What issues keep compliance professionals awake at night? For many compliance experts at multinational organisations with an Asia Pacific presence, keeping up with changing regulations is not conducive to a sound night's sleep.

Participants in a recent Risk.net/TMF Group survey agree, with almost 40% of senior legal and compliance professionals polled across the Asia Pacific region (APAC) citing changing local and global regulatory requirements as major challenges confronting their organisations.

In addressing these challenges, it is important to consider strategies for managing regulatory risk across multiple jurisdictions, and also working with third parties that may not yet be in alignment. In this respect, by adopting the highest possible global standards, even in jurisdictions with less onerous requirements, organisations can take positive steps to minimise exposure to regulatory risk.

But what if aiming to deliver over and above basic regional standards raises more questions than solutions by senior management? To gain their support, it is important that business leaders appreciate the benefits. Ultimately, the impetus for change in regulatory systems and processes must come from the top. Only with their blessing can change permeate the entire organisation.

However, it can be challenging to convince management that time and money must be spent on compliance – an investment that often doesn't directly produce returns with interest in the short term – much less on complying with additional rules set by a multitude of regulators. In such situations it can be helpful to point out the potential risks and penalties of non-compliance. To what extent is management willing to invest towards protecting a brand rather than place their business in jeopardy?

Changing attitudes

Fortunately, attitudes towards compliance are shifting as more APAC countries tighten local regulatory oversight of businesses operating within their remit. Indeed, in recent years the role of compliance has started to shift out of the background, now often playing a major role in protecting companies' brands.

It can take time for such changes to blossom, and their success can also depend on the region, the regulatory systems at play and the broader culture of compliance. However, the imperative to elevate compliance to a core business objective is increasingly being grasped at board level, with flow-on impacts to the overall corporate strategy at organisations throughout APAC.

For firms that work with third parties such as vendors and suppliers, it is also important to ensure attitudes to compliance are synchronised. If a partner's compliance policies and internal systems are not as sophisticated, it could increase the likelihood that an organisation will be unknowingly exposed to reputational damage or regulatory risk, regardless of the strength of its own programmes. For companies that aim to comply with global standards, third-party partners must be scrutinised to ensure they operate in a way that meets the higher standard.

For many of TMF Group's APAC clients, privacy-related rules such as Europe's General Data Protection Regulation (GDPR) initiative – launched in May 2018 – are testing this approach. Organisations working with partners operating e-commerce platforms or loyalty programmes, for example, must ensure data privacy policies adhere to GDPR standards, even if the partner organisation is non-European.

This has become a key issue for organisations in China, where firms are subject to global Automatic Exchange of Information initiatives, such as the Common Reporting Standard and the Base Erosion and Profit Shifting Action Plan (BEPS). As a result, outsourced solutions targeting these initiatives have recently seen an uptick in interest.

Resourcing questions

Developing a local understanding of the 'nitty gritty' of regional rules and regulations is also key to this approach. There is a need to focus on cross-border planning, in terms of identifying and understanding the relevant global initiative and then interpreting and implementing it locally.

However, regulated entities continue to face challenges when a new rule is on the horizon, and resources are needed to work on the implications and achieve compliance in good time. As such, forward planning for resource needs is key, and can begin with questions such as: "Should I hire someone or outsource?" If there is a sudden boost in demand for new hires with similar skill sets from organisations that all have their sights set on preparing for a particular regulation, the latter option might be best. In either case, however, for global regulations such as BEPS, organisations will probably need resources in multiple locations that can co ordinate with a global head of compliance.

This exercise can be more complex in APAC because, unlike regions such as Europe where standardised programmes are common, regulators in Asia often have their own versions of rules that do not match those of neighbouring jurisdictions. As such, it is important to adopt a bilateral view – addressing both local and global regulations – and also understand which elements can be outsourced locally to enable the organisation to concentrate on moving forward with the business and the brand. The key action point for firms tackling changing regulations, however, is to develop a game plan as early as possible.

Have questions or need more information? Contact us today.

Download your free copy of the briefing paper: Facing the future – Developing a response to regulatory change.

This article was originally published by risk.net

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.