurisdictions also prohibit bribery of foreign officials (e.g., Hong Kong, Singapore, Japan and Australia).

Finally, bribery-related offences may also be provided for in industry-specific legislation.[10]

Regulatory risks

Although bribery and corruption are primarily dealt with under criminal regimes, there are likely to be other consequences for regulated entities and individuals. The following are examples.

Implications on regulatory licences and other regulatory consequences

A bribery conviction may result in a revocation or suspension of a regulatory licence[11] on the basis that the individual or entity is no longer fit and proper to be licensed to conduct regulated activities. In addition, breaches of regulatory codes and guidelines as a result of bribery activities may give rise to other regulatory consequences.[12]

Breach of directors’ duties and responsibilities

A failure to take reasonable steps to prevent, detect, investigate and respond to potential bribery and improper payment issues may constitute a breach of directors’ duties. For example, in Australia, directors who fail to make adequate enquiries as to the legitimacy of proposed payments to foreign public officials, or who fail to prevent the payment of bribes, may breach the statutory duty to exercise care and due diligence.[13]

A director of a Hong Kong-listed (or formerly listed) corporation may be disqualified for up to 15 years if he or she was involved in conducting the business or affairs of the corporation in a manner that is oppressive or unfairly prejudicial to its shareholders or involving fraud or other misconduct towards the corporation or its shareholders.

Disclosure obligations

A bribery investigation, charge or conviction may trigger regulatory disclosure obligations.

In jurisdictions where there is a securities exchange, listed companies are generally required to disclose to the public any information concerning them that a reasonable person would expect to have a material effect on the price or value of their securities. This is likely to include, for example, the fact that a director of a listed company has been convicted of bribery.

Regulated financial institutions commonly have disclosure obligations. For example, in Hong Kong, a licensed firm is required to report specified events to the Securities and Futures Commission immediately upon the events taking place, including material breaches (whether by itself or the persons it employs or appoints) of any law, rules and regulations. Financial institutions in Singapore are required to lodge a report with the Monetary Authority of Singapore when they become aware of misconduct committed by their representatives or broking staff, such as acts involving fraud or dishonesty (among others).

Key elements of an effective compliance framework

The key components of an effective anti-bribery and anti-corruption (ABC) compliance framework include the following:

  • Board and management-level commitment and messaging: This includes establishing a clear ‘tone from the top’ to foster an ethical culture as well as committing sufficient resources to ABC compliance. In some jurisdictions, local culture may mean that there are concerns that business will be lost if bribes are not paid.
  • Risk assessment: This includes implementation of frequent, rigorous risk assessment procedures, such as identifying dealings in or with high-risk jurisdictions or sectors, with foreign public officials, agents, vendors, customers and business partners, and how financial transactions are executed and documented.
  • Measures for managing conduct of third parties: These include conducting due diligence on agents and intermediaries, requiring them to implement adequate ABC measures as a condition of engagement, requiring appropriate ABC clauses in third-party contracts, and seeking evidence of ABC compliance by third parties. These measures should be commensurate with the risks involved. Controlling the conduct of overseas third-party agents and intermediaries (such as those with direct dealings with governments on behalf of the company) can be challenging.
  • Robust and independently reviewed ABC policies: These include policies and procedures relating to gifts, hospitality, expenses, sponsorships and political and charitable donations. They should be easy to understand and readily accessible to employees. For multinational companies, care should be taken in appropriately defining the scope of acceptable gifts and other benefits in a manner that complies across jurisdictions.
  • Embedding of policies: This includes effective communication of the policies, as well as ongoing training for employees that is customised for different roles, business functions and jurisdictions, with regular refresher training and mechanisms to ensure that employees have completed the requisite training.
  • Measures to maximise compliance: These include linking employee incentives and bonuses to compliance (and not just financial performance), having designated employees to provide advice internally should an employee be unclear about the application of policies, putting in place a confidential whistleblowing system and disciplinary procedures for breaches, and conducting internal and external periodic audits of the company’s ABC compliance.
  • Continuous improvement: The effectiveness of the ABC compliance programme should be reviewed via periodic testing, evaluation and employee feedback to identify weaknesses and areas for improvement.
  • Record-keeping: It is important to ensure proper records are kept so that the company can demonstrate ABC compliance, for example, written evidence of consent from an employer prior to its employee receiving a gift (which may assist in establishing a defence to suspected bribery in some jurisdictions), records of due diligence conducted on agents, and adequate financial and other records to demonstrate that adequate measures have been implemented to ensure compliance.

Trends and developments

Corporate liability

In recent years, Indonesia has stepped up its capability in pursuing corporates for bribery and corruption by issuing guidelines on the factors that courts will take into account when determining corporate liability as well as providing training to prosecutors, investigators and the police in handling corporate corruption. As mentioned above, this led to the naming of the first corporate suspect in 2017. The guidelines on determining corporate liability have recently been put on a statutory footing by being subsumed into the newly enacted Indonesian Criminal Code, which also includes sentencing guidelines when determining the penalty to be given to a company found liable for bribery.[14]

Australia is amending its laws[15] to introduce a new offence of a body corporate failing to prevent bribery of a foreign official by its associate for the corporate’s profit or gain. A defence has been proposed where a body corporate can demonstrate that it has adequate procedures in place to prevent the bribery from occurring.

Other developments

Australia is amending its laws[16] to broaden and clarify the offence of bribery of a foreign official, including (among other things) removing the requirement that the foreign official must be influenced in the exercise of his or her duties and changing the operative act from providing a benefit or business advantage that is ‘not legitimately due’ to ‘improperly influencing’ a foreign public official.

Japan’s amended Whistleblower Protection Act, which took effect on 1 June 2022, requires business operators with more than 300 employees to create a system for responding to whistleblower reports, and others to make their best efforts to create such a system. The amended Act also enhances protection for whistleblowers by exempting them from civil liability for damage caused to the business, and expands the scope of that protection to include executives and former employees.

Sri Lanka has introduced a new bill that, if passed, will introduce private sector bribery offences (currently only public sector bribery is covered).

Money laundering

Criminal liability and regulatory risks

Money laundering offence

In broad terms, ‘money laundering’ refers to acts (usually multiple transactions) that are intended to have the effect of making proceeds from criminal activity appear to have originated from a legitimate source – in other words, laundering ‘dirty’ money or property to make it look ‘clean’.

ML is a criminal offence in most jurisdictions. The actions that are taken to launder the proceeds of criminal activity are usually broadly defined and include, for example, receiving, acquiring, possessing, using, concealing, disguising, disposing of, converting, or importing or exporting the money or property forming the proceeds. The range of criminal activity covered (known as predicate offences) is also broad, usually only excluding relatively minor criminal offences. In addition, the predicate offences will often extend to conduct that occurred overseas and that constitutes an offence in the overseas jurisdiction or that would have constituted a predicate offence had it occurred domestically.

In Hong Kong, for example, it is an offence to deal with property knowing, or having reasonable grounds to believe, that it represents (directly or indirectly) proceeds of drug trafficking or other indictable offences.[17] It is also an offence to deal with property knowing that, or being reckless as to whether, it is terrorist property.[18]

In many of the Asia-Pacific jurisdictions, both individuals and corporates can be liable for ML offences. Some have specific corporate offences (e.g., Indonesia) or separate penalties for corporates (e.g., Singapore and Australia). In jurisdictions such as Hong Kong, however, prosecution of ML, in practice, is primarily directed at individuals, even though the law allows corporates to be prosecuted. Having said that, many jurisdictions also impose requirements relating to anti-money laundering and counter-terrorist financing (AML/CTF) measures on certain types of corporates whose businesses give rise to higher risks of ML or terrorist financing (TF) (see ‘AML/CTF requirements’, below).

The primary penalties for ML offences are imprisonment and fines. In some jurisdictions, there may be other consequences, such as suspension of (all or some of) the business activities, revocation of business licences and dissolution of corporates that are convicted of ML in Indonesia. Confiscation or forfeiture of property may also be ordered in many jurisdictions, in some cases prior to conviction.

Reporting of suspicious transactions

Reporting of suspicious transactions is a part of AML/CTF regimes in many jurisdictions. In some, such as Hong Kong, Singapore and Japan, a failure to report constitutes a criminal offence. In Hong Kong, where a person knows or suspects that any property directly or indirectly represents proceeds of, or was (or is intended to be) used in connection with an indictable offence or drug trafficking, or where a person knows or suspects that any property is terrorist property, he or she must disclose that knowledge or suspicion (in the form of a suspicious transactions report) to an authorised officer as soon as it is reasonable to do so.[19]

In certain other jurisdictions, such as Australia, a failure to report suspicious matters gives rise to civil consequences only, such as civil pecuniary penalties (which can be significant in size), enforceable undertakings and remedial directions.[20]

Tipping off

Some jurisdictions (e.g., Hong Kong, Singapore, Indonesia and Australia) criminalise the tipping off of the filing of a suspicious transactions report or an investigation relating to ML or related offences. This is to prevent such actions from prejudicing the investigation. In other jurisdictions, such as India, tipping off results in civil liability only.[21]

AML/CTF requirements

Regulatory requirements on AML/CTF are largely driven by guidance from the Financial Action Task Force (FATF), which sets the global standard for AML/CTF. The primary standards are the FATF Recommendations,[22] which member jurisdictions are required to implement through measures adapted to their circumstances.

In compliance with the FATF Recommendations, many jurisdictions impose detailed AML/CTF requirements (via legislation) on industries whose businesses give rise to higher ML/TF risks, such as those involving financial institutions, payment service providers, trust or company service providers, estate agents, accounting professionals, legal professionals, casino operators, dealers in precious metals and stones, and more recently, virtual asset service providers (VASPs).

The relevant industry regulators or professional bodies generally issue guidance on compliance with these legislative requirements.[23] Breach of the requirements may give rise to criminal or regulatory consequences (or both), depending on the jurisdiction.

In Hong Kong, for example, there are detailed legislative requirements[24] on customer due diligence (CDD) and record-keeping for financial institutions and designated non-financial businesses and professions (DNFBPs) (which currently include trust or company service provider licensees, estate agents, legal and accounting professionals and certain dealers in precious metals and stones):

  • Apart from complying with these individual requirements, financial institutions and DNFBPs are also required to take all reasonable measures to ensure that proper safeguards exist to prevent a contravention of the requirements and to mitigate ML/TF risks.
  • They should also ensure that their branches and subsidiary undertakings that carry on the same business overseas have procedures in place to ensure compliance with similar requirements (to the extent permitted by the law of the overseas jurisdiction).
  • Breach of the requirements will usually lead to disciplinary action by the relevant regulator or professional body, except where financial institutions (or their management or employees) knowingly contravene the requirements or contravene the requirements with an intent to defraud, which will constitute a criminal offence.

Australia’s AML/CTF legislation[25] applies to corporations that provide ‘designated services’ with a geographical link to Australia. Designated services include a wide range of activities engaged in by entities in the financial services, bullion, gambling and digital currency exchange sectors. Detailed AML/CTF obligations apply, including (among other things):

  • adopting and maintaining a compliant AML/CTF programme that identifies, mitigates and manages ML/TF risks and addresses aspects such as risk assessment, CDD, ongoing CDD, transaction monitoring, governance and oversight; and
  • complying with other requirements such as those relating to reporting, record-keeping and specific areas, including remittance and correspondent banking.

Breach of the above requirements may give rise to civil or regulatory consequences, such as civil pecuniary penalties, enforceable undertakings and remedial directions. There are also provisions under the legislation that give rise to criminal liability, such as making or possessing a fake document to use in a customer identification procedure.

Other regulatory consequences

ML and related criminal offences may give rise to other consequences for regulated entities and individuals, such as implications on regulatory licences, regulatory enforcement action, disclosure obligations and consequences for company directors, depending on the facts of the case. See ‘Regulatory risks’ under ‘Bribery and corruption’, above.

Key elements of an effective compliance framework

The key components of an effective compliance framework for financial institutions and other entities that are subject to AML/CTF requirements (in addition to criminal liability) include the following (where applicable):

  • Board and management-level commitment and oversight: This includes establishing a clear ‘tone from the top’ regarding the importance of AML/CTF measures, committing sufficient resources to AML/CTF compliance and training, and maintaining adequate oversight (including through experienced dedicated officers or teams).
  • Risk assessment: The FATF Recommendations advise adopting a risk-based approach in tackling ML/TF (i.e., applying preventative measures that are commensurate with the nature and level of risks), so that resources can be allocated in the most effective way. Entities should put in place procedures for assessing institutional risk as well as the risks associated with a proposed customer or business relationship, which may include risks in respect of jurisdiction, customer, product, service or transaction, and delivery and distribution channel. This will inform the policies and procedures that should be implemented to manage these risks.
  • Robust and independently reviewed policies: Policies and guidance should be put in place with regard to different types of customers, business relationships, products and transactions, covering aspects such as identity verification and other CDD measures (standard, simplified and enhanced), politically exposed persons, continual monitoring, suspicious transactions reporting (including examples of red flags), prohibition against tipping off, screening for terrorist suspects and sanctioned parties, and specific risks such as those relating to wire transfers and third-party deposits and payments. The policies and guidance should be easy to understand and readily accessible to employees.
  • Resourcing: Entities should ensure that there are sufficient personnel (with adequate skills and experience) to manage and implement the necessary processes. This can be a challenge for high-volume businesses. They may retain external expertise for some of the processes but must ensure that there is adequate oversight of the work of the service providers. Technology (including artificial intelligence) may also be deployed to improve the accuracy and efficiency of processes, such as risk assessment, client identity verification and other CDD procedures, including detecting changes in client statuses.
  • Record-keeping: It is important to ensure proper records are kept in accordance with legal and regulatory requirements so that the entity can demonstrate its compliance; for example, risk assessment records, CDD information, transaction records, suspicious transactions reports filed (as well as internal discussions and assessments), database of terrorist suspects and sanctioned parties (and records of screening against the database), staff training records, and internal and external audits of the effectiveness of AML/CTF policies and procedures. The use of technology in compliance processes may assist with better record-keeping.

See also ‘Key elements of an effective compliance framework’ under ‘Bribery and corruption’, above. The considerations relating to embedding of policies, measures to maximise compliance and continuous improvement also apply here.

Trends and developments

Combating ML and TF has been a long-standing priority of regulators and law enforcement bodies globally. It is likely to remain high on the regulatory agenda in the foreseeable future, particularly as new modes of criminal activity arise in light of digitisation and technological innovation, which may have further accelerated as a result of the covid-19 pandemic.

The FATF has jurisdictional and regional members, as well as associate members (i.e., FATF-style regional bodies that assist with ensuring the implementation of the FATF Recommendations). One such regional body is the Asia/Pacific Group on Money Laundering, which also assists the FATF with conducting reviews of its members in the Asia-Pacific region in respect of their compliance with the FATF Recommendations (referred to as ‘mutual evaluations’).

As a result of these mutual evaluations and regular enhancements to the FATF Recommendations, the AML/CTF regimes in member jurisdictions are required to be updated to keep pace with international standards.[26] In response to the 2021 FATF Mutual Evaluation Report, which recommended that Japan strengthen its AML measures, Japan amended its ML laws in 2022 to increase the statutory penalties to imprisonment for up to 10 years and fines of up to ¥5 million.

Jurisdictions in Asia-Pacific are also updating their AML/CTF regimes to comply with the FATF Recommendation to license or register VASPs and subject them to the full range of AML/CTF obligations that apply to financial institutions and DNFBPs. Hong Kong amended its laws in June 2023 to introduce a VASP licensing regime, and Singapore is in the process of amending its laws to introduce or enhance their regulatory regimes in respect of VASPs.[27] The use of virtual assets (also referred to as digital assets, crypto assets, etc.) has evolved and expanded rapidly in recent years and is moving into mainstream finance.


Criminal liability risks

Many Asian jurisdictions do not have an autonomous sanctions regime and only implement United Nations (UN) sanctions, which include (among other things) financial and trade-related sanctions.

Hong Kong only implements UN sanctions. This is generally also the case for Singapore, although Singapore has imposed additional sanctions in response to the Russia–Ukraine conflict. The restrictions are limited compared with the wide-ranging sanctions imposed by Western jurisdictions such as the United States, the European Union and the United Kingdom. They include:

  • bans on the transfer of military-use, dual-use or strategic goods to Russia; and
  • restrictions on financial institutions in Singapore against becoming involved in dealings with certain Russian banks, or the provision of financial assistance with regard to transactions that facilitate fundraising by the Russian government or transactions benefiting certain sectors in the Donetsk and Luhansk regions.

Japan’s sanctions regime is largely based on the implementation of UN sanctions or imposing sanctions in coordination with other countries, such as the United States and EU Member States. However, Japan has also been imposing (limited) autonomous sanctions. The types of sanctions that apply can be broadly categorised into:

  • freezing of assets of, and prohibition on dealings with, designated persons or entities;
  • import and export controls;
  • comprehensive embargoes on dealings with particular countries or regions (such as North Korea and certain restricted regions in Ukraine); and
  • international money transfers.

Although Indonesia is a member of the UN, it does not always enforce UN sanctions.

Australia implements both a UN sanctions regime and an autonomous sanctions regime, the latter of which allows the imposition of sanctions without reference to a UN decision.

The sanctions regimes are generally set out in legislation and subsidiary legislation. Guidance on the meaning and application of the sanctions laws tend to be limited, although it may be possible to obtain an assessment or verbal (non-binding) guidance from the authorities in some jurisdictions. In Australia, a commercial organisation can apply for an indicative assessment from the Australian Sanctions Office.

Most jurisdictions will have import and export controls in place that are distinct from sanctions.

The breach of sanctions results in criminal liability. This is fairly uniform across jurisdictions. Depending on the jurisdictional reach, criminal liability may attach to companies (if incorporated or located in the relevant jurisdictions) or to individuals who are nationals of or resident in the relevant jurisdictions, and may result in fines or imprisonment. In Hong Kong, the maximum penalty under the United Nations Sanctions Ordinance is an unlimited fine and imprisonment for seven years.

There may also be provisions for administrative penalties in addition to criminal penalties. For example, in Japan, the authorities may impose an export or import ban of between one and three years on companies that have breached trade sanctions.

Regulatory risks

Sanctions compliance for regulated industries tends to form part of the broader AML/CTF requirements that apply to those industries. Sanctions breaches may therefore result in regulatory consequences similar to those highlighted under ‘Money laundering’, above.

In addition to maintaining a database of sanctioned parties for screening purposes to ensure compliance with sanctions laws, financial institutions, for example, may also be subject to reporting obligations. They may be required to report any suspicions that exports or imports violate economic sanctions (e.g., in Japan), or any assets held that are directly or indirectly owned by a sanctioned person (e.g., in Singapore).

Financial regulators will often provide more prescriptive guidance with regard to compliance processes to be put into place to ensure that sanctions are adhered to, such as guidance issued by the Ministry of Finance and the Financial Services Agency in Japan and the Monetary Authority of Singapore on screening of customers and beneficial owners.

Key elements of an effective compliance framework

The elements discussed under ‘Money laundering’, above, in respect of an AML/CTF compliance framework encompass sanctions compliance.

Specifically, apart from implementing effective sanctions screening processes, entities should, in appropriate circumstances, ensure that the conduct of intermediaries and other third parties is appropriately managed and mitigated, for example:

  • ensuring that suppliers or customers have adequate policies and procedures in place to manage their own sanctions risk; and
  • including representations and undertakings in agreements with them confirming that there have been and will be no dealings with sanctioned parties, and that goods purchased or sold were not purchased from sanctioned parties or will not be sold on to sanctioned parties.

Where there is a risk of contravening a sanctions law, entities should take timely action, including seeking authorisation where available and appropriate.

Having compliance processes in place may be taken into account by the authorities when considering whether to hold an entity accountable for a sanctions breach, or may at least be considered as mitigating factor. Having said this, there are jurisdictions in which liability for a sanctions breach is strict (e.g., Singapore).

Sanctions can be challenging as they can change rapidly, as can be seen in the sanctions imposed in response to the Russia–Ukraine conflict. An entity’s long-term arrangements may become prohibited, without notice, under sanctions laws.

Assessing sanctions risk in relation to a regime with broad jurisdictional reach can also be challenging. For example, Australian companies and Australian citizens are subject to Australian sanctions laws wherever they are located.

Further, although an organisation will want to ensure that it complies with the sanctions regime of its ‘home jurisdiction’, it may also need to be aware of and follow developments under other sanctions regimes with broad jurisdictional reach (in particular, the US sanctions regime).

Trends and developments

Although many jurisdictions across the Asia-Pacific region are less active in imposing sanctions than their counterparts in the West, there are pockets of activity that are worth monitoring. In particular, it is expected that jurisdictions that are more closely aligned to the United States (such as Japan, Singapore and Australia) may continue imposing sanctions as result of the Russia–Ukraine conflict. The autonomous sanctions regime in Australia has been constantly evolving in light of this conflict.[28]

In addition, mainland China has been active in putting in place a regime that provides for the blocking of foreign sanctions and enables it to impose counter-sanctions (such as in response to US sanctions), and there is an expectation that further sanctions may be put in place both against mainland China and as counter measures by mainland China in light of geopolitical tensions between the United States and China.

Modern slavery

Criminal liability risks

In addition to the crime of holding a person in conditions of slavery or servitude, other criminal offences that are often understood as amounting to ‘modern slavery’ include forced labour, child labour, human trafficking and forced marriage. Related criminal offences include prohibitions on conduct often associated with modern slavery, such as deceptive recruitment practices, retention of passports or travel documents, and punishment of employees through means of fines.

Transacting in goods or services produced using forced labour may constitute ML in some Asia-Pacific jurisdictions, for example in Malaysia and Australia.

In general, forced labour and related offences will attract penalties, including significant periods of imprisonment or fines (or both).

Regulatory risks

Under Australia’s Modern Slavery Act 2018, Australian entities and foreign entities carrying on business in Australia with consolidated revenue of at least A$100 million are required to prepare and submit an annual modern slavery statement describing the risks of modern slavery practices in the operations and supply chains of the reporting entity and providing certain other prescribed information.

At present there are no penalties for failure to comply with the Modern Slavery Act. However, failure to take adequate steps to manage modern slavery risks or involvement in modern slavery may, in addition to the risk of criminal prosecution, expose directors and companies to regulatory penalties or enforcement action under general corporations legislation both in Australia and in other Asia-Pacific jurisdictions.

Australia is the only jurisdiction in the region to have imposed a mandatory reporting obligation specifically in relation to modern slavery. However, numerous Asia-Pacific jurisdictions have introduced sustainability and environmental, social and governance disclosure and reporting obligations, and in that context have provided guidance on disclosures concerning modern slavery risk.

The Australian government has published guidance relating to the Modern Slavery Act 2018.[29] Although primarily intended to assist reporting entities to comply with the reporting obligations imposed by that legislation, the guidance also contains recommendations on actions that may be taken to assess and address modern slavery risk, including through undertaking human rights due diligence. In this regard, the guidance refers in particular to the Organisation for Economic Co-operation and Development ‘Guidelines for Multinational Enterprises’ and the UN ‘Guiding Principles on Business and Human Rights’.

The International Labour Organization has also published guidance for employers and businesses to strengthen their capacity to address the risk of forced labour and human trafficking in their own operations and in global supply chains.

In late 2021, the Stock Exchange of Thailand published modern slavery risk guidance for Thai companies.[30] In September 2022, the government of Japan published guidelines on human rights due diligence, which are addressed to any entity conducting business in Japan. The guidelines cover all internationally recognised human rights but highlight that businesses should be especially aware of risks to human rights in the areas of forced labour and child labour, freedom of association, collective bargaining, discrimination and freedom of movement and residence.[31]

Key elements of an effective compliance framework

Effective management of modern slavery risk requires having adequate policies and processes in place that cover operations and supply chains. Due diligence and risk management in supply chains requires engagement with suppliers, and gathering accurate and timely information for risk assessment purposes is often challenging. In particular, the nature of modern slavery means it can be difficult to detect.

Because modern slavery may entail a range of criminal conduct in more than one jurisdiction, the appropriate response when an organisation has suspicion or knowledge of such conduct requires careful consideration. Sectors and workplaces exposed to modern slavery risk may also present other compliance risks, including in relation to occupational health and safety.

Trends and developments

In May 2023, the Australian government published a report outlining recommendations for reform of the Modern Slavery Act 2018 based on an independent statutory review process.[32] The report makes 30 recommendations for the government’s consideration, many of which seek to align the Act with overseas regulatory trends for enhanced human rights due diligence, supply chain transparency and penalties to support corporate accountability. The recommendations include the introduction of a requirement for a mandatory due diligence system and the introduction of penalties for failing to report, making knowingly misleading reports or failing to have a due diligence system.

The government has not yet confirmed its position in relation to the recommendations; however, it has previously indicated that it supports the introduction of penalties and has expressed support for a mandatory due diligence obligation (in some form). Employers should also be aware of recent proposals for the criminalisation of ‘wage theft’, increases to the maximum civil penalties for wage exploitation-related provisions, and reforms to the sham arrangements provisions, in the Fair Work Act 2009 (Cth).

In July 2023, the New Zealand government announced that it would introduce modern slavery legislation, which, similar to the Australian regime, would impose reporting obligations, with penalties for non-compliance.[33]

More recently, on 1 September 2023, the Act on Human Rights and Environmental Protection for Sustainable Business Management was proposed to the Korean congress. This is the first mandatory human rights and environmental due diligence bill proposed in Asia.[34]


[1] Kyle Wombolt is a global head, Pamela Kiesselbach is a global practice manager, Valerie Tao is a professional support lawyer and Antony Crockett is a partner at Herbert Smith Freehills. The authors wish to thank Leon Chung, Bryony Adams, Danielle Briers, Kayla Laird and Daniel O’Neil of Herbert Smith Freehills, and Debby Sulaiman, Tedy Rachmanto and Rizky Putra of Hiswara Bunjamin & Tandjung for their contributions to this chapter.

[2] A publicly listed company was named a suspect concerning alleged corruption in the construction of a state university hospital in Bali in 2010. More information can be found in this briefing: Herbert Smith Freehills, ‘Indonesian Authorities Invoke Corporate Liability Provisions for the First Time’, 19 July 2017, (accessed 11 September 2023).

[3] Under the Prevention of Bribery Ordinance (Hong Kong).

[4] Under the Prevention of Corruption Act (Singapore).

[5] Under the Prevention of Bribery Ordinance (Hong Kong).

[6] For example, Hong Kong’s Civil Servant’s Guide to Good Practices and Japan’s National Public Service Ethics Code.

[7] For example, the Singapore Association of Pharmaceutical Industries’ Code of Conduct (2023 Revision) ascribes maximum values for various categories of hospitality and gifts.

[8] Prevention of Bribery Ordinance (Hong Kong).

[9] Australian courts have not considered the meaning of ‘due diligence’ in the context of prevention of bribery and corruption, nor has any clear guidance been issued on the meaning of this expression. Based on jurisprudence and guidance relating to similar defences, the following factors may be relevant in establishing a defence of ‘due diligence’: whether the body corporate has (1) put in place internal procedures to minimise the risk of its officers or agents committing bribery or corruption offences, including robust risk assessment procedures in connection with new business relationships, gifts and entertainment expenses, dealings with public officials and dealings in high-risk jurisdictions, (2) provided adequate resources to enable such procedures to be properly implemented, and (3) put in place processes to monitor and periodically audit compliance with its anti-bribery and anti-corruption policies.

[10] For example, Hong Kong’s Banking Ordinance makes it an offence for a director or employee of a regulated institution to solicit or accept gifts, commissions or other things of value in return for procuring an advantageous financial arrangement from the institution.

[11] For example, a licence issued by the Hong Kong Securities and Futures Commission to carry out securities and futures-related regulated activities, and an Australian financial services licence issued by the Australian Securities and Investments Commission.

[12] For example, Regulation No. 17/POJK.04/2022 (Code of Conduct for Investment Managers), issued by the Financial Services Authority of Indonesia (Otoritas Jasa Keuangan (OJK)), prohibits acceptance of gifts or benefits by directors and other officers and employees of investment managers that conflicts with the customers’ interests or with the investment managers’ obligations towards customers. Breach of the prohibition may give rise to administrative sanctions by the OJK, such as written warnings, fines, restriction or suspension of business activities and revocation of licences or approvals.

[13] This may result in a criminal conviction, pecuniary penalties, personal liability to compensate the company or others for loss or damage, and disqualification from managing companies.

[14] The new Indonesian Criminal Code was promulgated on 2 January 2023 and is due to come into effect in January 2026.

[15] The amendments are contained in the Crimes Legislation Amendment (Combatting Foreign Bribery) Bill 2023 (Cth), which is yet to be passed.

[16] id.

[17] Under the Organised and Serious Crimes Ordinance and the Drug Trafficking (Recovery of Proceeds) Ordinance (Hong Kong).

[18] Under the United Nations (Anti-Terrorism Measures) Ordinance (Hong Kong).

[19] As required under Hong Kong’s Organised and Serious Crimes Ordinance, Drug Trafficking (Recovery of Proceeds) Ordinance, and United Nations (Anti-Terrorism Measures) Ordinance.

[20] Anti-Money Laundering and Counter-Terrorism Financing Act (Cth) (Australia).

[21] For example, under the Reserve Bank of India’s Master Direction – Know Your Customer (KYC) Direction, 2016 (updated on 4 May 2023).

[22] International Standards on Combating Money Laundering and the Financing of Terrorism and Proliferation – the FATF Recommendations (updated in February 2023).

[23] For example, the Hong Kong Monetary Authority’s Guideline on Anti-Money Laundering and Counter-Financing of Terrorism (For Authorised Institutions), the Singapore Council for Estate Agencies’ Guide on Estate Agents (Prevention of Money Laundering and Financing of Terrorism) Regulations 2021, the Law Council of Australia’s Anti-Money Laundering Guide for Legal Practitioners, and the various guidance notes published by the Australian Transaction Reports and Analysis Centre.

[24] Under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Hong Kong).

[25] Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (Australia).

[26] For example, in Australia, legislative amendments have been proposed to simplify and modernise the AML/CTF regime and expand it to cover certain services provided by lawyers, accountants, trust and company service providers, real estate agents and dealers in precious metals and stones. It is also proposed that a public register be established, containing information about the ultimate beneficial ownership of companies and certain other legal persons and arrangements. The amendments are yet to be passed.

[27] Hong Kong is also exploring a separate regulatory regime for activities relating to payment-related stablecoins, which will include AML/CTF and other requirements. Singapore is introducing legislative amendments to expand the scope of digital payment token services that will be subject to licensing and AML/CTF requirements under its payment services legislation, and to extend the regulation of digital token service providers to those that are created in Singapore but do not provide any digital token services in Singapore (to be licensed and subject to AML/CTF requirements under separate legislation). These changes have yet to come into effect.

[28] The Australian government has previously stated its intention to move closely in step with key allies (the United States, the United Kingdom and the European Union) in imposing sanctions against Russia. Since the Labor government won the 2022 federal election, sanctions continue to be imposed where deemed necessary in coordination with international partners.

[29] Australian Government Attorney-General’s Department, ‘Resources’, (accessed 11 September 2023).

[30] Stock Exchange of Thailand, Walk Free, and Finance Against Slavery & Trafficking, ‘Guidance on Modern Slavery Risks for Thai Businesses’, 2021.

[31] Antony Crockett, Joel Rheuben, Nina O’Keefe and Jefferi Hamzah Sendut, ‘Japan publishes guidelines on corporate human rights due diligence’, Herbert Smith Freehills, 20 September 2022, (accessed 11 September 2023).

[32] Tim Stutt and Zulema Townsend, ‘Australian Modern Slavery Act to Move into a New Phase?’, Herbert Smith Freehills, 26 May 2023, (accessed 11 September 2023).

[33] Hon Carmel Sepuloni, ‘Govt prescribes daylight disinfectant to modern slavery’, New Zealand Government, 28 July 2023, (accessed 11 September 2023).

[34] ‘S. Korea: First Mandatory Human Rights and Environmental Due Diligence (mHREDD) bill in Asia proposed by lawmakers’, Business & Human Rights Resource Centre, 10 September 2023, (accessed 11 September 2023).

Unlock unlimited access to all Global Investigations Review content