Asia (Other)

Screenshot 2019-09-11 at 2.05.35 PMPublished in Asian-mena Counsel: Sanctions & Investigations Special Report 2019


How to respond effectively and recover from disruptive investigations, by John Macpherson and Tung Jung Tan of Control Risks.


Screenshot 2019-09-11 at 3.00.42 PMInvestigating allegations of compliance breaches is an expensive affair. Employee and third-party malfeasance remain a costly budget item on P&Ls across Asia, whether it is corruption or fraud; conflicts of interest; data breaches or IP theft; sanctions violations; or allegations of ethical and behavioural misconduct.

While companies account for direct costs — forensics and data analytics, legal and consultancy fees, in-house resources and time — for many, capturing the true cost of investigations remains unknown. Indirect costs, which can include interruption to customer relationships, disruption in the supply and distribution chain, loss of productivity, loss of market share and significant reputation damage, are often not realised until after the investigation. They are the costs of implementing investigation outcomes; of terminating employee contracts; of finding new third parties, of having to rebuild relationships with customers; or finding new ways of differentiating from competitors. The simple fact is, even investigations that do not end up getting an unexpected knock on the door from corporate regulators are a business disruption. In some cases, they are an uncontained crisis — a potentially debilitating incident percolating under the surface of normal business operations.

Thankfully, borrowing from crisis management and business continuity methodologies when conducting investigations, can make indirect costs and reputation damage more controllable. The time it takes to recover and revert to normal business conditions is faster. This means your business becomes more resilient. The approach below, refined over many years of combining crisis management expertise with investigations teams, is how to achieve maximum resilience during your investigation.

Screenshot 2019-09-11 at 2.09.03 PM

Have clear objectives

A generic investigation plan would be something like: “Confirm the scope of the investigation; identify, collect and preserve evidence; review and analyse data and documents; conduct transaction testing and interviews; ascertain the veracity of the allegations being investigated.” But when you overlay this with broader risk-based objectives, such as “ensure continuity of business operations and conditions, protect key stakeholder relationships, assets and reputation”, you are compelled to take a holistic approach to a business-wide problem. Conducting the investigation becomes part of preparing for, and recovering from, a potentially costly business disruption.

Consider the case of investigating a key supplier for conflict of interest and fraud (a problem of increasing frequency across many parts of Asia), where there is a likelihood that you will move to terminate contracts of employees and the supplier at the conclusion of your investigation, taking the appropriate action against a grievous compliance breach, but also threatening the continuity of a critical supply chain.

By focusing on minimising operational risks to the business as a key objective (in addition to your investigation objectives), you initiate a plan to identify the impact of losing a key supplier, or key employees, and you identify alternative suppliers and plan for additional resources in your supplier management team — the outcome of which is, you reduce the risk of falling short and bounce back faster to “normal business operations”.

Screenshot 2019-09-11 at 2.09.57 PM

Have a robust process

Following process is something we’re all familiar with in an investigation — but when your objective includes business recovery, there are a few critical extra steps that help build resilience into your process. They are (i) scenario planning and (ii) risk assessment.

Scenario planning, conducted early in the investigative process, forecasts how the outcomes of the investigation might affect operations and reputation. For example, in an investigation of significant embezzlement by a senior executive, one of your initial scenarios may be “disgruntled executive influences government officials to delay licensing approvals”. Early identification of this as a possibility allows you to implement preventive measures early on.

As you near the end of the investigation, scenario planning becomes formal risk assessment, where you can, with greater certainty, measure where the business might be vulnerable, assess the likelihood and impact of key critical scenarios, and ensure you are prepared to react.

Governance is important

Governance is always important in investigations and putting a clear governance structure in place for complex investigations is a critical step in risk prevention. In many of our complex investigations, particularly when they involve regulators, and even more so when those regulators operate in some of the more opaque regulatory environments throughout Asia, we are working with a project team that includes not only compliance and legal, but IT, HR, government relations, security, communications and media. It involves extensive liaison between local operations and headquarters, not to mention coordinating the plethora of external advisers, forensics and data experts, and legal experts. Each function will have critical tasks to achieve to minimise business risk. Clearly defined parameters, objectives (aligned to broader objectives) and reporting lines for each “work team” is paramount; knowing who the ultimate decision maker is and what can be delegated is essential. Disciplined project management, control of information flows and operating in a secure environment are indispensable components of a well-run crisis-investigation team.

Screenshot 2019-09-11 at 2.12.14 PM

Hope for the best; prepare for the worst

The risk of politicised regulatory enforcement across parts of Asia is high. What started as an anti-corruption campaign in China, targeting foreign companies in the healthcare and automotive sectors, is now a full-scale weaponisation of regulation across parts of the region. While “dawn raids” are part of the regulator toolkit the world over, the opaque nature of enforcement means that there are not always the same legal protections that we might otherwise expect. So when a regulator comes knocking on your door, it can be a political issue just as much as it is a legal one.

The aim of a regulator in a dawn raid is to catch you by surprise. Such raids are often designed to generate fear to ensure that you comply as quickly as possible. They can range from a small-scale raid on a local office, to be highly coordinated across multiple locations. Regulators may take evidence and documents — sometimes without warrants in place, image computers and servers, or interview and intimidate large numbers of employees. In a worst-case scenario, they may compromise your system, detain your management team, and your entire business grinds to a halt.

How you are prepared to respond in those first minutes, hours and days is a critical issue for companies. How you respond affects your ability to negotiate outcomes, protect your reputation and employees, and keep key business functions operating and ultimately ensure a quick path to recovery.


Screenshot 2019-09-11 at 2.07.22 PM


The top three things you can do to prepare for regulatory enforcement are:

•  Know your regulators
Anti-corruption, anti-competition, environmental protection, food safety, tax evasion and data privacy have all been subject to aggressive regulatory enforcement. Establishing a nuanced understanding of regulators that are enforcing the rules in your sector, their goals and motivations and modus operandi and where decisions are made, is essential preparation.

•  Treat whistleblowers, disgruntled employees and third parties very seriously
Whistleblowers and disgruntled parties are often a trigger for closer scrutiny by a regulator, but can be overlooked as a nuisance, having an agenda and an axe to grind. Many regulatory investigations in some key markets across Asia are initiated by whistleblower complaints. It is therefore important to look beyond the veracity of their claim at the broader risk to the business they might pose.

•  Have a plan
The first hours are critical — who you are going to notify, how you need to escalate, how to secure documents and evidence, the team you need to form are all central issues that you need to prepare, plan and train for in advance of a real situation. Dawn raids are highly stressful situations for employees; it is essential to war-game your most likely and worst-case scenarios with those employees likely to be involved in a real-life raid situation.

Have an eye on the future

Finally, resilient leaders in crisis are always looking to, and planning for, the future. It is a key component of recovery. Here’s a noteworthy example: a company suffering through the early days of a highly politicised and extensive regulatory investigation into corrupt activities, whose operations had ground to a halt, whose market share was rapidly diminishing (in a high-growth market) and whose reputation was taking a severe beating, established, early on, a “recovery team”. Knowing they would come out of the investigation in 18 months needing a different business model, a more compliant way of operating, a new management team and a different proposition in the market, they began work on that immediately, thereby improving their recovery time by years, bouncing back after a critical incident, stronger, faster, better. That’s resilience.


Screenshot 2019-09-11 at 2.13.11 PM




Official Publication: Asian-mena CounselClick Here to read the full issue of Asian-mena Counsel: Sanctions & Investigations Special Report 2019.

Related Articles by Firm
Foreign Banks Allowed to Operate in Myanmar
After more than 50 years of banning, the Central Bank of Myanmar has issued the first final licenses allowing four foreign banks to operate in Myanmar.
Tanzanian Draft National Energy Policy of 2015
Highlights on the ongoing and upcoming industry developments with focus on the transition of the energy sector since the introduction of the Big Results Now! campaign
Mineral Rights Available in Tanzania
Overview of the mineral rights available in Tanzania, with specific focus on the various categories of mineral rights
The Legal Framework of the Aviation Sector in Tanzania
As attention turns to Tanzania’s trade and energy opportunities, the spotlight has fallen upon the nation’s infrastructure. This update focuses on the capabilities and issues of the Tanzanian aviation sector.
Oil price volatility - Offshore oil storage
Are there any legal concerns with tankers being used for floating storage?
Oil price volatility - risks and opportunities in 2015
While many companies can weather the oil price slide and volatility, some industry players face a real risk of insolvency.
India: Union Budget 2015
A bullet-point overview of changes in Direct Tax, Indirect Tax and Goods and Service Tax in India in light of Finance Minister Arun Jaitley’s first full-year Budget…
Prohibition against transfer of personal data outside Hong Kong
Section 33 of the Personal Data (Privacy) Ordinance (PDPO) prohibits the transfer of personal data to places outside Hong Kong, except in circumstances specified in the PDPO.
Security of payment under FIDIC contracts: more secure, for now
The High Court of Singapore recently handed down an important judgment in relation to the enforceability of Dispute Adjudication Board (DAB) decisions under the FIDIC forms of contract.
Insurance Laws (Amendment) Bill passed as Ordinance in India
The long-awaited Insurance Laws (Amendment) Bill has become a provisional law in India. The Bill amends the Insurance Act (1938), the General Insurance Business (Naturalisation) Act (1972), and the Insurance Regulatory and Development Act (1999).
SICC: now open for business
On Monday 5 January 2015, the Singapore International Commercial Court ("SICC") was officially opened...
Myanmar insurance update
Clyde & Co partner Michael Horn recently visited Myanmar's commercial capital Yangon and reports on the current state of the insurance market...
Launch of the online mining cadastre transactional portal
Plus, a summary of the key mineral rights available in Tanzania; and, a look at the manner in which mineral rights can be transferred.
Restrictions imposed on holders of mineral rights
This briefing looks at some of the restrictions imposed on holders of mineral rights in Tanzania by the Mining Act 2010
Draft local content policy for the oil & gas industry in Tanzania
The first draft of the long-awaited local content policy for the oil & gas industry in Tanzania has now been published by the Ministry of Energy and Minerals ...
Tanzania: Revocation of mining licences
The Tanzanian government recently announced the cancellation of a total of 174 mining licences. This mining update examines the key continuing obligations imposed by the Mining Act upon mining licence holders.
Mining Development Agreements
In this month’s mining briefing we look at Mining Development Agreements (MDAs) and the role that they play in the mining sector in Tanzania.
The Tanzanian railway system: current legal framework
The railway system of mainland Tanzania has a total track length of 3,676 kilometers (km) with two separate networks, run by two separate organisations ...
Related Articles
Protecting personal data in cyberspace: enterprise’s obligations under the laws of Vietnam
Some of the key takeaways that enterprises should be aware of ...
Growth of e-discovery across Asia
The e-discovery landscape across Asia is diverse, but increased adoption was in evidence at the 10th annual Relativity Fest, write Tim Gilkison and Rahul Prakash.
The techlash is coming
For many organisations, artificial intelligence has arrived or will be coming soon, bringing all sorts of new challenges for counsel, especially with respect to cross-border data flows ...
Related Articles by Jurisdiction
Chinese M&A goes under the radar
There is a greater focus on smaller, more strategic deals that attract less scrutiny from government officials ...
Defeatist data security cultures no more
Organisations need to recognise that information security is a question of risk and step up defences now ..
Latest Articles
Latest amendment to the procedure for the resolution of small claims lawsuit
The new procedure provides more optimal and effective regulation than the previous regulation.
Thailand Plus incentives under BOI
The two new incentives encourage companies to move from overseas to Thailand.
Investing in uncertain times is not a paradox, it is a solution
Redesigning legal processes can deliver efficiency gains of between 15% and 50%.