Asia (Other)

Screenshot 2019-09-11 at 2.05.35 PMPublished in Asian-mena Counsel: Sanctions & Investigations Special Report 2019


How to respond effectively and recover from disruptive investigations, by John Macpherson and Tung Jung Tan of Control Risks.


Screenshot 2019-09-11 at 3.00.42 PMInvestigating allegations of compliance breaches is an expensive affair. Employee and third-party malfeasance remain a costly budget item on P&Ls across Asia, whether it is corruption or fraud; conflicts of interest; data breaches or IP theft; sanctions violations; or allegations of ethical and behavioural misconduct.

While companies account for direct costs — forensics and data analytics, legal and consultancy fees, in-house resources and time — for many, capturing the true cost of investigations remains unknown. Indirect costs, which can include interruption to customer relationships, disruption in the supply and distribution chain, loss of productivity, loss of market share and significant reputation damage, are often not realised until after the investigation. They are the costs of implementing investigation outcomes; of terminating employee contracts; of finding new third parties, of having to rebuild relationships with customers; or finding new ways of differentiating from competitors. The simple fact is, even investigations that do not end up getting an unexpected knock on the door from corporate regulators are a business disruption. In some cases, they are an uncontained crisis — a potentially debilitating incident percolating under the surface of normal business operations.

Thankfully, borrowing from crisis management and business continuity methodologies when conducting investigations, can make indirect costs and reputation damage more controllable. The time it takes to recover and revert to normal business conditions is faster. This means your business becomes more resilient. The approach below, refined over many years of combining crisis management expertise with investigations teams, is how to achieve maximum resilience during your investigation.

Screenshot 2019-09-11 at 2.09.03 PM

Have clear objectives

A generic investigation plan would be something like: “Confirm the scope of the investigation; identify, collect and preserve evidence; review and analyse data and documents; conduct transaction testing and interviews; ascertain the veracity of the allegations being investigated.” But when you overlay this with broader risk-based objectives, such as “ensure continuity of business operations and conditions, protect key stakeholder relationships, assets and reputation”, you are compelled to take a holistic approach to a business-wide problem. Conducting the investigation becomes part of preparing for, and recovering from, a potentially costly business disruption.

Consider the case of investigating a key supplier for conflict of interest and fraud (a problem of increasing frequency across many parts of Asia), where there is a likelihood that you will move to terminate contracts of employees and the supplier at the conclusion of your investigation, taking the appropriate action against a grievous compliance breach, but also threatening the continuity of a critical supply chain.

By focusing on minimising operational risks to the business as a key objective (in addition to your investigation objectives), you initiate a plan to identify the impact of losing a key supplier, or key employees, and you identify alternative suppliers and plan for additional resources in your supplier management team — the outcome of which is, you reduce the risk of falling short and bounce back faster to “normal business operations”.

Screenshot 2019-09-11 at 2.09.57 PM

Have a robust process

Following process is something we’re all familiar with in an investigation — but when your objective includes business recovery, there are a few critical extra steps that help build resilience into your process. They are (i) scenario planning and (ii) risk assessment.

Scenario planning, conducted early in the investigative process, forecasts how the outcomes of the investigation might affect operations and reputation. For example, in an investigation of significant embezzlement by a senior executive, one of your initial scenarios may be “disgruntled executive influences government officials to delay licensing approvals”. Early identification of this as a possibility allows you to implement preventive measures early on.

As you near the end of the investigation, scenario planning becomes formal risk assessment, where you can, with greater certainty, measure where the business might be vulnerable, assess the likelihood and impact of key critical scenarios, and ensure you are prepared to react.

Governance is important

Governance is always important in investigations and putting a clear governance structure in place for complex investigations is a critical step in risk prevention. In many of our complex investigations, particularly when they involve regulators, and even more so when those regulators operate in some of the more opaque regulatory environments throughout Asia, we are working with a project team that includes not only compliance and legal, but IT, HR, government relations, security, communications and media. It involves extensive liaison between local operations and headquarters, not to mention coordinating the plethora of external advisers, forensics and data experts, and legal experts. Each function will have critical tasks to achieve to minimise business risk. Clearly defined parameters, objectives (aligned to broader objectives) and reporting lines for each “work team” is paramount; knowing who the ultimate decision maker is and what can be delegated is essential. Disciplined project management, control of information flows and operating in a secure environment are indispensable components of a well-run crisis-investigation team.

Screenshot 2019-09-11 at 2.12.14 PM

Hope for the best; prepare for the worst

The risk of politicised regulatory enforcement across parts of Asia is high. What started as an anti-corruption campaign in China, targeting foreign companies in the healthcare and automotive sectors, is now a full-scale weaponisation of regulation across parts of the region. While “dawn raids” are part of the regulator toolkit the world over, the opaque nature of enforcement means that there are not always the same legal protections that we might otherwise expect. So when a regulator comes knocking on your door, it can be a political issue just as much as it is a legal one.

The aim of a regulator in a dawn raid is to catch you by surprise. Such raids are often designed to generate fear to ensure that you comply as quickly as possible. They can range from a small-scale raid on a local office, to be highly coordinated across multiple locations. Regulators may take evidence and documents — sometimes without warrants in place, image computers and servers, or interview and intimidate large numbers of employees. In a worst-case scenario, they may compromise your system, detain your management team, and your entire business grinds to a halt.

How you are prepared to respond in those first minutes, hours and days is a critical issue for companies. How you respond affects your ability to negotiate outcomes, protect your reputation and employees, and keep key business functions operating and ultimately ensure a quick path to recovery.


Screenshot 2019-09-11 at 2.07.22 PM


The top three things you can do to prepare for regulatory enforcement are:

•  Know your regulators
Anti-corruption, anti-competition, environmental protection, food safety, tax evasion and data privacy have all been subject to aggressive regulatory enforcement. Establishing a nuanced understanding of regulators that are enforcing the rules in your sector, their goals and motivations and modus operandi and where decisions are made, is essential preparation.

•  Treat whistleblowers, disgruntled employees and third parties very seriously
Whistleblowers and disgruntled parties are often a trigger for closer scrutiny by a regulator, but can be overlooked as a nuisance, having an agenda and an axe to grind. Many regulatory investigations in some key markets across Asia are initiated by whistleblower complaints. It is therefore important to look beyond the veracity of their claim at the broader risk to the business they might pose.

•  Have a plan
The first hours are critical — who you are going to notify, how you need to escalate, how to secure documents and evidence, the team you need to form are all central issues that you need to prepare, plan and train for in advance of a real situation. Dawn raids are highly stressful situations for employees; it is essential to war-game your most likely and worst-case scenarios with those employees likely to be involved in a real-life raid situation.

Have an eye on the future

Finally, resilient leaders in crisis are always looking to, and planning for, the future. It is a key component of recovery. Here’s a noteworthy example: a company suffering through the early days of a highly politicised and extensive regulatory investigation into corrupt activities, whose operations had ground to a halt, whose market share was rapidly diminishing (in a high-growth market) and whose reputation was taking a severe beating, established, early on, a “recovery team”. Knowing they would come out of the investigation in 18 months needing a different business model, a more compliant way of operating, a new management team and a different proposition in the market, they began work on that immediately, thereby improving their recovery time by years, bouncing back after a critical incident, stronger, faster, better. That’s resilience.


Screenshot 2019-09-11 at 2.13.11 PM




Official Publication: Asian-mena CounselClick Here to read the full issue of Asian-mena Counsel: Sanctions & Investigations Special Report 2019.

Related Articles by Firm
Foreign Banks Allowed to Operate in Myanmar
After more than 50 years of banning, the Central Bank of Myanmar has issued the first final licenses allowing four foreign banks to operate in Myanmar.
Tanzanian Draft National Energy Policy of 2015
Highlights on the ongoing and upcoming industry developments with focus on the transition of the energy sector since the introduction of the Big Results Now! campaign
Mineral Rights Available in Tanzania
Overview of the mineral rights available in Tanzania, with specific focus on the various categories of mineral rights
The Legal Framework of the Aviation Sector in Tanzania
As attention turns to Tanzania’s trade and energy opportunities, the spotlight has fallen upon the nation’s infrastructure. This update focuses on the capabilities and issues of the Tanzanian aviation sector.
Oil price volatility - Offshore oil storage
Are there any legal concerns with tankers being used for floating storage?
Oil price volatility - risks and opportunities in 2015
While many companies can weather the oil price slide and volatility, some industry players face a real risk of insolvency.
India: Union Budget 2015
A bullet-point overview of changes in Direct Tax, Indirect Tax and Goods and Service Tax in India in light of Finance Minister Arun Jaitley’s first full-year Budget…
Prohibition against transfer of personal data outside Hong Kong
Section 33 of the Personal Data (Privacy) Ordinance (PDPO) prohibits the transfer of personal data to places outside Hong Kong, except in circumstances specified in the PDPO.
Security of payment under FIDIC contracts: more secure, for now
The High Court of Singapore recently handed down an important judgment in relation to the enforceability of Dispute Adjudication Board (DAB) decisions under the FIDIC forms of contract.
Insurance Laws (Amendment) Bill passed as Ordinance in India
The long-awaited Insurance Laws (Amendment) Bill has become a provisional law in India. The Bill amends the Insurance Act (1938), the General Insurance Business (Naturalisation) Act (1972), and the Insurance Regulatory and Development Act (1999).
SICC: now open for business
On Monday 5 January 2015, the Singapore International Commercial Court ("SICC") was officially opened...
Myanmar insurance update
Clyde & Co partner Michael Horn recently visited Myanmar's commercial capital Yangon and reports on the current state of the insurance market...
Launch of the online mining cadastre transactional portal
Plus, a summary of the key mineral rights available in Tanzania; and, a look at the manner in which mineral rights can be transferred.
Restrictions imposed on holders of mineral rights
This briefing looks at some of the restrictions imposed on holders of mineral rights in Tanzania by the Mining Act 2010
Draft local content policy for the oil & gas industry in Tanzania
The first draft of the long-awaited local content policy for the oil & gas industry in Tanzania has now been published by the Ministry of Energy and Minerals ...
Tanzania: Revocation of mining licences
The Tanzanian government recently announced the cancellation of a total of 174 mining licences. This mining update examines the key continuing obligations imposed by the Mining Act upon mining licence holders.
Mining Development Agreements
In this month’s mining briefing we look at Mining Development Agreements (MDAs) and the role that they play in the mining sector in Tanzania.
The Tanzanian railway system: current legal framework
The railway system of mainland Tanzania has a total track length of 3,676 kilometers (km) with two separate networks, run by two separate organisations ...
Related Articles
A rapid response has been needed to control the coronavirus outbreak, but it remains to be seen how permanent the changes will be.
A rapid response has been needed to control the coronavirus outbreak, but it remains to be seen how permanent the changes will be ...
Compliance of import and export of epidemic prevention supplies
Currently, epidemic prevention supplies have special uses and significant importance, not only for the smooth development of economic activities ...
Antitrust Enforcement Review 2019: Monopoly investigations
China’s competition authority has acquired the competence and courage to investigate some of the most complicated and new types of monopoly behaviours ...
Related Articles by Jurisdiction
Further transparency in respect of Cayman Islands companies
The Cayman Islands has often been referred to pejoratively as a “secrecy jurisdiction”. The two main supports for the secrecy allegation were on the one hand the existence of “secrecy” legislation, The Confidential Relationship Preservation Law (CRPL) dating back to ...
The five stages of the board management maturity model
The tools boards use to communicate should be simple to use, meet their needs (and no more) and be secure ...
Global Developments on Best Execution
Currently a hot topic for global regulators, firms are recommended to review their global best execution compliance practices ...
Latest Articles
Nok Air Rehabilitation Proceedings – Updates for Creditors and Lessors
As the global travel industry continues to grapple with the effects of COVID-19, many companies are now beginning to seek protections under various insolvency regimes ...
Vietnam Insurance Market – Share/Capital Acquisition
The Vietnamese insurance market is heating up with many high-valued M&A deals over the last two years ...