Here's how Asia-Pacific organisations can cultivate a more robust approach to compliance amid data privacy concerns and the changing local and international regulatory landscape.
According to a recent Risk.net and TMF Group survey, 56% of Asia Pacific (Apac) organisations currently see data privacy as a top concern. Europe's General Data Protection Regulation (GDPR) is likely to be a key influence in this respect, and has definitely caused some head scratching among Apac businesses since its introduction – particularly for those without an official European presence that still see European Union traffic on their websites. Many firms believe the extent to which non-European entities must comply with the new rule is unclear.
Tackling data privacy will be a major challenge in the Apac region this year. Heading the list of compliance-related concerns following the introduction of GDPR in May 2018 is the need to change internal attitudes to data privacy. For many Apac firms, how to integrate such a change – not to mention one hailing from another regulatory jurisdiction – remains a major unknown, since it may affect all client and business partner relationships.
Organisations will struggle to create and establish compliance processes that ensure the general guidelines are respected worldwide, and will also find it difficult to manage differences with other regions or countries with their own regulations relating to data privacy.
Compliance as a central business strategy
In recent years, the compliance function has moved from being at the end of the chain to becoming a more central concern, particularly in influencing overall business strategy. Firms are becoming more aware of the consequences of non compliance, which may affect operations and prevent participation in key markets, not to mention incur heavy fines and reputational harm.
Apac organisations are starting to rethink the 'one-size-fits-all' approach that has typically prevailed in this region. This is particularly important now that international regulations, such as the Common Reporting Standard and the Base Erosion and Profit Shifting framework, mean global companies must increasingly adhere to global standards while developing a local understanding and an ability to apply such rules.
To cement this change, compliance professionals must ensure employees throughout their business have a clear understanding of best practice and are prepared to take ownership of their actions.
For many Apac firms, this is achieved by implementing organisation-wide training sessions from day one for every employee. Training is conducted online or in face-to-face sessions, depending on the needs across the business. The overarching aim is to help employees develop a state of 'mindfulness' when it comes to compliance.
Outsourcing can also help organisations keep on top of rapidly changing regulations that require both local and global expertise. When considering the options, it can be particularly helpful to look for partners with a local presence and on-the-ground experience of key regions for the business – especially if there are language differences within the head office.
Enabling the shift to a compliance-focused culture also requires management buy-in. Responsibility for brand protection needs to filter down from the very top so all employees understand that they are business ambassadors.
Compliance should be seen as a business enabler rather than as a drain on development, but this can only happen if businesses work in an integrated way to bring creative solutions to the related organisational challenges.
As Apac firms face up to a new regulatory era, compliance teams have a key role to play in both protecting their firms' interests and helping to drive long-term competitive advantage.
This article is based on a broader discussion among compliance industry experts who attended a roundtable event in November 2018 in Singapore, by Asia Risk and TMF Group.
For further insights on this topic, download the briefing paper: Facing the future – Developing a response to regulatory change.
This article was originally published by Risk.net
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.