Asia (Other)

Published in Asian-mena Counsel: Sanctions & Investigations Special Report 2020

Screenshot 2020-10-21 at 2.10.25 PM

When a crisis such as a regulatory raid or phishing attack grips an organisation, there are essential steps to take that can steady the business and help it steer clear of further danger.

By Yvette Anthony, Counsel, dispute resolution practice head, Singapore and Lyndon Choo, Legal Associate, Osborne Clarke.

Screenshot 2020-10-21 at 3.37.06 PM

It is a Sunday evening. You are the general counsel of a global technology multinational company. You have just been informed by someone from the business that investigators from the commercial affairs department are present at the office premises and are demanding access to all your company’s documentary, personnel and electronic records. There is a vague idea that the investigation relates to alleged corrupt practices involving a foreign joint venture.

Meanwhile, the company’s staff in the office are (naturally) alarmed by the presence of investigators. In their panic, they reach out to their contacts in the joint-venture partner. Some post videos and text messages about the incident on social media, while others start deleting emails they perceive as incriminating.

The above may be a hypothetical, but it is a real and very possible scenario given the increase in corporate scrutiny. Indeed, crises can come in various forms – from warehouse fires to phishing incidents and regulatory investigations.

Yet, organisations often scramble and flounder when faced with such situations. Potential ramifications of this include the inadvertent disclosure of sensitive information or accusations of evidence tampering. But there are some proven measures that an organisation can take to better prepare for unexpected events.

Screenshot 2020-10-21 at 3.33.05 PM

Crisis committee

The establishment of a standing crisis-management committee helps ensure that organisations are able to effectively take charge of a crisis.

This committee should be made up of individuals managing the organisation’s main functions. This could include representatives from human resources, compliance, finance, legal and others.

To minimise confusion, a single point of contact within the committee (with a deputy) should be identified. This person would ideally have undergone some training in crisis management and be familiar with the standing orders to be followed during any incident.

Assemble the team

Organisations should try to bring external counsel on-board early to take charge of the response to an incident. This has a number of important benefits. External counsel with expertise and experience in investigations management can quickly oversee the situation, work with the crisis committee to prepare an action plan, and maximise the prospects of privilege over correspondence and documents that are to be retained.

In order to speed up the appointment of external consultants during a crisis, an organisation may prepare beforehand a shortlist of possible counsel with suitable expertise (for example, for tech companies, lawyers familiar with technology regulation). Companies may also consider having pre-agreed engagement terms, which can be quickly activated.

Privilege considerations

Privilege is a right to resist compulsory disclosure of correspondence and documents.

One type of privilege is legal professional privilege, which generally applies (at least in the main common law jurisdictions) over correspondence and documents exchanged between the external counsel and the client for the purpose of legal advice or the dominant purpose of litigation. In Singapore, such privilege extends to communications with in-house counsels.

To increase the prospect of successfully relying on privilege, it would help to state clearly on the face of correspondence and documents between the organisation and its external and in-house lawyers that these are privileged and confidential. Although not conclusive, this generally provides a starting point for arguments to be made on the nature of the correspondence/documents in question.

Screenshot 2020-10-21 at 3.33.15 PM

Communications protocol

In a crisis or an unexpected situation, there is often a temptation to update as many business recipients as possible to keep them ‘in the loop’.

This practice carries certain risks, especially when there are ongoing investigations and potential litigation. For example, documents may lose privilege if sent to individuals with little or only tangential interest in the investigations.

Care should therefore be taken to limit communications to personnel on an absolute “need to know” basis, and mark such communications as privileged as discussed in the preceding section. Communications on the incident should also be done on a single secured channel (for example, encrypted work email), to avoid any information leakage.

Data retention policies

Once an incident occurs, it is important to have data retention protocols to preserve evidence relating to it. This could include standing orders to employees, and the suspension of any auto-delete IT policy. Doing so increases the chances of the organisation being able to review and evaluate critical evidence. It also minimises the likelihood of the organisation being accused of destroying evidence/interfering with investigations.

_______________

Screenshot 2020-10-21 at 3.42.34 PM

W: https://www.osborneclarke.com/locations/asia/singapore/

E:  yvette.anthony@osborneclarke.com
E:  lyndon.choo@osborneclarke.com

 

Official Publication: Asian-mena CounselClick Here to read the full issue of Asian-mena Counsel: Sanctions & Investigations Special Report 2020.

Related Articles by Firm
Foreign Banks Allowed to Operate in Myanmar
After more than 50 years of banning, the Central Bank of Myanmar has issued the first final licenses allowing four foreign banks to operate in Myanmar.
Tanzanian Draft National Energy Policy of 2015
Highlights on the ongoing and upcoming industry developments with focus on the transition of the energy sector since the introduction of the Big Results Now! campaign
Mineral Rights Available in Tanzania
Overview of the mineral rights available in Tanzania, with specific focus on the various categories of mineral rights
The Legal Framework of the Aviation Sector in Tanzania
As attention turns to Tanzania’s trade and energy opportunities, the spotlight has fallen upon the nation’s infrastructure. This update focuses on the capabilities and issues of the Tanzanian aviation sector.
Oil price volatility - Offshore oil storage
Are there any legal concerns with tankers being used for floating storage?
Oil price volatility - risks and opportunities in 2015
While many companies can weather the oil price slide and volatility, some industry players face a real risk of insolvency.
India: Union Budget 2015
A bullet-point overview of changes in Direct Tax, Indirect Tax and Goods and Service Tax in India in light of Finance Minister Arun Jaitley’s first full-year Budget…
Prohibition against transfer of personal data outside Hong Kong
Section 33 of the Personal Data (Privacy) Ordinance (PDPO) prohibits the transfer of personal data to places outside Hong Kong, except in circumstances specified in the PDPO.
Security of payment under FIDIC contracts: more secure, for now
The High Court of Singapore recently handed down an important judgment in relation to the enforceability of Dispute Adjudication Board (DAB) decisions under the FIDIC forms of contract.
Insurance Laws (Amendment) Bill passed as Ordinance in India
The long-awaited Insurance Laws (Amendment) Bill has become a provisional law in India. The Bill amends the Insurance Act (1938), the General Insurance Business (Naturalisation) Act (1972), and the Insurance Regulatory and Development Act (1999).
SICC: now open for business
On Monday 5 January 2015, the Singapore International Commercial Court ("SICC") was officially opened...
Myanmar insurance update
Clyde & Co partner Michael Horn recently visited Myanmar's commercial capital Yangon and reports on the current state of the insurance market...
Launch of the online mining cadastre transactional portal
Plus, a summary of the key mineral rights available in Tanzania; and, a look at the manner in which mineral rights can be transferred.
Restrictions imposed on holders of mineral rights
This briefing looks at some of the restrictions imposed on holders of mineral rights in Tanzania by the Mining Act 2010
Draft local content policy for the oil & gas industry in Tanzania
The first draft of the long-awaited local content policy for the oil & gas industry in Tanzania has now been published by the Ministry of Energy and Minerals ...
Tanzania: Revocation of mining licences
The Tanzanian government recently announced the cancellation of a total of 174 mining licences. This mining update examines the key continuing obligations imposed by the Mining Act upon mining licence holders.
Mining Development Agreements
In this month’s mining briefing we look at Mining Development Agreements (MDAs) and the role that they play in the mining sector in Tanzania.
The Tanzanian railway system: current legal framework
The railway system of mainland Tanzania has a total track length of 3,676 kilometers (km) with two separate networks, run by two separate organisations ...
Related Articles
Data Privacy in Malaysia
DFDL’s William Greenlee sets out the data protection regulatory framework in Malaysia and its recent developments ...
Cross-border transfer of personal financial information in China
Jingtian & Gongcheng partners Yuan Lizhi, Hu Ke and associate Wang Beining take us through the details of the regulatory framework ...
Amendments to three data privacy laws in Korea and the implications
By Kwang-Wook Lee, Helen H. Hwang, Chulgun Lim and Keun Woo Lee of Yoon & Yang ...
Related Articles by Jurisdiction
Asia in-house legal and compliance hiring trends and salaries, 2017
Asian-mena Counsel is delighted to partner again with Taylor Root on their 2017 market update and salary survey report for in-house legal and compliance in Hong Kong, China and Singapore ...
Offshore Separate Portfolio Companies in the Family Office and Private Client World
SPCs and SACs are offshore limited liability companies with an added twist ... Could a SPC/SAC ever take the place of a trust?
Cybersecurity a boardroom priority
“Nothing is certain but death, taxes and cyber-attack” - By Rory Macfarlane, Partner, Ince & Co Hong Kong ...
Latest Articles
Data Privacy in Malaysia
DFDL’s William Greenlee sets out the data protection regulatory framework in Malaysia and its recent developments ...
Cross-border transfer of personal financial information in China
Jingtian & Gongcheng partners Yuan Lizhi, Hu Ke and associate Wang Beining take us through the details of the regulatory framework ...
Amendments to three data privacy laws in Korea and the implications
By Kwang-Wook Lee, Helen H. Hwang, Chulgun Lim and Keun Woo Lee of Yoon & Yang ...